disable-hardcoded-configs.patch
refreshed for new version
Changelo:
=========
- Made it possible again to have FAT32 filesystems with less
than 0xfff5 clusters
- Make FAT32 entries 0 and 1 match what windows 10 does
- Misc source code and configure script cleanup
(From OE-Core rev: b19127f0cd0e10c7180c138284b38c97fa9db7af)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
e3b4ed3 Release 1.1.0
56da11c missed a comma
fde429d raise ParseError if we get an exception on is_iso8601()
21f5368 Add is_iso8601() function
406db6f Update license years
License-Update: copyright years updated.
(From OE-Core rev: e459e5e91d2ed56dc2c75ed1e1a984a7b99dfcd8)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Switch to python_setuptools3_rust.bbclass
* Add crate:// (from cargo bitbake output)
* Manually fix crate:// versions to satisfy cargo
4.0.0
bcrypt is now implemented in Rust. Users building from source will
need to have a Rust compiler available. Nothing will change for users
downloading wheels.
We no longer ship manylinux2010 wheels. Users should upgrade to the
latest pip to ensure this doesn’t cause issues downloading wheels on
their platform. We now ship manylinux_2_28 wheels for users on new
enough platforms.
NUL bytes are now allowed in inputs.
https://github.com/pyca/bcrypt/#400
(From OE-Core rev: 8e0bda7343b526a21ceeede274a8ea53c31e5d2d)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
22.1.0 (2022-09-25)
Backward-incompatible changes:
Remove support for SSLv2 and SSLv3.
The minimum cryptography version is now 38.0.x (and we now pin
releases against cryptography major versions to prevent future breakage)
The OpenSSL.crypto.X509StoreContextError exception has been
refactored, changing its internal attributes. #1133
Deprecations:
OpenSSL.SSL.SSLeay_version is deprecated in favor of
OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are
deprecated in favor of OpenSSL.SSL.OPENSSL_*.
Changes:
Add OpenSSL.SSL.Connection.set_verify and
OpenSSL.SSL.Connection.get_verify_mode to override the context object’s
verification flags. #1073
Add OpenSSL.SSL.Connection.use_certificate and
OpenSSL.SSL.Connection.use_privatekey to set a certificate per
connection (and not just per context) #1121.
(From OE-Core rev: 5eb351b7c7445a33a43655a98a53353a665d1616)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop 0001-Cargo.toml-specify-pem-version.patch, superceded.
* Update crate:// (via cargo bitbake)
* Manually fix crate:// versions to satisfy cargo
Release notes:
38.0.1 - 2022-09-07
- Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes
(typically seen in large CRLs).
38.0.0 - 2022-09-06
- Final deprecation of OpenSSL 1.1.0. The next release of cryptography
will drop support.
(For complete release notes, see:
https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#3800---2022-09-06)
(From OE-Core rev: da62314b7149cd53ffb046115b67c5e620f2afe4)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Following changes are part of this SRCREV uprev
* dc9285ad fix error cases in gethostbyaddr_r
* f9827fc7 remove impossible error case from gethostbyname2_r
* f081d533 fix return value of gethostnbyname[2]_r on result not found
* 1e7fb12f dns: treat names rejected by res_mkquery as nonexistent rather than error
* 001c1afb res_mkquery: error out on consecutive final dots in name
* 3ad3fa96 fix thread leak on timer_create(SIGEV_THREAD) failure
* bf14ef19 re-enable vdso clock_gettime on arm (32-bit) with workaround
* 6f3ead0a process DT_RELR relocations in ldso-startup/static-pie
* 25085c85 fix fwprintf missing output to open_wmemstream FILEs
* a636fd63 dns: fail if ipv6 is disabled and resolv.conf has only v6 nameserves
* 996b6154 use kernel-provided AT_MINSIGSTKSZ for sysconf(_SC_[MIN]SIGSTKSZ)
* 25340a93 add sysconf keys/values for signal stack size
* d8fddb96 fix fallback when ipv6 is disabled but resolv.conf has v6 nameserves
* d4f987e4 epoll_create: fail with EINVAL if size is non-positive
* 2e5fff43 use alt signal stack when present for implementation-internal signals
* 379b1821 ldso: make exit condition clearer in fixup_rpath
(From OE-Core rev: 7a62aad4c32e227a8f5a2365dfb6217efb1f5b70)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The custom path of the ca-certificates.crt within the buildtools-tarball requires more
environment variables to be exported. Namely REQUESTS_CA_BUNDLE for the python requests library
and CURL_CA_BUNDLE for curl.
