The IP policy included in the manifest is not applicable anymore for the
project under EF.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

This reverts commit 8019dee2.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

This reverts commit 33f6860f.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

It's a transitionary fix, in case booting.op.o sunset

To my understanding the reason it's not yet ready at EF,
is because of gitlab pipelines not yet migrated.

Relate-to: #787
Relate-to: https://git.ostc-eu.org/oss-compliance/ip-policy/-/issues/18
Relate-to: https://booting.oniroproject.org/distro/governance/ip-policy/-/issues/18
Forwarded: !308


Cc: Alberto Pianon <pianon@array.eu> @pianon
Signed-off-by: Philippe Coval <philippe.coval.ext@huawei.com>

This revision changes the imx-atf bbappend file name using % wildcard
instead of version number and fix the build error caused by the
version mismatch.

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

* 2363d69 : gcr: Define _GNU_SOURCE - Khem Raj
* b59027f : apr: Use correct strerror_r implementation based on libc type - Khem Raj
* 9c9dd76 : pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses - Khem Raj
* 9cc6d57 : watchdog: Include needed system header for function decls - Khem Raj
* 37322e0 : xinetd: Pass missing -D_GNU_SOURCE - Khem Raj
* 60b55c1 : parselogs: Ignore xf86OpenConsole error - Pavel Zhukov
* 8acf5a1 : util-linux: Remove --enable-raw from EXTRA_OECONF - Mateusz Marciniec
* e5ce332 : shadow: Avoid nss warning/error with musl - Andrei Gherzan
* 84b2e9a : rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils - Andrei Gherzan
* 5cdc9c1 : shadow: Enable subid support - Andrei Gherzan
* cb51e97 : lttng-modules: fix build for kernel 5.10.137 - Steve Sakoman
* cfa124b : linux-yocto/5.10: update to v5.10.137 - Bruce Ashfield
* 3dbf621 : linux-yocto/5.10: update to v5.10.136 - Bruce Ashfield
* 26a6fde : linux-yocto: Fix COMPATIBLE_MACHINE regex match - Andrei Gherzan
* 6b41953 : linux-yocto/5.15: update to v5.15.62 - Bruce Ashfield
* 9d8d44d : linux-yocto/5.15: update to v5.15.60 - Bruce Ashfield
* 75c4b83 : bind: upgrade 9.18.4 -> 9.18.5 - Alexander Kanavin
* fdc82b2 : sqlite: fix CVE-2022-35737 - ghassaneben
* 92f122e : wic: depend on cross-binutils - Ross Burton
* 4e8b803 : wic/bootimg-efi: use cross objcopy when building unified kernel image - Ross Burton
* f8e0512 : wic: add target tools to PATH when executing native commands - Ross Burton
* ebdc76b : oeqa/gotoolchain: set CGO_ENABLED=1 - Ross Burton
* 3527149 : oeqa/gotoolchain: put writable files in the Go module cache - Ross Burton
* b4ec76c : oeqa/selftest: rename git.py to intercept.py - Ross Burton
* cdf3a1a : oeqa/qemurunner: add run_serial() comment - Ross Burton
* da97905 : sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct - Shubham Kulkarni
* c17806b : package_rpm: Do not replace square brackets in %files - Pavel Zhukov
* 752667a : oeqa/parselogs: add qemuarmv5 arm-charlcd masking - Jon Mason
* c8a24ad : kernel-fitimage.bbclass: only package unique DTBs - Awais Belal
* 8b95138 : sysvinit-inittab/start_getty: Fix respawn too fast - Bertrand Marquis
* 1c7eab8 : wpebackend-fdo: upgrade 1.12.0 -> 1.12.1 - Alexander Kanavin
* a46a5f3 : wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 - Alexander Kanavin
* f6c1c16 : libwebp: upgrade 1.2.3 -> 1.2.4 - Alexander Kanavin
* cf3e580 : libjpeg-turbo: upgrade 2.1.3 -> 2.1.4 - Alexander Kanavin
* 932d5a4 : glib-networking: upgrade 2.72.1 -> 2.72.2 - Alexander Kanavin
* c9cdce6 : epiphany: upgrade 42.3 -> 42.4 - Alexander Kanavin
* 3fb95a8 : gdk-pixbuf: update 2.42.8 -> 2.42.9 - Alexander Kanavin
* 5300fb5 : gdk-pixbuf: upgrade 2.42.6 -> 2.42.8 - Alexander Kanavin
* 847fd96 : Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow" - Hitendra Prajapati
* b2af2fd : xz: update 5.2.5 -> 5.2.6 - Alexander Kanavin
* bca81bb : tzdata: upgrade 2022a -> 2022b - Alexander Kanavin

Fixes: #771



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

* ce9fe70 : utils: Pass lock argument in fileslocked - Joshua Watt

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

* e11d5b6 : podman: Fix merge typo - Andrei Gherzan
* 2b28d64 : podman: Patch for CVE-2022-27649 - Andrei Gherzan

Fixes: #781



Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

* 5be5485 : skopeo: Mark CVE-2019-10214 as fixed - Andrei Gherzan
* 6063ad1 : podman: Rename podman-rootless.conf sysctl file to aid overrides - Andrei Gherzan

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 1a74be5 : cryptfs-tpm2: fix ld warnings with binutils 2.39 - Kai Kang

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 54ee67b : vim: Upgrade 9.0.0115 -> 9.0.0242 - Richard Purdie
* 7709a8c : packagegroup-self-hosted: update for strace - Kai Kang
* 9661656 : create-spdx: handle links to inaccessible locations - Peter Marko
* 099e000 : linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS - Jose Quaresma
* 00337a5 : apt: fix nativesdk-apt build failure during the second time build - Changqing Li
* 2556d0b : archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source - Jose Quaresma
* 6d1beda : perf: Fix reproducibility issues with 5.19 onwards - Richard Purdie
* ed0cbea : libpam: use /run instead of /var/run in systemd tmpfiles - Beniamin Sandu
* a5555a2 : tcp-wrappers: Fix implicit-function-declaration warnings - Khem Raj
* 123f04b : cracklib: Drop using register keyword - Khem Raj
* 3e1c254 : python3-pip: Fix RDEPENDS after the update - Daiane Angolini
* 4579002 : weston: upgrade 10.0.1 -> 10.0.2 - Alexander Kanavin
* c13a40b : webkitgtk: upgrade 2.36.4 -> 2.36.5 - Alexander Kanavin
* 63b38e5 : mobile-broadband-provider-info: upgrade 20220511 -> 20220725 - Alexander Kanavin
* 8dc75fd : libwebp: upgrade 1.2.2 -> 1.2.3 - Alexander Kanavin
* 70cd3c0 : libcap: upgrade 2.64 -> 2.65 - Alexander Kanavin
* b23e43e : libcap: upgrade 2.63 -> 2.64 - wangmy
* 2d0254a : iso-codes: upgrade 4.10.0 -> 4.11.0 - Alexander Kanavin
* 56b8dbf : ell: upgrade 0.49 -> 0.50 - Alexander Kanavin
* 89feb5d : libwpe: upgrade 1.12.0 -> 1.12.2 - Alexander Kanavin
* 4fdb3d4 : bluez5: update 5.64 -> 5.65 - Alexander Kanavin
* 5acea6e : go: update v1.17.12 -> v1.17.13 - Sakib Sajal
* 057a6f8 : cve-check: Don't use f-strings - Ernst Sjöstrand
* 5e99aaa : grub2: fix several CVEs - Yongxin Liu
* 8123b22 : u-boot: fix CVE-2022-33967 - Sakib Sajal
* db5212c : u-boot: fix CVE-2022-30552 - Sakib Sajal
* ea0d6f2 : connman: Backports for security fixes - Khem Raj
* a2806f2 : libxml2: Ignore CVE-2016-3709 - Khem Raj
* 4ad7470 : libtiff: CVE-2022-34526 A stack overflow was discovered - Hitendra Prajapati

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* bc85c04 : runqueue: Change pressure file warning to a note - Richard Purdie

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Marta Rybczynska authored 2 years ago and Pavel Zhukov committed 2 years ago

Add LEDGE forks with kirkstone-related changes. We use forks because
the meta-ts layer doesn't have kirkstone support yet,
and meta-ledge-secure has some dependencies we do not need right now
(especially meta-selinux). Discussions for the two layers are in
progress, but may still take some time. When all our required changes
are upstream, we may switch to using the upstream directly.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Forwarded: !283
Relate-to: #787


Signed-off-by: Philippe Coval <philippe.coval.ext@huawei.com>

Pavel Zhukov authored 2 years ago and Andrei Gherzan committed 2 years ago

* 4ada86c : bitbake: runqueue: add memory pressure regulation - Aryaman Gupta
* f4954b8 : bitbake: runqueue: add cpu/io pressure regulation - Aryaman Gupta

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 33eec78 : ceph: upgrade v15.2.15 -> v15.2.17 - sakib.sajal@windriver.com
* 406eb64 : singularity: Drop explicit runtime dep glibc - Andrei Gherzan

