subtree updates
meta-arm: 0164b4ca7a..13199c55c0:
Adam Johnston (1):
arm-bsp/linux-yocto: Upgrade kernel to v5.19 for N1SDP
Anton Antonov (4):
meta-arm/trusted-services: Use GCC toolchain for specific TS recipes only.
arm/trusted-services: Remove patches merged upstream
arm/trusted-services: Remove remaining patches merged upstream
arm/trusted-services: include documentation
Davidson K (1):
arm-bsp/linux-arm64-ack: make it compatible with gcc-12 for TC
Emekcan (2):
arm-bsp/linux-yocto: update RPMSG_CTRL config for corstone1000
arm-bsp/kernel: Fix TEE driver bug for corstone1000
Jon Mason (3):
CI: trusted services as a feature instead of a machine
CI: cleanups for targets and removed tests
arm-bsp: zephyr removal
Peter Hoyes (1):
arm/lib: Do not log FVP return codes < 0
Ross Burton (2):
arm/optee-spdevkit: remove
CI: restrict compression threading
Rui Miguel Silva (1):
arm-bsp/corstone1000: bump kernel version to 5.19
Rupinderjit Singh (1):
arm: update Android common kernel
Satish Kumar (4):
arm-bsp/u-boot: corstone1000: esrt support
arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA
arm-bsp/trusted-firmware-m: corstone1000: fix sournce dir of libmetal and openamp
arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto
Sumit Garg (2):
arm-toolchain: update Arm GCC to 11.3
external-arm-toolchain: Enable 11.3.rel1 support
Vishnu Banavath (1):
arm-bsp/corstone500: upgrade kernel to v5.19
meta-raspberrypi: 45d56d82b7..fc5f80a47e:
Devendra Tewari (3):
rpi-cmdline: Leave cma value to kernel default
libcamera: Tweak to build for Raspberry Pi
rpi-libcamera-apps: add new recipe
Martin Jansa (1):
lirc: rename bbappend to match 0.10.%
Zygmunt Krynicki (2):
ci: fix typo: unconditionally
ci: fix apparent typo in file patterns
meta-openembedded: ce0b93fc12..6529e5f963:
Alexander Kanavin (3):
python3-cchardet: depend on cython
python3-gevent: make compatible with python 3.11
python3-pybluez: add python 3.11 patch
Anuj Mittal (1):
opencv: fix reproducibility issues
Devendra Tewari (2):
libcamera: Bump SRCREV and add libyaml to DEPENDS
libcamera: Remove boost from DEPENDS
Fabio Estevam (1):
spice: Include aarch64 to COMPATIBLE_HOST
Federico Pellegrin (2):
chrony: add pkgconfig class as pkg-config is explicitly searched for
chrony: correct parameter to configure to disable readline usage
Hao Jiang (1):
mctp: install the .target files
Jiaqing Zhao (1):
openldap: Upgrade 2.5.12 -> 2.5.13
Khem Raj (2):
open62541: Disable lto on riscv/clang
python3-gevent: Upgrade to 22.8.0
Leon Anavi (10):
python3-networkx: Upgrade 2.8.6 -> 2.8.7
python3-coverage: Upgrade 6.4.4 -> 6.5.0
python3-rdflib: Upgrade 6.1.1 -> 6.2.0
python3-tabulate: Upgrade 0.8.10 -> 0.9.0
python3-imageio: Upgrade 2.22.0 -> 2.22.1
python3-astroid: Upgrade 2.12.10 -> 2.12.11
python3-jsonref: Upgrade 0.2 -> 0.3.0
python3-sentry-sdk: Upgrade 1.5.12 -> 1.9.10
python3-greenlet: Upgrade 1.1.3 -> 1.1.3.post0
python3-xmltodict: Upgrade 0.12.0 -> 0.13.0
Markus Volk (2):
blueman: upgrade 2.2.4 -> 2.3.2
gtkmm3: upgrade 3.24.5 -> 3.24.7
Martin Jansa (2):
re2: fix branch name from master to main
jack: fix compatibility with python-3.11
Mathieu Dubois-Briand (3):
mbedtls: Fix CVE product name
mbedtls: Update to 2.28.1 version
mbedtls: Whitelist CVE-2021-43666, CVE-2021-45451
Matthias Klein (1):
paho-mqtt-c: upgrade 1.3.10 -> 1.3.11
Michael Opdenacker (1):
tio: correct license information
Mingli Yu (1):
mariadb: not use qemu to run cross-compiled binaries
S. Lockwood-Childs (1):
x265: support aarch64
Thomas Perrot (1):
spitools: remove unused BPV variable
Vyacheslav Yurkov (1):
opcua: Add new recipe
Wang Mingyu (20):
ctags: upgrade 5.9.20220925.0 -> 5.9.20221002.0
dnfdragora: upgrade 2.1.2 -> 2.1.3
dool: upgrade 1.0.0 -> 1.1.0
freeglut: upgrade 3.2.1 -> 3.4.0
gspell: upgrade 1.11.1 -> 1.12.0
hwdata: upgrade 0.362 -> 0.363
