Changelog:
==========
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
--------------
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
-------------
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
----------------
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
Known issues:
-------------
* Nettle's testsuite doesn't work out-of-the-box on recent
MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
environment variable. Nettle's test scripts handle this in
some cases, but currently fails the test cases that are
themselves written as /bin/sh scripts. As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Miscellaneous:
--------------
* Updated manual to current makeinfo conventions, with no
explicit node pointers. Generate pdf version with texi2pdf,
to get working hyper links.
* Added square root functions for NIST ecc curves, as a
preparation for supporting compact point representation.
* Reworked internal GCM/ghash interfaces, simplifying assembly
implementations. Deleted unused GCM C implementation
variants with less than 8-bit lookup table.
(From OE-Core rev: 9081f656240f0c625d31b765dc54d64becd82185)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
Added
--------
Update ISO 639-2 codes to include Montenegrin (cnr) added in 2017.
Update ISO 4217. Fixes#24
ISO 639-3: New translation for Friulian
ISO 639-5: New translations for Esperanto, Hindi, Russian
ISO 4217: New translation for Esperanto
Changed
--------
Translation updates for ISO 3166-1
Translation updates for ISO 3166-2
Translation updates for ISO 3166-3
Translation updates for ISO 639-2
Translation updates for ISO 639-3
Translation updates for ISO 639-5
Translation updates for ISO 4217
Translation updates for ISO 15924
Fixed
--------
ISO 3166-2: Add parent codes for GB. Fixes#36
ISO 3166-2: Fix subdivision names for Finland. Fixes#37
(From OE-Core rev: eb771fa7740f9749d26a4d3f74a926eb1e564ee5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is needed to properly support memmem() and friends under musl
as musl guards the declarations with _GNU_SOURCE define, and if the
declarations are not present, gcc will issue warnings and generate
assembly that assumes the functions return int (instead of e.g.
void*), with catastrophic consequences at runtime.
(From OE-Core rev: 6422e62fbc5c65a2165a72c97c880cfa9a80e957)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise, when running configure/make on a previously built tree,
makefiles generated by makemaker may detect that 'configuration has changed',
followed by self-deletion, self-regeneration, requesting the user to
re-run make and exit 1. And therefore do_compile goes kaboom.
(From OE-Core rev: 00aeb84a5e7c6d4293fb4cd30dd1e28d60c6aac5)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is no reason to keep the recipe separate: bash dependency is not a
problem until the alsa-utils-scripts package is explicitly installed into a target image.
(From OE-Core rev: 466eba749629cdc8d759b6df3e1d95340fcfd67f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop the patch, as we do not actually have ptests for
the module, and the patch submitted upstream differs
significantly, so it makes no sense to rebase
the in-layer version.
(From OE-Core rev: fb31b92341da9b5deedf9f6d53b6bc6488d0d20e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Convert to meson, drop unsupported options.
Drop autotools-specific and glew-specific patches (glew support dropped upstream).
glu dependency is now x11-specific.
0012-mesa-demos-OpenVG-demos-with-single-frame-need-eglSw.patch dropped
as patched files removed upstream.
(From OE-Core rev: b9fc45915977c34b3a50e3d64347c2b247c49840)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As we're ahead of the latest stable release (updated to a beta by mistake/
unclear upstream version policy), mark upstream version as unknown until a new
release happens.
(From OE-Core rev: 7539bcdb4635487ee7e09ea277f7bf25a36d1ee6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If IMAGE_LINK_NAME and IMAGE_MANIFEST are equal
don't create a link otherwise it will create it
to itself.
(From OE-Core rev: 8fd1a37c38dbfc688d840d12c61d76f151f9f605)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dont hard-code automount base directory to '/run/media', introduce a
variable MOUNT_BASE to let it configurable, like in udisks2 the mount
base is also configurable by setting option: --enable-fhs-media.
(From OE-Core rev: f077befd5f36ad88623aaf6a38b1a837ecb18650)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This allows two level of overriding (distro level and local.conf/shell
variable). Previous settings blocked shell variables overring
if it was overriden on distro level.
(From OE-Core rev: de6c3f9cb2c589aecbf8d9d25fa83cd18bf80891)
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.
To switch to the most recent branch, add the following lines to the
local.conf file:
PREFERRED_VERSION_linux-firmware = "1:20220509+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "4288aad55d189fa225d492526b8406d5"
(From OE-Core rev: b023570ae1d239de14b50a0e827582d0e84ddf81)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add avtp resp. libavtp PACKAGECONFIG. This allows building them
GStreamer Audio Video Transport Protocol (AVTP) Plugins which rely on
Avnu's libavtp.
(From OE-Core rev: 5c143bfbad46bf68f70f0d6693caf48bea9fda32)
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now that our make version is a minmum of 4.0 we can drop this dependency.
(From OE-Core rev: 7a0c52fd44332abb24e0dea608229ab7c472d94e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make 4.1 has race issues with double colon usage in makefiles which are common
in MakeMaker generated code in perl. Add a dependency on make-native to avoid
this as it is relaitvely low overhead.
(From OE-Core rev: 692b7c518637c77804caf7b3cfc60a83afa2e4f4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We can't build glibc without make 4.0 and we don't work on older distros with
older versions of make without buildtools tarball so increase the minimum
version to 4.0.
(From OE-Core rev: e9a449aeec72a698206323c3471c9268f949b1ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With CONFIG_MODULE_COMPRESS_ZSTD enabled, kernel modules will have a
.ko.zst extension. This fixes depmod not being run.
Fixes: 1b696a45ddb ("rootfs.py: Add check for kernel modules before running depmod")
(From OE-Core rev: 425efac7110f0f42d70643e0a448e834d0f01a7a)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.
(From OE-Core rev: ab3cc3651d08d226675c461da760cda0bb6c0ce0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously, only the first line of the LICENSE file was included,
which only covered the license name and thus would not detect a change
to the version (or anything else for that matter).
(From OE-Core rev: 3ac45755dffc611fb46f5cd1c07f4876d3094893)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.
Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.
(From OE-Core rev: b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make empty return types in check_cvs the same for all code paths.
(From OE-Core rev: f86393c93dec47b24e837d0c4c5761a716ecdbb6)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
(From OE-Core rev: f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the function to a library, it could be useful in other places.
(From OE-Core rev: debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A previous fix for zero length bb_unihashes.dat files wasn't complete
as there is a second copy of the unihashes file made. Change this second
call site to match the first to fully fix the zero length file issue.
(From OE-Core rev: 962bd78af1acc86b3d900dce9081ed310616e0fa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wangmy
Alexander Kanavin
Davide Gardenal
Mingli Yu
Ming Liu
Pavel Zhukov
Dmitry Baryshkov
Marcel Ziswiler
Richard Purdie
Sean Anderson
Peter Kjellerstedt
Marta Rybczynska
Alex Stewart