subtree updates
meta-security: 93f2146211..7628a3e90b:
Anton Antonov (3):
Parsec-service: Update installation procedure
Parsec-service: Fix arm32 build
meta-parsec: Update Parsec runtime tests
Armin Kuster (20):
fscrypt: add distro_check on pam
meta-security: move perl and python recipes to dynamic layers structure
packagegroup-core-security: remove pkgs
packagegroup-core-security: add perl pkgs grps
packagegroup-core-security: add dynamic python pkgs
arpwatch: add postfix to pkg config
suricata: drop nfnetlink from pkg config
packagegroup-core-security.bb: fix suricata inclusion
layer.conf: fix up layer dependancies.
ima-evm-utils: Update to 1.4
aide: Update 01.17.4
ossec-hids: update to 3.7.0
suricata: update to 5.0.5
samhain: update to 4.4.9
tpm2-pkcs11: tpm2-pkcs11 module missing
tpm2-tools: Add missing rdepends
oeqa/cases/tpm2: fix and enhance test suite
meta-parsec: Add pkg grps
meta-parsec: add build image.
oeqa: add parsec runtime tests
Jeremy A. Puhlman (2):
aide: Add depend on audit when audit is enabled.
lib-perl: prefix man pages to avoid conflicting with base perl
Josh Harley (1):
Add EROFS support to dm-verity-img class
Lei Maohui (1):
layer.conf: Added BBFILES_DYNAMIC for dynamic-layers.
meta-openembedded: 77c2fda04e..a9e6d16e66:
Alejandro Enedino Hernandez Samaniego (1):
cryptsetup: Add luks2 configure options defaults
Alex Kiernan (2):
ulogd2: Add recipe
libcoap: Add recipe
Armin Kuster (13):
meta-python-image: Fix build depends
crda: move to a dynamic-layer for python
cyrus-sasl: move from meta-networking to meta-oe
netplan: move from meta-networking to meta-oe
nvmetcli: move recipe to meta-oe
packagegroup-meta-oe: update pkg group
python3-ldap: move to meta-python
packagegroup-meta-python.bb: update pkg group
firewalld: move to dynamic meta-python layer
packagegroup-meta-networking: update pkg group
meta-networking: drop meta-python layer depends
meta-gnome: fix layer depends.
layer.conf: Post release codename changes
Bartosz Golaszewski (19):
python3-pyfanotify: new package
python3-toolz: new package
python3-cytoolz: new package
python3-decouple: new package
python3-eth-hash: new package
python3-eth-typing: new package
python3-eth-utils: new package
python3-eth-keys: new package
python3-eth-keyfile: new package
python3-hexbytes: new package
python3-rlp: new package
python3-eth-rlp: new package
python3-parsimonious: new package
python3-eth-abi: new package
python3-eth-account: new package
python3-lru-dict: new package
python3-web3: new package
python3-inotify: new package
speedtest-cli: drop the recipe
Changqing Li (1):
zabbix: upgrade 5.2.6 -> 6.0.4
Chase Qi (1):
kernel-selftest: install kselftest runner
Claudius Heine (1):
btrfsmaintenance: add recipe for btrfsmaintenance scripts
Denys Dmytriyenko (2):
devmem2: reinstate previous patches, removed by mistake
devmem2: add support for different page sizes
Diego Sueiro (1):
bats: upgrade 1.6.0 -> 1.6.1
Gianfranco (3):
sdbus-c++-libsystemd: Bump SRCREV to last commit of 250-stable branch
sdbus-c++: Bump version from 1.00 to 1.1.0
libmtp: Add doxygen-native dependency in case documentation build is enabled in PACKAGECONFIG. This fixes a FTBFS due to missing dependency.
