subtree updates
meta-raspberrypi: 9240ea91ca..8e07f0d328:
DOLE Olivier (1):
rpi-config: U-Boot requires "enable_uart=1" to operate correctly.
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
meta-openembedded: 829dcb63f0..def4759e95:
Alex Kiernan (1):
ostree: Add soup3 PACKAGECONFIG, rename soup to soup2
Alexander Mohr (1):
dlt-daemon: apply rename of genivi to covesa
Armin Kuster (1):
wireshark: Update to a supported version 4.0.x
Bartosz Golaszewski (97):
python3-snagboot: new recipe
libgpiod: add myself as maintainer
python3-pyparted: add missing run-time dependencies
python3-send2trash: add missing run-time dependencies
python3-mock: cleanup RDEPENDS
python3-mock: add missing run-time dependencies
python3-cson: fix run-time dependencies
python3-ldap: don't use PYTHON_PN
python3-ldap: add missing run-time dependencies
python3-pyrad: add missing run-time dependencies
python3-html2text: add missing run-time dependencies
python3-parse: don't use PYTHON_PN and improve coding style
python3-parse: add missing run-time dependencies
python3-meld3: add missing run-time dependencies
python3-pyiface: add missing run-time dependencies
python3-mpmath: add missing run-time dependencies
python3-uswid: add missing run-time dependencies
python3-xmlrunner: add missing run-time dependencies
python3-editor: add missing run-time dependencies
python3-pykwalify: don't use PYTHON_PN and improve coding style
python3-pykwalify: add missing run-time dependencies
python3-iperf: add missing run-time dependencies
python3-sdnotify: add missing run-time dependencies
python3-service-identity: add missing run-time dependencies
python3-sqlsoup: add missing run-time dependencies
python3-sqlalchemy: don't use PYTHON_PN and improve coding style
python3-sqlalchemy: add missing run-time dependencies
python3-pure-eval: add missing run-time dependencies
python3-stack-data: fix coding style
python3-stack-data: add missing run-time dependencies
python3-sympy: add missing run-time dependencies
python3-thrift: don't use PYTHON_PN and improve coding style
python3-thrift: add missing run-time dependencies
python3-tomlkit: add missing run-time dependencies
python3-tornado: drop ${PN} from RDEPENDS
python3-tornado: fix coding style
python3-tornado: remove the testing submodule from FILES:${PN}-test
python3-tornado: add missing run-time dependencies
python3-trustme: add missing run-time dependencies
python3-twofish: add missing run-time dependencies
python3-txws: add missing run-time dependencies
python3-web3: add missing run-time dependencies
python3-uefi-firmware: add missing run-time dependencies
python3-websockets: fix coding style
python3-websockets: add missing run-time dependencies
python3-xlrd: fix coding style
python3-xlrd: add missing run-time dependencies
python3-versiontools: add missing run-time dependencies
python3-typeguard: add missing run-time dependencies
python3-process-tests: add missing run-time dependencies
python3-pyatspi: add missing run-time dependencies
python3-pydantic: don't use PYTHON_PN and improve coding style
python3-pydantic: add missing run-time dependencies
python3-python-vlc: add missing run-time dependencies
python3-redis: fix coding style
python3-redis: add missing run-time dependencies
python3-raven: add missing run-time dependencies
python3-pypng: new package
python3-qrcode: add missing run-time dependencies
python3-pyusb: fix run-time dependencies
python3-pytest-mock: add missing run-time dependencies
python3-pyroute2: fix coding style
python3-fcntl: add missing run-time dependencies
python3-pyproject-metadata: add missing run-time dependencies
python3-pyproj: don't use PYTHON_PN
python3-pyproj: drop unnecessary run-time dependency
python3-pyproj: add missing run-time dependencies
python3-classes: new package
python3-pylyrics: add missing run-time dependencies
python3-pyjwt: stop using PYTHON_PN
python3-pyjwt: add missing run-time dependencies
python3-javaobj-py3: add missing run-time dependencies
python3-pyjks: stop using PYTHON_PN