iperf3: upgrade 3.11 -> 3.12
libnet-dns-perl: upgrade 1.34 -> 1.35
lirc: upgrade 0.10.1 -> 0.10.2
metacity: upgrade 3.44.0 -> 3.46.0
flatbuffers: upgrade 2.0.8 -> 22.9.29
opencl-headers: upgrade 2022.09.23 -> 2022.09.30
php: upgrade 8.1.10 -> 8.1.11
poppler: upgrade 22.09.0 -> 22.10.0
xfstests: upgrade 2022.09.04 -> 2022.09.25
links: upgrade 2.27 -> 2.28
st: upgrade 0.8.5 -> 0.9
python3-requests-toolbelt: upgrade 0.9.1 -> 0.10.0
Add nativesdk-systemd-systemctl as dependency of dnf-plugin-tui
dnf-plugin-tui: Add nativesdk
Yi Zhao (4):
strongswan: upgrade 5.9.7 -> 5.9.8
open-vm-tools: upgrade 11.3.5 -> 12.1.0
dhcp-relay: upgrade 4.4.3 -> 4.4.3-P1
frr: Security fix CVE-2022-37032
zhengrq.fnst (5):
python3-protobuf: upgrade 4.21.6 -> 4.21.7
stunnel: upgrade 5.65 -> 5.66
python3-web3: upgrade 5.31.0 -> 5.31.1
wolfssl: upgrade 5.5.0 -> 5.5.1
python3-xmlschema: upgrade 2.1.0 -> 2.1.1
meta-security: 824d2762f6..e8e7318189:
Armin Kuster (3):
apparmor: update to 3.0.7
libgssglue: update to 0.7
cryptmount: update to 6.0
Michael Haener (1):
tpm: update the linux-yocto rule with the one from sanity-meta-tpm class
poky: 5200799866..3e5faccfaf:
Johan Korsnes (1):
migration guides: 3.4: remove spurious space in example
Lee Chee Yang (1):
migration guides: add release notes for 4.0.4
Michael Opdenacker (35):
manuals: improve initramfs details
manuals: add references to the "do_fetch" task
manuals: add reference to the "do_install" task
manuals: add references to the "do_build" task
manuals: add reference to "do_configure" task
manuals: add reference to the "do_compile" task
manuals: add references to the "do_deploy" task
manuals: add references to the "do_image" task
manuals: add references to the "do_package" task
manuals: add references to the "do_package_qa" task
overview-manual: concepts.rst: add reference to "do_packagedata" task
manuals: add references to the "do_patch" task
manuals: add references to "do_package_write_*" tasks
ref-manual: variables.rst: add reference to "do_populate_lic" task
manuals: add reference to the "do_populate_sdk" task
overview-manual: concepts.rst: add reference to "do_populate_sdk_ext" task
manuals: add references to "do_populate_sysroot" task
manuals: add references to the "do_unpack" task
dev-manual: common-tasks.rst: add reference to "do_clean" task
manuals: add references to the "do_cleanall" task
ref-manual: tasks.rst: add references to the "do_cleansstate" task
manuals: add references to the "do_devshell" task
dev-manual: common-tasks.rst: add reference to "do_listtasks" task
manuals: add references to the "do_bundle_initramfs" task
manuals: add references to the "do_rootfs" task
ref-manual: tasks.rst: add reference to the "do_kernel_checkout" task
manuals: add reference to the "do_kernel_configcheck" task
manuals: add references to the "do_kernel_configme" task
ref-manual: tasks.rst: add reference to the "do_kernel_metadata" task
migration-guides: add reference to the "do_shared_workdir" task
ref-manual: tasks.rst: add reference to the "do_validate_branches" task
ref-manual: tasks.rst: add reference to the "do_image_complete" task
ref-manual: system-requirements: Ubuntu 22.04 now supported
overview-manual: concepts.rst: fix formating and add references
ref-manual/faq.rst: update references to products built with OE / Yocto Project
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I14d679e25bd1c7545bc2d0f545f876aeb0a333b4
diff --git a/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.13.bb b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.13.bb
new file mode 100644
index 0000000..b117677
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/openldap/openldap_2.5.13.bb
@@ -0,0 +1,238 @@
+SUMMARY = "OpenLDAP Directory Service"
+DESCRIPTION = "OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol."