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.32 -> 6.1.34
Jiaqing Zhao (2):
openldap: Remove libgcrypt dependency
openldap: Upgrade 2.5.9 -> 2.5.12
Joerg Vehlow (1):
jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF
Julien STEPHAN (1):
libcamera: fix packaging
Kai Kang (3):
conntrack-tools: fix postinst script
wxwidgets: enable to use private fonts
python3-wxgtk4: backport patch to fix svg issue
Khem Raj (12):
ufw: Fix packaging errors found with ppc64
libcereal: Enable for glibc/ppc
mimic: Use special rateconv.c license
makedumpfile: Use right TARGET for ppc32
evince: Add dbus to depnedencies on non-x11 builds
evolution-data-server: Do not pass --library-path to gir compiler
python3-wxgtk4: Needs x11 for sip module
zfs: Fix build on musl systems
zfs: Disable on riscv32
zfs: Disable on mips
zfs: Make systemd and sysvinit into packageconfigs
sdbus-c++: Link with libatomic on mips/ppc32
Markus Volk (1):
minidlna: fix obsolete license warning
Martin Jansa (1):
ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay
Michael Opdenacker (1):
devmem2: update SRC_URI according to redirect
Mingli Yu (1):
s-nail: Set VAL_MTA
Nicolas Dechesne (1):
imlib2: update SRC_URI
Peter Kjellerstedt (1):
libwebsockets: Avoid absolute paths in *.cmake files in the sysroot
Portia (1):
cpulimit: introduce support for this package
Randy MacLeod (1):
intel-speed-select: Add libnl dependency and extend CFLAGS
Richard Neill (1):
bats: Add patch to fix false-negatives caused by teardown code
Ross Burton (1):
Revert "python3-cbor2: upgrade 5.4.2 -> 5.4.3"
Samuli Piippo (1):
python3-qface: upgrade 2.0.7 -> 2.0.8
Teresa Remmet (1):
meta-networking: Add meta-python to BBFILES_DYNAMIC
Vyacheslav Yurkov (1):
polkit: add udisks2 rule
Windel Bouwman (1):
Add zfs recipe
Xu Huan (17):
python3-astroid: upgrade 2.11.2 -> 2.11.3
python3-bitstruct: upgrade 8.14.0 -> 8.14.1
python3-cachecontrol: upgrade 0.12.10 -> 0.12.11
python3-engineio: upgrade 4.3.1 -> 4.3.2
python3-flask-socketio: upgrade 5.1.1 -> 5.1.2
python3-google-api-python-client: upgrade 2.43.0 -> 2.45.0
python3-graphviz: upgrade 0.19.2 -> 0.20
python3-cbor2: upgrade 5.4.2 -> 5.4.3
python3-click: upgrade 8.1.2 -> 8.1.3
python3-flask-login: upgrade 0.6.0 -> 0.6.1
python3-flask: upgrade 2.1.1 -> 2.1.2
python3-google-api-core: upgrade 2.7.1 -> 2.7.3
python3-google-auth: upgrade 2.6.3 -> 2.6.6
python3-mypy: upgrade 0.942 -> 0.950
python3-pyalsaaudio: upgrade 0.9.0 -> 0.9.2
python3-grpcio-tools: upgrade 1.45.0 -> 1.46.0
python3-pychromecast: upgrade 11.0.0 -> 12.1.1
Yi Zhao (1):
networkmanager: fix parallel build failure
wangmy (41):
python3-sentry-sdk: upgrade 1.5.8 -> 1.5.10
python3-socketio: upgrade 5.5.2 -> 5.6.0
python3-textparser: upgrade 0.23.0 -> 0.24.0
python3-twisted: upgrade 22.2.0 -> 22.4.0
python3-websockets: upgrade 10.2 -> 10.3
fuse3: upgrade 3.10.5 -> 3.11.0
zenity: upgrade 3.42.0 -> 3.42.1
babeld: upgrade 1.11 -> 1.12
cifs-utils: upgrade 6.14 -> 6.15
nbdkit: upgrade 1.31.1 -> 1.31.2
stunnel: upgrade 5.63 -> 5.64
tgt: upgrade 1.0.79 -> 1.0.82
wolfssl: upgrade 5.2.0 -> 5.3.0
ctags: upgrade 5.9.20220417.0 -> 5.9.20220501.0
freerdp: upgrade 2.6.1 -> 2.7.0
fwupd-efi: upgrade 1.2 -> 1.3
htop: upgrade 3.1.2 -> 3.2.0
hwdata: upgrade 0.358 -> 0.359
icewm: upgrade 2.9.6 -> 2.9.7
iwd: upgrade 1.26 -> 1.27
jemalloc: upgrade 5.2.1 -> 5.3.0
libmbim: upgrade 1.26.2 -> 1.26.4
libyang: upgrade 2.0.164 -> 2.0.194
nano: upgrade 6.2 -> 6.3
phoronix-test-suite: upgrade 10.8.2 -> 10.8.3
php: upgrade 8.1.4 -> 8.1.5
pkcs11-helper: upgrade 1.28.0 -> 1.29.0
poppler: upgrade 22.04.0 -> 22.05.0
toybox: upgrade 0.8.6 -> 0.8.7
unixodbc: upgrade 2.3.9 -> 2.3.11
xmlsec1: upgrade 1.2.33 -> 1.2.34
gtk4: upgrade 4.6.3 -> 4.6.4
nbdkit: upgrade 1.31.2 -> 1.31.5
ctags: upgrade 5.9.20220501.0 -> 5.9.20220508.0
openjpeg: upgrade 2.4.0 -> 2.5.0
php: upgrade 8.1.5 -> 8.1.6
postgresql: upgrade 14.2 -> 14.3
phpmyadmin: upgrade 5.1.3 -> 5.2.0
python3-aiohue: upgrade 3.0.11 -> 4.4.1
python3-awesomeversion : add recipe
python3-traitlets: upgrade 5.1.1 -> 5.2.0
zhengrq.fnst (12):
glibmm-2.68: upgrade 2.70.0 -> 2.72.1
gnome-text-editor: upgrade 42.0 -> 42.1
apitrace: upgrade 10.0 -> 11.0
libconfig-general-perl: upgrade 2.63 -> 2.65
gpsd: upgrade 3.23.1 -> 3.24
mbw: upgrade 1.4 -> 1.5
gtk4: upgrade 4.6.2 -> 4.6.3
python3-antlr4-runtime: upgrade 4.9.2 -> 4.10
python3-booleanpy: upgrade 3.8 -> 4.0
python3-pika: upgrade 1.2.0 -> 1.2.1
python3-autobahn: upgrade 22.3.2 -> 22.4.2
python3-bitarray: upgrade 2.4.1 -> 2.5.0
zhengruoqin (7):
python3-imageio: upgrade 2.17.0 -> 2.18.0
python3-langtable: upgrade 0.0.57 -> 0.0.58
python3-paramiko: upgrade 2.10.3 -> 2.10.4
python3-protobuf: upgrade 3.20.0 -> 3.20.1
python3-pylint: upgrade 2.13.5 -> 2.13.7
python3-pymongo: upgrade 4.1.0 -> 4.1.1
python3-regex: upgrade 2022.3.15 -> 2022.4.24
poky: 9e55696042..13d70e57f8:
Alex Kiernan (7):
eudev: Upgrade 3.2.10 -> 3.2.11
eudev: Add PACKAGECONFIG for manpages & selinux
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
openssh: Add openssh-sftp-server to openssh RDEPENDS
eudev: Convert dependencies to PACKAGECONFIG
eudev: Cleanup redundant configuration
eudev: Use PACKAGE_BEFORE_PN/${PN}, clean up spaces
Alexander Kanavin (106):
systemd: upgrade 250.4 -> 250.5
python3-cryptography: upgrade 36.0.2 -> 37.0.1
util-linux: upgrade 2.37.4 -> 2.38
vulkan: upgrade 1.3.204.1 -> 1.3.211.0
libnl: upgrade 3.5.0 -> 3.6.0
libsdl2: upgrade 2.0.20 -> 2.0.22
mesa: upgrade 22.0.0 -> 22.0.2
python3-babel: upgrade 2.9.1 -> 2.10.1
python3-mako: upgrade 1.1.6 -> 1.2.0
python3-pygments: upgrade 2.11.2 -> 2.12.0
at-spi2-core: upgrade 2.44.0 -> 2.44.1
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
diffoscope: upgrade 208 -> 211
dnf: upgrade 4.11.1 -> 4.12.0
ell: upgrade 0.49 -> 0.50
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
harfbuzz: upgrade 4.2.0 -> 4.2.1
libinput: upgrade 1.19.3 -> 1.19.4
libmnl: upgrade 1.0.4 -> 1.0.5
libnotify: upgrade 0.7.9 -> 0.7.11
libpipeline: upgrade 1.5.5 -> 1.5.6
libseccomp: upgrade 2.5.3 -> 2.5.4
libx11: upgrade 1.7.5 -> 1.8
lttng-tools: upgrade 2.13.4 -> 2.13.7
mmc-utils: upgrade to latest revision
neard: upgrade 0.16 -> 0.18
pango: upgrade 1.50.6 -> 1.50.7
parted: upgrade 3.4 -> 3.5
piglit: upgrade to latest revision
python3-cryptography-vectors: upgrade 36.0.2 -> 37.0.1
python3-dtschema: upgrade 2022.1 -> 2022.4
python3-hypothesis: upgrade 6.44.0 -> 6.46.0
python3-jinja2: upgrade 3.1.1 -> 3.1.2
python3-pygobject: upgrade 3.42.0 -> 3.42.1
python3-pytest: upgrade 7.1.1 -> 7.1.2
repo: upgrade 2.23 -> 2.24.1
sqlite3: upgrade 3.38.2 -> 3.38.3
vala: upgrade 0.56.0 -> 0.56.1
vte: upgrade 0.66.2 -> 0.68.0
webkitgtk: upgrade 2.36.0 -> 2.36.1
xorgproto: upgrade 2021.5 -> 2022.1
xwayland: upgrade 22.1.0 -> 22.1.1
sysvinit: update 3.02 -> 3.04
pciutils: update 3.7.0 -> 3.8.0
elfutils: update 0.186 -> 0.187
git: update 2.35.3 -> 2.36.0
libdnf: update 0.66.0 -> 0.67.0
llvm: update 14.0.1 -> 14.0.3
