commit | cddccf4ad5f8479a7a864e65444b5cebfeb5859e | [log] [tgz] |
---|---|---|
author | Patrick Williams <patrick@stwcx.xyz> | Mon Aug 22 15:51:32 2022 -0500 |
committer | Patrick Williams <patrick@stwcx.xyz> | Mon Aug 22 15:52:39 2022 -0500 |
tree | 027ba7ed151ee64b4083cb894704637aefab8958 | |
parent | ab475af3890f35980cd224ec8da7143c68834989 [diff] |
subtree updates poky: b6ce93d565..4aad5914ef: Ahmed Hossam (1): insane.bbclass: host-user-contaminated: Correct per package home path Alex Kiernan (1): openssh: Add openssh-sftp-server to openssh RDEPENDS Alexander Kanavin (3): mobile-broadband-provider-info: upgrade 20220315 -> 20220511 wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 linux-firmware: update 20220610 -> 20220708 Alexandre Belloni (1): pseudo: Fix handling of absolute links Anuj Mittal (1): efivar: change branch name to main Bruce Ashfield (13): linux-yocto/5.4: update to v5.4.182 linux-yocto/5.4: update to v5.4.183 linux-yocto/5.4: update to v5.4.186 linux-yocto/5.4: update to v5.4.188 linux-yocto/5.4: update to v5.4.190 linux-yocto/5.4: update to v5.4.192 linux-yocto/5.4: update to v5.4.196 linux-yocto/5.4: update to v5.4.199 linux-yocto/5.4: update to v5.4.203 linux-yocto/5.4: update to v5.4.205 linux-yocto-rt/5.4: fixup -rt build breakage linux-yocto/5.4: update to v5.4.208 linux-yocto/5.4: update to v5.4.209 Chee Yang Lee (1): dpkg: update to 1.19.8 Chen Qi (1): cases/buildepoxy.py: fix typo Christophe Priouzeau (1): bitbake: fetch2/wget: Update user-agent Dan Tran (1): ncurses: Fix CVE-2022-29458 Davide Gardenal (3): cve-check: add JSON format to summary output cve-check: fix symlinks where link and output path are equal rootfs-postcommands: fix symlinks where link and output path are equal Dmitry Baryshkov (5): linux-firmware: correct license for ar3k firmware linux-firmware: upgrade 20220411 -> 20220509 linux-firmware: add support for building snapshots linux-firmware: upgrade 20220509 -> 20220610 linux-firwmare: restore WHENCE_CHKSUM variable Ernst Sjöstrand (2): cve-check: Add helper for symlink handling cve-check: Only include installed packages for rootfs manifest Hitendra Prajapati (18): pcre2: CVE-2022-1586 Out-of-bounds read e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem pcre2: CVE-2022-1587 Out-of-bounds read python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content gnupg: CVE-2022-34903 possible signature forgery via injection into the status line grub2: Fix buffer underflow write in the heap qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections grub2: Fix several security issue of integer underflow gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify zlib: CVE-2022-37434 a heap-based buffer over-read Jate Sujjavanich (1): IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation Joe Slater (1): unzip: fix CVE-2021-4217 Joey Degges (1): bitbake: fetch/git: Fix usehead for non-default names Jose Quaresma (3): archiver: use bb.note instead of echo archiver: don't use machine variables in shared recipes gstreamer1.0: use the correct meson option for the capabilities Joshua Watt (1): classes/cve-check: Move get_patches_cves to library Khem Raj (2): busybox: Use base_bindir instead of hardcoding /bin path libmodule-build-perl: Use env utility to find perl interpreter Konrad Weihmann (1): linux-firmware: replace mkdir by install LUIS ENRIQUEZ (1): kernel-fitimage.bbclass: add padding algorithm property in config nodes Marcel Ziswiler (1): alsa-plugins: fix libavtp vs. avtp packageconfig Marek Vasut (1): lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes Marta Rybczynska (10): cve-check: add json format cve-update-db-native: update the CVE database once a day only cve-update-db-native: let the user to drive the update interval cve-check: Fix report generation cve-check: move update_symlinks to a library cve-check: write empty fragment files in the text mode cve-check: add coverage statistics on recipes with/without CVEs cve-update-db-native: make it possible to disable database updates cve-check: add support for Ignored CVEs oeqa/selftest/cve_check: add tests for Ignored and partial reports Martin Jansa (4): license_image.bbclass: close package.manifest file rootfs.py: close kernel_abi_ver_file wic: fix WicError message libxml2: Port gentest.py to Python-3 Michael Opdenacker (3): manuals: add missing space in appends manuals: switch to the sstate mirror shared between all versions ref-manual: variables: remove sphinx directive from literal block Ming Liu (1): rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Mingli Yu (1): oescripts: change compare logic in OEListPackageconfigTests Muhammad Hamza (1): initramfs-framework: move storage mounts to actual rootfs Nick Potenski (1): systemd: systemd-systemctl: Support instance conf files during enable Pascal Bach (1): bin_package: install into base_prefix Paul Gortmaker (1): install/devshell: Introduce git intercept script due to fakeroot issues Pawan Badganchi (3): fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 libinput: Add fix for CVE-2022-1215 openssh: Whitelist CVE-2021-36368 Peter Kjellerstedt (3): metadata_scm.bbclass: Use immediate expansion for the METADATA_* variables u-boot: Correct the SRC_URI license.bbclass: Bound beginline and endline in copy_license_files() Portia (1): volatile-binds: Change DefaultDependencies from false to no Rahul Kumar (1): neard: Switch SRC_URI to git repo Ralph Siemsen (3): gzip: fix CVE-2022-1271 xz: fix CVE-2022-1271 apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug Randy MacLeod (1): vim: update from 9.0.0063 to 9.0.0115 Ranjitsinh Rathod (9): tiff: Add patches to fix multiple CVEs freetype: Fix CVEs for freetype git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE openssl: Minor security upgrade 1.1.1n to 1.1.1o ruby: Upgrade ruby to 2.7.6 for security fix ruby: Whitelist CVE-2021-28966 as this affects Windows OS only libsdl2: Add fix for CVE-2021-33657 openssl: Minor security upgrade 1.1.1o to 1.1.1p cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST Rasmus Villemoes (1): e2fsprogs: add alternatives handling of lsattr as well Richard Purdie (34): vim: Upgrade 8.2.4524 -> 8.2.4681 git: Ignore CVE-2022-24975 pseudo: Add patch to workaround paths with crazy lengths libxshmfence: Correct LICENSE to HPND build-appliance-image: Update to dunfell head revision perf-build-test/report: Drop phantomjs and html email reports support base: Drop git intercept uninative: Upgrade to 3.6 with gcc 12 support base: Avoid circular references to our own scripts scripts: Make git intercept global scripts/git: Ensure we don't have circular references vim: Upgrade 8.2.4681 -> 8.2.4912 vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs cve-check: Allow warnings to be disabled openssl: Backport fix for ptest cert expiry libxslt: Mark CVE-2022-29824 as not applying local.conf.sample: Update sstate url to new 'all' path vim: Upgrade 8.2.5034 -> 8.2.5083 gcc-source: Fix incorrect task dependencies from ${B} bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history) unzip: Port debian fixes for two CVEs cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) vim: 8.2.5083 -> 9.0.0005 oeqa/runtime/scp: Disable scp test for dropbear packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation oe-selftest-image: Ensure the image has sftp as well as dropbear bitbake: fetch/wget: Move files into place atomically ref-manual: Add XZ_THREADS and XZ_MEMLIMIT build-appliance-image: Update to dunfell head revision insane: Fix buildpaths test to work with special devices vim: Upgrade 9.0.0021 -> 9.0.0063 kernel-arch: Fix buildpaths leaking into external module compiles build-appliance-image: Update to dunfell head revision Riyaz (1): libxml2: Fix CVE-2022-29824 for libxml2 Robert Joslyn (3): curl: Backport CVE fixes curl: Fix CVE_CHECK_WHITELIST typo curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208 Ross Burton (10): zlib: backport the fix for CVE-2018-25032 boost: don't specify gcc version python3: ignore CVE-2015-20107 cve-check: no need to depend on the fetch task oeqa/selftest/cve_check: add tests for recipe and image reports bitbake: knotty: display active tasks when printing keepAlive() message bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes cve-check: hook cleanup to the BuildCompleted event, not CookerExit vim: upgrade to 9.0.0021 cve_check: skip remote patches that haven't been fetched when searching for CVE tags Sana Kazi (1): curl: Fix CVEs for curl Sana.Kazi (1): libjpeg-turbo: Fix CVE-2021-46822 Shruthi Ravichandran (1): initscripts: run umountnfs as a KILL script Stefan Wiehler (1): kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task Steve Sakoman (21): documentation: update for 3.1.16 release poky.conf: Bump version for 3.1.16 release git update from 2.24.3 to 2.24.4 scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng busybox: fix CVE-2022-28391 selftest: skip virgl test on alma 8.6 documentation: update for 3.1.17 release poky.conf: bump version for 3.1.17 release Revert "openssl: Backport fix for ptest cert expiry" openssl: backport fix for ptest certificate expiration openssl: update the epoch time for ct_test ptest cups: fix CVE-2022-26691 openssh: break dependency on base package for -dev package dropbear: break dependency on base package for -dev package qemu: add PACKAGECONFIG for capstone openssl: security upgrade 1.1.1p to 1.1.1q documentation: update for 3.1.18 release poky.conf: bump version for 3.1.18 release selftest: skip virgl test on fedora 36 documentation: update for 3.1.19 release poky.conf: bump version for 3.1.19 release Virendra Thakur (1): ffmpeg: Fix for CVE-2022-1475 leimaohui (1): cve-check.bbclass: Added do_populate_sdk[recrdeptask]. omkar patil (1): libxslt: Fix CVE-2021-30560 sana kazi (1): tiff: Fix CVE-2022-0891 wangmy (1): linux-firmware: upgrade 20220310 -> 20220411 zhengruoqin (1): wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 meta-raspberrypi: 934064a019..2081e1bb9a: Omer Akram (1): linux-firmware-rpidistro: fix wifi driver loading on cm4 meta-openembedded: fdd1dfe6b4..f22bf6efaa: Adrian Fiergolski (1): python3-matplotlib: add missing dependency Akash Hadke (2): iperf: Set CVE_PRODUCT to "iperf_project:iperf" ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g" Armin Kuster (2): mariadb: update to 10.4.25 bigbuckbunny-1080p: update SRC_URI Chen Qi (2): ntfs-3g-ntfsprogs: upgrade to 2021.8.22 ntfs-3g-ntfsprogs: upgrade to 2022.5.17 Hitendra Prajapati (3): openldap: CVE-2022-29155 OpenLDAP SQL injection xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.c cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands Jeroen Hofstee (1): php: move to version v7.4.28 Julien STEPHAN (2): opencl-icd-loader: switch to main branch opencl-headers: switch to main branch Khem Raj (2): postgresql: Fix build on riscv meta-oe: Add leading whitespace for append operator Martin Jansa (5): python3-cryptography: backport 3 changes to fix CVE-2020-36242 ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay tesseract-lang: switch from master branch to main leveldb: switch from master branch to main grpc: switch from master branch to main for upb Mikko Rapeli (1): fuse: set CVE_PRODUCT to "fuse_project:fuse" Mingli Yu (1): bridge-utils: Switch to use the main branch Ranjitsinh Rathod (1): atftp: Add fix for CVE-2021-41054 and CVE-2021-46671 Riyaz Ahmed Khan (1): tcpdump: Add fix for CVE-2018-16301 Sana Kazi (1): openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239 Steve Sakoman (1): lua: fix CVE-2022-28805 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I394bfdef7725cf9babd0d3cd7fe45ea3c6c8c2ab
The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \ rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum sudo dnf groupinstall "C Development Tools and Libraries"
git clone git@github.com:openbmc/openbmc.git cd openbmc
Any build requires an environment variable known as TEMPLATECONF
to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample
. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet
Machine | TEMPLATECONF |
---|---|
Palmetto | meta-ibm/meta-palmetto/conf |
Zaius | meta-ingrasys/meta-zaius/conf |
Witherspoon | meta-ibm/meta-witherspoon/conf |
Romulus | meta-ibm/meta-romulus/conf |
As an example target Romulus
export TEMPLATECONF=meta-ibm/meta-romulus/conf
. openbmc-env bitbake obmc-phosphor-image
Additional details can be found in the docs repository.
The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here
Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check
directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.
Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.
Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.
Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.
Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.
First, please do a search on the internet. There's a good chance your question has already been asked.
For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.
For technical discussions, please see contact info below for IRC and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or IRC.
Feature List
Features In Progress
Features Requested but need help
Dive deeper into OpenBMC by opening the docs repository.
The Technical Steering Committee (TSC) guides the project. Members are: