In order to improve the readability of the file, arrange value lines
of variables with multiple values in alphabetic order.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove the duplicate 'yajl' entry from value of
RDEPENDS:packagegroup-meta-oe-devtools variable.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
cve-check.bbclass reported unpatched vulnerabilities in libtar
[1,2,3,4,5]. The NIST assigned base score for the worst vulnerability
is 9.1 / critical.
The patches were taken from the libtar [6] master branch after the
latest tag v1.2.20 (the changes in libtar master mostly originate from
Fedora and their patches), and from the Fedora 41 libtar source package
[7] and the Debian libtar package 1.2.20-8 [8] where the patches were
not available in the libtar repository itself.
The Fedora patch series was taken in its entirety in order to minimize
differences to Fedora's source tree instead of cherry-picking only CVE
fixes. Minimizing the differences should avoid issues with potential
inter-dependencies between the patches, and hopefully provide better
confidence as even the newest patches have been in use in Fedora for
nearly 2 years (since December 2022; Fedora rpms/libtar.git commit
e25b692fc7ceaa387dafb865b472510754f51bd2). The series includes even the
Fedora patch libtar-1.2.20-no-static-buffer.patch, which contains
changes *) that match the libtar commit
ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 ("decode: avoid using a static
buffer in th_get_pathname()") whose commit message says
Note this can break programs that expect sizeof(TAR) to be fixed.
The patches applied cleanly except for the Fedora srpm patch
libtar-1.2.11-bz729009.patch, which is identical with the pre-existing
meta-oe patch 0002-Do-not-strip-libtar.patch and is thus omitted.
The meta-openembedded recipe does not include any of the patches in
Kirkstone [9] nor the current master [10].
libtar does not have newer releases, and the libtar master doesn't
contain all of the changes included in the patches. Fedora's
libtar.1.2.11-*.patch are not included in the libtar v1.2.20 release
either but only in the master branch after the tag v1.2.20. The version
number in the filename is supposedly due to the patches being created
originally against v1.2.11 but have been upstreamed or at least
committed to the master only after v1.2.20.
The commit metadata could not be practically completed in most of the
cases due to missing commit messages in the original commits and
patches. The informal note about the author ("Authored by") was added to
the patch commit messages where the commit message was missing the
original author(s)' Signed-off-by.
*) The patch also contains the changes split to the libtar commits
495d0c0eabc5648186e7d58ad54b508d14af38f4 ("Check for NULL before
freeing th_pathname") and 20aa09bd7775094a2beb0f136c2c7d9e9fd6c7e6
("Added stdlib.h for malloc() in lib/decode.c"))
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-33643
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-33644
[3] https://nvd.nist.gov/vuln/detail/CVE-2021-33645
[4] https://nvd.nist.gov/vuln/detail/CVE-2021-33646
[5] https://nvd.nist.gov/vuln/detail/CVE-2013-4420
[6] https://repo.or.cz/libtar.git
[7] https://src.fedoraproject.org/rpms/libtar/tree/f41
[8] https://sources.debian.org/patches/libtar/1.2.20-8/CVE-2013-4420.patch/
[9] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=kirkstone&id=9a24b7679810628b594cc5a9b52f77f53d37004f
[10] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master&id=9356340655b3a4f87f98be88f2d167bb2514a54c
Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Build checks for this during configure but the test is a runtime
test, which does not work when cross-compiling, therefore
prescribe this by caching it for architecture/compiler options
where it will work ok.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe depends on meta-python2, master branch of which has not
been updated sine February 2022, see
https://git.openembedded.org/meta-python2/log/?h=master
Also, the SRC_URI address leads to fedorahosted.org retirement
announcement page, HOMEPAGE does not seem to work, and
https://pypi.org/project/openlmi-tools/ declares the programming
language as Python 2.7.
Thus, remove the obsolete recipe, along with associated packagegroup
declarations/references.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The -Wnon-virtual-dtor flag was unintentionally added to the .pc files,
which causes problems when abseil is used by C code:
cc1: error: command-line option '-Wnon-virtual-dtor' is valid for
C++/ObjC++ but not for C [-Werror]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- repo: NUL terminate readlinkat result
- deploy: Log to journal for boot space, not stderr
- commit/payload-link: Ensure we don't overrun target_checksum size
- sysroot: Make coverity happy with dirname+strdup
- tests: Attempt to update auto-prune test
- grub2: Show output when run in systemd by default
- lib/traverse: Fix minor memory leak
- github/workflows/tests: Update actions/upload-artifact to v4
- Redo pages workflow
- spec: %autorelease can't be resolved by COPR
- bootloader/grub2: Handle empty static configs
- workflow/docs: Fix deployments
- curl: Assert that curl_multi_assign worked
- curl: Make socket callback during cleanup into no-op
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Fix zipconf.h for version number with missing third component.
* Stop searching after finding acceptable central directory, even if it
contains inconsistencies.