(From OE-Core rev: 5c249db9de8ad8cfe0996ff4fee4c575a5ff1e34)
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When machine configuration defines a mount point, which is not used in
any recipe, allow to fall through and only report a note in the logs.
This can be expected behavior, when a mount point is defined for several
machines, but not used in all of them
(From OE-Core rev: a9c604b5e0d943b5b5f7c8bdd5be730c2abcf866)
Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also disable any attempt at debug splitting/stripping. Piglit installs
over 2GB of files which we install stripped, so the action of attempting
to split/strip takes a long time and achieves nothing.
(From OE-Core rev: f890cc8e9cae70f10f79dd14ca53ef4d31460a78)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a patch to support configuring whether SELinux is enabled or not.
Also add a PACKAGECONFIG for SELinux support and enable it if the
"selinux" distro feature is enabled.
Remove two patches that have been applied upstream.
Changes since 3.5.52:
* 5928e85: German (thanks, Helge Kreutzmann)
* 72cb6a6: Remove constraints unnecessary since buster
* 2f71444: Merge branch 'scrub-obsolete' into 'master'
* 5a578e7: Drop Build-Depends: dpkg
* 44f28e1: Apply wrap-and-sort -at
* 1fe0338: Upgrade to debhelper v13
* d77d38c: Simplify some debhelper overrides slightly
* 2143651: Implement SELinux awareness when updating
/etc/{passwd,group,shadow}
* 0b824ad: improve enforcing handling
* e2f0c03: update-passwd.c: use raw selinux labeles
* 8d45264: selinux_prepare_create_file: return error from
setfscreatecon_raw
* 2f23448: selinux_after_create_file: save errno
* 6953dd1: update-passwd.c: replace goto error handling
* 32fbf59: cleanup
* 3c3eb67: fixup goto
* 585126f: implement feedback
* 02a366b: users-and-groups: Update copyright years
* 7849c61: users-and-groups: Rename ssh group to _ssh
* 06ed6f4: update-passwd.c: set walk to walk->next before removing
* ef6baea: users-and-groups: Document libvirt group
* 68e02a3: Stop creating the gnats user and group on new installations
* cb6e2a9: Restore Build-Depends sorting
* 0e1afc1: Tidy up whitespace
* 6005a06: Merge branch 'selinux' into 'master'
* 24046cb: Bump version to 3.6.0
* c72aa5d: Make it possible to build without debconf support
* 2a6d16e: Make it possible to disable the generation of the
documentation
* 60ece0c: Merge branch 'master' into 'master'
* 63d0f94: Add changelog entry
* cbae4a5: update-passwd: add format attribute
* b71eb04: update-passwd: use strict prototypes
* df48ea8: update-passwd: silence potential null dereference
* cddc9df: update-passwd: print filename on fclose error
* d05f8a3: update-passwd: use correct filename in copy_filemodes
* 11e6466: update-passwd: drop t flag from fopen
* 347aeb6: update-passwd: open temporary file exclusively
* a697493: d/salsa-ci.yml: add standard salsa ci configuration
* 2f622f4: configure: replace obsolete macro
* 43ebe64: Add changelog entry
* e1a186b: frozen the group id for crontab, in order to fix#1012622
* 5ce7773: frozen the group id for crontab, closes: #1012622
* 670c2be: Revert "frozen the group id for crontab, closes: #1012622"
* bc1ad19: Revert "Revert "frozen the group id for crontab, closes:
#1012622""
* 12122c6: Revert "frozen the group id for crontab, in order to fix
#1012622"
* 0145e8a: Revert "frozen the group id for crontab, closes: #1012622"
* c8125ff: releasing package base-passwd version 3.6.0
* dc157c6: passwd.master: Add _apt user
* e50024c: Merge branch 'misc' into 'master'
* 7fb5ad8: debian/postinst: Fix several shellcheck issues
* 8f07b66: releasing package base-passwd version 3.6.1
(From OE-Core rev: 41a9eb6c3afc6de000eaeb0fbe0c691b6c8d1285)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch is not
needed by target mesa any more. But it still fails to compile
mesa-native without this patch when DEBUG_BUILD is enabled on Ubuntu
18.04 with gcc 7.5.0:
| ../mesa-22.1.6/src/compiler/nir/nir_inline_helpers.h: In function ‘nir_opt_move_block’:
| ../mesa-22.1.6/src/compiler/nir/nir_opt_move.c:55:1: error: inlining failed in call to
always_inline ‘src_is_ssa’: indirect function call with a yet undetermined callee
| src_is_ssa(nir_src *src, void *state)
| ^~~~~~~~~~
So only apply it for mesa-native.
