[OE-core][kirkstone 32/32] selftest/virgl: use pkg-config from the host
From: Alexander Kanavin The check needs to report dri location on the host machine, so pkg-config binary needs to be capable of finding the needed dri.pc file on the host, and therefore needs to know where host .pc files are located. This may not be the case when using pkg-config from buildtools, so this forces usage of host pkg-config. runqemu already does the same PATH tweak, so this simply brings the two in sync. Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit f0521f8a3ba7e15482756529ee7b0a95b3d53e7d) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index 857737f730..858f12ec90 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -263,7 +263,7 @@ class TestImage(OESelftestTestCase): except FileNotFoundError: self.fail("/dev/dri directory does not exist; no render nodes available on this machine. %s" %(render_hint)) try: -dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True) +dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True) except subprocess.CalledProcessError as e: self.fail("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.") qemu_distrofeatures = get_bb_var('DISTRO_FEATURES', 'qemu-system-native') -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176296): https://lists.openembedded.org/g/openembedded-core/message/176296 Mute This Topic: https://lists.openembedded.org/mt/96466404/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 31/32] lib/oe/reproducible: Use git log without gpg signature
From: Benoît Mauduit Previously, if "showSignature" is present in user gitconfig, parsing of the timestamp will fail. Ideally we should replace this command with a git plumbing command. Signed-off-by: Benoît Mauduit Signed-off-by: Alexandre Belloni (cherry picked from commit 3bd6f78f79b3d3e87d8db1e11f58d8021f929843) Signed-off-by: Steve Sakoman --- meta/lib/oe/reproducible.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/reproducible.py b/meta/lib/oe/reproducible.py index 2e815df190..768fd4f19c 100644 --- a/meta/lib/oe/reproducible.py +++ b/meta/lib/oe/reproducible.py @@ -113,7 +113,8 @@ def get_source_date_epoch_from_git(d, sourcedir): return None bb.debug(1, "git repository: %s" % gitpath) -p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE) +p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], + check=True, stdout=subprocess.PIPE) return int(p.stdout.decode('utf-8')) def get_source_date_epoch_from_youngest_file(d, sourcedir): -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176295): https://lists.openembedded.org/g/openembedded-core/message/176295 Mute This Topic: https://lists.openembedded.org/mt/96466403/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 30/32] at: Change when files are copied
From: Saul Wold The create_spdx code relies on patched code, if files are changed or added during the do_configure phase they will be missed by the create_spdx process. So we need to ensure files modifications/additions happen in the do_patch phase. Signed-off-by: Saul Wold Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 227c46fe48b64de7574f7b6b407b8c13be71b392) Signed-off-by: Steve Sakoman --- meta/recipes-extended/at/at_3.2.5.bb | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/at/at_3.2.5.bb b/meta/recipes-extended/at/at_3.2.5.bb index 87a436173f..c0c876a644 100644 --- a/meta/recipes-extended/at/at_3.2.5.bb +++ b/meta/recipes-extended/at/at_3.2.5.bb @@ -52,8 +52,10 @@ INITSCRIPT_PARAMS = "defaults" SYSTEMD_SERVICE:${PN} = "atd.service" -do_configure:prepend() { - cp -f ${WORKDIR}/posixtm.[ch] ${S} +do_patch[postfuncs] += "copy_posix_files" + +copy_posix_files() { +cp -f ${WORKDIR}/posixtm.[ch] ${S} } do_install () { -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176294): https://lists.openembedded.org/g/openembedded-core/message/176294 Mute This Topic: https://lists.openembedded.org/mt/96466402/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 29/32] toolchain-scripts: compatibility with unbound variable protection
From: Jan Kircher Fixed an error when Bash's unbound variable protection is enabled (set -u) and variable "LD_LIBRARY_PATH" does not exist. Signed-off-by: Jan Kircher Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 85685370b0ad93291cda59fb091a15eeecf5e0d5) Signed-off-by: Steve Sakoman --- meta/classes/toolchain-scripts.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass index 1d7c703748..d2562b5d38 100644 --- a/meta/classes/toolchain-scripts.bbclass +++ b/meta/classes/toolchain-scripts.bbclass @@ -31,7 +31,7 @@ toolchain_create_sdk_env_script () { echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script echo '# Only disable this check if you are absolutely know what you are doing!' >> $script - echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script + echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script echo "echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script echo "echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script echo 'echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176293): https://lists.openembedded.org/g/openembedded-core/message/176293 Mute This Topic: https://lists.openembedded.org/mt/96466401/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 28/32] libseccomp: fix typo in DESCRIPTION
From: Chen Qi Fix typo in DESCRIPTION: and -> an. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 349e63045298054f9454025d793c67284fce750b) Signed-off-by: Steve Sakoman --- meta/recipes-support/libseccomp/libseccomp_2.5.3.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb index 4c0fb1d7b3..1f43686ade 100644 --- a/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb @@ -1,5 +1,5 @@ SUMMARY = "interface to seccomp filtering mechanism" -DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." +DESCRIPTION = "The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp." HOMEPAGE = "https://github.com/seccomp/libseccomp; SECTION = "security" LICENSE = "LGPL-2.1-only" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176292): https://lists.openembedded.org/g/openembedded-core/message/176292 Mute This Topic: https://lists.openembedded.org/mt/96466400/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 27/32] dhcpcd: backport two patches to fix runtime error
From: Chen Qi In case of nodistro, dhcpcd gives us 'Bad system call' error and exits. This is because there are syscalls that should be allowed but not in privsep. Backport two patches to fix this issue. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit f1e6a0c16d6685096ec9313301aa431e73d02c07) Signed-off-by: Steve Sakoman --- .../dhcpcd/dhcpcd_9.4.1.bb| 2 ++ ...low-getrandom-sysctl-for-newer-glibc.patch | 30 ++ ...sep-Allow-newfstatat-syscall-as-well.patch | 31 +++ 3 files changed, 63 insertions(+) create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch create mode 100644 meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 1d03de09c8..5cf77fa0f6 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -14,6 +14,8 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/; SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ + file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ + file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \ file://dhcpcd.service \ file://dhcpcd@.service \ " diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch new file mode 100644 index 00..68ab93416a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch @@ -0,0 +1,30 @@ +From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Fri, 26 Aug 2022 09:08:36 +0100 +Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc + +Fixes #120 + +Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b] +Signed-off-by: Chen Qi +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index b238644b..479a1d82 100644 +--- a/src/privsep-linux.c b/src/privsep-linux.c +@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_getpid + SECCOMP_ALLOW(__NR_getpid), + #endif ++#ifdef __NR_getrandom ++ SECCOMP_ALLOW(__NR_getrandom), ++#endif + #ifdef __NR_getsockopt + /* For route socket overflow */ + SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET), +-- +2.17.1 + diff --git a/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch new file mode 100644 index 00..c5d2cba305 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch @@ -0,0 +1,31 @@ +From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Fri, 26 Aug 2022 09:24:50 +0100 +Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well + +Allows newer glibc variants to work apparently. +As reported in #84 and #89. + +Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] +Signed-off-by: Chen Qi +--- + src/privsep-linux.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 479a1d82..6327b1bc 100644 +--- a/src/privsep-linux.c b/src/privsep-linux.c +@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { + #ifdef __NR_nanosleep + SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ + #endif ++#ifdef __NR_newfstatat ++ SECCOMP_ALLOW(__NR_newfstatat), ++#endif + #ifdef __NR_ppoll + SECCOMP_ALLOW(__NR_ppoll), + #endif +-- +2.17.1 + -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176291): https://lists.openembedded.org/g/openembedded-core/message/176291 Mute This Topic: https://lists.openembedded.org/mt/96466399/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 26/32] harfbuzz: remove bindir only if it exists
From: Petr Kubizňák In some scenarios (e.g. when "glib" removed from PACKAGECONFIG), "${D}${bindir}" might not exist which caused `rmdir` to fail. Signed-off-by: Petr Kubizňák Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 21261072cbe0056e85550a0710de142fab8943e4) Signed-off-by: Steve Sakoman --- meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb index b639c276db..bdbb322e42 100644 --- a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb +++ b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb @@ -35,9 +35,9 @@ PACKAGES =+ "${PN}-icu ${PN}-icu-dev ${PN}-subset" LEAD_SONAME = "libharfbuzz.so" do_install:append() { -# If no tools are installed due to PACKAGECONFIG then this directory is -#still installed, so remove it to stop packaging wanings. -rmdir --ignore-fail-on-non-empty ${D}${bindir} +# If no tools are installed due to PACKAGECONFIG then this directory might +# still be installed, so remove it to stop packaging warnings. +[ ! -d ${D}${bindir} ] || rmdir --ignore-fail-on-non-empty ${D}${bindir} } FILES:${PN}-icu = "${libdir}/libharfbuzz-icu.so.*" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176290): https://lists.openembedded.org/g/openembedded-core/message/176290 Mute This Topic: https://lists.openembedded.org/mt/96466398/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 25/32] tiff: Add packageconfig knob for webp
From: Khem Raj tiff-native otherwise falsely detects webp if its installed on build host. This ensures deterministic behavior regardless of host. Signed-off-by: Khem Raj Signed-off-by: Richard Purdie (cherry picked from commit 718c44f282310b2ca85877fed706460ccc1eebea) Signed-off-by: Steve Sakoman --- meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index b3737f962e..ef4fa97585 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -60,6 +60,7 @@ PACKAGECONFIG[jbig] = "--enable-jbig,--disable-jbig,jbig," PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg," PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib," PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz," +PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp," # Convert single-strip uncompressed images to multiple strips of specified # size (default: 8192) to reduce memory usage -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176289): https://lists.openembedded.org/g/openembedded-core/message/176289 Mute This Topic: https://lists.openembedded.org/mt/96466397/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 24/32] kernel-fitimage: Allow user to select dtb when multiple dtb exists
From: Sandeep Gundlupet Raju Allow user to select the default DTB for FIT image when multiple dtb's exists. >From machine.conf or local.conf user can specify the default dtb for FIT image as shown below. FIT_CONF_DEFAULT_DTB = "board-default.dtb" Also fallback to avaialable dtb when FIT_CONF_DEFAULT_DTB doesn't exits or empty. Signed-off-by: Sandeep Gundlupet Raju Signed-off-by: Steve Sakoman (cherry picked from commit cd397284fa5f17de7e0a0d4b6b26fb8b56c3cd48) Signed-off-by: Steve Sakoman --- meta/classes/kernel-fitimage.bbclass | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 3cd4a45bbe..27e17db951 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -67,6 +67,9 @@ FIT_CONF_PREFIX[doc] = "Prefix to use for FIT configuration node name" FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio" +# Allow user to select the default DTB for FIT image when multiple dtb's exists. +FIT_CONF_DEFAULT_DTB ?= "" + # Keys used to sign individually image nodes. # The keys to sign image nodes must be different from those used to sign # configuration nodes, otherwise the "required" property, from @@ -369,6 +372,7 @@ fitimage_emit_section_config() { bootscr_line="" setup_line="" default_line="" + default_dtb_image="${FIT_CONF_DEFAULT_DTB}" # conf node name is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID @@ -411,7 +415,17 @@ fitimage_emit_section_config() { # default node is selected based on dtb ID if it is present, # otherwise its selected based on kernel ID if [ -n "$dtb_image" ]; then - default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + # Select default node as user specified dtb when + # multiple dtb exists. + if [ -n "$default_dtb_image" ]; then + if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then + default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" + else + bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" + fi + else + default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" + fi else default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" fi -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176288): https://lists.openembedded.org/g/openembedded-core/message/176288 Mute This Topic: https://lists.openembedded.org/mt/96466396/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 23/32] kernel-fitimage: Adjust order of dtb/dtbo files
From: Sandeep Gundlupet Raju The dtb files must be before the dtbo files, otherwise the overlays may not be applied correctly. >From Bruce Ashfield: We can split between dtbs and dtbos, they just need to be sorted for reproducibility reasons. Of course, this was only working by luck previously (before the sort), since it has always been gathering dtbs and dtbo's with find, depending on filesystem ordering for the order in the fitimage). Signed-off-by: Sandeep Gundlupet Raju Signed-off-by: Steve Sakoman (cherry picked from commit 3df94d3c93707f03c501f8aa56450457d0f7fb71) Signed-off-by: Steve Sakoman --- meta/classes/kernel-fitimage.bbclass | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass index 983392c23a..3cd4a45bbe 100644 --- a/meta/classes/kernel-fitimage.bbclass +++ b/meta/classes/kernel-fitimage.bbclass @@ -540,10 +540,11 @@ fitimage_assemble() { if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then dtbcount=1 - for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do + for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \ + $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do DTB=$(echo "$DTB" | tr '/' '_') - # Skip DTB if we've picked it up previously + # Skip DTB/DTBO if we've picked it up previously echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue DTBS="$DTBS $DTB" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176287): https://lists.openembedded.org/g/openembedded-core/message/176287 Mute This Topic: https://lists.openembedded.org/mt/96466395/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 22/32] busybox: rm temporary files if do_compile was interrupted
From: Antonin Godard To avoid working with undeterministic config files, remove all the temporary files to start from scratch. Signed-off-by: Richard Purdie (cherry picked from commit 74cd440c4e3df0ed3b81cf5c60a3f92e0dd3fe6c) Signed-off-by: Steve Sakoman --- meta/recipes-core/busybox/busybox.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index dff4a5dec9..62dc839245 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -154,6 +154,9 @@ do_compile() { cp include/autoconf.h.orig include/autoconf.h if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then + # Guard againt interrupted do_compile: clean temporary files. + rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + # split the .config into two parts, and make two busybox binaries oe_runmake busybox.cfg.suid oe_runmake busybox.cfg.nosuid -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176286): https://lists.openembedded.org/g/openembedded-core/message/176286 Mute This Topic: https://lists.openembedded.org/mt/96466394/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 21/32] busybox: always start do_compile with orig config files
From: Antonin Godard When compiling busybox a second time (e.g. with `compile -f`), busybox can use an altered autoconf.h file for compiling, which can ultimately produces different and unwanted binaries. This can produce errors like this one: ERROR: busybox-1.35.0-r0 do_package: Error executing a python function in exec_func_python() autogenerated: The stack trace of python calls that resulted in this exception/failure was: File: 'exec_func_python() autogenerated', lineno: 2, function: 0001: *** 0002:ptest_update_alternatives(d) 0003: File: '…/poky/meta/classes/ptest.bbclass', lineno: 100, function: ptest_update_alternatives 0096:for alt_name, alt_link, alt_target, _ in alternatives: 0097:# Some alternatives are for man pages, 0098:# check if the alternative is in PATH 0099:if os.path.dirname(alt_link) in bin_paths: *** 0100:os.symlink(alt_target, os.path.join(ptest_bindir, alt_name)) 0101:} 0102: 0103:do_configure_ptest_base[dirs] = "${B}" 0104:do_compile_ptest_base[dirs] = "${B}" Exception: FileExistsError: [Errno 17] File exists: '/bin/busybox.suid' -> '…/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login' This happens because ALTERNATIVE:busybox contains `/bin/login` twice, initially that's because `/bin/login` is present in both busybox.links.suid and busybox.links.nosuid. The reason for that is because of the altered autoconf.h. Steps to reproduce above error: bitbake busybox -c clean bitbake busybox -c package -f bitbake busybox -c compile -f bitbake busybox -c package -f This patch guards against potential bugs by: - making a backup of .config and autoconf.h that have matching timestamps. - make sure do_compile always starts with these files. - restore .config and autoconf.h at the end of do_compile. Signed-off-by: Richard Purdie (cherry picked from commit 6b4a0f063edcfe0a5a4f418842e86ac0c46d9cad) Signed-off-by: Steve Sakoman --- meta/recipes-core/busybox/busybox.inc | 23 +++ 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index 5f1c473d5e..dff4a5dec9 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -138,19 +138,23 @@ do_configure () { do_prepare_config merge_config.sh -m .config ${@" ".join(find_cfgs(d))} cml1_do_configure + + # Save a copy of .config and autoconf.h. + cp .config .config.orig + cp include/autoconf.h include/autoconf.h.orig } do_compile() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS export KCONFIG_NOTIMESTAMP=1 + # Ensure we start do_compile with the original .config and autoconf.h. + # These files should always have matching timestamps. + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h + if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then # split the .config into two parts, and make two busybox binaries - if [ -e .config.orig ]; then - # Need to guard again an interrupted do_compile - restore any backup - cp .config.orig .config - fi - cp .config .config.orig oe_runmake busybox.cfg.suid oe_runmake busybox.cfg.nosuid @@ -187,15 +191,18 @@ do_compile() { bbfatal "busybox suid binary incorrectly provides /bin/sh" fi - # copy .config.orig back to .config, because the install process may check this file - cp .config.orig .config # cleanup - rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps + rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps else oe_runmake busybox_unstripped cp busybox_unstripped busybox oe_runmake busybox.links fi + + # restore original .config and autoconf.h, because the install process + # may check these files + cp .config.orig .config + cp include/autoconf.h.orig include/autoconf.h } do_install () { -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176285): https://lists.openembedded.org/g/openembedded-core/message/176285 Mute This Topic: https://lists.openembedded.org/mt/96466393/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 20/32] classes: image: Set empty weak default IMAGE_LINGUAS
From: Alex Kiernan This is already set in default-distrovars.inc and so this assignment will almost never succeed. Rather than leaving it to confuse, set an empty weak default. Signed-off-by: Alex Kiernan Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit eb402948158659da7de0fbbb1bb403c8dad06e2b) Signed-off-by: Steve Sakoman --- meta/classes/image.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 2139a7e576..c424c4c41d 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -177,8 +177,7 @@ python () { IMAGE_POSTPROCESS_COMMAND ?= "" -# some default locales -IMAGE_LINGUAS ?= "de-de fr-fr en-gb" +IMAGE_LINGUAS ??= "" LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176284): https://lists.openembedded.org/g/openembedded-core/message/176284 Mute This Topic: https://lists.openembedded.org/mt/96466391/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 19/32] gcc: Refactor linker patches and fix linker on arm with usrmerge