python3-pyjks: fix run-time dependencies
python3-pyexpect: add missing run-time dependencies
python3-pynetlinux: fix relative imports
python3-pynetlinux: add missing run-time dependencies
python3-pickleshare: add missing run-time dependencies
python3-petact: add missing run-time dependencies
python3-pefile: add missing run-time dependencies
python3-jsonpath-rw: add missing run-time dependencies
python3-jsonrpcclient: add missing run-time dependencies
python3-jstyleson: add missing run-time dependencies
python3-kconfiglib: add missing run-time dependencies
python3-libevdev: add missing run-time dependencies
python3-linux-procfs: add missing run-time dependencies
python3-lockfile: add missing run-time dependencies
python3-msm: fix coding style
python3-lazy: new recipe
python3-msm: add missing run-time dependencies
python3-netaddr: stop using PYTHON_PN
python3-netaddr: add missing run-time dependencies
python3-ninja-syntax: new package
python3-ninja: add missing run-time dependencies
python3-nmap: add missing run-time dependencies
python3-oslash: add missing run-time dependencies
python3-padaos: add missing run-time dependencies
Christophe Vu-Brugier (1):
switchtec-user: add new recipe
Geoff Parker (1):
python3-platformdirs: add nativesdk to BBCLASSEXTEND
Ivan Maidanski (1):
bdwgc: upgrade 8.2.2 -> 8.2.4
Johannes Kauffmann (2):
open62541: update to v1.3.6
open62541: build optimized binary
Khem Raj (21):
ipvsadm: Pass build environment cflags to compiler
orrery: Pass OE provided cflags
libleak: Upgrade to 0.3.6
zeroconf: Pass cflags from environment
lshw: Pass OE cflags via RPM_OPT_FLAGS
ruli: Pass cflags to makefile
gnome-online-accounts: Replace filename with basename
rdma-core: Use target path for systemctl
monkey: Remove buildpaths from generated mk_env.h
minio: Ignore from world builds
libcppkafka: Remove RECIPE_SYSROOT from packageconfig .pc file
doxygen: Do not generate #line directive with flex/bison
gattlib: Upgrade to latest tip of trunk
ettercap: Do not generate #line directives with bison/flex
zfs: Add a patch to fix aarch64 build with gcc13
zfs: Upgrade to 2.1.11
zfs: Fix build with aarch64
zfs: Fix build on musl
ctapi-common: Use archives.fedoraproject.org to fetch srpm
Revert "libgpiod: modify test 'gpioset: toggle (continuous)'"
meta-python-ptest-fast-image: Do not run python3-pytest-mock ptests
Lei Maohui (1):
dovecot: Fix install conflict when enable multilib.
Marek Vasut (1):
v4l-utils: Update 1.23.0+9431e4b2 -> 1.24.1
Markus Volk (4):
iwd: update 2.4 -> 2.5
gnome-control-center: upgrade 44.1 -> 44.2
mutter: upgrade 44.1 -> 44.2
gnome-shell: upgrade 44.1 -> 44.2
Martin Jansa (1):
switchtec-user: fix installed-vs-shipped with multilib
Niko Mauno (2):
contrib: oe-stylize: Fix ambiguous variable names
contrib: oe-stylize: Use Python3 explicitly
Peter Marko (1):
nss: ignore CVE-2022-3479
Petr Gotthard (4):
blueman: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
firewalld: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
system-config-printer: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
firewalld: upgrade 1.2.0 -> 1.3.2
Wang Mingyu (40):
ctags: upgrade 6.0.20230521.0 -> 6.0.20230528.0
eog: upgrade 44.1 -> 44.2
nautilus: upgrade 44.1 -> 44.2
evolution-data-server: upgrade 3.48.1 -> 3.48.2
flatbuffers: upgrade 23.1.4 -> 23.3.56
python3-asgiref: upgrade 3.7.1 -> 3.7.2
python3-cachetools: upgrade 5.3.0 -> 5.3.1
python3-coverage: upgrade 7.2.6 -> 7.2.7
python3-croniter: upgrade 1.3.14 -> 1.3.15
python3-deprecated: upgrade 1.2.13 -> 1.2.14
python3-google-api-python-client: upgrade 2.86.0 -> 2.87.0
python3-google-auth: upgrade 2.18.1 -> 2.19.0
python3-imageio: upgrade 2.29.0 -> 2.30.0
python3-license-expression: upgrade 30.1.0 -> 30.1.1
python3-lru-dict: upgrade 1.1.8 -> 1.2.0
python3-paramiko: upgrade 3.1.0 -> 3.2.0
python3-pint: upgrade 0.21 -> 0.22
python3-protobuf: upgrade 4.23.1 -> 4.23.2
python3-xlsxwriter: upgrade 3.1.1 -> 3.1.2
xterm: upgrade 380 -> 381
python3-zeroconf: upgrade 0.62.0 -> 0.63.0
dnf-plugin-tui: modify suffix of spdx file.
