Marta Rybczynska authored 2 years ago and Andrei Gherzan committed 2 years ago

* 01ad1a7 : intel-graphics-compiler: add nobranch=1 in SRC_URI - Anuj Mittal

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Marta Rybczynska authored 2 years ago and Andrei Gherzan committed 2 years ago

* 744a4b6 : frr: Security fix CVE-2022-37032 - Yi Zhao
* a7b999d : tcpreplay: upgrade 4.4.1 -> 4.4.2 - Wang Mingyu
* 6b7c2ef : open-vm-tools: Security fix CVE-2022-31676 - Yi Zhao
* 9702cc9 : net-snmp: upgrade 5.9.1 -> 5.9.3 - Ovidiu Panait
* 0b0086c : polkit: refresh patch - Chen Qi
* 4d8ce5d : libsdl: add CVE-2019-14906 to allowlist - Hitomi Hasegawa
* 8713424 : dnsmasq: upgrade 2.86 -> 2.87 - wangmy
* 3423bc2 : wireshark: CVE-2022-3190 Infinite loop in legacy style dissector - Hitendra Prajapati
* bd2d8fb : minicoredumper: retry elf parsing as long as needed - Sakib Sajal
* de2bbc5 : libcec: fix runtime dependencies for ${PN}-examples - Martin Jansa
* fc9c8a3 : frr: Security fix CVE-2022-37035 - Yi Zhao
* c5b5f63 : lmdb: Don't inherit base - Richard Purdie
* 7eff264 : audit: Revert the tweak done in configure step in do_install - Khem Raj
* 088eaf9 : postgreql: Fix pg_config not working after buildpaths patch - Steffen Olsen
* 73e66e5 : postgresql: upgrade 14.4 -> 14.5 - Wang Mingyu
* 8c62aaa : php: upgrade 8.1.9 -> 8.1.10 - wangmy
* 05dcac9 : postgresql: make sure pam conf installed when pam enabled - Mingli Yu
* 13f1e68 : samba: fix buildpaths issue - Yi Zhao
* b19f3f8 : samba: upgrade 4.14.13 -> 4.14.14 - Yi Zhao
* 02f2e6d : libldb: upgrade 2.3.3 -> 2.3.4 - Yi Zhao
* 3cd6cc5 : php: upgrade 8.1.8 -> 8.1.9 - Wang Mingyu
* 8e8f36e : safec: Remove unused variable 'len' - Khem Raj
* 09acaf6 : gd: Fix build with clang-15 - Khem Raj
* 9f1013b : ntpsec: Add -D_GNU_SOURCE and fix building with devtool - Khem Raj
* d230d11 : wireguard-tools: Add a new package for wg-quick - Jose Quaresma
* 4d804bd : wireguard-module: 1.0.20210219 -> 1.0.20220627 - Jose Quaresma
* 035d9c6 : nodejs-oe-cache-native: initial checkin - Enrico Scholz
* 8f96c05 : lmdb: only set SONAME on the shared library - Justin Bronder
* caa117e : libproc-waitstat-perl: Fix LICENSE string - Saul Wold
* 7f3c8c3 : libnet-telnet-perl: Fix LICENSE string - Saul Wold
* d933c72 : libxml-libxml-perl: Fix LICENSE string - Saul Wold
* 7e35997 : libnet-ldap-perl: Fix LICENSE string - Saul Wold
* eab9d17 : libauthen-sasl-perl: Fix LICENSE string - Saul Wold
* 93c5e37 : libmime-types-perl: Fix LICENSE string - Saul Wold
* 2c68902 : libdigest-sha1-perl: Fix LICENSE string - Saul Wold
* aa2e9ba : libio-socket-ssl-perl: Fix LICENSE string - Saul Wold
* 55e15e8 : libdigest-hmac-perl: Fix LICENSE string - Saul Wold
* 88aa77c : libipc-signal-perl: Fix LICENSE string - Saul Wold
* acdf9ba : fuse3: fix ptest test_passthrough_hp failure - Changqing Li
* 0609aa4 : fuse3: support ptest - Changqing Li
* 3a6f77e : audit: Upgrade to 3.0.8 and fix build with linux 5.17+ - Khem Raj
* d15e41f : xrdp: Fix buildpaths warning. - Lei Maohui

