Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / cddccf4ad5f8479a7a864e65444b5cebfeb5859e
commitcddccf4ad5f8479a7a864e65444b5cebfeb5859e[log] [tgz]
authorPatrick Williams <patrick@stwcx.xyz>Mon Aug 22 15:51:32 2022 -0500
committerPatrick Williams <patrick@stwcx.xyz>Mon Aug 22 15:52:39 2022 -0500
tree027ba7ed151ee64b4083cb894704637aefab8958
parentab475af3890f35980cd224ec8da7143c68834989 [diff]
subtree updates

poky: b6ce93d565..4aad5914ef:
  Ahmed Hossam (1):
        insane.bbclass: host-user-contaminated: Correct per package home path

  Alex Kiernan (1):
        openssh: Add openssh-sftp-server to openssh RDEPENDS

  Alexander Kanavin (3):
        mobile-broadband-provider-info: upgrade 20220315 -> 20220511
        wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
        linux-firmware: update 20220610 -> 20220708

  Alexandre Belloni (1):
        pseudo: Fix handling of absolute links

  Anuj Mittal (1):
        efivar: change branch name to main

  Bruce Ashfield (13):
        linux-yocto/5.4: update to v5.4.182
        linux-yocto/5.4: update to v5.4.183
        linux-yocto/5.4: update to v5.4.186
        linux-yocto/5.4: update to v5.4.188
        linux-yocto/5.4: update to v5.4.190
        linux-yocto/5.4: update to v5.4.192
        linux-yocto/5.4: update to v5.4.196
        linux-yocto/5.4: update to v5.4.199
        linux-yocto/5.4: update to v5.4.203
        linux-yocto/5.4: update to v5.4.205
        linux-yocto-rt/5.4: fixup -rt build breakage
        linux-yocto/5.4: update to v5.4.208
        linux-yocto/5.4: update to v5.4.209

  Chee Yang Lee (1):
        dpkg: update to 1.19.8

  Chen Qi (1):
        cases/buildepoxy.py: fix typo

  Christophe Priouzeau (1):
        bitbake: fetch2/wget: Update user-agent

  Dan Tran (1):
        ncurses: Fix CVE-2022-29458

  Davide Gardenal (3):
        cve-check: add JSON format to summary output
        cve-check: fix symlinks where link and output path are equal
        rootfs-postcommands: fix symlinks where link and output path are equal

  Dmitry Baryshkov (5):
        linux-firmware: correct license for ar3k firmware
        linux-firmware: upgrade 20220411 -> 20220509
        linux-firmware: add support for building snapshots
        linux-firmware: upgrade 20220509 -> 20220610
        linux-firwmare: restore WHENCE_CHKSUM variable

  Ernst Sjöstrand (2):
        cve-check: Add helper for symlink handling
        cve-check: Only include installed packages for rootfs manifest

  Hitendra Prajapati (18):
        pcre2: CVE-2022-1586 Out-of-bounds read
        e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem
        pcre2: CVE-2022-1587 Out-of-bounds read
        python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references
        golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
        golang: CVE-2022-24675 encoding/pem: fix stack overflow in Decode
        golang: CVE-2021-31525 net/http: panic in ReadRequest and ReadResponse when reading a very large header
        grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content
        gnupg: CVE-2022-34903 possible signature forgery via injection into the status line
        grub2: Fix buffer underflow write in the heap
        qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
        libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error
        libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
        grub2: Fix several security issue of integer underflow
        gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
        qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write
        gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
        zlib: CVE-2022-37434 a heap-based buffer over-read

  Jate Sujjavanich (1):
        IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation

  Joe Slater (1):
        unzip: fix CVE-2021-4217

  Joey Degges (1):
        bitbake: fetch/git: Fix usehead for non-default names

  Jose Quaresma (3):
        archiver: use bb.note instead of echo
        archiver: don't use machine variables in shared recipes
        gstreamer1.0: use the correct meson option for the capabilities

  Joshua Watt (1):
        classes/cve-check: Move get_patches_cves to library

  Khem Raj (2):
        busybox: Use base_bindir instead of hardcoding /bin path
        libmodule-build-perl: Use env utility to find perl interpreter

  Konrad Weihmann (1):
        linux-firmware: replace mkdir by install

  LUIS ENRIQUEZ (1):
        kernel-fitimage.bbclass: add padding algorithm property in config nodes

  Marcel Ziswiler (1):
        alsa-plugins: fix libavtp vs. avtp packageconfig

  Marek Vasut (1):
        lttng-modules: Backport Linux 5.18+, 5.15.44+, 5.10.119+ fixes

  Marta Rybczynska (10):
        cve-check: add json format
        cve-update-db-native: update the CVE database once a day only
        cve-update-db-native: let the user to drive the update interval
        cve-check: Fix report generation
        cve-check: move update_symlinks to a library
        cve-check: write empty fragment files in the text mode
        cve-check: add coverage statistics on recipes with/without CVEs
        cve-update-db-native: make it possible to disable database updates
        cve-check: add support for Ignored CVEs
        oeqa/selftest/cve_check: add tests for Ignored and partial reports

  Martin Jansa (4):
        license_image.bbclass: close package.manifest file
        rootfs.py: close kernel_abi_ver_file
        wic: fix WicError message
        libxml2: Port gentest.py to Python-3

  Michael Opdenacker (3):
        manuals: add missing space in appends
        manuals: switch to the sstate mirror shared between all versions
        ref-manual: variables: remove sphinx directive from literal block

  Ming Liu (1):
        rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}

  Mingli Yu (1):
        oescripts: change compare logic in OEListPackageconfigTests

  Muhammad Hamza (1):
        initramfs-framework: move storage mounts to actual rootfs

  Nick Potenski (1):
        systemd: systemd-systemctl: Support instance conf files during enable

  Pascal Bach (1):
        bin_package: install into base_prefix

  Paul Gortmaker (1):
        install/devshell: Introduce git intercept script due to fakeroot issues

  Pawan Badganchi (3):
        fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
        libinput: Add fix for CVE-2022-1215
        openssh: Whitelist CVE-2021-36368

  Peter Kjellerstedt (3):
        metadata_scm.bbclass: Use immediate expansion for the METADATA_* variables
        u-boot: Correct the SRC_URI
        license.bbclass: Bound beginline and endline in copy_license_files()

  Portia (1):
        volatile-binds: Change DefaultDependencies from false to no

  Rahul Kumar (1):
        neard: Switch SRC_URI to git repo

  Ralph Siemsen (3):
        gzip: fix CVE-2022-1271
        xz: fix CVE-2022-1271
        apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug

  Randy MacLeod (1):
        vim: update from 9.0.0063 to 9.0.0115

  Ranjitsinh Rathod (9):
        tiff: Add patches to fix multiple CVEs
        freetype: Fix CVEs for freetype
        git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE
        openssl: Minor security upgrade 1.1.1n to 1.1.1o
        ruby: Upgrade ruby to 2.7.6 for security fix
        ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
        libsdl2: Add fix for CVE-2021-33657
        openssl: Minor security upgrade 1.1.1o to 1.1.1p
        cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST

  Rasmus Villemoes (1):
        e2fsprogs: add alternatives handling of lsattr as well

  Richard Purdie (34):
        vim: Upgrade 8.2.4524 -> 8.2.4681
        git: Ignore CVE-2022-24975
        pseudo: Add patch to workaround paths with crazy lengths
        libxshmfence: Correct LICENSE to HPND
        build-appliance-image: Update to dunfell head revision
        perf-build-test/report: Drop phantomjs and html email reports support
        base: Drop git intercept
        uninative: Upgrade to 3.6 with gcc 12 support
        base: Avoid circular references to our own scripts
        scripts: Make git intercept global
        scripts/git: Ensure we don't have circular references
        vim: Upgrade 8.2.4681 -> 8.2.4912
        vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
        cve-check: Allow warnings to be disabled
        openssl: Backport fix for ptest cert expiry
        libxslt: Mark CVE-2022-29824 as not applying
        local.conf.sample: Update sstate url to new 'all' path
        vim: Upgrade 8.2.5034 -> 8.2.5083
        gcc-source: Fix incorrect task dependencies from ${B}
        bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely
        bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history)
        unzip: Port debian fixes for two CVEs
        cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
        vim: 8.2.5083 -> 9.0.0005
        oeqa/runtime/scp: Disable scp test for dropbear
        packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
        oe-selftest-image: Ensure the image has sftp as well as dropbear
        bitbake: fetch/wget: Move files into place atomically
        ref-manual: Add XZ_THREADS and XZ_MEMLIMIT
        build-appliance-image: Update to dunfell head revision
        insane: Fix buildpaths test to work with special devices
        vim: Upgrade 9.0.0021 -> 9.0.0063
        kernel-arch: Fix buildpaths leaking into external module compiles
        build-appliance-image: Update to dunfell head revision

  Riyaz (1):
        libxml2: Fix CVE-2022-29824 for libxml2

  Robert Joslyn (3):
        curl: Backport CVE fixes
        curl: Fix CVE_CHECK_WHITELIST typo
        curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208

  Ross Burton (10):
        zlib: backport the fix for CVE-2018-25032
        boost: don't specify gcc version
        python3: ignore CVE-2015-20107
        cve-check: no need to depend on the fetch task
        oeqa/selftest/cve_check: add tests for recipe and image reports
        bitbake: knotty: display active tasks when printing keepAlive() message
        bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes
        cve-check: hook cleanup to the BuildCompleted event, not CookerExit
        vim: upgrade to 9.0.0021
        cve_check: skip remote patches that haven't been fetched when searching for CVE tags

  Sana Kazi (1):
        curl: Fix CVEs for curl

  Sana.Kazi (1):
        libjpeg-turbo: Fix CVE-2021-46822

  Shruthi Ravichandran (1):
        initscripts: run umountnfs as a KILL script

  Stefan Wiehler (1):
        kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task

  Steve Sakoman (21):
        documentation: update for 3.1.16 release
        poky.conf: Bump version for 3.1.16 release
        git update from 2.24.3 to 2.24.4
        scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng
        busybox: fix CVE-2022-28391
        selftest: skip virgl test on alma 8.6
        documentation: update for 3.1.17 release
        poky.conf: bump version for 3.1.17 release
        Revert "openssl: Backport fix for ptest cert expiry"
        openssl: backport fix for ptest certificate expiration
        openssl: update the epoch time for ct_test ptest
        cups: fix CVE-2022-26691
        openssh: break dependency on base package for -dev package
        dropbear: break dependency on base package for -dev package
        qemu: add PACKAGECONFIG for capstone
        openssl: security upgrade 1.1.1p to 1.1.1q
        documentation: update for 3.1.18 release
        poky.conf: bump version for 3.1.18 release
        selftest: skip virgl test on fedora 36
        documentation: update for 3.1.19 release
        poky.conf: bump version for 3.1.19 release

  Virendra Thakur (1):
        ffmpeg: Fix for CVE-2022-1475

  leimaohui (1):
        cve-check.bbclass: Added do_populate_sdk[recrdeptask].

  omkar patil (1):
        libxslt: Fix CVE-2021-30560

  sana kazi (1):
        tiff: Fix CVE-2022-0891

  wangmy (1):
        linux-firmware: upgrade 20220310 -> 20220411

  zhengruoqin (1):
        wireless-regdb: upgrade 2022.02.18 -> 2022.04.08

meta-raspberrypi: 934064a019..2081e1bb9a:
  Omer Akram (1):
        linux-firmware-rpidistro: fix wifi driver loading on cm4

meta-openembedded: fdd1dfe6b4..f22bf6efaa:
  Adrian Fiergolski (1):
        python3-matplotlib: add missing dependency

  Akash Hadke (2):
        iperf: Set CVE_PRODUCT to "iperf_project:iperf"
        ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g"

  Armin Kuster (2):
        mariadb: update to 10.4.25
        bigbuckbunny-1080p: update SRC_URI

  Chen Qi (2):
        ntfs-3g-ntfsprogs: upgrade to 2021.8.22
        ntfs-3g-ntfsprogs: upgrade to 2022.5.17

  Hitendra Prajapati (3):
        openldap: CVE-2022-29155 OpenLDAP SQL injection
        xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.c
        cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

