[OE-core] [PATCH] xrandr: upgrade 1.5.1 -> 1.5.2
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../xorg-app/{xrandr_1.5.1.bb => xrandr_1.5.2.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-app/{xrandr_1.5.1.bb => xrandr_1.5.2.bb}
(75%)
diff --git a/meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb
b/meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb
similarity index 75%
rename from meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb
rename to meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb
index 0e0347f768..1e29031849 100644
--- a/meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb
+++ b/meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb
@@ -12,7 +12,6 @@ DEPENDS += "libxrandr libxrender"
PE = "1"
SRC_URI_EXT = "xz"
-SRC_URI[md5sum] = "fe40f7a4fd39dd3a02248d3e0b1972e4"
-SRC_URI[sha256sum] =
"7bc76daf9d72f8aff885efad04ce06b90488a1a169d118dea8a2b661832e8762"
+SRC_URI[sha256sum] =
"c8bee4790d9058bacc4b6246456c58021db58a87ddda1a9d0139bf5f18f1f240"
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174487):
https://lists.openembedded.org/g/openembedded-core/message/174487
Mute This Topic: https://lists.openembedded.org/mt/95616831/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxshmfence: upgrade 1.3.1 -> 1.3.2
From: Wang Mingyu
Changelog:
configure: Use AC_SYS_LARGEFILE to enable large file support
Signed-off-by: Wang Mingyu
---
.../xorg-lib/{libxshmfence_1.3.1.bb => libxshmfence_1.3.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xorg-lib/{libxshmfence_1.3.1.bb =>
libxshmfence_1.3.2.bb} (87%)
diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb
b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb
similarity index 87%
rename from meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb
rename to meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb
index be793882dc..6b9ed20ae7 100644
--- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb
+++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb
@@ -16,6 +16,6 @@ EXTRA_OECONF += "--with-shared-memory-dir=/dev/shm"
SRC_URI +=
"file://0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch"
XORG_EXT = "tar.xz"
-SRC_URI[sha256sum] =
"1129f95147f7bfe6052988a087f1b7cb7122283d2c47a7dbf7135ce0df69b4f8"
+SRC_URI[sha256sum] =
"870df257bc40b126d91b5a8f1da6ca8a524555268c50b59c0acd1a27f361606f"
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174486):
https://lists.openembedded.org/g/openembedded-core/message/174486
Mute This Topic: https://lists.openembedded.org/mt/95616830/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxkbfile: upgrade 1.1.1 -> 1.1.2
From: Wang Mingyu
Changelog:
configure: Use AC_SYS_LARGEFILE to enable large file support
Signed-off-by: Wang Mingyu
---
.../xorg-lib/{libxkbfile_1.1.1.bb => libxkbfile_1.1.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xorg-lib/{libxkbfile_1.1.1.bb =>
libxkbfile_1.1.2.bb} (82%)
diff --git a/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb
b/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb
similarity index 82%
rename from meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb
rename to meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb
index 17ff588fdb..6494d5e0f1 100644
--- a/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb
+++ b/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb
@@ -14,4 +14,4 @@ PE = "1"
BBCLASSEXTEND = "native"
XORG_EXT = "tar.xz"
-SRC_URI[sha256sum] =
"8623dc26e7aac3c5ad8a25e57b566f4324f5619e5db38457f0804ee4ed953443"
+SRC_URI[sha256sum] =
"b8a3784fac420b201718047cfb6c2d5ee7e8b9481564c2667b4215f6616644b1"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174485):
https://lists.openembedded.org/g/openembedded-core/message/174485
Mute This Topic: https://lists.openembedded.org/mt/95616808/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libpng: upgrade 1.6.38 -> 1.6.39
From: Wang Mingyu
Changelog:
==
* Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
* Fixed a buffer overflow error in contrib/tools/pngfix.
* Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
* Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
* Allowed configure.ac to work with the trunk version of autoconf.
* Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
* Cleaned up the code and updated the internal documentation.