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Marta Rybczynska authored 2 years ago and Andrei Gherzan committed 2 years ago

* 4781fee : lttng-modules: Fix crash on powerpc64 - He Zhe
* d1edc58 : own-mirrors: add crate - Adrian Freihofer
* 793c263 : linux-yocto-dev: add qemuarm64 - Xiangyu Chen
* f5713ad : image_types_wic.bbclass: fix cross binutils dependency - Chen Qi
* bfbd86a : uninative: Upgrade to 3.7 to work with glibc 2.36 - Michael Halstead
* 17d1893 : lttng-tools: Upgrade 2.13.4 -> 2.13.8 - He Zhe
* 3efae85 : python3: upgrade 3.10.4 -> 3.10.7 - Tim Orling
* 5ed94b1 : qemu: Backport patches from upstream to support float128 on qemu-ppc64 - Xiangyu Chen
* 8ad129d : qemu: fix CVE-2022-2962 - Ross Burton
* 388ce95 : qemu: Fix CVE-2021-3611 - Bhabu Bindu
* e9e945a : qemu: Fix CVE-2021-3750 for qemu - Virendra Thakur
* 21fb0b4 : binutils : Fix CVE-2022-38128 - pgowda
* 90a65fb : tiff: Security fixes CVE-2022-2867,CVE-2022-2868 and CVE-2022-2869 - Teoh Jay Shen
* e728d09 : coreutils: add openssl PACKAGECONFIG - Daniel McGregor
* 46b703d : glibc-locale: explicitly remove empty dirs in ${libdir} - Denys Dmytriyenko
* b1883d7 : lttng-tools: Disable on riscv32 - He Zhe
* a3d6742 : stress-cpu: disable float128 math on powerpc64 to avoid SIGILL - He Zhe
* 5aac691 : create-pull-request: don't switch the git remote protocol to git:// - Martin Jansa
* 035fddf : lttng-tools: Disable on qemuriscv32 - He Zhe
* cc3d103 : tzdata: update to 2022d - Alexander Kanavin
* 01710dd : bind: upgrade 9.18.6 -> 9.18.7 - Teoh Jay Shen
* daae4ca : bind: upgrade 9.18.5 -> 9.18.6 - wangmy
* b2be1f5 : rpm: Remove -Wimplicit-function-declaration warnings - Khem Raj
* 49a8753 : rpm: update 4.17.0 -> 4.17.1 - Alexander Kanavin
* 9431be3 : rsync: update 3.2.4 -> 3.2.5 - Florin Diaconescu
* 4a4097e : rsync: update 3.2.3 -> 3.2.4 - Florin Diaconescu
* d95303a : webkitgtk: Update to 2.36.7 - Khem Raj
* 342a05c : webkitgtk: Upgrade to 2.36.6 minor update - Khem Raj
* 9837a62 : vim: Upgrade 9.0.0541 -> 9.0.0598 - Richard Purdie
* e384b75 : binutils : Fix CVE-2022-38127 - pgowda
* d19cd09 : busybox: add devmem 128-bit support - Mingli Yu
* 7bd92a0 : oeqa/runtime/dnf: fix typo - Alexandre Belloni
* 278c50d : tune-neoversen2: support tune-neoversen2 base on armv9a - Ruiqiang Hao
* 450639b : gcc: add arm-v9 support - Ruiqiang Hao
* 2d32385 : ltp: Fix pread02 case trigger the glibc overflow detection - Xiangyu Chen
* f4174b3 : gcc-cross-canadian: add default plugin linker - Samuli Piippo
* 3d13ef9 : Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks" - Samuli Piippo
* e754bc0 : linux-libc-headers: switch from SRC_URI:append to SRC_URI += - Mikko Rapeli
* 15ac2f4 : python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI += - Mikko Rapeli
* 905062e : go-native: switch from SRC_URI:append to SRC_URI += - Mikko Rapeli
* 9851313 : glibc-tests: use += instead of :append - Mikko Rapeli
* aa0e319 : u-boot: switch from append to += in SRC_URI - Mikko Rapeli
* 45540e1 : tzdata: Update from 2022b to 2022c - Robert Joslyn
* 178441f : linux-firmware: package new Qualcomm firmware - Dmitry Baryshkov
* 5f04af9 : linux-firmware: upgrade 20220708 -> 20220913 - Dmitry Baryshkov
* 35dbd02 : perf: Fix for recent kernel upgrades - Richard Purdie
* 35c2deb : kern-tools: allow 'y' or 'm' to avoid config audit warnings - Bruce Ashfield
* 8f76f9f : kern-tools: fix queue processing in relative TOPDIR configurations - Bruce Ashfield
* 8dbce9b : kernel-yocto: allow patch author date to be commit date - Bruce Ashfield
* 5eb0987 : linux-yocto/5.15: cfg: fix ACPI warnings for -tiny - Bruce Ashfield
* c20e9c6 : linux-yocto/5.15: update to v5.15.68 - Bruce Ashfield
* 28d1483 : linux-yocto/5.15: update to v5.15.65 - Bruce Ashfield
* c9f8710 : linux-yocto/5.15: update to v5.15.63 - Bruce Ashfield
* eee473e : linux-yocto/5.10: update to v5.10.143 - Bruce Ashfield
* 6dceeaf : linux-yocto/5.10: update to v5.10.141 - Bruce Ashfield
