summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
...
* apr: Fix to work with autoconf 2.70Richard Purdie2021-02-072-0/+23
| | | | | | | | Fix an issue with autoconf 2.70 where duplicate macro includes caused configure failures. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@arm.com>
* libcroco: Added CVEsaloni2021-02-062-0/+195
| | | | | | | | | | Added below CVE: CVE-2020-12825 Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8 Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Whitelisted CVEssaloni2021-02-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: upgrade 20200601 -> 20210119zhengruoqin2021-01-302-39/+1
| | | | | | | | 0001-certdata2pem.py-use-python3.patch removed since it is included in 20210119 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libjitterentropy: upgrade 3.0.0 -> 3.0.1Wang Mingyu2021-01-301-2/+2
| | | | | | | -License-Update: Copyright year updated to 2021. Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap: upgrade 2.46 -> 2.47Wang Mingyu2021-01-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Clean up various class-native* RDEPENDS overridesRichard Purdie2021-01-291-1/+0
| | | | | | | | | | | | | | | | | | | | With PACKAGES functioning more correctly for native recipes combined with classextend improvements over the years, there are various overrides of RDEPENDS which look unecessary now, clean them up. There some some minor changes in dependencies, specifically: "python3-numpy-native.do_populate_sysroot" -> "python3-native.do_populate_sysroot" "python3-mako-native.do_populate_sysroot" -> "python3-native.do_populate_sysroot" "itstool-native.do_populate_sysroot" -> "libxml2-native.do_populate_sysroot" however there are already: XXX-native.do_prepare_recipe_ssysroot -> YYY-native.do_populate_sysroot mappings from DEPENDS so this is effectively a null op. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* native: Stop clearing PACKAGESRichard Purdie2021-01-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Native recipes have been special and they don't have packages generated from them. The RDEPENDS/RPROVIDES and other runtime package specific variables can contain important data about dependencies recipes need though and currently it is required to write this information explicitly in the native case. We now delete the packaging tasks for native recipes which removes the need to clear PACKAGES. The next step to improve the metadata is to stop clearing it and ensure any entries in these variables are remapped appropriately. The R* variables were already being processed by the class extension code but the implementation was suboptimal. This patch stops clearing PACKAGES and PACKAGES_DYNAMIC and fixes the places where that caused issues in OE-Core, for example PACKAGES additions in anonymous python without the "-native" suffix and a case where the included classes caused a self reference in DEPENDS which would once have been removed by the previous code. The implementation uses datastore/parser parameters to ensure that the variable overrides are not overwritten when calling setVar which is appropriate for a function as close to the core as this one is. Some now unneeded code in python3-setuptools is dropped, there are further changes like this which can follow. This change was verified with OE-Core by comparing task-depends.dot generated by "bitbake world -g" before and after the change, the files were identical. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gpgme: upgrade 1.15.0 -> 1.15.1Wang Mingyu2021-01-232-5/+5
| | | | | | | | refresh the followning patches: 0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: upgrade 0.4.15 -> 0.4.17Anuj Mittal2021-01-204-197/+2
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* enchant2: upgrade 2.2.14 -> 2.2.15Anuj Mittal2021-01-201-1/+1
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* p11-kit: upgrade 0.23.21 -> 0.23.22Lee Chee Yang2021-01-201-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/p11-glue/p11-kit/releases/tag/0.23.22 Release notes: Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook anchor: Prefer persistent format when storing anchor [#329] common: Fix infloop in p11_path_build [#326, #327] proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [#325] common: Check for a NULL locale before freeing it [#321] Build and test fixes [#313, #315, #317, #318, #319, #323, #330, #333, #334, #335, #338, #339] https://github.com/p11-glue/p11-kit/commit/c4e75e10021ce86ab42682ea4936dce94ced2f77 patch to fix trailing newline using custom_target() caused error with DISTRO_FEATURES api-documentation due to meson bugs, enable manpages PACKAGECONFIG should prevent this error. | warning: failed to load external entity "../version.xml" | ../p11-kit-docs.xml:11: parser error : Failure to process entity version | <releaseinfo>for p11-kit &version;</releaseinfo> | ^ | ../p11-kit-docs.xml:11: parser error : Entity 'version' not defined | <releaseinfo>for p11-kit &version;</releaseinfo> | ^ | unable to parse ../p11-kit-docs.xml Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: drop arm-intrinsics.patchMans Rullgard2021-01-172-56/+1
| | | | | | | | This patch makes gcc produce broken code. It is unclear why it is there in the first place. Drop it. Signed-off-by: Mans Rullgard <mans@mansr.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgpg-error: upgrade 1.39 -> 1.41zhengruoqin2021-01-162-16/+17
| | | | | | | refresh pkgconfig.patch Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libevdev: upgrade 1.10.0 -> 1.10.1zhengruoqin2021-01-161-1/+1
| | | | | Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rng-tools: upgrade 6.10 -> 6.11Yi Zhao2021-01-164-143/+1