From: Pavel Zhukov Backport fix from master to allow gcc to use proper linker path for musl [Yocto #14977]. Fixes: | qemu-arm: Could not open '/lib/ld-musl-armhf.so.1': No such file or directory Signed-off-by: Pavel Zhukov Signed-off-by: Steve Sakoman --- meta/recipes-devtools/gcc/gcc-11.3.inc| 1 - ...rm-add-armv9-a-architecture-to-march.patch | 89 +++--- ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 269 +- ...s-fix-v4bx-to-linker-to-support-EABI.patch | 10 +- ...019-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 25 -- 5 files changed, 245 insertions(+), 149 deletions(-) delete mode 100644 meta/recipes-devtools/gcc/gcc/0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.3.inc index 27074a06ae..ab2ece3cce 100644 --- a/meta/recipes-devtools/gcc/gcc-11.3.inc +++ b/meta/recipes-devtools/gcc/gcc-11.3.inc @@ -48,7 +48,6 @@ SRC_URI = "\ file://0016-If-CXXFLAGS-contains-something-unsupported-by-the-bu.patch \ file://0017-handle-sysroot-support-for-nativesdk-gcc.patch \ file://0018-Search-target-sysroot-gcc-version-specific-dirs-with.patch \ - file://0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch \ file://0020-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch \ file://0021-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch \ file://0022-sync-gcc-stddef.h-with-musl.patch \ diff --git a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch index c38d1b9119..864c8b3017 100644 --- a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch +++ b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch @@ -43,10 +43,10 @@ Signed-off-by: Ruiqiang Hao gcc/testsuite/lib/target-supports.exp | 3 ++- 9 files changed, 79 insertions(+), 8 deletions(-) -diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in -index bcc9ebe9f..58d83829c 100644 a/gcc/config/arm/arm-cpus.in -+++ b/gcc/config/arm/arm-cpus.in +Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in +=== +--- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in gcc-11.3.0/gcc/config/arm/arm-cpus.in @@ -132,6 +132,9 @@ define feature cmse # Architecture rel 8.1-M. define feature armv8_1m_main @@ -57,7 +57,7 @@ index bcc9ebe9f..58d83829c 100644 # Floating point and Neon extensions. # VFPv1 is not supported in GCC. -@@ -293,6 +296,7 @@ define fgroup ARMv8m_base ARMv6m armv8 cmse tdiv +@@ -293,6 +296,7 @@ define fgroup ARMv8m_base ARMv6m armv8 c define fgroup ARMv8m_main ARMv7m armv8 cmse define fgroup ARMv8r ARMv8a define fgroup ARMv8_1m_main ARMv8m_main armv8_1m_main @@ -87,10 +87,10 @@ index bcc9ebe9f..58d83829c 100644 begin arch iwmmxt tune for iwmmxt tune flags LDSCHED STRONG XSCALE -diff --git a/gcc/config/arm/arm-tables.opt b/gcc/config/arm/arm-tables.opt -index 5692d4fb7..ae3dd9414 100644 a/gcc/config/arm/arm-tables.opt -+++ b/gcc/config/arm/arm-tables.opt +Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt +=== +--- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt gcc-11.3.0/gcc/config/arm/arm-tables.opt @@ -380,10 +380,13 @@ EnumValue Enum(arm_arch) String(armv8.1-m.main) Value(30) @@ -107,10 +107,10 @@ index 5692d4fb7..ae3dd9414 100644 Enum Name(arm_fpu) Type(enum fpu_type) -diff --git a/gcc/config/arm/arm.h b/gcc/config/arm/arm.h -index 47c13a9e5..088c7725c 100644 a/gcc/config/arm/arm.h -+++ b/gcc/config/arm/arm.h +Index: gcc-11.3.0/gcc/config/arm/arm.h +=== +--- gcc-11.3.0.orig/gcc/config/arm/arm.h gcc-11.3.0/gcc/config/arm/arm.h @@ -456,7 +456,8 @@ enum base_architecture BASE_ARCH_8A = 8, BASE_ARCH_8M_BASE = 8, @@ -121,10 +121,10 @@ index 47c13a9e5..088c7725c 100644 }; /* The major revision number of the ARM Architecture implemented by the target. */ -diff --git a/gcc/config/arm/t-aprofile b/gcc/config/arm/t-aprofile -index 8574ac3e2..68e2251c7 100644 a/gcc/config/arm/t-aprofile -+++ b/gcc/config/arm/t-aprofile +Index: gcc-11.3.0/gcc/config/arm/t-aprofile +=== +--- gcc-11.3.0.orig/gcc/config/arm/t-aprofile gcc-11.3.0/gcc/config/arm/t-aprofile @@ -26,8 +26,8 @@ # Arch and FPU variants to build libraries with @@ -136,7 +136,7 @@ index 8574ac3e2..68e2251c7 100644 # ARMv7-A - build nofp, fp-d16 and SIMD variants -@@ -46,6 +46,11 @@ MULTILIB_REQUIRED += mthumb/march=armv8-a/mfloat-abi=soft +@@ -46,6 +46,11 @@ MULTILIB_REQUIRED += mthumb/march=armv8- MULTILIB_REQUIRED += mthumb/march=armv8-a+simd/mfloat-abi=hard
[OE-core][kirkstone 18/32] vim: upgrade 9.0.0947 -> 9.0.1211
From: Randy MacLeod Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 Signed-off-by: Randy MacLeod Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 1c51068c78d12ee02789a6dbecf5e7e91d141af5) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index d86841efaa..9bc6881fce 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0947" -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" +PV .= ".1211" +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176282): https://lists.openembedded.org/g/openembedded-core/message/176282 Mute This Topic: https://lists.openembedded.org/mt/96466389/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 16/32] linux-yocto/5.15: update to v5.15.84
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: d68f50bfb00f Linux 5.15.84 972707bae3d7 net: fec: properly guard irq coalesce setup 289721fe0993 ASoC: ops: Correct bounds check for second channel on SX controls de0866b94a64 nvme-pci: clear the prp2 field when not used 8bffa95ac19f perf: Fix perf_pending_task() UaF 825bd2af4227 ASoC: cs42l51: Correct PGA Volume minimum value 91582b3a1ab2 net: fec: don't reset irq coalesce settings to defaults on "ip link up" c772dab247f1 can: mcba_usb: Fix termination command argument aa822de7de3b can: sja1000: fix size of OCR_MODE_MASK define 09e08740d78c pinctrl: meditatek: Startup with the IRQs disabled 172a95026f06 libbpf: Use page size as max_entries when probing ring buffer map cf611d786796 ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() a74b88e17025 ASoC: fsl_micfil: explicitly clear CHnF flags afac1e7d78eb ASoC: fsl_micfil: explicitly clear software reset bit 9d933af8fef3 nfp: fix use-after-free in area_cache_get() e1a4f5880d00 vfs: fix copy_file_range() averts filesystem freeze protection 86e28ed25b00 x86/vdso: Conditionally export __vdso_sgx_enter_enclave() fd6d66840b42 Linux 5.15.83 f895511de9d2 io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() f435c66d2336 io_uring: move to separate directory d9e1e5d8a74c block: move CONFIG_BLOCK guard to top Makefile e5c0bc4ff5b0 can: esd_usb: Allow REC and TEC to return to zero db6343a5b0d9 s390/qeth: fix use-after-free in hsci a56c1cebe4a0 s390/qeth: fix various format strings a6dba316c93e macsec: add missing attribute validation for offload 40500f1f4745 net: mvneta: Fix an out of bounds check b9274dbe3999 net: thunderbolt: fix memory leak in tbnet_open() 7390c70bd431 ipv6: avoid use-after-free in ip6_fragment() 1beb475892f7 net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() b08412a9cf26 net: phy: mxl-gpy: fix version reporting dec5abd91abc xen/netback: fix build warning 54d830e24247 dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() c7adcbd0fd3f ethernet: aeroflex: fix potential skb leak in greth_init_rings() d962d42d6376 tipc: call tipc_lxc_xmit without holding node_read_lock f3b5dda26cd0 net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() 5dab6fa068d7 ipv4: Fix incorrect route flushing when table ID 0 is used ac566bd5770f ipv4: Fix incorrect route flushing when source address is deleted af4ccae4b704 tipc: Fix potential OOB in tipc_link_proto_rcv() b8ce0e6f9f88 net: hisilicon: Fix potential use-after-free in hix5hd2_rx() 16854177745a net: mdio: fix unbalanced fwnode reference count in mdio_device_release() 6f4798ac9c9e net: hisilicon: Fix potential use-after-free in hisi_femac_rx() 114e65a22189 net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq 51c04945756a net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue 99eec0a766f9 ip_gre: do not report erspan version on GRE interface 2891957853f2 net: stmmac: fix "snps,axi-config" node property parsing 5cb8f1a784fd gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() b8c2f0392d1d nvme initialize core quirks before calling nvme_init_subsystem 908b2da426fe NFC: nci: Bounds check struct nfc_target arrays d841cc156304 i40e: Disallow ip4 and ip6 l4_4_bytes 625a13850b31 i40e: Fix for VF MAC address 0 5538794dbd42 i40e: Fix not setting default xps_cpus after reset a6b30598fec8 net: mvneta: Prevent out of bounds read in mvneta_config_rss() e6e897d4fe2f xen-netfront: Fix NULL sring after live migration eefd8953a748 octeontx2-pf: Fix potential memory leak in otx2_init_tc() f88acaed07b1 net: mdiobus: fix double put fwnode in the error path cc62d76928e0 net: mdiobus: fwnode_mdiobus_register_phy() rework error handling ea113b570eee net: encx24j600: Fix invalid logic in reading of MISTAT register 8aae746d065c net: encx24j600: Add parentheses to fix precedence a110287ef4a4 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() e046421bed5a selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload 4fa8988a36d5 net: dsa: sja1105: Check return value b35be171dfe6 net: dsa: hellcreek: Check return value a4c342e645d6 net: dsa: ksz: Check return value edf7284a9829 Bluetooth: Fix not cleanup led when bt_init fails 3322193949ac Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() 6c88c764e0c4 vmxnet3: use correct intrConf reference when using extended queues 5ad0d85757f8 vmxnet3: correctly report encapsulated LRO packet 5c014eb0ed6c af_unix: Get user_ns from in_skb in unix_diag_get_exact(). 807a01a32979 drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 eb96fd3983b2
[OE-core][kirkstone 17/32] linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit b457e6976e9e64a737517f9d9142ab290cdce214) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb| 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 22 +-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index dd9f940c7c..122fc0feac 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6a972b54f014ca67588d73f32058c42af0bd856e" -SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" +SRCREV_machine ?= "e53e73b907707b92b3433de7c9c776aa504b2d0b" +SRCREV_meta ?= "e77e5259a3d11efe417b164a0f3341c07ba2bc46" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 8aa2ee14f2..f060e22e84 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "6e85c80a960287ec238f53c91eeade3456044fa3" -SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" +SRCREV_machine ?= "ae2415ee19511e205a983bc8024700c1f794076a" +SRCREV_meta ?= "e77e5259a3d11efe417b164a0f3341c07ba2bc46" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index f28dae716b..bb48e158ab 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "24c30a8e9f8385f6d74785aa345f5731321b6c41" -SRCREV_machine:qemuarm64 ?= "c3caed57192735dc74adff939ea35af248a11177" -SRCREV_machine:qemumips ?= "3bed92886dc9177ce0076dada5056cbe83ec11f0" -SRCREV_machine:qemuppc ?= "45cbeb05d362ee51b7836a7faa07958670110c38" -SRCREV_machine:qemuriscv64 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" -SRCREV_machine:qemuriscv32 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" -SRCREV_machine:qemux86 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" -SRCREV_machine:qemux86-64 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" -SRCREV_machine:qemumips64 ?= "2642cdd862a63f5a8c2774f372f3d3424991b1b9" -SRCREV_machine ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" -SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" +SRCREV_machine:qemuarm ?= "8c0f02ba7db6a463ca3aef969441906706edb350" +SRCREV_machine:qemuarm64 ?= "42a14881ba8145b2d1bdfc019c603abe79aeafd4" +SRCREV_machine:qemumips ?= "1ea321a5c9c66edba818ddffcef2aa9910de552e" +SRCREV_machine:qemuppc ?= "14da484e7f2fc95e10abb4db96bc5fd6b444cb60" +SRCREV_machine:qemuriscv64 ?= "f100c753aa1f9638bfd476da0498b09fdee569d6" +SRCREV_machine:qemuriscv32 ?= "f100c753aa1f9638bfd476da0498b09fdee569d6" +SRCREV_machine:qemux86 ?= "f100c753aa1f9638bfd476da0498b09fdee569d6" +SRCREV_machine:qemux86-64 ?= "f100c753aa1f9638bfd476da0498b09fdee569d6" +SRCREV_machine:qemumips64 ?= "8db5fd5c032f44486ef52f34724d0452aa3a6fea" +SRCREV_machine ?= "f100c753aa1f9638bfd476da0498b09fdee569d6" +SRCREV_meta ?= "e77e5259a3d11efe417b164a0f3341c07ba2bc46" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176281): https://lists.openembedded.org/g/openembedded-core/message/176281 Mute This Topic: https://lists.openembedded.org/mt/96466388/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 15/32] linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: da5513f30187 libbpf: Fix build warning on ref_ctr_off Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit eb75d561256c794baf6c89c1975967343145da87) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb| 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 63294f5bb6..3dac2fbcd2 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "dcd3b533c5f6bc4698d5b09aa83ce9a4695df3b0" -SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" +SRCREV_machine ?= "6a972b54f014ca67588d73f32058c42af0bd856e" +SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 12e462228f..3dd2ecdf6f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "c7e10f06a33a546bcdd0b2e2909459b7572b5443" -SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" +SRCREV_machine ?= "6e85c80a960287ec238f53c91eeade3456044fa3" +SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 4e341713f6..dabbb82822 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "e5f2cf3560139bbaad54796c323d60e66cc19374" -SRCREV_machine:qemuarm64 ?= "d8835a4d4e9d4ea835316cd1843d62e30c5fef33" -SRCREV_machine:qemumips ?= "0f802d6525c21abe586c833074fece3e665a9ed9" -SRCREV_machine:qemuppc ?= "84f529230ca9f2ec20517821f7422d62e43ab808" -SRCREV_machine:qemuriscv64 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" -SRCREV_machine:qemuriscv32 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" -SRCREV_machine:qemux86 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" -SRCREV_machine:qemux86-64 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" -SRCREV_machine:qemumips64 ?= "ea2140a5f0cf7b8351982f60d3b30a4657ab0919" -SRCREV_machine ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" -SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" +SRCREV_machine:qemuarm ?= "24c30a8e9f8385f6d74785aa345f5731321b6c41" +SRCREV_machine:qemuarm64 ?= "c3caed57192735dc74adff939ea35af248a11177" +SRCREV_machine:qemumips ?= "3bed92886dc9177ce0076dada5056cbe83ec11f0" +SRCREV_machine:qemuppc ?= "45cbeb05d362ee51b7836a7faa07958670110c38" +SRCREV_machine:qemuriscv64 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" +SRCREV_machine:qemuriscv32 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" +SRCREV_machine:qemux86 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" +SRCREV_machine:qemux86-64 ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" +SRCREV_machine:qemumips64 ?= "2642cdd862a63f5a8c2774f372f3d3424991b1b9" +SRCREV_machine ?= "da5513f301871b972d5bc6fab284d3cb277e0a28" +SRCREV_meta ?= "72756ee16d7230f04fb6bbf0bb115e32a9d73d8d" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "71e496bd338221709b180b60ba419fa542c2b320" +SRCREV_machine:class-devupstream ?= "d68f50bfb00f6288e812be895ea5c77932a4b9dd" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176279): https://lists.openembedded.org/g/openembedded-core/message/176279 Mute This Topic: https://lists.openembedded.org/mt/96466386/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com]
[OE-core][kirkstone 14/32] linux-yocto/5.15: fix perf build with clang
From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: 4c5a089621a8 perf python: Account for multiple words in CC Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 1cf78a856beb42a2d68e6c49bfdbc33fea68ebb5) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb| 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 22 +-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index bd57d7c47e..63294f5bb6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "9860fe27332e09dd4f0f3b303e40377de083be9a" -SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" +SRCREV_machine ?= "dcd3b533c5f6bc4698d5b09aa83ce9a4695df3b0" +SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 8b83b5a8de..12e462228f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "86627fc3da74aefec1338724a597356e6b8ad88b" -SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" +SRCREV_machine ?= "c7e10f06a33a546bcdd0b2e2909459b7572b5443" +SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 0b373c40fe..4e341713f6 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "4915b05912ee7d15224eb9064ca63678f0bc6815" -SRCREV_machine:qemuarm64 ?= "660bf605998f60fd77f24d3316b95b14ef2fa035" -SRCREV_machine:qemumips ?= "38bf282c052b70c1c6dd79dc6ae49da1ec1c7de8" -SRCREV_machine:qemuppc ?= "ac4a5d99364cede21dc1838213f7fb29e1735969" -SRCREV_machine:qemuriscv64 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" -SRCREV_machine:qemuriscv32 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" -SRCREV_machine:qemux86 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" -SRCREV_machine:qemux86-64 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" -SRCREV_machine:qemumips64 ?= "2923c39cc815e2109c9bfc0985adcd8d342fc415" -SRCREV_machine ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" -SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" +SRCREV_machine:qemuarm ?= "e5f2cf3560139bbaad54796c323d60e66cc19374" +SRCREV_machine:qemuarm64 ?= "d8835a4d4e9d4ea835316cd1843d62e30c5fef33" +SRCREV_machine:qemumips ?= "0f802d6525c21abe586c833074fece3e665a9ed9" +SRCREV_machine:qemuppc ?= "84f529230ca9f2ec20517821f7422d62e43ab808" +SRCREV_machine:qemuriscv64 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" +SRCREV_machine:qemuriscv32 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" +SRCREV_machine:qemux86 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" +SRCREV_machine:qemux86-64 ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" +SRCREV_machine:qemumips64 ?= "ea2140a5f0cf7b8351982f60d3b30a4657ab0919" +SRCREV_machine ?= "4c5a089621a8f395f020f6c2f4c578aafa155011" +SRCREV_meta ?= "66de7a6f2687cdaf5169ce5b57dd35f508be1682" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176278): https://lists.openembedded.org/g/openembedded-core/message/176278 Mute This Topic: https://lists.openembedded.org/mt/96466385/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 13/32] linux-yocto/5.15: ltp and squashfs fixes
From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: 1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers 838f5d0701d8 fs: add mode_strip_sgid() helper d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 474ddb758dd1b327540e48ccfe1500fb4231f30b) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb| 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index fc1ccd9b39..bd57d7c47e 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,8 +11,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "a0d36398b257c555381e735cd721cd8479d6762d" -SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" +SRCREV_machine ?= "9860fe27332e09dd4f0f3b303e40377de083be9a" +SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 087c30b5a5..8b83b5a8de 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "1c3448ff6cc6d24d16c6ef6065cb642245cac627" -SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" +SRCREV_machine ?= "86627fc3da74aefec1338724a597356e6b8ad88b" +SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index d5f21daf35..0b373c40fe 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "d3aa5916b2b02966ef37bfe3fc527c99754571ec" -SRCREV_machine:qemuarm64 ?= "a1d364fbe3d8a916426a107f07b89fd0338923c7" -SRCREV_machine:qemumips ?= "904de7b55a7e8edf4cd894fb0558efee799a314a" -SRCREV_machine:qemuppc ?= "35d547b91124bef128a13402190ca05f54a2392e" -SRCREV_machine:qemuriscv64 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_machine:qemuriscv32 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_machine:qemux86 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_machine:qemux86-64 ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_machine:qemumips64 ?= "ae8ab2e3acaf9e14cd75a6c96f1ba43c66a1babd" -SRCREV_machine ?= "8cd3f1c8dc13e8fa2d9a25ce0285d3526705eea7" -SRCREV_meta ?= "f475b1a9deddbde23f48d7d535abdd5fb133b837" +SRCREV_machine:qemuarm ?= "4915b05912ee7d15224eb9064ca63678f0bc6815" +SRCREV_machine:qemuarm64 ?= "660bf605998f60fd77f24d3316b95b14ef2fa035" +SRCREV_machine:qemumips ?= "38bf282c052b70c1c6dd79dc6ae49da1ec1c7de8" +SRCREV_machine:qemuppc ?= "ac4a5d99364cede21dc1838213f7fb29e1735969" +SRCREV_machine:qemuriscv64 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" +SRCREV_machine:qemuriscv32 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" +SRCREV_machine:qemux86 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" +SRCREV_machine:qemux86-64 ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" +SRCREV_machine:qemumips64 ?= "2923c39cc815e2109c9bfc0985adcd8d342fc415" +SRCREV_machine ?= "1c5699ee85d4ffe1be2bea17f4587375bf3877f6" +SRCREV_meta ?= "c2d64b008142d2a2bc9c8cca8a3d579a62275122" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "509a32764e1a5692935c4f26ed96fbe94c480186" +SRCREV_machine:class-devupstream ?= "71e496bd338221709b180b60ba419fa542c2b320" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176277): https://lists.openembedded.org/g/openembedded-core/message/176277 Mute This Topic: https://lists.openembedded.org/mt/96466384/21656 Group Owner:
[OE-core][kirkstone 11/32] xwayland: upgrade 22.1.5 -> 22.1.7
