commit | 841583d6ba5918b60868b708ff0b89cf0409efa7 | [log] [tgz] |
---|---|---|
author | Patrick Williams <patrick@stwcx.xyz> | Wed May 03 21:37:45 2023 -0500 |
committer | Patrick Williams <patrick@stwcx.xyz> | Wed May 03 21:38:27 2023 -0500 |
tree | 49e155d7d6c2ea5a7081fc4dcbc51cb0a522e120 | |
parent | 61a2d43a172b70aa34fd7ec33fc048a211fa5c4c [diff] |
subtree updates poky: 90a6f6a110..a631bfc3a3: Alban Bedel (1): systemd: Fix systemd when used with busybox less Alex Kiernan (1): openssl: upgrade 1.1.1q to 1.1.1s Alexander Kanavin (12): tzdata: update to 2022d linux-firmware: upgrade 20220913 -> 20221012 tzdata: update 2022d -> 2022g linux-firmware: upgrade 20221109 -> 20221214 selftest/virgl: use pkg-config from the host oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs linux-firmware: upgrade 20221214 -> 20230117 linux-firmware: upgrade 20230117 -> 20230210 wireless-regdb: upgrade 2022.08.12 -> 2023.02.13 apr: update 1.7.0 -> 1.7.2 apr-util: update 1.6.1 -> 1.6.3 Alexey Smirnov (1): classes: make TOOLCHAIN more permissive for kernel Andrej Valek (1): libarchive: fix CVE-2022-26280 Antonin Godard (2): busybox: always start do_compile with orig config files busybox: rm temporary files if do_compile was interrupted Bartosz Golaszewski (1): bluez5: add dbus to RDEPENDS Benoît Mauduit (1): lib/oe/reproducible: Use git log without gpg signature Bhabu Bindu (4): libxml2: Fix CVE-2022-40303 libxml2: Fix CVE-2022-40304 ffmpeg: Fix CVE-2022-3109 ffmpeg: fix for CVE-2022-3341 Bruce Ashfield (12): linux-yocto/5.4: update to v5.4.216 linux-yocto/5.4: update to v5.4.219 linux-yocto/5.4: update to v5.4.221 linux-yocto/5.4: update to v5.4.224 linux-yocto/5.4: update to v5.4.225 linux-yocto/5.4: update to v5.4.228 linux-yocto/5.4: update to v5.4.229 linux-yocto/5.4: update to v5.4.230 linux-yocto/5.4: update to v5.4.231 linux-yocto/5.4: update to v5.4.233 linux-yocto/5.4: update to v5.4.234 linux-yocto/5.4: update to v5.4.237 Changqing Li (1): base.bbclass: Fix way to check ccache path Charlie Davies (1): bitbake: bitbake: fetch/git: use shlex.quote() to support spaces in SRC_URI url Chee Yang Lee (6): libksba: fix CVE-2022-47629 tiff: fix multiple CVEs ghostscript: add CVE tag for check-stack-limits-after-function-evalution.patch libksba: fix CVE-2022-3515 qemu: fix multple CVEs git: ignore CVE-2023-22743 Chen Qi (3): kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild psplash: consider the situation of psplash not exist for systemd bc: extend to nativesdk Christoph Lauer (1): populate_sdk_base: add zip options Daniel McGregor (1): coreutils: add openssl PACKAGECONFIG Dmitry Baryshkov (3): linux-firmware: upgrade 20221012 -> 20221109 linux-firmware: properly set license for all Qualcomm firmware linux-firmware: add yamato fw files to qcom-adreno-a2xx package Frank de Brabander (1): cve-update-db-native: add timeout to urlopen() calls Gaurav Gupta (1): qemu: fix build error introduced by CVE-2021-3929 fix Geoffrey GIRY (1): cve-check: Fix false negative version issue Harald Seiler (1): opkg: Set correct info_dir and status_file in opkg.conf Hitendra Prajapati (21): dhcp: Fix CVE-2022-2928 & CVE-2022-2929 qemu: CVE-2021-3750 hcd-ehci: DMA reentrancy issue leads to use-after-free golang: CVE-2022-2880 ReverseProxy should not forward unparseable query parameters libX11: CVE-2022-3554 Fix memory leak bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c sudo: CVE-2022-43995 heap-based overflow with very small passwords libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c sysstat: fix CVE-2022-39377 golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be loaded grub2: Fix CVE-2022-2601 & CVE-2022-3775 xserver-xorg: Fix Multiple CVEs git: CVE-2022-23521 gitattributes parsing integer overflow curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read curl: CVE-2023-23916 HTTP multi-header compression denial of service qemu: fix compile error which imported by CVE-2022-4144 ruby: CVE-2023-28756 ReDoS vulnerability in Time curl: CVE-2023-27534 SFTP path ~ resolving discrepancy curl: CVE-2023-27538 fix SSH connection too eager reuse screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Hugo SIMELIERE (2): bluez5: Exclude CVE-2022-39177 from cve-check openssl: upgrade 1.1.1s to 1.1.1t Jagadeesh Krishnanjanappa (1): qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image Jan Kircher (1): toolchain-scripts: compatibility with unbound variable protection Jermain Horsman (1): cve-check: write the cve manifest to IMGDEPLOYDIR John Edward Broadbent (1): externalsrc: git submodule--helper list unsupported Joshua Watt (6): sudo: Use specific BSD license variant classes/create-spdx: Backport classes/package: Add extended packaged data licenses: Add GPL+ licenses to map create-spdx: Use gzip for compression classes/package: Use gzip for extended package data Kenfe-Mickael Laventure (3): buildtools-tarball: Handle spaces within user $PATH toolchain-scripts: Handle spaces within user $PATH populate_sdk_ext: Handle spaces within user $PATH Khem Raj (3): libtirpc: Check if file exists before operating on it apr: Use correct strerror_r implementation based on libc type apr: Cache configure tests which use AC_TRY_RUN Lee Chee Yang (1): dropbear: fix CVE-2021-36369 Luis (1): rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively Manuel Leonhardt (1): sstate: Account for reserved characters when shortening sstate filenames Marek Vasut (2): bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata bitbake: fetch2/git: Clarify the meaning of namespace Marta Rybczynska (1): cve-update-db-native: avoid incomplete updates Martin Jansa (3): externalsrc.bbclass: fix git repo detection meta: remove True option to getVar and getVarFlag calls (again) bmap-tools: switch to main branch Mathieu Dubois-Briand (1): curl: Fix CVE CVE-2022-35260 Mauro Queiros (1): image.bbclass: print all QA functions exceptions Michael Halstead (1): uninative: Upgrade to 3.7 to work with glibc 2.36 Michael Opdenacker (4): dev-manual: update session about multiconfig ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT profile-manual: update WireShark hyperlinks overview-manual: update patchwork instance URL Mike Crowe (1): kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE Mikko Rapeli (2): oeqa context.py: fix --target-ip comment to include ssh port number oeqa rtc.py: skip if read-only-rootfs Ming Liu (1): linux: inherit pkgconfig in kernel.bbclass Minjae Kim (2): xserver-xorg: backport fixes for CVE-2022-3550, CVE-2022-3551 and CVE-2022-3553 ppp: fix CVE-2022-4603 Nikhil R (1): openssl: Fix CVE-2023-0464 Niko Mauno (2): systemd: Consider PACKAGECONFIG in RRECOMMENDS Fix missing leading whitespace with ':append' Omkar (2): dbus: upgrade 1.12.22 -> 1.12.24 python3: Fix CVE-2022-45061 Omkar Patil (3): sudo: Fix CVE-2023-22809 openssl: Fix CVE-2023-0465 openssl: Fix CVE-2023-0466 Paul Eggleton (1): classes/kernel-fitimage: add ability to add additional signing options Pavel Zhukov (1): oeqa/rpm.py: Increase timeout and add debug output Pawan Badganchi (1): python3: Fix CVE-2022-37454 Pawel Zalewski (1): classes/fs-uuid: Fix command output decoding issue Peter Kjellerstedt (2): externalsrc.bbclass: Remove a trailing slash from ${B} devshell: Do not add scripts/git-intercept to PATH Peter Marko (2): externalsrc: fix