[OE-core] [PATCH] kernel.bbclass: check, if directory exists before removing empty module directory

2024-04-14 Thread Heiko 
If the kernel folder does not exist, find will result in an error.
This can occur if the kernel has no modules but, for example, custom modules 
are created.

Add check before deleting.

Signed-off-by: Heiko Thole 
---
 meta/classes-recipe/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/kernel.bbclass 
b/meta/classes-recipe/kernel.bbclass
index b084d6d..c0a2056 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -463,7 +463,7 @@ kernel_do_install() {
rm -f 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
rm -f 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
# Remove empty module directories to prevent QA issues
-   find 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty 
-delete
+   [ -d 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" ] && find 
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty 
-delete
else
bbnote "no modules to install"
fi
--
2.41.0

eQ-3 Entwicklung GmbH, Maiburger Str. 36, 26789 Leer
Geschäftsführer: Prof. Heinz-G. Redeker
Registergericht: Amtsgericht Aurich, HRB 110388
eQ-3 AG, Maiburger Str. 29, 26789 Leer
Vorstand: Prof. Heinz-G. Redeker (Vorsitzender), Helga Redeker
Vorsitzende des Aufsichtsrats: Irmgard Keplin
Registergericht: Amtsgericht Aurich, HRB 200335

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198216): 
https://lists.openembedded.org/g/openembedded-core/message/198216
Mute This Topic: https://lists.openembedded.org/mt/105530368/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] devtool: sync: Fix Execution error

2024-04-14 Thread vincent 
From: Vincent Kriek 

When executing devtool sync on a recipe that was extract with devtool
extract earlier the following error occured:

Traceback (most recent call last):
[...]
bb.process.ExecutionError: Execution of 'git fetch 
file:///home/vin/projects/poky/build/tmp/work/all-poky-linux/netbase/6.4/devtooltmp-figt1jmr/workdir/netbase
 devtool:devtool' failed with exit code 128:
fatal: refusing to fetch into branch 'refs/heads/devtool' checked out at 
'/home/vin/projects/poky/build/netbase-src'

Fix this by adding --update-head-ok and --force to git fetch so it will
override the current head even if it is checked out and has changes.
Possible existing changes in the devtool branch can be retrieved by
checking out the devtool.bak branch

Signed-off-by: Vincent Kriek 
---
 scripts/lib/devtool/standard.py | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 7972b4f822..248a1e1218 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -661,7 +661,18 @@ def _extract_source(srctree, keep_temp, devbranch, sync, 
config, basepath, works
 srctree_localdir = os.path.join(srctree, 'oe-local-files')
 
 if sync:
-bb.process.run('git fetch file://' + srcsubdir + ' ' + devbranch + 
':' + devbranch, cwd=srctree)
+try:
+logger.info('Backing up current %s branch as branch: %s.bak' % 
(devbranch, devbranch))
+bb.process.run('git branch -f ' + devbranch + '.bak', 
cwd=srctree)
+
+# Use git fetch to update the source with the current recipe
+# To be able to update the currently checked out branch with
+# possibly new history (no fast-forward) git needs to be told
+# that's ok
+logger.info('Syncing source files including patches to git 
branch: %s' % devbranch)
+bb.process.run('git fetch --update-head-ok --force file://' + 
srcsubdir + ' ' + devbranch + ':' + devbranch, cwd=srctree)
+except bb.process.ExecutionError as e:
+raise DevtoolError("Error when syncing source files to local 
checkout: %s" % str(e))
 
 # Move the oe-local-files directory to srctree.
 # As oe-local-files is not part of the constructed git tree,
-- 
2.44.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198215): 
https://lists.openembedded.org/g/openembedded-core/message/198215
Mute This Topic: https://lists.openembedded.org/mt/105521540/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 10/33] gnutls: upgrade 3.8.4 -> 3.8.5