From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c37ec8b2d91605d6eb5228f0a447fb83f111edc3) Signed-off-by: Steve Sakoman --- .../xwayland/{xwayland_22.1.5.bb => xwayland_22.1.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xwayland/{xwayland_22.1.5.bb => xwayland_22.1.7.bb} (95%) diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.7.bb similarity index 95% rename from meta/recipes-graphics/xwayland/xwayland_22.1.5.bb rename to meta/recipes-graphics/xwayland/xwayland_22.1.7.bb index 51d847a093..dd32bd0111 100644 --- a/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb +++ b/meta/recipes-graphics/xwayland/xwayland_22.1.7.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz; -SRC_URI[sha256sum] = "e317ac1f119f8321654921761420901e4abd95585a8c763ce26af3b045ac1672" +SRC_URI[sha256sum] = "d53afac6c71953f5cf66d03d289dacd8961da5bd309c1dff125d5955d9db5f76" UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176275): https://lists.openembedded.org/g/openembedded-core/message/176275 Mute This Topic: https://lists.openembedded.org/mt/96466382/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 12/32] xserver-xorg: upgrade 21.1.4 -> 21.1.6
From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 009e8d6a292690a0c355d12be2368a9677c701f5) Signed-off-by: Steve Sakoman --- ...possible-memleaks-in-XkbGetKbdByName.patch | 63 --- ...ntedString-against-request-length-at.patch | 38 --- ...-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} | 4 +- 3 files changed, 1 insertion(+), 104 deletions(-) delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} (80%) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch deleted file mode 100644 index 0e61ec5953..00 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch +++ /dev/null @@ -1,63 +0,0 @@ -CVE: CVE-2022-3551 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Wed, 13 Jul 2022 11:23:09 +1000 -Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName - -GetComponentByName returns an allocated string, so let's free that if we -fail somewhere. - -Signed-off-by: Peter Hutterer - xkb/xkb.c | 26 -- - 1 file changed, 20 insertions(+), 6 deletions(-) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index 4692895db..b79a269e3 100644 a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) - xkb = dev->key->xkbInfo->desc; - status = Success; - str = (unsigned char *) [1]; --if (GetComponentSpec(, TRUE, )) /* keymap, unsupported */ --return BadMatch; -+{ -+char *keymap = GetComponentSpec(, TRUE, ); /* keymap, unsupported */ -+if (keymap) { -+free(keymap); -+return BadMatch; -+} -+} - names.keycodes = GetComponentSpec(, TRUE, ); - names.types = GetComponentSpec(, TRUE, ); - names.compat = GetComponentSpec(, TRUE, ); - names.symbols = GetComponentSpec(, TRUE, ); - names.geometry = GetComponentSpec(, TRUE, ); --if (status != Success) -+if (status == Success) { -+len = str - ((unsigned char *) stuff); -+if ((XkbPaddedSize(len) / 4) != stuff->length) -+status = BadLength; -+} -+ -+if (status != Success) { -+free(names.keycodes); -+free(names.types); -+free(names.compat); -+free(names.symbols); -+free(names.geometry); - return status; --len = str - ((unsigned char *) stuff); --if ((XkbPaddedSize(len) / 4) != stuff->length) --return BadLength; -+} - - CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); - CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); --- -2.34.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch deleted file mode 100644 index 6f862e82f9..00 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch +++ /dev/null @@ -1,38 +0,0 @@ -CVE: CVE-2022-3550 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Tue, 5 Jul 2022 12:06:20 +1000 -Subject: [PATCH] xkb: proof GetCountedString against request length attacks - -GetCountedString did a check for the whole string to be within the -request buffer but not for the initial 2 bytes that contain the length -field. A swapped client could send a malformed request to trigger a -swaps() on those bytes, writing into random memory. - -Signed-off-by: Peter Hutterer - xkb/xkb.c | 5 + - 1 file changed, 5 insertions(+) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index f42f59ef3..1841cff26 100644 a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) - CARD16 len; - - wire = *wire_inout; -+ -+if (client->req_len < -+bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) -+return BadValue; -+ - len = *(CARD16 *) wire; - if (client->swapped) { - swaps(); --- -2.34.1 - diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.6.bb similarity index
[OE-core][kirkstone 10/32] linux-firmware: upgrade 20221109 -> 20221214
From: Alexander Kanavin License-Update: additional files Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 15f3a9f6c4406ddc00f7dc0ca7e1beafe9c71a9f) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20221109.bb => linux-firmware_20221214.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221109.bb => linux-firmware_20221214.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb index b05b960ebd..c2354e627f 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221109.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "ab4ba608dc4b757716871f9be033f0f1" +WHENCE_CHKSUM = "bf7c716d16e48fe118c6209f99b13253" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "c0ddffbbcf30f2e015bddd5c6d3ce1f13976b906aceabda4a57e3c41a3190701" +SRC_URI[sha256sum] = "e793783e92acbde549965521462d1d1327827360664cf242dbda08f075654331" inherit allarch -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176274): https://lists.openembedded.org/g/openembedded-core/message/176274 Mute This Topic: https://lists.openembedded.org/mt/96466381/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 08/32] Revert "libksba: fix CVE-2022-47629"
Prepare for stable version bump which includes this fix This reverts commit e4cb0bf273ea556db91699594046a47514c8583c. --- ...overflow-in-the-CRL-signature-parser.patch | 72 --- meta/recipes-support/libksba/libksba_1.6.2.bb | 3 +- 2 files changed, 1 insertion(+), 74 deletions(-) delete mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch diff --git a/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch b/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch deleted file mode 100644 index 8c0080d56b..00 --- a/meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch +++ /dev/null @@ -1,72 +0,0 @@ -From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Tue, 22 Nov 2022 16:36:46 +0100 -Subject: [PATCH] Fix an integer overflow in the CRL signature parser. - -* src/crl.c (parse_signature): N+N2 now checked for overflow. - -* src/ocsp.c (parse_response_extensions): Do not accept too large -values. -(parse_single_extensions): Ditto. --- - -The second patch is an extra safegourd not related to the reported -bug. - -CVE: CVE-2022-47629 - -Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070] - -GnuPG-bug-id: 6284 -Reported-by: Joseph Surin, elttam - src/crl.c | 2 +- - src/ocsp.c | 12 - 2 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/src/crl.c b/src/crl.c -index 9f71c85..2e6ca29 100644 a/src/crl.c -+++ b/src/crl.c -@@ -1349,7 +1349,7 @@ parse_signature (ksba_crl_t crl) - && !ti.is_constructed) ) - return gpg_error (GPG_ERR_INV_CRL_OBJ); - n2 = ti.nhdr + ti.length; -- if (n + n2 >= DIM(tmpbuf)) -+ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n) - return gpg_error (GPG_ERR_TOO_LARGE); - memcpy (tmpbuf+n, ti.buf, ti.nhdr); - err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length); -diff --git a/src/ocsp.c b/src/ocsp.c -index d4cba04..657d15f 100644 a/src/ocsp.c -+++ b/src/ocsp.c -@@ -721,6 +721,12 @@ parse_response_extensions (ksba_ocsp_t ocsp, - || memcmp (ocsp->nonce, data, ti.length)) - ocsp->bad_nonce = 1; - } -+ if (ti.length > (1<<24)) -+{ -+ /* Bail out on much too large objects. */ -+ err = gpg_error (GPG_ERR_BAD_BER); -+ goto leave; -+} - ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); - if (!ex) - { -@@ -788,6 +794,12 @@ parse_single_extensions (struct ocsp_reqitem_s *ri, - err = parse_octet_string (, , ); - if (err) - goto leave; -+ if (ti.length > (1<<24)) -+{ -+ /* Bail out on much too large objects. */ -+ err = gpg_error (GPG_ERR_BAD_BER); -+ goto leave; -+} - ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); - if (!ex) - { --- -2.32.0 - diff --git a/meta/recipes-support/libksba/libksba_1.6.2.bb b/meta/recipes-support/libksba/libksba_1.6.2.bb index d0ee8475f8..f6ecb9aec4 100644 --- a/meta/recipes-support/libksba/libksba_1.6.2.bb +++ b/meta/recipes-support/libksba/libksba_1.6.2.bb @@ -22,8 +22,7 @@ inherit autotools binconfig-disabled pkgconfig texinfo UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html; SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://ksba-add-pkgconfig-support.patch \ - file://0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch" + file://ksba-add-pkgconfig-support.patch" SRC_URI[sha256sum] = "fce01ccac59812bddadffacff017dac2e4762bdb6ebc6ffe06f6ed4f6192c971" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176272): https://lists.openembedded.org/g/openembedded-core/message/176272 Mute This Topic: https://lists.openembedded.org/mt/96466378/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 09/32] libksba: update 1.6.2 -> 1.6.3
From: Alexander Kanavin Noteworthy changes in version 1.6.3 (2022-12-06) Fix another integer overflow in the CRL parser. [T6284,CVE-2022-47629] Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 83f3f21b1b84ab9e7b461ac966691c80f4ed4e97) Signed-off-by: Steve Sakoman (cherry picked from commit f098cb5073051eb371f4142678b4b3d5e7b52426) Signed-off-by: Steve Sakoman --- .../libksba/libksba/ksba-add-pkgconfig-support.patch| 6 +++--- .../libksba/{libksba_1.6.2.bb => libksba_1.6.3.bb} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-support/libksba/{libksba_1.6.2.bb => libksba_1.6.3.bb} (94%) diff --git a/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch index af96bd57cd..bdb80ff34d 100644 --- a/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch +++ b/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch @@ -1,4 +1,4 @@ -From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001 +From ca8174aa81d7bf364b33f7254a9e887735c4996d Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 3 Dec 2012 18:17:31 +0800 Subject: [PATCH] libksba: add pkgconfig support @@ -16,7 +16,7 @@ Signed-off-by: Chen Qi 1 file changed, 4 insertions(+), 86 deletions(-) diff --git a/src/ksba.m4 b/src/ksba.m4 -index 6b55bb8..6e7336f 100644 +index 452c245..aa96255 100644 --- a/src/ksba.m4 +++ b/src/ksba.m4 @@ -23,37 +23,6 @@ dnl with a changed API. @@ -44,7 +44,7 @@ index 6b55bb8..6e7336f 100644 - fi - - use_gpgrt_config="" -- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then +- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then -if $GPGRT_CONFIG ksba --exists; then - KSBA_CONFIG="$GPGRT_CONFIG ksba" - AC_MSG_NOTICE([Use gpgrt-config as ksba-config]) diff --git a/meta/recipes-support/libksba/libksba_1.6.2.bb b/meta/recipes-support/libksba/libksba_1.6.3.bb similarity index 94% rename from meta/recipes-support/libksba/libksba_1.6.2.bb rename to meta/recipes-support/libksba/libksba_1.6.3.bb index f6ecb9aec4..dc39693be4 100644 --- a/meta/recipes-support/libksba/libksba_1.6.2.bb +++ b/meta/recipes-support/libksba/libksba_1.6.3.bb @@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html; SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "fce01ccac59812bddadffacff017dac2e4762bdb6ebc6ffe06f6ed4f6192c971" +SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c" do_configure:prepend () { # Else these could be used in preference to those in aclocal-copy -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176273): https://lists.openembedded.org/g/openembedded-core/message/176273 Mute This Topic: https://lists.openembedded.org/mt/96466379/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 04/32] cve-update-db-native: show IP on failure
