FoundriesFactory Release 92 (v. 2488)

Highlights

NEW: Support for encrypted rootfs images with on-line re-encryption using TPM 2.0 or PKCS#11
NEW: Common configuration fragment for u-boot now available as part of meta-lmp-base
NEW: Manufacturing tool support for TI AM62XX/AM64XX devices is now available
NEW: Boot firmware version can now be exposed in both U-Boot proper and SPL
NEW: Support for nvidia-container-runtime on Tegra devices
NEW: Support for dynamic generation of flashlayout files on STM32MP15 based devices
LMP release based on the OE/Yocto 4.0.15 Kirkstone release
Bitbake updated to the 2.0.15 release
ContainerD updated to the 1.7.3 release
Docker-CE updated to the 24.0.6 release
Docker-Compose updated to the v2.21.0 release
Clang updated to the 14.0.6 stable release
GCC updated to the v11.4 stable release
Go updated to the 1.20.12 stable release
OpenSSL updated to the 3.0.12 stable release
Runc updated to the 1.1.8 release
Linux-firmware updated to the 20230804 snapshot
NXP BSP updated to the lf-6.1.36-2.1.0 release
NVIDIA Tegra BSP updated to the L4T R35.4.1 release
TI BSP updated to the 09.00.00.009 release
OP-TEE updated to the 3.21.0+fio release
U-boot-fio rebased on top of the upstream 2023.04 release
Linux-lmp updated to the v6.1.59 stable release
Linux-lmp-rt updated to the v6.1.59-rt16 stable release
Linux-lmp-fslc-imx updated to the 6.1.36-2.1.0 BSP release
Linux-lmp-fslc-imx-rt updated to the v6.1.38 stable release
Linux-lmp-ti-staging updated to the v6.1.33 stable release

Layer Updates

Meta LmP

base: add cryptsetup 2.7.0+git
base: Add lmp-signing
base: aktualizr: Add User to Unit file
base: aktualizr: Split the aklite-lite-apps and aklite-lite-offline from main aktualizr package.
base: base-files: drop do_install_basefilesissue
base: base-files-issue: add recipe
base: bluetooth-attach: introduce hci-based attach service
base/bsp: optee: update fio and imx to 3.21.0
base: Bump optee-fiovb to 2c20a4a
base: classes: introduce flashlayout-stm32mp-archiver
base: compose-apps-early-start: Add runtime dependency
base: compose-apps-early-start: update compose apps early start
base: connectivity: introduce docker-network-ref implementation
base: containerd-opencontainers: update to 1.7.3
base: cryptfs: additions to online re-encryption
base: cryptfs: handle encryption and online re-encryption
base: cryptfs: luks header backup
base: cryptsetup: TPM/PKCS11 online re-encryption
base: distro: add gcc and libdrm to bbmask
base: distro: lmp: keep ext4 image
base: distro: mask gcc-source_12.3
base: distro: mask st-image-bootfs-efi recipe
base: distro: use gcc 11 by default
base: docker-ce: allow custom line for daemon.json.in
base: docker-compose: branch change from v2 to main
base: docker-compose: update to v2.21.0
base: docker-credential-helper: Handle leading spaces
base: docker: update to v24.0.5
base: docker: update to v24.0.6
base: efidisk-sota.wks: rename default EFI label to boot
base: fioconfig: bump rev to 63231cd
base: fioconfig: Bump version
base: fioconfig: Bump version to support SOTA_CLIENT in script handler.
base: fip-utils: use the DEPLOY_DIR_IMAGE
base: flashlayout-stm32mp-archiver: add task with stm32mp15common
base: flashlayout-stm32mp-archiver: prepend flashlayouts-stm32mp1
base: initramfs-module-install-efi: switch to gdisk from parted
base: jool: update to 4.1.10
base: kmeta-linux-lmp-5-15.y: bump to 613da241
base: kmeta-linux-lmp-6.1.y: bump to e08273d8
base: layer.conf: add base-files-issue to SIGGEN_EXCLUDERECIPES_ABISAFE
base: layer.conf: cleanup SIGGEN_EXCLUDERECIPES_ABISAFE
base: layer.conf: override compat for stm-st-stm32mp
base: linux-lmp: 6.1: bump to v6.1.59
base: linux-lmp-dev: Update to 6.5.0-rc2
base: linux-lmp-rt: 6.1: bump to v6.1.59-rt16
base: lmp: add distro features to buildcfg vars
base: lmp: add support for encrypting ota-ext4 image
base: lmp: bump version for the 4.0.15 yocto release
base: lmp: clang: disable -mbranch-protection=standard
base: lmp-device-auto-register: add support for tag
base: lmp-device-register: bump to 2557b25
base: lmp-device-register: support configurable oauth url
base: lmp-disable-gplv3: Disable wg-quick and bash-completion
base: lmp-el2go-auto-register: move code out of the layer
base: lmp-el2go-auto-register: re-add default.env and root.crt placeolders
base: lmp-image-common: intel: also create wic.qcow2
base: lmp-image-common: luks-reencryption service
base: lmp: inherit lmp-signing
base: lmp: meta-ti-extras: mask jailhouse
base: lmp: ota-esp is only needed when sota is enabled
base: lmp: pn-cryptsetup: drop ssh-token
base: lmp: remove ptest from distro feauture
base: lmp-staging: k3: switch mcdepends from do_image_complete
base: lmp-staging: lmp_sstate_checkhashes: remove multiple spaces
base: luks-reencryption: luks header backup
base: luks-reencryption: systemd re-encryption service
base: mfgtool-files: update UUU 1.5.109 -> 1.5.141
base: mxm-mwifiex-setup: fix moal parameters
base: nerdctl: fix installed-vs-shipped with usrmerge
base: non-clangable: add optee-examples
base: non-clangable: add qoriq-atf
base: non-clangable: apalis-imx6: drop comment
base: non-clangable: jailhouse-imx: force gcc
base: non-clangable: tegra: force gcc on container tools and gcc
base: optee-os-fio: 3.20: bump to aca0ad781
base: optee-os-fio: 3.21: bump to 33d9bf3fc
base: rc: Patch docker to load image optimally
base: rc: Patch docker to sync layer files
base: rc: Patch to write layer metadata atomically
base: resize-helper: after the re-encryption service
base: rs: aktualizr: bump version to f290020
base: rs: custom-sota-client: Add User to Unit file
base: rs: Remove app register from app early start
base: runc-opencontainers: update to 1.1.8
base: systemd: use filter to get tpm2
base: u-boot-fio: 2022.04: bump to 4719130d43b
base: u-boot-fio: add recipe for imx-2023.04
base: u-boot-fio: beaglebone-yocto: fix FIT_SIGNATURE options
base: u-boot-fio: collect FIT_SIGNATURE options in common configs
base: u-boot-fio-common: change config include order
base: u-boot-fio: common: disable VIDEO
base: u-boot-fio: enable bootfirmware info for all targets
base: u-boot-fio: imx: update to the lf-6.1.36-2.1.0 tag
base: u-boot-fio: lmp-common.cfg: disable CONFIG_ENV_MMC_USE_DT
base: u-boot-fio-mfgtool: common: disable VIDEO
base: u-boot-fio/mfgtool: disable CONFIG_BOOTSTD
base: u-boot-fio-mfgtool: lmp-common: disable watchdog by default
base: u-boot-fio: reduce boot delay for unsigned u-boot
base: u-boot-fio: upgrade 2022.04+fio to 2023.04+fio
base: uboot-fitimage: add boot firmware version to spl dtb
base: uboot-fitimage: fix getting TEST_BASE address
base: uboot-fitimage: use SPL_BINARYNAME
base: u-boot: introduce common base and common ebbr configs
base: u-boot-lmp-common: handle config and sit.bin links with multiconfig
base: u-boot-ostree-scr-fit: add var for enabling rb protection
base: u-boot: rename common base and ebbr configs
base: wireguard-tools: Use PACKAGECONFIG to configure the build
bsp: am62xx: deploy tiboot3.bin for all versions of evm boards
bsp: base-files: fstab: enable file system check on boot
bsp: bluetooth-attach: support hci attach for imx8mm-lpddr4-evk
bsp: bluetooth-attach: support hci attach for imx8mp-lpddr4-evk
bsp: dynamic-layers: flashlayouts-stm32mp1: deploy signed binaries
bsp: dynamic-layers: imx-atf: adjust power off logic
bsp: dynamic-layers: imx-atf: drop invalid patches
bsp: dynamic-layers: imx-atf: fix build issue
bsp: dynamic-layers: imx-atf: obtain boot set from bootrom event log
bsp: dynamic-layers: introduce u-boot-ti-staging-mfgtool
bsp: dynamic-layers: stm32-mfgtool-files: deploy signed binaries
bsp: dynamic-layers: stm32-mfgtool-files: use lazy assigments
bsp: dynamic-layers: stm32mp: drop legacy flashlayouts-stm32mp1 recipe
bsp: dynamic-layers: stm32mp-mfgtool-files: change flashlayout variable
bsp: dynamic-layers: ti-mfgtool-files: add support for fastboot cmd
bsp: dynamic-layers: ti-mfgtool-files: extend delay
bsp: dynamic-layers: ti-mfgtool-files: improve flash.sh
bsp: dynamic-layers: ti-mfgtool-files: introduce new recipe
bsp: dynamic-layers: u-boot-ti-staging: am62xx-evm: enable fastboot
bsp: dynamic-layers: u-boot-ti-staging: device_type env var
bsp: dynamic-layers: u-boot-ti-staging: introduce config for lmp-mfgtool
bsp: edk2-firmware-tegra: ostree support sent upstream
bsp: flashlayouts-stm32mp1: add default flash layout template
bsp: flashlayouts-stm32mp1: add layout for stm32mp15-disco
bsp: flashlayouts-stm32mp1: adjust tsv file for sec machines
bsp: flashlayouts-stm32mp1: change layout name for stm32mp15-eval
bsp: flashlayouts-stm32mp1: use STM32_BOOTIMAGE_SUFFIX
bsp: freescale-layer: jailhouse: Remove bbappend version
bsp: fstab: apalis-imx6: move out toradex support
bsp: fstab: apalis-imx8: move out toradex support
bsp: imx8mp-lpddr4-evk: add required dtb
bsp: imx-boot: install all signed fw
bsp: imx-boot: make it compatible with multi config and lf-6.1.36-2.1.0
bsp: imx-boot: refresh imx9 patch
bsp: imx-boot: refresh patches
bsp: imx-m33-demos: Remove the recipe as it is upstreamed now
bsp: imx-sc-firmware-toradex: move out toradex support
bsp: imx: update u-boot imx-2023.04 override to be nxp-bsp based
bsp: initramfs-ostree-lmp-recovery: stm32mp15-disco: fix env address
bsp: ixm8mn-lpddr4-evk: enable wlan driver on boot
bsp: layer.conf: add meta-ti-extras to BBFILES_DYNAMIC
bsp: linux-firmware: avoid conflict when wl18xx-fw is used instead
bsp: linux-firmware: drop custom logic for wilink firmware
bsp: linux-lmp: apalis-imx6: move out toradex support
bsp: linux-lmp-dev-mfgtool: upgrade to kernel 6.1-2.0.x-imx
bsp: linux-lmp-fslc-imx: imx8mm-evk: fix compatible node on evka
bsp: linux-lmp-fslc-imx-rt: update kernel to nxp real-time-edge version
bsp: linux-lmp-fslc-imx-rt: update kernel to the 6.1-2.0.x-imx branch
bsp: linux-lmp-fslc-imx: update to include the lf-6.1.36-2.1.0 tag
bsp: linux-lmp-fslc: upgrade to kernel 6.1-2.0.x-imx
bsp: linux-lmp: stm32mp15-disco: add patch to auto enable i2c5 with se05x
bsp: linux-lmp-ti-staging: update to 09.00.00.007
bsp: linux-lmp-ti-staging: update to cicd.kirkstone.202307061739
bsp: linux-lmp-toradex-imx: move out toradex support
bsp: linux-tegra: deploy kernel config
bsp: lmp-machine-custom: beagle: add bt and wlan firmware
bsp: lmp-machine-custom: beagleplay: add wlan firmware
bsp: lmp-machine-custom: beagleplay: enable overlays for OV5640
bsp: lmp-machine-custom: imx: switch from u-boot machine to config
bsp: lmp-machine-custom: move out toradex support
bsp: lmp-machine-custom: remove sota override from UBOOT_SIGN_KEYDIR for TI k3
bsp: lmp-machine-custom: stm32: update preferred version for gcc-arm-none-eabi
bsp: lmp-machine-custom: UBOOT_SIGN_KEYDIR for TI k3 should be weak assinged
bsp: lmp-machine-custom: Use weaker assign for UBOOT_SIGN_ENABLE
bsp: lmp-machine/mfgtool-custom: imx8mp-lpddr4-evk: use flash_evk for imx-boot
bsp: lmp-mfgtool: add support for am62xx-evm
bsp: lmp-mfgtool-machine-custom: move out toradex support
bsp: lmp-mfgtool: stm32mp1: provide specific machines for layout vars
bsp: machine: move out toradex support
bsp: mfgtool-files: apalis-imx6: move out toradex support
bsp: mfgtool-files: apalis-imx8: move out toradex support
bsp: mfgtool-files: imx8mp: drop u-boot-mfgtool.itb
bsp: move linux-lmp-ti-staging under dynamic-layers
bsp: optee-os-fio: apalis-imx6: move out toradex support
bsp: optee-os-fio: apalis-imx8: move out toradex support
bsp: optee-os-fio-bsp: increase heap size to 128k
bsp: optee-os-fio: imx: update to lf-6.1.36-2.1.0
bsp: optee-os-fio-mfgtool: apalis-imx6: move out toradex support
bsp: optee-os-fio-mfgtool: apalis-imx8: move out toradex support
bsp: stm32-mfgtool-files: adjust paths in flashlayout
bsp: stm32-mfgtool-files: adjust tsv file for sec machines
bsp: stm32-mfgtool-files: don't flash emmc from provision.sh
bsp: stm32-mfgtool-files: extend provision script
bsp: stm32-mfgtool-files: remove trailing spaces in provision script
bsp: stm32-mfgtool-files: set common name for usb layout
bsp: stm32-mfgtool-files: use STM32_BOOTIMAGE_SUFFIX
bsp: stm32mp15-disco: enable flashlayout
bsp: stm32mp15-disco: provide dynamic flashlayouts configuration
bsp: stm32mp15-disco-sec: introduce machine definition
bsp: stm32mp15-disco-sec: set suffix only when signing is enabled
bsp: stm32mp15-eval: correct flash layout name
bsp: stm32mp15-eval-sec: introduce STM32_BOOTIMAGE_SUFFIX
bsp: stm32mp15-eval-sec: set suffix only when signing is enabled
bsp: stm32mp1: disable build of alsa-state-stm32mp1
bsp: stm32mp1: discard build of stm32mp157f device trees
bsp: stm32mp1: use softer asigments for flashlayout vars
bsp: stm-st-stm32mp: flashlayouts-stm32mp1: fix padding
bsp: support: mfgtool-files: imx8qm-mek: replace "reboot" command
bsp: tegra: docker-ce: enable nvidia-container-runtime
bsp: tegra-helper-scripts: update initrd-flash.sh based on R35.4.1
bsp: tegra: linux-tegra-rt: bump to e0710cf2c0217a
bsp: tegra: linux-tegra-rt: bump to r35.4.ga
bsp: tegra: optee-os: 3.19.0-l4t-r35.3.1 -> 3.21.0-l4t-r35.4.1
bsp: tegra: optee-test: 3.19.0-l4t-r35.3.1 -> 3.21.0-l4t-r35.4.1
bsp: tegra: tegra-helper-scripts-native: 35.3.1 -> 35.4.1
bsp: tf-a-fio: add signing support for stm32mp15-disco-sec
bsp: tf-a-fio-st: add signing steps for -sec targets
bsp: tf-a-fio-st: check the signing tool instaed of the path
bsp: tf-a-fio-st: create combo images for eval board
bsp: tf-a-fio-st: drop the STM32_ROT_KEY_PATH/STM32_ROT_KEY_PASSWORD check
bsp: tf-a-fio: st: remove old signed binary before signing
bsp: tf-a-fio-st: run the sign_binaries using a postfuncs
bsp: tf-a-fio-st: run the signing tool in silent mode
bsp: u-boot-base-scr: apalis-imx6: move out toradex support
bsp: u-boot-base-scr: apalis-imx8: move out toradex support
bsp: u-boot-fio: apalis-imx6: move out toradex support
bsp: u-boot-fio: apalis-imx8: move out toradex support
bsp: u-boot-fio-bsp-common: handle multiconfig on deploy imx (dtb and sit)
bsp: u-boot-fio: imx6ulevk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx6ul/imx6ull: enable boot firmware info
bsp: u-boot-fio: imx6ul/imx6ull: restore config options
bsp: u-boot-fio: imx6ullevk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8mm-lpddr4-evk: remove unused options
bsp: u-boot-fio: imx8mm-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8mn-ddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8mn: fix CONFIG_SECONDARY_BOOT_SECTOR_OFFSET
bsp: u-boot-fio: imx8mn-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8mn-mp: use disable runtime detection
bsp: u-boot-fio: imx8mp: fix CONFIG_SECONDARY_BOOT_SECTOR_OFFSET
bsp: u-boot-fio: imx8mp-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8mq-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8qm-mek: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx8ulp-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio: imx93-11x11-lpddr4x-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: apalis-imx6: move out toradex support
bsp: u-boot-fio-mfgtool: apalis-imx8: move out toradex support
bsp: u-boot-fio-mfgtool: fix malloc pool size
bsp: u-boot-fio-mfgtool: imx6ulevk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx6ullevk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8mm-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8mn-[lp]ddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8mp-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8mp-lpddr4-evk: use imx-2022.04
bsp: u-boot-fio-mfgtool: imx8mp-lpddr4-evk: use standard imx-boot
bsp: u-boot-fio-mfgtool: imx8mq-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8qm-mek: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx8ulp-lpddr4-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: imx93-11x11-lpddr4x-evk: switch u-boot to imx-2023.04
bsp: u-boot-fio-mfgtool: stm32mp15-disco: introduce config
bsp: u-boot-fio: rename options renamed in 2023.04
bsp: u-boot-fio: stm32mp15-disco: align configs with eval board
bsp: u-boot-fio: stm32mp15-disco: fix env offset
bsp: u-boot-fio: sync stm32mp15-eval non-sec and sec configs
bsp: u-boot-ostree-scr-fit: add boot firmware updates for am62xx-evm
bsp: u-boot-ostree-scr-fit: apalis-imx6: move out toradex support
bsp: u-boot-ostree-scr-fit: apalis-imx8: move out toradex support
bsp: u-boot-ostree-scr-fit: imx8mn: switch to alternative
bsp: u-boot-ostree-scr-fit: imx8mn: use imx_secondary_boot
bsp: u-boot-ostree-scr-fit: imx8mp-lpddr4-evk: switch to alternative
bsp: u-boot-ostree-scr-fit: imx8mp: use imx_secondary_boot
bsp: wic: stm32mp15: adjust ubootenv offset
bsp: wic: stm32mp15-disco: add support for signed images
bsp: wic: stm32mp15: fix align param
bsp: wic: stm32mp1: wks file improvements
bsp: wlconf: add production wl18xx-conf for beaglebone
lmp-base: fio-se05x-cli: bump to 6fd9c93
lmp-el2go-auto-register: allow to disable "composeapp"
lmp-el2go-auto-register: automatically determine imported key type
lmp-el2go-auto-register: generic support for keypair import
lmp-el2go-auto-register: remove HANDLERS environment variable
lmp-el2go-auto-register: use fio-se05x-cli for import_key
lmp-el2go-auto-register: use int instead of str for OIDs
mfgtool-files: Use compressed image for the full_image script
README: add contributing guidelines
recipes-support: make early-start only run to completion once
Revert "base: nerdctl: install the binaries in OE standard places"
Revert "bsp: u-boot-fio-mfgtool: imx8mp-lpddr4-evk: use imx-2022.04"
tpm2-tss: fix Upstream-Status of patch