Signed-off-by: Wang Mingyu
---
.../libpng/{libpng_1.6.38.bb => libpng_1.6.39.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-multimedia/libpng/{libpng_1.6.38.bb => libpng_1.6.39.bb}
(93%)
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
similarity index 93%
rename from meta/recipes-multimedia/libpng/libpng_1.6.38.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.39.bb
index dc627203ef..d9dcf379e9 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
@@ -11,7 +11,7 @@ DEPENDS = "zlib"
LIBV = "16"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
-SRC_URI[sha256sum] =
"b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be"
+SRC_URI[sha256sum] =
"1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/
${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174484):
https://lists.openembedded.org/g/openembedded-core/message/174484
Mute This Topic: https://lists.openembedded.org/mt/95616806/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxau: upgrade 1.0.10 -> 1.0.11
From: Wang Mingyu
Changelog:
configure: Use AC_SYS_LARGEFILE to enable large file support
Signed-off-by: Wang Mingyu
---
.../xorg-lib/{libxau_1.0.10.bb => libxau_1.0.11.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xorg-lib/{libxau_1.0.10.bb => libxau_1.0.11.bb}
(84%)
diff --git a/meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb
b/meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb
similarity index 84%
rename from meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb
rename to meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb
index a62c9f088a..e2c06fd14a 100644
--- a/meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb
+++ b/meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb
@@ -21,4 +21,4 @@ XORG_EXT = "tar.xz"
BBCLASSEXTEND = "native nativesdk"
-SRC_URI[sha256sum] =
"8be6f292334d2f87e5b919c001e149a9fdc27005d6b3e053862ac6ebbf1a0c0a"
+SRC_URI[sha256sum] =
"f3fa3282f5570c3f6bd620244438dbfbdd580fc80f02f549587a0f8ab329bbeb"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174483):
https://lists.openembedded.org/g/openembedded-core/message/174483
Mute This Topic: https://lists.openembedded.org/mt/95616805/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libpcre2: upgrade 10.40 -> 10.41
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../libpcre/{libpcre2_10.40.bb => libpcre2_10.41.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libpcre/{libpcre2_10.40.bb => libpcre2_10.41.bb}
(95%)
diff --git a/meta/recipes-support/libpcre/libpcre2_10.40.bb
b/meta/recipes-support/libpcre/libpcre2_10.41.bb
similarity index 95%
rename from meta/recipes-support/libpcre/libpcre2_10.40.bb
rename to meta/recipes-support/libpcre/libpcre2_10.41.bb
index 13f7c8305f..2a50d07192 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.40.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.41.bb
@@ -15,7 +15,7 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/pcre2-${PV}/pcre2-${PV}.tar.bz2"
GITHUB_BASE_URI = "https://github.com/PhilipHazel/pcre2/releases;
UPSTREAM_CHECK_REGEX = "releases/tag/pcre2-(?P.+)"
-SRC_URI[sha256sum] =
"14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c159d68"
+SRC_URI[sha256sum] =
"0f78cebd3e28e346475fb92e95fe945b4cbaad5f3b42aca47b887fb53308"
CVE_PRODUCT = "pcre2"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174482):
https://lists.openembedded.org/g/openembedded-core/message/174482
Mute This Topic: https://lists.openembedded.org/mt/95616804/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libfontenc: upgrade 1.1.6 -> 1.1.7
From: Wang Mingyu
Changelog:
configure: Use AC_SYS_LARGEFILE to enable large file support
Signed-off-by: Wang Mingyu
---
.../xorg-lib/{libfontenc_1.1.6.bb => libfontenc_1.1.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xorg-lib/{libfontenc_1.1.6.bb =>
libfontenc_1.1.7.bb} (81%)
diff --git a/meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb
b/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb
similarity index 81%
rename from meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb
rename to meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb
index 8f9602d3ae..297bfbe4e6 100644
--- a/meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb
+++ b/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb
@@ -13,6 +13,6 @@ PE = "1"
XORG_EXT = "tar.xz"
-SRC_URI[sha256sum] =
"ea8606ed5255dda8f570b7d1a74d59ee8d198675b2f114d07807431e6ba1d111"
+SRC_URI[sha256sum] =
"c0d36991faee06551ddbaf5d99266e97becdc05edfae87a833c3ff7bf73cfec2"
BBCLASSEXTEND = "native"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174481):
https://lists.openembedded.org/g/openembedded-core/message/174481
Mute This Topic: https://lists.openembedded.org/mt/95616802/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
&&
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
Signed-off-by: Hitendra Prajapati
---
.../libxml/libxml2/CVE-2022-40303.patch | 624 ++
.../libxml/libxml2/CVE-2022-40304.patch | 106 +++
meta/recipes-core/libxml/libxml2_2.9.14.bb| 2 +
3 files changed, 732 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
new file mode 100644
index 00..346ec37a9f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
@@ -0,0 +1,624 @@
+From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Thu, 25 Aug 2022 17:43:08 +0200
+Subject: [PATCH] CVE-2022-40303
+
+Fix integer overflows with XML_PARSE_HUGE
+
+Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
+to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
+XML_MAX_HUGE_LENGTH (1 billion bytes).
