FoundriesFactory Release 88 (v. 1732)

Highlights

NEW: Initial support for NXP i.MX 8M Nano Evaluation Kit (imx8mn-ddr4-evk)
NEW: OP-TEE support for Versal AI Core Series VCK190 Evaluation Kit
NEW: Support for LUKS2 based encrypted root filesystem with PKCS#11 and TPM 2.0 keystores
NEW: Support for Offline Updates in Aktualizr-Lite
NEW: Support for FoundriesFactory auto registration via the NXP EdgeLock 2GO service
LMP release based on the OE/Yocto 4.0.3 Kirkstone release
Golang updated to the 1.17.13 stable release
Linux-firmware updated to the 20220708 snapshot
Linux-lmp updated to the v5.15.64 stable release
Linux-lmp-rt updated to the v5.15.55-rt48 stable release
Linux-lmp-ti-staging updated to the v5.10.120 stable release
Linux-lmp-xlnx updated to the v5.15.64 stable release
ModemManager updated to the 1.18.8 stable release
OP-TEE updated to the 3.18.0+fio release
OpenSSL updated to the 3.0.5 stable release
TI BSP updated to the 08.04.00.005 release

Layer Updates

Meta LmP

base: add create-spdx.bbclass from yocto-4.0.2
base: Add new recipe to for Edgelock2GO auto registration
base: aktualizr: change the SRC_URI with only what is needed
base: aktualizr: drop musl patches
base: aktualizr-lite: bump to 70b90a9
base: aktualizr: use correct SRCREV
base: bring trusted-firmware-a from meta-st-stm32mp 00c2494
base/bsp: openssh: drop rng-tools from default PACKAGECONFIG
base/bsp: optee: update to 3.18.0
base: Bump version of fioconfig
base: classes: bring fip-utils from meta-st-stm32mp 00c2494
base: classes: make fip-utils class generic
base: core-image-minimal-initramfs: drop standard install module
base: fip-utils: add boot script to fip image
base: fip-utils: embed boot script only for u-boot-ostree-scr-fit
base: initramfs-framework: add support for luks2/cryptfs with pkcs11
base: initramfs-framework: add support for luks2/cryptfs with tpm2
base: initramfs-framework: merge pkcs11/tpm2 cryptfs implementation
base: initramfs-framework: ostree_recovery: support recovery modules
base: initramfs-framework: rootfs: align with oe-core changes
base: initramfs-ostree-lmp-image: conditional selection for luks2 support
base: initramfs-ostree-lmp-image: support luks/cryptfs module
base: initramfs-ostree-lmp-recovery: add os-release
base: initramfs-ostree-lmp-recovery: add sample for image download
base: initramfs-ostree-lmp-recovery: add sample for u-boot env
base: initramfs-ostree-lmp-recovery: add sample for udhcpc
base: initramfs-ostree-lmp-recovery: bring env if ubootenv
base: initramfs-ostree-lmp-recovery: drop ak-lite and ostree
base: initramfs-ostree-lmp-recovery: install initramfs-module-debug by default
base: kmeta-linux-lmp-5.10.y: bump to ec9e983b
base: kmeta-linux-lmp-5.15.y: bump to 0d5ce625
base: linux-lmp: bump to kernel v5.15.64
base: linux-lmp-rt: bump to v5.15.55-rt48
base: lmp-boot-firmware: abort when LMP_BOOT_FIRMWARE_FILES not found
base: lmp-boot-firmware: set install path based on OSTREE_DEPLOY_USR_OSTREE_BOOT
base: lmp: bump version for the 4.0.3 yocto release
base: lmp: cryptsetup: use luks2 by default
base: lmp-el2go-auto-register: look for libckteec.so.0 (major)
base: lmp-feture-debug: add curl tool
base: lmp-image-common: increase IMAGE_OVERHEAD_FACTOR with luks
base: lmp: kmod-native: add openssl to PACKAGECONFIG
base: lmp: non-clangable: add tf-a-fio used in stm32mp1
base: lmp: non-clangable: add trusted-firmware-a used in am6xxx
base: lmp: provision TUF root metadata
base: mfgtool-files: update UUU 1.4.139 -> 1.4.193
