In native/nativesdk builds, sysconfdir refers to a recipe sysroot
directory, which will disappear once the workdir is cleaned up, breaking
libcurl's HTTPS connections.
By simply not setting --with-ca-bundle at all in non-target builds, curl
defaults to the host system's CA certificates, which is desirable anyways
to allow builds in environments that require local CA certificates.
(From OE-Core rev: 4909a46e93ba774c960c3d3c277e2a669af3fea6)
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC15 is switching defaults to C23 and gdbm is not yet ready to
compile using C23 std.
(From OE-Core rev: e0f13f9bc96a0dd4c5f6750a8106422a6d015359)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Just one change, to fix the Go psx module build.
(From OE-Core rev: 8b95a195e31a1e01b3b508ca0a77908fa87f5d02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recipe LICENSE field should reflect the license of all of the sources,
so include the PAM module licenses too.
Don't use conditionals in LIC_FILES_CHKSUM so that the configuration
does not cause differing checksums to be used.
Explicitly set the license on libcap and libcap-dev to reflect the
contents:
- libcap is BSD|GPLv2, and also BSD|LGPLv2+ if PAM is enabled.
- libcap-dev is just the library, so BSD|GPLv2.
(From OE-Core rev: 12ac8b55ee7407aca485869f0031cf7375761ca9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no need to set PACKAGECONFIG:class-native as we disable PAM in
the native DISTRO_FEATURES.
No need to set COPTS, since "Canonicalize build system"[1] the exported
CFLAGS/CPPFLAGS/LDFLAGS are respected.
Merge multiple make arguments into EXTRA_OEMAKE to remove duplication.
SYSTEM_HEADERS is not used upstream, remove.
[1] 2762c2c1a8c98d9012fcd40f20d133493a0b3219
(From OE-Core rev: 88cd79eee6dcc40d0e75ab35d9092ac3c788be7d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
base_libdir/*.so is part of the default assignment.
(From OE-Core rev: 964c73bd4de30c682961f7fe2ee85a92995d3160)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch,
fixed upstream in "libcap: Fix for older kernels"[1].
Drop 0002-tests-do-not-run-target-executables.patch, doesn't appear to
be needed anymore and most likely resolved by "Don't build the
tests/binaries until we want to run them"[2].
[1] f1c3ac995d02d4f17b9d15656ab6d58f4c87435a
[2] 99799844ad9272d43892881d1090369e6032aec2
(From OE-Core rev: 1efd3ff1ab24ee4037bdcf92602dce961abe63aa)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace the UTF8 character for non-breaking space with regular
(ASCII) space in FILES:${PN} variable.
(From OE-Core rev: 5506d920a5e9404f6b4d115c1e71c0bf68a74cca)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On big-endian systems the preprocessor define ICU_DATA_DIR
is currently being set to a path ending with the ${PV} of
the recipe.
The PV version string has changed to a '-' separator
since oe-core commit cebe8439cdc656d53355506a31a3782312bf03c5
whereas the build system installs the data files into a
path ending with the dot-separated version of ICU.
This causes the ICU data file to not be detected at runtime,
consequently breaking any dependant applications.
We therefore substitute ${PV} with the dot-separated version
string of ICU, as returned from the icu_install_folder function,
on the ICU_DATA_DIR define on big-endian targets.
(From OE-Core rev: 28cdc0110def011e3d690da1d591076385267ef7)
Signed-off-by: Makarios Christakis <makchrbiz@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix to make this work with GCC15/C23 caused problems with older gcc versions.
Add a fix for that.
(From OE-Core rev: 08fce47470c629cbdd85a5ad486bc79b05afa44b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Noteworthy changes in version 2.5.5 (2025-03-07)
------------------------------------------------
* gpg: Fix a verification DoS due to a malicious subkey in the
keyring. [T7527]
* dirmngr: Fix possible hangs due to blocking connection requests.
[T6606, T7434]
* w32: On socket nonce mismatch close the socket. [T7434]
* w32: Print more detailed diagnostics for IPC errors.
* GPGME is not any more distributed with the Windows installer.
Please install gpg4win to get gpgme version.
See-also: gnupg-announce/2025q1/000491.html
Release-info: https://dev.gnupg.org/T7530https://dev.gnupg.org/source/gnupg/browse/master/NEWS
(From OE-Core rev: e0eaf598193012c6b0ada9e56be9bc0d6b19ec97)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Unfortunately this has been overlooked, and resulted in
erroneous updates to testing/development releases.
The check will report an 'unknown' latest version until 2.6.0
is released.
(From OE-Core rev: 7e505c1506ea6a079b0291f84e4ec6774064ef20)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the final patch that got applied to mpfr upstream
so lets drop the version we are carrying in favour of this backported.