+
+Move some the length checks to the end of the respective loop to make
+them strict.
+
+xmlParseEntityValue didn't have a length limitation at all. But without
+XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
+
+Thanks to Maddie Stone working with Google Project Zero for the report!
+
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
+CVE: CVE-2022-40303
+Signed-off-by: Hitendra Prajapati
+---
+ parser.c | 233 +--
+ 1 file changed, 121 insertions(+), 112 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1bc3713..0f76577 100644
+--- a/parser.c
b/parser.c
+@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
+ **
+ /
+
++#define XML_MAX_HUGE_LENGTH 10
++
+ #define XML_PARSER_BIG_ENTITY 1000
+ #define XML_PARSER_LOT_ENTITY 5000
+
+@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *info)
+ errmsg = "Malformed declaration expecting version";
+ break;
+ case XML_ERR_NAME_TOO_LONG:
+-errmsg = "Name too long use XML_PARSE_HUGE option";
++errmsg = "Name too long";
+ break;
+ #if 0
+ case:
+@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++XML_MAX_TEXT_LENGTH :
++XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNameComplex++;
+@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+ }
+-if ((len > XML_MAX_NAME_LENGTH) &&
+-((ctxt->options & XML_PARSE_HUGE) == 0)) {
++if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3346,7 +3352,10 @@ const xmlChar *
+ xmlParseName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in;
+ const xmlChar *ret;
+-int count = 0;
++size_t count = 0;
++size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ GROW;
+
+@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
+ in++;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+-if ((count > XML_MAX_NAME_LENGTH) &&
+-((ctxt->options & XML_PARSE_HUGE) == 0)) {
++if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++XML_MAX_TEXT_LENGTH :
++XML_MAX_NAME_LENGTH;
+ size_t startPosition = 0;
+
+ #ifdef DEBUG
+@@ -3412,17
[OE-core] [kirkstone][PATCH] yocto-check-layer: Allow OE-Core to be tested
From: Richard Purdie
For unknown reasons we've never seemingly run the check layer script
against OE-Core itself. This isn't entirely straightforward as the core
layer is a bit of a special case, we can't for example compare signatures
against ourselve and we can't remove core from bblayers.conf.
Core does have distro, machine and software components too, in the case
of distro, our fallback default settings. Whilst the qemu machines could
be split into a seperate layer directory, core wouldn't then parse at all
standalone due to the lack of any machine so it seems a bit pointless to
do that.
These changes tweak the script to handle core's special cases, specifically
to allow distro and machine directories and to account for the README placed
a directory level higher than other layers.