evolution-data-server: upgrade 3.48.2 -> 3.48.3
samba: upgrade 4.18.2 -> 4.18.3
ctags: upgrade 6.0.20230528.0 -> 6.0.20230604.0
tree: upgrade 2.1.0 -> 2.1.1
xrdb: upgrade 1.2.1 -> 1.2.2
xterm: upgrade 381 -> 382
xwd: upgrade 1.0.8 -> 1.0.9
libnet-dns-perl: upgrade 1.38 -> 1.39
pamela: upgrade 1.0.0 -> 1.1.0
python3-cachecontrol: upgrade 0.12.12 -> 0.13.0
python3-google-api-python-client: upgrade 2.87.0 -> 2.88.0
python3-google-auth: upgrade 2.19.0 -> 2.19.1
python3-nocaselist: upgrade 1.1.1 -> 2.0.0
python3-pymodbus: upgrade 3.2.2 -> 3.3.0
python3-regex: upgrade 2023.5.5 -> 2023.6.3
python3-rich: upgrade 13.3.5 -> 13.4.1
python3-sentry-sdk: upgrade 1.24.0 -> 1.25.0
ntp: upgrade 4.2.8p15 -> 4.2.8p16
poky: 76494f2b66..00f3d58064:
Alex Kiernan (1):
rust: Upgrade 1.69.0 -> 1.70.0
Alexander Kanavin (5):
maintaines.inc: unassign Richard Weinberger from erofs-utils entry
maintainers.inc: unassign Andreas Müller from itstool entry
maintainers.inc: unassign Pascal Bach from cmake entry
maintainers.inc: correct unassigned entries (> was missing)
maintainers.inc: correct Carlos Rafael Giani's email address
Andrej Valek (1):
busybox: 1.36.0 -> 1.36.1
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.2 -> 1.22.3
stress-ng: upgrade 0.15.07 -> 0.15.08
glib-networking: upgrade 2.74.0 -> 2.76.0
Bruce Ashfield (10):
linux-yocto/6.1: update to v6.1.26
linux-yocto/6.1: update to v6.1.27
linux-yocto-dev: bump to v6.4+
kernel: don't force PAHOLE=false
linux-yocto: move build / debug dependencies to .inc
linux-yocto/6.1: update to v6.1.28
linux-yocto/6.1: update to v6.1.29
linux-yocto/6.1: update to v6.1.30
linux-yocto/6.1: update to v6.1.31
linux-yocto/6.1: update to v6.1.32
Chen Qi (4):
libsdl2: disable SDL's own ccache
cmake.bbclass: do not search host paths for find_program()
Revert "libsdl2: disable SDL's own ccache"
qemurunner.py: fix error message about qmp
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Denys Dmytriyenko (1):
bitbake.conf: Add SRCPV to BB_HASH_CODEPARSER_VALS
Dmitry Baryshkov (1):
openssl: fix building on riscv32
Frieder Paape (1):
image_types: Fix reproducible builds for initramfs and UKI img
Jialing Zhang (1):
linuxloader/initramfs: Add support for loongarch64
Joshua Watt (7):
bitbake: server: Fix crash when checking lock file
bitbake: runqueue: Pass hashfn in taskdep data
classes/create-spdx-2.2: Use hashfn from BB_TASKDEPDATA instead of MACHINE
classes/create-spdx-2.2: Respect PKG for providers
classes/create-spdx-2.2: Fix build time dependency calculations
classes/create-spdx-2.2: Fix runtime dependency calculations
classes/create-spdx-2.2: Make license errors fatal
Khem Raj (2):
gcc: Upgrade to 13.1.1
perf: Make built-in libtraceevent plugins cohabit with external libtraceevent
Lee Chee Yang (4):
release-notes-4.2: update known issues and Repositories/Downloads
migration-guides: add release-notes for 4.1.4
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.2.1
Louis Rannou (1):
spdx: Fix license parsing
Marc Ferland (1):
connman: fix warning by specifying runstatedir at configure time
Markus Volk (4):