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 10891d4 : lttng-modules: replace mips compaction fix with upstream change - Bruce Ashfield
* 86c1096 : lttng-modules: fix build against mips and v5.19 kernel - Bruce Ashfield
* a69cb04 : lttng-modules: fix 5.19+ build - Bruce Ashfield
* a894fda : selftest/wic: Tweak test case to not depend on kernel size - Richard Purdie
* 3f25837 : relocate_sdk.py: ensure interpreter size error causes relocation to fail - Paul Eggleton
* 394c1bb : nativesdk: Clear TUNE_FEATURES - Richard Purdie
* b60f4c7 : scripts/oe-setup-builddir: make it known where configurations come from - Alexander Kanavin
* aeec7cc : cmake: remove CMAKE_ASM_FLAGS variable in toolchain file - Martin Beeger
* f595240 : boost: fix install of fiber shared libraries - Mikko Rapeli
* 9079992 : create-spdx: ignore packing control files from ipk and deb - Jose Quaresma
* 504b50a : create-spdx: Fix supplier field - Mihai Lindner
* 31ed9d6 : archiver.bbclass: remove unsed do_deploy_archives[dirs] - Jose Quaresma
* fcb55a1 : runqemu: Add missing space on default display option - Mark Hatle
* 72bfdca : devtool/upgrade: catch bb.fetch2.decodeurl errors - Alexander Kanavin
* a7d406d : devtool/upgrade: correctly clean up when recipe filename isn't yet known - Alexander Kanavin
* 3aee342 : devtool: error out when workspace is using old override syntax - Roland Hieber
* 27e4c6f : vim: update from 9.0.0063 to 9.0.0115 - Randy MacLeod
* 46ac4a9 : zlib: CVE-2022-37434 a heap-based buffer over-read - Hitendra Prajapati
* 49781a7 : gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify - Hitendra Prajapati
* af701fd : u-boot: fix CVE-2022-33103 - Sakib Sajal
* f2ebd77 : qemu: fix CVE-2022-0216 - Sakib Sajal
* 99c4b60 : qemu: fix CVE-2022-0358 - Sakib Sajal
* a171d1f : qemu: fix CVE-2021-4158 - Sakib Sajal
* 3be3101 : qemu: fix CVE-2021-3929 - Sakib Sajal
* 8ad9e87 : qemu: fix CVE-2021-3507 - Sakib Sajal
* 978bc91 : gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow - Hitendra Prajapati

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* def57bd : ima: Remove disabling CONFIG_IMA_TEMPLATE - He Zhe

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 15cdda2 : linux-intel-dev: update to 5.19.0 - Naveen Saini
* 1b7dd7a : linux-intel-rt/5.15: update to v5.15.49 - Naveen Saini
* 54d5b80 : linux-intel/5.15: update to v5.15.49 - Naveen Saini
* 032466f : onednn: turn on PACKAGECONFIG for GPU engine - Anuj Mittal
* 43224e9 : onednn : Upgrade 2.6 -> 2.6.1 - Yogesh Tyagi
* ae72503 : intel-microcode: upgrade 20220510 -> 20220809 - Anuj Mittal
* 3898a44 : intel-compute-runtime: upgrade 22.23.23405 -> 22.31.23852 - Anuj Mittal
* 29ab273 : intel-microcode: update SRCREV for 20220510 - Yongxin Liu
* 3bf3a4b : openvino-inference-engine: enable GPU plugin - Anuj Mittal
* f47a4b0 : intel-graphics-compiler: upgrade 1.0.11378 -> 1.0.11702.1 - Anuj Mittal
* a6a0a70 : linux-intel: fix buildpaths issue - Anuj Mittal
* 9cb16a0 : onevpl-intel-gpu: Fix HEVC 12 bit Encode - Teng, Jin Chung
* 79ca0ec : intel-compute-runtime: upgrade 22.22.23355 -> 22.23.23405 - Anuj Mittal
* 3af3b5c : intel-graphics-compiler: upgrade 1.0.11279 -> 1.0.11378 - Anuj Mittal
* f322d4f : ixgbe : upgrade 5.14.6 -> 5.15.2 - Yogesh Tyagi
* ceb7e22 : ixgbevf : upgrade 4.14.5 -> 4.15.1 - Yogesh Tyagi

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* acbe748 : cryptsetup: Add support for building without SSH tokens - Peter Kjellerstedt
* ce74ad4 : libwebsockets: Avoid absolute paths in *.cmake files in the sysroot - Peter Kjellerstedt
* 9165fb0 : yasm: fix buildpaths warning - Anuj Mittal
* 73a17ff : frr: fix buildpaths issue - Mingli Yu
* 78e65e7 : apache2: Fix the buildpaths issue - Mingli Yu
* bbfdaf4 : openipmi: Fix buildpaths issue - Mingli Yu
* 055f26c : freeradius: Fix buildpaths issue - Mingli Yu
* fe7250a : postgresql: Fix the buildpaths issue - Mingli Yu
* 2594e97 : net-snmp: set ac_cv_path_PSPROG - Mingli Yu
* 72d3abd : ibus: Swith to use main branch instead of master - Khem Raj
* 3207be5 : polkit: update patches for musl compilation - Marta Rybczynska
* eb9a5dc : polkit: Add --shell /bin/nologin to polkitd user - Akash Hadke
* 5b7f7f3 : polkit-group-rule-udisks2: fix override syntax in RDEPENDS - Yi Zhao
* 64f9534 : polkit: add udisks2 rule - Vyacheslav Yurkov
* a8b879b : glmark2: fix compatibility with python-3.11 - Martin Jansa

