Releases

88 (v. 1732)

07-09-2022

Highlights

  • NEW: Initial support for NXP i.MX 8M Nano Evaluation Kit (imx8mn-ddr4-evk)
  • NEW: OP-TEE support for Versal AI Core Series VCK190 Evaluation Kit
  • NEW: Support for LUKS2 based encrypted root filesystem with PKCS#11 and TPM 2.0 keystores
  • NEW: Support for Offline Updates in Aktualizr-Lite
  • NEW: Support for FoundriesFactory auto registration via the NXP EdgeLock 2GO service
  • LMP release based on the OE/Yocto 4.0.3 Kirkstone release
  • Golang updated to the 1.17.13 stable release
  • Linux-firmware updated to the 20220708 snapshot
  • Linux-lmp updated to the v5.15.64 stable release
  • Linux-lmp-rt updated to the v5.15.55-rt48 stable release
  • Linux-lmp-ti-staging updated to the v5.10.120 stable release
  • Linux-lmp-xlnx updated to the v5.15.64 stable release
  • ModemManager updated to the 1.18.8 stable release
  • OP-TEE updated to the 3.18.0+fio release
  • OpenSSL updated to the 3.0.5 stable release
  • TI BSP updated to the 08.04.00.005 release

Layer Updates

Meta LmP

  • base: add create-spdx.bbclass from yocto-4.0.2
  • base: Add new recipe to for Edgelock2GO auto registration
  • base: aktualizr: change the SRC_URI with only what is needed
  • base: aktualizr: drop musl patches
  • base: aktualizr-lite: bump to 70b90a9
  • base: aktualizr: use correct SRCREV
  • base: bring trusted-firmware-a from meta-st-stm32mp 00c2494
  • base/bsp: openssh: drop rng-tools from default PACKAGECONFIG
  • base/bsp: optee: update to 3.18.0
  • base: Bump version of fioconfig
  • base: classes: bring fip-utils from meta-st-stm32mp 00c2494
  • base: classes: make fip-utils class generic
  • base: core-image-minimal-initramfs: drop standard install module
  • base: fip-utils: add boot script to fip image
  • base: fip-utils: embed boot script only for u-boot-ostree-scr-fit
  • base: initramfs-framework: add support for luks2/cryptfs with pkcs11
  • base: initramfs-framework: add support for luks2/cryptfs with tpm2
  • base: initramfs-framework: merge pkcs11/tpm2 cryptfs implementation
  • base: initramfs-framework: ostree_recovery: support recovery modules
  • base: initramfs-framework: rootfs: align with oe-core changes
  • base: initramfs-ostree-lmp-image: conditional selection for luks2 support
  • base: initramfs-ostree-lmp-image: support luks/cryptfs module
  • base: initramfs-ostree-lmp-recovery: add os-release
  • base: initramfs-ostree-lmp-recovery: add sample for image download
  • base: initramfs-ostree-lmp-recovery: add sample for u-boot env
  • base: initramfs-ostree-lmp-recovery: add sample for udhcpc
  • base: initramfs-ostree-lmp-recovery: bring env if ubootenv
  • base: initramfs-ostree-lmp-recovery: drop ak-lite and ostree
  • base: initramfs-ostree-lmp-recovery: install initramfs-module-debug by default
  • base: kmeta-linux-lmp-5.10.y: bump to ec9e983b
  • base: kmeta-linux-lmp-5.15.y: bump to 0d5ce625
  • base: linux-lmp: bump to kernel v5.15.64
  • base: linux-lmp-rt: bump to v5.15.55-rt48
  • base: lmp-boot-firmware: abort when LMP_BOOT_FIRMWARE_FILES not found
  • base: lmp-boot-firmware: set install path based on OSTREE_DEPLOY_USR_OSTREE_BOOT
  • base: lmp: bump version for the 4.0.3 yocto release
  • base: lmp: cryptsetup: use luks2 by default
  • base: lmp-el2go-auto-register: look for libckteec.so.0 (major)
  • base: lmp-feture-debug: add curl tool
  • base: lmp-image-common: increase IMAGE_OVERHEAD_FACTOR with luks
  • base: lmp: kmod-native: add openssl to PACKAGECONFIG
  • base: lmp: non-clangable: add tf-a-fio used in stm32mp1
  • base: lmp: non-clangable: add trusted-firmware-a used in am6xxx
  • base: lmp: provision TUF root metadata
  • base: mfgtool-files: update UUU 1.4.139 -> 1.4.193