2024-04-14 Thread Simone Weiß 
On Sat, 2024-04-13 at 20:55 +, Simone Weiß wrote:
> On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote:
> > On 11/04/2024 19:41:09+, Simone Weiß wrote:
> > > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via
> > > lists.openembedded.org wrote:
> > > > Failed ptests:
> > > > {'gnutls': ['alerts',
> > > >     'cert-status',
> > > >     'ciphersuite-name',
> > > >     'dtls-etm',
> > > >     'dtls10-cert-key-exchange',
> > > >     'dtls12-cert-key-exchange',
> > > >     'keylog-env',
> > > >     'mini-chain-unsorted',
> > > >     'mini-record-failure',
> > > >     'mini-overhead',
> > > >     'mini-record',
> > > >     'mini-record-2',
> > > >     'record-retvals',
> > > >     'rehandshake-switch-cert',
> > > >     'rehandshake-switch-cert-allow',
> > > >     'rehandshake-switch-cert-client',
> > > >     'rehandshake-switch-cert-client-allow',
> > > >     'rsa-encrypt-decrypt',
> > > >     'rsa-psk',
> > > >     'rsa-psk-cb',
> > > >     'rsaes-pkcs1-v1_5',
> > > >     'tls-etm',
> > > >     'tls-force-etm',
> > > >     'tls-neg-ext4-key',
> > > >     'tls10-cert-key-exchange',
> > > >     'tls11-cert-key-exchange',
> > > >     'tls10-server-kx-neg',
> > > >     'tls12-anon-upgrade',
> > > >     'tls12-cert-key-exchange',
> > > >     'tls11-server-kx-neg',
> > > >     'tls12-server-kx-neg',
> > > >     'tls13-cert-key-exchange',
> > > >     'tls13-server-kx-neg',
> > > >     'version-checks']}
> > > > 
> > > > 
> > > Hi,
> > > 
> > > is there a autobuilder link to this? I tried it locally and all was
> > > fine.
> > > Would like to check it just to see if I can spot a difference. Or do
> > > you
> > > (Wang Mingyu) already check at the moment?
> > 
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6489/steps/12/logs/stdio
> > 
> > https://autobuilder.yocto.io/pub/non-release/20240409-25/testresults/qemux86-64-ptest/gnutls.log
> 
> Looks like at least some might be fixable with
> https://gitlab.com/gnutls/gnutls/-/merge_requests/1830
> 
> I will take a further look
New patches are on the list. (Wang Mingyu: I included your commit, hope
that is ok)

Simone

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198214): 
https://lists.openembedded.org/g/openembedded-core/message/198214
Mute This Topic: https://lists.openembedded.org/mt/105417636/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] gnutls: Fix failing ptests

2024-04-14 Thread Simone Weiß 
From: Simone Weiß 

When upgrading gnutls to the newest version 3.8.5, some ptest failed.
Backported a patch from upstream gnutls(not in any release yet) to
fix this issue.

Signed-off-by: Simone Weiß 
---
 ...PKCS1-v1_5-system-wide-configuration.patch | 269 ++
 meta/recipes-support/gnutls/gnutls_3.8.5.bb   |   1 +
 2 files changed, 270 insertions(+)
 create mode 100644 
meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch

diff --git 
a/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch
 
b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch
new file mode 100644
index 00..cc39f5c9a5
--- /dev/null
+++ 
b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch
@@ -0,0 +1,269 @@
+From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich 
+Date: Wed, 10 Apr 2024 12:51:33 +0200
+Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration
+
+Upstream-Status: Backport [expected for  3.8.6 
https://gitlab.com/gnutls/gnutls/-/merge_requests/1830?commit_id=2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d]
+
+Signed-off-by: Simone Weiß 
+Signed-off-by: Zoltan Fridrich 
+---
+ lib/priority.c| 125 +++---
+ ...system-override-allow-rsa-pkcs1-encrypt.sh |  27 +++-
+ 2 files changed, 96 insertions(+), 56 deletions(-)
+
+diff --git a/lib/priority.c b/lib/priority.c
+index 8abe00d1ff..3434619aad 100644
+--- a/lib/priority.c
 b/lib/priority.c
+@@ -1018,6 +1018,12 @@ struct cfg {
+   bool force_ext_master_secret_set;
+ };
+ 
++static inline void cfg_init(struct cfg *cfg)
++{
++  memset(cfg, 0, sizeof(*cfg));
++  cfg->allow_rsa_pkcs1_encrypt = true;
++}
++
+ static inline void cfg_deinit(struct cfg *cfg)
+ {
+   if (cfg->priority_strings) {
+@@ -1095,6 +1101,12 @@ struct ini_ctx {
+   size_t curves_size;
+ };
+ 
++static inline void ini_ctx_init(struct ini_ctx *ctx)
++{
++  memset(ctx, 0, sizeof(*ctx));
++  cfg_init(>cfg);
++}
++
+ static inline void ini_ctx_deinit(struct ini_ctx *ctx)
+ {
+   cfg_deinit(>cfg);
+@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct 
ini_ctx *ctx)
+   _gnutls_default_priority_string = cfg->default_priority_string;
+   }
+ 
+-  /* enable RSA-PKCS1-V1_5 by default */
+-  cfg->allow_rsa_pkcs1_encrypt = true;
+-
+   if (cfg->allowlisting) {
+   /* also updates `flags` of global `hash_algorithms[]` */
+   ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size);
+@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void)
+   return 0;
+ }
+ 
++/* Returns false on parse error, otherwise true.
++ * The system_wide_config must be locked for writing.
++ */
++static inline bool load_system_priority_file(void)
++{
++  int err;
++  FILE *fp;
++  struct ini_ctx ctx;
++
++  cfg_init(_wide_config);
++
++  fp = fopen(system_priority_file, "re");
++  if (fp == NULL) {
++  _gnutls_debug_log("cfg: unable to open: %s: %d\n",
++system_priority_file, errno);
++  return true;
++  }
++
++  /* Parsing the configuration file needs to be done in 2 phases:
++   * first parsing the [global] section
++   * and then the other sections,
++   * because the [global] section modifies the parsing behavior.
++   */
++  ini_ctx_init();
++  err = ini_parse_file(fp, global_ini_handler, );
++  if (!err) {
++  if (fseek(fp, 0L, SEEK_SET) < 0) {
++  _gnutls_debug_log("cfg: unable to rewind: %s\n",
++system_priority_file);
++  if (fail_on_invalid_config)
++  exit(1);
++  }
++  err = ini_parse_file(fp, cfg_ini_handler, );
++  }
++  fclose(fp);
++  if (err) {
++  ini_ctx_deinit();
++  _gnutls_debug_log("cfg: unable to parse: %s: %d\n",
++system_priority_file, err);
++  return false;
++  }
++  cfg_apply(_wide_config, );
++  ini_ctx_deinit();
++  return true;
++}
++
+ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ {
+-  int ret, err = 0;
++  int ret;
++  bool config_parse_error = false;
+   struct stat sb;
+-  FILE *fp;
+   gnutls_buffer_st buf;
+-  struct ini_ctx ctx;
+ 
+   ret = gnutls_rwlock_rdlock(_wide_config_rwlock);
+-  if (ret < 0) {
++  if (ret < 0)
+   return gnutls_assert_val(ret);
+-  }
+ 
+   if (stat(system_priority_file, ) < 0) {
+   _gnutls_debug_log("cfg: unable to access: %s: %d\n",
+ system_priority_file, errno);
++
++

[OE-core] [PATCH 1/2] gnutls: upgrade 3.8.4 -> 3.8.5

2024-04-14 Thread Simone Weiß 
From: Wang Mingyu 

Add-ptest-support.patch
refreshed for 3.8.5

Changelog:
==
* libgnutls: Due to majority of usages and implementations of
  RSA decryption with PKCS#1 v1.5 padding being incorrect,
  leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
  is being deprecated (encryption and decryption) and will be
  disabled in the future.
* libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
  backward compatibility with GCR.
* libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
  v1.5 decryption error handling and deterministic ECDSA with earlier
  versions of GMP.
* build: Fixed a bug where building gnutls statically failed due
  to a duplicate definition of nettle_rsa_compute_root_tr().