rsync: update 3.2.3 -> 3.2.4
lsof: update 4.94.0 -> 4.95.0
libhandy: update 1.5.0 -> 1.6.2
librsvg: update 2.54.0 -> 2.54.1
xauth: update 1.1.1 -> 1.1.2
gnupg: update 2.3.4 -> 2.3.6
qemu: update 6.2.0 -> 7.0.0
stress-ng: disable apparmor from the correct spot
coreutils: update 9.0 -> 9.1
python3-setuptools: upgrade 59.5.0 -> 62.3.1
go: upgrade 1.18.1 -> 1.18.2
iptables: upgrade 1.8.7 -> 1.8.8
gnu-config: update to latest version
u-boot: upgrade 2022.01 -> 2022.04
python3-pip: update 22.0.4 -> 22.1
libxcb: update 1.14 -> 1.15
xcb-proto: upgrade 1.14.1 -> 1.15
systemtap: update 4.6 -> 4.7
vulkan-samples: update to latest revision
curl: upgrade 7.83.0 -> 7.83.1
diffoscope: upgrade 211 -> 212
git: upgrade 2.36.0 -> 2.36.1
gnutls: upgrade 3.7.4 -> 3.7.5
gst-devtools: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
gstreamer1.0: upgrade 1.20.1 -> 1.20.2
gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
libcgroup: upgrade 2.0.1 -> 2.0.2
libnotify: upgrade 0.7.11 -> 0.7.12
librsvg: upgrade 2.54.1 -> 2.54.3
mesa: upgrade 22.0.2 -> 22.0.3
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
piglit: upgrade to latest revision
psmisc: upgrade 23.4 -> 23.5
python3-bcrypt: upgrade 3.2.0 -> 3.2.2
python3-cryptography: upgrade 37.0.1 -> 37.0.2
python3-cryptography-vectors: upgrade 37.0.1 -> 37.0.2
python3-hypothesis: upgrade 6.46.0 -> 6.46.4
python3-jsonschema: upgrade 4.4.0 -> 4.5.1
python3-markdown: upgrade 3.3.6 -> 3.3.7
python3-more-itertools: upgrade 8.12.0 -> 8.13.0
python3-pbr: upgrade 5.8.1 -> 5.9.0
python3-pyparsing: upgrade 3.0.8 -> 3.0.9
repo: upgrade 2.24.1 -> 2.25
sqlite3: upgrade 3.38.3 -> 3.38.5
stress-ng: upgrade 0.14.00 -> 0.14.01
python3-setuptools-rust: update 1.1.2 -> 1.3.0
python3: use built-in distutils for ptest, rather than setuptools' 'fork'
Andrej Valek (1):
kernel: add missing path to search for debug files
Arkadiusz Drabczyk (1):
overview-manual: fix a forgotten link
Aryaman Gupta (1):
e2fsprogs: update upstream status
Bruce Ashfield (23):
linux-yocto/5.15: arm: poky-tiny cleanup and fixes
linux-yocto/5.10: update to v5.10.110
linux-yocto/5.10: base: enable kernel crypto userspace API
linux-yocto/5.15: update to v5.15.33
linux-yocto/5.15: base: enable kernel crypto userspace API
linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context
linux-yocto/5.15: fix ppc boot
linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction
linux-yocto/5.10: update to v5.10.112
linux-yocto/5.15: update to v5.15.35
linux-yocto/5.15: Fix CVE-2022-28796
linux-yocto: enable powerpc debug fragment
linux-yocto/5.15: fix -standard kernel build issue
linux-yocto/5.15: update to v5.15.36
linux-yocto/5.15: fix qemuarm graphical boot
strace: fix ptest failure in landlock
yocto-bsps: update to v5.15.36
yocto-bsps: update to v5.10.113
linux-yocto/5.15: update to v5.15.37
linux-yocto/5.10: update to v5.10.113
linux-yocto/5.15: update to v5.15.38
linux-yocto/5.10: update to v5.10.114
lttng-modules: fix build against 5.18-rc7+
Changqing Li (1):
eudev: create static-nodes in init script
Chanho Park (2):
externalsrc.bbclass: support crate fetcher on externalsrc
cargo_common.bbclass: enable bitbake vendoring for externalsrc
Claudius Heine (3):
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
overlayfs: add docs about skipping QA check & service dependencies
wic: added fspassno parameter to partition
Davide Gardenal (4):
cve-check: add JSON format to summary output
cve-check: fix symlinks where link and output path are equal
