FoundriesFactory Release 73 (v. 1013)

Highlights

Aktualizr-Lite updated to the latest Aktualizr 2020.7 release
Support for pre-loading container images as part of the LmP image
Linux-lmp updated to the 5.4.54 stable release
Linux-lmp-dev for mx8mm updated to the 5.4.51 stable release
Wireguard Module updated to the 20200712 snapshot
SPL and OP-TEE support now available for the imx6ullevk target
Python3 updated to the 3.8.5 release

Layer Updates

Meta LMP

base: aktualizr-lite: bump to 1b50571, ak 2020.7+fio
base: docker-ce: Systemd service to pre-load container images
base: fioconfig: bump to 5553f08
base: kernel-lmp-fitimage: add support for FIT_LOADABLES
base: linux-lmp: bump kernel to 5.4.54
base: linux-lmp-dev-mfgtool: add lzop-native to depends
base: lmp-device-register: bump rev to 633b11b
base: optee-os: bump to 70035ca3
base: optee-sks: bump to e098eeb7
base: softhsm: add release 2.6.1
base: u-boot-fio: bump revision to 954fb028
base: wireguard-module: upgrade 20200506 -> 20200712
bsp: base-files: imx6ullevk: add fstab
bsp: linux-lmp-dev-mfgtool: add defconfig for imx6ullevk
bsp: lmp-machine-custom: imx6ullevk: update build settings
bsp: lmp-machine-custom: mx6ull: enable sota ubootenv
bsp: lmp-machine-custom: mx8mm: bump kernel to 5.4.51
bsp: mfgtool-files: add support for imx6ullevk
bsp: optee-os: add configuration for imx6ullevk
bsp: u-boot-fio: imx6ullevk: fix fw_env size
bsp: u-boot-fio: imx6ullevk: update config fragment
bsp: u-boot-fio-mfgtool: imx6ullevk: introduce mfgtool config fragment
bsp: u-boot-ostree-scr-fit: add support for imx6ullevk
bsp: u-boot-ostree-scr-fit: imx6ullevk: save env on init
bsp: wic: add sdimage-imx6-spl-fit-sota.wks
Revert "base: linux-lmp-dev: add workaround for oe-core e684532"
Revert "base: sudo: set with-rundir to /run/sudo"

Meta Freescale

linux-fslc: upgrade kernel to v5.4.51 from korg
Revert "weston-init: use g2d for i.MX8M Nano SoC"

Meta Intel

gmmlib: upgrade 20.1.1 -> 20.2.2
intel-compute-runtime: 20.24.17065 -> 20.27.17231
intel-graphics-compiler: drop llvm9/clang9 support
intel-graphics-compiler: upgrade 1.0.4154 -> 1.0.4241
intel-media-driver: upgrade 20.1.1 -> 20.2.0
intel-mediasdk: upgrade 20.1.1 -> 20.2.0
ixgbe: upgrade 5.7.1 -> 5.8.1
ixgbevf: upgrade 4.7.1 -> 4.8.1
layer.conf: drop zeus compatibility
llvm-project-source: apply llvm-patches for llvm10 as well
llvm-project-source: drop llvm9 support
opencl-clang: drop llvm9/clang9 support

Meta OpenEmbedded

ace: Upgrade to 6.5.10
babeld: upgrade 1.9.1 -> 1.9.2
freeradius: fix the existed certificate error
glmark2: don't build full OpenGL backends by default
graphene: upgrade 1.10.0 -> 1.10.2
lvm2: reproducible binaries
memcached: Upgrade to 1.6.6
netkit-telnetd: Fix buffer overflow in netoprintf
net-snmp, openjpeg: add proper CVE tags to patches
network-manager-applet: Add missing dependency on libgudev
networkmanager: Fix udev dependency
networkmanager: Package nmcli separately
nss: upgrade 3.51.1 -> 3.54
python3-bitarray: Upgrade 1.2.2 -> 1.4.1
python3-bitstruct: Added recipe
python3-cantools: Added recipe
python3-cbor2: Upgrade 5.1.0 -> 5.1.1
python3-coverage: Upgrade 5.1 -> 5.2
python3-dateparser: Added recipe
python3-diskcache: Added recipe
python3-ecdsa: add package
python3-gmpy2: add new package
python3-gnupg: add new package
python3-isort: Upgrade 4.3.21 -> 5.1.4
python3-mock: Upgrade 4.0.1 -> 4.0.2
python3-netaddr: Upgrade 0.7.20 -> 0.8.0
python3-obd: Add missing setuptools RDEPENDS
python3-packaging: add -native version
python3-pint: add setuptools and packaging to RDEPENDS
python3-psutil: Upgrade 5.7.0 -> 5.7.2
python3-pychromecast: Upgrade 7.1.1 -> 7.1.2
python3-pymysql: Upgrade 0.9.3 -> 0.10.0
python3-qrcode: add package
python3-requests-file: Enable ptest
python3-rsa: add new package
python3-semver: Enable ptest
python3-simplejson: Upgrade 3.17.0 -> 3.17.2
python3-smpplib: Enable ptest
python3-soupsieve: Enable ptest
python3-stevedore: Upgrade 2.0.1 -> 3.2.0
python3-typeguard: Enable ptest
python3-xlsxwriter: add recipe for v 1.2.9
radvd: add /etc/radvd.conf
recipes-graphics: add Khronos OpenGL ES and Vulkan CTS recipes
Remmina: Upgrade to 1.4.7
samba: Fix conflicts with nss.h from glibc
toybox-inittab: unpack to S
wireguard-module: upgrade 1.0.20200401 -> 1.0.20200712
wireguard-tools: upgrade 1.0.20200319 -> 1.0.20200513
xfce4-time-out-plugin: upgrade 1.1.0 -> 1.1.1
xfce4-whiskermenu-plugin: upgrade 2.4.4 -> 2.4.5

Meta RISC-V

Add a CONTRIBUTORS file
README.md: Minor fix to using wayland image for HiFive Unleashed board

Meta Security

add gitlab framework and qemu machine
bastille: Deleted redundant inherit to fix error when enable multilib.
cryptsetup-tpm-incubator: RPROVIDES cryptsetup and cryptsetup-dev
drop ci-build: it is hiding errors
ibmswtpm2: upgrade 1563 -> 1628
kas: add ima, tpm and tpm2 build configs
layer.conf: add dynamic-layer for strongswan
lynis: update to 3.0.0
meta-integrity: add dynamic-layer for strongswan
packagegroup-core-security: remove clamav for riscv
packagegroup-security-tpm2: Depend on preferred provider for cryptsetup
packagegroup-security-tpm: add more packages for building
python3-oauth2client: add recipe
python3-privacyidea: adding initial support for mfa
security images: Move to recipe-core
security packagegroups: move to recipes-core
strongswan: Add bbappends for ima changes
strongswan: add bbappends for tpm changes

Meta Updater

Update garage-push invocation for new cli

Meta Virtualization

conmon: uprev 2.0.11 > 2.0.18
qemu: Remove duplicated xen PACKAGECONFIG
xen, arm32: filter out unwanted tune flags from CPP as per CC
xen: drop vars that duplicate hvc console from the r-pi4 config
xen-tools: packaging for new files in Xen 4.14
xen, xen-tools: add recipes for Xen 4.14

OpenEmbedded Core

arch-armv8-2a.inc: add tune include for armv8.2a
asciidoc: upgrade 9.0.0 -> 9.0.1
autotools: don't special-case help2man-native for dependencies
bash-completion: update to 2.11
bind: upgrade 9.11.19 -> 9.11.21
btrfs-tools: upgrade 5.6.1 -> 5.7
buildhistory: use pid for temporary txt file name
busybox: make hwclock compatible with glibc 2.31
ccache: Upgrade to 3.7.11
checklayer: check layer in BBLAYERS before test
classes/cmake: Fix host detection
classes/package: Use HOST_OS for runtime dependencies
classes/reproducible: Move to library code
createrepo-c: upgrade 0.15.11 -> 0.16.0
cryptodev-module: Backport a patch to fix build failure with kernel v5.8
cve-check.bbclass: always save cve report
cve-update: handle baseMetricV2 as optional
diffoscope: upgrade 150 -> 151
dpkg: upgrade 1.20.0 -> 1.20.5
e2fsprogs: fix up check for hardlinks always false if inode > 0xFFFFFFFF
epiphany: upgrade 3.36.2 -> 3.36.3
expat: Added ptest
ffmpeg: upgrade 4.3 -> 4.3.1
flex: fix build with autoconf 2.70
gcc-10.1: add fix for PR 96130
gcc: mitigate the Straight-line Speculation attack
gconf: use python3
glibc: Secruity fix for CVE-2020-6096
glibc: whitelist CVE-2010-10029
gnupg: upgrade 2.2.20 -> 2.2.21
gtk-immodules-cache.bbclass: fix post install scriptlet error
image.bbclass: improve wording when image size exceeds the specified limit
init-ifupdown: always make machine-specific
initscripts: Fix populate-volatile.sh bug when file/dir exists
initscripts: Fix various shellcheck warnings in populate-volatile.sh
init-system-helpers: upgrade 1.57 -> 1.58
insane: improve arch test messages
kernel-devsrc: fix on-target module build for v5.8+
kernel-yocto: account for extracted defconfig in elements check
kmod: add packageconfig for xz and ssl
libdnf: allow reproducible binary builds
libevdev:upgrade 1.9.0 -> 1.9.1
libevent: upgrade 2.1.11 -> 2.1.12
libgcrypt: upgrade 1.8.5 -> 1.8.6
libnsl2: upgrade 1.2.0 -> 1.3.0
lib/oe/reproducible: Fix error when no git HEAD
libuv: upgrade 1.38.0 -> 1.38.1
libva-initial: upgrade 2.7.1 -> 2.8.0
libva: upgrade 2.7.1 -> 2.8.0
libva-utils: upgrade 2.7.1 -> 2.8.0
linux-firmware: add ibt-20 package
linux-yocto/5.4: update to v5.4.51
linux-yocto-rt/5.4: fix mmdrop stress test issues
ltp: remove --with-power-management-testsuite from EXTRA_OECONF
mesa: enable freedreno Vulkan driver if freedreno is enabled
mpfr: upgrade 4.0.2 -> 4.1.0
mpg123: upgrade 1.26.1 -> 1.26.3
mtd-utils: upgrade 2.1.1 -> 2.1.2
musl: Update to latest tip
nasm: fix build with autoconf 2.70
net-tools: upgrade to latest revision in upstream repo instead of old debian snapshot
oeqa/qemurunner: Add priority/nice information for running processes
oeqa/utils/qemurunner: Fix missing pid file tracebacks
openssl: openssl-bin requires openssl-conf to run
perf: add PACKAGECONFIG for CoreSight support
perl: Avoid race continually rebuilding miniperl
pseudo: Update to add OFC fcntl lock updates
pulseaudio: improve the Thumb frame pointer fix
python3-cython: upgrade 0.29.20 -> 0.29.21
python3-git: upgrade 3.1.3 -> 3.1.7
python3-pycryptodome: upgrade 3.9.7 -> 3.9.8
python3-pycryptodomex: upgrade 3.9.7 -> 3.9.8
python3-setuptools: update to 49.2.0
python3: update to 3.8.5
qemu: fix CVE-2020-13362
qemu: fix CVE-2020-13659
qemu: fix CVE-2020-13791
qemu: fix CVE-2020-13800
qemu: fix for virtfs configuration error in qemu 5.0.0
Revert "python3: define a profile directory path"
rootfs-post: remove traling blanks from tasks
rpcsvc-proto: upgrade 1.4.1 -> 1.4.2
rpm: fix nativesdk's default var location
site: Make sys_siglist default to no
startup-notification: add time_t type mismatch patch from upstream
stress-ng: create a symlink for /usr/bin/stress
stress-ng: upgrade 0.11.14 -> 0.11.15
sudo: set with-rundir to /run/sudo
tune-cortexa55.inc: switch to using armv8.2a include file
webkitgtk: upgrade 2.28.2 -> 2.28.3
wic/bootimg-efi: Add support for IMAGE_BOOT_FILES
wic/filemap: Drop the unused block_is_unmapped()
wic/filemap: Drop the unused get_unmapped_ranges()
wic/filemap: Fall back to standard copy when no way to get the block map

Releases

73 (v. 1013)

Aug 7, 2020

Highlights

Layer Updates

Meta LMP

Meta Freescale

Meta Intel

Meta OpenEmbedded

Meta RISC-V

Meta Security

Meta Updater

Meta Virtualization

OpenEmbedded Core