0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
refreshed for 0.10.6
Changelog:
==========
* Fix CVE-2023-6004: Command injection using proxycommand
* Fix CVE-2023-48795: Potential downgrade attack using strict kex
* Fix CVE-2023-6918: Missing checks for return values of MD functions
* Fix ssh_send_issue_banner() for CMD(PowerShell)
* Avoid passing other events to callbacks when poll is called recursively (#202)
* Allow @ in usernames when parsing from URI composes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bea2e8c3053e7ecffb04adaaded54555f2afa0b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade urgency SECURITY: See security fixes below.
Security fixes:
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5b34766daadf8f1e8ef3d55b24e0037c4d0727f5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Release Notes:
https://www.samba.org/samba/history/samba-4.18.9.html
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f4c3c747d6df6015eb1231f2867ffe43ddb9620e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
- Fix flickering while playing videos with DMA-BUF sink.
- Fix color picker being triggered in the inspector when typing "tan".
- Do not special case the "sans" font family name.
- Fix build failure with libxml2 version 2.12.0 due to an API change.
- Fix several crashes and rendering issues.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a474db2702c59702c414f4c8ed4487251f10df6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
- Bump Safari version in user agent header.
- Fix CSP regression that broke Unity WebGL applications.
- Fix the build with GBM disabled.
- Fix several crashes and rendering issues.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 700e3a36fbc70ef7ecd5fa2bc820f0922df5a528)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove one patch as the logic is included in the new version [1] [2].
Upgrade mariadb to 10.11.6 [3].
[1] f4cec369a3
[2] cd5808eb8d
[3] https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 702cf1dc114d7c65cde4fe1d3f19a3314fccb7ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
https://nginx.org/en/CHANGES
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc4bef4648ea5ff73230ff2d343f498c93bd333b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5be2e20157f3025f9e2370933267a56fd526c58e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The current SRCREV is not on any branch anymore, switch to the 1.12.4
branch HEAD which is similar and the only change is irrelevant.
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Note that patch 0011-modules... is no longer needed as it's included in
the upgrade as well.
CVE: CVE-2023-43622
Signed-off-by: Dylan Turner <dylan.turner@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f0b5053410d5958e089351b93199efd3473d3de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 077489fda8f27336942457da1eaa022804f327c2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This recipe sets the product name used for CVE checking to
"http_server". However, the cve-check logic matches that name to all
products in the CVE database regardless of vendor. Currently, it is
matching to products from vendors other than apache. As a result,
CVE checking incorrectly reports CVEs for those vendors' products for
this package.
Signed-off-by: Jeffrey Pautler <jeffrey.pautler@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 51f70eaaa5973e385645f574093ee860f5648f88)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Due to the library file name change, the subpackage "geoslib"
does not get generated, and the main geos package has unsatisfied
dependencies.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 405ee461078cfed493bd6ca06f922860be5081d0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
GitHub has been redirecting for a while, so switch SRC_URI from
github.com/rhinstaller/libbytesize to
github.com/storaged-project/libbytesize instead without redirects.
Signed-off-by: Edi Feschiyan <edi.feschiyan@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 75bb23b3b03e225aa012be8bd5998223ae8f9b2f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
dnf-plugin-tui must work on nativesdk environment.
Now there's no warning when run the command "bitbake universe -c fetch".
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5211242d3f9d4a03cbe9e8af9beed4096a344958)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Take three CVE fixes from Fedora, as the upstream repository is now
dead.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 458fd00233a73d75d43b21b86b1425d75947b154)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
python3-ninja is a build dependency for other python modules.
For this, python3-ninja must be built for native mode.
This partially reverts d4aa17dc436beb96a804860bc6d18cf72283709e
("meta-python: Drop broken BBCLASSEXTEND variants")
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9b5ee4b0b2bf1a2abb181983a960a3802bca688f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
python3-ninja is used as a build dependency by other modules.
For that, python3-ninja and all its dependencies must be built
in native mode.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0010c0c0553acb8a360b9743cec655950009d6b6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4cef1e68ea59510d85b778e11179a2dac47c658b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 240b95417e0c3dc6b9a22179c73ed318fee36419)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Per convert-srcuri.py script, github repos should be accessed
via https.
Change it accordingly.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4f69d8c19880dc5e8d078c68206eebbc8781e49b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is 0.70 release with few more commits on top.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08edc0b6ace0d04688a5617cf05546a7b8ba6cca)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ae4e1e70a1493bb657190236122527130da93cb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
OpenBMC enables SPDX SBOM generation by default. For Meta's Bletchley
platform we found that mdio-tools and its relationships with both
mdio-netlink and the mdio-netlink kernel module break SPDX processing
while generating the rootfs after a kernel bump. For example, the
following output was generated by `bitbake obmc-phosphor-image`:
ERROR: obmc-phosphor-image-1.0-r0 do_rootfs: Cannot find any SPDX file for document http://spdx.org/spdxdoc/kernel-module-mdio-netlink-6.5.4-da279e9-00089-gda279e98c07f-89187488-3164-50cb-94c5-8b76a30ea093
The error occurred after the following patch was applied (again, in the
context of OpenBMC):
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
index e6f98297c540..b852e993f0f6 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb
@@ -1,6 +1,6 @@
KBRANCH ?= "dev-6.5"
-LINUX_VERSION ?= "6.5.4"
+LINUX_VERSION ?= "6.5.9"
-SRCREV="da279e98c07f9c948c60a434ab0043a55c26ea1d"
+SRCREV="fc8d4fdba5bd2b9b1cea2aa8a731531943c45aa7"
require linux-aspeed.inc
With the lack of a dependency the mdio-tools package is not rebuilt
subsequent to the kernel bump and the package information remains stale,
leading to an incorrect SPDX path being generated.
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 668cf43b21e27faa34b7c3c7133a480a9e4e480f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch caused GNU linker to fail linking, therefore limit it to just
lld.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22889b13f330e4753c5f72440abcfe42830f2f64)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
dab8051f Release 2023.6
bd91fda6 Merge pull request #3010 from cgwalters/more-composefs-fixes
3648c5ae build-sys: Really fix composefs check
db3b286d Merge pull request #3009 from cgwalters/c9s-ci
bcd4d026 Merge pull request #3007 from cgwalters/optin-new-bootloader-naming
33ef4ae6 build-sys: Look for both linux/mount.h and sys/mount.h
bd8339bd ci: Add c9s build
cbe36c3a Merge pull request #3008 from ostreedev/maybe_ostree
29423a89 prepare-root: If composefs is configured as "maybe" don't fail
02d41907 deploy: Add bootloader-naming-2 opt-init
fb06d59e Merge pull request #3003 from cgwalters/prepare-root-oscore-and-units
20b8cb17 Move prepare-root karg helpers into otcore, add unit tests
44519492 Merge pull request #2997 from cgwalters/test-cleanups-1
37f247da Merge pull request #2999 from cgwalters/add-oscore-units
aa8ad204 Merge pull request #3001 from cgwalters/misc-c99-style-4
75a43deb cmd/grub2-generate: Port to C99 style
767ca134 cmd/init: Port to C99 style
e3ef72ea Merge pull request #3000 from cgwalters/test-inst-update
6eeb8b56 Merge pull request #2995 from ostreedev/dependabot/submodules/composefs-1aed878
e751dd9a Merge pull request #2998 from cgwalters/disable-composefs-too-old
facb9a1a tests/inst: Update to latest ostree-ext
7c82340d Merge pull request #2975 from ostreedev/androidboot-single-slot-mode
e3f0c4d4 tests: Add otcore unit tests
90e54619 build-sys: Disable composefs on too-old Linux headers
6e9e50d8 prepare-root: Changes made to find_proc_cmdline_key
650a0537 prepare-root: On a non-A/B androidboot system, boot system slot a
16b97d8a Merge pull request #2996 from cgwalters/misc-c99-style-3
578c87e7 tests/destructive: Port more to xshell
8f302f2a cli/set-origin: Port to C99 style
69d7d837 build(deps): bump composefs from `a6e827d` to `1aed878`
ee1e585e Merge pull request #2993 from cgwalters/misc-c99-style-2
22b47781 checkout: Port to C99 style
f7786e75 Merge pull request #2990 from cgwalters/init-is-stateroot
27266f90 lzma: Port to C99 style
722fc2d0 Merge pull request #2991 from cgwalters/misc-c99-style
9f39f78e remote-add: Port to c99 style
9036c96a admin: Port to c99 style
f4e56b91 admin-deploy: Add `--stateroot` as alias for `--os`
9d5ccfef Add `ostree admin stateroot-init` as alias for `os-init`
9ac938c4 Merge pull request #2989 from cgwalters/lock-timeout-longer
f4b42049 Merge pull request #2973 from ostreedev/dependabot/submodules/composefs-a6e827d
e88ec69e repo: Bump lock timeout to 5 minutes
55121cc4 Merge pull request #2988 from cgwalters/prepare-root-binding-key