ell: upgrade 0.56 -> 0.57
python3: add libxcrypt-native dependency
ruby: add libxcrypt-native dependency
shadow: add libxcrypt-native dependency
Martin Jansa (2):
connman: backport a fix for build with pppd-2.5.0
selftest: wic.py respect IMAGE_LINK_NAME
Mauro Queiros (1):
pybootchartgui: show elapsed time for each task
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (19):
migration-guides: release-notes-4.2: add doc improvement highlights
migration-guides: release-notes-4.3: add stub section for documentation changes
releases.svg: update according to latest release
ref-manual: improve description of kernel-fitimage variables
ref-manual: document uboot-sign class and variables
ref-manual: improve documentation for kernel-devicetree class
migration-guides: update 4.3 release notes
releases.svg: fix and explain duration of Hardknott 3.3
conf.py: add macro for Mitre CVE links
migration-guides: use new cve_mitre macro
migration-guides: release-notes-4.0.4.rst: fix typo
alsa-lib: upgrade 1.2.8 -> 1.2.9
alsa-ucm-conf: upgrade 1.2.8 -> 1.2.9
psplash: enable fullscreen and disable startup-msg
alsa-utils: upgrade 1.2.8 -> 1.2.9
ref-manual: document SPLASH variable
manuals: document SPLASH_IMAGES variable
bitbake: bitbake-user-manual: update releases.rst
bitbake: bitbake-user-manual: document "network" task flag
Ming Liu (1):
kernel.bbclass: introduce KERNEL_LOCALVERSION
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-2731
Peter Kjellerstedt (1):
manuals: kernel-dev: Use protocol=https in a SRC_URI example
Petr Kubizňák (1):
ref-manual: document devicetree class variables
Richard Purdie (18):
glib: Fix ptest race issue
Revert "python3/ruby/shadow: Revert add libxcrypt-native dependency"
Revert "sqlite3: Whitelist CVE-2022-21227"
glib-2.0: Update ptest fix to upstream backport
meta-world-pkgdata: Fix for create-spdx
selftest/license: Exclude from world
create-spdx-2-2: Fix packagedata usage to work with SDK packages
create-spdx-2.2: Add missing variable exclusions
layer.conf: Add missing dependency exclusion
selftest/incompatible_lic: Ensure create_sdpx isn't used with the tests
oeqa/selftest/sstatetests: Add easier debug option
oeqa/selftest/wic: Fix host contamination issue
v86d: Improve kernel dependency
sstatesig: Drop SPDX special casing
packagegroup: Handle SPDX signature issues
poky: Enable spdx manifests by default
build-appliance-image: Update to master head revision
selftest/reproducible: Allow native/cross reuse in test
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Robert Joslyn (1):
curl: Update from 8.1.0 to 8.1.1
Ross Burton (11):
avahi: remove redundant gobject-introspection DEPENDS
base: add ability to provide further details when using LICENSE_FLAGS
ninja: ignore CVE-2021-4336, wrong ninja
vulkan-samples: fix build on 32-bit platforms
gtk+3: upgrade 3.24.37 -> 3.24.38
piglit: upgrade to latest revision
pkgconf: upgrade 1.9.4 -> 1.9.5
ghostscript: upgrade to 10.01.1
git: upgrade to 2.39.3
binutils: fix CVE-2023-1972
cve-extra-exclusions: add more linux-yocto CVE ignores
Sanjay Chitroda (1):