lookup for .gitmodules go: ignore CVE-2022-41716 Piotr Łobacz (1): systemd: fix wrong nobody-group assignment Qiu, Zheng (1): vim: upgrade 9.0.0820 -> 9.0.0947 Quentin Schulz (2): cairo: update patch for CVE-2019-6461 with upstream solution cairo: fix CVE patches assigned wrong CVE number Ralph Siemsen (11): golang: fix CVE-2021-33195 golang: fix CVE-2021-33198 golang: fix CVE-2021-44716 golang: fix CVE-2022-24291 golang: fix CVE-2022-28131 golang: fix CVE-2022-28327 golang: ignore CVE-2022-29804 golang: ignore CVE-2021-33194 golang: ignore CVE-2021-41772 golang: ignore CVE-2022-30580 golang: ignore CVE-2022-30630 Randy MacLeod (2): vim: upgrade 9.0.0947 -> 9.0.1211 vim: upgrade 9.0.1403 -> 9.0.1429 Ranjitsinh Rathod (3): expat: Fix CVE-2022-43680 for expat systemd: Fix CVE-2022-3821 issue libsdl2: Add fix for CVE-2022-4743 Ravula Adhitya Siddartha (1): linux-yocto/5.4: update genericx86* machines to v5.4.219 Richard Purdie (28): bitbake: tests/fetch: Allow handling of a file:// url within a submodule qemu: Avoid accidental librdmacm linkage build-appliance-image: Update to dunfell head revision bitbake: utils: Handle lockfile filenames that are too long for filesystems bitbake: utils: Fix lockfile path length issues build-appliance-image: Update to dunfell head revision oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() build-appliance-image: Update to dunfell head revision build-appliance-image: Update to dunfell head revision bitbake: runqueue: Fix multiconfig deferred task sstate validity caching issue bitbake: runqueue: Handle deferred task rehashing in multiconfig builds bitbake: runqueue: Improve multiconfig deferred task issues bitbake: runqueue: Avoid deadlock avoidance task graph corruption bitbake: runqueue: Fix issues with multiconfig deferred task deadlock messages bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig bitbake: cooker: Drop sre_constants usage nativesdk: Handle chown/chgrp calls in nativesdk do_install tasks make-mod-scripts: Ensure kernel build output is deterministic libc-locale: Fix on target locale generation apr: Fix to work with autoconf 2.70 apr-util: Fix CFLAGS used in build oeqa/selftest/prservice: Improve debug output for failure build-appliance-image: Update to dunfell head revision staging: Separate out different multiconfig manifests staging/multilib: Fix manifest corruption glibc: Add missing binutils dependency base-files: Drop localhost.localdomain from hosts file pybootchartui: Fix python syntax issue Riyaz Khan (1): rpm: Fix rpm CVE CVE-2021-3521 Robert Andersson (1): go-crosssdk: avoid host contamination by GOCACHE Rodolfo Quesada Zumbado (1): tar: CVE-2022-48303 Ross Burton (14): sanity: check for GNU tar specifically pixman: backport fix for CVE-2022-44638 lib/buildstats: fix parsing of trees with reduced_proc_pressure directories bitbake: bb/utils: include SSL certificate paths in export_proxies cve-update-db-native: add more logging when fetching cve-update-db-native: show IP on failure quilt: fix intermittent failure in faildiff.test quilt: use upstreamed faildiff.test fix git: ignore CVE-2022-41953 shadow: ignore CVE-2016-15024 vim: add missing pkgconfig inherit vim: upgrade to 9.0.1403 vim: set modified-by to the recipe MAINTAINER lib/resulttool: fix typo breaking resulttool log --ptest Shubham Kulkarni (5): glibc: Security fix for CVE-2023-0687 go-runtime: Security fix for CVE-2022-41723 go-runtime: Security fix for CVE-2022-41722 go: Security fix for CVE-2020-29510 go: Ignore CVE-2022-1705 Siddharth Doshi (1): harfbuzz: Security fix for CVE-2023-25193 Steve Sakoman (30): selftest: skip virgl test on ubuntu 22.04 qemu: Avoid accidental