  • base: nerdctl: install the binaries in OE standard places
  • base: optee-client: move ckteec to a generic appends
  • base: optee-client: provide ckteec.module for p11-kit
  • base: optee-fio: use CFLAGS{32,64} to pass --sysroot
  • base: optee-os-fio: 3.18: bump to 6467bb295
  • base: optee-os-fio: add virtual package for optee-os-ta
  • base: optee-os-fio-se05x: drop CFG_PKCS11_TA_TOKEN_COUNT settings
  • base: optee-os-fio: set CFG_OPTEE_REVISION_EXTRA with +fio
  • base: ostree: as we use static linking fix it with clang
  • base: ostree: fix the clang override
  • base: ovmf: correctly set TPM2 build flag
  • base: plug-and-trust-seteec: bump to f9df65c
  • base: python3-plug-and-trust-ssscli: bump to 6c67941
  • base: rc: nerdctl: Add patch to extend ps output
  • base: rc: nerdctl: Add redps on the CNI plugins
  • base: rc: nerdctl: Patch docker/cli to set a def conf path
  • base: recipe-sota: aktualizr-lite: bump to 4ab5400
  • base: recipes-sota: Add aklite offline update cmd
  • base: resize-helper: add support for luks based rootfs
  • base: rs: aktualizr: Enable nerdctl in aklite
  • base: support: add default btattach.conf to bluetooth-attach service
  • base: systemd: enable support for cryptsetup, plugins and p11kit
  • base: systemd: enable tpm2 if available in MACHINE_FEATURES
  • base: systemd: use nonarch_libdir instead of nonarch_base_libdir
  • base: tf-a: make recipe generic
  • base: tpm2-abrmd: rdepend on libtss2-tcti-device
  • base: tpm2-pkcs11: set default storedir to /var/tpm2_pkcs11
  • base: u-boot-fio: 2021.04: bump to d5976b62
  • base: u-boot-fio: 2022.04: bump to d724ad15e21
  • base: u-boot-fio: add dependency from gnutls-native
  • base: u-boot-fio: add recipe for imx-2022.04
  • base: u-boot-fio-common: use variable u-boot URL
  • base: u-boot-fio: imx-2022.04: fix commit hash
  • base: u-boot-fio-mfgtool: add version imx-2022.04
  • base: u-boot-ostree-scr-fit: add support for ostree split and usr deploy
  • base: u-boot: u-boot-fio_imx-2022.04 decrease preference
  • base: wireguard-module: invert the KERNEL_BUILTIN_WIREGUARD logic
  • base: wireguard-module: update to v1.0.20220627
  • bsp: add machine settings to support imx8mn-ddr4-evk
  • bsp: arm-trusted-firmware: versal: enable opteed
  • bsp: arm-trusted-firmware: versal: support raw.bin
  • bsp: base-files: fstab: drop boot partition
  • bsp: bluetooth-attach: add imx8mn-evk bluetooth conf file
  • bsp: bootbin: versal: add support to include optee
  • bsp: external-hdf: kv260: update xsa based on v2022.1
  • bsp: imx-atf: imx8mn: enable sip call for secondary boot
  • bsp: imx-atf: imx8mn: implement system_reset2
  • bsp: imx-boot: support spl-only builds with DDR4 firmware
  • bsp: initramfs-ostree-lmp-recovery: qemuarm64: add uboot_env.sh
  • bsp: initramfs-ostree-lmp-recovery: qemuarm64: add udhcpc.sh
  • bsp: kernel: linux-lmp-fslc-imx: fix bluetooth initialization
  • bsp: kernel: mfgtool: enable missing configs for apalis-imx6
  • bsp: kernel-module-imx-gpu-viv: depend on virtual/kernel
  • bsp: kernel-module-imx-gpu-viv: inherit the kernel-modsign
  • bsp: kernel-modules: generalize imx-gpu-viv version
  • bsp: kernel: modules: nxp89xx: inherit the kernel-modsign
  • bsp: kv260: add tpm2 in MACHINE_FEATURES
  • bsp: linux-firmware: add firmware for Murata 1MW on imx8mn-evk
  • bsp: linux-lmp-stm32: drop recipe, not used anymore
  • bsp: linux-lmp-ti-staging: correct wifi startup on am62xx
  • bsp: linux-lmp-ti-staging: update to 08.04.00.005
  • bsp: linux-lmp-xlnx: update to v5.15.64
  • bsp: lmp-machine-custom: intel: drop startup.nsh
  • bsp: lmp-machine-custom: intel: enable tpm2 support
  • bsp: lmp-machine-custom: invert the KERNEL_BUILTIN_WIREGUARD logic
  • bsp: lmp-machine-custom: mx8mm: add support for encrypted rootfs
  • bsp: lmp-machine-custom: qemuarm64: enable recovery by default
  • bsp: lmp-machine-custom: stm32mp1common: set OSTREE_KERNEL_ARGS
  • bsp: lmp-machine-custom: ti-soc: update ti-linux-fw to 08.04.00.005
  • bsp: meta-ti-bsp: trusted-firmware-a: update to 08.04.00.005
  • bsp: mfgtool-files: add initial support for imx8mn-ddr4-evk
  • bsp: mfgtool-files: imx: improve fiovb delete handling
  • bsp: optee-os-fio: add settings for imx8mn-ddr4-evk
  • bsp: optee-os-fio-bsp: add options for am62xx/am64xx
  • bsp: optee-os-fio: versal: enable DT and embedded tests
  • bsp: optee-test: add patch for disabling tests on versal
  • bsp: plm-firmware: versal: add patches to enable nvm and puf
  • bsp: pmu-firmware: k26: extend options based on 2022.1 BSP
  • bsp: recipes-core: base-files: add fstab for imx8mn-ddr4-evk
  • bsp: stm32mp15-disco: don't create boot.itb
  • bsp: stm32mp15-eval: build tf-a-fio emmc configuration
  • bsp: stm32mp15-eval: define LMP_BOOT_FIRMWARE_FILES
  • bsp: stm32mp15-eval: provide boot script configuration
  • bsp: stm32mp1common: set ubootenv feature for all stm32mp1
  • bsp: stm32mp1: flashlayout: new layout
  • bsp: stm32mp1: use tf-a-fio as preferred provided
  • bsp: stm32mp: tf-a-fio: pre-load boot script
  • bsp: stm-st-stm32mp: add tf-a-tools 2.6
  • bsp: stm-st-stm32mp: tf-a-tools: 2.6 -> 2.7
  • bsp: stm-st-stm32mp: tf-a-tools: fix building
  • bsp: tf-a-fio: add support for emmc boot
  • bsp: tf-a-fio: remove false-positive asserts patch
  • bsp: tf-a-fio: support embed boot script only for sota
  • bsp: trusted-firmware-a: re-work how config is included
  • bsp: u-boot-base-scr: add boot.cmd for imx8mn-ddr4-evk
  • bsp: u-boot-base-scr: change ids of partitions
  • bsp: u-boot-fio: add support for imx8mn-ddr4-evk
  • bsp: u-boot-fio: align env configuration
  • bsp: u-boot-fio-mfgtool: add support for imx8mn-ddr4-evk
  • bsp: u-boot-fio: provide configuration for u-boot-tools
  • bsp: u-boot-fio: stm32mp15-disco: env configration for u-boot-tools
  • bsp: u-boot-fio: stm32mp15-disco: execute pre-loaded script
  • bsp: u-boot-fio: stm32mp15-disco: switch to raw env
  • bsp: u-boot-fio: stm32mp15-eval: correct u-boot env offset
  • bsp: u-boot-fio: stm32mp15-eval: provide u-boot configuration
  • bsp: u-boot-ostree-scr-fit: add support for imx8mn-ddr4-evk
  • bsp: u-boot-ostree-scr-fit: boot.cmd with boot firmware updates
  • bsp: u-boot-ostree-scr-fit: drop bootpart variable
  • bsp: u-boot-ostree-scr-fit: kv260: init tpm2 before bootm
  • bsp: u-boot-ostree-scr-fit: mx8qm: add support for ostree usr deploy
  • bsp: u-boot-ostree-scr-fit: qemuarm64: drop FIT_NODE_SEPARATOR
  • bsp: u-boot-ostree-scr-fit: qemuarm64: simplify ext4load
  • bsp: u-boot-ostree-scr-fit: stm32mp15-disco: drop boot.itb update
  • bsp: u-boot-stm32mp: drop configuration for stm32mp15-disco
  • bsp: u-boot-ti-staging: update to 08.04.00.005
  • bsp: u-boot-xlnx: 2022.01: bump to a84cc076b83
  • bsp: u-boot-xlnx: k26: add pm_cfg_obj.c
  • bsp: wic: add sdimage-imx8-spl-split-boot-sota.wks.in
  • bsp: wic: add u-boot-env for lmp-base wks
  • bsp: wic: stm32mp15-disco: replace boot partition with u-boot-env
  • create-spdx: ignore packing control files from ipk and deb
  • Revert "base: add create-spdx.bbclass from yocto-4.0.2"
  • Revert "base: aktualizr: use updated pkcs11 engines path for openssl 3"
  • Revert "base: clang: backport submited patch to build float128 soft float builtins for x86_64"
  • Revert "base: linux-lmp: skip debug split with modsign"
  • Revert "base: lmp: non-clangable: add mpfr for x86/x86-64"
  • Revert "base: wireguard-tools: add nostamp for create_runtime_spdx"
  • Revert "create-spdx: ignore packing control files from ipk and deb"

Meta Clang

  • bpftrace: Fix segfault when btf__type_by_id returns NULL

Meta OpenEmbedded

  • apache2: Fix the buildpaths issue
  • apache2: upgrade 2.4.53 -> 2.4.54
  • bigbuckbunny-1080p: update SRC_URI
  • catfish: fix buildpaths issue
  • cryptsetup: Add support for building without SSH tokens
  • cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
  • dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291
  • emlog: ignore unrelated CVEs
  • freeradius: Fix buildpaths issue
  • freeradius: ignore patched CVEs
  • frr: fix buildpaths issue
  • glmark2: fix compatibility with python-3.11
  • ibus: Swith to use main branch instead of master
  • imagemagick: upgrade 7.0.10-25 -> 7.0.10-62
  • libplist: ignore patched CVEs
  • libwebsockets: Avoid absolute paths in cmake files in the sysroot
  • meta-oe: ignore patched CVEs
  • modemmanager: update to 1.18.8
  • mongodb: ignore unrelated CVEs
  • ndisc6: upgrade 1.0.5 -> 1.0.6
  • net-snmp: set ac_cv_path_PSPROG
  • ntfs-3g-ntfsprogs: upgrade to 2022.5.17
  • ntp: ignore many CVEs
  • openflow: ignore CVE-2018-1078
  • openflow: ignore unrelated CVEs
  • openipmi: Fix buildpaths issue
  • openjpeg: ignore CVE-2015-1239
  • php: ignore patched CVEs
  • php: upgrade 8.1.6 -> 8.1.8
  • polkit: Add --shell /bin/nologin to polkitd user
  • polkit: add udisks2 rule
  • polkit-group-rule-udisks2: fix override syntax in RDEPENDS
  • polkit: update patches for musl compilation
  • postgresql: Fix the buildpaths issue
  • postgresql: ignore unrelated CVE
  • protobuf-c: update to 1.4.1 fix CVE-2022-33070
  • python3-lxml: Security fix CVE-2022-2309
  • quagga: ignore CVE-2016-4049
  • redis: upgrade 6.2.6 -> 6.2.7
  • redis: upgrade 7.0-rc3 -> 7.0.4
  • rsyslog: update 8.2202->8.2206
  • spice: ignore patched CVEs
  • stunnel: upgrade 5.63 -> 5.65
  • thrift: add CVE_PRODUCT to fix CVE reporting
  • tracker: upgrade 3.3.0 -> 3.3.2
  • usrsctp: add CVE_VERSION to correctly check for CVEs
  • wireshark: upgrade 3.4.11 -> 3.4.12
  • yasm: fix buildpaths warning
  • zabbix: upgrade 5.2.6 -> 5.4.12

Meta Security

  • clamav: make install owner match the added user name
  • libmhash: add multilib header
  • meta-integrity: kernel-modsign: prevents splitting out debug symbols
  • python3-privacyidea: add correct path to lib/privacyidea

Meta Virtualization

  • ceph: upgrade v15.2.15 -> v15.2.17
  • cloud-init: add depend on udev in sysvinit case.
  • cloud-init: add rdpends for netifaces and charset-normalizer
  • cloud-init: install sysvinit initscripts
  • cni: Use gcc-based toolchain
  • containerd: update to 1.6.6
  • criu: fix patch fuzz and remove unused patch
  • docker-distribution: fix build error on new hosts
  • docker-distribution: fix the inehrit and systemd settings
  • docker-distribution: upgrade to 2.8.1
  • fuse-overlayfs: Fix buffer overflow bug on workdir path
  • image-oci-umoci: add parameter for stop signal
  • image-oci-umoci: properly handle tags other than latest
  • netns: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
  • oci-image-tools: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
  • oci-runtime-tools: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
  • podman: Add support for rootless mode
  • podman: Backport patch to fix duplicate switch statements
  • podman: Fix host contamination
  • podman: Rename podman-rootless.conf sysctl file to aid overrides
  • podman: Silence docker emulation warnings
  • podman: Use gcc-based toolchain
  • Revert "xen: Disable PCI on qemuarm with Xen"
  • riddler: adjust GOROOT, CGO_CFLAGS and CGO_LDFALGS
  • runc: Backport patch to fix duplicate switch statements
  • runc/docker: update to 1.1.2
  • runc: update to 1.1.2
  • singularity: Drop explicit runtime dep glibc
  • skopeo: clean up depends and fix CGO settings
  • skopeo: Mark CVE-2019-10214 as fixed
  • slirp4netns: Runtime recommend the tun kernel module
  • umoci: adjust CGO_CFLAGS and CGO_LDFLAGS settings
  • xen: Disable highmem on qemuarm
  • xen/sysvinit: add hvc0 console only if not there already

OpenEmbedded-Core

  • alsa-state: correct license
  • apt: fix nativesdk-apt build failure during the second time build
  • archiver.bbclass: remove unsed do_deploy_archives[dirs]
  • archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
  • base/reproducible: Change Source Date Epoch generation methods
  • bind: Remove legacy python3 PACKAGECONFIG code
  • bind: upgrade 9.18.2 -> 9.18.4
  • bin_package: install into base_prefix
  • binutils : stable 2.38 branch updates
  • binutils: stable 2.38 branch updates
  • bluez5: update 5.64 -> 5.65
  • boost: fix install of fiber shared libraries
  • build-appliance-image: Update to kirkstone head revision
  • cargo_common.bbclass: enable bitbake vendoring for externalsrc
  • cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
  • connman: Backports for security fixes
  • cracklib: Drop using register keyword
  • create-spdx: Fix supplier field
  • create-spdx: handle links to inaccessible locations
  • create-spdx: ignore packing control files from ipk and deb
  • curl: Fix multiple CVEs
  • cve-check: Don't use f-strings
  • devtool: error out when workspace is using old override syntax
  • devtool: finish: handle patching when S points to subdir of a git repo
  • devtool: ignore pn- overrides when determining SRC_URI overrides
  • devtool/upgrade: catch bb.fetch2.decodeurl errors
  • devtool/upgrade: correctly clean up when recipe filename isn't yet known
  • dpkg: fix CVE-2022-1664
  • efivar: fix import functionality
  • ell: upgrade 0.49 -> 0.50
  • encodings: update 1.0.5 -> 1.0.6
  • epiphany: upgrade 42.2 -> 42.3
  • externalsrc.bbclass: support crate fetcher on externalsrc
  • font-util: update 1.3.2 -> 1.3.3
  • gcc: Backport a fix for gcc bug 105039
  • gcc-runtime: Fix build when using gold
  • gcc-runtime: Fix missing MLPREFIX in debug mappings
  • gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
  • gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
  • git: upgrade v2.35.3 -> v2.35.4
  • glib-2.0: upgrade 2.72.2 -> 2.72.3
  • glibc: revert one upstream change to work around broken DEBUG_BUILD build
  • glibc: stable 2.35 branch updates
  • glibc-tests: Avoid reproducibility issues
  • glib-networking: upgrade 2.72.0 -> 2.72.1
  • gnupg: update 2.3.4 -> 2.3.6
  • gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
  • gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
  • gobject-introspection-data: Disable cache for g-ir-scanner
  • go: update v1.17.10 -> v1.17.13
  • gperf: Add a patch to work around reproducibility issues
  • gperf: Switch to upstream patch
  • grub2: fix several CVEs
  • gst-devtools: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0: upgrade 1.20.2 -> 1.20.3
  • gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3
  • gtk-doc: Remove hardcoded buildpath
  • harfbuzz: Fix compilation with clang
  • harfbuzz: fix CVE-2022-33068
  • initscripts: run umountnfs as a KILL script
  • insane: Fix buildpaths test to work with special devices
  • iso-codes: upgrade 4.10.0 -> 4.11.0
  • kernel-arch: Fix buildpaths leaking into external module compiles
  • kernel.bbclass: pass LD also in savedefconfig
  • kernel-devsrc: fix reproducibility and buildpaths QA warning
  • kernel-devsrc: ppc32: fix reproducibility
  • libcap: upgrade 2.63 -> 2.65
  • libgcc: Fix standalone target builds with usrmerge distro feature
  • libmodule-build-perl: Use env utility to find perl interpreter
  • libpam: use /run instead of /var/run in systemd tmpfiles
  • libsoup: upgrade 3.0.6 -> 3.0.7
  • libtiff: CVE-2022-34526 A stack overflow was discovered
  • libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
  • libuv: upgrade 1.44.1 -> 1.44.2
  • libwebp: upgrade 1.2.2 -> 1.2.3
  • libwpe: upgrade 1.12.0 -> 1.12.2
  • libxml2: Ignore CVE-2016-3709
  • linux-firmware: update 20220610 -> 20220708
  • linux-firwmare: restore WHENCE_CHKSUM variable
  • linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning
  • linux-yocto/5.10: fix buildpaths issue with gen-mach-types
  • linux-yocto/5.10: fix buildpaths issue with pnmtologo
  • linux-yocto/5.10: update to v5.10.135
  • linux-yocto/5.15: drop obselete GPIO sysfs ABI
  • linux-yocto/5.15: fix build_OID_registry buildpaths warning
  • linux-yocto/5.15: fix buildpaths issue with gen-mach-types
  • linux-yocto/5.15: fix buildpaths issue with pnmtologo
