FoundriesFactory Release 79 (v. 1196)

Highlights

Aktualizr-Lite updated to the revision be4532f (based on Aktualizr 2021.1+fio)
Binutils updated to the 2.35.1 stable release
Bitstream support now available for the uz3eg-iocc target
Clang/llvm updated to 11.1.0-rc2
Docker updated do the v20.10.3 stable release
Linux-lmp updated to the v5.10.17 stable release
Linux-lmp-fslc-imx updated to the v5.4.97 stable release
Linux-lmp-lts updated to the v5.4.97 stable release
Linux-lmp-rpi updated to the v5.4.81 stable release
Linux-lmp-toradex-imx updated to the 1266d0110fced revision
Linux-lmp-xlnx updated to the v5.4.97 stable release
OpenSSL updated to the 1.1.1i release
Secure boot support for iMX8MM targets
Sudo updated to the 1.9.5p2 stable release
SystemD updated to the 246.9 stable release

Layer Updates

Meta LMP

base: add sudo 1.9.5p2
base: aktualizr-lite: bump to be4532f
base: containerd-opencontainers: drop version update
base: dockerd: patch to reload images on signal
base: docker-moby: drop support for old .dockercfg
base: docker-moby: update to v20.10.3
base: kmeta-linux-lmp-5.4.y: bump to 58c846df
base: linux-lmp-lts: update to v5.4.97
base: linux-lmp: update to v5.10.17
base: lmp.inc: drop linux-stable bbmasks
base: optee: add 3.12.0 release
base: optee-client: consolidate recipes
base: optee-examples: consolidate recipes
base: optee-fiovb: leverage optee.inc
base: optee-os-fio: 3.10: bump to 915ee978d
base: optee-os-fio: consolidate recipes
base: optee-sks: leverage optee.inc
base: optee-test: consolidate recipes
base: preload: prepare for ostree-based preloading
base: u-boot-fio: 2020.04: bump to f0e3fc69
base: wireguard-module: update to v1.0.20210124
bsp: bitstream-extraction: generate and deploy bit.bin
bsp: device-tree: uz3eg-iocc: only drop axi_intc_0
bsp: imx-atf: add compatibility and deployment to use uboot-fitimage generation
bsp: imx-mkimage: imx8mm: support SPL-only build
bsp: imx-mkimage: mx8mm: guard deploy steps with IMXBOOT_TARGETS check
bsp: linux-lmp-fslc-imx: patch fix for QCA9377 SDIO hw params
bsp: linux-lmp-fslc-imx: update to v5.4.97
bsp: linux-lmp-toradex-imx: bump to rev 1266d0110fced
bsp: linux-lmp-xlnx: depend on bitstream-extraction deploy
bsp: linux-lmp-xlnx: update to v5.4.97
bsp: lmp-machine-custom: make SOTA_CLIENT_FEATURES machine specific
bsp: lmp-machine-custom: mx8mm: changes for imx-boot and uboot-fitmage class
bsp: lmp-machine-custom: mx8mm: fix lmp-base settings
bsp: mfgtool-files: flash separated imx-boot and U-Boot FIT
bsp: mfgtool-files: mx8mm: deploy u-boot.itb and kernel fit-image
bsp: optee-client: qemuarm64: enable rpmb emulation
bsp: optee-os-fio: 3.12.0: add initial bsp bbappend
bsp: u-boot-fio: imx8mmevk: lmp.cfg: enable signature verification in SPL
bsp: u-boot-fio: install spl-nodtb and UBOOT_MACHINE artifacts
bsp: u-boot-fio: lmp-base: add SPL_DM support
bsp: u-boot: mfgtool-files: install spl-nodtb and UBOOT_MACHINE artifacts
bsp: u-boot-ostree-scr-fit: uz: add fpga load support
bsp: uz3eg-iocc: add bitstream as fit loadable
bsp: uz3eg-iocc: sync dts from meta-avnet
bsp: uz3eg-iocc: update system.xsa from 2020.2
bsp: wic: imx8: introduce a separate SPL image layout
bsp: wic: sdimage-imx8-sota: fix comment to match reality
conf/layer.conf: add hardknott to LAYERSERIES_COMPAT
meta-lmp-bsp: conf: set bitstream packages as machine specific
meta-lmp: xilinx-tools: bitstream-extraction: Add bitstream support