Meta Clang

clang.bbclass: Check for INHIBIT_DEFAULT_DEPS in creating ld->lld symlink
clang.bbclass: fix a typo
clang.bbclass: Simplify check when to enable lld
clang: Update to 14.0.4+
clang: Update to 14.0.6
Fix packaging error for libclang
recipe_sysroot_check_ld_is_lld: Do not create symlink for allarch recipes
recipe_sysroot_check_ld_is_lld: Use STAGING_BINDIR_TOOLCHAIN to find compiler installation

Meta OpenEmbedded

c-ares: CVE-ID correction for CVE-2022-4904
emlog: Add PV
emlog: ignore CVE-2022-3968 & CVE-2023-43291
Fix groupname gid change warning
freeglut: Add packageconfigs for x11/wayland/gles
frr: Fix CVE-2023-38802 and CVE-2023-41358
frr: Fix CVE-2023-41909
frr: fix for CVE-2023-31489
frr: fix for CVE-2023-31490
frr: Fix for multiple CVE's
grpc: ignore CVE-2023-32732
grubby: Update branchname to match upstream
hdf5: Fix CVE-2021-37501
hwloc: fix CVE-2022-47022
indent: fix CVE-2023-40305
iperf3: upgrade 3.11 -> 3.14
krb5: Fix CVE-2023-36054
libiio: use main branch instead of master
libqb: upgrade 2.0.6 -> 2.0.8
libssh: CVE-2020-16135 Fix NULL pointer dereference in sftpserver.c
libwebsockets: Support building for native
libyang: fix CVE-2023-26917
lmsensors: do not pull in unneeded perl modules for run-time dependencies
mbedtls: add support for v3.x
mbedtls: build with v2 version by default
mbedtls: set up /usr/bin/hello as alternative
mbedtls: upgrade 2.28.2 -> 2.28.5
mbedtls: upgrade 3.4.0 -> 3.5.0
meta-networking: Drop broken BBCLASSEXTEND variants
meta-oe-components: Avoid usage of nobranch=1
meta-oe: Drop broken BBCLASSEXTEND variants
meta-perl: Drop broken BBCLASSEXTEND variants
meta-python: Drop broken BBCLASSEXTEND variants
mosquitto: add missing Upstream-Status
mosquitto: do not automatically depend on dlt-daemon, it's a non-mandatory logging system
mosquitto: upgrade 2.0.14 -> 2.0.18
nginx: add configure option
nginx: Mitigate HTTP/2 Stream Resets Flood impact
nginx: upgrade to 1.24.0 release
nlohmann-json: Add ptest support
nlohmann-json: Avoid usage of nobranch=1
nodejs: fix CVE-2022-25883
nodejs: upgrade 16.19.1 -> 16.20.2
ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3
ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5
opencv: fix for CVE-2023-2618
openldap: update to 2.5.16
opensc: Fix CVE-2023-2977
opensc: ignore CVE-2021-34193
open-vm-tools: fix CVE-2023-20867
open-vm-tools: fix CVE-2023-20900
open-vm-tools: fix CVE-2023-34058
packagegroup-meta-multimedia: restore x11 restriction for projucer
packagegroup-meta-oe-extended: RDEPENDS on an existing mozjs-91 package
php: upgrade 8.1.16 -> 8.1.22
poppler: fix CVE-2023-34872
postgresql: fix CVE-2023-2454 & CVE-2023-2455
postgresql: fix CVE-2023-5868 CVE-2023-5869 CVE-2023-5870
postgresql: Update to 14.9
python3-aiohttp: upgrade 3.8.1 -> 3.8.5
python3-can: Add missing runtime dependencies
python3-cson: fix run-time dependencies
python3-django: fix CVE-2023-36053
python3-django: fix CVE-2023-41164
python3-django: upgrade 3.2.19 -> 3.2.21
python3-django: upgrade 4.2.1 -> 4.2.5
python3-gcovr: Fix parsing of gcc-11 gcov metadata
python3-gcovr: switch to main branch
python3-gevent: fix CVE-2023-41419
python3-kivy: Require X11 or Wayland in DISTRO_FEATURES
python3-soupsieve: Break circular dependency with beautifulsoup4
python3-werkzeug: fix for patch-fuzz
python-blivet: Adapt to upstream branch name changes
rabbitmq-c: Fix CVE-2023-35789
rapidjson: Avoid usage of nobranch=1
redis: upgrade 7.0.11 -> 7.0.13
samba: fix CVE-2022-2127
samba: fix CVE-2023-34966
samba:fix CVE-2023-34967
samba: fix CVE-2023-34968
samba: fix CVE-2023-4091
sdbus-c++: Update ptest path
spice-protocol: fix populate_sdk error when spice is installed
squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication
suiteparse: Adapt to upstream branch name changes
tcpdump: upgrade 4.99.1 -> 4.99.4
tcpreplay: upgrade 4.4.2 -> 4.4.4
traceroute: upgrade 2.1.0 -> 2.1.3
webserver: nginx: Add stream
wireshark: Fix CVE-2023-2906
wireshark: Fix Multiple CVEs
yajl: CVE-2023-33460 memory leak in yajl_tree_parse function
yaml-cpp: Fix cmake export
yasm: fix CVE-2023-31975
zabbix: fix CVE-2023-29449
zabbix: fix CVE-2023-29450