d648eea6 Merge pull request #2987 from cgwalters/prefix-stage-deploy
94cb37cb prepare-root: Minor clarifications
25a458b9 deploy: Add some error prefixing
8712a467 Merge pull request #2985 from cgwalters/cleanup-proc-cmdline
083bad8c Merge pull request #2984 from alexlarsson/prepare-root-no-raw-key
28aed49d switchroot,generator: Only read /proc/cmdline once
0a79b3b1 prepare-root: Only support base64 formated public key files
c94388f3 Merge pull request #2980 from cgwalters/prepare-root-minor
871d32a5 prepare-root: Use ptrarray, not linked list
678bfcd9 prepare-root: Check for empty string, not strlen > 0
bea5d897 prepare-root: Use declare-and-initialize
3620d3c7 Merge pull request #2979 from cgwalters/enabled-discussions
d324f684 Merge pull request #2974 from alexlarsson/composefs-config-file
f1c1f819 README.md: Drop dead mailing list, link to GH discussions
81fa2141 Read composefs configuration from initrd instead of commandline
2cc6b531 Merge pull request #2966 from cgwalters/ostree-admin-edit
b108e24c build(deps): bump composefs from `1704f82` to `a6e827d`
c57c0056 Merge pull request #2958 from cgwalters/deploy-loosen-etc-usretc
7f70614a Merge pull request #2969 from cgwalters/fix-sync-pthreads
a31f7798 Merge pull request #2967 from cgwalters/drop-trivial-httpd-entrypoint
402e0428 deploy: Fix mutex locking for global sync timeout
60b46556 More fully drop `trivial-httpd` entrypoint
3cd3251a Add `admin set-default`
09160c1a Merge pull request #2962 from cgwalters/os-init-remount
ac42e29d os-init: Create a mount namespace
113e575e Merge pull request #2963 from cgwalters/more-gfileinfo-fix
15cb0b47 composefs: Only call `_get_symlink_target()` on symlinks
f44909f8 Merge pull request #2960 from ostreedev/dependabot/submodules/libglnx-c02eb59
a16a14a6 build(deps): bump libglnx from `07e3e49` to `c02eb59`
fd968d59 Merge pull request #2957 from cgwalters/transaction-test-suppress-global-sync
0406fd39 deploy: Support an empty `/etc` and populated `/usr/etc`
6470429b tests/destructive: Turn off global sync()
a2663e80 Merge pull request #2956 from cgwalters/finalize-more-verbose
3d881fee deploy: Be way more verbose about what we're doing
1aed5d7c Merge pull request #2954 from cgwalters/harden-gvariant-get-data
5b372596 checksum-utils: Add an assertion that `buf != NULL`
0392b546 core, switchroot: Harden a bit against `g_variant_get_data() == NULL`
d7d66121 Merge pull request #2953 from samcday/patch-1
66e42553 Merge pull request #2930 from cgwalters/prepare-root-config3
b5397887 docs: update boot loader spec link
af52a88d Merge pull request #2952 from cgwalters/silence-variant-lookup
13e7ae90 tree-wide: Consistently `(void)g_variant_lookup()`
34656260 prepare-root: Don't parse target root when composefs enabled
83d37d6d prepare-root: Default sysroot.readonly=true if composefs
22b8e4f9 prepare-root: Introduce `ostree/prepare-root.conf`
250c40a6 Merge pull request #2948 from cgwalters/composefs-more-cleanups
3f594b04 Merge pull request #2951 from cgwalters/errprefix-sysroot
5e2eedee Merge pull request #2949 from cgwalters/kargs-cleanup
cf525ee6 repo: Clarify when we fail to parse a remote
70d790ab sysroot: Add a bit more error prefixing
82da0e16 Merge pull request #2950 from cgwalters/generator-cleanup
d7fe9e54 kernel-args: Move private functions out of public header
303e7eb2 src/generator: Move all logic into libostree-1.so
ec1109c7 generator: Stop creating `/run/ostree-booted`
64afbcde composefs: Use lowerdir in /run
4c0e5b1e Merge pull request #2942 from ostreedev/android-bootloader-parsing
a035c2e2 Merge pull request #2946 from cgwalters/add-inode-fix-feature
8ce7bbe1 Add an always-on `inode64` feature
c89baaed bootloader: fold all Android Bootloader specific logic into prepare-root
55936165 Merge pull request #2943 from cgwalters/mount-cleanup
253e7758 Merge pull request #2944 from cgwalters/prepare-root-more-cleanup
e61226a8 prepare-root: Drop more dead code
41cda3bd prepare-root: Drop code mounting `/proc`
b258375f Merge pull request #2938 from cgwalters/dedup-ostree-parsing
b548ff74 Merge pull request #2939 from cgwalters/ed25519-cleanups
6966979c generator: Deduplicate ostree= karg parsing
fc303da6 sign-ed25519: Don't set sk unless we've validated it
3a18a557 sign-ed25519: Add some comments for data structure
fb40e559 sign-ed25519: More verbose errors for invalid length
1a2fac37 tests: Remove dead references to "SEED"
1c0fd7d4 Merge pull request #2937 from ericcurtin/ostree2androidboot.slot_suffix
355cd727 Remove steal_pointer and steal_pointer_impl as we link in glib now
a6f0a571 android-boot: Remove dependency on ostree= karg, use androidboot.slot_suffix=
27a9fe30 Merge pull request #2936 from cgwalters/sign-from-file
7bbe13ca Merge pull request #2931 from cgwalters/prepare-root-man
de81a7e7 Merge pull request #2929 from cgwalters/prepare-root-drop-pivot
8302a8ad Merge pull request #2927 from cgwalters/sysroot-errprefix-bootlinks
845d68d1 Merge pull request #2935 from cgwalters/prepare-root-config4
82d93491 commit: Add `--sign-from-file`
d4ca834b prepare-root: Refactor composefs config handling
18d6f597 Merge pull request #2934 from cgwalters/enable-composefs-default
592351d1 build-sys: Enable composefs at *build time* by default
3d29f89c Merge pull request #2928 from cgwalters/prepare-root-config
c1ac6bc3 Merge pull request #2932 from cgwalters/aboot-fix-nullderef
c078e8be mount: Fix gcc -fanalyzer warning for parsing androidboot.slot_suffix
c4f1d18a Merge pull request #2920 from ostreedev/dependabot/submodules/composefs-1704f82
1e4cb30c man: Add ostree-prepare-root
0eda15ce Use /run/ostree-booted metadata for sysroot-ro state passing
79806a68 prepare-root: Drop dead `pivot_root` code
b8d66964 remount: Use new metadata in `/run/ostree-booted` for composefs
77acad24 remount: Don't overwrite /run/ostree-booted
93699cc5 prepare-root: Add metadata for composefs to `/run/ostree-booted`
bafb5512 prepare-root: Use constant for ed25519 signature
6cdc5ce5 Merge pull request #2926 from cgwalters/otcore-cfs-constants
6769d66d sysroot: Add some error prefixing for bootversion
18cc4472 prepare-root: Drop unused verity flag querying
2b738a99 prepare-root: Use otutil and g_print
1b7b4fbd Add an internal constant for the composefs image name
c0c2c9bd Merge pull request #2924 from cgwalters/drop-syntax-check
65912106 build: Drop `make syntax-check`
57fe33f0 Merge pull request #2921 from alexlarsson/composefs-sign-v2
c29f4193 ostree-prepare-root: Validate ed25519 signatures when requested
b8ff2109 Factor out a libotcore
265cf7d7 build-sys: Add libsodium to OT_DEP_CRYPTO
a6d9c714 Merge pull request #2922 from alexlarsson/openssl-ed25519
744967a6 libotutil: Link to crypto libs
474c2b10 CI: Enable --with-crypto=openssl on debian testing to test openssl signatures
7b85adfb sign-ed25519: Implement sign and verify using openssl
501575c1 sign-ed25519: Drop some uses of libsodium
5b727751 Merge pull request #2923 from alexlarsson/fix-composefs-test
62e4f376 tests: Fix composefs test
eb011120 show: Add --print-hex
6056ec13 Merge pull request #2913 from cgwalters/tmpfile-not-on-revokefs
8a4a0c16 build(deps): bump composefs from `ac729b5` to `1704f82`
43fb2787 Merge pull request #2918 from ostreedev/dependabot/submodules/composefs-ac729b5
25120bd7 Merge pull request #2912 from cgwalters/itest-transactionality-debug
61720180 Merge pull request #1633 from cgwalters/pkglibexec-tests
ba9c9ded fetcher: Always open tmpfiles in repo (except on FUSE)
9104c54f Merge pull request #2905 from cgwalters/prepare-root-static-split
01be14e6 build(deps): bump composefs from `412cb5e` to `ac729b5`
0c36e814 Drop "ostree trivial-httpd" CLI, move to tests directory
8ad8a79c Merge pull request #2916 from cgwalters/release
b2cfee72 Merge pull request #2914 from cgwalters/doc-usergroups
5aadb6ec configure: post-release version bump
875915f6 prepare-root: Link to glib
d6799ecc Separate prepare-root static path
786e64ce docs: Update user and group section
8bba482b tests: Enable mtime test
0b519c25 tests: Drop unused alias
54c73155 tests/transactionality: Port a bit to xshell
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fadf647d3ec0d3b948841defa5574b60ba223310)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Support for building from native was removed in commit e1b332f2e
(meta-networking: Drop broken BBCLASSEXTEND variants), most likely due
to no support for building libwebsockets-native. That support has now
been added, so it is now possible to build mosquitto-native again.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ad27cdd560fe9947a0e0f822d6a71bac5d2e4a7e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is needed to be able to build mosquitto-native.
The dependency on libcap when building for native is needed because
cmake will pick up the existence of libcap from the host, but then the
build fails if it is not available in the sysroot. Unfortunately, there
does not seem to be any way to explicitly tell cmake to not build with
libcap.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c083e0569ad80d11b4f5cfdfa89acdd4264d8152)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