Meta ARM

arm-autonomy/arm-autonomy-host-image-minimal: Added multiconfig support
arm-autonomy/autonomy-host: add user defined partition to wic image
arm-autonomy/documentation: Remove references to meta-kernel
arm-autonomy/juno-firmware: add compressed kernel support
arm-autonomy/juno-image-customization: add host wks file
arm-bsp: fix sgi575 kernel compile warning
ci: fail any build that emits warnings
ci: make bootstrap just another kas overlay
gitlab-ci: force git updates
kas: remove redundant env settings

Meta Freescale

conf/layer.conf: Add hardknott to LAYERSERIES_COMPAT
EULA: Update to LA_OPT_NXP_Software_License v15 August 2020
gstreamer1.0-plugins-bad: update to NXP's MM_04.05.06_2008_L5.4.47 branch
gstreamer1.0-plugins-base: update to NXP's MM_04.05.06_2008_L5.4.47 branch
gstreamer1.0-plugins-good: update to NXP's MM_04.05.06_2008_L5.4.47 branch
gstreamer1.0: update to NXP's MM_04.05.06_2008_L5.4.47 branch
imx-dpu-g2d: Upgrade to 1.8.9
imx-gpu-g2d: Upgrade to 6.4.3.p0.0
imx-gpu-viv: Fix rootfs conflict with libvulkan-dev
imx-gpu-viv: Update install for improved packaging design
imx-gpu-viv: Upgrade to 6.4.3.p0.0
imx-gst1.0-plugin: update to NXP's MM_04.05.06_2008_L5.4.47 branch
imx-vpuwrap: update to NXP's MM_04.05.06_2008_L5.4.47 branch
kernel-module-imx-gpu-viv: Upgrade to 6.4.3.p0.0
linux-fslc-imx: update to v5.4.94
linux-fslc-qoriq: update to LSDK-20.12 & 5.4.92
linux-fslc: update to v5.4.94
Provide u-boot-mfgtool and linux-mfgtool for fslc distros
restool: compiling with optimization (-O2)
restool: update to 8ddbe4c
vulkan-loader: Add runtime dependency for libvulkan-imx
xf86-video-armada: Fix no more working SRC_URI

Meta Freescale 3rdparty

linux-boundary: bump version to 5.4 2.2.0
linux-fslc-qoriq: apply SolidRun patches for LSDK-20.12
nitrogen8m: add BOUNDARY_DEVICES_UBOOT_DEFCONFIG variable
nitrogen8m: add uboot binary and upgrade script to boot part
nitrogen8mm: add BOUNDARY_DEVICES_UBOOT_DEFCONFIG variable
nitrogen8mm: add uboot binary and upgrade script to boot part
nitrogen8mm: update uboot binary to rev2
nitrogen8mn: add BOUNDARY_DEVICES_UBOOT_DEFCONFIG variable
nitrogen8mn: add uboot binary and upgrade script to boot part
u-boot-boundary: bump version to 2020.10

Meta Xilinx

Adding BOARD and BOARD_VARIANT level hierarchy
Cleanup QB_MACHINE for xilinx machines
linux-xlnx: Fix build with patch from upstream kernel for gcc-10.
linux-xlnx.inc: Update overlay config fragments
meta-xilinx-bsp: Move uboot-device-tree to meta-xilinx-tools layer
picozed-zynq7.dts: add marvell,88e1510 to eth phy
qemu-xilinx: Fix patch puzz warning during do_patch
u-boot-xlnx: Fix build error by applying patch from upstream u-boot.
ultra96: Using BOARD level hiearchy for ultra96 overrides
Update LICENSE_CHECKSUM for kernel-module-hdmi
weston: Update the weston patches to comply with weston-9.0
zcu102-zynqmp.conf: Fix qemuboot for zcu102-zynqmp

Meta Xilinx Tools

fpgamanger: Putting artifacts one layer deeper (/lib/firmware/xilinx)
machine-xilinx-versal.inc: Adding psm to xilinx-bootbin bif
uboot-device-tree.bb: Move uboot-device-tree from meta-xilinx-bsp layer
ultra96: Using BOARD level hiearchy for ultra96 overrides

Meta Clang

Add the target option to the CLANG environment variables.
clang.bbclass: Remove -mcpu option for the octeontx2 core
clang.bbclass: Set CCACHE_COMPILERCHECK as default value
clang: for x86_64, set Yocto GCC install search path
clang/llvm: Upgrade to 11.1.0-rc2
clang: Replace mtune with mcpu to match oe-core
clang: Update to 11.0.1 rc2
compiler-rt: Disable sanitizer builds
ppp: Mark non-clangable
pulseaudio: Remove -Qunused-arguments with clang
qemu: Link with latomic on clang/x86
redis: Mark non-clangable as of now
rpm: Use gcc for building rpm on all mips arches
yoe.yml: Use actions/checkout at v2

Meta Updater

image_repo_manifest.bbclass: Improvement for builds outside the .repo directory
image_types_ostree.bbclass: get lock before accessing OSTREE_REPO
image_types_ota.bbclass: add metadata_csum mkfs option
image_types_ota.bbclass: pass -t ext4 to mke2fs
image_types_ota.bbclass: use standard ext4 features
Use python3 to get repo working again.

