Konrad Weihmann [Thu, 14 Apr 2022 06:30:15 +0000 (08:30 +0200)]
git: correct license
by default git pulls in several code fragments not being licensed
under just GPL-2.0-only.
obstack and poll are licensed under GPL-2.0-or-later
reftable being BSD-3-Clause
sha1dc and inet_ntop being MIT
netmalloc being Bosst-1.0 aka BSL-1.0
regex being LGPL-2.1-or-later
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package_manager: fix missing dependency on gnupg when signing deb package feeds
When signing the deb package feed gpg tools are a soft requirement. If gnupg-native
is not declared a dependancy the version from hosttools is used. Unfortunately the
gpg-agent version from Ubuntu 16.04 on the autobuilders is incompatible with the package_index task
and fails during oe-selftest. Fix by making gnupg-native a dependency.
Fixes: 0b4231b5 "package_manager: sign DEB package feeds" Reported-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Suggested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ferry Toth <ftoth@exalondelft.nl> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
management. To be able to install the key the gnupg package is added to the testimage.
License-Update:
- The following description added to "License for Sphinx":
# +Unless otherwise indicated, all code in the Sphinx project is licenced under the
# +two clause BSD licence below.
Alex Kiernan [Tue, 12 Apr 2022 13:03:14 +0000 (14:03 +0100)]
wpa-supplicant: Simplify build/install flow
The build/install steps for wpa-supplicant support CFLAGS and an install
target, so use these rather than attempting to do it manually (which was
broken by upstream splitting into build.rules and lib.rules).
Note that this installs wpa_passphrase into sbindir rather than bindir.
Signed-off-by: Alex Kiernan <alexk@zuma.ai> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alex Kiernan [Tue, 12 Apr 2022 13:03:13 +0000 (14:03 +0100)]
wpa-supplicant: Use upstream defconfig
The copy of defconfig we were carrying was from 2014 and very out of
date; drop it and use the upstream version with appropriate edits for
our PACKAGECONFIG.
Switch PACKAGECONFIG to using a default (?=) rather than weak default
(??=) as per current recommendation.
Signed-off-by: Alex Kiernan <alexk@zuma.ai> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These settings are good for developers/maintainers but for distributions
generally disabling them turns out to be better especially when there is
a knob to do so. This fixes build with gcc-12 which find additional
warnings
inlined from 'bt_ctf_object_set_parent' at ../../../git/src/ctf-writer/object.h:120:6,
inlined from 'bt_ctf_trace_common_add_stream_class' at ../../../git/src/ctf-writer/trace.c:1243:3:
../../../git/src/ctf-writer/object.h:141:26: error: null pointer dereference [-Werror=null-dereference]
141 | if (child->parent) {
| ~~~~~^~~~~~~~
../../../git/src/ctf-writer/object.h:141:26: error: null pointer dereference [-Werror=null-dereference]
cc1: all warnings being treated as errors
Paulo Neves [Sun, 6 Feb 2022 13:45:07 +0000 (14:45 +0100)]
selftest/lic_checksum: Add test for filename containing space
A fix is being added to bitbake to correctly handle spaces inside
checksum filenames. Add a test to oe-selftest to ensure this is
tested and doesn't regress in future.
Signed-off-by: Paulo Neves <ptsneves@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
This release changes the implementation of "infer" to be an alias for
"Ellipsis". E.g. "@given(a=infer)" is now equivalent to
"@given(a=...)". Furthermore, "@given(...)" can now be specified so
that "@given" will infer the strategies for all arguments of the
decorated function based on its annotations.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jon Mason [Fri, 8 Apr 2022 19:25:18 +0000 (15:25 -0400)]
qemuarm64: use virtio pci interfaces
The virtio PCI devices seemed to be required for this machine for some
versions of qemu (based on errors from running qemu saying that the
devices don't exist). Changes to the entries here is all that is needed
to get it working.
Signed-off-by: Jon Mason <jdmason@kudzu.us> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a very brittle sed hack against cpp source code
that allowed installing multiple llvm versions into the same
target/sysroot. Patching with sed is prone to silent
regressions as it can change both too little and too much,
and it indeed it broke with llvm 14. It's also difficult to tell
what the 'right' change should look like.
If this feature is actually needed somewhere, please do it properly:
proper patch and upstream first.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
llvm-config no longer links with libLLVM, so there is no need
to install it in -native (and it isn't built in the first place).
This also significantly speeds up llvm-native build.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
- Deprecations and Removals
Drop the doctype check, that presented a warning for index pages that use
non-compliant HTML 5.
- Vendored Libraries
Downgrade distlib to 0.3.3.
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has replaced gtk-doc with gi-docgen however it is not possible to
configure. So it's disabled until the merge request to do so lands:
https://gitlab.gnome.org/GNOME/librsvg/-/merge_requests/687
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cmjsoncpp license changes are only whitespaces while the cmlibuv
license dropped:
"""
- android-ifaddrs.h, android-ifaddrs.c, copyright Berkeley Software Design
Inc, Kenneth MacKay and Emergya (Cloud4all, FP7/2007-2013, grant agreement
n° 289016). Three clause BSD license.
"""
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
0001-migrate-from-custom-itstool-to-builtin-msgfmt-for-cr.patch
removed since it's included in 2.2
Changelog:
=========
* model/3mf: new
* Match shared libraries with version suffix
* model/obj: add mtllib and Blender comment based magic
* model/mtl: add Blender comment magic, increase newmtl range
* model/obj, model/mtl: new types
* Add Electron Archive Format type application/x-asar
* text/x-qml: Lower match priority to avoid conflicts with Python
* Move '*.blend' to top of Blender glob list
* Adding SPARQL media types
* application/zip: Add '*.zipx' glob and test fixture
* Added DSD mime type
* Differentiate comic book archives
* FITS: Add missing 'application/fits' and legacy globs
* Add Godot engine files
* Add FlashForge "xgcode" mime-type
* text/x-objc++src: new type
* image/heif: test .hif extension too
* image/hif: add *.hif glob
* image/heif: add another test case
* image/heif: add magics
* Add a build-tools option to allow installing only the mime data
* Add compressed SVG glob pattern '*.svg.gz'
* Add Apple Wallet pass type application/vnd.apple.pkpass
* migrate from custom itstool to builtin msgfmt for creating translated XML
* Make the remaining plain text types subclasses of text/plain
* audio/mobile-xmf: separate from audio/x-xmf
* Adding ZIM file
* Make text/x-mrml a subclass of application/xml
* image/avif: move acronym and expansion to separate fields from comment
* freedesktop_generate.sh: Don't hardcode ninja
* Add text/x-mpl2
* application/x-apple-systemprofiler+xml: require _SPCommandLineArguments in plist
* image/jpeg: add test case with embedded property list XML
* audio/vnd.dts.hd: include parent type magic in magic match
* model/gltf+json: new type
* model/gltf-binary: new type
* application/x-object: add *.mod and a test case
* application/x-mod: add some ProTracker magics and a test case
* image/jxl: include test files in test list
* tests: add trailing linefeed to mime-detection list
* Make application/x-mswinurl a subclass of text/plain
* Change description for *.desktop files to "desktop entry"
* application/x-x509-ca-cert: add magics and test cases
* application/pkix-cert: add BEGIN/END X509 CERTIFICATE magic
* application/pkix-crl: add magic and test case
* application/pkix-cert: add magic and test case
* image/jxl: new type
* Added .sc filename extension for Scala source code, as it is occasionally used
* application/schema+json: new type
* Add text/x-crystal
* application/x-krita: remove stray period from comment
* adding org-mode
* Add Elixir source code mime type
* Add two new offsets for .kra and .krz
* text/x-python3: add *.pyi glob (Python stub files)
* image/x-canon-cr3: new
* image/x-xpixmap: make XPM3 magic more specific
* image/x-xpixmap: add XPM2 magic
* application/x-troff-man: add *.[1-9] glob
* application/toml: new type
* Lower priority of "BEGIN {" for perl, awk uses that too
* Add Smacker video type video/vnd.radgamettools.smacker
* Clarify database license
* meson: make xmlto optional, build spec only if found
* application/x-7z-compressed: add *.7z.001 glob
* Add Bink video type video/vnd.radgamettools.bink
* image/x-nikon-nrw: add test case
* image/x-nikon-nrw: new type
* application/x-vhdx-disk: improve acronym and its expansion
* application/ovf: new
* application/x-qed-disk: new
* application/x-vdi-disk: new
* application/x-vmdk-disk: new
* application/x-vhd-disk, /x-vhdx-disk: new
* application/vnd.apple.numbers, .pages: add older magics and test cases
* Add text/x-dart
* application/vnd.apple.numbers, /vnd.apple.pages: new types
* xdgmime: configure as submodule
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 29 Mar 2022 13:45:23 +0000 (14:45 +0100)]
zlib: upgrade to 1.2.12
First upstream release since 2017!
- Fix a deflate bug when using the Z_FIXED strategy that can result in out-of-bound accesses.
- Fix a deflate bug when the window is full in deflate_stored().
- Speed up CRC-32 computations by a factor of 1.5 to 3.
- Use the hardware CRC-32 instruction on ARMv8 processors.
- Speed up crc32_combine() with powers of x tables.
- Add crc32_combine_gen() and crc32_combine_op() for fast combines.
Drop CVE-2018-25032 as this is in the .12 release.
Rebase 0001-configure-Pass-LDFLAGS-to-link-tests.patch to apply cleanly.