  • linux-yocto/5.15: fix qemuppc buildpaths warning
  • linux-yocto/5.15: fix reproducibility issues
  • linux-yocto/5.15: update to v5.15.59
  • linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
  • linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
  • log4cplus: upgrade 2.0.7 -> 2.0.8
  • lttng-modules: fix 5.19+ build
  • lttng-modules: fix build against mips and v5.19 kernel
  • lttng-modules: Fix build failure for kernel v5.15.58
  • lttng-modules: replace mips compaction fix with upstream change
  • lttng-modules: update 2.13.3 -> 2.13.4
  • lua: Backport fix for CVE-2022-33099
  • lua: Fix multilib buildpath reproducibility issues
  • mkfontscale: upgrade 1.2.1 -> 1.2.2
  • mobile-broadband-provider-info: upgrade 20220511 -> 20220725
  • nativesdk: Clear TUNE_FEATURES
  • oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled
  • oe-selftest: devtool: test modify git recipe building from a subdir
  • openssh: Add openssh-sftp-server to openssh RDEPENDS
  • openssl: update 3.0.4 -> 3.0.5
  • package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo
  • package.bbclass: Fix base directory for debugsource files when using externalsrc
  • package.bbclass: Fix kernel source handling when not using externalsrc
  • packagegroup-self-hosted: update for strace
  • package_manager/ipk: do not pipe stderr to stdout
  • patch: handle if S points to a subdirectory of a git repo
  • perf: fix reproducibility in 5.19+
  • perf: Fix reproducibility issues with 5.19 onwards
  • perf: fix reproduciblity in older releases of Linux
  • perl: don't install Makefile.old into perl-ptest
  • pulseaudio: add m4-native to DEPENDS
  • python3: Backport patch to fix an issue in subinterpreters
  • python3-pip: Fix RDEPENDS after the update
  • qemu: Add PACKAGECONFIG for brlapi
  • qemu: add PACKAGECONFIG for capstone
  • qemu: Avoid accidental librdmacm linkage
  • qemu: Avoid accidental libvdeplug linkage
  • qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
  • qemu: fix CVE-2021-3507
  • qemu: fix CVE-2021-3929
  • qemu: fix CVE-2021-4158
  • qemu: fix CVE-2022-0216
  • qemu: fix CVE-2022-0358
  • qemu: Fix slirp determinism issue
  • relocate_sdk.py: ensure interpreter size error causes relocation to fail
  • rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
  • runqemu: Add missing space on default display option
  • scripts/oe-setup-builddir: make it known where configurations come from
  • selftest/runtime_test/virgl: Disable for all almalinux
  • selftest/wic: Tweak test case to not depend on kernel size
  • sstatesig: Include all dependencies in SPDX task signatures
  • strace: set COMPATIBLE_HOST for riscv32
  • systemd: Added base_bindir into pkg_postinst:udev-hwdb.
  • tcp-wrappers: Fix implicit-function-declaration warnings
  • tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
  • tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
  • u-boot: fix CVE-2022-30552
  • u-boot: fix CVE-2022-33103
  • u-boot: fix CVE-2022-33967
  • u-boot: fix CVE-2022-34835
  • udev-extraconf: fix some systemd automount issues
  • udev-extraconf: force systemd-udevd to use shared MountFlags
  • udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist
  • udev-extraconf: let automount base directory configurable
  • udev-extraconf/mount.sh: add LABELs to mountpoints
  • udev-extraconf:mount.sh: fix a umount issue
  • udev-extraconf:mount.sh: fix path mismatching issues
  • udev-extraconf/mount.sh: ignore lvm in automount
  • udev-extraconf/mount.sh: only mount devices on hotplug
  • udev-extraconf/mount.sh: save mount name in our tmp filecache
  • vala: Fix on target wrapper buildpaths issue
  • vala: upgrade 0.56.0 -> 0.56.2
  • vim: update from 9.0.0063 to 9.0.0115
  • vim: Upgrade 9.0.0021 -> 9.0.0242
  • vim: upgrade to 9.0.0021
  • waffle: correctly request wayland-scanner executable
  • webkitgtk: upgrade 2.36.3 -> 2.36.5
  • weston: update 10.0.0 -> 10.0.2
  • wic/plugins/rootfs: Fix NameError for 'orig_path'
  • xdpyinfo: upgrade 1.3.2 -> 1.3.3
  • xev: update 1.2.4 -> 1.2.5
  • xf86-input-synaptics: update 1.9.1 -> 1.9.2
  • xmodmap: update 1.0.10 -> 1.0.11
  • xorg-app: Tweak handling of compression changes in SRC_URI
  • xserver-xorg: update 21.1.3 -> 21.1.4
  • xwayland: upgrade 22.1.1 -> 22.1.3
  • zlib: CVE-2022-37434 a heap-based buffer over-read