Meta Virtualization

ceph: uprev v15.2.0 -> v15.2.8
containerd: bump to v1.4.3
docker-ce: update to v19.03.14
k8s: update to 1.20 release candidate
libvirt: fix host gcc can't recognized option -fmacro-prefix-map
linux-yocto: add cgroup-hugetlb config
moby: update to v19.03.14
xen, linux-yocto-dev, RPi4: weaker assign for KBRANCH and KMACHINE

Meta OpenEmbedded

colord: fix installed-vs-shipped error
dlt-daemon: add upstream patch to fix CVE-2020-29394
ebtables: do not install /etc/ethertypes
fbset: use DEBIAN_MIRROR in SRC_URI
flatbuffers: whitelist CVE-2020-35864
fuse: set CVE_PRODUCT to "fuse_project:fuse"
giflib: apply patch for CVE-2019-15133 and set CVE_PRODUCT
gssdp: Upgrade to 1.2.2 -> 1.2.3
gupnp: Upgrade to 1.2.2 -> 1.2.4
iscsi-initiator-utils: upgrade 2.1.2 -> 2.1.3
liboop: use upstream SRC_URI
libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer
libsdl2-mixer: set --disable-music-ogg-shared to link statically
lmbench: Fix setting LDLIBS failure
lockfile-progs: use DEBIAN_MIRROR in SRC_URI
mcpp: Normalize the patch format of CVE
minifi-cpp: depend on nettle and lz4
multipath-tools: fix error handling for udev_monitor_set_receive_buffer_size
nanopb: move to dynamic-layers
networkmanager: Fix reallocarray check in meson and configure
nodejs: 12.19.0 -> 12.20.1
openct: use upstream SRC_URI
openldap: upgrade 2.4.51 -> 2.4.57
pcsc-lite: provide pcsc-lite-lib-native explicitly for native build
php: CVE-2020-7069
php: CVE-2020-7070
php: remove the failing ${D}/${TMPDIR} code
pidgin-sipe: Do not add native libdir to pkgconfig search path
postgresql: Update to 12.5
postgresql: Use /dev/urandom when openssl is not used
python3-aiohttp: added missing RDEPENDs
Revert "gnome-calendar: update to 3.38.1, add libhandy 1.x support"
samba: CVE-2020-14318 Security Advisory
samba: CVE-2020-14383 Security Advisory
sdbus-c++-libsystemd: Fix reallocarray check in meson
sip3: simplify recipe
spdlog: Fix recipe so other recipes can use spdlog with external fmt.
tclap: align version to tag v1.2.2
tclap: fix branch
tcpdump: Patch for CVE-2020-8037
wireshark: Several securtiy fixes
xmlsec1: Fix configure QA error caused by host lookup path
xterm: install xterm and uxterm desktop files
xterm: provide virtual/x-terminal-emulator
zabbix: CVE-2020-15803 Security Advisory
zram: fix sourcing of zram parameters