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 2cafa6e : build-appliance-image: Update to kirkstone head revision - Richard Purdie
* 455acda : lttng-modules: Fix build failure for kernel v5.15.58 - He Zhe
* 5fb62be : lttng-modules: update 2.13.3 -> 2.13.4 - Alexander Kanavin
* 6216cc2 : linux-yocto/5.15: fix reproducibility issues - Bruce Ashfield
* f9c284c : linux-yocto/5.15: update to v5.15.59 - Bruce Ashfield
* 2bca0a8 : linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge) - Bruce Ashfield
* 5a6bc91 : linux-yocto/5.15: update to v5.15.58 - Bruce Ashfield
* 373f857 : linux-yocto/5.10: update to v5.10.135 - Bruce Ashfield
* c6435f0 : glibc: revert one upstream change to work around broken DEBUG_BUILD build - Martin Jansa
* ec5de25 : glibc : stable 2.35 branch updates - Sundeep KOKKONDA
* c33eb7f : openssh: Add openssh-sftp-server to openssh RDEPENDS - Alex Kiernan
* 4d6b260 : strace: set COMPATIBLE_HOST for riscv32 - Mingli Yu
* 9d2f5c1 : kernel.bbclass: pass LD also in savedefconfig - Martin Jansa
* 10bc315 : linux-firwmare: restore WHENCE_CHKSUM variable - Dmitry Baryshkov
* 38fb876 : libgcc: Fix standalone target builds with usrmerge distro feature - Khem Raj
* fd56896 : package_manager/ipk: do not pipe stderr to stdout - Shruthi Ravichandran
* 4eb53b3 : binutils: stable 2.38 branch updates - Sundeep KOKKONDA

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Oniro relies on this layer for containers support.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

* e23ef05 : recipes-graphics: Add missing machine overrides - Natalia Kovalenko
* f935da2 : recipes-graphics: Delete xorg-xserver - Natalia Kovalenko

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 0d0f168 : freertos: Update to latest release 202012.04-LTS (kernel v10.4.3 Patch 2) - Alejandro Enedino Hernandez Samaniego
* 22c9093 : meta-freertos: Add kirkstone as stable release - Alejandro Enedino Hernandez Samaniego
* 765ea05 : freertos.conf: Drop BB_DANGLINGAPPENDS_WARNONLY - Andrei Gherzan

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 8f2dc10 : tracker: upgrade 3.3.1 -> 3.3.2 - wangmy
* 6f3b39f : tracker: upgrade 3.3.0 -> 3.3.1 - Wang Mingyu
* d3e5c08 : redis: upgrade 7.0.2 -> 7.0.4 - wangmy
* ab72f6b : stunnel: upgrade 5.64 -> 5.65 - wangmy
* b9c0df2 : stunnel: upgrade 5.63 -> 5.64 - wangmy
* cb4e7fb : python3-lxml: Security fix CVE-2022-2309 - Yue Tao
* 2763eaf : openjpeg: ignore CVE-2015-1239 - Davide Gardenal
* 7430daa : bigbuckbunny-1080p: update SRC_URI - Armin Kuster
* 44d7730 : ndisc6: upgrade 1.0.5 -> 1.0.6 - Wang Mingyu
* 7eb9e50 : php: upgrade 8.1.7 -> 8.1.8 - Wang Mingyu
* db866d5 : rsyslog: update 8.2202->8.2206 - Aryaman Gupta
* f1d7666 : catfish: fix buildpaths issue - Chen Qi
* 4f02315 : postgresql: ignore unrelated CVE - Davide Gardenal
* b0bf282 : php: ignore patched CVEs - Davide Gardenal
* aca019a : mongodb: ignore unrelated CVEs - Davide Gardenal
* bd8f5fa : meta-oe: ignore patched CVEs - Davide Gardenal
* cd54a3b : libplist: ignore patched CVEs - Davide Gardenal