+HOMEPAGE = "http://www.OpenLDAP.org/license.html"
+# The OpenLDAP Public License - see the HOMEPAGE - defines
+# the license. www.openldap.org claims this is Open Source
+# (see http://www.openldap.org), the license appears to be
+# basically BSD. opensource.org does not record this license
+# at present (so it is apparently not OSI certified).
+LICENSE = "OpenLDAP"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=beceb5ac7100b6430640c61655b25c1f \
+ file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \
+ "
+SECTION = "libs"
+
+LDAP_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
+
+SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/${BP}.tgz \
+ file://initscript \
+ file://slapd.service \
+ file://remove-user-host-pwd-from-version.patch \
+ file://0001-build-top.mk-unset-STRIP_OPTS.patch \
+ file://0001-configure-Pass-pthread_t-to-pthread_detach.patch \
+"
+
+SRC_URI[sha256sum] = "ee3c430c4ef7b87c57b622108c7339376d6c27fbbf2767770be3de1df63d008c"
+
+DEPENDS = "util-linux groff-native"
+
+inherit autotools-brokensep update-rc.d systemd pkgconfig
+
+# CV SETTINGS
+# Required to work round AC_FUNC_MEMCMP which gets the wrong answer
+# when cross compiling (should be in site?)
+EXTRA_OECONF += "ac_cv_func_memcmp_working=yes"
+
+# CONFIG DEFINITIONS
+# The following is necessary because it cannot be determined for a
+# cross compile automagically. Select should yield fine on all OE
+# systems...
+EXTRA_OECONF += "--with-yielding-select=yes"
+# Shared libraries are nice...
+EXTRA_OECONF += "--enable-dynamic"
+
+PACKAGECONFIG ??= "asyncmeta gnutls modules \
+ mdb ldap meta null passwd proxycache dnssrv \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+#--with-tls with TLS/SSL support auto|openssl|gnutls [auto]
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls"
+PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
+
+PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"
+PACKAGECONFIG[modules] = "lt_cv_dlopen_self=yes --enable-modules,--disable-modules,libtool"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6"
+
+# SLAPD options
+#
+# UNIX crypt(3) passwd support:
+EXTRA_OECONF += "--enable-crypt"
+
+# SLAPD BACKEND
+#
+# The backend must be set by the configuration. This controls the
+# required database.
+#
+# Backends="asyncmeta dnssrv ldap mdb meta ndb null passwd perl relay sock sql wt"
+#
+# Note that multiple backends can be built. The ldbm backend requires a
+# build-time choice of database API. To use the gdbm (or other) API the
+# Berkely database module must be removed from the build.