  Jeroen Hofstee (1):
        php: move to version v7.4.28

  Julien STEPHAN (2):
        opencl-icd-loader: switch to main branch
        opencl-headers: switch to main branch

  Khem Raj (2):
        postgresql: Fix build on riscv
        meta-oe: Add leading whitespace for append operator

  Martin Jansa (5):
        python3-cryptography: backport 3 changes to fix CVE-2020-36242
        ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay
        tesseract-lang: switch from master branch to main
        leveldb: switch from master branch to main
        grpc: switch from master branch to main for upb

  Mikko Rapeli (1):
        fuse: set CVE_PRODUCT to "fuse_project:fuse"

  Mingli Yu (1):
        bridge-utils: Switch to use the main branch

  Ranjitsinh Rathod (1):
        atftp: Add fix for CVE-2021-41054 and CVE-2021-46671

  Riyaz Ahmed Khan (1):
        tcpdump: Add fix for CVE-2018-16301

  Sana Kazi (1):
        openjpeg: Whitelist CVE-2020-27844 and CVE-2015-1239

  Steve Sakoman (1):
        lua: fix CVE-2022-28805

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I394bfdef7725cf9babd0d3cd7fe45ea3c6c8c2ab
225 files changed
tree: 027ba7ed151ee64b4083cb894704637aefab8958
  1. .github/
  2. meta-arm/
  3. meta-aspeed/
  4. meta-evb/
  5. meta-facebook/
  6. meta-google/
  7. meta-hxt/
  8. meta-ibm/
  9. meta-ingrasys/
  10. meta-inspur/
  11. meta-intel/
  12. meta-inventec/
  13. meta-lenovo/
  14. meta-mellanox/
  15. meta-microsoft/
  16. meta-nuvoton/
  17. meta-openembedded/
  18. meta-openpower/
  19. meta-phosphor/
  20. meta-portwell/
  21. meta-qualcomm/
  22. meta-quanta/
  23. meta-raspberrypi/
  24. meta-security/
  25. meta-x86/
  26. meta-xilinx/
  27. meta-yadro/
  28. poky/
  29. bitbakepoky/bitbake/
  30. LICENSEpoky/LICENSE
  31. metapoky/meta
  32. meta-pokypoky/meta-poky/
  33. meta-skeletonpoky/meta-skeleton
  34. oe-init-build-envpoky/oe-init-build-env
  35. scriptspoky/scripts/
  36. .gitignore
  37. .gitreview
  38. .templateconf
  39. MAINTAINERS
  40. openbmc-env
  41. README.md
  42. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 28
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \
    rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment variable known as TEMPLATECONF to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet

MachineTEMPLATECONF
Palmettometa-ibm/meta-palmetto/conf
Zaiusmeta-ingrasys/meta-zaius/conf
Witherspoonmeta-ibm/meta-witherspoon/conf
Romulusmeta-ibm/meta-romulus/conf

As an example target Romulus

export TEMPLATECONF=meta-ibm/meta-romulus/conf

4) Build

. openbmc-env
bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

OpenBMC Development

The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Questions

First, please do a search on the internet. There's a good chance your question has already been asked.

For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.

For technical discussions, please see contact info below for IRC and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or IRC.

Features of OpenBMC

Feature List

  • Host management: Power, Cooling, LEDs, Inventory, Events, Watchdog
  • Full IPMI 2.0 Compliance with DCMI
  • Code Update Support for multiple BMC/BIOS images
  • Web-based user interface
  • REST interfaces
  • D-Bus based interfaces
  • SSH based SOL
  • Remote KVM
  • Hardware Simulation
  • Automated Testing
  • User management
  • Virtual media

Features In Progress

  • OpenCompute Redfish Compliance
  • Verified Boot

Features Requested but need help

  • OpenBMC performance monitoring

Finding out more

Dive deeper into OpenBMC by opening the docs repository.

Technical Steering Committee

The Technical Steering Committee (TSC) guides the project. Members are:

  • Brad Bishop (chair), IBM
  • Nancy Yuen, Google
  • Sai Dasari, Facebook
  • James Mihm, Intel
  • Sagar Dharia, Microsoft
  • Supreeth Venkatesh, Arm

Contact