Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.0.17.rc1)
Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-4.0.17.rc1. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowBoard Turbot - 32bit 2. Kaby Lake (7th Generation Intel(r) Core(tm) Processors) 3. Tiger Lake (11th Generation Intel(r) Core(tm) Processors) 4. Alder Lake-S (12th Generation Intel(r) Core(tm) Processors) 5. Raptor Lake-P (13th Generation Intel(r) Core(tm) Processors) 6. Edgerouter 7. Beaglebone ETA for completion Thursday, March 21. Best regards, Jing Hui > -Original Message- > From: qa-build-notificat...@lists.yoctoproject.org notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User > Sent: Thursday, March 14, 2024 8:04 AM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [qa-build-notification] QA notification for completed autobuilder > build (yocto-4.0.17.rc1) > > > A build flagged for QA (yocto-4.0.17.rc1) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-4.0.17.rc1 > > > Build URL: > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6676 > > Build hash information: > > bitbake: 40fd5f4eef7460ca67f32cfce8e229e67e1ff607 > meta-agl: 3fb5640211e4c3874036a6d4a61e852b348eb4ad > meta-arm: b187fb9232ca0a6b5f8f90b4715958546fc41d73 > meta-aws: 11e0184fb8062c5384085e9c91339f76ccf191f4 > meta-clang: eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52 > meta-gplv2: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a > meta-intel: f932ebb2544170f43edd22739f44307809bf8cfb > meta-mingw: f6b38ce3c90e1600d41c2ebb41e152936a0357d7 > meta-openembedded: fda737ec0cc1d2a5217548a560074a8e4d5ec580 > meta-virtualization: 7902664f89678164b7fc90d421cee74cbec51cdf > oecore: 2501534c9581c6c3439f525d630be11554a57d24 > poky: 6d1a878bbf24c66f7186b270f823fcdf82e35383 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197292): https://lists.openembedded.org/g/openembedded-core/message/197292 Mute This Topic: https://lists.openembedded.org/mt/104997393/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-5.0_M3.rc1)
Hi All, QA for yocto-5.0_M3.rc1 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary A new bug was found: Bug 15440 - [5.0 M3 RC1] Fail to start matchbox-desktop on beaglebone (https://bugzilla.yoctoproject.org/show_bug.cgi?id=15440) Thanks, Jing Hui > -Original Message- > From: yo...@lists.yoctoproject.org On Behalf > Of Pokybuild User > Sent: Friday, March 8, 2024 11:24 PM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [yocto] QA notification for completed autobuilder build (yocto- > 5.0_M3.rc1) > > > A build flagged for QA (yocto-5.0_M3.rc1) was completed on the > autobuilder and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-5.0_M3.rc1 > > > Build URL: > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6661 > > Build hash information: > > bitbake: 0a33b560233b983456178541603ab96fea22238b > meta-agl: 403545c205c30df24e39ee03d6f188aca998b3f7 > meta-arm: aba9250494f62360c1ec8021f81922c005d92b82 > meta-aws: eb351722d71f5de128455b9f5bfdabfce5d2c725 > meta-clang: eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52 > meta-intel: 9ed54a13803e42ca40589d6ce02c76f3162f6b73 > meta-mingw: acbba477893ef87388effc4679b7f40ee49fc852 > meta-openembedded: a0237019f5b5c003fd0c6fd4486859214e24be01 > meta-virtualization: e7f9c2dd2f9f4ac95942b69c05ed8f5d0494edbf > oecore: bc793fa9d1fe24c102d91e97b7002b6e637cbfa5 > poky: b5624ee5643d881afa004571a096a189ab5389b5 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197291): https://lists.openembedded.org/g/openembedded-core/message/197291 Mute This Topic: https://lists.openembedded.org/mt/104857480/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] glibc: Fix subscript typos for get_nscd_addresses
Fix the following error: root@intel-x86-64:~# wget -6 http://localhost --2024-01-12 07:18:42-- http://localhost/ Resolving localhost... failed: No IPv4/IPv6 addresses for host. wget: unable to resolve host address 'localhost' Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=29605 Upstream-patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=c9226c03da0276593a0918eaa9a14835183343e8 Signed-off-by: Haitao Liu --- ...dresses-Fix-subscript-typos-BZ-29605.patch | 40 +++ meta/recipes-core/glibc/glibc_2.35.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch diff --git a/meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch b/meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch new file mode 100644 index 00..629298c23e --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch @@ -0,0 +1,40 @@ +From 707a878b655395f41b954bbed78008d1d9252f1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Sonnenberger?= +Date: Mon, 26 Sep 2022 13:59:16 -0400 +Subject: [PATCH] get_nscd_addresses: Fix subscript typos [BZ #29605] + +Fix the subscript on air->family, which was accidentally set to COUNT +when it should have remained as I. + +Resolves: BZ #29605 + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=c9226c03da0276593a0918eaa9a14835183343e8] + +Reviewed-by: Siddhesh Poyarekar +Signed-off-by: Haitao Liu +--- + sysdeps/posix/getaddrinfo.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index f4c08d6e3b..fa333ad6ec 100644 +--- a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +@@ -549,11 +549,11 @@ get_nscd_addresses (const char *name, const struct addrinfo *req, + at[count].addr[2] = htonl (0x); + } + else if (req->ai_family == AF_UNSPEC +- || air->family[count] == req->ai_family) ++ || air->family[i] == req->ai_family) + { +-at[count].family = air->family[count]; ++at[count].family = air->family[i]; + memcpy (at[count].addr, addrs, size); +-if (air->family[count] == AF_INET6) ++if (air->family[i] == AF_INET6) + res->got_ipv6 = true; + } + at[count].next = at + count + 1; +-- +2.35.5 + diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index 3ec6610d01..751427517f 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -60,6 +60,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ \ file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \ + file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197290): https://lists.openembedded.org/g/openembedded-core/message/197290 Mute This Topic: https://lists.openembedded.org/mt/104996656/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 14/14] core-image-ptest: Increase disk size to 1.5G for strace ptest image
From: Khem Raj Autobuilder sees and intermittent failure on strace tests and it occurs quite often therefore bump the size of image as the space requirement is more now with parallel execution enabled. [YOCTO #15370] Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni (cherry picked from commit 02d31355b20f8f3e7bd1b71c9412988eca9ec4b4) Signed-off-by: Steve Sakoman --- meta/recipes-core/images/core-image-ptest.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/images/core-image-ptest.bb b/meta/recipes-core/images/core-image-ptest.bb index b6f5c2fd60..f2d0ae94b8 100644 --- a/meta/recipes-core/images/core-image-ptest.bb +++ b/meta/recipes-core/images/core-image-ptest.bb @@ -21,7 +21,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()] IMAGE_OVERHEAD_FACTOR = "1.0" IMAGE_ROOTFS_EXTRA_SPACE = "324288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288" -IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288" +IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1524288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288" # tar-ptest in particular needs more space -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197289): https://lists.openembedded.org/g/openembedded-core/message/197289 Mute This Topic: https://lists.openembedded.org/mt/104996225/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 13/14] yocto-uninative: Update to 4.4 for glibc 2.39
From: Michael Halstead Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie (cherry picked from commit 56fdd8b79e2f7ec30d2cdcfa0c399a6553efac1e) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/yocto-uninative.inc | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index eaa3e9b31c..4ac66fd506 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.38" -UNINATIVE_VERSION = "4.3" +UNINATIVE_MAXGLIBCVERSION = "2.39" +UNINATIVE_VERSION = "4.4" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/; -UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec" -UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd" -UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030" +UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" +UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" +UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197288): https://lists.openembedded.org/g/openembedded-core/message/197288 Mute This Topic: https://lists.openembedded.org/mt/104996223/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 12/14] tzdata : Upgrade to 2024a
From: Priyal Doshi Signed-off-by: Priyal Doshi Signed-off-by: Alexandre Belloni (cherry picked from commit 5abbd0abf992ce8d11f3ae31fb1d83d97f5319fa) Signed-off-by: Steve Sakoman --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 2774e5e730..4734adcc08 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2023d" +PV = "2024a" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones; -SRC_URI[tzcode.sha256sum] = "e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e" -SRC_URI[tzdata.sha256sum] = "dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3" +SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8" +SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197287): https://lists.openembedded.org/g/openembedded-core/message/197287 Mute This Topic: https://lists.openembedded.org/mt/104996222/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 08/14] cve-update-nvd2-native: Remove rejected CVE from database
From: Yoann Congal When a CVE is updated to be rejected, matching database entries must be removed. Otherwise: * an incremental update is not equivalent the to an initial download. * rejected CVEs might still appear as Unpatched in cve-check. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 4b8d01fe84..1901641965 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -324,6 +324,10 @@ def update_db(conn, elt): vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": +c = conn.cursor() +c.execute("delete from PRODUCTS where ID = ?;", [cveId]) +c.execute("delete from NVD where ID = ?;", [cveId]) +c.close() return cveDesc = "" for desc in elt['cve']['descriptions']: -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197283): https://lists.openembedded.org/g/openembedded-core/message/197283 Mute This Topic: https://lists.openembedded.org/mt/104996217/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 10/14] wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23
From: Alex Kiernan Upstream maintainer has changed to Chen-Yu Tsai : https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=qqafx8...@mail.gmail.com/ Note that fb768d3b13ff ("wifi: cfg80211: Add my certificate") and 3c2a8ebe3fe6 ("wifi: cfg80211: fix certs build to not depend on file order") are required if you are using kernel signature verification. Signed-off-by: Alex Kiernan Signed-off-by: Alexandre Belloni (cherry picked from commit abf169fbbf8bab13224adf4c8bfa2e26607f360c) Signed-off-by: Steve Sakoman --- ...eless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} (88%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb similarity index 88% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb index c09600ecbe..8fde236ab4 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz; -SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491" +SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55" inherit bin_package allarch @@ -13,7 +13,7 @@ do_install() { install -d -m0755 ${D}${nonarch_libdir}/crda install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin -install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem +install -m 0644 wens.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/wens.key.pub.pem install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197285): https://lists.openembedded.org/g/openembedded-core/message/197285 Mute This Topic: https://lists.openembedded.org/mt/104996220/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 11/14] linux-firmware: upgrade 20231211 -> 20240220
From: Alexander Kanavin License-Update: additional files Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit add81ef0299ea5260f9bdc59ffc8f5cc0e74276f) Signed-off-by: Steve Sakoman --- ...inux-firmware_20231211.bb => linux-firmware_20240220.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb index 0ed4d91f8a..490c0ab89f 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb @@ -91,7 +91,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ -file://LICENSE.cirrus;md5=bb18d943382abf8e8232a9407bfdafe0 \ +file://LICENSE.cirrus;md5=662ea2c1af7d79ed7f27c27472e1 \ file://LICENCE.cnm;md5=93b67e6bac7f8fec22b96b8ad0a1a9d0 \ file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ @@ -151,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "3113c4ea08e5171555f3bf49eceb5b07" +WHENCE_CHKSUM = "a344e6c28970fc7daafa81c10247aeb6" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -237,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb" +SRC_URI[sha256sum] = "bf0f239dc0801e9d6bf5d5fb3e2f549575632cf4688f4348184199cb02c2bcd7" inherit allarch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197286): https://lists.openembedded.org/g/openembedded-core/message/197286 Mute This Topic: https://lists.openembedded.org/mt/104996221/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 09/14] openssl: upgrade to 3.1.5
From: Lee Chee Yang Changes between 3.1.4 and 3.1.5 [30 Jan 2024] * A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL did not correctly check for this case. A fix has been applied to prevent a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue prior to this fix. OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. ([CVE-2024-0727]) https://www.openssl.org/news/cl31.txt drop fix_random_labels.patch as fixed in https://github.com/openssl/openssl/commit/99630a1b08fd6464d95052dee4a3500afeb95867 Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../openssl/openssl/fix_random_labels.patch | 22 --- .../{openssl_3.1.4.bb => openssl_3.1.5.bb}| 4 ++-- 2 files changed, 2 insertions(+), 24 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb => openssl_3.1.5.bb} (98%) diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch deleted file mode 100644 index 78dcd81685..00 --- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch +++ /dev/null @@ -1,22 +0,0 @@ -The perl script adds random suffixes to the local function names to ensure -it doesn't clash with other parts of openssl. Set the random number seed -to something predictable so the assembler files are generated consistently -and our own reproducible builds tests pass. - -Upstream-Status: Pending -Signed-off-by: Richard Purdie - -Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl -=== openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl -+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl -@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable= (16 * 6); - # ;;; Helper functions - # ; - -+# Ensure the local labels are reproduicble -+srand(1); -+ - # ; Generates "random" local labels - sub random_string() { - my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_'); diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_3.1.4.bb rename to meta/recipes-connectivity/openssl/openssl_3.1.5.bb index 0fe4e76808..05bfeac45e 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb @@ -11,7 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ - file://fix_random_labels.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ " @@ -19,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3" +SRC_URI[sha256sum] = "6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -187,6 +186,7 @@ PTEST_BUILD_HOST_PATTERN = "perl_version =" do_install_ptest () { install -d ${D}${PTEST_PATH}/test install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test # Prune the build tree -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197284): https://lists.openembedded.org/g/openembedded-core/message/197284 Mute This Topic: https://lists.openembedded.org/mt/104996219/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 07/14] cve-update-nvd2-native: Fix CVE configuration update
From: Yoann Congal When a CVE is created, it often has no precise version information and this is stored as "-" (matching any version). After an update, version information is added. The previous "-" must be removed, otherwise, the CVE is still "Unpatched" for cve-check. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 5bba2219d6..4b8d01fe84 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -357,6 +357,10 @@ def update_db(conn, elt): [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close() try: +# Remove any pre-existing CVE configuration. Even for partial database +# update, those will be repopulated. This ensures that old +# configuration is not kept for an updated CVE. +conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close() for config in elt['cve']['configurations']: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing for node in config["nodes"]: -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197282): https://lists.openembedded.org/g/openembedded-core/message/197282 Mute This Topic: https://lists.openembedded.org/mt/104996216/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 06/14] cve-update-nvd2-native: nvd_request_next: Improve comment
From: Yoann Congal Add a URL to the doc of the API used in the function. ... and fix a small typo dabase -> database Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 8bdb4a4b46..5bba2219d6 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -123,7 +123,8 @@ def nvd_request_wait(attempt, min_wait): def nvd_request_next(url, attempts, api_key, args, min_wait): """ -Request next part of the NVD dabase +Request next part of the NVD database +NVD API documentation: https://nvd.nist.gov/developers/vulnerabilities """ import urllib.request -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197281): https://lists.openembedded.org/g/openembedded-core/message/197281 Mute This Topic: https://lists.openembedded.org/mt/104996213/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 05/14] cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
From: Yoann Congal CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is always inherited in cve-update-nvd2-native (There is a check line 40). Remove it to avoid confusion. Otherwise, this should not change anything. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index d565887498..8bdb4a4b46 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -37,8 +37,6 @@ CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" -CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" - python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197280): https://lists.openembedded.org/g/openembedded-core/message/197280 Mute This Topic: https://lists.openembedded.org/mt/104996212/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 04/14] cve-update-nvd2-native: Add an age threshold for incremental update
From: Yoann Congal Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to specify the maximum age of the database for doing an incremental update For older databases, a full re-download is done. With a value of "0", this forces a full-redownload. Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86) Signed-off-by: Steve Sakoman --- .../meta/cve-update-nvd2-native.bb| 20 +++ 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index f21c139aa5..d565887498 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,6 +26,12 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" +# CVE database incremental update age threshold, in seconds. If the database is +# older than this threshold, do a full re-download, else, do an incremental +# update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60) +# Use 0 to force a full download. +CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000" + # Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" @@ -172,18 +178,24 @@ def update_db_file(db_tmp_file, d, database_time): req_args = {'startIndex' : 0} -# The maximum range for time is 120 days -# Force a complete update if our range is longer -if (database_time != 0): +incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES")) +if database_time != 0: database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) today_date = datetime.datetime.now(tz=datetime.timezone.utc) delta = today_date - database_date -if delta.days < 120: +if incr_update_threshold == 0: +bb.note("CVE database: forced full update") +elif delta < datetime.timedelta(seconds=incr_update_threshold): bb.note("CVE database: performing partial update") +# The maximum range for time is 120 days +if delta > datetime.timedelta(days=120): +bb.error("CVE database: Trying to do an incremental update on a larger than supported range") req_args['lastModStartDate'] = database_date.isoformat() req_args['lastModEndDate'] = today_date.isoformat() else: bb.note("CVE database: file too old, forcing a full update") +else: +bb.note("CVE database: no preexisting database, do a full download") with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197279): https://lists.openembedded.org/g/openembedded-core/message/197279 Mute This Topic: https://lists.openembedded.org/mt/104996210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 03/14] cve-update-nvd2-native: Fix typo in comment
From: Yoann Congal attmepts -> attempts Signed-off-by: Yoann Congal Signed-off-by: Richard Purdie (cherry picked from commit dc18aaeda8e810f9082a0ceac08e5e4275bbd0f7) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index bfe48b27e7..f21c139aa5 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -26,7 +26,7 @@ NVDCVE_API_KEY ?= "" # Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" -# Number of attmepts for each http query to nvd server before giving up +# Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197277): https://lists.openembedded.org/g/openembedded-core/message/197277 Mute This Topic: https://lists.openembedded.org/mt/104996207/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 02/14] wpa-supplicant: Fix CVE-2023-52160
From: Claus Stovgaard PEAP client: Update Phase 2 authentication requirements. Also see https://www.top10vpn.com/research/wifi-vulnerabilities/ Signed-off-by: Claus Stovgaard Signed-off-by: Richard Purdie (cherry picked from commit 57b6a329df897de69ae8b90706d9fe37e0ed6d35) Signed-off-by: Steve Sakoman --- ...te-Phase-2-authentication-requiremen.patch | 213 ++ .../wpa-supplicant/wpa-supplicant_2.10.bb | 1 + 2 files changed, 214 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 00..620560d3c7 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch @@ -0,0 +1,213 @@ +From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen + +CVE: CVE-2023-52160 +Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] + +Signed-off-by: Claus Stovgaard + +--- + src/eap_peer/eap_config.h | 8 ++ + src/eap_peer/eap_peap.c| 40 +++--- + src/eap_peer/eap_tls_common.c | 6 + + src/eap_peer/eap_tls_common.h | 5 + wpa_supplicant/wpa_supplicant.conf | 7 ++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 3238f74..047eec2 100644 +--- a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +@@ -469,6 +469,14 @@ struct eap_peer_config { +* 1 = use cryptobinding if server supports it +* 2 = require cryptobinding +* ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * +* EAP-WSC (WPS) uses following options: pin=Device_Password and +* uuid=Device_UUID +* +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df..6080697 100644 +--- a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++
[OE-core][nanbield 01/14] cve-check: Log if CVE_STATUS set but not reported for component
From: Simone Weiß Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a component. This should hopefully help to clean up not needed CVE_STATUS settings. Signed-off-by: Simone Weiß Signed-off-by: Richard Purdie (cherry picked from commit 013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5191d04303..56ba8bceef 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -418,6 +418,9 @@ def check_cves(d, patched_cves): cves_status.append([product, False]) conn.close() +diff_ignore = list(set(cve_ignore) - set(cves_ignored)) +if diff_ignore: +oe.qa.handle_error("cve_status_not_in_db", "Found CVE (%s) with CVE_STATUS set that are not found in database for this component" % " ".join(diff_ignore), d) if not cves_in_recipe: bb.note("No CVE records for products in recipe %s" % (pn)) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197276): https://lists.openembedded.org/g/openembedded-core/message/197276 Mute This Topic: https://lists.openembedded.org/mt/104996206/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 00/14] Patch review
Please review this set of changes for nanbield and have comments back by end of day Tuesday, March 19 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6688 The following changes since commit f40a53370eac89df38b2fab47c411a61d4df4fc0: gnutls: Upgrade 3.8.2 -> 3.8.3 (2024-03-12 06:25:19 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/nanbield-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/nanbield-nut Alex Kiernan (1): wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23 Alexander Kanavin (1): linux-firmware: upgrade 20231211 -> 20240220 Claus Stovgaard (1): wpa-supplicant: Fix CVE-2023-52160 Khem Raj (1): core-image-ptest: Increase disk size to 1.5G for strace ptest image Lee Chee Yang (1): openssl: upgrade to 3.1.5 Michael Halstead (1): yocto-uninative: Update to 4.4 for glibc 2.39 Priyal Doshi (1): tzdata : Upgrade to 2024a Simone Weiß (1): cve-check: Log if CVE_STATUS set but not reported for component Yoann Congal (6): cve-update-nvd2-native: Fix typo in comment cve-update-nvd2-native: Add an age threshold for incremental update cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition cve-update-nvd2-native: nvd_request_next: Improve comment cve-update-nvd2-native: Fix CVE configuration update cve-update-nvd2-native: Remove rejected CVE from database meta/classes/cve-check.bbclass| 3 + meta/conf/distro/include/yocto-uninative.inc | 10 +- .../openssl/openssl/fix_random_labels.patch | 22 -- .../{openssl_3.1.4.bb => openssl_3.1.5.bb}| 4 +- ...te-Phase-2-authentication-requiremen.patch | 213 ++ .../wpa-supplicant/wpa-supplicant_2.10.bb | 1 + meta/recipes-core/images/core-image-ptest.bb | 2 +- .../meta/cve-update-nvd2-native.bb| 35 ++- meta/recipes-extended/timezone/timezone.inc | 6 +- ...20231211.bb => linux-firmware_20240220.bb} | 6 +- 09.01.bb => wireless-regdb_2024.01.23.bb} | 4 +- 11 files changed, 260 insertions(+), 46 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb => openssl_3.1.5.bb} (98%) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} (88%) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197275): https://lists.openembedded.org/g/openembedded-core/message/197275 Mute This Topic: https://lists.openembedded.org/mt/104996205/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH] libsoup: enable vapi support
without vapi gnome-calculator-46.0 will fail with: | ../gnome-calculator-46.0/lib/currency-provider.vala:161.19-161.47: error: The name `send_and_splice_async' does not exist in the context of `Soup.Session' (libsoup-3.0) Signed-off-by: Markus Volk --- meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index 6d382a7852..6f7cac4cf8 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -19,7 +19,7 @@ CVE_PRODUCT = "libsoup" S = "${WORKDIR}/libsoup-${PV}" -inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gi-docgen +inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gi-docgen vala GIR_MESON_ENABLE_FLAG = 'enabled' GIR_MESON_DISABLE_FLAG = 'disabled' @@ -39,7 +39,7 @@ EOF } EXTRA_OEMESON:append:class-target = " --cross-file ${WORKDIR}/soup.cross" -EXTRA_OEMESON += "-Dvapi=disabled -Dtls_check=false" +EXTRA_OEMESON += "-Dtls_check=false" # Disable the test suites EXTRA_OEMESON += "-Dtests=false -Dautobahn=disabled -Dpkcs11_tests=disabled" -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197274): https://lists.openembedded.org/g/openembedded-core/message/197274 Mute This Topic: https://lists.openembedded.org/mt/104996047/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 0/2] glibc: Fix conflict error when enbale multilib on aarch64.
Hi, Richard > I'm afraid this looks like a pretty horrible workaround where the header is > broken in the non-fortran enabled case and mulitlib wouldn't work in the > fortran > case. > I'm sorry. It seems that I should submit a discussion instead of submitting these patches directly. I found that the current oe_multilib_header() function doesn’t work for fortran at all. I figured out two methods to fix this error: 1. Write a new example multilib herder example for fortran, such as multilib_header_fortran_wrapper.h or something else. 2. Disable finclude/math-vector-fortran.h for fortran. And finally, I selected the second way for the following considerations: - I searched the bug report about multilib and fortran, it seems that few user to enable the multilib for fortran compiler. - I built the core-image-minimal with multilib for fortran compiler. There is only one build error(finclude/math-vector-fortran.h). For the above-mentioned considerations, I selected the second way to fix the issue quickly. I wonder if you can give me some suggestions about how to fix this issue. Best regards Lei > -Original Message- > From: openembedded-core@lists.openembedded.org > On Behalf Of Richard Purdie > Sent: Friday, March 15, 2024 3:36 PM > To: Lei, Maohui ; > openembedded-core@lists.openembedded.org > Subject: Re: [OE-core] [PATCH v2 0/2] glibc: Fix conflict error when enbale > multilib on aarch64. > > On Fri, 2024-03-15 at 11:05 +0800, leimaohui via lists.openembedded.org > wrote: > > From: Lei Maohui > > > > - Fix conflict of finclude/math-vector-fortran.h error when enable > > multilib on > > aarch64. > > - Because multilib header doesn't work well for fortran compiler, a > > compile > > error will occur with above glibc patch. So, disable multilib_header > > when > > fortran is enabled. > > > > Lei Maohui (2): > > multilib_header.bbclass:Disable multilib_header when fortran is > > enabled. > > glibc: Fix conflict error when enbale multilib on aarch64. > > I'm afraid this looks like a pretty horrible workaround where the header is > broken in the non-fortran enabled case and mulitlib wouldn't work in the > fortran > case. > > I don't really want to merge a patch like this. > > Cheers, > > Richard > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197273): https://lists.openembedded.org/g/openembedded-core/message/197273 Mute This Topic: https://lists.openembedded.org/mt/104941097/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH] gsettings-desktop-schemas: update 45.0 -> 46.0
Major changes in 46.0 = - Translation updates Major changes in 46.rc == - Make default clock format overridable by translators - Translation updates Major changes in 46.beta - Add key to modify XKB options - Add key to indicate whether switches should indicate state with shapes - Translation updates Major changes in 46.alpha = - Update default background file extension to jxl - Translation updates Signed-off-by: Markus Volk --- ...esktop-schemas_45.0.bb => gsettings-desktop-schemas_46.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-gnome/gsettings-desktop-schemas/{gsettings-desktop-schemas_45.0.bb => gsettings-desktop-schemas_46.0.bb} (84%) diff --git a/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_45.0.bb b/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_46.0.bb similarity index 84% rename from meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_45.0.bb rename to meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_46.0.bb index 657f9d61ce..8260c3d357 100644 --- a/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_45.0.bb +++ b/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_46.0.bb @@ -12,4 +12,4 @@ DEPENDS = "glib-2.0" inherit gnomebase gsettings gobject-introspection gettext -SRC_URI[archive.sha256sum] = "365c8d04daf79b38c8b3dc9626349a024f9e4befdd31fede74b42f7a9fbe0ae2" +SRC_URI[archive.sha256sum] = "493a46a1161b6388d57aa72f632a79ce96c42d5ffbd1d0b00f496ec5876f8575" -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197272): https://lists.openembedded.org/g/openembedded-core/message/197272 Mute This Topic: https://lists.openembedded.org/mt/104995259/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCHv2] gtk4: update 4.12.5 -> 4.14.1
not particularly related to this upgrade but gtk4 is failing to compile with musl+clang - https://github.com/kraj/meta-clang/pull/922 I was hoping this upgrade would have helped but sadly it did not. On Sun, Mar 17, 2024 at 10:26 AM Markus Volk wrote: > > - Remove ffmpeg backend as it was removed upstream > > Overview of Changes in 4.14.1, 16-03-2024 > = > > * GtkTextView: > - Fix a mixup of cursor and anchor when retrieving surrounding text >in input methods > > * Printing: > - Avoid accessing freed printers > > * Accessibility: > - Fix memory leaks > > * GDK: > - Rename the GDK_VULKAN_SKIP environment variable to GDK_VULKAN_DISABLE > - Add a GDK_GL_DISABLE environment variable > > * GSK: > - Rename the GSK_GPU_SKIP environment variable to GSK_GPU_DISABLE > - Speed up handling of repeated ops, which should help for text > - Speed up the inner loop of text node conversion > - Drop the glyph-align optimization flag > - ngl: Avoid reusing frames while they are in use > - Fix flickering thumbnails in nautilus > - Speed up buffer handling in both ngl and Vulkan > > * Demos: > - Skip demos using gl shaders when we're not using the gl renderer > > * Build: > - Fix some ubsan warnings > - Avoid zink in ci since it spams stderr > > * Translation updates: > Czech > German > Korean > Russian > > Overview of Changes in 4.14.0, 12-03-2024 > = > > Note: The new renderers and dmabuf support are using graphics drivers > in different ways than the old gl renderer, and trigger new driver bugs, > (see for example https://gitlab.gnome.org/GNOME/gtk/-/issues/6418 and > https://gitlab.gnome.org/GNOME/gtk/-/issues/6388). Therefore, it is > recommended to use the latest mesa release (24.x) with the new renderers. > > * GtkTextView: > - Don't snapshot children twice > - Don't blink the cursor when hidden > > * GtkEmojiChooser: > - Fix presentation selector handling > > * GtkSnapshot: > - Fix wrong nodes with transformed shadows > > * GtkIMContext: > - Make gtk_im_context_activate_osk public > > * Accessibility: > - Implement get_contents_at for all our text widgets > - Add GtkAccessibleText.get_default_attributes > > * GSK: > - Don't fall back to cairo for software rendering. gl+llvmpipe is better > - Round vertical glyph position to a device pixel position if the font is > hinted > - Fix problems with clip handling > - Make vulkan and ngl match their font handling > - Fix some corner-cases with offloading and clips > - Fix problem with rendering of missing glyphs in hinted fonts > > * MacOs: > - Implement cursor-from-texture > > * Translation updates: > Basque > British English > French > Indonesian > Kazakh > Latvian > Lithuanian > Norwegian Bokmål > Slovenian > Spanish > Turkish > > Overview of Changes in 4.13.9, 02-03-2024 > = > > * GtkEditable: > - Fix preconditions to be not too strict > > * GtkEmojiChooser: > - Support search in the locale as well as in English > > * GtkIconTheme: > - Make gtk_icon_paintable_new_for_file support symbolics > > * GtkVideo: > - Fix a problem with cursor handling that could lead to crashes > > * Accessibility: > - Fix GetCharacterAtOffset implementation > - Add a Terminal role > - Make TextCaretMoved match gtk3 > - Support multiple levels of GtkEditable delegates > > * GSK: > - Make the node parser more flexible for text nodes > - Change the way font scaling is handled to avoid clipping > - Fix handling of missing glyphs in the new renderers > > * X11: > - Don't claim to support shadows without a compositor > > * Wayland: > - Fix handling of output scales > > * Tools: > - Add a compare command to gtk4-rendernode-tool > > * Build: > - Fix some ubsan complaints > > * Translation updates: > Basque > British English > Catalan > Finnish > Galician > Georgian > Hebrew > Indonesian > Kazakh > Latvian > Lithuanian > Persian > Polish > Russian > Slovenian > Spanish > Turkish > Ukrainian > > Overview of Changes in 4.13.8, 20-02-2024 > = > > * Accessibility: > - Add a GtkAccessibleText interface for allowing 3rd party >text widgets (notably vte) to be accessible > - Avoid duplicate accessible descriptions > - Fix GetAccessibleAtPoint > > * GSK: > - Avoid offscreens for disjoint containers > - Don't use the gpu renderers with llvmpipe > - Fix various rendering issues found by tests > - Allow unnormalized node bounds again > - Fix a broken case of rounded-rect intersection > - Fix handling of external textures in gpu renderers > - Make gpu renderers work with WGL on Windows > > * build: > - Allow building without dmabuf support on (old) Linux > > * X11: > - Fix monitor enter/leave signals > > * Translation updates: > Basque > Brazilian Portuguese > Catalan > Czech > Galician > Georgian > Hebrew > Lithuanian > Persian > Russian > Turkish >
[OE-core] [PATCH] oeqa/selftest/overlayfs: test read-only rootfs
From: Baruch Siach Use the read-only squashfs filesystem to test the read-only case. Signed-off-by: Baruch Siach Signed-off-by: Vyacheslav Yurkov --- meta-selftest/wic/overlayfs_etc.wks.in| 4 +-- meta/lib/oeqa/selftest/cases/overlayfs.py | 34 +++ 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/meta-selftest/wic/overlayfs_etc.wks.in b/meta-selftest/wic/overlayfs_etc.wks.in index 1e1e5836e7..066cd35b15 100644 --- a/meta-selftest/wic/overlayfs_etc.wks.in +++ b/meta-selftest/wic/overlayfs_etc.wks.in @@ -1,4 +1,4 @@ part /boot --active --source bootimg-biosplusefi --ondisk sda --sourceparams="loader=grub-efi" --align 1024 -part / --source rootfs --ondisk sda --fstype=ext4 --use-uuid --align 1024 +part / --source rootfs --ondisk sda --fstype=${OVERLAYFS_ROOTFS_TYPE} --use-uuid --align 1024 part --ondisk sda --fstype=ext4 --size=5 --align 1024 -bootloader --ptable gpt --timeout=1 --append="rootfstype=ext4 console=ttyS0,115200 console=tty0 ${OVERLAYFS_INIT_OPTION}" +bootloader --ptable gpt --timeout=1 --append="rootfstype=${OVERLAYFS_ROOTFS_TYPE} console=ttyS0,115200 console=tty0 ${OVERLAYFS_INIT_OPTION}" diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py b/meta/lib/oeqa/selftest/cases/overlayfs.py index cd0dc60c64..e31063567b 100644 --- a/meta/lib/oeqa/selftest/cases/overlayfs.py +++ b/meta/lib/oeqa/selftest/cases/overlayfs.py @@ -353,6 +353,7 @@ EXTRA_IMAGE_FEATURES += "read-only-rootfs" # Image configuration for overlayfs-etc OVERLAYFS_ETC_MOUNT_POINT = "/data" OVERLAYFS_ETC_DEVICE = "/dev/sda3" +OVERLAYFS_ROOTFS_TYPE = "ext4" """ self.write_config(config) @@ -367,13 +368,17 @@ OVERLAYFS_ETC_DEVICE = "/dev/sda3" @skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently") def test_sbin_init_preinit(self): -self.run_sbin_init(False) +self.run_sbin_init(False, "ext4") @skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently") def test_sbin_init_original(self): -self.run_sbin_init(True) +self.run_sbin_init(True, "ext4") -def run_sbin_init(self, origInit): +@skipIfNotMachine("qemux86-64", "tests are qemux86-64 specific currently") +def test_sbin_init_read_only(self): +self.run_sbin_init(True, "squashfs") + +def run_sbin_init(self, origInit, rootfsType): """ Summary: Confirm we can replace original init and mount overlay on top of /etc Expected: Image is created successfully and /etc is mounted as an overlay @@ -384,7 +389,9 @@ OVERLAYFS_ETC_DEVICE = "/dev/sda3" args = { 'OVERLAYFS_INIT_OPTION': "" if origInit else "init=/sbin/preinit", -'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': int(origInit == True) +'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': int(origInit == True), +'OVERLAYFS_ROOTFS_TYPE': rootfsType, +'OVERLAYFS_ETC_CREATE_MOUNT_DIRS': int(rootfsType == "ext4") } self.write_config(config.format(**args)) @@ -437,7 +444,9 @@ IMAGE_INSTALL:append = " overlayfs-user" args = { 'OVERLAYFS_INIT_OPTION': "", -'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1 +'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1, +'OVERLAYFS_ROOTFS_TYPE': "ext4", +'OVERLAYFS_ETC_CREATE_MOUNT_DIRS': 1 } self.write_config(config.format(**args)) @@ -463,10 +472,14 @@ IMAGE_INSTALL:append = " overlayfs-user" INIT_MANAGER = "systemd" # enable overlayfs in the kernel -KERNEL_EXTRA_FEATURES:append = " features/overlayfs/overlayfs.scc" +KERNEL_EXTRA_FEATURES:append = " \ +features/overlayfs/overlayfs.scc \ +cfg/fs/squashfs.scc" IMAGE_FSTYPES += "wic" OVERLAYFS_INIT_OPTION = "{OVERLAYFS_INIT_OPTION}" +OVERLAYFS_ROOTFS_TYPE = "{OVERLAYFS_ROOTFS_TYPE}" +OVERLAYFS_ETC_CREATE_MOUNT_DIRS = "{OVERLAYFS_ETC_CREATE_MOUNT_DIRS}" WKS_FILE = "overlayfs_etc.wks.in" EXTRA_IMAGE_FEATURES += "read-only-rootfs" @@ -477,4 +490,13 @@ OVERLAYFS_ETC_MOUNT_POINT = "/data" OVERLAYFS_ETC_FSTYPE = "ext4" OVERLAYFS_ETC_DEVICE = "/dev/sda3" OVERLAYFS_ETC_USE_ORIG_INIT_NAME = "{OVERLAYFS_ETC_USE_ORIG_INIT_NAME}" + +ROOTFS_POSTPROCESS_COMMAND += "{OVERLAYFS_ROOTFS_TYPE}_rootfs" + +ext4_rootfs() {{ +}} + +squashfs_rootfs() {{ +mkdir -p ${{IMAGE_ROOTFS}}/data +}} """ -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197270): https://lists.openembedded.org/g/openembedded-core/message/197270 Mute This Topic: https://lists.openembedded.org/mt/104989652/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCHv2] gtk4: update 4.12.5 -> 4.14.1
- Remove ffmpeg backend as it was removed upstream Overview of Changes in 4.14.1, 16-03-2024 = * GtkTextView: - Fix a mixup of cursor and anchor when retrieving surrounding text in input methods * Printing: - Avoid accessing freed printers * Accessibility: - Fix memory leaks * GDK: - Rename the GDK_VULKAN_SKIP environment variable to GDK_VULKAN_DISABLE - Add a GDK_GL_DISABLE environment variable * GSK: - Rename the GSK_GPU_SKIP environment variable to GSK_GPU_DISABLE - Speed up handling of repeated ops, which should help for text - Speed up the inner loop of text node conversion - Drop the glyph-align optimization flag - ngl: Avoid reusing frames while they are in use - Fix flickering thumbnails in nautilus - Speed up buffer handling in both ngl and Vulkan * Demos: - Skip demos using gl shaders when we're not using the gl renderer * Build: - Fix some ubsan warnings - Avoid zink in ci since it spams stderr * Translation updates: Czech German Korean Russian Overview of Changes in 4.14.0, 12-03-2024 = Note: The new renderers and dmabuf support are using graphics drivers in different ways than the old gl renderer, and trigger new driver bugs, (see for example https://gitlab.gnome.org/GNOME/gtk/-/issues/6418 and https://gitlab.gnome.org/GNOME/gtk/-/issues/6388). Therefore, it is recommended to use the latest mesa release (24.x) with the new renderers. * GtkTextView: - Don't snapshot children twice - Don't blink the cursor when hidden * GtkEmojiChooser: - Fix presentation selector handling * GtkSnapshot: - Fix wrong nodes with transformed shadows * GtkIMContext: - Make gtk_im_context_activate_osk public * Accessibility: - Implement get_contents_at for all our text widgets - Add GtkAccessibleText.get_default_attributes * GSK: - Don't fall back to cairo for software rendering. gl+llvmpipe is better - Round vertical glyph position to a device pixel position if the font is hinted - Fix problems with clip handling - Make vulkan and ngl match their font handling - Fix some corner-cases with offloading and clips - Fix problem with rendering of missing glyphs in hinted fonts * MacOs: - Implement cursor-from-texture * Translation updates: Basque British English French Indonesian Kazakh Latvian Lithuanian Norwegian Bokmål Slovenian Spanish Turkish Overview of Changes in 4.13.9, 02-03-2024 = * GtkEditable: - Fix preconditions to be not too strict * GtkEmojiChooser: - Support search in the locale as well as in English * GtkIconTheme: - Make gtk_icon_paintable_new_for_file support symbolics * GtkVideo: - Fix a problem with cursor handling that could lead to crashes * Accessibility: - Fix GetCharacterAtOffset implementation - Add a Terminal role - Make TextCaretMoved match gtk3 - Support multiple levels of GtkEditable delegates * GSK: - Make the node parser more flexible for text nodes - Change the way font scaling is handled to avoid clipping - Fix handling of missing glyphs in the new renderers * X11: - Don't claim to support shadows without a compositor * Wayland: - Fix handling of output scales * Tools: - Add a compare command to gtk4-rendernode-tool * Build: - Fix some ubsan complaints * Translation updates: Basque British English Catalan Finnish Galician Georgian Hebrew Indonesian Kazakh Latvian Lithuanian Persian Polish Russian Slovenian Spanish Turkish Ukrainian Overview of Changes in 4.13.8, 20-02-2024 = * Accessibility: - Add a GtkAccessibleText interface for allowing 3rd party text widgets (notably vte) to be accessible - Avoid duplicate accessible descriptions - Fix GetAccessibleAtPoint * GSK: - Avoid offscreens for disjoint containers - Don't use the gpu renderers with llvmpipe - Fix various rendering issues found by tests - Allow unnormalized node bounds again - Fix a broken case of rounded-rect intersection - Fix handling of external textures in gpu renderers - Make gpu renderers work with WGL on Windows * build: - Allow building without dmabuf support on (old) Linux * X11: - Fix monitor enter/leave signals * Translation updates: Basque Brazilian Portuguese Catalan Czech Galician Georgian Hebrew Lithuanian Persian Russian Turkish Ukrainian Overview of Changes in 4.13.7, 11-02-2024 = * GtkFileChooser: - Speed up opening * GtkCalendar: - Add some missing setters and getters * Accessibility: - Add socket support for webkit accessibility - Implement AT-SPI text for GtkText - Implement AT-SPI component generically - Add an announce API * GSK: - Make the ngl renderer work on macOS - Fix a crash in the vulkan renderer - Make nodeparser allow aliases for fonts again - Implement cache eviction for glyph and texture caches - Fix ngl shaders to work on GL < 4.0 -
[oe-core][PATCH] gtk4: update 4.12.5 -> 4.14.1
- Remove ffmpeg backend as it was removed upstream Signed-off-by: Markus Volk --- meta/recipes-gnome/gtk+/{gtk4_4.12.5.bb => gtk4_4.14.1.bb} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename meta/recipes-gnome/gtk+/{gtk4_4.12.5.bb => gtk4_4.14.1.bb} (96%) diff --git a/meta/recipes-gnome/gtk+/gtk4_4.12.5.bb b/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb similarity index 96% rename from meta/recipes-gnome/gtk+/gtk4_4.12.5.bb rename to meta/recipes-gnome/gtk+/gtk4_4.14.1.bb index a418ef878f..ce733769a5 100644 --- a/meta/recipes-gnome/gtk+/gtk4_4.12.5.bb +++ b/meta/recipes-gnome/gtk+/gtk4_4.14.1.bb @@ -37,7 +37,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" UPSTREAM_CHECK_REGEX = "gtk-(?P\d+\.(\d*[02468])+(\.\d+)+)\.tar.xz" SRC_URI = "http://ftp.gnome.org/pub/gnome/sources/gtk/${MAJ_VER}/gtk-${PV}.tar.xz; -SRC_URI[sha256sum] = "28b356d590ee68ef626e2ef9820b2dd21441484a9a042a5a3f0c40e9dfc4f4f8" +SRC_URI[sha256sum] = "fcefb3f132f8cc4711a9efa5b353c9ae9bb5eeff0246fa74dbc2f2f839b9e308" S = "${WORKDIR}/gtk-${PV}" @@ -71,7 +71,6 @@ PACKAGECONFIG[cloudproviders] = "-Dcloudproviders=enabled,-Dcloudproviders=disab PACKAGECONFIG[cups] = "-Dprint-cups=enabled,-Dprint-cups=disabled,cups,cups gtk4-printbackend-cups" PACKAGECONFIG[colord] = "-Dcolord=enabled,-Dcolord=disabled,colord" PACKAGECONFIG[iso-codes] = ",,iso-codes,iso-codes" -PACKAGECONFIG[ffmpeg] = "-Dmedia-ffmpeg=enabled,-Dmedia-ffmpeg=disabled,ffmpeg" # gtk4 wants gstreamer-player-1.0 -> gstreamer1.0-plugins-bad PACKAGECONFIG[gstreamer] = "-Dmedia-gstreamer=enabled,-Dmedia-gstreamer=disabled,gstreamer1.0-plugins-bad" PACKAGECONFIG[tracker] = "-Dtracker=enabled,-Dtracker=disabled,tracker,tracker-miners" -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197268): https://lists.openembedded.org/g/openembedded-core/message/197268 Mute This Topic: https://lists.openembedded.org/mt/104987377/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 17 Mar 2024 01:00:01 AM HST
On Sun, 2024-03-17 at 01:17 -1000, Steve Sakoman wrote: > Branch: master > > New this week: 0 CVEs > > Removed this week: 0 CVEs > > Full list: Found 37 unpatched CVEs > CVE-2023-7216 (CVSS3: 5.3 MEDIUM): cpio Hi, checked all the upstream developments, no news at all this week, besides that this is now definitely rejected as expected behavior by the maintainer. I have pinged NIST about that. Simone -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197267): https://lists.openembedded.org/g/openembedded-core/message/197267 Mute This Topic: https://lists.openembedded.org/mt/104987325/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][kirkstone][PATCH 1/1] expat: fix CVE-2023-52426
From: Meenali Gupta A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time, a recursive XML Entity Expansion condition can be triggered.This issue may lead to a condition where data is expanded exponentially, which will quickly consume system resources and cause a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52426 https://github.com/libexpat/libexpat/pull/777 Signed-off-by: Meenali Gupta --- .../expat/expat/CVE-2023-52426-001.patch | 35 ++ .../expat/expat/CVE-2023-52426-002.patch | 72 +++ .../expat/expat/CVE-2023-52426-003.patch | 28 ++ .../expat/expat/CVE-2023-52426-004.patch | 429 ++ .../expat/expat/CVE-2023-52426-005.patch | 34 ++ .../expat/expat/CVE-2023-52426-006.patch | 174 +++ .../expat/expat/CVE-2023-52426-007.patch | 53 +++ .../expat/expat/CVE-2023-52426-008.patch | 37 ++ .../expat/expat/CVE-2023-52426-009.patch | 354 +++ .../expat/expat/CVE-2023-52426-010.patch | 50 ++ .../expat/expat/CVE-2023-52426-011.patch | 45 ++ meta/recipes-core/expat/expat_2.5.0.bb| 11 + 12 files changed, 1322 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-001.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-002.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-003.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-004.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-005.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-006.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-007.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-008.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-009.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-010.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-011.patch diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch new file mode 100644 index 00..c38a334540 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-001.patch @@ -0,0 +1,35 @@ +From cdead241d4f1136c2f38d1b28e95073c59753d30 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Thu, 26 Oct 2023 01:40:05 +0200 +Subject: [PATCH] doc/reference.html: Clarify effect of XML_DTD on external + entities + +Defining XML_DTD emnables support for external parameter(!) +entities. External general(!) entities have been supported +even with XML_DTD undefined. (Only now with Expat 2.6.0 +defining XML_GE as 0 can take that away.) + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/cdead241d4f1136c2f38d1b28e95073c59753d30] + +Signed-off-by: Meenali Gupta +--- + doc/reference.html | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/reference.html b/doc/reference.html +index 8b0d47d..a30e462 100644 +--- a/doc/reference.html b/doc/reference.html +@@ -365,7 +365,7 @@ this is defined, default attribute values from an external DTD subset + are reported and attribute value normalization occurs based on the + type of attributes defined in the external subset. Without + this, Expat has a smaller memory footprint and can be faster, but will +-not load external entities or process conditional sections. If defined, makes ++not load external parameter entities or process conditional sections. If defined, makes + the functions + XML_SetBillionLaughsAttackProtectionMaximumAmplification and +-- +2.40.0 + diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch new file mode 100644 index 00..9aedc3010a --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch @@ -0,0 +1,72 @@ +From daa89e42c005cc7f4f7af9eee271ae0723d30300 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Thu, 26 Oct 2023 00:59:52 +0200 + +Subject: [PATCH] cmake: Introduce option EXPAT_GE to control macro XML_GE + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/daa89e42c005cc7f4f7af9eee271ae0723d30300] + +Signed-off-by: Meenali Gupta +--- + CMakeLists.txt | 9 + + expat_config.h.cmake | 3 +++ + 2 files changed, 12 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 2b4c13c..416fe96 100644 +--- a/CMakeLists.txt b/CMakeLists.txt +@@ -140,6 +140,8 @@ expat_shy_set(EXPAT_CONTEXT_BYTES 1024 CACHE STRING "Define to specify how much + mark_as_advanced(EXPAT_CONTEXT_BYTES) + expat_shy_set(EXPAT_DTD ON CACHE BOOL "Define to make parameter entity parsing functionality available") + mark_as_advanced(EXPAT_DTD) ++expat_shy_set(EXPAT_GE ON CACHE BOOL "Define to make general entity parsing functionality available") ++mark_as_advanced(EXPAT_GE) +
Re: [OE-core] [kirkstone][PATCH] stress-ng: avoid calling sync during do_compile
No, I've noticed this when stress-ng and lib32-stress-ng were running do_compile at the same time and for some reason both sync calls got stuck, I've killed it when it was running both do_compile tasks for 13 hours (and there was chromium and lib32-chromium do_compile running for 15+ hours as well (not sure if it was related to this sync or something else). On Sun, Mar 17, 2024 at 3:37 PM Randy MacLeod wrote: > > > > On Sun, Mar 17, 2024, 08:01 Martin Jansa wrote: >> >> calling 'sync' from do_compile in the middle of big OE world >> build harms the build time. > > > No objection from me but do you have a any data on how much an innocuous call > to sync slows down a build? > > Randy > >> >> Signed-off-by: Martin Jansa >> --- >> .../0001-Makefile-avoid-calling-sync.patch| 35 +++ >> .../stress-ng/stress-ng_0.13.12.bb| 1 + >> 2 files changed, 36 insertions(+) >> create mode 100644 >> meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch >> >> diff --git >> a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch >> >> b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch >> new file mode 100644 >> index 00..fec8c524eb >> --- /dev/null >> +++ >> b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch >> @@ -0,0 +1,35 @@ >> +From 1d1801902a4944c6f5fa521c19b32fbac7342a0c Mon Sep 17 00:00:00 2001 >> +From: Colin Ian King >> +Date: Sat, 6 Aug 2022 13:05:59 + >> +Subject: [PATCH] Makefile: avoid calling sync >> + >> +Original commit message: >> +Makefile: use ld-gold if it is available >> + >> +Speed up linking by using ld-gold if is available. Add build >> +time detection to see if compiler allows it >> + >> +MJ: backported only the "sync" removal from Makefile as calling >> +it from do_compile in the middle of big OE world build harms >> +the build time. >> + >> +Upstream-Status: Backport [V0.14.04 >> c10e5c3f9f5560a085279f4c4b399c2f34cb897d] >> + >> +Signed-off-by: Colin Ian King >> +Signed-off-by: Martin Jansa >> +--- >> + Makefile | 1 - >> + 1 file changed, 1 deletion(-) >> + >> +diff --git a/Makefile b/Makefile >> +index f8f71c54b..23db4c612 100644 >> +--- a/Makefile >> b/Makefile >> +@@ -425,7 +425,6 @@ OBJS += $(CONFIG_OBJS) >> + stress-ng: $(OBJS) >> + $(Q)echo "LD $@" >> + $(V)$(CC) $(CPPFLAGS) $(CFLAGS) $(OBJS) -lm $(LDFLAGS) -o $@ >> +- $(V)sync >> + >> + config.h: >> + +$(MAKE) -f Makefile.config STATIC=$(STATIC) -j >> diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb >> b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb >> index 807ecd3466..72dafddaf8 100644 >> --- a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb >> +++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb >> @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = >> "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> >> SRC_URI = >> "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ >> >> file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ >> + file://0001-Makefile-avoid-calling-sync.patch \ >>" >> SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" >> S = "${WORKDIR}/git" >> -- >> 2.44.0 >> >> >> >> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197265): https://lists.openembedded.org/g/openembedded-core/message/197265 Mute This Topic: https://lists.openembedded.org/mt/104982006/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH] stress-ng: avoid calling sync during do_compile
On Sun, Mar 17, 2024, 08:01 Martin Jansa wrote: > calling 'sync' from do_compile in the middle of big OE world > build harms the build time. > No objection from me but do you have a any data on how much an innocuous call to sync slows down a build? Randy > Signed-off-by: Martin Jansa > --- > .../0001-Makefile-avoid-calling-sync.patch| 35 +++ > .../stress-ng/stress-ng_0.13.12.bb| 1 + > 2 files changed, 36 insertions(+) > create mode 100644 > meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch > > diff --git > a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch > b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch > new file mode 100644 > index 00..fec8c524eb > --- /dev/null > +++ > b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch > @@ -0,0 +1,35 @@ > +From 1d1801902a4944c6f5fa521c19b32fbac7342a0c Mon Sep 17 00:00:00 2001 > +From: Colin Ian King > +Date: Sat, 6 Aug 2022 13:05:59 + > +Subject: [PATCH] Makefile: avoid calling sync > + > +Original commit message: > +Makefile: use ld-gold if it is available > + > +Speed up linking by using ld-gold if is available. Add build > +time detection to see if compiler allows it > + > +MJ: backported only the "sync" removal from Makefile as calling > +it from do_compile in the middle of big OE world build harms > +the build time. > + > +Upstream-Status: Backport [V0.14.04 > c10e5c3f9f5560a085279f4c4b399c2f34cb897d] > + > +Signed-off-by: Colin Ian King > +Signed-off-by: Martin Jansa > +--- > + Makefile | 1 - > + 1 file changed, 1 deletion(-) > + > +diff --git a/Makefile b/Makefile > +index f8f71c54b..23db4c612 100644 > +--- a/Makefile > b/Makefile > +@@ -425,7 +425,6 @@ OBJS += $(CONFIG_OBJS) > + stress-ng: $(OBJS) > + $(Q)echo "LD $@" > + $(V)$(CC) $(CPPFLAGS) $(CFLAGS) $(OBJS) -lm $(LDFLAGS) -o $@ > +- $(V)sync > + > + config.h: > + +$(MAKE) -f Makefile.config STATIC=$(STATIC) -j > diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb > b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb > index 807ecd3466..72dafddaf8 100644 > --- a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb > +++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb > @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = > "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > > SRC_URI = "git:// > github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ > > file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ > + file://0001-Makefile-avoid-calling-sync.patch \ >" > SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" > S = "${WORKDIR}/git" > -- > 2.44.0 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197264): https://lists.openembedded.org/g/openembedded-core/message/197264 Mute This Topic: https://lists.openembedded.org/mt/104982006/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for nanbield on Sun 17 Mar 2024 04:00:01 AM HST
Branch: nanbield New this week: 12 CVEs CVE-2023-52434 (CVSS3: 8.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52434 * CVE-2023-52435 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52435 * CVE-2023-52438 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52438 * CVE-2023-52439 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52439 * CVE-2023-52443 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52443 * CVE-2023-52444 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52444 * CVE-2023-52445 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52445 * CVE-2023-52446 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52446 * CVE-2023-52447 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52447 * CVE-2024-26582 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26582 * CVE-2024-26583 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26583 * CVE-2024-26585 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26585 * Removed this week: 9 CVEs CVE-2023-50387 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50387 * CVE-2023-6816 (CVSS3: 9.8 CRITICAL): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2024-0408 (CVSS3: 5.5 MEDIUM): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0408 * CVE-2024-0409 (CVSS3: 7.8 HIGH): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0409 * CVE-2024-0553 (CVSS3: 7.5 HIGH): gnutls:gnutls-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0553 * CVE-2024-0567 (CVSS3: 7.5 HIGH): gnutls:gnutls-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0567 * CVE-2024-22195 (CVSS3: 6.1 MEDIUM): python3-jinja2:python3-jinja2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22195 * CVE-2024-22667 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22667 * CVE-2024-25062 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25062 * Full list: Found 120 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-39189 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 * CVE-2023-39192 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 * CVE-2023-39193 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 * CVE-2023-39928 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 * CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 (CVSS3: 5.5 MEDIUM):
[OE-core] OE-core CVE metrics for kirkstone on Sun 17 Mar 2024 03:00:01 AM HST
Branch: kirkstone New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 44 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-36648 (CVSS3: 10.0 CRITICAL): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36648 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 * CVE-2023-28198 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28198 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3164 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 * CVE-2023-32370 (CVSS3: 5.3 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32370 * CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 * CVE-2023-39323 (CVSS3: 8.1 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39323 * CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-40397 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40397 * CVE-2023-44487 (CVSS3: 7.5 HIGH): go:nghttp2 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44487 * CVE-2023-45803 (CVSS3: 4.2 MEDIUM): python3-urllib3 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45803 * CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-47100 (CVSS3: 9.8 CRITICAL): perl:perl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100 * CVE-2023-47470 (CVSS3: 7.8 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 * CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-49292 (CVSS3: 4.8 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 * CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 * CVE-2023-52355 (CVSS3: 7.5 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 * CVE-2023-52356 (CVSS3: 7.5 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 * CVE-2023-52425 (CVSS3: 7.5 HIGH): expat:expat-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52425 * CVE-2023-52426 (CVSS3: 5.5 MEDIUM): expat:expat-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52426 * CVE-2023-5380 (CVSS3: 4.7 MEDIUM): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5380 * CVE-2023-5574 (CVSS3: 7.0 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-6277 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6277 * CVE-2023-6683 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 * CVE-2023-6816 (CVSS3: 9.8 CRITICAL): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2023-7216 (CVSS3: 5.3 MEDIUM): cpio https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7216 * CVE-2024-0408 (CVSS3: 5.5 MEDIUM): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0408 * CVE-2024-0409 (CVSS3: 7.8 HIGH): xwayland https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0409 * CVE-2024-1048 (CVSS3: 3.3 LOW): grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1048 * CVE-2024-22860 (CVSS3: 9.8 CRITICAL): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22860 *
[OE-core] OE-core CVE metrics for dunfell on Sun 17 Mar 2024 02:00:01 AM HST
Branch: dunfell New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 110 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 * CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 * CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 * CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 * CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 * CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 * CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 * CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 * CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 * CVE-2022-0358 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358 * CVE-2022-2294 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294 * CVE-2022-2347 (CVSS3: 7.1 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2347 * CVE-2022-23773 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 * CVE-2022-24765 (CVSS3: 7.8 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 * CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 * CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 * CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30293 * CVE-2022-30767 (CVSS3: 9.8 CRITICAL): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30767 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
[OE-core] [kirkstone][PATCH] stress-ng: avoid calling sync during do_compile
calling 'sync' from do_compile in the middle of big OE world build harms the build time. Signed-off-by: Martin Jansa --- .../0001-Makefile-avoid-calling-sync.patch| 35 +++ .../stress-ng/stress-ng_0.13.12.bb| 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch diff --git a/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch new file mode 100644 index 00..fec8c524eb --- /dev/null +++ b/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch @@ -0,0 +1,35 @@ +From 1d1801902a4944c6f5fa521c19b32fbac7342a0c Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Sat, 6 Aug 2022 13:05:59 + +Subject: [PATCH] Makefile: avoid calling sync + +Original commit message: +Makefile: use ld-gold if it is available + +Speed up linking by using ld-gold if is available. Add build +time detection to see if compiler allows it + +MJ: backported only the "sync" removal from Makefile as calling +it from do_compile in the middle of big OE world build harms +the build time. + +Upstream-Status: Backport [V0.14.04 c10e5c3f9f5560a085279f4c4b399c2f34cb897d] + +Signed-off-by: Colin Ian King +Signed-off-by: Martin Jansa +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile b/Makefile +index f8f71c54b..23db4c612 100644 +--- a/Makefile b/Makefile +@@ -425,7 +425,6 @@ OBJS += $(CONFIG_OBJS) + stress-ng: $(OBJS) + $(Q)echo "LD $@" + $(V)$(CC) $(CPPFLAGS) $(CFLAGS) $(OBJS) -lm $(LDFLAGS) -o $@ +- $(V)sync + + config.h: + +$(MAKE) -f Makefile.config STATIC=$(STATIC) -j diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb index 807ecd3466..72dafddaf8 100644 --- a/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb +++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ + file://0001-Makefile-avoid-calling-sync.patch \ " SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" S = "${WORKDIR}/git" -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197260): https://lists.openembedded.org/g/openembedded-core/message/197260 Mute This Topic: https://lists.openembedded.org/mt/104982006/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for master on Sun 17 Mar 2024 01:00:01 AM HST
Branch: master New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 37 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 * CVE-2023-6238 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 * CVE-2023-6240 (CVSS3: 6.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6240 * CVE-2023-6270 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 * CVE-2023-6356 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6356 * CVE-2023-6535 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6535 * CVE-2023-6536 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6536 * CVE-2023-7042 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7042 * CVE-2023-7216 (CVSS3: 5.3 MEDIUM): cpio https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7216 * CVE-2024-0841 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0841 * CVE-2024-21803 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21803 * CVE-2024-23307 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23307 * CVE-2024-23848 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23848 * CVE-2024-24857 (CVSS3: 6.8 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24857 * CVE-2024-24858 (CVSS3: 5.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24858 * CVE-2024-24859 (CVSS3: 4.8 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24859 * CVE-2024-24861 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24861 * CVE-2024-24864 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24864 * CVE-2024-25739 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25739 * CVE-2024-25740 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25740 * Summary of CVE counts by recipe: linux-yocto: 28 busybox: 4 cpio: 1 gnupg:gnupg-native: 1 nasm:nasm-native: 1 openssh: 1 qemu:qemu-native:qemu-system-native: 1 For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197259): https://lists.openembedded.org/g/openembedded-core/message/197259 Mute This Topic: https://lists.openembedded.org/mt/104981487/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH] bzip2: add libbz2.so.1.0 link for compat
On Fri, 2024-03-15 at 19:19 -0500, r...@ti.com wrote: > From: Randolph Sapp > > Add a link from libbz2.so.1.0 to libbz2.so.${PV} for compatibility > with > other distributions. > > A handfull of distributions are still using the "Makefile-libbz2_so" to > generate libbz2 and bzip2-shared. This creates a library with a soname > of "libbz2.so.1.0". This library link is not provide by default in > autotools builds so add one here as Gentoo does now [1]. > > This has been addressed upstream already, but there hasn't been a stable > release since then [2]. > > [1] https://bugs.gentoo.org/338321 > [2] https://gitlab.com/bzip2/bzip2/-/merge_requests/42 > > Signed-off-by: Randolph Sapp > --- > meta/recipes-extended/bzip2/bzip2_1.0.8.bb | 5 + > 1 file changed, 5 insertions(+) I guess by "cross distro", you mean that you have some binaries which need to run on multiple distros, some of which have this naming and some of which do not? I am a bit worried about this as it is the kind of thing we add, then totally forget about removing so it gets carried even after it no longer makes sense (and the library name/version changes again for example). Ugly as it may be, I'm wondering if there should be a separate recipe to handle this link which the binaries could depend upon. Even a separate package for it and an error if the target lib doesn't exist might be better. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197258): https://lists.openembedded.org/g/openembedded-core/message/197258 Mute This Topic: https://lists.openembedded.org/mt/104959821/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-