From: Ross Burton We get random SSL failures when fetching the CVE database, and it's notable that the NVD server is behind a DNS round-robin or geographically diverse servers. On a hunch that there is one misconfigured server, dump the IP that we connected to. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-db-native.bb | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 079f062f79..e042e67b09 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -130,7 +130,10 @@ def update_db_file(db_tmp_file, d): response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') -bb.warn("Failed to fetch CVE data (%s)" % e.reason) +bb.warn("Failed to fetch CVE data (%s)" % e) +import socket +result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP) +bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) return False if response: -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176268): https://lists.openembedded.org/g/openembedded-core/message/176268 Mute This Topic: https://lists.openembedded.org/mt/96466371/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 07/32] lttng-modules: update 2.13.7 -> 2.13.8
From: He Zhe Signed-off-by: He Zhe Signed-off-by: Steve Sakoman --- .../lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} (94%) diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.7.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.8.bb similarity index 94% rename from meta/recipes-kernel/lttng/lttng-modules_2.13.7.bb rename to meta/recipes-kernel/lttng/lttng-modules_2.13.8.bb index 49c584dff4..542f42ae19 100644 --- a/meta/recipes-kernel/lttng/lttng-modules_2.13.7.bb +++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.8.bb @@ -16,7 +16,7 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ # Use :append here so that the patch is applied also when using devupstream SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch" -SRC_URI[sha256sum] = "5a99679df7903160cbde3918fee5af90ffafc90fc96ccdefaa57cf230492b234" +SRC_URI[sha256sum] = "f525d3d48ea3a475cb535339c201666d0e4c75ec8c46d29837bcf381ea02cb19" export INSTALL_MOD_DIR="kernel/lttng-modules" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176271): https://lists.openembedded.org/g/openembedded-core/message/176271 Mute This Topic: https://lists.openembedded.org/mt/96466377/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 06/32] cairo: fix CVE patches assigned wrong CVE number
From: Quentin Schulz CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa. This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz Signed-off-by: Quentin Schulz Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit f12c2a5ac94cb29f473f3c7e335463c7fb6d8a6e) Signed-off-by: Steve Sakoman --- .../cairo/cairo/CVE-2019-6461.patch | 46 ++- .../cairo/cairo/CVE-2019-6462.patch | 46 +-- 2 files changed, 46 insertions(+), 46 deletions(-) diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 0b7d9a0c36..a2dba6cb20 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch @@ -1,40 +1,20 @@ -CVE: CVE-2019-6461 -Upstream-Status: Backport -Signed-off-by: Quentin Schulz - -From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 -From: Heiko Lewin -Date: Sun, 1 Aug 2021 11:16:03 + -Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop +There is an assertion in function _cairo_arc_in_direction(). - src/cairo-arc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) +CVE: CVE-2019-6461 +Upstream-Status: Pending +Signed-off-by: Ross Burton diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1c891d1a0 100644 +index 390397bae..1bde774a4 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - { M_PI / 11.0, 9.81410988043554039085e-09 }, - }; - int table_size = ARRAY_LENGTH (table); -+const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; - for (i = 0; i < table_size; i++) - if (table[i].error < tolerance) - return table[i].angle; +-assert (angle_max >= angle_min); ++if (angle_max < angle_min) ++ return; - ++i; -+ - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); --} while (error > tolerance); -+} while (error > tolerance && i < max_segments); - - return angle; - } --- -2.38.1 - + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch index 4e4598c5b5..7c3209291b 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch @@ -1,20 +1,40 @@ -There is an assertion in function _cairo_arc_in_direction(). - CVE: CVE-2019-6462 -Upstream-Status: Pending -Signed-off-by: Ross Burton +Upstream-Status: Backport +Signed-off-by: Quentin Schulz + +From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 +From: Heiko Lewin +Date: Sun, 1 Aug 2021 11:16:03 + +Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop + +--- + src/cairo-arc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 +index 390397bae..1c891d1a0 100644 --- a/src/cairo-arc.c +++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; +@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + { M_PI / 11.0, 9.81410988043554039085e-09 }, + }; + int table_size = ARRAY_LENGTH (table); ++const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ --assert (angle_max >= angle_min); -+if (angle_max < angle_min) -+ return; + for (i = 0; i < table_size; i++) + if (table[i].error < tolerance) + return table[i].angle; - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); + ++i; ++ + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +-} while (error > tolerance); ++} while (error > tolerance && i < max_segments); + + return angle; + } +-- +2.38.1 + -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176270): https://lists.openembedded.org/g/openembedded-core/message/176270 Mute This Topic: https://lists.openembedded.org/mt/96466376/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 05/32] cve-check: write the cve manifest to IMGDEPLOYDIR
From: Jermain Horsman When building an image cve_check_write_rootfs_manifest() would sometimes fail with a FileNotFoundError when writing the manifest.cve due to the parent directory (DEPLOY_DIR_IMAGE) not (yet) existing. The image task will provide the manifest in the deploy directory afterwards, so other recipes depending on the manifest being in DEPLOY_DIR_IMAGE should continue to function properly. Signed-off-by: Jermain Horsman Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 00fb2aae22ce0d7ff5f3f8766fa770eeb4e73483) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 16466586a7..b9c0bfd6d8 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -42,8 +42,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" -CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" +CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -196,7 +196,7 @@ python cve_check_write_rootfs_manifest () { recipies.add(pkg_data["PN"]) bb.note("Writing rootfs CVE manifest") -deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") +deploy_dir = d.getVar("IMGDEPLOYDIR") link_name = d.getVar("IMAGE_LINK_NAME") json_data = {"version":"1", "package": []} -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176269): https://lists.openembedded.org/g/openembedded-core/message/176269 Mute This Topic: https://lists.openembedded.org/mt/96466372/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 03/32] cve-update-db-native: avoid incomplete updates
From: Marta Rybczynska The database update has been done on the original file. In case of network connection issues, temporary outage of the NVD server or a similar situation, the function could exit with incomplete data in the database. This patch solves the issue by performing the update on a copy of the database. It replaces the main one only if the whole update was successful. See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929 Reported-by: Alberto Pianon Signed-off-by: Marta Rybczynska Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 8efe99214d8b005f0ecac690ce5ba17b31758f92) Signed-off-by: Steve Sakoman --- .../recipes-core/meta/cve-update-db-native.bb | 83 ++- 1 file changed, 61 insertions(+), 22 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 9b9dbbd75f..079f062f79 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -21,6 +21,8 @@ CVE_DB_UPDATE_INTERVAL ?= "86400" # Timeout for blocking socket operations, such as the connection attempt. CVE_SOCKET_TIMEOUT ?= "60" +CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -32,25 +34,15 @@ python do_fetch() { """ import bb.utils import bb.progress -import sqlite3, urllib, urllib.parse, gzip -from datetime import date +import shutil bb.utils.export_proxies(d) -YEAR_START = 2002 - db_file = d.getVar("CVE_CHECK_DB_FILE") db_dir = os.path.dirname(db_file) +db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") -cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - -if os.path.exists("{0}-journal".format(db_file)): -# If a journal is present the last update might have been interrupted. In that case, -# just wipe any leftovers and force the DB to be recreated. -os.remove("{0}-journal".format(db_file)) - -if os.path.exists(db_file): -os.remove(db_file) +cleanup_db_download(db_file, db_tmp_file) # The NVD database changes once a day, so no need to update more frequently # Allow the user to force-update @@ -68,9 +60,60 @@ python do_fetch() { pass bb.utils.mkdirhier(db_dir) +if os.path.exists(db_file): +shutil.copy2(db_file, db_tmp_file) + +if update_db_file(db_tmp_file, d) == True: +# Update downloaded correctly, can swap files +shutil.move(db_tmp_file, db_file) +else: +# Update failed, do not modify the database +bb.note("CVE database update failed") +os.remove(db_tmp_file) +} + +do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" + +def cleanup_db_download(db_file, db_tmp_file): +""" +Cleanup the download space from possible failed downloads +""" + +# Clean up the updates done on the main file +# Remove it only if a journal file exists - it means a complete re-download +if os.path.exists("{0}-journal".format(db_file)): +# If a journal is present the last update might have been interrupted. In that case, +# just wipe any leftovers and force the DB to be recreated. +os.remove("{0}-journal".format(db_file)) + +if os.path.exists(db_file): +os.remove(db_file) + +# Clean-up the temporary file downloads, we can remove both journal +# and the temporary database +if os.path.exists("{0}-journal".format(db_tmp_file)): +# If a journal is present the last update might have been interrupted. In that case, +# just wipe any leftovers and force the DB to be recreated. +os.remove("{0}-journal".format(db_tmp_file)) + +if os.path.exists(db_tmp_file): +os.remove(db_tmp_file) + +def update_db_file(db_tmp_file, d): +""" +Update the given database file +""" +import bb.utils, bb.progress +from datetime import date +import urllib, gzip, sqlite3 + +YEAR_START = 2002 +cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) # Connect to database -conn = sqlite3.connect(db_file) +conn = sqlite3.connect(db_tmp_file) initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: @@ -88,7 +131,7 @@ python do_fetch() { except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') bb.warn("Failed to fetch CVE data (%s)" % e.reason) -return +return False if response: for l in response.read().decode("utf-8").splitlines(): @@ -98,7 +141,7 @@ python do_fetch() {
