Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / ab475af3890f35980cd224ec8da7143c68834989
commitab475af3890f35980cd224ec8da7143c68834989[log] [tgz]
authorPatrick Williams <patrick@stwcx.xyz>Thu Apr 21 14:30:30 2022 -0500
committerPatrick Williams <patrick@stwcx.xyz>Thu Apr 21 14:32:13 2022 -0500
tree17e7111d61ee585f26e344679909fd07c5193d10
parente093d3473a724f8f7cbb318d2a632518655e7304 [diff]
subtree updates

meta-openembedded: ab9fca485e..fdd1dfe6b4:
  Akash Hadke (1):
        tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266

  Andre Carvalho (1):
        netcat: Set CVE_PRODUCT

  Armin Kuster (7):
        wireshark: Update to 3.2.18
        c-ares: bump PV in recipe to 1.16.1
        pw-am.sh: update to new patcwork system
        p7zip: refresh patches
        breakpad: Update SRC_URI for protobuf and lss
        spirv-tools: update SRC_URI for googletest to main
        Mariadb: update to 10.4.24

  Christian Ege (1):
        cli11: switch from default master branch to main to fix do_fetch failure

  Christian Eggers (1):
        graphviz: native: create /usr/lib/graphviz/config6 in populate_sysroot

  Daniel Stadelmann (1):
        imagemagick: update SRC_URI branch from master to main

  Jeremy Puhlman (1):
        CVE-2021-4034: polkit Local privilege escalation in pkexec due to incorrect handling of argument vector

  Khem Raj (1):
        mongodb: Pass OBJCOPY to scons so it does not use it from host

  Kristian Klausen (1):
        cryptsetup: Add runtime dependency on lvm2-udevrules for udev

  Leif Middelschulte (1):
        dbus-daemon-proxy: add missing `return` statement

  Mingli Yu (2):
        polkit: fix CVE-2021-3560
        geoip: Switch to use the main branch

  Minjae Kim (1):
        multipath-tools: update SRC_URI

  Nisha Parrakat (2):
        p7zip: build and package lib7z.so needed for fastboot
        nodejs: upgrade to 12.22.2

  Peter Kjellerstedt (1):
        googletest: Switch branch from master to main

  Ralph Siemsen (2):
        nginx: backport fix for CVE-2019-20372
        polkit: fix overlapping changes in recent CVE patches

  Ranjitsinh Rathod (4):
        strongswan: Add fix of CVE-2021-45079
        nss: Add fix for CVE-2022-22747
        polkit: Fix for CVE-2021-4115
        python3-urllib3: Fix CVE-2020-26137 and CVE-2021-33503

  Robert Joslyn (1):
        linuxptp: Update to 2.0.1

  Ross Burton (1):
        protobuf: fix patch fuzz

  Sana Kazi (2):
        protobuf: Fix CVE-2021-22570
        openjpeg: Fix multiple CVE

  Thomas Perrot (1):
        breakpad: fix branch for gtest in SRC_URI

  Virendra Thakur (5):
        strongswan: Fix for CVE-2021-41990 and CVE-2021-41991
        udisks2: Fix for CVE-2021-3802
        p7zip: fix for CVE-2018-5996
        nodejs: Fix for CVE-2021-44532
        p7zip: Fix for CVE-2016-9296

  Yi Zhao (1):
        apache2: upgrade 2.4.52 -> 2.4.53

  wangmy (1):
        apache2: upgrade 2.4.51 -> 2.4.52

meta-security: b76698c788..c62970fda8:
  Armin Kuster (3):
        clamav: disable DB creation.
        clamav: drop creating cvd package
        chkrootkit: update SRC_URI

  Jeremy A. Puhlman (1):
        sssd: re-package to fix QA issues

  Ralph Siemsen (2):
        tpm2-tools: backport fix for CVE-2021-3565
        tpm2-tools: update to 4.1.3

poky: bba3233897..b6ce93d565:
  Alexander Kanavin (4):
        libusb1: correct SRC_URI
        ruby: correctly set native/target dependencies
        vim: do not report upstream version check as broken
        mobile-broadband-provider-info: upgrade 20201225 -> 20210805