Meta ARM

  • arm-bsp/edk2-firmware: Add NT_FW_CONFIG to N1SDP to fix aborts when accessing virtual memory
  • arm-bsp/fvp-baser-aemv8r64: Use secure hypervisor physical timer in EL2
  • arm-bsp/scp-firmware: N1SDP trusted boot
  • arm-bsp/sdcard-image-n1sdp: Fix N1SDP dependencies
  • arm-bsp/sdcard-image-n1sdp: N1SDP trusted boot
  • arm-bsp/trusted-firmware-a: N1SDP trusted boot
  • arm/classes: Change FVP_CONSOLE to FVP_CONSOLES in fvpconf
  • arm/edk2-firmware: cherry pick gcc 12.x compatibility patches
  • arm/lib: Improve FVPRunner shutdown logic
  • arm/oeqa: Add selftests for FVP library
  • arm/oeqa: Create new OEFVPSerialTarget with pexpect interface
  • arm/oeqa: Fix regex warning in linuxboot test case
  • arm/oeqa: Refactor OEFVPTarget to use FVPRunner and pexpect
  • arm/oeqa: Use linuxboot and OEFVPSerialTarget instead of noop
  • arm-toolchain/layer.conf: remove BB_DANGLINGAPPENDS_WARNONLY
  • ci: work around zephyr test issues
  • docs: Introduce meta-arm OEQA documentation
  • docs: Update FVP_CONSOLES in runfvp documentation
  • gem5: add meta-arm-bsp dependency
  • optee-ftpm: Update to "main" branch
  • optee.inc: update setting for OPTEE_ARCH
  • optee-os.inc: support multilib
  • optee: use CFLAGS{32,64} to pass --sysroot
  • runfvp: ignore setpgid errors when spawned
  • runfvp: Stop the FVP when telnet shuts down cleanly
  • scripts,arm/lib: Refactor runfvp into FVPRunner

Meta Intel

  • intel-compute-runtime: upgrade 22.22.23355 -> 22.31.23852
  • intel-graphics-compiler: upgrade 1.0.11279 -> 1.0.11702.1
  • intel-microcode: update SRCREV for 20220510
  • intel-microcode: upgrade 20220510 -> 20220809
  • ixgbe : upgrade 5.14.6 -> 5.15.2
  • linux-intel/5.15: update to v5.15.49
  • linux-intel-dev: update to 5.19.0
  • linux-intel: fix buildpaths issue
  • linux-intel-rt/5.15: update to v5.15.49
  • onednn: turn on PACKAGECONFIG for GPU engine
  • onednn : Upgrade 2.6 -> 2.6.1
  • onevpl-intel-gpu: Fix HEVC 12 bit Encode
  • openvino-inference-engine: enable GPU plugin

Meta ST STM32MP

  • CLASS: FLASHLAYOUT: correct bad exit of loop
  • GCNANO-USERLAND: fix PACKAGECONFIG names to fill RPROVIDES libs
  • mesa: drop dri from PACKAGECONFIG
  • TF-A-STM32MP: cleanup obsolete files
  • TF-A-STM32MP: update Makefile.sdk to use specific build folder per soc

Meta Yocto

  • poky.conf: bump version for 4.0.3
  • yocto-bsps/5.10: fix buildpaths issue with gen-mach-types
  • yocto-bsps/5.10: fix buildpaths issue with pnmtologo
  • yocto-bsps/5.15: fix buildpaths issue with gen-mach-types
  • yocto-bsps/5.15: fix buildpaths issue with pnmtologo
  • yocto-bsps: update to v5.10.128 and buildpaths fixes
  • yocto-bsps: update to v5.10.130
  • yocto-bsps: update to v5.15.52 and buildpaths fixes
  • yocto-bsps: update to v5.15.54

Meta Tegra

  • machine: jetson-nano-devkit: add new fab
  • weston: update bbappend version number to 10.0.2

Meta Sunxi

  • u-boot: Fix booting issues for 64bit boards

Keep up to date with Foundries.io