by default git pulls in several code fragments not being licensed
under just GPL-2.0-only.
obstack and poll are licensed under GPL-2.0-or-later
reftable being BSD-3-Clause
sha1dc and inet_ntop being MIT
netmalloc being Bosst-1.0 aka BSL-1.0
regex being LGPL-2.1-or-later
(From OE-Core rev: 5184e651651ed949d198882a10f406cef5939b7b)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update:
- The following description added to "License for Sphinx":
# +Unless otherwise indicated, all code in the Sphinx project is licenced under the
# +two clause BSD licence below.
(From OE-Core rev: 135f625a4d34a92ba09494d651bad057c32f3352)
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
This release changes the implementation of "infer" to be an alias for
"Ellipsis". E.g. "@given(a=infer)" is now equivalent to
"@given(a=...)". Furthermore, "@given(...)" can now be specified so
that "@given" will infer the strategies for all arguments of the
decorated function based on its annotations.
(From OE-Core rev: 394fa87b68d6b0030a2d706ce70c2d5c28c4304b)
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a very brittle sed hack against cpp source code
that allowed installing multiple llvm versions into the same
target/sysroot. Patching with sed is prone to silent
regressions as it can change both too little and too much,
and it indeed it broke with llvm 14. It's also difficult to tell
what the 'right' change should look like.
If this feature is actually needed somewhere, please do it properly:
proper patch and upstream first.
(From OE-Core rev: 974f67b18a2f1a15c76785d69e7234594af97a88)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
llvm-config no longer links with libLLVM, so there is no need
to install it in -native (and it isn't built in the first place).
This also significantly speeds up llvm-native build.
(From OE-Core rev: ee06fc2a19665461e143fe3bf7e94b703652e1cf)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
- Deprecations and Removals
Drop the doctype check, that presented a warning for index pages that use
non-compliant HTML 5.
- Vendored Libraries
Downgrade distlib to 0.3.3.
(From OE-Core rev: 5cbf04ee8202ad9d90b1e1e527203f34e921916b)
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.
https://nvd.nist.gov/vuln/detail/CVE-2022-28805
(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This includes a fix for CVE-2022-24765
(From OE-Core rev: a17dc42d82b12d7f891c903a02a0302b31829c88)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
in target and native variant a different set of vendored libraries
is pulled from the cmake sources.
Add those licenses and there texts
(From OE-Core rev: fc6c1951dd7e53791a9d92610dfc2eefab4c2a4a)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
as described in src/pip/_vendor/README.rst pip ships plenty
of vendored copies of other python modules.
Correct the license of the resulting package and
reference all the vendor copy license files correctly
(From OE-Core rev: 1c192304b2b2ff8c909836d2c78826192e7d21ca)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.
(From OE-Core rev: 5dfe2dd5482c9a446f8e722fe51903d205e6770d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a fix queued upstream for the issue in this CVE:
"""
Guest driver might execute HW commands when shared buffers are not yet
allocated.
This might happen on purpose (malicious guest) or because some other
guest/host address mapping.
We need to protect againts such case.
"""
(From OE-Core rev: 1b8513c1abdcd6430f9311efd04d785488f79d7d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was a long standing problem seen on aarch64 build hosts when
compiling python3 with clang cross compiler. The issue is not seen with
gcc because native glibc headers are still compatible with gcc cross compiler
(From OE-Core rev: 407744b00d702e3133304e1b43064a5634ca02cf)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Ross Burton <ross.burton@arm.com>
Cc: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The leaking test case has been fixed upstream, so backport the patch.
(From OE-Core rev: 4705b8a724fe288a20f1a080e2796ea90f46c9fb)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to a version of pseudo which has a fix for absolute links,
evaluating them from the chroot path.
(From OE-Core rev: 33147b89bc3c9e9bdd53a942a5551d8a1d06130c)
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit ef49f89c89889466ee3696ab680f8e10c961a677.
This appears to cause build failures which didn't originally show up in
testing, reverting for now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch is needed in order to support recent glibc (2.34).
libsanitizer/ChangeLog:
PR sanitizer/101749
* sanitizer_common/sanitizer_posix_libcdep.cpp: Prevent
generation of dependency on _cxa_guard for static
initialization.