(From OE-Core rev: c6a6d0c2680799683d58968c2558a224f27caaa2)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The meson-wrapper adds setup options to facilitate cross-compilation.
The current options are exclusive to the setup sub-command and might
cause issues with other sub-commands.
Update the wrapper to make options sub-command specific.
(From OE-Core rev: 7bcda141f2019862b4fb5d8dec7956cd8344b420)
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the fix from upstream to fix this CVE.
(From OE-Core rev: 59f69125fb00dc8fd335f32fe6898e7a480141e4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
create-spdx can't detect the license properly if the case doesn't
match, so fix it.
(From OE-Core rev: 9c87828493784d996910d742006268a626ef0130)
Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.
This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.
(From OE-Core rev: e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a access or creation timestamp has 0 microseconds, then the test
fails as it doesn't expect this to be a valid value. Expand a previous
fix for modification times to cover these timestamps too.
[ YOCTO #14373 ]
(From OE-Core rev: 15715e6ad81c97cd50e288f3745615eb19be90d1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In current SDK, when running the following command in python
shell, we get an error.
$ python3
>>> from cryptography.hazmat.backends import openssl
The error message is as below:
cryptography.exceptions.InternalError: Unknown OpenSSL error.
We could set OPENSSL_MODULES explicitly in nativesdk-openssl package
so that when SDK is set up, it's in environment and we can
get rid of the above error.
Also, there are other env vars that need to be exported. And we export
all of them to keep sync with openssl-native.bbclass.
(From OE-Core rev: d6b15d1e70b99185cf245d829ada5b6fb99ec1af)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Unless we're using systemd, dbus is not pulled into the system
automatically. Bluez5 will not work without dbus so add it to RDEPENDS
explicitly.
(From OE-Core rev: 377ef7009a8638efe688b6b61f67ae399eb1f23d)
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a new zlib release is made, the top-level URL is no longer available
and it is only available as a .gz under the /fossils/ directory.
When this happens the source fetch fails and bitbake noisily warns that
it is using the mirrors. Avoid this by using the .gz tarball and add
the /fossils/ directory to PREMIRRORS so fetches will check there too.
(From OE-Core rev: c67f71abc61afec701c50e4e7941128eb701fb0a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The change in commit e903b29f (gcc-cross: pass
-Werror=poison-system-directories to compiler stages) made it impossible
to disable the error using -Wno-error=poison-system-directories.
(From OE-Core rev: 1cb0245539f7d5277fae4e9abc7f2a0130d0caa8)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
perf has need for python setuptools when scripting is enabled
from 6.0.0 onwards it seems to throw an explicit error
(From OE-Core rev: da3d00178809bbf7cc453401e0c5937796ebc2c1)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add savedefconfig task which U-Boot supports (unfortunately not all
consumers of cml1 support this).
(From OE-Core rev: efc54f1f836651c8ef27a683a9e5d583c8ce87a6)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Splitting u-boot-configure.inc out of the base left duplicate
cml1.bbclass in the base include.
Fixes: fc9a17ad38 ("u-boot: Split do_configure logic into separate file")
(From OE-Core rev: 286f91f7659307bcdf0ba541b8d6b56db5604ceb)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some versions of hashlib don't appear to implement the second FIPS
related argument. Detect this and support both versions.
(From OE-Core rev: 2bbabed51e3aca138486d3feef640f5d3249be40)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
opkg-utils fetches using a cgit snapshot of a tag, which is not
reproducible as the tag could move, not reliable as a future dynamic
snapshot could have a different checksum, and a waste of CPU load as
these tarballs are built on demand.
Switch opkg-utils to use a proper git clone of the relevant SHA.
(From OE-Core rev: dafd2631a20ffd94e6f21c46938a010e92b57da4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