base: nerdctl: install the binaries in OE standard places
base: optee-client: move ckteec to a generic appends
base: optee-client: provide ckteec.module for p11-kit
base: optee-fio: use CFLAGS{32,64} to pass --sysroot
base: optee-os-fio: 3.18: bump to 6467bb295
base: optee-os-fio: add virtual package for optee-os-ta
base: optee-os-fio-se05x: drop CFG_PKCS11_TA_TOKEN_COUNT settings
base: optee-os-fio: set CFG_OPTEE_REVISION_EXTRA with +fio
base: ostree: as we use static linking fix it with clang
base: ostree: fix the clang override
base: ovmf: correctly set TPM2 build flag
base: plug-and-trust-seteec: bump to f9df65c
base: python3-plug-and-trust-ssscli: bump to 6c67941
base: rc: nerdctl: Add patch to extend ps output
base: rc: nerdctl: Add redps on the CNI plugins
base: rc: nerdctl: Patch docker/cli to set a def conf path
base: recipe-sota: aktualizr-lite: bump to 4ab5400
base: recipes-sota: Add aklite offline update cmd
base: resize-helper: add support for luks based rootfs
base: rs: aktualizr: Enable nerdctl in aklite
base: support: add default btattach.conf to bluetooth-attach service
base: systemd: enable support for cryptsetup, plugins and p11kit
base: systemd: enable tpm2 if available in MACHINE_FEATURES
base: systemd: use nonarch_libdir instead of nonarch_base_libdir
base: tf-a: make recipe generic
base: tpm2-abrmd: rdepend on libtss2-tcti-device
base: tpm2-pkcs11: set default storedir to /var/tpm2_pkcs11
base: u-boot-fio: 2021.04: bump to d5976b62
base: u-boot-fio: 2022.04: bump to d724ad15e21
base: u-boot-fio: add dependency from gnutls-native
base: u-boot-fio: add recipe for imx-2022.04
base: u-boot-fio-common: use variable u-boot URL
base: u-boot-fio: imx-2022.04: fix commit hash
base: u-boot-fio-mfgtool: add version imx-2022.04
base: u-boot-ostree-scr-fit: add support for ostree split and usr deploy
base: u-boot: u-boot-fio_imx-2022.04 decrease preference
base: wireguard-module: invert the KERNEL_BUILTIN_WIREGUARD logic
base: wireguard-module: update to v1.0.20220627
bsp: add machine settings to support imx8mn-ddr4-evk
bsp: arm-trusted-firmware: versal: enable opteed
bsp: arm-trusted-firmware: versal: support raw.bin
bsp: base-files: fstab: drop boot partition
bsp: bluetooth-attach: add imx8mn-evk bluetooth conf file
bsp: bootbin: versal: add support to include optee
bsp: external-hdf: kv260: update xsa based on v2022.1
bsp: imx-atf: imx8mn: enable sip call for secondary boot
bsp: imx-atf: imx8mn: implement system_reset2
bsp: imx-boot: support spl-only builds with DDR4 firmware
bsp: initramfs-ostree-lmp-recovery: qemuarm64: add uboot_env.sh
bsp: initramfs-ostree-lmp-recovery: qemuarm64: add udhcpc.sh
bsp: kernel: linux-lmp-fslc-imx: fix bluetooth initialization
bsp: kernel: mfgtool: enable missing configs for apalis-imx6
bsp: kernel-module-imx-gpu-viv: depend on virtual/kernel
bsp: kernel-module-imx-gpu-viv: inherit the kernel-modsign
bsp: kernel-modules: generalize imx-gpu-viv version
bsp: kernel: modules: nxp89xx: inherit the kernel-modsign
bsp: kv260: add tpm2 in MACHINE_FEATURES
bsp: linux-firmware: add firmware for Murata 1MW on imx8mn-evk
bsp: linux-lmp-stm32: drop recipe, not used anymore
bsp: linux-lmp-ti-staging: correct wifi startup on am62xx
bsp: linux-lmp-ti-staging: update to 08.04.00.005
bsp: linux-lmp-xlnx: update to v5.15.64
bsp: lmp-machine-custom: intel: drop startup.nsh
bsp: lmp-machine-custom: intel: enable tpm2 support
bsp: lmp-machine-custom: invert the KERNEL_BUILTIN_WIREGUARD logic
bsp: lmp-machine-custom: mx8mm: add support for encrypted rootfs
bsp: lmp-machine-custom: qemuarm64: enable recovery by default
bsp: lmp-machine-custom: stm32mp1common: set OSTREE_KERNEL_ARGS
bsp: lmp-machine-custom: ti-soc: update ti-linux-fw to 08.04.00.005
bsp: meta-ti-bsp: trusted-firmware-a: update to 08.04.00.005
bsp: mfgtool-files: add initial support for imx8mn-ddr4-evk
bsp: mfgtool-files: imx: improve fiovb delete handling
bsp: optee-os-fio: add settings for imx8mn-ddr4-evk
bsp: optee-os-fio-bsp: add options for am62xx/am64xx
bsp: optee-os-fio: versal: enable DT and embedded tests
bsp: optee-test: add patch for disabling tests on versal
bsp: plm-firmware: versal: add patches to enable nvm and puf
bsp: pmu-firmware: k26: extend options based on 2022.1 BSP
bsp: recipes-core: base-files: add fstab for imx8mn-ddr4-evk
bsp: stm32mp15-disco: don't create boot.itb
bsp: stm32mp15-eval: build tf-a-fio emmc configuration
bsp: stm32mp15-eval: define LMP_BOOT_FIRMWARE_FILES
bsp: stm32mp15-eval: provide boot script configuration
bsp: stm32mp1common: set ubootenv feature for all stm32mp1
bsp: stm32mp1: flashlayout: new layout
bsp: stm32mp1: use tf-a-fio as preferred provided
bsp: stm32mp: tf-a-fio: pre-load boot script
bsp: stm-st-stm32mp: add tf-a-tools 2.6
bsp: stm-st-stm32mp: tf-a-tools: 2.6 -> 2.7
bsp: stm-st-stm32mp: tf-a-tools: fix building
bsp: tf-a-fio: add support for emmc boot
bsp: tf-a-fio: remove false-positive asserts patch
bsp: tf-a-fio: support embed boot script only for sota
bsp: trusted-firmware-a: re-work how config is included
bsp: u-boot-base-scr: add boot.cmd for imx8mn-ddr4-evk
bsp: u-boot-base-scr: change ids of partitions
bsp: u-boot-fio: add support for imx8mn-ddr4-evk
bsp: u-boot-fio: align env configuration
bsp: u-boot-fio-mfgtool: add support for imx8mn-ddr4-evk
bsp: u-boot-fio: provide configuration for u-boot-tools
bsp: u-boot-fio: stm32mp15-disco: env configration for u-boot-tools
bsp: u-boot-fio: stm32mp15-disco: execute pre-loaded script
bsp: u-boot-fio: stm32mp15-disco: switch to raw env
bsp: u-boot-fio: stm32mp15-eval: correct u-boot env offset
bsp: u-boot-fio: stm32mp15-eval: provide u-boot configuration
bsp: u-boot-ostree-scr-fit: add support for imx8mn-ddr4-evk
bsp: u-boot-ostree-scr-fit: boot.cmd with boot firmware updates
bsp: u-boot-ostree-scr-fit: drop bootpart variable
bsp: u-boot-ostree-scr-fit: kv260: init tpm2 before bootm
bsp: u-boot-ostree-scr-fit: mx8qm: add support for ostree usr deploy
bsp: u-boot-ostree-scr-fit: qemuarm64: drop FIT_NODE_SEPARATOR
bsp: u-boot-ostree-scr-fit: qemuarm64: simplify ext4load
bsp: u-boot-ostree-scr-fit: stm32mp15-disco: drop boot.itb update
bsp: u-boot-stm32mp: drop configuration for stm32mp15-disco
bsp: u-boot-ti-staging: update to 08.04.00.005
bsp: u-boot-xlnx: 2022.01: bump to a84cc076b83
bsp: u-boot-xlnx: k26: add pm_cfg_obj.c
bsp: wic: add sdimage-imx8-spl-split-boot-sota.wks.in
bsp: wic: add u-boot-env for lmp-base wks
bsp: wic: stm32mp15-disco: replace boot partition with u-boot-env
create-spdx: ignore packing control files from ipk and deb
Revert "base: add create-spdx.bbclass from yocto-4.0.2"
Revert "base: aktualizr: use updated pkcs11 engines path for openssl 3"
Revert "base: clang: backport submited patch to build float128 soft float builtins for x86_64"
Revert "base: linux-lmp: skip debug split with modsign"
Revert "base: lmp: non-clangable: add mpfr for x86/x86-64"
Revert "base: wireguard-tools: add nostamp for create_runtime_spdx"
Revert "create-spdx: ignore packing control files from ipk and deb"

Meta Clang

bpftrace: Fix segfault when btf__type_by_id returns NULL

Meta OpenEmbedded

apache2: Fix the buildpaths issue
apache2: upgrade 2.4.53 -> 2.4.54
bigbuckbunny-1080p: update SRC_URI
catfish: fix buildpaths issue
cryptsetup: Add support for building without SSH tokens
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
emlog: ignore unrelated CVEs
freeradius: Fix buildpaths issue
freeradius: ignore patched CVEs
frr: fix buildpaths issue
glmark2: fix compatibility with python-3.11
ibus: Swith to use main branch instead of master
imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
libplist: ignore patched CVEs
libwebsockets: Avoid absolute paths in cmake files in the sysroot
meta-oe: ignore patched CVEs
modemmanager: update to 1.18.8
mongodb: ignore unrelated CVEs
ndisc6: upgrade 1.0.5 -> 1.0.6
net-snmp: set ac_cv_path_PSPROG
ntfs-3g-ntfsprogs: upgrade to 2022.5.17
ntp: ignore many CVEs
openflow: ignore CVE-2018-1078
openflow: ignore unrelated CVEs
openipmi: Fix buildpaths issue
openjpeg: ignore CVE-2015-1239
php: ignore patched CVEs
php: upgrade 8.1.6 -> 8.1.8
polkit: Add --shell /bin/nologin to polkitd user
polkit: add udisks2 rule
polkit-group-rule-udisks2: fix override syntax in RDEPENDS
polkit: update patches for musl compilation
postgresql: Fix the buildpaths issue
postgresql: ignore unrelated CVE
protobuf-c: update to 1.4.1 fix CVE-2022-33070
python3-lxml: Security fix CVE-2022-2309
quagga: ignore CVE-2016-4049
redis: upgrade 6.2.6 -> 6.2.7
redis: upgrade 7.0-rc3 -> 7.0.4
rsyslog: update 8.2202->8.2206
spice: ignore patched CVEs
stunnel: upgrade 5.63 -> 5.65
thrift: add CVE_PRODUCT to fix CVE reporting
tracker: upgrade 3.3.0 -> 3.3.2
usrsctp: add CVE_VERSION to correctly check for CVEs
wireshark: upgrade 3.4.11 -> 3.4.12
yasm: fix buildpaths warning
zabbix: upgrade 5.2.6 -> 5.4.12

Meta Security

clamav: make install owner match the added user name
libmhash: add multilib header
meta-integrity: kernel-modsign: prevents splitting out debug symbols
python3-privacyidea: add correct path to lib/privacyidea

Meta Virtualization

ceph: upgrade v15.2.15 -> v15.2.17
cloud-init: add depend on udev in sysvinit case.
cloud-init: add rdpends for netifaces and charset-normalizer
cloud-init: install sysvinit initscripts
cni: Use gcc-based toolchain
containerd: update to 1.6.6
criu: fix patch fuzz and remove unused patch
docker-distribution: fix build error on new hosts
docker-distribution: fix the inehrit and systemd settings
docker-distribution: upgrade to 2.8.1
fuse-overlayfs: Fix buffer overflow bug on workdir path
image-oci-umoci: add parameter for stop signal
image-oci-umoci: properly handle tags other than latest
netns: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
oci-image-tools: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
oci-runtime-tools: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
podman: Add support for rootless mode
podman: Backport patch to fix duplicate switch statements
podman: Fix host contamination
podman: Rename podman-rootless.conf sysctl file to aid overrides
podman: Silence docker emulation warnings
podman: Use gcc-based toolchain
Revert "xen: Disable PCI on qemuarm with Xen"
riddler: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
runc: Backport patch to fix duplicate switch statements
runc/docker: update to 1.1.2
runc: update to 1.1.2
singularity: Drop explicit runtime dep glibc
skopeo: clean up depends and fix CGO settings
skopeo: Mark CVE-2019-10214 as fixed
slirp4netns: Runtime recommend the tun kernel module
umoci: adjust CGO_CFLAGS and CGO_LDFLAGS settings
xen: Disable highmem on qemuarm
xen/sysvinit: add hvc0 console only if not there already