Meta LTS Mixins Go

go-helloworld: update to latest revision
go-helloworld: Upgrade to tip of trunk
go: update 1.20.5 -> 1.20.12
README: remove Alex from maintainers

Meta LTS Mixins Rust

Fix RISC-V support
gitignore: add pyc files
librsvg: upgrade to 2.54.6
rust-common.bbclass: move musl-specific linking fix from rust-source.inc

Meta Security

smack-test: more py3 covertion
smack-test: switch to python3

Meta Updater

Remove option to send a manifest in garage-push
Tell Yocto that garage push needs network access

Meta Virtualization

containerd: upgrade to 1.6.19
container-host-config: extend to native and nativesdk
container-host-config: provide /etc/containers/policy.json
containers: add container-host-config recipe
containers: introduce container-host class
cri-o: create /var/lib/crio
cri-o: update crio.conf to match the current version 1.23
cri-o: use PACKAGECONFIG to handle selinux
docker-ce: bump SRCREV_docker
docker-distribution: fix for CVE-2023-2253
docker: update to v20.10.25 + 58 commits to fix compatibility with go currently in kirkstone
go-context: Switch to main branch
go-mux: Switch to main branch
kubernetes: update to v1.23.17
libvirt: CVE-2023-2700 Memory leak in virPCIVirtualFunctionList cleanup
lxc: add -L and -f for curl in templates-use-curl-instead-of-wget.patch
lxc: backport changes from master for templates-use-curl-instead-of-wget.patch
nerdctl: fix installed-vs-shipped with usrmerge
nerdctl: update branch to main
ovs: update to 2.17.6
packagegroup-container: require ipv6 for podman
README: remove some cri-o specific layer dependencies
skopeo: use container-host bbclass to provide configuration
xtf: chang the old override syntax

OpenEmbedded-Core

acl/attr: ptest fixes and improvements
apt: add missingfor uint16_t
automake: fix buildtest patch
avahi: backport CVE-2023-1981 & CVE's follow-up patches
avahi: fix CVE-2023-38469
avahi: fix CVE-2023-38470
avahi: fix CVE-2023-38471
avahi: fix CVE-2023-38472
avahi: fix CVE-2023-38473
babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature
bash: changes to SIGINT handler while waiting for a child
bind: 9.18.11 -> 9.18.17
bind : fix CVE-2023-2828 & CVE-2023-2911
bind: update to 9.18.19
binutils: CVE-2022-48063
binutils: Fix CVE-2022-44840
binutils: Fix CVE-2022-45703
binutils: Fix CVE-2022-47007
binutils: Fix CVE-2022-47008
binutils: Fix CVE-2022-47010
binutils: Fix CVE-2022-47011
binutils: Fix CVE-2022-47695
binutils: Fix CVE-2022-48064
binutils: Fix CVE-2022-48065
binutils: Mark CVE-2022-47673 as patched
binutils: Mark CVE-2022-47696 as patched
binutils: stable 2.38 branch updates
bitbake.conf: add unzstd in HOSTTOOLS
bluez5: fix CVE-2023-45866
build-appliance-image: Update to kirkstone head revision
build-sysroots: Add SUMMARY field
busybox: fix CVE-2022-48174
cargo.bbclass: set up cargo environment in common do_compile
ccache: fix build with gcc-13
cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
cpio: Replace fix wrong CRC with ASCII CRC for large files with upstream backport
cups: fix CVE-2023-32360
cups: fix CVE-2023-34241 use-after-free in cupsdAcceptClient() in scheduler/client.c
cups: Fix CVE-2023-4504
curl: Added CVE-2023-28320 Follow-up patch
curl: Backport fix CVE-2023-32001
curl: fix CVE-2023-38545
curl: fix CVE-2023-38546
curl: Fix CVE-2023-46218
cve-check: don't warn if a patch is remote
cve-check: slightly more verbose warning when adding the same package twice
cve-check: sort the package list in the JSON report
cve-exclusion_5.10.inc: update for 5.10.197
cve-exclusion_5.10.inc: update for 5.10.202
cve-update-nvd2-native: actually use API keys
cve-update-nvd2-native: always pass str for json.loads()
cve-update-nvd2-native: fix cvssV3 metrics
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: increase retry count
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: use exact times, don't truncate
dbus: Specify runstatedir configure option
devtool: Fix the wrong variable in srcuri_entry
diffutils: update 3.9 -> 3.10
dmidecode: fix CVE-2023-30630
dmidecode: fixup for CVE-2023-30630
dropbear: fix CVE-2023-36328
efivar: backport 5 patches to fix build with gold
externalsrc: Ensure SRCREV is processed before accessing SRC_URI
externalsrc: fix dependency chain issues
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
file: fix CVE-2022-48554
flac: fix CVE-2020-22219
fontcache.bbclass: avoid native recipes depending on target fontconfig
gawk: backport Debian patch to fix CVE-2023-4156
gcc: don't pass --enable-standard-branch-protection
gcc: Fix -fstack-protector issue on aarch64
gcc: fix runpath errors in cc1 binary
gcc-testsuite: Fix ppc cpu specification
gcc : upgrade to v11.4
gdb: Fix CVE-2023-39128
ghostscript: Backport fix for CVE-2023-46751
ghostscript: fix CVE-2023-36664
ghostscript: fix CVE-2023-38559
ghostscript: fix CVE-2023-43115
ghostscript: ignore GhostPCL CVE-2023-38560
glib-2.0: Fix CVE-2023-29499 and CVE-2023-32611
glib-2.0: Fix CVE-2023-32643 and CVE-2023-32636
glib-2.0: Fix CVE-2023-32665
glibc/check-test-wrapper: don't emit warnings from ssh
glibc: ignore CVE-2023-4527
glibc-locale: use stricter matching for metapackages' runtime dependencies
glibc: stable 2.35 branch updates
glibc: Update to latest on stable 2.35 branch
gnutls: Backport fix for CVE-2023-5981
goarch: Move Go architecture mapping to a library
go: fix CVE-2023-24531
go: fix CVE-2023-24536
go: fix CVE-2023-29406 net/http insufficient sanitization of Host header
go: Fix CVE-2023-29409
go: Fix CVE-2023-39318
go: Fix CVE-2023-39319
go: Fix CVE-2023-39326
go: Fix issue in DNS resolver
go: ignore CVE-2023-45283 and CVE-2023-45284
go: Update fix for CVE-2023-24538 & CVE-2023-39318
grub: fix CVE-2023-4692
grub: fix CVE-2023-4693
grub: submit determinism.patch upstream
gstreamer1.0-plugins-bad: fix CVE-2023-40474
gstreamer1.0-plugins-bad: fix CVE-2023-40475
gstreamer1.0-plugins-bad: fix CVE-2023-40476
gstreamer1.0-plugins-bad: fix CVE-2023-44429
gstreamer1.0-plugins-base: enable glx/opengl support
gstreamer1.0: upgrade 1.20.6 -> 1.20.7
image_types: Fix reproducible builds for initramfs and UKI img
inetutils: Backport fix for CVE-2023-40303
json-c: define CVE_VERSION
json-c: fix CVE-2021-32292
kernel: add missing path to search for debug files
kernel.bbclass: Add force flag to rm calls
kernel-fitImage: Strip path component from dtb
kernel: Fix path comparison in kernel staging dir symlinking
libarchive: ignore CVE-2023-30571
libassuan: upgrade 2.5.5 -> 2.5.6
libcap: fix CVE-2023-2603 Integer Overflow in _libcap_strdup()
libdnf: resolve cstdint inclusion for newer gcc versions
libjpeg-turbo: patch CVE-2023-2804
libksba: upgrade 1.6.3 -> 1.6.4
libnss-nis: upgrade 3.1 -> 3.2
lib/package_manager: Improve repo artefact filtering
libpcre2: patch CVE-2022-41409
libpng: Add ptest for libpng
librsvg: 2.52.7 -> 2.52.10
libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c
libssh2: fix CVE-2020-22218
libtiff: Add fix for tiffcrop CVE-2023-1916
libtiff: fix CVE-2022-40090 improved IFD-Loop handling
libtiff: fix CVE-2023-26965 heap-based use after free
libtiff: fix CVE-2023-26966 Buffer Overflow
libwebp: Fix CVE-2023-1999
libwebp: Fix CVE-2023-4863
libwebp: Fix CVE-2023-5129
libx11: Fix CVE-2023-3138 for kirkstone branch
libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and CVE-2023-43787
libxcrypt: fix build with perl-5.38 and use master branch
libxcrypt: fix hard-coded ".so" extension
libxcrypt: update PV to match SRCREV
libxml2: Fix CVE-2023-39615
libxml2: Patch CVE-2023-45322
libxpm: upgrade to 3.5.17
linux/cve-exclusion: add generated CVE_CHECK_IGNORES.
linux/cve-exclusion: remove obsolete manual entries
linux-firmware : Add firmware of RTL8822 serie
linux-firmware: create separate package for cirrus and cnm firmwares
linux-firmware: create separate packages
linux-firmware: Fix mediatek mt7601u firmware path
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate packages
linux-firmware: upgrade 20230404 -> 20230515
linux-firmware: upgrade 20230515 -> 20230625
linux-firmware: upgrade 20230625 -> 20230804
linux-yocto/5.10: update to v5.10.202
linux-yocto/5.15: cfg: fix DECNET configuration warning
linux-yocto/5.15: update to v5.15.124
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux-yocto: update CVE exclusions
logrotate: Do not create logrotate.status file
lttng-ust: upgrade 2.13.5 -> 2.13.6
machine/arch-arm64: add -mbranch-protection=standard
maintainers.inc: unassign Adrian Bunk from wireless-regdb
maintainers.inc: unassign Alistair Francis from opensbi
maintainers.inc: unassign Ricardo Neri from ovmf
mdadm: add util-linux-blockdev ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: fix util-linux ptest dependency
mdadm: skip running known broken ptests
meson.bbclass: Point to llvm-config from native sysroot
meta: lib: oe: npm_registry: Add more safe caracters
nasm: fix CVE-2020-21528
native: Clear TUNE_FEATURES/ABIEXTENSION
ncurses: fix CVE-2023-29491
nghttp2: fix CVE-2023-35945
npm.bbclass: avoid DeprecationWarning with new python
oe-depends-dot: Handle new format for task-depends.dot
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
oeqa/runtime/ltp: Increase ltp test output timeout
oeqa/selftest/bbtests: add non-existent prefile/postfile tests
oeqa/selftest/devtool: add unit test for "devtool add -b"
oeqa/ssh: Further improve process exit handling
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/utils/nfs: allow requesting non-udp ports
openssh: backport Debian patch for CVE-2023-48795
openssh: drop sudo from ptest dependencies
openssh: fix CVE-2023-38408
openssl: add PERLEXTERNAL path to test its existence
openssl: fix CVE-2023-5678 Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow
openssl: Upgrade 3.0.9 -> 3.0.12
openssl: use a glob on the PERLEXTERNAL to track updates on the path
package.bbclass: moving field data process before variable process in process_pkgconfig
package_rpm: Allow compression mode override
perl: Fix CVE-2023-31486
perl: update 5.34.1 -> 5.34.3
pixman: Remove duplication of license MIT
procps: patch CVE-2023-4016
pseudo: Fix to work with glibc 2.38
pybootchartgui: show elapsed time for each task
python3-certifi: fix CVE-2023-37920
python3-cryptography: fix CVE-2023-49083
python3: fix missing comma in get_module_deps3.py
python3-git: upgrade 3.1.27 -> 3.1.37
python3: ignore CVE-2023-36632
python3-jinja2: Fixed ptest result output as per the standard
python3-jinja2: fix for the ptest result format
python3-ptest: skip test_storlines
python3-pygments: Fix CVE-2022-40896
python3: upgrade 3.10.9 -> 3.10.12
python3: upgrade to 3.10.13
python3-urllib3: upgrade 1.26.9 -> 1.26.17
qemu 6.2.0: Fix CVE-2023-1544
qemu: backport Debian patch to fix CVE-2023-0330
qemu: fix CVE-2020-14394
qemu: fix CVE-2021-3638
qemu: fix CVE-2023-2861
qemu: fix CVE-2023-3180
qemu: fix CVE-2023-3255
qemu: fix CVE-2023-3301
qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
qemu: Fix CVE-2023-5088
qemu: ignore RHEL specific CVE-2023-2680
Qemu: Resolve undefined reference issue in CVE-2023-2861
recipetool: Fix inherit in created -native recipes
resulttool/report: Avoid divide by zero
resulttool/resultutils: allow index generation despite corrupt json
Revert "kernel-fitImage: Strip path component from dtb"
Revert "oeqa/utils/gitarchive: fix tag computation when creating archive"
rootfs: Add debugfs package db file copy and cleanup
rpm2cpio.sh: update to the last 4.x version
rpm: Pick debugfs package db files/dirs explicitly
ruby: fix CVE-2023-36617
rust-common: Set llvm-target correctly for cross SDK targets
rust-cross-canadian: Fix ordering of target json config generation
rust-cross/rust-common: Merge arm target handling code to fix cross-canadian
rust-cross: Simplfy the rust_gen_target calls
rust-llvm: Allow overriding LLVM target archs
rust-llvm: backport a fix for build with gcc-13
scripts/create-pull-request: update URLs to git repositories
scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2
scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes
scripts/runqemu: split lock dir creation into a reusable function
sdk.py: error out when moving file fails
sdk.py: fix moving dnf contents
selftest/cases/glibc.py: fix the override syntax
selftest/cases/glibc.py: increase the memory for testing
selftest/cases/glibc.py: switch to using NFS over TCP
selftest/reproducible: Allow chose the package manager
selftest reproducible.py: support different build targets
serf: upgrade 1.3.9 -> 1.3.10
shadow: Fix CVE-2023-4641
shadow-sysroot: add license information
sqlite3: CVE-2023-36191 CLI fault on missing -nonce
strace: Disable failing test
strace: Merge two similar patches
strace: Update patches/tests with upstream fixes
sudo: upgrade 1.9.13p3 -> 1.9.15p2
sysfsutils: fetch a supported fork from github
sysklogd: fix integration with systemd-journald
systemd: Backport nspawn: make sure host root can write to the uidmapped mounts we prepare for the container payload
systemd-systemctl: fix errors in instance name expansion
systemtap_git: fix used uninitialized error
target/ssh: Ensure exit code set for commands
tar: upgrade 1.34 -> 1.35
tcl: prevent installing another copy of tzdata
testimage: Exclude wtmp from target-dumper commands
tiff: Backport fix for CVE-2023-41175
tiff: CVE patch correction for CVE-2023-3576
tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618
tiff: fix multiple CVEs
tiff: fix multiple CVEs
tiff: Security fix for CVE-2023-40745
tzdata: upgrade to 2023c
uboot-extlinux-config.bbclass: fix missed override syntax migration
uboot-extlinux-config.bbclass: fix old override syntax in comment
unzip: fix configure check for cross compilation
useradd-staticids.bbclass: improve error message
util-linux: add alternative links for ipcs,ipcrm
v86d: Improve kernel dependency
vim: Improve locale handling
vim: update obsolete comment
vim: upgrade 9.0.1527 -> 9.0.2130
vim: use upstream generated .po files
webkitgtk: fix CVE-2022-48503
webkitgtk: fix CVE-2023-23529
webkitgtk: fix CVE-2023-32439
wget: upgrade 1.21.3 -> 1.21.4
wic: Add dependencies for erofs-utils
wic: fix wrong attempt to create file system in upartitioned regions
wireless-regdb: upgrade 2023.02.13 -> 2023.05.03
xdg-utils: Fix CVE-2022-4055
xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xwayland: fix CVE-2023-5367
yocto-uninative: Update hashes for uninative 4.1
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
zip: fix configure check by using _Static_assert
zlib: patch CVE-2023-45853

Meta Freescale

alsa-lib, mesa-demos: patch typo fixes for QA Issue: Malformed Upstream-Status
ARM 32-bit device-tree reorganization
basler-camer: Upgrade to 4.2.2.22.0
ceetm: Change license to GPL-2.0-only
classes: make localversion classes deterministic
conf/machine: remove unsupported dtb for imx8mp-lpddr4-evk machine
dce_git.bb: Set SRCREV_FORMAT variable as multiple SCMs are used
dp-firmware-cadence: Upgrade to 22.04
EULA,SCR: Update for NXP release 6.1.22-2.0.0
EULA,SCR: Update for NXP release 6.1.36-2.1.0
firmware-nxp-wifi: Drop UART firmware now in linux-firmware
firmware-nxp-wifi: Fix overlap with linux-firmware
firmware-nxp-wifi: install NXP wlan and bt only firmware blobs
firmware-nxp-wifi: make it compatible with imx-generic-bsp
firmware-nxp-wifi: Update to the version of NXP 6.1.22-2.0.0 release
firmware-sentinel: Upgrade 0.8 -> 0.11
fmc: Update to commit 63c8ac9
fmlib: Update to commit 9fb916f
fm-ucode: Update license file to LICENSE
Freescale-EULA: Drop old, unused license
fsl-eula-unpack.bbclass: Add v44 EULA sum
fsl-eula-unpack.bbclass: Update EULA for NXP release 6.1.22-2.0.0 EULA is V45 now.
fsl-kernel-localversion: fix SRCREV_machine and AUTOREV use cases
fsl-u-boot-localversion.bbclass: fix SRCREV_machine and AUTOREV use cases
gstreamer1.0-plugins-base: Fix build with musl
gstreamer1.0-plugins-base: Fix viv-fb usage and extract PACKAGECONFIG_GL
gstreamer1.0-plugins-imx: Upgrade to version 2.2.0
gstreamer1.0-vaapi: Use egl for all i.MX GPU
gstreamer: Upgrade 1.20.3.imx -> 1.22.0.imx
image_types_fsl.bbclass: Drop use of IMAGE_NAME_SUFFIX
imx8dxlevk: Add rev B0 support
imx8mp-lpddr4-evk: Include dts for lf-6.1.36_2.1.0
imx8mq-lpddr4-wevk: Add i.MX 8 MQ LPDDR4 WEVK machine
imx8qxp-mek: Include dts for lf-6.1.36_2.1.0
imx93-14x14-lpddr4x-evk: Add i.MX 93 14x14 EVK machine
imx93-9x9-lpddr4-qsb: Include dts for lf-6.1.36_2.1.0
imx93-evk: use correct name for the iw612 machine feature
imx-alsa-plugins: Upgrade to 6.1.22-2.0.0
imx-atf: Explicitly demand BFD linker
imx-atf: Update 6.1.1-1.0.0 to 6.1.22-2.0.0
imx-atf: Update 6.1.22-2.0.0 to 6.1.36-2.1.0
imx-base.inc: Add PREFERRED_RPROVIDER_linux-firmware
imx-base.inc: Add support NXP Wi-Fi module IW416 and IW612
imx-base.inc: Fix MACHINEOVERRIDES_EXTENDER:mx8dxl:use-nxp-bsp priority
imx-base.inc: Implement generic SOC revision design
imx-base.inc: Update 8ULP default rev to A2
imx-base.inc: Update 93 default Rev to A1
imx-base.inc: Use gstreamer forks for i.MX 9
imx-boot: allow deploy multiple u-boot
imx-boot-container: Create only one imx-boot
imx-boot: Copy UBOOT_DTB_NAME_EXTRA instead of UBOOT_DTB_NAME to BOOT_STAGING in compile_mx8 to fix 'Can't find u-boot DTB file, please copy from u-boot' error
imx-boot: Prevent unnecessary cp of UBOOT_DTB_NAME_EXTRA if UBOOT_SIGN_ENABLE is set
imx-boot: sync with upstream recipe
imx-codec: Upgrade 4.7.2 -> 4.8.0
imx.conf: Drop unused UBOOT_CONFIG[mfgtool]
imx-dpu-g2d: 2.1.6 -> 2.1.8
imx-dpu-g2d: Upgrade 2.1.8 -> 2.1.10
imx-dsp-codec-ext: fix missing gnu_hash
imx-dsp-codec-ext: Upgrade 2.0.2 -> 2.0.5
imx-dsp: Upgrade 2.0.2 -> 2.0.5
imx-g2d-samples: Bump revision to 4391dcda4
imx-gpu-g2d: 6.4.11.p1.0 -> 6.4.11.p1.2
imx-gpu-g2d: Upgrade 6.4.11.p1.2 -> 6.4.11.p2.0
imx-gpu-viv: 6.4.11.p1.0 -> 6.4.11.p1.2
imx-gpu-viv: Skip file-rdeps checks on musl
imx-gpu-viv: Upgrade 6.4.11.p1.2 -> 6.4.11.p2.0
imx-lib: Update lf-6.1.1_1.0.0 to lf-6.1.22_2.0.0
imx-mcore-demos: Fix install for multilib
imx-mkimage: Update for NXP release 6.1.36-2.1.0
imx-mkimage: Update lf-6.1.1_1.0.0 to lf-6.1.22_2.0.0
imx-parser: Upgrade 4.7.2 -> 4.8.0
imx-pxp-g2d: Bump revision to 667c4ccbb
imx-pxp-g2d: Update to latest
imx-sc-firmware: Remove -fcanon-prefix-map
imx-sw-pdm: Upgrade 1.0.2 -> 1.0.3
imx-test: Update from lf-6.1.1_1.0.0 to lf-6.1.22_2.0.0
imx-uboot-mxs-bootpart.wks.in: drop extra 'rootfs'
imx-vpuwrap: fix license checksum
imx-vpuwrap: Upgrade to 6.1.22-2.0.0
isp-imx: fix compile with boost 1.83.0
isp-imx: Upgrade to 4.2.2.22.0
jailhouse: add imx version
jailhouse-imx: Add MODLIB to build option to set right module install path
jailhouse: mx93: drop cortex-a55 tune
jailhouse: Update to lf-6.1.22_2.0.0
kernel-module-imx-gpu-viv: 6.4.11.p1.0+fslc -> 6.4.11.p1.2+fslc
kernel-module-imx-gpu-viv: Upgrade 6.4.11.p1.0 -> 6.4.11.p2.0
kernel-module-imx-gpu-viv: Upgrade 6.4.11.p1.2+fslc -> 6.4.11.p2.0+fslc
kernel-module-isp-vvcam: Upgrade to 4.2.2.22.0
kernel-module-nxp89xx: Upgrade NXP Wi-Fi driver to L6.1.22-2.0.0 BSP version
kernel-module-nxp-wlan: Fix REGULATORY_IGNORE_STALE_KICKOFF build break
kernel-module-nxp-wlan: Rename it from kernel-module-nxp89xx
layer.conf: update LAYERSERIES_COMPAT for nanbield
libdrm: Bump revision to 3660ea0fe
libdrm: Upgrade 2.4.114.imx -> 2.4.115.imx
libimxdmabuffer: Upgrade to version 1.1.3
libimxvpuapi2: Upgrade to version 2.3.0
linux: Add compatibility logic for 32-bit dtb move
linux-fslc: designate 6.1.y kernel as LTS
linux-fslc-imx: Merge NXP changes from lf-6.1.36-2.1.0
linux-fslc-imx: Update to 6.1-2.0.x-imx
linux-fslc-imx: Update to lf-6.1.36-2.1.0
linux-fslc-lts: update to v6.1.60
linux-fslc: update to v6.1.38
linux-fslc: update to v6.1.57
linux-fslc: upgrade to 6.6.x+fslc
linux-imx: Add patch to fix build issue
linux-imx-headers: Update lf-6.1.1_1.0.0 to lf-6.1.22_2.0.0
linux-imx-headers: update to lf-6.1.36-2.1.0
linux-imx: Update lf-6.1.1_1.0.0 to lf-6.1.22_2.0.0
linux-imx: Update lf-6.1.22_2.0.0 to lf-6.1.36_2.1.0
ls1021atwr: drop as it is unbuildable for too long
ls2080ardb: drop as it is unbuildable for too long
management-complex: Upgrade to v10.37.0
mcore-demos: imx-m33-demos: Add package based on 6.1.22-2.0.0
mcore-demos: imx-m33-demos: update to 2.14.1 (6.1.36-2.1.0)
mcore-demos: imx-m4-demos: Add package based on 6.1.22-2.0.0
mcore-demos: imx-m4-demos: update to 6.1.36-2.1.0
mcore-demos: imx-m4-demos: update to 6.1.36-2.1.0
mcore-demos: imx-m7-demos: Add package based on 6.1.22-2.0.0
mc-utils: Update to commit 8efeeac
mfgtool-initramfs-image: IMAGE_NAME_SUFFIX should by empty for initramfs
mx27: remove platform settings
odp.inc: Set SRCREV_FORMAT variable as multiple SCMs are used
opencv: Integrate https://github.com/openembedded/meta-openembedded/commit/225ce6a14a8110ab6b573b4dc9f5297a03d17e0f to fix build protobuf v22 and dnn enabled
optee-client: Upgrade to lf-6.1.22-2.0.0 (3.21)
optee-client: Upgrade to lf-6.1.36-2.1.0 (3.21)
optee-os: Upgrade to lf-6.1.22-2.0.0 (3.21)
optee-os: Upgrade to lf-6.1.36-2.1.0 (3.21)
optee-test: Upgrade to lf-6.1.22-2.0.0 (3.21)
optee-test: Upgrade to lf-6.1.36-2.1.0 (3.21)
pulseaudio: Configure for i.MX 9 series
rcw: Update to commit 020dcf0
recipes-multimedia: Update for NXP release 6.1.36-2.1.0
recipes-security: fix SMW direcrory name changing from swm to smw
recipes: Update github.com urls to use https
restool: Rename license file to LICENSE
Revert "firmware-nxp-wifi: Drop UART firmware now in linux-firmware"
Revert "imx-atf: Explicitly demand BFD linker"
smw: Add "Security Middleware Library" recipe.
spc: Update to commit d624b78
spir: Downgrade to 1.3.239.0.imx
u-boot-fslc: upgrade to v2023.10
u-boot-imx: deploy multiple boot images for i.MX 8M
u-boot-imx: Fix the file permission during the installation
u-boot-imx: Update to lf-6.1.36-2.1.0
u-boot-imx: Upgrade 2022.04 to 2023.04
u-boot-imx: Use local common.inc
uefi: Update to commit 15deb92
uuu: Add missing zstd dependency
uuu: Update nxp repository links
vulkan-loader: Do not limit to x11 or wayland
vulkan: Update the downgrade 1.2.182.0.imx -> 1.3.239.0.imx
wayland-protocols: add native and nativesdk to BBCLASSEXTEND
wayland-protocols: Upgrade 1.31.imx -> 1.32.imx
webkitgtk: Remove x11 from packageconfigs
weston: 10.0.3: Synchronize with 11.0.1 recipe base
weston: 11.0.1: Bump revision 12875cd94
weston: Fix xwayland.weston-start code identation
weston-init: Don't add use-g2d where not supported
weston-init: Set gbm-format for 93
weston: Upgrade 10.0.3.imx -> 10.0.4.imx
weston: Upgrade 11.0.1.imx -> 11.0.2.imx
xserver-xorg: Replace glamor inverse color patch

Meta Freescale 3rdparty

ARM 32-bit device-tree reorganization
imx-atf-boundary: unexport variables instead of set in compile task
imx-atf-boundary: Update to boundary-lf-6.1.22-2.0.0 branch (v2.8)
layer.conf: update LAYERSERIES_COMPAT for nanbield
linux-boundary: bump revision to 2ada7473
linux-boundary: bump revision to ba56160e
linux-boundary: bump revision to f6aefb45
linux-boundary: fix LOCALVERSION
nitrogen8mm: add 8mm smarc uboot support
nitrogen8mm: add device trees
nitrogen8mp: add 8mp smarc uboot support
nitrogen8mp: add more smarc uboot variants
nitrogen8m: remove 3g UBOOT_CONFIG
u-boot-boundary: bump revision to 4c491b47
u-boot-boundary: bump revision to 7e7eff74
u-boot-boundary: bump revision to 89df34f4

Meta Intel

intel-microcode: upgrade 20230512 -> 20230808
intel-microcode: upgrade 20230808 -> 20231114
ipmctl : upgrade 03.00.00.0438 -> 03.00.00.0485
linux-intel/5.10: update to tag lts-v5.10.184-yocto-230626T081427Z
linux-intel/5.15: update to include latest commits
linux-intel/5.15: update to tag lts-v5.15.113-linux-230530T032538Z
linux-intel/5.15: update to tag lts-v5.15.119-linux-230725T101957Z
linux-intel/5.15: update to v5.15.137
linux-intel-rt/5.10: update to tag lts-v5.10.179-rt87-preempt-rt-230518T034556Z
linux-intel-rt/5.10: update to tag lts-v5.10.184-rt90-preempt-rt-230626T172256Z
linux-intel-rt/5.15: update to include latest commits
linux-intel-rt/5.15: update to tag lts-v5.15.113-rt64-preempt-rt-230530T192215Z
linux-intel-rt/5.15: update to tag lts-v5.15.119-rt65-preempt-rt-230725T210238Z
linux-intel-rt/5.15: update to v5.15.137-rt71
onednn: upgrade 2.6.1 -> 2.6.3
opencl-clang/14.0: update to latest