* 650ae29 : vim: Upgrade 9.0.453 -> 9.0.541 - Richard Purdie
* 5aeaace : libpng: upgrade 1.6.37 -> 1.6.38 - Richard Purdie
* 0b75397 : glibc: stable 2.35 branch updates. - Sundeep KOKKONDA
* 88e3b16 : expat: upgrade 2.4.8 -> 2.4.9 - Florin Diaconescu
* f1b9dd6 : expat: upgrade 2.4.7 -> 2.4.8 - Florin Diaconescu
* 1c3eaf2 : binutils: fix CVE-2022-38126 - pgowda
* 12740b5 : inetutils: fix CVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd - Teoh Jay Shen
* fecad1b : go: fix CVE-2022-27664 - Teoh Jay Shen
* f7766da : build-appliance-image: Update to kirkstone head revision - Richard Purdie
* bc2e5e9 : vim: Upgrade 9.0.0341 -> 9.0.0453 - Richard Purdie
* ce5d088 : lighttpd: upgrade 1.4.65 -> 1.4.66 - Alexander Kanavin
* da8fc1c : lighttpd: upgrade 1.4.64 -> 1.4.65 - wangmy
* 71f09bc : systemd: Add 'no-dns-fallback' PACKAGECONFIG option - niko.mauno@vaisala.com
* d8ade58 : systemd: Fix unwritable /var/lock when no sysvinit handling - niko.mauno@vaisala.com
* 08406e0 : runqemu: display host uptime when starting - Alexandre Belloni
* 2a860de : oeqa: qemurunner: Report UNIX Epoch timestamp on login - Joshua Watt
* 70f7575 : externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. - Kristian Amlie
* e713e11 : rootfs.py: dont try to list installed packages for baremetal images - Alejandro Hernandez Samaniego
* 654d354 : cairo: Adapt the license information based on what is being built - Peter Kjellerstedt
* 31cff4d : rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable - Peter Bergin
* a097254 : core-image.bbclass: Exclude openssh complementary packages - Pavel Zhukov
* 8bf4356 : libxml2: Port gentest.py to Python-3 - Martin Jansa
* 0edeb22 : autoconf: Update K & R stype functions - Khem Raj
* 7863774 : autoconf: Fix strict prototype errors in generated tests - Khem Raj
* e36f3c3 : kernel: Use consistent make flags for menuconfig - Richard Purdie
* 0872e11 : kernel: Always set CC and LD for the kernel build - Richard Purdie
* 47f6d0d : gcc-multilib-config: Fix i686 toolchain relocation issues - Richard Purdie
* fe8e545 : ruby: drop capstone support - Alexandre Belloni
* 90b0762 : vala: upgrade 0.56.2 -> 0.56.3 - wangmy
* db2c661 : cracklib: upgrade 2.9.7 -> 2.9.8 - wangmy
* bfce90b : npm: use npm_registry to cache package - Enrico Scholz
* 1713240 : lib:npm_registry: initial checkin - Enrico Scholz
* 81ad706 : npm: take 'version' directly from 'package.json' - Enrico Scholz
* 2f5c537 : npm: return content of 'package.json' in 'npm_pack' - Enrico Scholz
* 8a83fbc : npm: replace 'npm pack' call by 'tar czf' - Enrico Scholz
* 149f61e : kernel-fitimage.bbclass: add padding algorithm property in config nodes - LUIS ENRIQUEZ
* a4dfcb1 : meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE - Ming Liu
* b765d23 : scripts/runqemu.README: fix typos and trailing whitespaces - Ulrich Ölmann
* fa5e99a : pseudo: Update to include recent upstream minor fixes - Richard Purdie
* 4d603cc : bitbake.conf: set BB_DEFAULT_UMASK using ??= - Rasmus Villemoes
* 8784e37 : apr: Cache configure tests which use AC_TRY_RUN - Khem Raj
* 371e574 : maintainers: update opkg maintainer - Alex Stewart
* f29dd96 : insane.bbclass: Skip patches not in oe-core by full path - Yang Xu
* 8883d39 : lz4: upgrade 1.9.3 -> 1.9.4 - wangmy
* 8bcf5d5 : libatomic-ops: upgrade 7.6.12 -> 7.6.14 - wangmy
* f10345e : libwpe: upgrade 1.12.2 -> 1.12.3 - wangmy
* 2852ebc : liburcu: upgrade 0.13.1 -> 0.13.2 - wangmy
* 005bfa0 : libtasn1: upgrade 4.18.0 -> 4.19.0 - wangmy
* b6eb009 : vim: Upgrade 9.0.0242 -> 9.0.0341 - Richard Purdie
* 90917ca : cve-check: close cursors as soon as possible - Ross Burton
* 655bc5a : classes: cve-check: Get shared database lock - Joshua Watt
* 9644d9a : binutils : CVE-2022-38533 - pgowda
* 40bbdb4 : curl: Backport patch for CVE-2022-35252 - Robert Joslyn
* f28dc52 : sqlite: add CVE-2022-35737 patch to SRC_URI - Chee Yang Lee