  Bruce Ashfield (4):
        linux-yocto/5.4: update to v5.4.173
        linux-yocto/5.4: update to v5.4.176
        linux-yocto/5.4: update to v5.4.178
        perf-tests: add bash into RDEPENDS (v5.12-rc5+)

  Changhyeok Bae (1):
        mobile-broadband-provider-info: upgrade 20210805 -> 20220315

  Chee Yang Lee (1):
        ruby: 2.7.4 -> 2.7.5

  Christian Eggers (1):
        sdk: fix search for dynamic loader

  Davide Gardenal (6):
        re2c: backport fix for CVE-2018-21232
        qemu: backport fix for CVE-2020-13253
        qemu: backport patch fix for CVE-2020-13791
        apt: backport patch fix for CVE-2020-3810
        ghostscript: backport patch fix for CVE-2021-3781
        go: backport patch fix for CVE-2021-38297

  Florian Amstutz (1):
        devtool: deploy-target: Remove stripped binaries in pseudo context

  Jose Quaresma (2):
        buildhistory.bbclass: create the buildhistory directory when needed
        sstate: inside the threadedpool don't write to the shared localdata

  Joshua Watt (5):
        tzdata: Remove BSD License specifier
        e2fsprogs: Use specific BSD license variant
        glib-2.0: Use specific BSD license variant
        shadow: Use specific BSD license variant
        libcap: Use specific BSD license variant

  Kartikey Rameshbhai Parmar (1):
        puzzles: Upstream changed to main branch for development

  Konrad Weihmann (1):
        ruby: fix DEPENDS append

  Lee Chee Yang (1):
        poky.conf: update tested distros

  Marek Vasut (2):
        binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags.
        bootchart2: Add missing python3-math dependency

  Marta Rybczynska (48):
        grub: add a fix for CVE-2020-25632
        grub: add a fix for CVE-2020-25647
        grub: fix a memory leak
        grub: add a fix for a possible NULL dereference
        grub: fix a dangling memory pointer
        grub: fix wrong handling of argc == 0
        grub: add a fix for malformed device path handling
        grub: fix memory leak at error in grub_efi_get_filename()
        grub: add a fix for a possible NULL pointer dereference
        grub: add a fix for unused variable in gnulib
        grub: fix an unitialized token in gnulib
        grub: add a fix a NULL pointer dereference in gnulib
        grub: add a fix for NULL pointer dereference
        grub: fix an unitialized re_token in gnulib
        grub: add a fix for unnecessary assignements
        grub: add structure initialization in zstd
        grub: add a missing NULL check
        grub: fix a memory leak
        grub: fix a memory leak
        grub: fix a memory leak
        grub: fix an integer overflow
        grub: add a fix for a length check
        grub: add a fix for a possible negative shift
        grub: add a fix for a memory leak
        grub: add a fix for possible integer overflows
        grub: fix an error check
        grub: add a fix for a memory leak
        grub: add a fix for a possible unintended sign extension
        grub: add a fix for a possible NULL dereference
        grub: add a fix for a memory leak
        grub: add a fix for a memory leak
        grub: fix a memory leak
        grub: remove unneeded return value
        grub: fix an integer overflow
        grub: fix multiple integer overflows
        grub: fix a possible integer overflow
        grub: test for malformed jpeg files
        grub: remove dead code
        grub: fix checking for NULL
        grub: add a fix for a memory leak
        grub: avoid a memory leak
        grub: add a check for a NULL pointer
        grub: add a fix for NULL pointer dereference
        grub: add a fix for an incorrect cast
        grub: fix incorrect use of a negative value
        grub: add a fix for a NULL pointer dereference
        grub: avoid a NULL pointer dereference
        grub: add a fix for a crash in scripts