[OE-core][kirkstone 02/32] ffmpeg: fix for CVE-2022-3341
From: Narpat Mali avformat/nutdec: Add check for avformat_new_stream Check for failure of avformat_new_stream() and propagate the error code. Signed-off-by: Narpat Mali Signed-off-by: Steve Sakoman --- ...ec-Add-check-for-avformat_new_stream.patch | 67 +++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch new file mode 100644 index 00..41d5884f88 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch @@ -0,0 +1,67 @@ +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Wed, 23 Feb 2022 10:31:59 +0800 +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream + +Check for failure of avformat_new_stream() and propagate +the error code. + +Signed-off-by: Michael Niedermayer + +CVE: CVE-2022-3341 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] + +Signed-off-by: Narpat Mali +--- + libavformat/nutdec.c | 16 + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c +index 0a8a700acf..f9ad2c0af1 100644 +--- a/libavformat/nutdec.c b/libavformat/nutdec.c +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) + ret = AVERROR(ENOMEM); + goto fail; + } +-for (i = 0; i < stream_count; i++) +-avformat_new_stream(s, NULL); ++for (i = 0; i < stream_count; i++) { ++if (!avformat_new_stream(s, NULL)) { ++ret = AVERROR(ENOMEM); ++goto fail; ++} ++} + + return 0; + fail: +@@ -800,19 +804,23 @@ static int nut_read_header(AVFormatContext *s) + NUTContext *nut = s->priv_data; + AVIOContext *bc = s->pb; + int64_t pos; +-int initialized_stream_count; ++int initialized_stream_count, ret; + + nut->avf = s; + + /* main header */ + pos = 0; ++ret = 0; + do { ++if (ret == AVERROR(ENOMEM)) ++return ret; ++ + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; + if (pos < 0 + 1) { + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); + return AVERROR_INVALIDDATA; + } +-} while (decode_main_header(nut) < 0); ++} while ((ret = decode_main_header(nut)) < 0); + + /* stream headers */ + pos = 0; +-- +2.34.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index c5bebe9c2d..4bcbda9976 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -27,7 +27,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ - " + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ + " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176266): https://lists.openembedded.org/g/openembedded-core/message/176266 Mute This Topic: https://lists.openembedded.org/mt/96466369/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 01/32] go: fix CVE-2022-41717 Excessive memory use in got server
From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2022-41717.patch | 89 +++ 2 files changed, 90 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index a1942e9f15..99662bd298 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -19,6 +19,7 @@ SRC_URI += "\ file://CVE-2022-27664.patch \ file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \ file://CVE-2022-41715.patch \ +file://CVE-2022-41717.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch b/meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch new file mode 100644 index 00..e2ab92ed00 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch @@ -0,0 +1,89 @@ +From 618120c165669c00a1606505defea6ca755cdc27 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Wed, 30 Nov 2022 16:46:33 -0500 +Subject: [PATCH] [release-branch.go1.19] net/http: update bundled + golang.org/x/net/http2 + +Disable cmd/internal/moddeps test, since this update includes PRIVATE +track fixes. + +For #56350. +For #57009. +Fixes CVE-2022-41717. + +Change-Id: I5c6ce546add81f361dcf0d5123fa4eaaf8f0a03b +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663835 +Reviewed-by: Tatiana Bradley +Reviewed-by: Julie Qiu +Reviewed-on: https://go-review.googlesource.com/c/go/+/455363 +TryBot-Result: Gopher Robot +Run-TryBot: Jenny Rakoczy +Reviewed-by: Michael Pratt + +Upstream-Status: Backport [https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27] +CVE: CVE-2022-41717 +Signed-off-by: Hitendra Prajapati +--- + src/cmd/internal/moddeps/moddeps_test.go | 1 + + src/net/http/h2_bundle.go| 18 +++--- + 2 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go +index 3306e29..d48d43f 100644 +--- a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go +@@ -34,6 +34,7 @@ import ( + // See issues 36852, 41409, and 43687. + // (Also see golang.org/issue/27348.) + func TestAllDependencies(t *testing.T) { ++ t.Skip("TODO(#57009): 1.19.4 contains unreleased changes from vendored modules") + t.Skip("TODO(#53977): 1.18.5 contains unreleased changes from vendored modules") + + goBin := testenv.GoToolPath(t) +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index 6e2ef30..9d6abd8 100644 +--- a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +@@ -4189,6 +4189,7 @@ type http2serverConn struct { + headerTableSize uint32 + peerMaxHeaderListSize uint32// zero means unknown (default) + canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case ++ canonHeaderKeysSize int // canonHeader keys size in bytes + writingFramebool // started writing a frame (on serve goroutine or separate) + writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh + needsFrameFlush bool // last frame write wasn't a flush +@@ -4368,6 +4369,13 @@ func (sc *http2serverConn) condlogf(err error, format string, args ...interface{ + } + } + ++// maxCachedCanonicalHeadersKeysSize is an arbitrarily-chosen limit on the size ++// of the entries in the canonHeader cache. ++// This should be larger than the size of unique, uncommon header keys likely to ++// be sent by the peer, while not so high as to permit unreasonable memory usage ++// if the peer sends an unbounded number of unique header keys. ++const http2maxCachedCanonicalHeadersKeysSize = 2048 ++ + func (sc *http2serverConn) canonicalHeader(v string) string { + sc.serveG.check() + http2buildCommonHeaderMapsOnce() +@@ -4383,14 +4391,10 @@ func (sc *http2serverConn) canonicalHeader(v string) string { + sc.canonHeader = make(map[string]string) + } + cv = CanonicalHeaderKey(v) +- // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of +- // entries in the canonHeader cache. This should be larger than the number +- // of unique, uncommon header keys likely to be sent by the peer, while not +- // so high as to permit unreaasonable memory usage if the peer sends an unbounded +- // number of
[OE-core][kirkstone 00/32] Patch review
Please review this set of patches for kirkstone and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4815 The following changes since commit 34de16fd86775c0f2ede1670fec90217e4d11776: gtk-icon-cache: Fix GTKIC_CMD if-else condition (2023-01-16 04:41:29 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Alex Kiernan (1): classes: image: Set empty weak default IMAGE_LINGUAS Alexander Kanavin (5): libksba: update 1.6.2 -> 1.6.3 linux-firmware: upgrade 20221109 -> 20221214 xwayland: upgrade 22.1.5 -> 22.1.7 xserver-xorg: upgrade 21.1.4 -> 21.1.6 selftest/virgl: use pkg-config from the host Antonin Godard (2): busybox: always start do_compile with orig config files busybox: rm temporary files if do_compile was interrupted Benoît Mauduit (1): lib/oe/reproducible: Use git log without gpg signature Bruce Ashfield (5): linux-yocto/5.15: ltp and squashfs fixes linux-yocto/5.15: fix perf build with clang linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off linux-yocto/5.15: update to v5.15.84 linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy Chen Qi (2): dhcpcd: backport two patches to fix runtime error libseccomp: fix typo in DESCRIPTION He Zhe (1): lttng-modules: update 2.13.7 -> 2.13.8 Hitendra Prajapati (1): go: fix CVE-2022-41717 Excessive memory use in got server Jan Kircher (1): toolchain-scripts: compatibility with unbound variable protection Jermain Horsman (1): cve-check: write the cve manifest to IMGDEPLOYDIR Khem Raj (1): tiff: Add packageconfig knob for webp Marta Rybczynska (1): cve-update-db-native: avoid incomplete updates Narpat Mali (1): ffmpeg: fix for CVE-2022-3341 Pavel Zhukov (1): gcc: Refactor linker patches and fix linker on arm with usrmerge Petr Kubizňák (1): harfbuzz: remove bindir only if it exists Quentin Schulz (1): cairo: fix CVE patches assigned wrong CVE number Randy MacLeod (1): vim: upgrade 9.0.0947 -> 9.0.1211 Ross Burton (1): cve-update-db-native: show IP on failure Sandeep Gundlupet Raju (2): kernel-fitimage: Adjust order of dtb/dtbo files kernel-fitimage: Allow user to select dtb when multiple dtb exists Saul Wold (1): at: Change when files are copied Steve Sakoman (1): Revert "libksba: fix CVE-2022-47629" meta/classes/cve-check.bbclass| 6 +- meta/classes/image.bbclass| 3 +- meta/classes/kernel-fitimage.bbclass | 21 +- meta/classes/toolchain-scripts.bbclass| 2 +- meta/lib/oe/reproducible.py | 3 +- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +- .../dhcpcd/dhcpcd_9.4.1.bb| 2 + ...low-getrandom-sysctl-for-newer-glibc.patch | 30 ++ ...sep-Allow-newfstatat-syscall-as-well.patch | 31 ++ meta/recipes-core/busybox/busybox.inc | 26 +- .../recipes-core/meta/cve-update-db-native.bb | 88 -- meta/recipes-devtools/gcc/gcc-11.3.inc| 1 - ...rm-add-armv9-a-architecture-to-march.patch | 89 +++--- ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 269 +- ...s-fix-v4bx-to-linker-to-support-EABI.patch | 10 +- ...019-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 25 -- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2022-41717.patch | 89 ++ meta/recipes-extended/at/at_3.2.5.bb | 6 +- .../cairo/cairo/CVE-2019-6461.patch | 46 +-- .../cairo/cairo/CVE-2019-6462.patch | 46 ++- .../harfbuzz/harfbuzz_4.0.1.bb| 6 +- ...possible-memleaks-in-XkbGetKbdByName.patch | 63 ...ntedString-against-request-length-at.patch | 38 --- ...-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} | 4 +- ...{xwayland_22.1.5.bb => xwayland_22.1.7.bb} | 2 +- ...20221109.bb => linux-firmware_20221214.bb} | 4 +- .../linux/linux-yocto-rt_5.15.bb | 6 +- .../linux/linux-yocto-tiny_5.15.bb| 6 +- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- ...ules_2.13.7.bb => lttng-modules_2.13.8.bb} | 2 +- ...ec-Add-check-for-avformat_new_stream.patch | 67 + .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +- meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + ...overflow-in-the-CRL-signature-parser.patch | 72 - .../libksba/ksba-add-pkgconfig-support.patch | 6 +- .../{libksba_1.6.2.bb => libksba_1.6.3.bb}| 5 +- .../libseccomp/libseccomp_2.5.3.bb| 2 +- meta/recipes-support/vim/vim.inc | 4 +- 39 files changed, 662 insertions(+), 451 deletions(-) create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch create mode 100644
Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error handling
On Sun, 2023-01-22 at 12:46 +, Peter Kjellerstedt wrote: > > -Original Message- > > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Richard Purdie > > Sent: den 21 januari 2023 00:01 > > To: Alexander Kanavin ; Bruce Ashfield > > > > Cc: Ross Burton ; OE-core > c...@lists.openembedded.org> > > Subject: Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error > > handling > > > > On Fri, 2023-01-20 at 20:38 +0100, Alexander Kanavin wrote: > > > On Fri, 20 Jan 2023 at 20:29, Bruce Ashfield > > > wrote: > > > > Because I'm simply not going to insist on it in all the patches. I > > > > need all the contributions I can get, and I'm not going to > > > > pedantically insist on that. > > > > > > > > meta-virt is not oe-core, I do the lifting. Therefore, if bitbake > > > > errors, I have to fix it. > > > > > > But you do not need to insist on the needed metadata or fix it after > > > the fact. Bitbake will do the insisting for you, when contributors > > > test the change locally *before* they send it to you. If bitbake > > > errors on your side, this means they never built their contribution, > > > and you should raise a concern for that reason, and not for the > > > missing metadata. > > > > It isn't that simple since this is a configurable QA warning, all it > > takes is one layer/distro to disable it and it is disabled for all > > layers that user works on. > > > > This is why "core" is a separate config to "noncore" but we can't have > > a config for every layer and even if we did, people would still turn it > > off. > > Rather than having separate QA tests for "patch-status-core" and > "patch-status-noncore", couldn't we have a single "patch-status" and then > configure it using a separate variable that specifies the layers that > require the Upstream-Status trailer? Then each layer with this requirement > can add itself in its layer.conf file and thus it is up to the maintainer > to decide whether they want it or not. Even now, the QA warning/error code isn't entirely straight forward and having the two categories keeps things simple and means we don't need some new mechanism. What you describe is possible, but there is a lot more runtime computation overhead, which will further impact parsing time since knowing what data to put into the task hashes and what not to put in becomes more complicated. I was hoping something simpler would suffice. I don't think I have a lot of interest in going beyond this, particularly given the likely impacts, both code wise and socially. If people don't want to do this I am really running low on the energy to try and push it forward. Making changes is hard, the socialising acceptance of a patch is the piece many people overlook and it isn't here in this case. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176263): https://lists.openembedded.org/g/openembedded-core/message/176263 Mute This Topic: https://lists.openembedded.org/mt/96354584/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for langdale on Sun 22 Jan 2023 03:30:01 AM HST
Branch: langdale New this week: 3 CVEs CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * Removed this week: 0 CVEs Full list: Found 22 unpatched CVEs CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * CVE-2022-39260 (CVSS3: 8.8 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-40303 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40303 * CVE-2022-40304 (CVSS3: 7.8 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40304 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-40897 (CVSS3: 5.9 MEDIUM): python3-setuptools:python3-setuptools-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40897 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 * CVE-2022-43551 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43551 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * CVE-2022-4603 (CVSS3: 8.8 HIGH): ppp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4603 * CVE-2022-46908 (CVSS3: 7.3 HIGH): sqlite3:sqlite3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46908 * CVE-2022-47629 (CVSS3: 9.8 CRITICAL): libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47629 * CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 * CVE-2023-0051 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0051 * CVE-2023-0054 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0054 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176262): https://lists.openembedded.org/g/openembedded-core/message/176262 Mute This Topic: https://lists.openembedded.org/mt/96452762/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for kirkstone on Sun 22 Jan 2023 03:00:01 AM HST
Branch: kirkstone New this week: 2 CVEs CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * Removed this week: 0 CVEs Full list: Found 20 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-2879 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-40897 (CVSS3: 5.9 MEDIUM): python3-setuptools:python3-setuptools-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40897 * CVE-2022-4144 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4144 * CVE-2022-41716 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-41717 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41717 * CVE-2022-41720 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41720 * CVE-2022-4603 (CVSS3: 8.8 HIGH): ppp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4603 * CVE-2022-47629 (CVSS3: 9.8 CRITICAL): libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47629 * CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 * CVE-2023-0051 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0051 * CVE-2023-0054 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0054 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176261): https://lists.openembedded.org/g/openembedded-core/message/176261 Mute This Topic: https://lists.openembedded.org/mt/96452413/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error handling
> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Richard Purdie > Sent: den 21 januari 2023 00:01 > To: Alexander Kanavin ; Bruce Ashfield > > Cc: Ross Burton ; OE-core c...@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error > handling > > On Fri, 2023-01-20 at 20:38 +0100, Alexander Kanavin wrote: > > On Fri, 20 Jan 2023 at 20:29, Bruce Ashfield > > wrote: > > > Because I'm simply not going to insist on it in all the patches. I > > > need all the contributions I can get, and I'm not going to > > > pedantically insist on that. > > > > > > meta-virt is not oe-core, I do the lifting. Therefore, if bitbake > > > errors, I have to fix it. > > > > But you do not need to insist on the needed metadata or fix it after > > the fact. Bitbake will do the insisting for you, when contributors > > test the change locally *before* they send it to you. If bitbake > > errors on your side, this means they never built their contribution, > > and you should raise a concern for that reason, and not for the > > missing metadata. > > It isn't that simple since this is a configurable QA warning, all it > takes is one layer/distro to disable it and it is disabled for all > layers that user works on. > > This is why "core" is a separate config to "noncore" but we can't have > a config for every layer and even if we did, people would still turn it > off. Rather than having separate QA tests for "patch-status-core" and "patch-status-noncore", couldn't we have a single "patch-status" and then configure it using a separate variable that specifies the layers that require the Upstream-Status trailer? Then each layer with this requirement can add itself in its layer.conf file and thus it is up to the maintainer to decide whether they want it or not. > If it is turned off, it means people send patches and Bruce has to fix > them, or ask them to resubmit which is extra overhead to the > maintainer. > > I've been thinking about this and if I do make it the default, it will > mean warnings show up on other CI systems and layer maintainers will > get patches or complaints about the warnings. I'm not sure I really > want to get into this. > > I do think it is something the project should be doing but I don't want > to burn out our existing maintainers. Since there isn't wide community > buy in, I suspect I should just drop the idea. > > Cheers, > > Richard //Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176260): https://lists.openembedded.org/g/openembedded-core/message/176260 Mute This Topic: https://lists.openembedded.org/mt/96354584/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for dunfell on Sun 22 Jan 2023 02:30:01 AM HST
Branch: dunfell New this week: 2 CVEs CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * Removed this week: 0 CVEs Full list: Found 85 unpatched CVEs CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 * CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 * CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 * CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 * CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-3409 (CVSS3: 5.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 * CVE-2021-3782 (CVSS3: 9.8 CRITICAL): wayland:wayland-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 * CVE-2021-3800 (CVSS3: 7.5 HIGH): glib-2.0:glib-2.0-native
[OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
Branch: master New this week: 0 CVEs Removed this week: 3 CVEs CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 * CVE-2023-0051 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0051 * CVE-2023-0054 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0054 * Full list: Found 7 unpatched CVEs CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-4603 (CVSS3: 8.8 HIGH): ppp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4603 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-46457 (CVSS3: 5.5 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46457 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176258): https://lists.openembedded.org/g/openembedded-core/message/176258 Mute This Topic: https://lists.openembedded.org/mt/96451645/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-