(From OE-Core rev: e6fa8eea0cd035623f06d51da89cf2e3b9eb7449)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-uatomic-generic.h-add-missing-stdlib.h-header-file-f.patch
removed since it's included in 0.15.1
(From OE-Core rev: c8dcd773a062685f249a020af7858a794b556617)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements
License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025
(From OE-Core rev: 3a8633b9f522e0be31c08790a3f2050c6d052d93)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rework the anon Python so that it doesn't expect to find non-MLPREFIXed FILES
overrides which are then mapped into MLPREFIXed versions, this allows the
apparent hardcoding of boost-{test,serialization} to be written more naturally
(and is significantly less surprising).
With this, and a change to lookup ${BPN} when generating split package names,
generating an explicitly versioned boost package (e.g. "boost-1.82") alongside
the main boost package ("boost") can be done by copying/renaming the older
recipe. This is useful when upstream code hasn't yet been ported to newer
boost and an older version is required.
(From OE-Core rev: b0770990a8b332dd2de802091164c9506882a465)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In boost 1.85 a charconv implementation in c++11 was added
[https://www.boost.org/doc/libs/master/libs/charconv/doc/html/charconv.html]
This is already used in real life and e.g. building the current wesnoth release fails with:
| /usr/src/debug/wesnoth/1.19.9/src/utils/charconv.hpp:57:(.text+0x238b): undefined reference to `boost::charconv::to_chars(char*, char*, double, boost::charconv::chars_format)'
Add charconv to BOOST_LIBS to provide the library
(From OE-Core rev: 42d14c130f2159c1d9ea314acc93142e6ccb2761)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the removal of BSD-4-Clause from LICENSE in commit 362435b0aec
(libbsd: Drop licenses that were removed upstream), the licenses for all
packages match the licenses for the recipe. Thus there is no longer any
reason to explicitly specify the package licenses.
(From OE-Core rev: 0c1b68fefe41d92eaa87578ff644bc254e078f9a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch to change how autotools pulls in macros is no longer needed.
(From OE-Core rev: 9a550b4154d3e501ed6555694dc95b31df527637)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bulk of these recipes used acpaths to work around argument list
limits as we passed the full path to every directory. As this behaviour
no longer happens we can remove these workarounds.
(From OE-Core rev: c4336f1b0da981b3ea396b17779b67898bceccef)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Noteworthy changes in version 1.24.2 (2025-02-10)
-------------------------------------------------
Take care: This version is from a legacy branch of gpgme created
just before we split out the C++, Qt, and Python bindings to
separate repositories and bumped the version number up to 2.0.
* Fix regression for RSA in gpgme_pubkey_algo_string. [T7508]
* Prevent failing tests after 2027-05-15. [T7471]
[c=C44/A33/R2 cpp=C27/A21/R2 qt=C21/A6/R2]
Release-info: https://dev.gnupg.org/T7524
See NEWS in https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-1.24.2.tar.bz2 for details
(From OE-Core rev: 90b637936b601c7af4c708d92562f098620a0d6a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update:
- LICENCE renamed to LICENCE.md
- format changed
- add "SPDX-License-Identifier: BSD-3-Clause WITH PCRE2-exception" to the top of LICENCE file
- add contribution information
(From OE-Core rev: 290bcaad31ac87766cd08bc017326daf5c4bd60d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Solves CVE-2024-12243
Refreshed patches
License-Update: multiple changes
* https://gitlab.com/gnutls/gnutls/-/commit/a8727cdb076287d0a2098ba49d76899b4e70160e
COPYING.LESSER updated wording to latest FSF version
* https://gitlab.com/gnutls/gnutls/-/commit/75f5ea80738156b81de30ae9b482a69cf4e77e9d
LICENSE file merged to README.md
COPYING and COPYING.LESSERv2 moved to top-level directory
Release notes: https://gitlab.com/gnutls/gnutls/-/blob/3.8.9/NEWS?ref_type=tags
* Version 3.8.9 (released 2025-02-07)
** libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
** libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
** libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]
** API and ABI modifications:
GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t
GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t
(From OE-Core rev: 4313d931673dd86aaf590c68f7b1fa364d752740)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Add static trampoline support for Linux on s390x.
- Fix BTI support for ARM64.
- Support pointer authentication for ARM64.
- Fix ASAN compatibility.
- Fix x86-64 calls with 6 GP registers and some SSE registers.
- Miscellaneous fixes for ARC and Darwin ARM64.
- Fix OpenRISC or1k and Solaris 10 builds.
- Remove nios2 port.
(From OE-Core rev: e7ee958facbf602c8e7d27507a984f29811efd01)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Those have been in meta-oe, but are needed for libadwaita upgrade.