rootfs-postcommands: fix symlinks where link and output path are equal
openssl: minor security upgrade 3.0.2 -> 3.0.3
Dmitry Baryshkov (3):
linux-firmware: upgrade 20220411 -> 20220509
linux-firmware: package new Qualcomm firmware
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions
Gunjan Gupta (2):
bitbake: fetch2/osc: Small fixes for osc fetcher
bitbake: fetch2/osc: Add support to query latest revision
Jacob Kroon (1):
Revert "image.bbclass: allow overriding dependency on virtual/kernel:do_deploy"
Jiaqing Zhao (5):
libxml2: Upgrade 2.9.13 -> 2.9.14
systemd: Drop 0001-test-parse-argument-Include-signal.h.patch
systemd: Remove __compare_fn_t type in musl-specific patch
systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch
systemd: Correct path returned in sd_path_lookup()
Jon Mason (1):
qemuarmv5: use arm-versatile-926ejs KMACHINE
Kai Kang (1):
wpa-supplicant: update config for gnutls
Khem Raj (15):
qemu: Add packageconfig for libbpf support
linux-yocto: Enable powerpc-debug fragment for ppc64 LE
musl: Upgrade to tip of trunk
systemd: Fix build regression with latest update
gcc: upgrade 11.3 -> 12.1
libstd-rs: Forward port rust libc patches
gdb: Upgrade to 12.1
bash: build with bash_cv_getcwd_malloc=yes on musl too
ovmf: Fix native build with gcc-12
elfutils: Disable stringop-overflow warning for build host
musl-locales: Switch SRC_URI to new location
systemd: Drop redundant musl patches
systemd: Document future actions needed for set of musl patches
systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
systemd: Update patch status
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Kory Maincent (1):
images_types: isolate the write of UBI configuration
Leon Anavi (1):
image_types/runqemu-addptable2image: Fix a minor typo
Markus Volk (2):
mesa.inc: package 00-radv-defaults.conf
libsdl2: add PACKAGECONFIG for libusb1 and remove obsolete options
Marta Rybczynska (3):
cve-update-db-native: update the CVE database once a day only
cve-update-db-native: let the user to drive the update interval
cve-check: Fix report generation
Martin Jansa (1):
bitbake: osc: fix DeprecationWarning
Michael Halstead (5):
releases: update to include 3.1.16
scripts/autobuilder-worker-prereq-tests: update to use yocto 4.0
scripts/autobuilder-worker-prereq-tests: add additional limit testing
releases: update to include 3.4.4
releases: include 4.0.1
Michael Opdenacker (12):
MAINTAINERS.md: no more need for a prelink-cross maintainer
dev-manual: further gdb usage simplifications
doc/Makefile: fix epub and latexpdf targets
manuals: fix name capitalization issues
doc: standards for project and file names
manuals: improve the width of diagrams
manuals: improve documentation for TEMPLATECONF
overview-manual: remove confusing and unnecessary paragraph about site.conf
manuals: add quoting to references to bitbake.conf
manuals: add missing space in appends
manuals: add documentation for WKS_FILES
migration guides: release notes for 3.4.3 and 3.4.4
Mingli Yu (1):
python3-cryptography: remove --benchmark-disable option
Peter Kjellerstedt (4):
base-passwd: Regenerate the patches
base-passwd: Update to 3.5.52
base-passwd: Update the status for two patches
librsvg: Drop the dependency on libcroco
Quentin Schulz (2):
docs: set_versions.py: remove hardknott from active releases list
docs: set_versions.py: show release name in switchers.js
Raphael Teller (1):
kernel.bbclass: Do not overwrite recipe's custom postinst