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 3564ce3 : initscripts: run umountnfs as a KILL script - Shruthi Ravichandran
* acda23e : bind: Remove legacy python3 PACKAGECONFIG code - Alex Kiernan
* 7d63a9d : efivar: fix import functionality - gr embeter
* 400ed3b : base/reproducible: Change Source Date Epoch generation methods - Richard Purdie
* a4326da : perf: fix reproduciblity in older releases of Linux - Ross Burton
* aa6621d : udev-extraconf:mount.sh: fix a umount issue - Ming Liu
* abff988 : systemd: Added base_bindir into pkg_postinst:udev-hwdb. - leimaohui
* 15015dd : wic/plugins/rootfs: Fix NameError for 'orig_path' - Mihai Lindner
* de7bd5b : oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled - Ross Burton
* 492e565 : epiphany: upgrade 42.2 -> 42.3 - Alexander Kanavin
* df37259 : xwayland: upgrade 22.1.2 -> 22.1.3 - Alexander Kanavin
* d626b8c : xwayland: upgrade 22.1.1 -> 22.1.2 - Richard Purdie
* fde20b5 : webkitgtk: upgrade 2.36.3 -> 2.36.4 - Alexander Kanavin
* b295465 : vala: upgrade 0.56.1 -> 0.56.2 - Alexander Kanavin
* b19e202 : vala: upgrade 0.56.0 -> 0.56.1 - Alexander Kanavin
* 1dae5b5 : log4cplus: upgrade 2.0.7 -> 2.0.8 - Alexander Kanavin
* c785f1d : libuv: upgrade 1.44.1 -> 1.44.2 - Alexander Kanavin
* c74c265 : linux-firmware: update 20220610 -> 20220708 - Alexander Kanavin
* 75503a1 : xserver-xorg: update 21.1.3 -> 21.1.4 - Alexander Kanavin
* cf4e2a0 : font-util: update 1.3.2 -> 1.3.3 - Alexander Kanavin
* 73ca8c3 : encodings: update 1.0.5 -> 1.0.6 - Alexander Kanavin
* d083da1 : xf86-input-synaptics: update 1.9.1 -> 1.9.2 - Alexander Kanavin
* 571736f : xmodmap: update 1.0.10 -> 1.0.11 - Alexander Kanavin
* 2f9ab1a : xev: update 1.2.4 -> 1.2.5 - Alexander Kanavin
* 5f3d709 : xorg-app: Tweak handling of compression changes in SRC_URI - Richard Purdie
* cde6198 : xdpyinfo: upgrade 1.3.2 -> 1.3.3 - wangmy
* 01f6eff : mkfontscale: upgrade 1.2.1 -> 1.2.2 - wangmy
* 7eeaf4e : libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections - Hitendra Prajapati
* 5f236e7 : qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash - Hitendra Prajapati

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

This reverts commit c6287fbc.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

This reverts commit 025e67f1.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

* 29dc214 : arm/edk2-firmware: cherry pick gcc 12.x compatibility patches - Maciej Borzecki
* 6301b32 : arm-bsp/sdcard-image-n1sdp: Fix N1SDP dependencies - Adam Johnston
* 2b392eb : arm-bsp/edk2-firmware: Add NT_FW_CONFIG to N1SDP to fix aborts when accessing virtual memory - Adam Johnston
* 01aa543 : arm-bsp/sdcard-image-n1sdp: N1SDP trusted boot - Adam Johnston
* 1e13b8b : arm-bsp/scp-firmware: N1SDP trusted boot - Adam Johnston
* d9c6ff9 : arm-bsp/trusted-firmware-a: N1SDP trusted boot - Adam Johnston
* 8c69397 : arm/oeqa: Fix regex warning in linuxboot test case - Peter Hoyes

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

* d6273f7 : Merge pull request #1159 from Freescale/backport-1158-to-kirkstone - Otavio Salvador
* 35d3f3f : imx8m*-evk: allow switch between `u-boot-imx` and `u-boot-fslc` - Otavio Salvador
* bab2763 : Merge pull request #1157 from Freescale/backport-1155-to-kirkstone - Otavio Salvador
* 8cba3aa : classes: fsl-kernel-localversion: fix usage with devtool - Francesco Valla
* f2599b5 : Merge pull request #1154 from Freescale/backport-1152-to-kirkstone - Otavio Salvador
* daa53e8 : imx6qdlsabre*.conf: Fix u-boot-imx-mfgtool compile error - Tom Hochstein
* baa6f9c : imx6qdlsabre*.conf: Fix UBOOT_CONFIG override for u-boot-imx-mfgtool - Tom Hochstein
* 8b801b8 : Merge pull request #1153 from Freescale/backport-1141-to-kirkstone - Otavio Salvador
* b511d2a : imx-atf: allow setting the UART used during boot - Otavio Salvador
* e5d2cb1 : imx-atf: mark `do_configure` as `noexec` - Otavio Salvador
* a74f445 : imx-atf: use `MACHINE_ARCH` as `PACKAGE_ARCH` - Otavio Salvador
* 017b7c7 : imx-atf: avoid default dependencies addition - Otavio Salvador
* 59324fb : imx-base.inc: consolidate `IMX_EXTRA_FIRMWARE` definition - Otavio Salvador
* 7b8a743 : Remove unuse `BOOT_TOOLS` variable - Otavio Salvador
* 2ede256 : imx-base.inc: avoid explicit imx-boot dependency - Otavio Salvador
* 10f4c0d : Merge pull request #1151 from Freescale/backport-1148-to-kirkstone - Otavio Salvador
* 9e409a0 : imx8mm-evk: lift imx8mm-lpddr4-evk and imx8mm-ddr4-evk restrictions - Otavio Salvador
* ac02582 : u-boot-fslc: 2022.04 -> 2022.07 - Otavio Salvador
* af0e098 : imx-atf: update lf-5.15.5-1.0.0 to lf-5.15.32-2.0.0 - Otavio Salvador
* 4ae8eec : Merge pull request #1150 from Freescale/backport-1149-to-kirkstone - Otavio Salvador
* 827ebdf : u-boot-imx: Upgrade 2021.04 -> 2022.04 - Tom Hochstein
* 54c2969 : linux-imx-headers: Upgrade 5.15.5 -> 5.15.32 - Tom Hochstein
* dbe3561 : linux-imx: Upgrade to 5.15.32 - Tom Hochstein
* 46f6856 : EULA,SCR: Update for NXP release 5.15.32-2.0.0 - Tom Hochstein
* 25364ba : Merge pull request #1140 from Ossanes/topic/fix-kirkstone-machines - Otavio Salvador
* 2f14512 : Add SoC information in machines where it is missing - Vinicius Aquino
* 3915c0f : Merge pull request #1145 from Freescale/backport-1144-to-kirkstone - Otavio Salvador
* 5142908 : optee-qoriq: rename directory so it maps to the recipe - Otavio Salvador
* dea213f : qoriq-cst: rename cst to qoriq-cst - Otavio Salvador
* 28af4ec : Merge pull request #1143 from Freescale/backport-1142-to-kirkstone - Otavio Salvador
* d630b57 : imx-atf: Refine array-bounds patch commit message - Tom Hochstein