Also updates libsass to newest version. I can take care of those
recipes for now.
(From OE-Core rev: 0a1d3607da7bb7c586c69cefadf8ade52c7b1987)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Noteworthy changes in version 2.5.4 (2025-02-12)
------------------------------------------------
* gpg: New option --disable-pqc-encryption. [rG00c31f8b04]
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given.[T7506]
* gpg: Fix handling with no CRC armor. [T7071]
* gpg: New private Kyber keys are now cross-referenced using a new
Link attribute. [T6638]
* gpg: Fix an import problem with keys having another primary key as
a subkey. [T7527]
* gpgsm: Allow unattended PKCS#12 export without passphrase.
[rG159e801043]
* gpgsm: Allow CSR generation with an unprotected key.
[rG89055f24f4]
* agent: New option --change-std-env-name. [T7522]
* agent: Fix ssh-agent's request_identities for skipped Brainpool
keys. [rG2469dc5aae]
* Do not package zlib and bzip2 object files in a speedo release
build. [T7442]
See-also: gnupg-announce/2025q1/000490.html
Release-info: https://dev.gnupg.org/T7480https://dev.gnupg.org/source/gnupg/browse/master/NEWS
(From OE-Core rev: 59f26c7311ae3d5596f517b739e7c3435db070a3)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We encountered the following error when building multipath-tools on
qemuppc64 platform:
| In file included from /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic/ppc.h:228,
| from /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic.h:73,
| from lock.h:5,
| from lock.c:1:
| /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic/generic.h: In function '_uatomic_and':
| /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic/generic.h:422:24: error: implicit declaration of function 'abort' [-Wimplicit-function-declaration]
| 422 | oldt = uatomic_read((uint32_t *) addr);
| | ^~~~~~~~~~~~
| /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic/generic.h:1:1: note: include '<stdlib.h>' or provide a declaration of 'abort'
| +++ |+#include <stdlib.h>
| 1 | // SPDX-FileCopyrightText: 1991-1994 by Xerox Corporation. All rights reserved.
| make[1]: *** [../Makefile.inc:155: lock.o] Error 1
| make[1]: Leaving directory '/build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/git/libmultipath'
Add stdlib.h header file for abort() in uatomic/generic.h.
(From OE-Core rev: 6dd6da04485152971346ee3fc09402c72aacbf22)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725.
Initialize WATT_ROOT variable to avoid looking in host dirs
when autotools are checking available features.
License-Update: copyright year refreshed
(From OE-Core rev: dd642c786e9c9eee06a90562e69e70cb37e704df)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gold hasn't seen development in some time and is being dropped from binutils
releases. Drop the small number of special cases for it we were carrying.
This patch also turns off gold in the binutils recipe.
(From OE-Core rev: a4addb9ab63011e7c604fc5daff95559e7d214e7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- Update the syscall table for Linux v6.13
- Add support for new arches: SuperH little and big endian, LoongArch, and
32-bit Motorola 68000
- Add multiplexed syscall support for more arches: MIPS, SuperH, and PPC
- Consolidate and simplify handling of multiplexed syscalls
- Add support for the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag
- Add support for transactions with the seccomp_transaction_start(),
seccomp_transaction_commit(), and seccomp_transaction_reject() APIs
- Add a seccomp_precompute() API to generate the seccomp BPF filter prior to
seccomp_load() or seccomp_export_bpf_mem()
- Add support for binary tree filters without syscalls
- Add support for the kernel’s implementation change of
SECCOMP_IOCTL_NOTIF_ID_VALID
- Add Python binding support for retrieving the notification file descriptor
- Improved tooling to help track syscall table updates in the Linux kernel
- Handle EINVAL error from the kernel when the WAIT_KILLABLE_RECV flag is
erroneously provided to the kernel
- Fix a seccomp userspace notification issue where the file descriptor was
being requested more than once
- Fix a bug where the internal filter state could be corrupted when a filter
rule addition fails
- Fix potential memory leak in the internal management of filter snapshots
- Utilize Cython rather than distutils in the Python bindings, due to
distutils’ deprecation
- Many test and CI improvements and fixes
- Many documentation improvements and updates
(From OE-Core rev: 549a477660bd6ccda842b4ed34814b53470d08d8)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matthias Schiffer
Jason Schonberg
Wang Mingyu
Vijay Anusuri
Khem Raj
Ross Burton
Niko Mauno
Richard Purdie
Makarios Christakis
Hongxu Jia
Yogita Urade
Alexander Kanavin
Alex Kiernan
Markus Volk
Peter Kjellerstedt
Divya Chellam
Peter Marko
Simone Weiß
Yi Zhao