Richard Purdie (25):
bitbake: cookerdata: Change emphasis in error message to be clearer to users
cairo: Add missing GPLv3 license checksum entry
libgcrypt: Drop GPLv3 license after upstream changes
base: Avoid circular references to our own scripts
scripts: Make git intercept global
scripts/git: Ensure we don't have circular references
abi_version/sstate: Bump hashequiv and sstate versions due to git changes
vim: Upgrade 8.2.4681 -> 8.2.4912
package: Ensure we track whether PRSERV was active or not
libgcrypt: Fix reproducibility issues in ptest
liberror-perl: Update sstate/equiv versions to clean cache
freetype: Upgrade 2.12.0 -> 2.12.1
bitbake: fetch/git : Use cat as pager
pciutils: Add make-native dependency
sanity: Don't warn about make 4.2.1 for mint
bitbake: build: Add clean_stamp API function to allow removal of task stamps
staging: Fix rare sysroot corruption issue
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
layer.conf: Don't use indirect help2man-native dependencies
rust-common: Fix sstate signatures between arm hf and non-hf
rust-common: Drop LLVM_TARGET and simplify
rust-common: Fix native signature dependency issues
scripts/patchreview: Add commit to stored json data
scripts/patchreview: Make json output human parsable
Robert Joslyn (1):
powerpc: Remove invalid GLIBC_EXTRA_OECONF
Roland Hieber (1):
bitbake: cache: correctly handle file names containing colons
Ross Burton (4):
oeqa/selftest: add test for git working correctly inside pseudo
Revert "bitbake.conf: mark all directories as safe for git to read"
kernel-yocto.bbclass: say what SRC_URI entry is being dropped
oeqa/selftest/cve_check: add tests for recipe and image reports
Rouven Czerwinski (1):
kbd: fix pam DISTRO_FEATURES check
Samuli Piippo (1):
binutils: Bump to latest 2.38 release branch
Schmidt, Adriaan (1):
bitbake: bitbake-diffsigs: break on first dependent task difference
Simone Weiss (1):
libgcrypt: Add ptest
Steve Sakoman (2):
virgl: skip headless test on alma 8.6
python3: fix reproducibility issue with python3-core
Sundeep KOKKONDA (3):
dev-manual: improvements for gdbserver configuration
rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets
rust-common: Fix for target definitions returning 'NoneType' for arm
Thomas Epperson (1):
dev-manual: fix documentation for bmaptool usage
Thomas Perrot (1):
man-pages: add an alternative link name for crypt_r.3
Tomasz Dziendzielski (1):
bitbake: data: Do not depend on vardepvalueexclude flag
Trevor Woerner (1):
DISTRO_FEATURES: remove uclibc remnants
Zoltán Böszörményi (2):
npm.bbclass: Fix file permissions before opening it for writing
npm.bbclass: Don't create /usr/lib/node symlink
leimaohui (1):
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
wangmy (1):
librepo: upgrade 1.14.2 -> 1.14.3
meta-raspberrypi: c97a9e34ab..62a84833d9:
Andrei Gherzan (1):
Revert "kmod: Enable xz compression"
Khem Raj (3):
rpi-config: Add option to enable One-wire interface
linux-firmware-rpidistro: Create brcmfmac43455-sdio.raspberrypi,4-model-b.bin symlink
linux-raspberrypi: Upgrade to 5.15.38
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If15534d7da5bfa78ef2224bb09ff1a8eb96a0e10
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.3.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
new file mode 100644
index 0000000..fd88ae8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
@@ -0,0 +1,258 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ "
+
