Here is one testcase:
For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1],
do_configure[network] = "1"
and it will git clone some repos in CMakeLists.txt
When buildtools is used and nativesdk-git is installed into sdk,
do_configure failed with error:
[1/9] Performing download step (git clone) for 'protobuf-populate'
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that
user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their
do_configure:prepend() to fix above do_configure failure
CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add
into BB_ENV_PASSTHROUGH_ADDITIONS
[1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb
(From OE-Core rev: 5fa8cb40395977722d0d5a2271c8044598fb1f01)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
(From OE-Core rev: 5c915fcada5868bdbb8aa3e28c18a26cfc41914f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As there's a small number of test binaries in acl, instead of
installing large chunks of the build tree we can install just those and
use a boilerplate test runner.
Drop 0001-tests-do-not-hardcode-the-build-path-into-a-helper-l.patch and
replace with an explicit -DBASEDIR= flag passed at build time.
Drop 0001-test-patch-out-failing-bits.patch and delete the tests that
fail entirely as they won't work without a specific user/group setup.
Backport a patch from upstream so that some tests don't use excessive
amounts of memory.
Backport a patch from upstream to cater for both glibc and musl's
behaviour with interleaved stdout/stderr, fixing the tests on musl.
Clean up dependencies now that we're not shipping the build system.
(From OE-Core rev: 2d82d5ea612ae6d7ac177f2a2792b3e3fdac1c70)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As there's just a few test binaries in attr, instead of installing large
chunks of the build tree we can install just those and use a boilerplate
test runner.
Also add a comment explaining why we have to sed the test suite if musl
is used.
(From OE-Core rev: baa1cbab47326656f762562303ddf4b0d9cc2b5c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's only one recipe using the .inc so the split is mostly pointless.
(From OE-Core rev: a6f29ced550251487211d8a83dc00e98b306e544)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These signatures are exposed when build with musl particularly
(From OE-Core rev: 2379010dfecffedc8d4253a03d5cb348f17ecee9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In native/nativesdk builds, sysconfdir refers to a recipe sysroot
directory, which will disappear once the workdir is cleaned up, breaking
libcurl's HTTPS connections.
By simply not setting --with-ca-bundle at all in non-target builds, curl
defaults to the host system's CA certificates, which is desirable anyways
to allow builds in environments that require local CA certificates.
(From OE-Core rev: 4909a46e93ba774c960c3d3c277e2a669af3fea6)
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC15 is switching defaults to C23 and gdbm is not yet ready to
compile using C23 std.
(From OE-Core rev: e0f13f9bc96a0dd4c5f6750a8106422a6d015359)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Just one change, to fix the Go psx module build.
(From OE-Core rev: 8b95a195e31a1e01b3b508ca0a77908fa87f5d02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recipe LICENSE field should reflect the license of all of the sources,
so include the PAM module licenses too.
Don't use conditionals in LIC_FILES_CHKSUM so that the configuration
does not cause differing checksums to be used.
Explicitly set the license on libcap and libcap-dev to reflect the
contents:
- libcap is BSD|GPLv2, and also BSD|LGPLv2+ if PAM is enabled.
- libcap-dev is just the library, so BSD|GPLv2.
(From OE-Core rev: 12ac8b55ee7407aca485869f0031cf7375761ca9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no need to set PACKAGECONFIG:class-native as we disable PAM in
the native DISTRO_FEATURES.
No need to set COPTS, since "Canonicalize build system"[1] the exported
CFLAGS/CPPFLAGS/LDFLAGS are respected.
Merge multiple make arguments into EXTRA_OEMAKE to remove duplication.
SYSTEM_HEADERS is not used upstream, remove.
[1] 2762c2c1a8c98d9012fcd40f20d133493a0b3219
(From OE-Core rev: 88cd79eee6dcc40d0e75ab35d9092ac3c788be7d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
base_libdir/*.so is part of the default assignment.
(From OE-Core rev: 964c73bd4de30c682961f7fe2ee85a92995d3160)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch,
fixed upstream in "libcap: Fix for older kernels"[1].
Drop 0002-tests-do-not-run-target-executables.patch, doesn't appear to
be needed anymore and most likely resolved by "Don't build the
tests/binaries until we want to run them"[2].
[1] f1c3ac995d02d4f17b9d15656ab6d58f4c87435a
[2] 99799844ad9272d43892881d1090369e6032aec2
(From OE-Core rev: 1efd3ff1ab24ee4037bdcf92602dce961abe63aa)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace the UTF8 character for non-breaking space with regular
(ASCII) space in FILES:${PN} variable.
(From OE-Core rev: 5506d920a5e9404f6b4d115c1e71c0bf68a74cca)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On big-endian systems the preprocessor define ICU_DATA_DIR
is currently being set to a path ending with the ${PV} of
the recipe.
The PV version string has changed to a '-' separator
since oe-core commit cebe8439cdc656d53355506a31a3782312bf03c5
whereas the build system installs the data files into a
path ending with the dot-separated version of ICU.
This causes the ICU data file to not be detected at runtime,
consequently breaking any dependant applications.
We therefore substitute ${PV} with the dot-separated version
string of ICU, as returned from the icu_install_folder function,
on the ICU_DATA_DIR define on big-endian targets.
(From OE-Core rev: 28cdc0110def011e3d690da1d591076385267ef7)
Signed-off-by: Makarios Christakis <makchrbiz@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix to make this work with GCC15/C23 caused problems with older gcc versions.
Add a fix for that.
(From OE-Core rev: 08fce47470c629cbdd85a5ad486bc79b05afa44b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Noteworthy changes in version 2.5.5 (2025-03-07)
------------------------------------------------
* gpg: Fix a verification DoS due to a malicious subkey in the
keyring. [T7527]
* dirmngr: Fix possible hangs due to blocking connection requests.