  Martin Beeger (1):
        cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file

  Martin Jansa (1):
        boost: fix native build with glibc-2.34

  Michael Halstead (2):
        releases: update to include 3.1.14
        uninative: Upgrade to 3.5

  Michael Opdenacker (1):
        docs: fix hardcoded link warning messages

  Minjae Kim (6):
        ghostscript: fix CVE-2021-45949
        go: fix CVE-2022-23806
        go: fix CVE-2022-23772
        bluez5: fix CVE-2021-3658
        gnu-config: update SRC_URI
        virglrenderer: update SRC_URI

  Nathan Rossi (1):
        cml1.bbclass: Handle ncurses-native being available via pkg-config

  Oleksandr Kravchuk (1):
        tzdata: update to 2022a

  Ovidiu Panait (1):
        openssl: upgrade 1.1.1l -> 1.1.1n

  Peter Kjellerstedt (2):
        sstate: A third fix for for touching files inside pseudo
        python3-jinja2: Correct HOMEPAGE

  Purushottam Choudhary (3):
        systemd: Fix CVE-2021-3997
        freetype: add missing CVE tag CVE-2020-15999
        tiff: fix for CVE-2022-22844

  Ralph Siemsen (6):
        bind: update to 9.11.36
        libxml2: backport fix for CVE-2022-23308
        libxml2: move to gitlab.gnome.org
        libxml2: fix CVE-2022-23308 regression
        bluez5: fix CVE-2022-0204
        bind: update to 9.11.37

  Ranjitsinh Rathod (2):
        util-linux: Fix for CVE-2021-3995 and CVE-2021-3996
        openssl: Add fix for CVE-2021-4160

  Richard Purdie (19):
        bitbake: tests/fetch: Handle upstream master -> main branch change
        default-distrovars.inc: Switch connectivity check to a yoctoproject.org page
        vim: Upgrade 4269 -> 4134
        vim: Upgrade 8.2.4314 -> 8.2.4424
        libxml-parser-perl: Add missing RDEPENDS
        uninative: Add version to uninative tarball name
        systemd: Ensure uid/gid ranges are set deterministically
        vim: Update to 8.2.4524 for further CVE fixes
        build-appliance-image: Update to dunfell head revision
        python3targetconfig: Use for nativesdk too
        oeqa/runtime/ping: Improve failure message to include more detail
        oeqa/selftest/tinfoil: Improve tinfoil event test debugging
        bitbake: server/process: Note when commands complete in logs
        bitbake: tinfoil: Allow run_command not to wait on events
        poky: Drop PREMIRRORS entries for scms
        oeqa/selftest/tinfoil: Fix intermittent event loss issue in test
        mirrors: Add missing gitsm entries for yocto/oe mirrors
        bitbake: server/process: Disable gc around critical section
        conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py

  Ross Burton (13):
        lsof: correct LICENSE
        shadow-sysroot: sync license with shadow
        lighttpd: backport a fix for CVE-2022-22707
        vim: set PACKAGECONFIG idiomatically
        vim: upgrade to 8.2 patch 3752
        vim: update to include latest CVE fixes
        vim: upgrade to patch 4269
        coreutils: remove obsolete ignored CVE list
        cve-check: get_cve_info should open the database read-only
        Revert "cve-check: add lockfile to task"
        asciidoc: update git repository
        python3: ignore CVE-2022-26488
        grub: ignore CVE-2021-46705

  Rudolf J Streif (1):
        linux-firmware: Add CLM blob to linux-firmware-bcm4373 package

  Saul Wold (1):
        recipetool: Fix circular reference in SRC_URI

  Scott Weaver (1):
        bitbake: fetch2: add check for empty SRC_URI hash string

  Stefan Herbrechtsmeier (1):
        cve-check: create directory of CVE_CHECK_MANIFEST before copy