OpenEmbedded-Core

alsa-state: correct license
apt: fix nativesdk-apt build failure during the second time build
archiver.bbclass: remove unsed do_deploy_archives[dirs]
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
base/reproducible: Change Source Date Epoch generation methods
bind: Remove legacy python3 PACKAGECONFIG code
bind: upgrade 9.18.2 -> 9.18.4
bin_package: install into base_prefix
binutils : stable 2.38 branch updates
binutils: stable 2.38 branch updates
bluez5: update 5.64 -> 5.65
boost: fix install of fiber shared libraries
build-appliance-image: Update to kirkstone head revision
cargo_common.bbclass: enable bitbake vendoring for externalsrc
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
connman: Backports for security fixes
cracklib: Drop using register keyword
create-spdx: Fix supplier field
create-spdx: handle links to inaccessible locations
create-spdx: ignore packing control files from ipk and deb
curl: Fix multiple CVEs
cve-check: Don't use f-strings
devtool: error out when workspace is using old override syntax
devtool: finish: handle patching when S points to subdir of a git repo
devtool: ignore pn- overrides when determining SRC_URI overrides
devtool/upgrade: catch bb.fetch2.decodeurl errors
devtool/upgrade: correctly clean up when recipe filename isn't yet known
dpkg: fix CVE-2022-1664
efivar: fix import functionality
ell: upgrade 0.49 -> 0.50
encodings: update 1.0.5 -> 1.0.6
epiphany: upgrade 42.2 -> 42.3
externalsrc.bbclass: support crate fetcher on externalsrc
font-util: update 1.3.2 -> 1.3.3
gcc: Backport a fix for gcc bug 105039
gcc-runtime: Fix build when using gold
gcc-runtime: Fix missing MLPREFIX in debug mappings
gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
git: upgrade v2.35.3 -> v2.35.4
glib-2.0: upgrade 2.72.2 -> 2.72.3
glibc: revert one upstream change to work around broken DEBUG_BUILD build
glibc: stable 2.35 branch updates
glibc-tests: Avoid reproducibility issues
glib-networking: upgrade 2.72.0 -> 2.72.1
gnupg: update 2.3.4 -> 2.3.6
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
gobject-introspection-data: Disable cache for g-ir-scanner
go: update v1.17.10 -> v1.17.13
gperf: Add a patch to work around reproducibility issues
gperf: Switch to upstream patch
grub2: fix several CVEs
gst-devtools: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
gstreamer1.0: upgrade 1.20.2 -> 1.20.3
gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
gtk-doc: Remove hardcoded buildpath
harfbuzz: Fix compilation with clang
harfbuzz: fix CVE-2022-33068
initscripts: run umountnfs as a KILL script
insane: Fix buildpaths test to work with special devices
iso-codes: upgrade 4.10.0 -> 4.11.0
kernel-arch: Fix buildpaths leaking into external module compiles
kernel.bbclass: pass LD also in savedefconfig
kernel-devsrc: fix reproducibility and buildpaths QA warning
kernel-devsrc: ppc32: fix reproducibility
libcap: upgrade 2.63 -> 2.65
libgcc: Fix standalone target builds with usrmerge distro feature
libmodule-build-perl: Use env utility to find perl interpreter
libpam: use /run instead of /var/run in systemd tmpfiles
libsoup: upgrade 3.0.6 -> 3.0.7
libtiff: CVE-2022-34526 A stack overflow was discovered
libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
libuv: upgrade 1.44.1 -> 1.44.2
libwebp: upgrade 1.2.2 -> 1.2.3
libwpe: upgrade 1.12.0 -> 1.12.2
libxml2: Ignore CVE-2016-3709
linux-firmware: update 20220610 -> 20220708
linux-firwmare: restore WHENCE_CHKSUM variable
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.10: fix buildpaths issue with pnmtologo
linux-yocto/5.10: update to v5.10.135
linux-yocto/5.15: drop obselete GPIO sysfs ABI
linux-yocto/5.15: fix build_OID_registry buildpaths warning
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: fix buildpaths issue with pnmtologo