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Marta Rybczynska authored 2 years ago and Andrei Gherzan committed 2 years ago

* 6603c3e : asyncrpc/client: Fix unix domain socket chdir race issues - Richard Purdie
* 987712c : gitsm: Error out if submodule refers to parent repo - Pavel Zhukov
* bb5c432 : Fix npm to use https rather than http - Neil Horman
* e591325 : bitbake: Add copyright headers where missing - Richard Purdie
* 63bb559 : siggen: Fix insufficent entropy in sigtask file names - Joshua Watt
* f386298 : runqueue: Drop deadlock breaking force fail - Richard Purdie
* d1b84e3 : runqueue: Improve deadlock warning messages - Richard Purdie
* 513bfd7 : runqueue: Ensure deferred tasks are sorted by multiconfig - Richard Purdie
* ac576d6 : bitbake-user-manual: npm fetcher: improve description of SRC_URI format - Michael Opdenacker
* a5fff68 : bb/utils: movefile: use the logger for printing - Jose Quaresma
* 280ea5a : bb/utils: remove: check the path again the expand python glob - Jose Quaresma
* b7967aa : bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain - Jose Quaresma
* ff3afb1 : fetch2: Ensure directory exists before creating symlink - Richard Purdie
* 01d2756 : ConfHandler/BBHandler: Improve comment error messages and add tests - Richard Purdie
* d828cd2 : fetch2: gitsm: fix incorrect handling of git submodule relative urls - Gennaro Iorio
* 04fdbca : doc: bitbake-user-manual: document npm and npmsw fetchers - Michael Opdenacker
* bcbe78b : doc: bitbake-user-manual: add explicit target for crates fetcher - Michael Opdenacker
* f28dbdf : bitbake-user-manual: Correct description of the ??= operator - Jacob Kroon
* 2322137 : ConfHandler: Remove lingering close - Ola x Nilsson
* 65cee11 : event.py: ignore exceptions from stdout and sterr operations in atexit - Mikko Rapeli
* c980072 : cooker: Drop sre_constants usage - Richard Purdie
* 81a6f49 : runqueue: Fix unihash cache mismatch issues - Richard Purdie
* 7d3b766 : toaster: fix kirkstone version - Otavio Salvador

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

default.xml: Update source revision on meta-seco-rockchip

Closes #201 and #158

See merge request !358

oniro-user: Make the Oniro username a variable

See merge request !249

docs: add documentation for the update tool

See merge request !349

    This revision adds U-Boot 2022.04 support configuration
    for Juno (SBC-D23) board

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

Add initial version of the documentation for the update tool.