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

* 2bc86c0 : gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so - Khem Raj
* 943760d : gcc: Backport a fix for gcc bug 105039 - Naveen
* bb1dc2b : gobject-introspection-data: Disable cache for g-ir-scanner - Tom Hochstein
* 96215d6 : rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} - Ming Liu
* 7549429 : sstatesig: Include all dependencies in SPDX task signatures - Joshua Watt
* 11943ac : git: upgrade v2.35.3 -> v2.35.4 - Sakib Sajal
* 4c3591c : go: update v1.17.10 -> v1.17.12 - Sakib Sajal
* 8b42e40 : vim: Upgrade 9.0.0021 -> 9.0.0063 - Richard Purdie
* c0c7214 : gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 - Yue Tao
* 4e9c180 : gnupg: update 2.3.4 -> 2.3.6 - Alexander Kanavin
* 5bfb44b : bind: upgrade 9.18.3 -> 9.18.4 - wangmy
* 1bbedc1 : bind: upgrade 9.18.2 -> 9.18.3 - wangmy
* e22b7b2 : dpkg: fix CVE-2022-1664 - Sakib Sajal
* 6c373c0 : tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 - Yi Zhao
* 16be6e3 : lua: Backport fix for CVE-2022-33099 - Khem Raj
* f1c2e21 : pulseaudio: add m4-native to DEPENDS - Ross Burton
* 73cc5a1 : externalsrc.bbclass: support crate fetcher on externalsrc - Chanho Park
* 9b2f7eb : cargo_common.bbclass: enable bitbake vendoring for externalsrc - Chanho Park
* b418b96 : selftest/runtime_test/virgl: Disable for all almalinux - Richard Purdie
* 3bb7abe : gcc-runtime: Fix missing MLPREFIX in debug mappings - Richard Purdie
* f842dbc : gcc-runtime: Fix build when using gold - Richard Purdie
* a994dbe : oe-selftest: devtool: test modify git recipe building from a subdir - Paul Eggleton
* 7cf5381 : devtool: finish: handle patching when S points to subdir of a git repo - Paul Eggleton
* 577a691 : patch: handle if S points to a subdirectory of a git repo - Paul Eggleton
* 58029ca : bin_package: install into base_prefix - Pascal Bach
* 9beb347 : devtool: ignore pn- overrides when determining SRC_URI overrides - Paul Eggleton
* 7acc1b9 : kernel-arch: Fix buildpaths leaking into external module compiles - Richard Purdie
* 7c3d9c5 : alsa-state: correct license - Peter Marko
* d6ec378 : perl: don't install Makefile.old into perl-ptest - Ross Burton
* d3149c9 : gtk-doc: Remove hardcoded buildpath - Richard Purdie
* 3829ac3 : libmodule-build-perl: Use env utility to find perl interpreter - Khem Raj
* cd3821f : vala: Fix on target wrapper buildpaths issue - Richard Purdie
* dfe0a72 : lua: Fix multilib buildpath reproducibility issues - Richard Purdie
* 05457e7 : waffle: correctly request wayland-scanner executable - Alexander Kanavin
* 1837c17 : insane: Fix buildpaths test to work with special devices - Richard Purdie
* 8efd5e3 : package.bbclass: Fix kernel source handling when not using externalsrc - Alejandro Hernandez Samaniego
* cefc6ec : package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo - Christoph Lauer
* 2772b77 : package.bbclass: Fix base directory for debugsource files when using externalsrc - Alejandro Hernandez Samaniego
* 39d57ef : python3: Backport patch to fix an issue in subinterpreters - Markus Volk
* cb37eeb : udev-extraconf:mount.sh: fix path mismatching issues - Ming Liu