libvdeplug linkage qemu: Add PACKAGECONFIG for rbd devtool: add HostKeyAlgorithms option to ssh and scp commands selftest: skip virgl test on all Alma Linux documentation: update for 3.1.21 poky.conf: bump version for 3.1.21 maintainers: update gcc version to 9.5 documentation: update for 3.1.22 poky.conf: bump version for 3.1.22 ovmf: fix gcc12 warning in GenFfs ovmf: fix gcc12 warning in LzmaEnc ovmf: fix gcc12 warning for device path handling documentation: update for 3.1.23 python3: fix packaging of Windows distutils installer stubs lttng-modules: update 2.11.6 -> 2.11.7 lttng-modules: update 2.11.7 -> 2.11.8 lttng-modules: update 2.11.8 -> 2.11.9 lttng-modules: fix build with 5.4.229 kernel poky.conf: bump version for 3.1.23 poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder ref-system-requirements.rst: add Fedora 35, Fedora 36, and Ubuntu 22.04 to list of supported distros ref-system-requirements.rst: add AlmaLinux 8.7 to list of supported distros qemu: Fix slirp determinism issue documentation: update for 3.1.24 poky.conf: bump version for 3.1.24 bitbake: tests/fetch.py: fix link to project documentation documentation: update for 3.1.25 poky.conf: bump version for 3.1.25 build-appliance-image: Update to dunfell head revision Sundeep KOKKONDA (3): binutils: stable 2.34 branch updates glibc : stable 2.31 branch updates. gcc: upgrade to v9.5 Sunil Kumar (1): go: Security Fix for CVE-2022-2879 Teoh Jay Shen (1): vim: Upgrade 9.0.0598 -> 9.0.0614 Thomas Roos (1): devtool: fix devtool finish when gitmodules file is empty Tim Orling (2): python3: upgrade 3.8.13 -> 3.8.14 vim: upgrade 9.0.0614 -> 9.0.0820 Ulrich Ölmann (1): kernel-yocto: fix kernel-meta data detection Vijay Anusuri (4): git: Security fix for CVE-2022-41903 git: Security fix for CVE-2023-22490 and CVE-2023-23946 sudo: Security fix for CVE-2023-28486 and CVE-2023-28487 curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536 Virendra Thakur (2): gcc: Fix inconsistent noexcept specifier for valarray in libstdc++ qemu: Whitelist CVE-2023-0664 Vivek Kumbhar (13): curl: fix CVE-2022-32221 POST following PUT qemu: fix CVE-2021-3638 ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead to guest crash go: fix CVE-2022-41717 Excessive memory use in got server rsync: fix CVE-2022-29154 remote arbitrary files write inside the directories of connecting peers libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of xcb_disp.c qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data transfers go: fix CVE-2022-1962 go/parser stack exhaustion in all Parse* functions qemu: fix CVE-2021-3929 nvme DMA reentrancy issue leads to use-after-free gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code go: fix CVE-2023-24537 Infinite loop in parsing go: fix CVE-2023-24534 denial of service from excessive memory allocation Wang Mingyu (1): mobile-broadband-provider-info: upgrade 20220725 -> 20221107 Xiaobing Luo (1): devtool: Fix _copy_file() TypeError ciarancourtney (1): wic: swap partitions are not added to fstab jan (1): cve-update-db-native: Allow to overrule the URL in a bbappend. rajmohan r (1): systemd: Fix CVE-2023-26604 wangmy (1): dbus: upgrade 1.12.20 -> 1.12.22 meta-openembedded: 6792ebdd96..7007d14c25: Armin Kuster (1): mariadb: Update to latest lts 10.4.28 Chris Rogers (1): xterm: Remove undeclared variables introduced by backport Colin Finck (1): [dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools) Hitendra Prajapati (9): postgresql: CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relay nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ngx_http_mp4_module postgresql: Fix CVE-2022-2625 proftpd: CVE-2021-46854 memory disclosure to radius server net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing postgresql: CVE-2022-41862 Client memory disclosure when connecting with Kerberos to modified server syslog-ng: CVE-2022-38725 An integer overflow in the RFC3164 parser Ivan Stepic (1): flatbuffers: adapt for cross-compilation environments Mathieu Dubois-Briand (4): networkmanager: Update to 1.22.16 nss: Add missing CVE product nss: Whitelist CVEs related to libnssdbm nss: Fix CVE-2020-25648 Omkar Patil (1): ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3 Poonam Jadhav (4): nodejs: Fix CVE-2022-32212 nodejs: Fix CVE-2022-35255 nodejs: Fix CVE-2022-43548 nodejs: Fix CVEs for nodejs Priyal Doshi (1): open-vm-tools: Security fix for CVE-2022-31676 Ranjitsinh Rathod (1): strongswan: Fix CVE-2022-40617 Roger Knecht (1): zeromq: 4.3.2 -> 4.3.4 Shubham Kulkarni (1): python3-pillow: Security fix for CVE-2022-45198 Siddharth Doshi (1): xterm : Fix CVE-2022-45063 code execution via OSC 50 input sequences] CVE-2022-45063 Valeria Petrov (1): php: update 7.4.28 -> 7.4.33 Virendra Thakur (2): capnproto: Fix CVE-2022-46149 nss: Fix CVE CVE-2023-0767 Wang Mingyu (2): apache2: upgrade 2.4.54 -> 2.4.55 apache2: upgrade 2.4.55 -> 2.4.56 Yi Zhao (1): postfix: upgrade 3.4.23 -> 3.4.27 vkumbhar (2): dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 mariadb: fix CVE-2022-47015 NULL pointer dereference in spider_db_mbase::print_warnings() wangmy (1): apache2: upgrade 2.4.53 -> 2.4.54 meta-security: c62970fda8..eb631c12be: Hitendra Prajapati (1): sssd: CVE-2022-4254 libsss_certmap fails to sanitise certificate data used in LDAP filters Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I0ebec73eb7e68d1ca95866bc758e49990731c8bf
The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake \ rpcgen perl-Thread-Queue perl-bignum perl-Crypt-OpenSSL-Bignum sudo dnf groupinstall "C Development Tools and Libraries"
git clone git@github.com:openbmc/openbmc.git cd openbmc
Any build requires an environment variable known as TEMPLATECONF
to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample
. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet
Machine | TEMPLATECONF |
---|---|
Palmetto | meta-ibm/meta-palmetto/conf |
Zaius | meta-ingrasys/meta-zaius/conf |
Witherspoon | meta-ibm/meta-witherspoon/conf |
Romulus | meta-ibm/meta-romulus/conf |
As an example target Romulus
export TEMPLATECONF=meta-ibm/meta-romulus/conf
. openbmc-env bitbake obmc-phosphor-image
Additional details can be found in the docs repository.
The OpenBMC community maintains a set of tutorials new users can go through to get up to speed on OpenBMC development out here
Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check
directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.
Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.
Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.
Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.
Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.
First, please do a search on the internet. There's a good chance your question has already been asked.
For general questions, please use the openbmc tag on Stack Overflow. Please review the discussion on Stack Overflow licensing before posting any code.
For technical discussions, please see contact info below for IRC and mailing list information. Please don't file an issue to ask a question. You'll get faster results by using the mailing list or IRC.
Feature List
Features In Progress
Features Requested but need help
Dive deeper into OpenBMC by opening the docs repository.
The Technical Steering Committee (TSC) guides the project. Members are: