[OE-core] [PATCH] xrandr: upgrade 1.5.1 -> 1.5.2
From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../xorg-app/{xrandr_1.5.1.bb => xrandr_1.5.2.bb} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename meta/recipes-graphics/xorg-app/{xrandr_1.5.1.bb => xrandr_1.5.2.bb} (75%) diff --git a/meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb b/meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb similarity index 75% rename from meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb rename to meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb index 0e0347f768..1e29031849 100644 --- a/meta/recipes-graphics/xorg-app/xrandr_1.5.1.bb +++ b/meta/recipes-graphics/xorg-app/xrandr_1.5.2.bb @@ -12,7 +12,6 @@ DEPENDS += "libxrandr libxrender" PE = "1" SRC_URI_EXT = "xz" -SRC_URI[md5sum] = "fe40f7a4fd39dd3a02248d3e0b1972e4" -SRC_URI[sha256sum] = "7bc76daf9d72f8aff885efad04ce06b90488a1a169d118dea8a2b661832e8762" +SRC_URI[sha256sum] = "c8bee4790d9058bacc4b6246456c58021db58a87ddda1a9d0139bf5f18f1f240" BBCLASSEXTEND = "native nativesdk" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174487): https://lists.openembedded.org/g/openembedded-core/message/174487 Mute This Topic: https://lists.openembedded.org/mt/95616831/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxshmfence: upgrade 1.3.1 -> 1.3.2
From: Wang Mingyu Changelog: configure: Use AC_SYS_LARGEFILE to enable large file support Signed-off-by: Wang Mingyu --- .../xorg-lib/{libxshmfence_1.3.1.bb => libxshmfence_1.3.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-lib/{libxshmfence_1.3.1.bb => libxshmfence_1.3.2.bb} (87%) diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb similarity index 87% rename from meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb rename to meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb index be793882dc..6b9ed20ae7 100644 --- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.1.bb +++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.2.bb @@ -16,6 +16,6 @@ EXTRA_OECONF += "--with-shared-memory-dir=/dev/shm" SRC_URI += "file://0001-xshmfence_futex.h-Define-SYS_futex-if-it-does-not-ex.patch" XORG_EXT = "tar.xz" -SRC_URI[sha256sum] = "1129f95147f7bfe6052988a087f1b7cb7122283d2c47a7dbf7135ce0df69b4f8" +SRC_URI[sha256sum] = "870df257bc40b126d91b5a8f1da6ca8a524555268c50b59c0acd1a27f361606f" BBCLASSEXTEND = "native nativesdk" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174486): https://lists.openembedded.org/g/openembedded-core/message/174486 Mute This Topic: https://lists.openembedded.org/mt/95616830/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxkbfile: upgrade 1.1.1 -> 1.1.2
From: Wang Mingyu Changelog: configure: Use AC_SYS_LARGEFILE to enable large file support Signed-off-by: Wang Mingyu --- .../xorg-lib/{libxkbfile_1.1.1.bb => libxkbfile_1.1.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-lib/{libxkbfile_1.1.1.bb => libxkbfile_1.1.2.bb} (82%) diff --git a/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb b/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb similarity index 82% rename from meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb rename to meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb index 17ff588fdb..6494d5e0f1 100644 --- a/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.1.bb +++ b/meta/recipes-graphics/xorg-lib/libxkbfile_1.1.2.bb @@ -14,4 +14,4 @@ PE = "1" BBCLASSEXTEND = "native" XORG_EXT = "tar.xz" -SRC_URI[sha256sum] = "8623dc26e7aac3c5ad8a25e57b566f4324f5619e5db38457f0804ee4ed953443" +SRC_URI[sha256sum] = "b8a3784fac420b201718047cfb6c2d5ee7e8b9481564c2667b4215f6616644b1" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174485): https://lists.openembedded.org/g/openembedded-core/message/174485 Mute This Topic: https://lists.openembedded.org/mt/95616808/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libpng: upgrade 1.6.38 -> 1.6.39
From: Wang Mingyu Changelog: == * Changed the error handler of oversized chunks (i.e. larger than PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error. * Fixed a buffer overflow error in contrib/tools/pngfix. * Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp. * Disabled the ARM Neon optimizations by default in the CMake file, following the default behavior of the configure script. * Allowed configure.ac to work with the trunk version of autoconf. * Removed the support for "install" targets from the legacy makefiles; removed the obsolete makefile.cegcc. * Cleaned up the code and updated the internal documentation. Signed-off-by: Wang Mingyu --- .../libpng/{libpng_1.6.38.bb => libpng_1.6.39.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-multimedia/libpng/{libpng_1.6.38.bb => libpng_1.6.39.bb} (93%) diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb similarity index 93% rename from meta/recipes-multimedia/libpng/libpng_1.6.38.bb rename to meta/recipes-multimedia/libpng/libpng_1.6.39.bb index dc627203ef..d9dcf379e9 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.38.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib" LIBV = "16" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be" +SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174484): https://lists.openembedded.org/g/openembedded-core/message/174484 Mute This Topic: https://lists.openembedded.org/mt/95616806/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxau: upgrade 1.0.10 -> 1.0.11
From: Wang Mingyu Changelog: configure: Use AC_SYS_LARGEFILE to enable large file support Signed-off-by: Wang Mingyu --- .../xorg-lib/{libxau_1.0.10.bb => libxau_1.0.11.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-lib/{libxau_1.0.10.bb => libxau_1.0.11.bb} (84%) diff --git a/meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb b/meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb similarity index 84% rename from meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb rename to meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb index a62c9f088a..e2c06fd14a 100644 --- a/meta/recipes-graphics/xorg-lib/libxau_1.0.10.bb +++ b/meta/recipes-graphics/xorg-lib/libxau_1.0.11.bb @@ -21,4 +21,4 @@ XORG_EXT = "tar.xz" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "8be6f292334d2f87e5b919c001e149a9fdc27005d6b3e053862ac6ebbf1a0c0a" +SRC_URI[sha256sum] = "f3fa3282f5570c3f6bd620244438dbfbdd580fc80f02f549587a0f8ab329bbeb" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174483): https://lists.openembedded.org/g/openembedded-core/message/174483 Mute This Topic: https://lists.openembedded.org/mt/95616805/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libpcre2: upgrade 10.40 -> 10.41
From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../libpcre/{libpcre2_10.40.bb => libpcre2_10.41.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/libpcre/{libpcre2_10.40.bb => libpcre2_10.41.bb} (95%) diff --git a/meta/recipes-support/libpcre/libpcre2_10.40.bb b/meta/recipes-support/libpcre/libpcre2_10.41.bb similarity index 95% rename from meta/recipes-support/libpcre/libpcre2_10.40.bb rename to meta/recipes-support/libpcre/libpcre2_10.41.bb index 13f7c8305f..2a50d07192 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.40.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.41.bb @@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/pcre2-${PV}/pcre2-${PV}.tar.bz2" GITHUB_BASE_URI = "https://github.com/PhilipHazel/pcre2/releases; UPSTREAM_CHECK_REGEX = "releases/tag/pcre2-(?P.+)" -SRC_URI[sha256sum] = "14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c159d68" +SRC_URI[sha256sum] = "0f78cebd3e28e346475fb92e95fe945b4cbaad5f3b42aca47b887fb53308" CVE_PRODUCT = "pcre2" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174482): https://lists.openembedded.org/g/openembedded-core/message/174482 Mute This Topic: https://lists.openembedded.org/mt/95616804/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libfontenc: upgrade 1.1.6 -> 1.1.7
From: Wang Mingyu Changelog: configure: Use AC_SYS_LARGEFILE to enable large file support Signed-off-by: Wang Mingyu --- .../xorg-lib/{libfontenc_1.1.6.bb => libfontenc_1.1.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xorg-lib/{libfontenc_1.1.6.bb => libfontenc_1.1.7.bb} (81%) diff --git a/meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb b/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb similarity index 81% rename from meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb rename to meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb index 8f9602d3ae..297bfbe4e6 100644 --- a/meta/recipes-graphics/xorg-lib/libfontenc_1.1.6.bb +++ b/meta/recipes-graphics/xorg-lib/libfontenc_1.1.7.bb @@ -13,6 +13,6 @@ PE = "1" XORG_EXT = "tar.xz" -SRC_URI[sha256sum] = "ea8606ed5255dda8f570b7d1a74d59ee8d198675b2f114d07807431e6ba1d111" +SRC_URI[sha256sum] = "c0d36991faee06551ddbaf5d99266e97becdc05edfae87a833c3ff7bf73cfec2" BBCLASSEXTEND = "native" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174481): https://lists.openembedded.org/g/openembedded-core/message/174481 Mute This Topic: https://lists.openembedded.org/mt/95616802/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 && https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b Signed-off-by: Hitendra Prajapati --- .../libxml/libxml2/CVE-2022-40303.patch | 624 ++ .../libxml/libxml2/CVE-2022-40304.patch | 106 +++ meta/recipes-core/libxml/libxml2_2.9.14.bb| 2 + 3 files changed, 732 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch new file mode 100644 index 00..346ec37a9f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch @@ -0,0 +1,624 @@ +From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: [PATCH] CVE-2022-40303 + +Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0] +CVE: CVE-2022-40303 +Signed-off-by: Hitendra Prajapati +--- + parser.c | 233 +-- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index 1bc3713..0f76577 100644 +--- a/parser.c b/parser.c +@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + ** + / + ++#define XML_MAX_HUGE_LENGTH 10 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +-errmsg = "Name too long use XML_PARSE_HUGE option"; ++errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++XML_MAX_TEXT_LENGTH : ++XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +-if ((len > XML_MAX_NAME_LENGTH) && +-((ctxt->options & XML_PARSE_HUGE) == 0)) { ++if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3346,7 +3352,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +-int count = 0; ++size_t count = 0; ++size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +-if ((count > XML_MAX_NAME_LENGTH) && +-((ctxt->options & XML_PARSE_HUGE) == 0)) { ++if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++XML_MAX_TEXT_LENGTH : ++XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3412,17
[OE-core] [kirkstone][PATCH] yocto-check-layer: Allow OE-Core to be tested
From: Richard Purdie For unknown reasons we've never seemingly run the check layer script against OE-Core itself. This isn't entirely straightforward as the core layer is a bit of a special case, we can't for example compare signatures against ourselve and we can't remove core from bblayers.conf. Core does have distro, machine and software components too, in the case of distro, our fallback default settings. Whilst the qemu machines could be split into a seperate layer directory, core wouldn't then parse at all standalone due to the lack of any machine so it seems a bit pointless to do that. These changes tweak the script to handle core's special cases, specifically to allow distro and machine directories and to account for the README placed a directory level higher than other layers. Signed-off-by: Richard Purdie Signed-off-by: Alexandre Belloni --- scripts/lib/checklayer/__init__.py | 11 --- scripts/lib/checklayer/cases/bsp.py| 2 +- scripts/lib/checklayer/cases/common.py | 3 +++ scripts/lib/checklayer/cases/distro.py | 2 +- scripts/yocto-check-layer | 5 ++--- 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py index aa946f3036..938805289e 100644 --- a/scripts/lib/checklayer/__init__.py +++ b/scripts/lib/checklayer/__init__.py @@ -16,6 +16,7 @@ class LayerType(Enum): BSP = 0 DISTRO = 1 SOFTWARE = 2 +CORE = 3 ERROR_NO_LAYER_CONF = 98 ERROR_BSP_DISTRO = 99 @@ -106,7 +107,13 @@ def _detect_layer(layer_path): if distros: is_distro = True -if is_bsp and is_distro: +layer['collections'] = _get_layer_collections(layer['path']) + +if layer_name == "meta" and "core" in layer['collections']: +layer['type'] = LayerType.CORE +layer['conf']['machines'] = machines +layer['conf']['distros'] = distros +elif is_bsp and is_distro: layer['type'] = LayerType.ERROR_BSP_DISTRO elif is_bsp: layer['type'] = LayerType.BSP @@ -117,8 +124,6 @@ def _detect_layer(layer_path): else: layer['type'] = LayerType.SOFTWARE -layer['collections'] = _get_layer_collections(layer['path']) - return layer def detect_layers(layer_directories, no_auto): diff --git a/scripts/lib/checklayer/cases/bsp.py b/scripts/lib/checklayer/cases/bsp.py index a80a5844da..b76163fb56 100644 --- a/scripts/lib/checklayer/cases/bsp.py +++ b/scripts/lib/checklayer/cases/bsp.py @@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase class BSPCheckLayer(OECheckLayerTestCase): @classmethod def setUpClass(self): -if self.tc.layer['type'] != LayerType.BSP: +if self.tc.layer['type'] not in (LayerType.BSP, LayerType.CORE): raise unittest.SkipTest("BSPCheckLayer: Layer %s isn't BSP one." %\ self.tc.layer['name']) diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py index 491a13953c..722d3cf638 100644 --- a/scripts/lib/checklayer/cases/common.py +++ b/scripts/lib/checklayer/cases/common.py @@ -12,6 +12,9 @@ from checklayer.case import OECheckLayerTestCase class CommonCheckLayer(OECheckLayerTestCase): def test_readme(self): +if self.tc.layer['type'] == LayerType.CORE: +raise unittest.SkipTest("Core layer's README is top level") + # The top-level README file may have a suffix (like README.rst or README.txt). readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*')) self.assertTrue(len(readme_files) > 0, diff --git a/scripts/lib/checklayer/cases/distro.py b/scripts/lib/checklayer/cases/distro.py index f0bee5493c..a35332451c 100644 --- a/scripts/lib/checklayer/cases/distro.py +++ b/scripts/lib/checklayer/cases/distro.py @@ -11,7 +11,7 @@ from checklayer.case import OECheckLayerTestCase class DistroCheckLayer(OECheckLayerTestCase): @classmethod def setUpClass(self): -if self.tc.layer['type'] != LayerType.DISTRO: +if self.tc.layer['type'] not in (LayerType.DISTRO, LayerType.CORE): raise unittest.SkipTest("DistroCheckLayer: Layer %s isn't Distro one." %\ self.tc.layer['name']) diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer index 0e5b75b1f7..67cc71950f 100755 --- a/scripts/yocto-check-layer +++ b/scripts/yocto-check-layer @@ -168,14 +168,13 @@ def main(): layers_tested = 0 for layer in layers: -if layer['type'] == LayerType.ERROR_NO_LAYER_CONF or \ -layer['type'] == LayerType.ERROR_BSP_DISTRO: +if layer['type'] in (LayerType.ERROR_NO_LAYER_CONF, LayerType.ERROR_BSP_DISTRO): continue # Reset to a clean backup copy for each run shutil.copyfile(bblayersconf + '.backup', bblayersconf) -if check_bblayers(bblayersconf, layer['path'], logger): +if
Re: [OE-Core][master][PATCH] openssh: remove RRECOMMENDS to rng-tools for sshd package
In the kernel is the jitter entropy system. It should work on all platforms that have high res timers available. (This is the same mechanism that haveged was using before as well. So no change in the RNG quality, just now built into the kernel itself.) The only place we've observed an issue with the new approach is on a qemu machine that was moderately loaned. The jitter was apparently too large (our theory) and caused the crng init to happen VERY slowly. (This would not have been resolved using rngd.) All-in-all, I thought this change had already been made, and think it should go in. (We tested this on microblaze, and performance with and without haveged was the same. I don't have number, but I expect the same behaviors on any architecture.) --Mark On 12/9/22 11:02 AM, Khem Raj wrote: would be good to know some numbers on non-arm/non-x86 systems too. On Thu, Dec 8, 2022 at 11:05 PM Xiangyu Chen wrote: It appears that rngd is not needed as of linux-5.6 and later[1] and should not be installed by default since the purpose of rngd is to provide additional trusted sources of entropy. We did some testing on real hardware, the result seems to support that we no longer need rngd by default on kernel v5.6 and later. Testing result as below: 1. observing the crng init stage. the "random: crng init done" always available before fs being mounted. 2. generating random number without rngd. testing command: dd if=/dev/random of=/dev/null status=progress on Marvell CN96xx RDB board, speed almost 20.4 MB/s without block on NXP i.mx6q board, speed almost 31.9 MB/s without block on qemu x86-64, speed almost 2.6MB/s without block 3. using rngtest command without rngd testing command: rngtest -c 1000 https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 Signed-off-by: Xiangyu Chen --- meta/recipes-connectivity/openssh/openssh_9.1p1.bb | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb index 85f97b1bbb..23ae8d5b0c 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.1p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.1p1.bb @@ -52,15 +52,12 @@ SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -PACKAGECONFIG ??= "rng-tools" +PACKAGECONFIG ??= "" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" -# Add RRECOMMENDS to rng-tools for sshd package -PACKAGECONFIG[rng-tools] = "" - EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd @@ -160,10 +157,6 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS:${PN}-sshd:append:class-target = "\ -${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ -" - # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174478): https://lists.openembedded.org/g/openembedded-core/message/174478 Mute This Topic: https://lists.openembedded.org/mt/95556189/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] sanity: Update minimum python version to 3.8
Bitbake is moving to a minimum python version of 3.8, update OE-Core to match to make things consistent. Signed-off-by: Richard Purdie --- meta/classes-global/sanity.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 6cb0d6cf882..8dfd59f457e 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass @@ -759,10 +759,10 @@ def check_sanity_everybuild(status, d): if 0 == os.getuid(): raise_sanity_error("Do not use Bitbake as root.", d) -# Check the Python version, we now have a minimum of Python 3.6 +# Check the Python version, we now have a minimum of Python 3.8 import sys -if sys.hexversion < 0x030600F0: -status.addresult('The system requires at least Python 3.6 to run. Please update your Python interpreter.\n') +if sys.hexversion < 0x030800F0: +status.addresult('The system requires at least Python 3.8 to run. Please update your Python interpreter.\n') # Check the bitbake version meets minimum requirements minversion = d.getVar('BB_MIN_VERSION') -- 2.37.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174477): https://lists.openembedded.org/g/openembedded-core/message/174477 Mute This Topic: https://lists.openembedded.org/mt/95603906/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] go-crosssdk: avoid host contamination by GOCACHE
From: Robert Andersson By default GOCACHE is set to $HOME/.cache. Same issue for all other go recipes had been fixed by commit 9a6d208b: [ go: avoid host contamination by GOCACHE ] but that commit missed go-crosssdk recipe. Signed-off-by: Robert Andersson Signed-off-by: Ming Liu --- meta/recipes-devtools/go/go-crosssdk.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/go/go-crosssdk.inc b/meta/recipes-devtools/go/go-crosssdk.inc index cd23cca2fe..766938670a 100644 --- a/meta/recipes-devtools/go/go-crosssdk.inc +++ b/meta/recipes-devtools/go/go-crosssdk.inc @@ -4,6 +4,8 @@ DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk virtual/nativesdk-${TA PN = "go-crosssdk-${SDK_SYS}" PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk" +export GOCACHE = "${B}/.cache" + do_configure[noexec] = "1" do_compile() { -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174476): https://lists.openembedded.org/g/openembedded-core/message/174476 Mute This Topic: https://lists.openembedded.org/mt/95603035/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] lib/sstatesig: Drop OEBasic siggen
We're now used to using hashes as part of the task hashes and the sstate code relies on this. The older OEBasic hash approach therefore wouldn't work and can be removed. Signed-off-by: Richard Purdie --- meta/lib/oe/sstatesig.py | 10 -- 1 file changed, 10 deletions(-) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index bf48aed7e11..f0224454c93 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -101,15 +101,6 @@ def sstate_lockedsigs(d): sigs[pn][task] = [h, siggen_lockedsigs_var] return sigs -class SignatureGeneratorOEBasic(bb.siggen.SignatureGeneratorBasic): -name = "OEBasic" -def init_rundepcheck(self, data): -self.abisaferecipes = (data.getVar("SIGGEN_EXCLUDERECIPES_ABISAFE") or "").split() -self.saferecipedeps = (data.getVar("SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS") or "").split() -pass -def rundep_check(self, fn, recipename, task, dep, depname, dataCaches = None): -return sstate_rundepfilter(self, fn, recipename, task, dep, depname, dataCaches) - class SignatureGeneratorOEBasicHashMixIn(object): supports_multiconfig_datacaches = True @@ -326,7 +317,6 @@ class SignatureGeneratorOEEquivHash(SignatureGeneratorOEBasicHashMixIn, bb.sigge bb.fatal("OEEquivHash requires SSTATE_HASHEQUIV_METHOD to be set") # Insert these classes into siggen's namespace so it can see and select them -bb.siggen.SignatureGeneratorOEBasic = SignatureGeneratorOEBasic bb.siggen.SignatureGeneratorOEBasicHash = SignatureGeneratorOEBasicHash bb.siggen.SignatureGeneratorOEEquivHash = SignatureGeneratorOEEquivHash -- 2.37.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174475): https://lists.openembedded.org/g/openembedded-core/message/174475 Mute This Topic: https://lists.openembedded.org/mt/95602001/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for langdale on Sun 11 Dec 2022 03:30:01 AM HST