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix reproducibility issues
linux-yocto/5.15: update to v5.15.59
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
log4cplus: upgrade 2.0.7 -> 2.0.8
lttng-modules: fix 5.19+ build
lttng-modules: fix build against mips and v5.19 kernel
lttng-modules: Fix build failure for kernel v5.15.58
lttng-modules: replace mips compaction fix with upstream change
lttng-modules: update 2.13.3 -> 2.13.4
lua: Backport fix for CVE-2022-33099
lua: Fix multilib buildpath reproducibility issues
mkfontscale: upgrade 1.2.1 -> 1.2.2
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
nativesdk: Clear TUNE_FEATURES
oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled
oe-selftest: devtool: test modify git recipe building from a subdir
openssh: Add openssh-sftp-server to openssh RDEPENDS
openssl: update 3.0.4 -> 3.0.5
package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
package.bbclass: Fix base directory for debugsource files when using externalsrc
package.bbclass: Fix kernel source handling when not using externalsrc
packagegroup-self-hosted: update for strace
package_manager/ipk: do not pipe stderr to stdout
patch: handle if S points to a subdirectory of a git repo
perf: fix reproducibility in 5.19+
perf: Fix reproducibility issues with 5.19 onwards
perf: fix reproduciblity in older releases of Linux
perl: don't install Makefile.old into perl-ptest
pulseaudio: add m4-native to DEPENDS
python3: Backport patch to fix an issue in subinterpreters
python3-pip: Fix RDEPENDS after the update
qemu: Add PACKAGECONFIG for brlapi
qemu: add PACKAGECONFIG for capstone
qemu: Avoid accidental librdmacm linkage
qemu: Avoid accidental libvdeplug linkage
qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
qemu: fix CVE-2021-3507
qemu: fix CVE-2021-3929
qemu: fix CVE-2021-4158
qemu: fix CVE-2022-0216
qemu: fix CVE-2022-0358
qemu: Fix slirp determinism issue
relocate_sdk.py: ensure interpreter size error causes relocation to fail
rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
runqemu: Add missing space on default display option
scripts/oe-setup-builddir: make it known where configurations come from
selftest/runtime_test/virgl: Disable for all almalinux
selftest/wic: Tweak test case to not depend on kernel size
sstatesig: Include all dependencies in SPDX task signatures
strace: set COMPATIBLE_HOST for riscv32
systemd: Added base_bindir into pkg_postinst:udev-hwdb.
tcp-wrappers: Fix implicit-function-declaration warnings
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
u-boot: fix CVE-2022-30552
u-boot: fix CVE-2022-33103
u-boot: fix CVE-2022-33967
u-boot: fix CVE-2022-34835
udev-extraconf: fix some systemd automount issues
udev-extraconf: force systemd-udevd to use shared MountFlags
udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
udev-extraconf: let automount base directory configurable
udev-extraconf/mount.sh: add LABELs to mountpoints
udev-extraconf:mount.sh: fix a umount issue
udev-extraconf:mount.sh: fix path mismatching issues
udev-extraconf/mount.sh: ignore lvm in automount
udev-extraconf/mount.sh: only mount devices on hotplug
udev-extraconf/mount.sh: save mount name in our tmp filecache
vala: Fix on target wrapper buildpaths issue
vala: upgrade 0.56.0 -> 0.56.2
vim: update from 9.0.0063 to 9.0.0115
vim: Upgrade 9.0.0021 -> 9.0.0242
vim: upgrade to 9.0.0021
waffle: correctly request wayland-scanner executable
webkitgtk: upgrade 2.36.3 -> 2.36.5
weston: update 10.0.0 -> 10.0.2
wic/plugins/rootfs: Fix NameError for 'orig_path'
xdpyinfo: upgrade 1.3.2 -> 1.3.3
xev: update 1.2.4 -> 1.2.5
xf86-input-synaptics: update 1.9.1 -> 1.9.2
xmodmap: update 1.0.10 -> 1.0.11
xorg-app: Tweak handling of compression changes in SRC_URI
xserver-xorg: update 21.1.3 -> 21.1.4
xwayland: upgrade 22.1.1 -> 22.1.3
zlib: CVE-2022-37434 a heap-based buffer over-read