sqlite3: Whitelist CVE-2022-21227
Sudip Mukherjee (1):
apt: Upgrade to v2.6.1
Tim Orling (1):
openssl: upgrade 3.1.0 -> 3.1.1
Tom Isaacson (1):
sdk-manual: fix Makefile example
Trevor Gamblin (6):
bind: upgrade 9.18.13 -> 9.18.14
pciutils: upgrade 3.9.0 -> 3.10.0
vim: upgrade 9.0.1527 -> 9.0.1592
python_hatchling: remove empty python sysroot dirs
python3-webcolors: upgrade 1.12 -> 1.13
python3-poetry-core: upgrade 1.5.2 -> 1.6.1
Ulrich Ölmann (1):
ref-manual: classes.rst: fix typo
Victor Kamensky (1):
systemtap: upgrade 4.8 -> 4.9
Wang Mingyu (34):
babeltrace2: upgrade 2.0.4 -> 2.0.5
curl: upgrade 8.1.1 -> 8.1.2
dos2unix: upgrade 7.4.4 -> 7.5.0
enchant2: upgrade 2.3.4 -> 2.5.0
fribidi: upgrade 1.0.12 -> 1.0.13
libdnf: upgrade 0.70.0 -> 0.70.1
libmicrohttpd: upgrade 0.9.76 -> 0.9.77
libxft: upgrade 2.3.7 -> 2.3.8
libxpm: upgrade 3.5.15 -> 3.5.16
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
bind: upgrade 9.18.14 -> 9.18.15
ccache: upgrade 4.8 -> 4.8.1
libcap: upgrade 2.68 -> 2.69
libuv: upgrade 1.44.2 -> 1.45.0
python3-pip: upgrade 23.0.1 -> 23.1.2
python3-psutil: upgrade 5.9.4 -> 5.9.5
python3-ruamel-yaml: upgrade 0.17.21 -> 0.17.31
python3-sphinx: upgrade 6.1.3 -> 7.0.1
orc: upgrade 0.4.33 -> 0.4.34
python3-cython: upgrade 0.29.34 -> 0.29.35
python3-dbusmock: upgrade 0.28.7 -> 0.29.0
python3-hatch-fancy-pypi-readme: upgrade 22.8.0 -> 23.1.0
python3-hypothesis: upgrade 6.71.0 -> 6.75.7
python3-numpy: upgrade 1.24.2 -> 1.24.3
python3-pycryptodome: upgrade 3.17 -> 3.18.0
python3-pycryptodomex: upgrade 3.17 -> 3.18.0
python3-requests: upgrade 2.30.0 -> 2.31.0
python3-setuptools-rust: upgrade 1.5.2 -> 1.6.0
python3-sphinx-rtd-theme: upgrade 1.2.0 -> 1.2.1
python3-trove-classifiers: upgrade 2023.5.2 -> 2023.5.24
python3-typing-extensions: upgrade 4.5.0 -> 4.6.2
repo: upgrade 2.32 -> 2.34.1
sysklogd: upgrade 2.4.4 -> 2.5.0
xdpyinfo: upgrade 1.3.3 -> 1.3.4
Xiangyu Chen (1):
sysstat: Fix CVE-2023-33204
schitrod=cisco.com@lists.openembedded.org (1):
Revert "sqlite3: update CVE_PRODUCT"
meta-arm: 5cbe3041be..3fcafa3a94:
Adam Johnston (1):
CI: Platform specific Trusted Services config
Anton Antonov (1):
arm/oeqa: Make ts-service-test config match selected SPs
Claus Stovgaard (1):
arm-toolchain/gcc: Workaround for missing libcrypt
Emekcan Aras (1):
arm-bsp/u-boot: corstone1000: enable PSCI reset
Gyorgy Szing (11):
arm/trusted-services: update TS version
optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
optee-os: Add support for TOS_FW_CONFIG on qemu
arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
optee-test: backport SWd ABI compatibility changes
optee-os: enable SPMC test
arm/oeqa: enable OP-TEE SPMC tests
trusted-services: update documentation
arm/trusted-services: disable psa-iat on qemuarm64-secureboot
arm/trusted-services: fix nanopb build error
optee-os: unblock NWd interrupts
Jon Mason (9):
CI: move FVP license auto-accept to fvp.yml
CI/corstone: remove debug-tweaks usage
arm/qemuarm-secureboot: add musl testing
arm/linux-yocto: remove 5.15 bbappend
Revert "arm-bsp/tc1: re-enable signed kernel image"