| | | | | | | Remove backported patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* diffoscope: upgrade 163 -> 164Joshua Watt2021-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ Chris Lamb ] * Truncate jsondiff differences at 512 bytes lest they consume the entire page. * Wrap our external call to cmp(1) with a profile (to match the internal profiling). * Add a note regarding the specific ordering of the new all_tools_are_listed test. [ Dimitrios Apostolou ] * Performance improvements: - Improve speed of has_same_content by spawning cmp(1) less frequently. - Log whenever the external cmp(1) command is spawn.ed - Avoid invoking external diff for identical, short outputs. * Rework handling of temporary files: - Clean up temporary directories as we go along, instead of at the end. - Delete FIFO files when the FIFO feeder's context manager exits. [ Mattia Rizzolo ] * Fix a number of potential crashes in --list-debian-substvars, including explicitly listing lipo and otool as external tools. - Remove redundant code and let object destructors clean up after themselves. [ Conrad Ratschan ] * Add a comparator for Flattened Image Trees (FIT) files, a boot image format used by U-Boot. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: upgrade 2.2.26 -> 2.2.27Wang Mingyu2021-01-151-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libyaml: Enable static lib on native/nativesdkKhem Raj2021-01-131-0/+3
| | | | | | | | | | Helps building static tools which depend on libyaml during build or shipped with SDK libyaml is MIT licensed so static linking would not be as prohibitive Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: upgrade 3.6 ->3.7Wang Mingyu2021-01-105-2/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shared-mime-info: upgrade 2.0 -> 2.1Wang Mingyu2021-01-101-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdbm: upgrade 1.18.1 -> 1.19zhengruoqin2021-01-082-50/+2
| | | | | | | | gdbm-fix-link-failure-against-gcc-10.patch Removed since this is included in 1.19 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libexif: fix CVE-2020-0198; CVE-2020-0452Changqing Li2020-12-313-0/+107
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: update 1.74.0 -> 1.75.0Alexander Kanavin2020-12-313-102/+1
| | | | | | | | Remove 0001-Apply-boost-1.62.0-no-forced-flags.patch.patch: upstream has refactored the code, purpose of the patch is unclear. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: update 2.2.23 -> 2.2.26Alexander Kanavin2020-12-314-15/+13
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: update 3.6.15 -> 3.7.0Alexander Kanavin2020-12-312-3/+14
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icu: update 68.1 -> 68.2Alexander Kanavin2020-12-311-2/+2
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libjitterentropy: update 2.2.0 -> 3.0.0Alexander Kanavin2020-12-313-91/+3
| | | | | | | License-Update: copyright years Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libksba: update 1.4.0 -> 1.5.0Alexander Kanavin2020-12-312-8/+12
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: upgrade 3.33.0 -> 3.34.0Alexander Kanavin2020-12-301-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libusb1: upgrade 1.0.23 -> 1.0.24Alexander Kanavin2020-12-301-2/+1
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: upgrade 10.35 -> 10.36Alexander Kanavin2020-12-301-2/+2
| | | | | | License-Update: email address changed Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* enchant2: upgrade 2.2.13 -> 2.2.14Alexander Kanavin2020-12-301-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* diffoscope: upgrade 161 -> 163Alexander Kanavin2020-12-301-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap-ng: upgrade 0.8.1 -> 0.8.2Yi Zhao2020-12-243-2/+2
| | | | | | | SRC_URI update: http -> https Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap: update 2.45 -> 2.46Yi Zhao2020-12-242-5/+7
| | | | | | | Rebase 0001-tests-do-not-statically-link-a-test.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Update 7.73.0 -> 7.74.0Khairul Rohaizzat Jamaluddin2020-12-241-1/+1
| | | | | | | | | | | | | | | | | update to version 7.74.0 curl 7.74.0 hsts: add experimental support for Strict-Transport-Security with various bug fixes Reference: https://curl.se/changes.html#7_74_0 update includes fix for CVE: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apr-util: Only specify --with-dbm=gdbm if gdbm support is enabledPeter Kjellerstedt2020-12-211-3/+2
| | | | | | | | Support for gdbm was made optional in 3260ad9e, but it was still being used unconditionally. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: add missing descriptions in some support recipesMaxime Roussin-Bélanger2020-12-187-0/+21
| | | | | Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libffi: add patch to revert clang VFP workaroundBrett Warren2020-12-092-0/+105
| | | | | | | | | Patch is added to address an issue preventing libffi from compiling under clang. Change-Id: I55e36d252ec8e84de9b35fea18044c2c0e8c5aab Signed-off-by: Brett Warren <brett.warren@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* serf: do not install the static libraryAlexander Kanavin2020-12-091-0/+5
| | | | | | | | | | scons is using host ar to create it, which may or may not be built with reproducible option by default. Rather than patch scons for the benefit of a single recipe, let's just not install the .a, which is unused anyway. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: upgrade 1.9.2 -> 1.9.3Alexander Kanavin2020-12-091-2/+2
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap: update 2.44 -> 2.45Alexander Kanavin2020-12-093-20/+34
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: Use the new branch naming from upstreamRichard Purdie2020-12-031-1/+1
| | | | | | | | Upstream renamed master -> dev, update SRC_URI to match. [YOCTO #14135] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap-ng: upgrade 0.8 -> 0.8.1zangrc2020-11-293-1/+1
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: add CVE-2015-3717 to whitelistRoss Burton2020-11-241-0/+2
| | | | | | | | As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue is believed to be either iOS specific, or fixed in 3.8.9. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libunwind: upgrade 1.4.0 -> 1.5.0zangrc2020-11-244-526/+2
| | | | | | | | | | 0001-Fix-compilation-with-fno-common.patch 0002-backtrace-Use-only-with-glibc-and-uclibc.patch sigset_t.patch Removed since these are included in 1.5.0 Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gpgme: upgrade 1.14.0 -> 1.15.0zangrc2020-11-241-1/+1
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gmp: upgrade 6.2.0 -> 6.2.1zangrc2020-11-241-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: fix CVE-2020-26154Lee Chee Yang2020-11-242-0/+99
| | | | | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>