[T6606, T7434]
* w32: On socket nonce mismatch close the socket. [T7434]
* w32: Print more detailed diagnostics for IPC errors.
* GPGME is not any more distributed with the Windows installer.
Please install gpg4win to get gpgme version.
See-also: gnupg-announce/2025q1/000491.html
Release-info: https://dev.gnupg.org/T7530https://dev.gnupg.org/source/gnupg/browse/master/NEWS
(From OE-Core rev: e0eaf598193012c6b0ada9e56be9bc0d6b19ec97)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Unfortunately this has been overlooked, and resulted in
erroneous updates to testing/development releases.
The check will report an 'unknown' latest version until 2.6.0
is released.
(From OE-Core rev: 7e505c1506ea6a079b0291f84e4ec6774064ef20)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the final patch that got applied to mpfr upstream
so lets drop the version we are carrying in favour of this backported.
(From OE-Core rev: e6fa8eea0cd035623f06d51da89cf2e3b9eb7449)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-uatomic-generic.h-add-missing-stdlib.h-header-file-f.patch
removed since it's included in 0.15.1
(From OE-Core rev: c8dcd773a062685f249a020af7858a794b556617)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements
License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025
(From OE-Core rev: 3a8633b9f522e0be31c08790a3f2050c6d052d93)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rework the anon Python so that it doesn't expect to find non-MLPREFIXed FILES
overrides which are then mapped into MLPREFIXed versions, this allows the
apparent hardcoding of boost-{test,serialization} to be written more naturally
(and is significantly less surprising).
With this, and a change to lookup ${BPN} when generating split package names,
generating an explicitly versioned boost package (e.g. "boost-1.82") alongside
the main boost package ("boost") can be done by copying/renaming the older
recipe. This is useful when upstream code hasn't yet been ported to newer
boost and an older version is required.
(From OE-Core rev: b0770990a8b332dd2de802091164c9506882a465)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In boost 1.85 a charconv implementation in c++11 was added
[https://www.boost.org/doc/libs/master/libs/charconv/doc/html/charconv.html]
This is already used in real life and e.g. building the current wesnoth release fails with:
| /usr/src/debug/wesnoth/1.19.9/src/utils/charconv.hpp:57:(.text+0x238b): undefined reference to `boost::charconv::to_chars(char*, char*, double, boost::charconv::chars_format)'
Add charconv to BOOST_LIBS to provide the library
(From OE-Core rev: 42d14c130f2159c1d9ea314acc93142e6ccb2761)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the removal of BSD-4-Clause from LICENSE in commit 362435b0aec
(libbsd: Drop licenses that were removed upstream), the licenses for all
packages match the licenses for the recipe. Thus there is no longer any
reason to explicitly specify the package licenses.
(From OE-Core rev: 0c1b68fefe41d92eaa87578ff644bc254e078f9a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch to change how autotools pulls in macros is no longer needed.
(From OE-Core rev: 9a550b4154d3e501ed6555694dc95b31df527637)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bulk of these recipes used acpaths to work around argument list
limits as we passed the full path to every directory. As this behaviour
no longer happens we can remove these workarounds.
(From OE-Core rev: c4336f1b0da981b3ea396b17779b67898bceccef)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Noteworthy changes in version 1.24.2 (2025-02-10)
-------------------------------------------------
Take care: This version is from a legacy branch of gpgme created
just before we split out the C++, Qt, and Python bindings to
separate repositories and bumped the version number up to 2.0.
* Fix regression for RSA in gpgme_pubkey_algo_string. [T7508]
* Prevent failing tests after 2027-05-15. [T7471]
[c=C44/A33/R2 cpp=C27/A21/R2 qt=C21/A6/R2]
Release-info: https://dev.gnupg.org/T7524
See NEWS in https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-1.24.2.tar.bz2 for details
(From OE-Core rev: 90b637936b601c7af4c708d92562f098620a0d6a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update:
- LICENCE renamed to LICENCE.md
- format changed
- add "SPDX-License-Identifier: BSD-3-Clause WITH PCRE2-exception" to the top of LICENCE file
- add contribution information
(From OE-Core rev: 290bcaad31ac87766cd08bc017326daf5c4bd60d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Solves CVE-2024-12243
Refreshed patches
License-Update: multiple changes
* a8727cdb07
COPYING.LESSER updated wording to latest FSF version
* 75f5ea8073
LICENSE file merged to README.md
COPYING and COPYING.LESSERv2 moved to top-level directory
Release notes: https://gitlab.com/gnutls/gnutls/-/blob/3.8.9/NEWS?ref_type=tags
* Version 3.8.9 (released 2025-02-07)
** libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
** libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
** libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]
** API and ABI modifications:
GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t
GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t
(From OE-Core rev: 4313d931673dd86aaf590c68f7b1fa364d752740)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Add static trampoline support for Linux on s390x.
- Fix BTI support for ARM64.
- Support pointer authentication for ARM64.
- Fix ASAN compatibility.
- Fix x86-64 calls with 6 GP registers and some SSE registers.
- Miscellaneous fixes for ARC and Darwin ARM64.
- Fix OpenRISC or1k and Solaris 10 builds.
- Remove nios2 port.
(From OE-Core rev: e7ee958facbf602c8e7d27507a984f29811efd01)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Those have been in meta-oe, but are needed for libadwaita upgrade.
Also updates libsass to newest version. I can take care of those
recipes for now.
(From OE-Core rev: 0a1d3607da7bb7c586c69cefadf8ade52c7b1987)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