  Steve Sakoman (29):
        glibc: update to lastest 2.31 release HEAD
        expat: fix CVE-2022-23852
        expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch
        common-licenses: add Spencer-94
        documentation: update for 3.1.14 release
        expat: fix CVE-2022-23990
        connman: fix CVE-2022-23096-7
        connman: fix CVE-2022-23098
        connman: fix CVE-2021-33833
        wpa-supplicant: fix CVE-2022-23303-4
        Revert "vim: fix CVE-2021-4069"
        expat: fix CVE-2022-25235
        expat: fix CVE-2022-25236
        expat: fix CVE-2022-25313
        expat: fix CVE-2022-25314
        expat: fix CVE-2022-25315
        ref-system-requirements.rst: update list of supported distros
        linux-yocto: update genericx86* to v5.4.178
        poky.conf: Bump version for 3.1.15 release
        documentation: update for 3.1.15 release
        libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77
        ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native
        util-linux: fix CVE-2022-0563
        xserver-xorg: update to 1.20.9
        xserver-xorg: update to 1.20.10
        xserver-xorg: update to 1.20.11
        xserver-xorg: update to 1.20.12
        xserver-xorg: update to 1.20.13
        xserver-xorg: update to 1.20.14

  Sundeep KOKKONDA (1):
        binutils: Fix CVE-2021-45078

  Tim Orling (1):
        python3: upgrade 3.8.12 -> 3.8.13

  Virendra Thakur (1):
        libarchive: Fix for CVE-2021-36976

  bkylerussell@gmail.com (1):
        rpm: fix intermittent compression failure in do_package_write_rpm

  sana kazi (1):
        tiff: Add backports for two CVEs from upstream

  wangmy (3):
        linux-firmware: upgrade 20211216 -> 20220209
        wireless-regdb: upgrade 2021.08.28 -> 2022.02.18
        linux-firmware: upgrade 20220209 -> 20220310

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ib8eac0ed434df84b23bf80c52a2b3c4be9beff38
297 files changed
tree: 17e7111d61ee585f26e344679909fd07c5193d10
  1. .github/
  2. meta-arm/
  3. meta-aspeed/
  4. meta-evb/
  5. meta-facebook/
  6. meta-google/
  7. meta-hxt/
  8. meta-ibm/
  9. meta-ingrasys/
  10. meta-inspur/
  11. meta-intel/
  12. meta-inventec/
  13. meta-lenovo/
  14. meta-mellanox/
  15. meta-microsoft/
  16. meta-nuvoton/
  17. meta-openembedded/
  18. meta-openpower/
  19. meta-phosphor/
  20. meta-portwell/
  21. meta-qualcomm/
  22. meta-quanta/
  23. meta-raspberrypi/
  24. meta-security/
  25. meta-x86/
  26. meta-xilinx/
  27. meta-yadro/
  28. poky/
  29. bitbakepoky/bitbake/
  30. LICENSEpoky/LICENSE
  31. metapoky/meta
  32. meta-pokypoky/meta-poky/
  33. meta-skeletonpoky/meta-skeleton
  34. oe-init-build-envpoky/oe-init-build-env
  35. scriptspoky/scripts/
  36. .gitignore
  37. .gitreview
  38. .templateconf
  39. MAINTAINERS
  40. openbmc-env
  41. README.md
  42. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 28
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \
    rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment variable known as TEMPLATECONF to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet

MachineTEMPLATECONF
Palmettometa-ibm/meta-palmetto/conf
Zaiusmeta-ingrasys/meta-zaius/conf
Witherspoonmeta-ibm/meta-witherspoon/conf
Romulusmeta-ibm/meta-romulus/conf

As an example target Romulus

export TEMPLATECONF=meta-ibm/meta-romulus/conf

4) Build

. openbmc-env
bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Questions

First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for IRC and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or IRC.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Brad Bishop (chair), IBM
  • Nancy Yuen, Google
  • Sai Dasari, Facebook
  • James Mihm, Intel
  • Sagar Dharia, Microsoft
  • Supreeth Venkatesh, Arm

Contact