Backport cc.patch to fix compilation with our CC.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Mon, 18 Apr 2022 19:04:08 +0000 (09:04 -1000)]
lua: fix CVE-2022-28805
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.
https://nvd.nist.gov/vuln/detail/CVE-2022-28805
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steve Sakoman [Mon, 18 Apr 2022 19:04:07 +0000 (09:04 -1000)]
busybox: fix CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 15 Apr 2022 08:43:23 +0000 (09:43 +0100)]
libxshmfence: Correct LICENSE to HPND
The license in this code is listed as MIT and whilst it is compatible with and
usable as MIT, it actually looks like HPND. Clarify the license field accordingly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 15 Apr 2022 08:09:18 +0000 (09:09 +0100)]
alsa-tools: Ensure we install correctly
With the fix for #8621, cleandirs is now applied to autotools_do_install
and this results in a lot of the install targets to be removed. Ensure
cleandirs isn't set for autotools_do_install.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scott Murray [Thu, 14 Apr 2022 23:37:10 +0000 (19:37 -0400)]
runqemu: Do not auto detect graphics if publicvnc is specified
The graphics option auto detection logic added in 7f78bb7a was not
checking if the publicvnc option had been specified, meaning that
it would be ignored and the auto detection result used instead.
Add setting a flag variable in the argument parsing and check
it along with the ones for the other graphics backend options.
Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: Disable the use of syslog() for the native tools
An attempt to disable the use of syslog() was made in commit 8f181686
(shadow-native: Simplify and fix syslog disable patch). However,
because the code checks if USE_SYSLOG is defined rather than checking
if it evaluates to TRUE the patch did not work as intended.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 14 Apr 2022 16:10:00 +0000 (17:10 +0100)]
bluez5: Add fix for startup issues under systemd
The systemd bluetooth service failed to start. Add a workaround for this whilst the
final fix is discussed upstream, https://github.com/bluez/bluez/issues/329.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Tue, 12 Apr 2022 21:46:02 +0000 (17:46 -0400)]
lttng-modules: support kernel 5.18+
Backporting changes from lttng master to support building against
the 5.18+ kernel. No changes required to the patches. Once a new
-stable 2.13.x is released, we can drop these patches. To enable
newer kernel development against the LTS, it is worth pulling these
in while we wait for an upstream release.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 13 Apr 2022 14:45:03 +0000 (15:45 +0100)]
runqemu: Allow auto detection of the correct graphics options
Running "runqemu qemux86 kvm" when qemu is configured for sdl and/or gtk
display output currently leads to a poor user experience with no cursor
and corrupted fonts in the gtk case. This is due to no options being
passed to qemu which leads to the loss of the font envirornment variable
and the show-cursor option.
If the user hasn't specified a display type, grep the output of
"qemu-system-xxx --help" for the display types and pick the "best"
which ensures our config is passed in. That resolves the gtk font issue
and the cursor issue with both sdl and gtk.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Konrad Weihmann [Wed, 13 Apr 2022 17:08:49 +0000 (19:08 +0200)]
python3-pip: correct license
as described in src/pip/_vendor/README.rst pip ships plenty
of vendored copies of other python modules.
Correct the license of the resulting package and
reference all the vendor copy license files correctly
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Konrad Weihmann [Wed, 13 Apr 2022 15:34:53 +0000 (17:34 +0200)]
gettext: add MIT conditional as license
depending on the actual PACKAGECONFIG some
internal vendor copies of libxml, libcroco and glib will
be used.
In the case of libxml this adds MIT to the license.
Reference the license statements based on the actual choosen
PACKAGECONFIG
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Konrad Weihmann [Wed, 13 Apr 2022 15:34:51 +0000 (17:34 +0200)]
libsdl2: fix license
by default libsdl2 is build with code from src/video/yuv2rgb, which
is licensed under BSD-2-Clause.
Additional by default hidapi is build, which is licensed under
GPL3 | BSD-2-Clause | HIDAPI license, pick the least restrictive
and best matching BSD-2-Clause.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kernel-devsrc: Check for gen_vdso_offsets.sh before copying on riscv
This file is introduced in newer kernels >= 5.15 but some RISCV machines
still use 5.13 kernels, this ensures that kernel-devsrc can build on
older kernels for RISCV
Richard Purdie [Wed, 13 Apr 2022 16:27:11 +0000 (17:27 +0100)]
sanity: Show a warning that make 4.2.1 is buggy on non-ubuntu systems
We keep seeing hangs on the autobuilder with make 4.2.1 on Centos8, Alma8
and OpenSuse workers. The hang occurs in perl and kernel builds in particular.
The issue is fixed in 4.3 and has been patched on Ubuntu systems:
Add a sanity test for make 4.2.1 and error for non-ubuntu systems. We're
making a buildtools-make-tarball available which can be used to
allow systems with the broken version to use the project.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 11 Apr 2022 22:02:26 +0000 (23:02 +0100)]
externalsrc/devtool: Fix to work with fixed export funcition flags handling
If we fix bitbake to correctly handle the cleandirs and fakeroot flags
for tasks handled by EXPORT_FUNCTIONS, we break devtool since it only
considers these for top level functions. Add in extra code to intercept
the cleandirs flags for commonly used sub functions too.
[YOCTO #8621]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream dropped many 'legacy' low res bitmap icons and also plans to
phase out 'generic app' icons in the svg format, saying that all apps
must carry their own icons. This breaks the icons displayed in sato
so revert for now until we have a plan to mitigate that.
[YOCTO #14782]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 12 Apr 2022 10:21:13 +0000 (11:21 +0100)]
git: Ignore CVE-2022-24975
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