Signed-off-by: Richard Purdie
Signed-off-by: Alexandre Belloni
---
scripts/lib/checklayer/__init__.py | 11 ---
scripts/lib/checklayer/cases/bsp.py| 2 +-
scripts/lib/checklayer/cases/common.py | 3 +++
scripts/lib/checklayer/cases/distro.py | 2 +-
scripts/yocto-check-layer | 5 ++---
5 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/scripts/lib/checklayer/__init__.py
b/scripts/lib/checklayer/__init__.py
index aa946f3036..938805289e 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -16,6 +16,7 @@ class LayerType(Enum):
BSP = 0
DISTRO = 1
SOFTWARE = 2
+CORE = 3
ERROR_NO_LAYER_CONF = 98
ERROR_BSP_DISTRO = 99
@@ -106,7 +107,13 @@ def _detect_layer(layer_path):
if distros:
is_distro = True
-if is_bsp and is_distro:
+layer['collections'] = _get_layer_collections(layer['path'])
+
+if layer_name == "meta" and "core" in layer['collections']:
+layer['type'] = LayerType.CORE
+layer['conf']['machines'] = machines
+layer['conf']['distros'] = distros
+elif is_bsp and is_distro:
layer['type'] = LayerType.ERROR_BSP_DISTRO
elif is_bsp:
layer['type'] = LayerType.BSP
@@ -117,8 +124,6 @@ def _detect_layer(layer_path):
else:
layer['type'] = LayerType.SOFTWARE
-layer['collections'] = _get_layer_collections(layer['path'])
-
return layer
def detect_layers(layer_directories, no_auto):
diff --git a/scripts/lib/checklayer/cases/bsp.py
b/scripts/lib/checklayer/cases/bsp.py
index a80a5844da..b76163fb56 100644
--- a/scripts/lib/checklayer/cases/bsp.py
+++ b/scripts/lib/checklayer/cases/bsp.py
@@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase
class BSPCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
-if self.tc.layer['type'] != LayerType.BSP:
+if self.tc.layer['type'] not in (LayerType.BSP, LayerType.CORE):
raise unittest.SkipTest("BSPCheckLayer: Layer %s isn't BSP one." %\
self.tc.layer['name'])
diff --git a/scripts/lib/checklayer/cases/common.py
b/scripts/lib/checklayer/cases/common.py
index 491a13953c..722d3cf638 100644
--- a/scripts/lib/checklayer/cases/common.py
+++ b/scripts/lib/checklayer/cases/common.py
@@ -12,6 +12,9 @@ from checklayer.case import OECheckLayerTestCase
class CommonCheckLayer(OECheckLayerTestCase):
def test_readme(self):
+if self.tc.layer['type'] == LayerType.CORE:
+raise unittest.SkipTest("Core layer's README is top level")
+
# The top-level README file may have a suffix (like README.rst or
README.txt).
readme_files = glob.glob(os.path.join(self.tc.layer['path'],
'[Rr][Ee][Aa][Dd][Mm][Ee]*'))
self.assertTrue(len(readme_files) > 0,
diff --git a/scripts/lib/checklayer/cases/distro.py
b/scripts/lib/checklayer/cases/distro.py
index f0bee5493c..a35332451c 100644
--- a/scripts/lib/checklayer/cases/distro.py
+++ b/scripts/lib/checklayer/cases/distro.py
@@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase
class DistroCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
-if self.tc.layer['type'] != LayerType.DISTRO:
+if self.tc.layer['type'] not in (LayerType.DISTRO, LayerType.CORE):
raise unittest.SkipTest("DistroCheckLayer: Layer %s isn't Distro
one." %\
self.tc.layer['name'])
diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index 0e5b75b1f7..67cc71950f 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -168,14 +168,13 @@ def main():
layers_tested = 0
for layer in layers:
-if layer['type'] == LayerType.ERROR_NO_LAYER_CONF or \
-layer['type'] == LayerType.ERROR_BSP_DISTRO:
+if layer['type'] in (LayerType.ERROR_NO_LAYER_CONF,
LayerType.ERROR_BSP_DISTRO):
continue
# Reset to a clean backup copy for each run
shutil.copyfile(bblayersconf + '.backup', bblayersconf)
-if check_bblayers(bblayersconf, layer['path'], logger):
+if
Re: [OE-Core][master][PATCH] openssh: remove RRECOMMENDS to rng-tools for sshd package
In the kernel is the jitter entropy system. It should work on all platforms
that have high res timers available. (This is the same mechanism that haveged
was using before as well. So no change in the RNG quality, just now built into
the kernel itself.)
The only place we've observed an issue with the new approach is on a qemu
machine that was moderately loaned. The jitter was apparently too large (our
theory) and caused the crng init to happen VERY slowly. (This would not have
been resolved using rngd.)
All-in-all, I thought this change had already been made, and think it should go
in.
(We tested this on microblaze, and performance with and without haveged was the
same. I don't have number, but I expect the same behaviors on any architecture.)
--Mark
On 12/9/22 11:02 AM, Khem Raj wrote:
would be good to know some numbers on non-arm/non-x86 systems too.
On Thu, Dec 8, 2022 at 11:05 PM Xiangyu Chen
wrote:
It appears that rngd is not needed as of linux-5.6 and later[1]
and should not be installed by default since the purpose of rngd
is to provide additional trusted sources of entropy.