OpenEmbedded Core

binutils: Fix CVE-2020-35448
binutils: upgrade 2.35 -> 2.35.1
bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS
bitbake.conf: Canonicalize paths in PSEUDO_IGNORE_PATHS
bitbake.conf: Prevent pyc file generation in pseudo context
boost: drop arm-intrinsics.patch
buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable
ca-certificates: upgrade 20200601 -> 20210119
core-image-sato-sdk-ptest: these images need ptest
coreutils: enable xattrs by default for nativesdk
curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
cve-check: replace Looseversion with custom version class
devtool: Fix file:// fetcher symlink directory structure
devtool: Fix source extraction for gcc shared source
devtool: gitsm:// should be handled same as git:// in upgrades
diffstat: point the license checksum at the license
distutils3-base.bbclass: use python3targetconfig
dtc: improve reproducibility
externalsrc: Detect code changes in submodules
externalsrc: Fix parsing error with devtool non-git sources
ffmpeg: Fix CVE-2020-35964, CVE-2020-35965
flex: Fix --noline option behavior
gcc: Backport patch to resolve i86 tune configuration overrides
gdk-pixbuf: fix CVE-2020-29385
glib-2.0: fix CVE-2020-35457
glibc: CVE-2019-25013
glibc: update to latest release/2.32/master branch
gobject-introspection: Fix variable override order
gpgme: use python3targetconfig
grub: fix "CVE:" line in one of the patches
grub: Further reproducibility fix
gstreamer1.0: fix failing ptest
image_types.bbclass: tar: use posix format instead of gnu
image_types: Ensure tar archives are reproducible
image_types_wic: Move wic working directory
initscripts: use quotes for shell variable comparision
kernel.bbclass: fix deployment for initramfs images
libcroco: Added CVE
libexif: fix CVE-2020-0198; CVE-2020-0452
libgcrypt: Whitelisted CVEs
lib/oe/patch.py: Don't return command stderr from runcmd function
lib/oe/path: Add canonicalize()
lib/oe/utils: Return empty string in parallel_make
license.bbclass: Add COMMON_LICENSE_DIR and LICENSE_PATH dirs to PSEUDO_IGNORE_PATHS
license_image.bbclass: Don't attempt to symlink to the same file
linuxloader: Avoid confusing string concat errors
linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings
linux-yocto/5.4/cfg: fix -tiny warnings
linux-yocto/5.4: update to v5.4.94
linux-yocto/5.8/cfg: fix -tiny warnings
linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT
linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y'
linux-yocto-rt/5.4: fix 5.4-stable caused build breakage
man-db: Fix reproducibility issue
meta: drop _PYTHON_SYSCONFIGDATA_NAME hacks
meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex
meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script
mobile-broadband-provider-info: upgrade 20190618 ->20201225
ncurses: Don't put terminfo into the sysroot
npm.bbclass: make shrinkwrap file optional
npm.bbclass: use python3 for npm config
oeqa/commands: Ensure sync can be found regardless of PATH
oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event
openssh: Backport a fix to fix with glibc 2.33 on some platforms
openssl: set CVE_VERSION_SUFFIX
openssl: Update to 1.1.1i
ovmf-shell-image: image is only buildable on x86-64
p11-kit: upgrade 0.23.21 -> 0.23.22
package: Ensure do_packagedata is cleaned correctly
patch: fix CVE-2019-20633
pseudo: Add lchmod wrapper
pseudo: Drop patches merged into upstream branch
pseudo: Update for arm host and memleak fixes/cleanup
pseudo: Update to include passwd and file renaming fixes
pseudo: Update to print PSEUDO_LOGFILE in abort message on path mismatches
pseudo: Update to work with glibc 2.33
python3: Avoid installing test data into recipe-sysroot
python3: fix CVE-2021-3177
python3-pycairo: use python3targetconfig
python3: split python target configuration into own class
python3targetconfig.bbclass: Make py3 dep and tasks only for target recipes
python3: Use addtask statement instead of task dependencies
qemu: CVE-2020-25723
qemu: CVE-2020-28916
qemu.inc: Should depend on qemu-system-native, not qemu-native
recipetool: create: only add npmsw url if required
sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap
sanity.bbclass: sanity check for if bitbake is present in PATH
sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS
scripts: oe-run-native, fix -native directories
selftest: Add argument to keep build dir
sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError
staging: Clean up files installed into the sysroot
strace: increase ptest timeout duration 120->240s
sudo: fix CVE-2021-23239
sudo: fix CVE-2021-23240
sudo: fix CVE-2021-3156
systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found
systemd: change /bin/nologin to /sbin/nologin
systemd: upgrade 246.6 -> 246.9
timezone: upgrade to 2021a
toolchain-shar-extract.sh: Handle special characters in script path
toolchain-shar-relocate.sh: Fix handling files with colons
uninative: Upgrade to 2.10
wic: Add workdir argument
wic: Allow exec_native_cmd to run HOSTTOOLS
wic: Copy rootfs dir if fstab needs updating
wic/direct/kparser: ensure fsuuid for vfat and msdos align with format
wic: Ensure internal workdir is not reused
wic: Optimise fstab modification for ext2/3/4 and msdos partitions
wic: Pass canonicalized paths in PSEUDO_IGNORE_PATHS
wic/selftest: test_permissions also test bitbake image
wic: Update pseudo db when excluding content from rootfs
zip: whitelist CVE-2018-13410 and CVE-2018-13684

Releases

79 (v. 1196)

Feb 23, 2021

Highlights

Layer Updates

Meta LMP

Meta ARM

Meta Freescale

Meta Freescale 3rdparty

Meta Xilinx

Meta Xilinx Tools

Meta Clang

Meta Updater

Meta Virtualization

Meta OpenEmbedded

OpenEmbedded Core