* a3c93ec : udev-extraconf: fix some systemd automount issues - Ming Liu
* 9d90c89 : udev-extraconf/mount.sh: ignore lvm in automount - Muhammad Hamza
* 00ea431 : udev-extraconf: force systemd-udevd to use shared MountFlags - Muhammad Hamza
* 35b18c5 : udev-extraconf/mount.sh: only mount devices on hotplug - Muhammad Hamza
* 55c2de8 : udev-extraconf/mount.sh: save mount name in our tmp filecache - Muhammad Hamza
* 229e7a9 : udev-extraconf/mount.sh: add LABELs to mountpoints - Muhammad Hamza
* c021f55 : udev-extraconf: let automount base directory configurable - Ming Liu
* 99d9dc7 : udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist - Richard Purdie
* 7505ac6 : harfbuzz: Fix compilation with clang - Pavel Zhukov
* 2749916 : curl: Fix multiple CVEs - Robert Joslyn
* 171415e : perf: fix reproducibility in 5.19+ - Bruce Ashfield
* 873ac23 : gperf: Switch to upstream patch - Richard Purdie
* 21f36f1 : gperf: Add a patch to work around reproducibility issues - Richard Purdie
* 3480149 : kernel-devsrc: ppc32: fix reproducibility - Bruce Ashfield
* ff5b504 : kernel-devsrc: fix reproducibility and buildpaths QA warning - Bruce Ashfield
* f64ad68 : linux-yocto/5.15: fix buildpaths issue with pnmtologo - Bruce Ashfield
* 3e15a98 : linux-yocto/5.15: update to v5.15.54 - Bruce Ashfield
* 267576e : linux-yocto/5.15: fix buildpaths issue with gen-mach-types - Bruce Ashfield
* e1c1ad4 : linux-yocto/5.15: fix build_OID_registry buildpaths warning - Bruce Ashfield
* 736271d : linux-yocto/5.15: fix qemuppc buildpaths warning - Bruce Ashfield
* a8a7765 : linux-yocto/5.15: update to v5.15.52 - Bruce Ashfield
* 4b896df : linux-yocto/5.15: drop obselete GPIO sysfs ABI - Bruce Ashfield
* cf7921a : linux-yocto/5.15: update to v5.15.48 - Bruce Ashfield
* 5e5dee3 : linux-yocto/5.15: update to v5.15.46 - Bruce Ashfield
* 1d8a9a3 : linux-yocto/5.10: fix buildpaths issue with pnmtologo - Bruce Ashfield
* ea72e5e : linux-yocto/5.10: update to v5.10.130 - Bruce Ashfield
* 6e2676a : linux-yocto/5.10: fix buildpaths issue with gen-mach-types - Bruce Ashfield
* bbf8586 : linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning - Bruce Ashfield
* 024056a : linux-yocto/5.10: update to v5.10.128 - Bruce Ashfield
* 445bbe0 : linux-yocto/5.10: update to v5.10.123 - Bruce Ashfield
* 62d3fc8 : linux-yocto/5.10: update to v5.10.121 - Bruce Ashfield
* 5a892e2 : qemu: Add PACKAGECONFIG for brlapi - Richard Purdie
* 9637a46 : qemu: Fix slirp determinism issue - Richard Purdie

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

    manifests/default.xml:      Add new project meta-seco-rockchip
    local.conf.sample:          Add seco-px30-d23 to MACHINE
    bblayers.conf.sample:       Add meta-seco-rockchip layer to BBLAYERS
    conf-notes.txt              Add seco-px30-d23 to supported machines
    machines-and-flavours.yaml  Add linux-seco-px30-d23 and linux-seco-px30-d23-extra jobs
    linux-flavour.rst:          Add seco-px30-d23 to supported machines
    machines-and-flavours.rst   Add linux-seco-px30-d23 job
    boards/index.rst            Add seco-px30-d23 to supported boards

    Add the seco-px30-d23.rst file representing the new Seco's
    JUNO board (SBC-D23) in the oniro project.