+md = "${libexecdir}/openldap"
+#
+
+#--enable-asyncmeta enable asyncmeta backend no|yes|mod no
+PACKAGECONFIG[asyncmeta] = "--enable-asyncmeta=mod,--enable-asyncmeta=no"
+
+#--enable-dnssrv enable dnssrv backend no|yes|mod no
+PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no"
+
+#--enable-ldap enable ldap backend no|yes|mod no
+PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no,"
+
+#--enable-mdb enable mdb database backend no|yes|mod [yes]
+PACKAGECONFIG[mdb] = "--enable-mdb=yes,--enable-mdb=no,"
+
+#--enable-meta enable metadirectory backend no|yes|mod no
+PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no,"
+
+#--enable-ndb enable MySQL NDB Cluster backend no|yes|mod [no]
+PACKAGECONFIG[ndb] = "--enable-ndb=mod,--enable-ndb=no,"
+
+#--enable-null enable null backend no|yes|mod no
+PACKAGECONFIG[null] = "--enable-null=mod,--enable-null=no,"
+
+#--enable-passwd enable passwd backend no|yes|mod no
+PACKAGECONFIG[passwd] = "--enable-passwd=mod,--enable-passwd=no,"
+
+#--enable-perl enable perl backend no|yes|mod no
+# This requires a loadable perl dynamic library, if enabled without
+# doing something appropriate (building perl?) the build will pick
+# up the build machine perl - not good (inherit perlnative?)
+PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl"
+
+#--enable-relay enable relay backend no|yes|mod [yes]
+PACKAGECONFIG[relay] = "--enable-relay=mod,--enable-relay=no,"
+
+#--enable-sock enable sock backend no|yes|mod [no]
+PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"
+
+#--enable-sql enable sql backend no|yes|mod no
+# sql requires some sql backend which provides sql.h, sqlite* provides
+# sqlite.h (which may be compatible but hasn't been tried.)
+PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3"
+
+#--enable-wt enable wt backend no|yes|mod no
+# back-wt is marked currently as experimental
+PACKAGECONFIG[wt] = "--enable-wt=mod,--enable-wt=no"
+
+#--enable-dyngroup Dynamic Group overlay no|yes|mod no
+# This is a demo, Proxy Cache defines init_module which conflicts with the
+# same symbol in dyngroup
+PACKAGECONFIG[dyngroup] = "--enable-dyngroup=mod,--enable-dyngroup=no,"
+
+#--enable-proxycache Proxy Cache overlay no|yes|mod no
+PACKAGECONFIG[proxycache] = "--enable-proxycache=mod,--enable-proxycache=no,"
+FILES:${PN}-overlay-proxycache = "${md}/pcache-*.so.*"
+PACKAGES += "${PN}-overlay-proxycache"
+
+# Append URANDOM_DEVICE='/dev/urandom' to CPPFLAGS:
+# This allows tls to obtain random bits from /dev/urandom, by default
+# it was disabled for cross-compiling.
+CPPFLAGS:append = " -D_GNU_SOURCE -DURANDOM_DEVICE=\\"/dev/urandom\\" -fPIC"
+
+LDFLAGS:append = " -pthread"
+
+do_configure() {
+ rm -f ${S}/libtool
+ aclocal
+ libtoolize --force --copy
+ gnu-configize
+ cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/ltmain.sh ${S}/build
+ cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/missing ${S}/build
+ cp ${STAGING_DATADIR_NATIVE}/libtool/build-aux/compile ${S}/build
+ autoconf
+ oe_runconf
+}
+
+LEAD_SONAME = "libldap-${LDAP_VER}.so.*"
+
+# The executables go in a separate package. This allows the
+# installation of the libraries with no daemon support.
+# Each module also has its own package - see above.
+PACKAGES += "${PN}-slapd ${PN}-slurpd ${PN}-bin"
+
+# Package contents - shift most standard contents to -bin
+FILES:${PN} = "${libdir}/lib*.so.* ${sysconfdir}/openldap/ldap.* ${localstatedir}/${BPN}/data"
+FILES:${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${localstatedir}/run ${localstatedir}/volatile/run \
+ ${sysconfdir}/openldap/slapd.* ${sysconfdir}/openldap/schema \
+ ${sysconfdir}/openldap/DB_CONFIG.example ${systemd_unitdir}/system/*"
+FILES:${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp"
+FILES:${PN}-bin = "${bindir}"
+FILES:${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so ${libdir}/pkgconfig/*.pc"
+FILES:${PN}-dbg += "${libexecdir}/openldap/.debug"
+
+do_install:append() {
+ install -d ${D}${sysconfdir}/init.d
+ cat ${WORKDIR}/initscript > ${D}${sysconfdir}/init.d/openldap
+ chmod 755 ${D}${sysconfdir}/init.d/openldap
+ # This is duplicated in /etc/openldap and is for slapd
+ rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example
+
+ # Installing slapd under ${sbin} is more FHS and LSB compliance
+ mv ${D}${libexecdir}/slapd ${D}/${sbindir}/slapd
+ rmdir --ignore-fail-on-non-empty ${D}${libexecdir}
+ SLAPTOOLS="slapadd slapcat slapdn slapindex slappasswd slaptest slapauth slapacl slapschema slapmodify"
+ cd ${D}/${sbindir}/
+ rm -f ${SLAPTOOLS}
+ for i in ${SLAPTOOLS}; do ln -sf slapd $i; done
+
+ rmdir "${D}${localstatedir}/run"
+ rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+
+ install -d ${D}${systemd_unitdir}/system/
+ install -m 0644 ${WORKDIR}/slapd.service ${D}${systemd_unitdir}/system/
+ sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/*.service
+
+ # Uses mdm as the database
+ # and localstatedir as data directory ...
+ sed -e 's/# modulepath/modulepath/' \
+ -e 's/# moduleload\s*back_bdb.*/moduleload back_mdb/' \
+ -e 's/database\s*bdb/database mdb/' \
+ -e 's%^directory\s*.*%directory ${localstatedir}/${BPN}/data/%' \
+ -i ${D}${sysconfdir}/openldap/slapd.conf
+
+ mkdir -p ${D}${localstatedir}/${BPN}/data
+}
+
+INITSCRIPT_PACKAGES = "${PN}-slapd"
+INITSCRIPT_NAME:${PN}-slapd = "openldap"
+INITSCRIPT_PARAMS:${PN}-slapd = "defaults"
+SYSTEMD_PACKAGES = "${PN}-slapd"
+SYSTEMD_SERVICE:${PN}-slapd = "slapd.service"
+SYSTEMD_AUTO_ENABLE:${PN}-slapd ?= "disable"
+
+PACKAGES_DYNAMIC += "^${PN}-backends.* ^${PN}-backend-.*"
+
+# The modules require their .so to be dynamicaly loaded
+INSANE_SKIP:${PN}-backend-asyncmeta += "dev-so"
+INSANE_SKIP:${PN}-backend-dnssrv += "dev-so"
+INSANE_SKIP:${PN}-backend-ldap += "dev-so"
+INSANE_SKIP:${PN}-backend-meta += "dev-so"
+INSANE_SKIP:${PN}-backend-mdb += "dev-so"
+INSANE_SKIP:${PN}-backend-null += "dev-so"
+INSANE_SKIP:${PN}-backend-passwd += "dev-so"
+
+python populate_packages:prepend () {
+ backend_dir = d.expand('${libexecdir}/openldap')
+ do_split_packages(d, backend_dir, r'back_([a-z]*)\.so$', 'openldap-backend-%s', 'OpenLDAP %s backend', prepend=True, extra_depends='', allow_links=True)
+ do_split_packages(d, backend_dir, r'back_([a-z]*)\-.*\.so\..*$', 'openldap-backend-%s', 'OpenLDAP %s backend', extra_depends='', allow_links=True)
+
+ metapkg = "${PN}-backends"
+ d.setVar('ALLOW_EMPTY:' + metapkg, "1")
+ d.setVar('FILES:' + metapkg, "")
+ metapkg_rdepends = []
+ packages = d.getVar('PACKAGES').split()
+ for pkg in packages[1:]:
+ if pkg.count("openldap-backend-") and not pkg in metapkg_rdepends and not pkg.count("-dev") and not pkg.count("-dbg") and not pkg.count("static") and not pkg.count("locale"):
+ metapkg_rdepends.append(pkg)
+ d.setVar('RDEPENDS:' + metapkg, ' '.join(metapkg_rdepends))
+ d.setVar('DESCRIPTION:' + metapkg, 'OpenLDAP backends meta package')
+ packages.append(metapkg)
+ d.setVar('PACKAGES', ' '.join(packages))
+}
+
+BBCLASSEXTEND = "native"
+
+# CVE-2015-3276 has no target code.
+CVE_CHECK_IGNORE += "CVE-2015-3276"