Branch: langdale New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 13 unpatched CVEs CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * CVE-2022-39260 (CVSS3: 8.8 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174474): https://lists.openembedded.org/g/openembedded-core/message/174474 Mute This Topic: https://lists.openembedded.org/mt/95599369/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for kirkstone on Sun 11 Dec 2022 03:00:01 AM HST
Branch: kirkstone New this week: 2 CVEs CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * Removed this week: 11 CVEs CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 * CVE-2022-2868 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 * CVE-2022-3570 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 * CVE-2022-3597 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 * CVE-2022-3598 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 * CVE-2022-3599 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 * CVE-2022-3626 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 * CVE-2022-3627 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 * CVE-2022-3970 (CVSS3: 9.8 CRITICAL): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3970 * CVE-2022-42915 (CVSS3: 9.8 CRITICAL): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42915 * CVE-2022-42916 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42916 * Full list: Found 21 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-2879 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39377 (CVSS3: 9.8 CRITICAL): sysstat https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39377 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-41715 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 * CVE-2022-41716 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174473): https://lists.openembedded.org/g/openembedded-core/message/174473 Mute This Topic: https://lists.openembedded.org/mt/95598960/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for dunfell on Sun 11 Dec 2022 02:30:01 AM HST
Branch: dunfell New this week: 2 CVEs CVE-2022-35260 (CVSS3: 6.5 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260 * CVE-2022-4292 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4292 * Removed this week: 19 CVEs CVE-2021-33194 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 * CVE-2021-33195 (CVSS3: 7.3 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 * CVE-2021-33198 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 * CVE-2021-41772 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41772 * CVE-2021-44716 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44716 * CVE-2021-46848 (CVSS3: 9.1 CRITICAL): libtasn1:libtasn1-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46848 * CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 * CVE-2022-24921 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24921 * CVE-2022-28131 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28131 * CVE-2022-28327 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28327 * CVE-2022-29804 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29804 * CVE-2022-30580 (CVSS3: 7.8 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30580 * CVE-2022-30630 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30630 * CVE-2022-3705 (CVSS3: 7.5 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-43995 (CVSS3: 7.1 HIGH): sudo https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43995 * CVE-2022-44638 (CVSS3: 8.8 HIGH): pixman:pixman-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44638 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * Full list: Found 91 unpatched CVEs CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 * CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk
[OE-core] OE-core CVE metrics for master on Sun 11 Dec 2022 02:00:01 AM HST
Branch: master New this week: 0 CVEs Removed this week: 4 CVEs CVE-2022-36227 (CVSS3: 9.8 CRITICAL): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36227 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4141 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4141 * Full list: Found 4 unpatched CVEs CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174471): https://lists.openembedded.org/g/openembedded-core/message/174471 Mute This Topic: https://lists.openembedded.org/mt/95598333/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-