(From OE-Core rev: c44c4e7fb3c860d9fcb2aada0c9d4acb1e1e8101)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meson would fail to detect compiler type in some rare care where
specific substring '-xt' is detected in compiler --version output and
it so happens that this string can be generated by clang --version if
clang is installed into a directory containing 'xt-' in its name. with
recipe specific sysroots, this is quite likely to happen in OE build
system as we are seeing the issue with newly proposed gnome-text-editor
recipe
https://lists.openembedded.org/g/openembedded-devel/topic/90150031#96301
(From OE-Core rev: ff75909f2a9e970aaf389e0012888c29f02376e3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch creates ${MULTIMACH_TARGET_SYS}-toolchain.cmake file
at ${SDK_INSTALL_DIR}/sysroots/${SDK_SYS}/usr/share/cmake/, which is
per-toolchain CMake toolchain file containing arch-specific values
and independent of OE environment variables.
The file gets created after installing SDK toolchain installer
ined by running "bitbake -c populate_sdk <image>".
The changes are similar to meson-setup.py which is used to
create arch-specific
${SDK_INSTALL_DIR}/sysroots/${SDK_SYS}/usr/share/meson/*-meson.cross
[YOCTO #14644]
Tested-by: Jan Dorniak <jaskij@gmail.com>
(From OE-Core rev: 42e68397ec74b3cd8ae5df45355c8f6254b48cd8)
Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It can be useful to use git on target (e.g. with some wrapper like
etckeeper for keeping track of changes to /etc), and for such cases,
it is likely one has no need for pulling from/pushing to http[s]
repositories. From the INSTALL file:
- "libcurl" library ... If you do not use http:// or https://
repositories, and do not want to put patches into an IMAP
mailbox, you do not have to have them (use NO_CURL).
- "expat" library; git-http-push uses it for remote lock
management over DAV. Similar to "curl" above, this is
optional (with NO_EXPAT).
Setting --without-expat and --without-curl reduces the size of the
installed "git" package from 18M to 12M, in addition to avoiding
pulling those libraries into the rootfs.
(From OE-Core rev: 49f81198c5d233a9a2612c3b8366681dd85bea59)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Changed urllib3[brotli] extra to favor installing Brotli libraries that are
still receiving updates like brotli and brotlicffi instead of brotlipy.
This change does not impact behavior of urllib3, only which dependencies are
installed.
- Fixed a socket leaking when HTTPSConnection.connect() raises an exception.
- Fixed server_hostname being forwarded from PoolManager to HTTPConnectionPool
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
(From OE-Core rev: 1c44078db4e8fc3ed992ede38708bea0dcf87f11)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Fixed support for pytest 7.0, and pytest>=7.0 is now required.
(From OE-Core rev: 34f6bc8ca0cfc310fd6ba494b995fa86d28b5a6e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Improve error detection and message when Hypothesis is
run on a Python implementation without support for "-0.0", which is
required for the "floats()" strategy but can be disabled by unsafe
compiler options (issue #3265).
If the "shrink" phase is disabled, stop the "generate" phase as
soon as an error is found regardless of the value of the
"report_multiple_examples" setting, since that's probably what you
wanted (issue #3244).
(From OE-Core rev: 56702a6c8e066d3730dd336eeb98d10534226601)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: year updated to 2022
Changelog:
=========
- Handle RSASSA-PSS in keys.PrivateKeyInfo.bit_size and
keys.PublicKeyInfo.bit_size
- Handle RSASSA-PSS in keys.PrivateKeyInfo.wrap and keys.PublicKeyInfo.wrap
- Updated docs for keys.PrivateKeyInfo.algorithm and
keys.PublicKeyInfo.algorithm to reflect that they can return "rsassa_pss"
(From OE-Core rev: 8fbe3bd4aca7a8906e342bcc9f27e205398919c3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids the following configuration error:
The necessary bits to build these optional modules were not found:
_curses _curses_panel
which happens if the "readline" PACKAGECONFIG is disabled.
(From OE-Core rev: 70e0641069ca1e0e460000fe19662d6b3753b2ba)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids the following configuration error:
-- Checking for module 'smartcols'
-- No package 'smartcols' found
CMake Error at .../usr/share/cmake-3.22/Modules/FindPkgConfig.cmake:603 (message):
A required package was not found
which happens if glib-2.0 is configured without the libmount
PACKAGECONFIG that otherwise depends on util-linux.
(From OE-Core rev: e9bbbe72221e56a82892981a5ff254e559795ac6)
Signed-off-by: Peter Kjellerstedt <pkj@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
TCLIBC is only valid for TARGET, not for HOST or NATIVESDK.
Fixes build of rust-crosssdk if TCLIBC is set to musl.
(From OE-Core rev: c0b353d19d4cd796e5e63c6bec72962854fe81f4)
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- This abstracts on GL/GLES implementations
- Rename packageconfig to epoxy to match what code it doing underneath
(From OE-Core rev: 0ded646a83768868a1cc4dceb962ee707348af1b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