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Fix build warnings

See merge request !354

misc: Add missing SPDX headers

See merge request !357

default.xml: Update source revision on meta-seco-rockchip

Closes #166

See merge request !355

linux-oniro: Upgrade to 5.10.152

Closes linux#2

See merge request !356

Improve syntax of the CVE: line in the patch so that all CVE numbers
are taken into account.

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Fix the path used to include patches. Otherwise CVE fixes were
not applied.

Fixes: a40d01a8

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Revert the merge request Revert the merge request !345



This patch wasn't applied to qemu-native where it should. Will
be brought back when fixed.

This reverts commit 98a3c92f.

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

Revert the merge request !345



The patch wasn't applied to qemu-native, but qemu only. With qemu-native
there is a conflict. Will be merged back when fixed.

This reverts commit 062a0303.

Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>

The linux-meta repository now includes (pulled from upsteam) the
fix-efi.cfg-drop-acpi-dependency.patch patch so we can drop it.

Fixes: linux#2



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

    This revision adds the alsa aplay, arecord and amixer utilities
    to the image to test ALSA sound card on the SBC-D23 board.

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

tiff: backport upstream fix for CVE-2022-2867, CVE-2022-2868, CVE-2022-2869

See merge request !348

qemu: apply upstream fix for two CVEs

See merge request !345

Fixes upstream issue #352 (closed) where a buffer overflow was generated
by an uint underflow in tiffcrop.c computeInputPixelOffsets()
calculating (uint32_t)(0 - 1) around line 5210.
In the following tiffcrop tries to read pixels from the image at an offset
far beyond the file-/buffersize.
The main region checks in computeInputPixelOffsets() are now updated to
avoid uint underflow.
This update fixes also upstream issues #350 (closed) and #351 (closed).
Issue 350 is fixed by checking for not allowed zone input cases like -Z
0:0 in getCropOffsets().
Furthermore upstream issue #335 (closed) and #336 (closed) are also
fixed.
CVE: CVE-2022-2867, CVE-2022-2868, CVE-2022-2869

Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com>

This patch restricts DMA engine to memories (not MMIO devices).
Qemu upstream issue #542 reports a reentrancy problem when the DMA
engine accesses the HDA controller I/O registers.
Fix by restricting the DMA engine to memories regions
(forbidding MMIO devices such the HDA controller).
CVE: CVE-2021-3611

Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com>

This patch restrict DMA engine to memories.
The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a reentrancy bug.
Fix this bug by restricting the DMA engine to memories regions.
CVE: CVE-2022-2962.
Original commit:
https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182



Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com>

Avoid installing NVIDIA linux-firmware packages

Closes #834

See merge request !353

default.xml: Update source revision on meta-seco-rockchip

Closes #165

See merge request !352

Fixes: #834



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

Having all linux-firmware packages for a qemu-based machine makes little
sense. Removing it from recommends aligns the machines with the X86
counterparts too.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

    This revision adds support for M.2 Socket 1 Key E connectivity slot
    of the Seco's reference board Juno SBC-D23

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

oniro-grub-bootconf: Respect WIC_BOOTLOADER_TIMEOUT for timeout configuration

Closes #837

See merge request !351

The timeout argument is not effective when using a static grub
configuration. Drop it to avoid confusion.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

The timeout definition is usually handled dynamically in wic. For the
wic files using oniro-grub-bootconf as grub configuration, we need to
manually handle that via the existing WIC_BOOTLOADER_TIMEOUT variable.
In this way, WIC_BOOTLOADER_TIMEOUT can be used with oniro-grub-bootconf
and wic dynamic grub configuration (bootloader argument).

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

This should make it possible to edit the username
by modyfing the local.conf file and also automate
this process.

Signed-off-by: Ghassane Ben El Aattar <ghassaneb.aattar@huawei.com>

Cleanup/drop support for Avenger/Nitrogen boards

See merge request !347

scripts: tool to upgrade, backup or restore Oniro

See merge request !329