Signed-off-by: Wang Mingyu 
---
 .../recipes-support/gnutls/gnutls/Add-ptest-support.patch | 8 
 .../gnutls/{gnutls_3.8.4.bb => gnutls_3.8.5.bb}   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename meta/recipes-support/gnutls/{gnutls_3.8.4.bb => gnutls_3.8.5.bb} (97%)

diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch 
b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index 1152d3797f..8edd31d6b9 100644
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -1,4 +1,4 @@
-From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001
+From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001
 From: Ravineet Singh 
 Date: Tue, 10 Jan 2023 16:11:10 +0100
 Subject: [PATCH] gnutls: add ptest support
@@ -26,7 +26,7 @@ index 843193f..816b09f 100644
  
  include $(top_srcdir)/cligen/cligen.mk
 diff --git a/configure.ac b/configure.ac
-index d6e03cf..e3f15fb 100644
+index 934377e..4406eae 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
@@ -39,10 +39,10 @@ index d6e03cf..e3f15fb 100644
  
  hw_features=
 diff --git a/tests/Makefile.am b/tests/Makefile.am
-index fb9e55a..c2d226a 100644
+index e39a3b3..861dd63 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL)
  AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
  LOG_COMPILER = $(LOG_VALGRIND)
  
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.4.bb 
b/meta/recipes-support/gnutls/gnutls_3.8.5.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.4.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.5.bb
index 20139b4dd4..21506a04dc 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.5.bb
@@ -25,7 +25,7 @@ SRC_URI = 
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://Add-ptest-support.patch \
"
 
-SRC_URI[sha256sum] = 
"2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b"
+SRC_URI[sha256sum] = 
"66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
 
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198212): 
https://lists.openembedded.org/g/openembedded-core/message/198212
Mute This Topic: https://lists.openembedded.org/mt/105521169/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for nanbield on Sun 14 Apr 2024 04:00:01 AM HST

2024-04-14 Thread Steve Sakoman 
Branch: nanbield

New this week: 0 CVEs

Removed this week: 0 CVEs

Full list:  Found 128 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 *
CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *
CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 *
CVE-2023-39189 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 *
CVE-2023-39192 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 *
CVE-2023-39193 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 *
CVE-2023-39928 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 *
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 *
CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 *
CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 *
CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 *
CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 *
CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 *
CVE-2023-42753 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42753 *
CVE-2023-42754 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42754 *
CVE-2023-42756 (CVSS3: 4.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42756 *
CVE-2023-4623 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4623 *
CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 *
CVE-2023-46838 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46838 *
CVE-2023-47470 (CVSS3: 7.8 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 *
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-4921 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4921 *
CVE-2023-49292 (CVSS3: 4.8 MEDIUM): 
go:go-binary-native:go-cross-core2-64:go-runtime 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 *
CVE-2023-50431 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50431 *
CVE-2023-5088 (CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 *
CVE-2023-51384 (CVSS3: 5.5 MEDIUM): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 *
CVE-2023-51385 (CVSS3: 6.5 MEDIUM): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 *
CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
CVE-2023-5178 (CVSS3: 9.8 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178 *
CVE-2023-51780 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51780 *
CVE-2023-51781 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51781 *
CVE-2023-51782 (CVSS3: 7.0 HIGH):

Re: [RFC][oe-core][PATCH] xwayland: update 23.2.5 -> 23.2.6

2024-04-14 Thread Markus Volk 

This requires libei which is currently in meta-oe

On Sun, Apr 14 2024 at 04:06:52 PM +02:00:00, Markus Volk 
 wrote:

- add a PACKAGECONFIG for libdecor

! This will require to move libei from meta-oe to oe-core !

Signed-off-by: Markus Volk >

---
 .../xwayland/{xwayland_23.2.5.bb => xwayland_23.2.6.bb}  | 5 
+++--

 1 file changed, 3 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xwayland/{xwayland_23.2.5.bb => 
xwayland_23.2.6.bb} (89%)


diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb 
b/meta/recipes-graphics/xwayland/xwayland_23.2.6.bb

similarity index 89%
rename from meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
rename to meta/recipes-graphics/xwayland/xwayland_23.2.6.bb
index b934a873d1..62241a1258 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.6.bb
@@ -10,20 +10,21 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = 
"file://COPYING;md5=5df87950af51ac2c5822094553ea1880" 