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b"
+
+inherit lib_package multilib_header multilib_script ptest perlnative
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[no-tls1] = "no-tls1"
+PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF:append:libc-musl = " no-async"
+EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+# This allows disabling deprecated or undesirable crypto algorithms.
+# The default is to trust upstream choices.
+DEPRECATED_CRYPTO_FLAGS ?= ""
+
+do_configure () {
+ # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
+ # the issue really clear that perl isn't functional due to symbol mismatch issues.
+ cat <<- EOF > ${WORKDIR}/perltest
+ #!/usr/bin/env perl
+ use POSIX;
+ EOF
+ chmod a+x ${WORKDIR}/perltest
+ ${WORKDIR}/perltest
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arc)
+ target=linux-latomic
+ ;;
+ linux-arm*)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-i?86 | linux-viac3)
+ target=linux-x86
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips | linux-mipsel)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-powerpc64le)
+ target=linux-ppc64le
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ mingw32-x86_64)
+ target=mingw64
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+ oe_multilib_header openssl/opensslconf.h
+ oe_multilib_header openssl/configuration.h
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl-3/certs \
+ ${D}${libdir}/ssl-3/private \
+ ${D}${libdir}/ssl-3/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
+}
+
+do_install:append:class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-3/certs \
+ SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-3 \
+ OPENSSL_MODULES=${libdir}/ossl-modules
+}
+
+do_install:append:class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
+
+ # Prune the build tree
+ rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+ cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
+ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+ # For test_shlibload
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+ install -d ${D}${PTEST_PATH}/apps
+ ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+ install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+ install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+
+ install -d ${D}${PTEST_PATH}/providers
+ install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
+
+ install -d ${D}${PTEST_PATH}/Configurations
+ cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+
+ # seems to be needed with perl 5.32.1
+ install -d ${D}${PTEST_PATH}/util/perl/recipes
+ cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
+
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
+
+FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES:libssl = "${libdir}/libssl${SOLIBS}"
+FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-3/openssl.cnf* \
+ "
+FILES:${PN}-engines = "${libdir}/engines-3"
+# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
+FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
+FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
+FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
+FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
+RDEPENDS:${PN}-misc = "perl"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+
+RDEPENDS:${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+CVE_VERSION_SUFFIX = "alphabetical"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_IGNORE += "CVE-2019-0190"