arm/linux-yocto: remove unused 5.15 patches and inc file
arm-bsp/optee: Remove unreferenced patches
CI: add debug yml file for ease of use
arm/linux-yocto: add gcc 13 gimple backport patch
Mikko Rapeli (1):
scp-firmware: remove -fcanon-prefix-map
Ross Burton (3):
kas: remove obsolete armcompiler LICENSE_FLAGS_ACCEPTED
arm/fvp: add LICENSE_FLAGS_DETAILS
arm/trusted-firmware-a: look for LTS releases when looking for releases
Rui Miguel Silva (3):
arm-bsp/trusted-services:corstone1000: remove already merged patches
arm-bsp/trusted-services: remove merged patches for corstone1000
arm-bps/corstone1000: setup trusted service proxy configuration
meta-security: 5c2379f4bc..180dac9aec:
Andrew Geissler (1):
ibmswtpm2: update to 164-2020-192.1
Mikko Rapeli (4):
linux-yocto: support tpm and tpm2 on all architectures
linux-yocto: remove tpm_x86.cfg
parsec-service: fix build error
parsec-tool: fix build error
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7e7960123b241d099e5ace7c36bb5836bdac6aad
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
index 0b7abc3..502a7aa 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -1,6 +1,6 @@
-From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001
+From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
-Date: Tue, 14 Sep 2021 12:18:25 +0200
+Date: Tue, 30 May 2023 09:11:27 -0700
Subject: [PATCH] Configure: do not tweak mips cflags
This conflicts with mips machine definitons from yocto,
@@ -9,20 +9,23 @@
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
+Refreshed for openssl-3.1.1
+Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
Configure | 10 ----------
1 file changed, 10 deletions(-)
-Index: openssl-3.0.4/Configure
-===================================================================
---- openssl-3.0.4.orig/Configure
-+++ openssl-3.0.4/Configure
-@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC}
+diff --git a/Configure b/Configure
+index 4569952..adf019b 100755
+--- a/Configure
++++ b/Configure
+@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
push @{$config{shared_ldflag}}, "-mno-cygwin";
}
-if ($target =~ /linux.*-mips/ && !$disabled{asm}
-- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
- # minimally required architecture flags for assembly modules
- my $value;
- $value = '-mips2' if ($target =~ /mips32/);
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
deleted file mode 100644
index 33b0bb6..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From 2017771e2db3e2b96f89bbe8766c3209f6a99545 Mon Sep 17 00:00:00 2001
-From: Pauli <pauli@openssl.org>
-Date: Wed, 8 Mar 2023 15:28:20 +1100
-Subject: [PATCH] x509: excessive resource use verifying policy constraints
-
-A security vulnerability has been identified in all supported versions
-of OpenSSL related to the verification of X.509 certificate chains
-that include policy constraints. Attackers may be able to exploit this
-vulnerability by creating a malicious certificate chain that triggers
-exponential use of computational resources, leading to a denial-of-service
-(DoS) attack on affected systems.
