This allows semi-automated updates to the list of crates, which
is far too awkward to maintain by hand, particularly on version updates.
(From OE-Core rev: 1071e2fdd23271bf5df60712263838fe70276c67)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The component has been reimplemented in rust, and comes
with a large list of dependencies in Cargo.toml/Cargo.lock.
Rather than list them by hand, use a file generated with
cargo-update-recipe-crates class.
(From OE-Core rev: f1ebc71d9c35ba3ff58851efe2fae4e193f481f1)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The semaphore fix has landed and is available from 3.11 onwards:
1ee0f94d16
Drop 0001-Mitigate-the-race-condition-in-testSockName.patch
as it is merged upstream.
(From OE-Core rev: f10cdc155e47af5627ee999c57e1d083f9382a91)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'Release' type follows standard practice elsewhere in core, particularly rust-llvm as well.
(From OE-Core rev: 20adf74207b8c3eac7871e27da2df1aa26fca3b6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[v2 hopefully fixes the From: mangling by the ML, no functional changes]
Trying to build cmake-native on a host system where curl was built with cmake
(resulting in CURLConfig.cmake and friends, which do not use the same naming
schemes expected by cmake-native's build process, being installed to a system
wide cmake directory like /usr/lib64/cmake/CURL) results in undefined
references to all libcurl symbols.
The problem is that cmake-native sees and uses the system wide
/usr/lib64/cmake/CURL/CURLConfig.cmake, which defines CURL::libcurl and
CURL::curl as opposed to setting ${CURL_LIBRARIES} as expected by
cmake-native.
find_package(CURL) (cmake-native's CMakeLists.txt, line 478) succeeds, but
incorrectly uses the system wide CURLConfig.cmake, resulting
CMAKE_CURL_LIBRARIES to be set to an empty string (cmake-native's
CMakeLists.txt, line 484), causing the cmake-native build to miss -lcurl.
The simplest fix is to let cmake know the right value for
CURL_LIBRARIES. Making it -lcurl should always work with libcurl-native
in recipe-sysroot-native.
[YOCTO #14951]
(From OE-Core rev: 2659c735a464c956b4fca0894a5aed27a0fe7e37)
Signed-off-by: Bernhard Rosenkränzer <bero@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes CVE-2022-39260
Git v2.38.1 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.
Excerpt from 2.30.6 release notes:
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.
For 2.38.0 changes, see:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt
(From OE-Core rev: b304768711374066db320fe87960be81f54a8424)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bridge helper program is invoked directly from QEMU when it needs to
attach to a network bridge. As such, it is subject to the environment of
QEMU itself. Specifically, if bridging is enabled with direct rendering
acceleration, QEMU is run with an LD_PRELOAD that attempts to preload
several uninative libraries; however /bin/sh doesn't use the uninative
loader which means it can fail to start with an error like:
/bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE
Converting the helper program to a C program resolves this problem
because it will now use the uninative loader so the preload doesn't
cause errors.
(From OE-Core rev: f698e98f2f09952b34488b8cf9e73e82bd7aea07)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* fi usage: in tabular output, print total size and slack size
* mkfs:
* option -O now accepts values from -R to unify the interface (-R will
continue to work)
* zone reset and discard is done in parallel on all devices
* removed option --leafsize, deprecated long time ago
* corrupt-block: recalculate checksum when changing generation
* fixes:
* convert: fix reserved range detection and overlaps
* mkfs: fix creating files with reserved inode numbers with --rootdir
* receive: escape filenames in command attributes
* fix extent buffer leaks after transaction abort
* experimental:
* mkfs: support for block-group-tree (kernel 6.1)
* fsverity in send (protocol v3, WIP)
* btrfstune -b converts to block-group-tree
* other:
* cleanups, refactoring
* new and updated tests
* update documentation
(From OE-Core rev: 46bc09ca18ea4321854450d1fc04faf95f314ad6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With libjack-devel or jack-audio-connection-kit-devel, qemu-native
detects the library/header and tries to build with it. Since its
missing from the sysroot, it fails to build.
-O2 -fPIE -D_REENTRANT -Wno-undef -MD -MQ libcommon.fa.p/audio_jackaudio.c.o
-MF libcommon.fa.p/audio_jackaudio.c.o.d -o libcommon.fa.p/audio_jackaudio.c.o
-c ../qemu-6.2.0/audio/jackaudio.c
| ../qemu-6.2.0/audio/jackaudio.c:34:10: fatal error: jack/jack.h: No such file
or directory
| 34 | #include <jack/jack.h>
| | ^~~~~~~~~~~~~
| compilation terminated.