* Only write Zip64 EOCD if fields don't fit in normal EOCD. Previously libzip
also wrote it when any directory entry required Zip64.
* Allow bytes from 0x00-0x1F as UTF-8.
* Add new error code 'ZIP_ER_TRUNCATED_ZIP' for files that start with a valid
local header signature.
* 'zipcmp': add '-T' option for comparing timestamps.
* 'zip_file_replace' now removes the target's extra field information.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Bug fix:
---------
Fix checking new Synaptics MST firmware size
Make another ModemManager instance ID visible for firmware matching
Never set a zero-length device name when matching the vendor name
Recalculate the device supported flag when reparenting devices
Reduce idle power consumption of paired logitech-hidpp devices
Retry the open action to fix BC901 NVMe reload
Add support:
-----------
Algoltek devices supporting sector erase
Dell K2 dock
Intel USB4 hub 5787
More MediaTek scaler devices
Nordic HID devices supporting DFUv1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- NetBSD Support
- Intel GPU support
- Added warnings when toggling boxes and terminal size is to small
- Fix missing core percentages
- Various fixes for drawing GPU related information
- fix divide 0 error when caculating disk usage percentage
- fix io_graph_speeds parsing
- V1 of Phoenix Night theme
- Fixed missing CPU core temps when too small to show core temp graphs
- Fixed missing IO graphs in IO mode
- fix zero temp
- Fix comments (parsing) in theme files
- Add regex filtering
- Fix typo in file existences check for voltage_now
- Show time in days when remaining battery exceeds an estimation of 24h
- (AMD Gpu) fix pwr_usage not being defined correctly during rsmi collection
- macOS: fix crash if there exists a uid not associated with any user
- Fix rsmi device name buffer size
- Add gruvbox_light theme
- Create man page for btop in Markdown
- Include metadata in binary version output 'btop --version'
- collect: Fix reading of battery power draw on Linux
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently softhsm will try to access deleted obejcts due to the order of
atexit handler implementations. Add a patch which adds a global variable
to track whether objects are deleted and prevents access if this is the
case.
This fixes a failure with the signing.bbclass where when signing
multiple fitimage configurations the second signing operation will lead
to a segfault.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The python3-pyserial dependency was introduced in [1].
It is provided by the meta-python layer and so make it conditionally.
Fixes:
| NOTE: Resolving any missing task queue dependencies
| ERROR: Nothing RPROVIDES 'python3-pyserial' (but ../meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.25.bb RDEPENDS on or otherwise requires it)
| NOTE: Runtime target 'python3-pyserial' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['python3-pyserial']
| NOTE: Runtime target 'gpsd' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['gpsd', 'python3-pyserial']
[1] https://git.openembedded.org/meta-openembedded/commit/?id=1266c912afa0abf118eaa5d152a0641c87665fbd
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Valkey is an open source, in-memory data store. Release 8.0.0 is
fully compatible with Redis OSS 7.2.4 and brings:
- Added full client info to SHUTDOWN and CLUSTER FAILOVER logs for
better traceability of requests.
- Resolved issues in replicationSetPrimary where the primary node's
IP/port updates were not correctly handled in the cluster gossip
section.
- Fixed AOF base suffix during rewrites when modifying the
aof-use-rdb-preamble setting, ensuring correct suffix caching to
prevent inconsistencies.
- Addressed rare crashes in async IO threads with TLS by preventing
concurrent read and write job overlap.
- Prevented AOF from being incorrectly disabled after loading RDB
data, ensuring proper re-enabling of AOF.
- Triggered a save of the cluster configuration file before
shutdown to prevent inconsistencies caused by unsaved node
configuration changes.
- Fixed timing issue in CLUSTER SETSLOT to ensure replicas handle
migration correctly when receiving the command before the gossip
update.
- Optimized the handling of temporary set objects in SUNION and
SDIFF commands, resulting in a 41% performance improvement for
SUNION and 27% for SDIFF.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The python3-pyserial dependency was introduced in [1].
It is provided by the meta-python layer and so make it conditionally.
Fixes:
| NOTE: Resolving any missing task queue dependencies
| ERROR: Nothing RPROVIDES 'python3-pyserial' (but ../meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.25.bb RDEPENDS on or otherwise requires it)
| NOTE: Runtime target 'python3-pyserial' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['python3-pyserial']
| NOTE: Runtime target 'gpsd' is unbuildable, removing...
| Missing or unbuildable dependency chain was: ['gpsd', 'python3-pyserial']
[1] https://git.openembedded.org/meta-openembedded/commit/?id=1266c912afa0abf118eaa5d152a0641c87665fbd
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Yi Zhao
Khem Raj
J. S.
Niko Mauno
Katariina Lounento
Peter Kjellerstedt
Wang Mingyu
Mingli Yu
Rouven Czerwinski
Jose Quaresma
s-tokumoto
Yoann Congal
Leon Anavi
Etienne Cordonnier
Shinji Matsunaga