We did some testing on real hardware, the result seems to support that
we no longer need rngd by default on kernel v5.6 and later.
Testing result as below:
1. observing the crng init stage.
the "random: crng init done" always available before fs being mounted.
2. generating random number without rngd.
testing command: dd if=/dev/random of=/dev/null status=progress
on Marvell CN96xx RDB board, speed almost 20.4 MB/s without block
on NXP i.mx6q board, speed almost 31.9 MB/s without block
on qemu x86-64, speed almost 2.6MB/s without block
3. using rngtest command without rngd
testing command: rngtest -c 1000 https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
Signed-off-by: Xiangyu Chen
---
meta/recipes-connectivity/openssh/openssh_9.1p1.bb | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb
b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb
index 85f97b1bbb..23ae8d5b0c 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb
@@ -52,15 +52,12 @@ SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket"
inherit autotools-brokensep ptest
-PACKAGECONFIG ??= "rng-tools"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
-# Add RRECOMMENDS to rng-tools for sshd package
-PACKAGECONFIG[rng-tools] = ""
-
EXTRA_AUTORECONF += "--exclude=aclocal"
# login path is hardcoded in sshd
@@ -160,10 +157,6 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen
${PN}-sftp-server"
RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES',
'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RRECOMMENDS:${PN}-sshd:append:class-target = "\
-${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
-"
-
# gdb would make attach-ptrace test pass rather than skip but not worth the
build dependencies
RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo
coreutils"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174478):
https://lists.openembedded.org/g/openembedded-core/message/174478
Mute This Topic: https://lists.openembedded.org/mt/95556189/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] sanity: Update minimum python version to 3.8
Bitbake is moving to a minimum python version of 3.8, update OE-Core
to match to make things consistent.
Signed-off-by: Richard Purdie
---
meta/classes-global/sanity.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/classes-global/sanity.bbclass
b/meta/classes-global/sanity.bbclass
index 6cb0d6cf882..8dfd59f457e 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bbclass
@@ -759,10 +759,10 @@ def check_sanity_everybuild(status, d):
if 0 == os.getuid():
raise_sanity_error("Do not use Bitbake as root.", d)
-# Check the Python version, we now have a minimum of Python 3.6
+# Check the Python version, we now have a minimum of Python 3.8
import sys
-if sys.hexversion < 0x030600F0:
-status.addresult('The system requires at least Python 3.6 to run.
Please update your Python interpreter.\n')
+if sys.hexversion < 0x030800F0:
+status.addresult('The system requires at least Python 3.8 to run.
Please update your Python interpreter.\n')
# Check the bitbake version meets minimum requirements
minversion = d.getVar('BB_MIN_VERSION')
--
2.37.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174477):
https://lists.openembedded.org/g/openembedded-core/message/174477
Mute This Topic: https://lists.openembedded.org/mt/95603906/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] go-crosssdk: avoid host contamination by GOCACHE
From: Robert Andersson
By default GOCACHE is set to $HOME/.cache.
Same issue for all other go recipes had been fixed by commit 9a6d208b:
[ go: avoid host contamination by GOCACHE ]
but that commit missed go-crosssdk recipe.
Signed-off-by: Robert Andersson
Signed-off-by: Ming Liu
---
meta/recipes-devtools/go/go-crosssdk.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/go/go-crosssdk.inc
b/meta/recipes-devtools/go/go-crosssdk.inc
index cd23cca2fe..766938670a 100644
--- a/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/meta/recipes-devtools/go/go-crosssdk.inc
@@ -4,6 +4,8 @@ DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk
virtual/nativesdk-${TA
PN = "go-crosssdk-${SDK_SYS}"
PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
+export GOCACHE = "${B}/.cache"
+
do_configure[noexec] = "1"
do_compile() {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174476):
https://lists.openembedded.org/g/openembedded-core/message/174476
Mute This Topic: https://lists.openembedded.org/mt/95603035/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] lib/sstatesig: Drop OEBasic siggen
We're now used to using hashes as part of the task hashes and the sstate code
relies on this. The older OEBasic hash approach therefore wouldn't work and
can be removed.