Meta ST STM32MP

Adaptation for mickledore
ALSA-STATE: use service instead of generators
CLASSES: Add class to generate vfat partitions
CLASSES: allow specific partition list for multiubi volume
CLASSES: init issue in multiubi_mkfs() for images_types-stubi.bbclass
Cleanup unused recipes
CONF: add OSTL compatibility for v5.0
CONF: enable flashlayout generation for efi
CONF: manage multiple device name alias for single device storage type
CVE: Add CVE_PRODUCT
DRM: use default version of mickledore
EXTLINUX: boot.scr: update boot nand sequence
GCC-ARM-NONE-EABI: bump to gcc 11
GCC-ARM-NONE-EABI: update to 11.3
GCC: make symbols are dynamically available and plugins work
GCC none eabi: correct qa buildpaths
GCC: update to gcc12.3
GCNANO: release new stack 6.4.13
GCNANO-USERLAND: add libglesv3 standalone package
GDB-CROSS: use PACKAGECONFIG to enable tui
IMAGES: add new bootfs image dedicated to EFI
IMAGES: enable metadata_csum on vendorfs
KERNEL: align kernel fragment with systemd and rename fragment nosmp
LIBDRM: bump to 2.4.115
LINUX-FIRMWARE: add symlinks for new kernel compatibility
LINUX-STM32MP: stm32-mdma: correct desc prep when channel running
LINUX-STM32MP: v6.1-stm32mp-r1
LINUX-STM32MP: v6.1-stm32mp-r1.1
LTTNG: temporary disabled
m4-projects: correct qa buildpaths
MACHINE: add support of generation of CVE summary
MACHINE: add support of new binary types for flashlayout file
MACHINE: split device tree files by supported storage
OPENOCD: allow empty commit
Optee: correct issue with GCC12 and LOAD segment with RWX permissions
OPTEE-OS-STM32MP: 3.19.0-stm32mp-r1
OPTEE-OS-STM32MP: 3.19.0-stm32mp-r1.1
PERF: remove obsolete bbappend
Revert "DRM: use default version of mickledore"
SDCARD-TOOLS: several evolutions
SDK: add Pod perl module
STM32MP-EFI: add configuration file to boot with U-BOOT as EFI-FIRMWARE
SYSTEMD: watchdog: limit time for shutdown watchdog
TF-A: correct issue with GCC12 and LOAD segment with RWX permissions
TF-A-STM32MP: enable sign and encrypt fsbl and fip binaries
TF-A-STM32MP: v2.8-stm32mp-r1
TF-A-STM32MP: v2.8-stm32mp-r1.1
TIFF: remove obsolete bbappend
U-BOOT: correct qa buildpaths
U-BOOT-STM32MP: v2022.10-stm32mp-r1
U-BOOT-STM32MP: v2022.10-stm32mp-r1.1

Meta Yocto

poky.conf: bump version for 4.0.13
poky.conf: bump version for 4.0.14
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
SECURITY.md: Add file

Meta Tegra

Adds deploy task for capsules
conf/machine: add Jetson Orin AGX Industrial support
conf/machine: add p3768-0000-p3767-0001.conf
conf/machine: fix DTB overlay settings for p3768 carrier
conf/machine: update KERNEL_ARGS for all machines
conf/machine: update partition layout settings for Orin Nano/NX modules
cuda.bbclass: filter TUNE_CCARGS for CUDA builds
cuda.bbclass: update EXTRA_OECMAKE setting
cuda-target-environment: update arch_flags function
cupva: add recipe
edk2-basetools-tegra-native_35.3.1.bb: new recipe to
edk2-firmware-tegra: refresh patches
edk2-firmware-tegra: update to r35.4.1
external/sota: edk2-firmware-tegra: adds ostree support
gcc-for-nvcc: fix breakage in libgcc-8 with upstream TUNE_CCARGS change
gstreamer1.0-plugins-nvvideo4linux2-1.14.0-r35.4.1: restore patch headers
gstreamer: update plugins recipes for L4T R35.4.1
image_types_tegra.bbclass: correct typo in copy_dtbs function
image_types_tegra.bbclass: update copy_dtb_overlays function
image_types_tegra.bbclass: updates for L4T R35.4.1
jetson-orin-nano-devkit-nvme: set TNSPEC_BOOTDEV instead of TNSPEC_BOOTDEV_DEFAULT
jetson-xavier-nx-devkit-emmc: update TEGRA_BUPGEN_SPECS
l4t-graphics-demos: update R35.3.1 -> R35.4.1
libgstnvcustomhelper: add recipe
libnvidia-container-tools: rdepend on ldconfig
libnvvpi2: update from version 2.2.6 -> 2.3.9
meta: make UefiUpdateSecurityKeys optional
meta: move definition of EMMC_BCTS
meta: refactor uefi-signing
meta: update BSP recipes from L4T R35.3.1 -> R35.4.1
nvdisp-init: refresh patch with update from L4T R35.3.1
optee: update NVIDIA optee recipes 3.19.0 -> 3.21.0 for L4T R35.4.1
p3768-0000-p3767-0004: set TNSPEC_BOOTDEV for Orin Nano 4GB
README.md: update for L4T R35.4.1
recipes-bsp/uefi: factor out core edk2 source info
setup-nv-boot-control_1.0.bb: add script to set OsIndications
tegra-bootfiles: updates for L4T R35.4.1
tegra-bup.bbclass: move logic to bbclass for reuse
tegra-configs: update l4t.csv for R35.4.1
tegra-flashvars: settings for p3768-0000-p3767-0001
tegra-flashvars: update Orin NX flashvars files
tegra-helper-scripts: fix AGX Orin 64GB handling in t234 helper
tegra-helper-scripts: updates for L4T R35.4.1
tegra-mmapi-samples: fix build issues
tegra-mmapi: update R35.3.1 -> R35.4.1
tegra-nvpmodel: update nvpmodel.service unit file
tegra-nvpower: fix nvpower.service to run only once during boot
tegra-redundant-boot-rollback: drop TNSPEC_MACHINE length check
tegra-uefi-capsule: add TEGRA_UEFI_CAPSULE_SIGNING_EXTRA_DEPS
tegra-uefi-capsules_35.3.1.bb: new recipe for
tegra-uefi-keys: add support for update keys
tools/setup-nv-boot-control: factor out common logic
uefi_common.func.in: fix efi variable existence check
uefi: refactor uefi capsule signing
Update find-jetson-usb.sh
Upgrade nsight-systems to 2023.2.4

Meta TI

conf: am335x-evm and am437x-evm: bump max_leb_cnt
conf/am65xx-hs-evm: Fix UBOOT_MACHINE to match u-boot config
conf/k3: switch mcdepends from do_image_complete
conf: machine: am65xx: Remove SYSFW_SUFFIX from non-k3r5 configs
conf: machine: k3: Use ARM64 kernel load address in FIT
conf: Remove leftover UIO Device Tree overlay files
conf: Remove old and no longer used MACHINE_FEATURES
conf: ti33x: Add earlycon parameter to kernel command line
k3conf: CI/CD Auto-Merger: cicd.kirkstone.202308080400
k3conf: Update SRCREV and move to cmake
linux-ti-next,conf/machine: Add support for new vendored dts dir
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307061739
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307130400
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307132041
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307192152
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308080400
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308201800
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308231800
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202309041800
linux-ti-staging_6.1: CI/CD Auto-Merger: cicd.kirkstone.202309061800
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307061739
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307130400
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307132041
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202307192152
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308080400
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308201800
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202308231800
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202309041800
linux-ti-staging-rt_6.1: CI/CD Auto-Merger: cicd.kirkstone.202309061800
meta-ti: conf: am62xx-lp-evm: Use common include am62xx.inc
pru-icss_git.bb: update to PSSP v6.2.0
pru-icss: update QA checks
ti-img-rogue: bump srcrev for jacinto fixes
ti-kernel-devicetree-prefix: Add search function for DTBMERGE
ti-linux-fw: CI/CD Auto-Merger: cicd.kirkstone.202307061739
ti-linux-fw: CI/CD Auto-Merger: cicd.kirkstone.202308080400
ti-rtos-firmware: Add missing links and reformat file for consistency
trusted-firmware-a: Update to v2.9 release tag
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202307061739
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202307130400
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202307191052
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202308080400
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202308091222
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202309041800
u-boot-ti-staging_2023.04: CI/CD Auto-Merger: cicd.kirkstone.202309061800

Releases

92 (v. 2488)

Jan 7, 2024

Highlights

Layer Updates

Meta LmP

Meta Clang

Meta OpenEmbedded

Meta LTS Mixins Go

Meta LTS Mixins Rust

Meta Security

Meta Updater

Meta Virtualization

OpenEmbedded-Core

Meta Freescale

Meta Freescale 3rdparty

Meta Intel

Meta ST STM32MP

Meta Yocto

Meta Tegra

Meta TI