(From OE-Core rev: 27260be388f7f9f324ff405e7d8e254925b4ae90)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
disable-hardcoded-configs.patch
refreshed for new version
Changelo:
=========
- Made it possible again to have FAT32 filesystems with less
than 0xfff5 clusters
- Make FAT32 entries 0 and 1 match what windows 10 does
- Misc source code and configure script cleanup
(From OE-Core rev: b19127f0cd0e10c7180c138284b38c97fa9db7af)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
e3b4ed3 Release 1.1.0
56da11c missed a comma
fde429d raise ParseError if we get an exception on is_iso8601()
21f5368 Add is_iso8601() function
406db6f Update license years
License-Update: copyright years updated.
(From OE-Core rev: e459e5e91d2ed56dc2c75ed1e1a984a7b99dfcd8)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Switch to python_setuptools3_rust.bbclass
* Add crate:// (from cargo bitbake output)
* Manually fix crate:// versions to satisfy cargo
4.0.0
bcrypt is now implemented in Rust. Users building from source will
need to have a Rust compiler available. Nothing will change for users
downloading wheels.
We no longer ship manylinux2010 wheels. Users should upgrade to the
latest pip to ensure this doesn’t cause issues downloading wheels on
their platform. We now ship manylinux_2_28 wheels for users on new
enough platforms.
NUL bytes are now allowed in inputs.
https://github.com/pyca/bcrypt/#400
(From OE-Core rev: 8e0bda7343b526a21ceeede274a8ea53c31e5d2d)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
22.1.0 (2022-09-25)
Backward-incompatible changes:
Remove support for SSLv2 and SSLv3.
The minimum cryptography version is now 38.0.x (and we now pin
releases against cryptography major versions to prevent future breakage)
The OpenSSL.crypto.X509StoreContextError exception has been
refactored, changing its internal attributes. #1133
Deprecations:
OpenSSL.SSL.SSLeay_version is deprecated in favor of
OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are
deprecated in favor of OpenSSL.SSL.OPENSSL_*.
Changes:
Add OpenSSL.SSL.Connection.set_verify and
OpenSSL.SSL.Connection.get_verify_mode to override the context object’s
verification flags. #1073
Add OpenSSL.SSL.Connection.use_certificate and
OpenSSL.SSL.Connection.use_privatekey to set a certificate per
connection (and not just per context) #1121.
(From OE-Core rev: 5eb351b7c7445a33a43655a98a53353a665d1616)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop 0001-Cargo.toml-specify-pem-version.patch, superceded.
* Update crate:// (via cargo bitbake)
* Manually fix crate:// versions to satisfy cargo
Release notes:
38.0.1 - 2022-09-07
- Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes
(typically seen in large CRLs).
38.0.0 - 2022-09-06
- Final deprecation of OpenSSL 1.1.0. The next release of cryptography
will drop support.
(For complete release notes, see:
https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#3800---2022-09-06)
(From OE-Core rev: da62314b7149cd53ffb046115b67c5e620f2afe4)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The meson-wrapper adds setup options to facilitate cross-compilation.
The current options are exclusive to the setup sub-command and might
cause issues with other sub-commands.
Update the wrapper to make options sub-command specific.
(From OE-Core rev: 7bcda141f2019862b4fb5d8dec7956cd8344b420)
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The change in commit e903b29f (gcc-cross: pass
-Werror=poison-system-directories to compiler stages) made it impossible
to disable the error using -Wno-error=poison-system-directories.
(From OE-Core rev: 1cb0245539f7d5277fae4e9abc7f2a0130d0caa8)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
opkg-utils fetches using a cgit snapshot of a tag, which is not
reproducible as the tag could move, not reliable as a future dynamic
snapshot could have a different checksum, and a waste of CPU load as
these tarballs are built on demand.
Switch opkg-utils to use a proper git clone of the relevant SHA.
(From OE-Core rev: dafd2631a20ffd94e6f21c46938a010e92b57da4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're seeing "cmd" static libs being sometimes present and sometimes not.
The issue depends whether BUILD == TARGET so they're present for qemux86-64
on x86-64 hosts but not for qemux86-64 on an aarch64 system.
Add an extra deletion to make the files consistent between the different
hosts.
(From OE-Core rev: 6e652835814c389a826ad2d262ee26c14dfb48b5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