Signed-off-by: Richard Purdie
---
meta/lib/oe/sstatesig.py | 10 --
1 file changed, 10 deletions(-)
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index bf48aed7e11..f0224454c93 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -101,15 +101,6 @@ def sstate_lockedsigs(d):
sigs[pn][task] = [h, siggen_lockedsigs_var]
return sigs
-class SignatureGeneratorOEBasic(bb.siggen.SignatureGeneratorBasic):
-name = "OEBasic"
-def init_rundepcheck(self, data):
-self.abisaferecipes = (data.getVar("SIGGEN_EXCLUDERECIPES_ABISAFE") or
"").split()
-self.saferecipedeps = (data.getVar("SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS")
or "").split()
-pass
-def rundep_check(self, fn, recipename, task, dep, depname, dataCaches =
None):
-return sstate_rundepfilter(self, fn, recipename, task, dep, depname,
dataCaches)
-
class SignatureGeneratorOEBasicHashMixIn(object):
supports_multiconfig_datacaches = True
@@ -326,7 +317,6 @@ class
SignatureGeneratorOEEquivHash(SignatureGeneratorOEBasicHashMixIn, bb.sigge
bb.fatal("OEEquivHash requires SSTATE_HASHEQUIV_METHOD to be set")
# Insert these classes into siggen's namespace so it can see and select them
-bb.siggen.SignatureGeneratorOEBasic = SignatureGeneratorOEBasic
bb.siggen.SignatureGeneratorOEBasicHash = SignatureGeneratorOEBasicHash
bb.siggen.SignatureGeneratorOEEquivHash = SignatureGeneratorOEEquivHash
--
2.37.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174475):
https://lists.openembedded.org/g/openembedded-core/message/174475
Mute This Topic: https://lists.openembedded.org/mt/95602001/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for langdale on Sun 11 Dec 2022 03:30:01 AM HST
Branch: langdale New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 13 unpatched CVEs CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * CVE-2022-39260 (CVSS3: 8.8 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174474): https://lists.openembedded.org/g/openembedded-core/message/174474 Mute This Topic: https://lists.openembedded.org/mt/95599369/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for kirkstone on Sun 11 Dec 2022 03:00:01 AM HST
Branch: kirkstone New this week: 2 CVEs CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * Removed this week: 11 CVEs CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 * CVE-2022-2868 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 * CVE-2022-3570 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 * CVE-2022-3597 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 * CVE-2022-3598 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 * CVE-2022-3599 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 * CVE-2022-3626 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 * CVE-2022-3627 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 * CVE-2022-3970 (CVSS3: 9.8 CRITICAL): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3970 * CVE-2022-42915 (CVSS3: 9.8 CRITICAL): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42915 * CVE-2022-42916 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42916 * Full list: Found 21 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-2879 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39377 (CVSS3: 9.8 CRITICAL): sysstat https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39377 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-41715 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 * CVE-2022-41716 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174473): https://lists.openembedded.org/g/openembedded-core/message/174473 Mute This Topic: https://lists.openembedded.org/mt/95598960/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for dunfell on Sun 11 Dec 2022 02:30:01 AM HST
Branch: dunfell New this week: 2 CVEs CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * Removed this week: 19 CVEs CVE-2021-33194 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 * CVE-2021-33195 (CVSS3: 7.3 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 * CVE-2021-33198 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 * CVE-2021-41772 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41772 * CVE-2021-44716 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44716 * CVE-2021-46848 (CVSS3: 9.1 CRITICAL): libtasn1:libtasn1-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46848 * CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 * CVE-2022-24921 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24921 * CVE-2022-28131 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28131 * CVE-2022-28327 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28327 * CVE-2022-29804 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29804 * CVE-2022-30580 (CVSS3: 7.8 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30580 * CVE-2022-30630 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30630 * CVE-2022-3705 (CVSS3: 7.5 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-43995 (CVSS3: 7.1 HIGH): sudo https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43995 * CVE-2022-44638 (CVSS3: 8.8 HIGH): pixman:pixman-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44638 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * Full list: Found 91 unpatched CVEs CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 * CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk
[OE-core] OE-core CVE metrics for master on Sun 11 Dec 2022 02:00:01 AM HST
Branch: master New this week: 0 CVEs Removed this week: 4 CVEs CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * Full list: Found 4 unpatched CVEs CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174471): https://lists.openembedded.org/g/openembedded-core/message/174471 Mute This Topic: https://lists.openembedded.org/mt/95598333/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