-
-Fixes CVE-2023-0464
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
-(Merged from https://github.com/openssl/openssl/pull/20570)
-
-Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545]
-CVE: CVE-2023-0464
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
-
----
- crypto/x509/pcy_local.h | 8 +++++++-
- crypto/x509/pcy_node.c | 12 +++++++++---
- crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
- 3 files changed, 42 insertions(+), 14 deletions(-)
-
-diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
-index 18b53cc..cba107c 100644
---- a/crypto/x509/pcy_local.h
-+++ b/crypto/x509/pcy_local.h
-@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
- };
-
- struct X509_POLICY_TREE_st {
-+ /* The number of nodes in the tree */
-+ size_t node_count;
-+ /* The maximum number of nodes in the tree */
-+ size_t node_maximum;
-+
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
-@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree);
-+ X509_POLICY_TREE *tree,
-+ int extra_data);
- void ossl_policy_node_free(X509_POLICY_NODE *node);
- int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
-index 9d9a7ea..450f95a 100644
---- a/crypto/x509/pcy_node.c
-+++ b/crypto/x509/pcy_node.c
-@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree)
-+ X509_POLICY_TREE *tree,
-+ int extra_data)
- {
- X509_POLICY_NODE *node;
-
-+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
-+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
-+ return NULL;
-+
- node = OPENSSL_zalloc(sizeof(*node));
- if (node == NULL) {
- ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
-@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- node->data = data;
- node->parent = parent;
-- if (level) {
-+ if (level != NULL) {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
- goto node_error;
-@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-- if (tree) {
-+ if (extra_data) {
- if (tree->extra_data == NULL)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (tree->extra_data == NULL){
-@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-+ tree->node_count++;
- if (parent)
- parent->nchild++;
-
-diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
-index fa45da5..f953a05 100644
---- a/crypto/x509/pcy_tree.c
-+++ b/crypto/x509/pcy_tree.c
-@@ -14,6 +14,17 @@
-
- #include "pcy_local.h"
-
-+/*
-+ * If the maximum number of nodes in the policy tree isn't defined, set it to
-+ * a generous default of 1000 nodes.
-+ *
-+ * Defining this to be zero means unlimited policy tree growth which opens the
-+ * door on CVE-2023-0464.
-+ */
-+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
-+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
-+#endif
-+
- static void expected_print(BIO *channel,
- X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
- int indent)
-@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- return X509_PCY_TREE_INTERNAL;
- }
-
-+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
-+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
-+
- /*
- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
- *
-@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- if ((data = ossl_policy_data_new(NULL,
- OBJ_nid2obj(NID_any_policy), 0)) == NULL)
- goto bad_tree;
-- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
-+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- goto bad_tree;
- }
-@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- * Return value: 1 on success, 0 otherwise
- */
- static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-- X509_POLICY_DATA *data)
-+ X509_POLICY_DATA *data,
-+ X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *last = curr - 1;
- int i, matched = 0;
-@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- if (ossl_policy_node_match(last, node, data->valid_policy)) {
-- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
- return 0;
- matched = 1;
- }
- }
- if (!matched && last->anyPolicy) {
-- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
- return 0;
- }
- return 1;
-@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- * Return value: 1 on success, 0 otherwise.
- */
- static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-- const X509_POLICY_CACHE *cache)
-+ const X509_POLICY_CACHE *cache,
-+ X509_POLICY_TREE *tree)
- {
- int i;
-
-@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
-
- /* Look for matching nodes in previous level */
-- if (!tree_link_matching_nodes(curr, data))
-+ if (!tree_link_matching_nodes(curr, data, tree))
- return 0;
- }
- return 1;
-@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- return 0;
- }
-@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
- /* Finally add link to anyPolicy */
- if (last->anyPolicy &&
- ossl_policy_level_add_node(curr, cache->anyPolicy,
-- last->anyPolicy, NULL) == NULL)
-+ last->anyPolicy, tree, 0) == NULL)
- return 0;
- return 1;
- }
-@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
- node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
-- tree);
-+ tree, 1);
- }
- if (!tree->user_policies) {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
-@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
-
- for (i = 1; i < tree->nlevel; i++, curr++) {
- cache = ossl_policy_cache_set(curr->cert);
-- if (!tree_link_nodes(curr, cache))
-+ if (!tree_link_nodes(curr, cache, tree))
- return X509_PCY_TREE_INTERNAL;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
---
-2.25.1
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.0.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
index b319c66..f5f3f32 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
@@ -12,14 +12,13 @@
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://fix_random_labels.patch \
- file://CVE-2023-0464.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4"
+SRC_URI[sha256sum] = "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -119,7 +118,7 @@
target=linux-ppc64le
;;
linux-riscv32)
- target=linux-generic32
+ target=linux-latomic
;;
linux-riscv64)
target=linux-generic64