Meta ARM

arm-bsp/edk2-firmware: Add NT_FW_CONFIG to N1SDP to fix aborts when accessing virtual memory
arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2
arm-bsp/scp-firmware: N1SDP trusted boot
arm-bsp/sdcard-image-n1sdp: Fix N1SDP dependencies
arm-bsp/sdcard-image-n1sdp: N1SDP trusted boot
arm-bsp/trusted-firmware-a: N1SDP trusted boot
arm/classes: Change FVP_CONSOLE to FVP_CONSOLES in fvpconf
arm/edk2-firmware: cherry pick gcc 12.x compatibility patches
arm/lib: Improve FVPRunner shutdown logic
arm/oeqa: Add selftests for FVP library
arm/oeqa: Create new OEFVPSerialTarget with pexpect interface
arm/oeqa: Fix regex warning in linuxboot test case
arm/oeqa: Refactor OEFVPTarget to use FVPRunner and pexpect
arm/oeqa: Use linuxboot and OEFVPSerialTarget instead of noop
arm-toolchain/layer.conf: remove BB_DANGLINGAPPENDS_WARNONLY
ci: work around zephyr test issues
docs: Introduce meta-arm OEQA documentation
docs: Update FVP_CONSOLES in runfvp documentation
gem5: add meta-arm-bsp dependency
optee-ftpm: Update to "main" branch
optee.inc: update setting for OPTEE_ARCH
optee-os.inc: support multilib
optee: use CFLAGS{32,64} to pass --sysroot
runfvp: ignore setpgid errors when spawned
runfvp: Stop the FVP when telnet shuts down cleanly
scripts,arm/lib: Refactor runfvp into FVPRunner

Meta Intel

intel-compute-runtime: upgrade 22.22.23355 -> 22.31.23852
intel-graphics-compiler: upgrade 1.0.11279 -> 1.0.11702.1
intel-microcode: update SRCREV for 20220510
intel-microcode: upgrade 20220510 -> 20220809
ixgbe : upgrade 5.14.6 -> 5.15.2
linux-intel/5.15: update to v5.15.49
linux-intel-dev: update to 5.19.0
linux-intel: fix buildpaths issue
linux-intel-rt/5.15: update to v5.15.49
onednn: turn on PACKAGECONFIG for GPU engine
onednn : Upgrade 2.6 -> 2.6.1
onevpl-intel-gpu: Fix HEVC 12 bit Encode
openvino-inference-engine: enable GPU plugin

Meta ST STM32MP

CLASS: FLASHLAYOUT: correct bad exit of loop
GCNANO-USERLAND: fix PACKAGECONFIG names to fill RPROVIDES libs
mesa: drop dri from PACKAGECONFIG
TF-A-STM32MP: cleanup obsolete files
TF-A-STM32MP: update Makefile.sdk to use specific build folder per soc

Meta Yocto

poky.conf: bump version for 4.0.3
yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
yocto-bsps/5.10: fix buildpaths issue with pnmtologo
yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
yocto-bsps/5.15: fix buildpaths issue with pnmtologo
yocto-bsps: update to v5.10.128 and buildpaths fixes
yocto-bsps: update to v5.10.130
yocto-bsps: update to v5.15.52 and buildpaths fixes
yocto-bsps: update to v5.15.54

Meta Tegra

machine: jetson-nano-devkit: add new fab
weston: update bbappend version number to 10.0.2

Meta Sunxi

u-boot: Fix booting issues for 64bit boards

Releases

88 (v. 1732)

Sep 7, 2022

Highlights

Layer Updates

Meta LmP

Meta Clang

Meta OpenEmbedded

Meta Security

Meta Virtualization

OpenEmbedded-Core

Meta ARM

Meta Intel

Meta ST STM32MP

Meta Yocto

Meta Tegra

Meta Sunxi