Signed-off-by: Natalia Kovalenko <waykovalenko@gmail.com>

* 78fce73 : arm/lib: Improve FVPRunner shutdown logic - Peter Hoyes

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* ea42364 : class: bundle: support incremental image property - Jan Luebbe

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* c79262a : meta-integrity: kernel-modsign: prevents splitting out debug symbols - Jose Quaresma
* e54e064 : clamav: make install owner match the added user name - Jeremy A. Puhlman
* c29ef97 : python3-privacyidea: add correct path to lib/privacyidea - Jeremy A. Puhlman
* ab90048 : libmhash: add multilib header - Jeremy A. Puhlman
* 7e3596e : sssd: ignore CVE-2018-16838 - Davide Gardenal

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* 2e785f2 : Merge pull request #1139 from Freescale/backport-1138-to-kirkstone - Otavio Salvador
* ded83a4 : conf/machine/ls1046ardb.conf: Add DTB fsl-ls1046a-rdb-usdpaa-shared.dtb - Jun Zhu

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* a47ef04 : openflow: ignore unrelated CVEs - Davide Gardenal
* 4b4c6f4 : freeradius: ignore patched CVEs - Davide Gardenal
* b7c6c47 : quagga: ignore CVE-2016-4049 - Davide Gardenal
* 66106e1 : spice: ignore patched CVEs - Davide Gardenal
* 5166896 : thrift: add CVE_PRODUCT to fix CVE reporting - Davide Gardenal
* 7e1a69d : wireshark: upgrade 3.4.11 -> 3.4.12 - Davide Gardenal
* 743f6e7 : ntp: ignore many CVEs - Davide Gardenal
* c1e7b0b : openflow: ignore CVE-2018-1078 - Davide Gardenal
* 9bb4434 : usrsctp: add CVE_VERSION to correctly check for CVEs - Davide Gardenal
* 0af58eb : zabbix: upgrade 5.2.6 -> 5.4.12 - Changqing Li
* d1e28ae : apache2: upgrade 2.4.53 -> 2.4.54 - Changqing Li
* ffe6e46 : redis: upgrade 7.0-rc3 -> 7.0.2 - Changqing Li
* b109169 : redis: upgrade 6.2.6 -> 6.2.7 - Changqing Li

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

Pavel Zhukov authored 2 years ago and Stefan Schmidt committed 2 years ago

ABI checker implementation is meta-binaryaudit. Adding it for CI only
to not extend support surface of the project.
Added to three flavours for now. It can be easily extended to all jobs
if needed in the future

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* b9bbc38 : protobuf-c: update to 1.4.1 fix CVE-2022-33070 - Wentao Zhang
* 6d1dbf7 : modemmanager: update to 1.18.8 - Adrian Freihofer
* 2dd643a : imagemagick: upgrade 7.0.10-25 -> 7.0.10-62 - Davide Gardenal
* 4eaa309 : ntfs-3g-ntfsprogs: upgrade to 2022.5.17 - Chen Qi
* 1a09e4f : php: upgrade 8.1.6 -> 8.1.7 - wangmy
* e5b177a : cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands - Hitendra Prajapati
* bf2822d : dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291 - Yue Tao
* 97375c7 : emlog: ignore unrelated CVEs - Davide Gardenal
* c455cba : freeradius: mutlilib fixes - Jeremy Puhlman

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>

* a4bfb5c : libsoup: upgrade 3.0.6 -> 3.0.7 - Alexander Kanavin
* a2871b4 : glib-networking: upgrade 2.72.0 -> 2.72.1 - Alexander Kanavin
* 0d9a2d4 : glib-2.0: upgrade 2.72.2 -> 2.72.3 - Alexander Kanavin
* 3903a24 : weston: update 10.0.0 -> 10.0.1 - Alexander Kanavin
* e008697 : gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3 - wangmy
* 4f00cdf : gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3 - wangmy
* 05f62a8 : gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3 - wangmy
* e1dd7d5 : gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3 - wangmy
* 4aee173 : gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3 - wangmy
* c827ede : gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3 - wangmy
* 0ead6c0 : gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3 - wangmy
* e190d67 : gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3 - wangmy
* 9b8a62d : gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3 - wangmy
* 84b2d19 : gst-devtools: upgrade 1.20.2 -> 1.20.3 - wangmy
* 2c177d0 : gstreamer1.0: upgrade 1.20.2 -> 1.20.3 - Alexander Kanavin
* 2023e33 : binutils : stable 2.38 branch updates - Sundeep KOKKONDA
* 96f6bad : glibc-tests: Avoid reproducibility issues - Richard Purdie
* 05760b2 : glibc: stable 2.35 branch updates - Sundeep KOKKONDA
* 7616275 : openssl: update 3.0.4 -> 3.0.5 - Alexander Kanavin
* 640ccea : vim: upgrade to 9.0.0021 - Ross Burton
* 21b66e6 : u-boot: fix CVE-2022-34835 - Sakib Sajal
* dc627ce : tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 - Ross Burton
* 537e7d3 : harfbuzz: fix CVE-2022-33068 - Wentao Zhang
* 83ab9f5 : qemu: Avoid accidental libvdeplug linkage - Steve Sakoman
* 84390c3 : qemu: Avoid accidental librdmacm linkage - Richard Purdie
* 171fa2d : qemu: add PACKAGECONFIG for capstone - Steve Sakoman
* 6db1eb6 : ruby: add PACKAGECONFIG for capstone - Steve Sakoman

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>