 SRC_URI = 
"https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz 
"
-SRC_URI[sha256sum] = 
"33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
+SRC_URI[sha256sum] = 
"1c9a366b4e7ccadba0f9bd313c59eae12d23bd72543b22a26eaf8b20835cfc6d"


 UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"

 inherit meson features_check pkgconfig
 REQUIRED_DISTRO_FEATURES = "x11 opengl"

-DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland 
wayland-native wayland-protocols libdrm libepoxy libxcvt"
+DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland 
wayland-native wayland-protocols libdrm libei libepoxy libxcvt"


 OPENGL_PKGCONFIGS = "glx glamor dri3"
 PACKAGECONFIG ??= "${XORG_CRYPTO} \
${@bb.utils.contains 
('DISTRO_FEATURES', 'opengl', 
'${OPENGL_PKGCONFIGS}', '', d)} \

 "
 PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence"
+PACKAGECONFIG[libdecor] = "-Dlibdecor=true,-Dlibdecor=false,libdecor"
 PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl 
virtual/libx11"
 PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy 
virtual/libgbm,libegl"
 PACKAGECONFIG[unwind] = 
"-Dlibunwind=true,-Dlibunwind=false,libunwind"

--
2.44.0







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198210): 
https://lists.openembedded.org/g/openembedded-core/message/198210
Mute This Topic: https://lists.openembedded.org/mt/105517140/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[RFC][oe-core][PATCH] xwayland: update 23.2.5 -> 23.2.6

2024-04-14 Thread Markus Volk 
- add a PACKAGECONFIG for libdecor

! This will require to move libei from meta-oe to oe-core !

Signed-off-by: Markus Volk 
---
 .../xwayland/{xwayland_23.2.5.bb => xwayland_23.2.6.bb}  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename meta/recipes-graphics/xwayland/{xwayland_23.2.5.bb => 
xwayland_23.2.6.bb} (89%)

diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb 
b/meta/recipes-graphics/xwayland/xwayland_23.2.6.bb
similarity index 89%
rename from meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
rename to meta/recipes-graphics/xwayland/xwayland_23.2.6.bb
index b934a873d1..62241a1258 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.6.bb
@@ -10,20 +10,21 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz;
-SRC_URI[sha256sum] = 
"33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90"
+SRC_URI[sha256sum] = 
"1c9a366b4e7ccadba0f9bd313c59eae12d23bd72543b22a26eaf8b20835cfc6d"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
 
 inherit meson features_check pkgconfig
 REQUIRED_DISTRO_FEATURES = "x11 opengl"
 
-DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland 
wayland-native wayland-protocols libdrm libepoxy libxcvt"
+DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland 
wayland-native wayland-protocols libdrm libei libepoxy libxcvt"
 
 OPENGL_PKGCONFIGS = "glx glamor dri3"
 PACKAGECONFIG ??= "${XORG_CRYPTO} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 
'${OPENGL_PKGCONFIGS}', '', d)} \
 "
 PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence"
+PACKAGECONFIG[libdecor] = "-Dlibdecor=true,-Dlibdecor=false,libdecor"
 PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11"
 PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy 
virtual/libgbm,libegl"
 PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
-- 
2.44.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198209): 
https://lists.openembedded.org/g/openembedded-core/message/198209
Mute This Topic: https://lists.openembedded.org/mt/105517140/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for kirkstone on Sun 14 Apr 2024 03:00:01 AM HST

2024-04-14 Thread Steve Sakoman 
Branch: kirkstone

New this week: 0 CVEs

Removed this week: 0 CVEs

Full list:  Found 35 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2022-36648 (CVSS3: 10.0 CRITICAL): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36648 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 *
CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 *
CVE-2023-28198 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28198 *
CVE-2023-29403 (CVSS3: 7.8 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 *
CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 *
CVE-2023-3164 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 *
CVE-2023-32370 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32370 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *
CVE-2023-39323 (CVSS3: 8.1 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39323 *
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 *
CVE-2023-40397 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40397 *
CVE-2023-44487 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44487 *
CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 *
CVE-2023-47100 (CVSS3: 9.8 CRITICAL): perl:perl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100 *
CVE-2023-47470 (CVSS3: 7.8 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 *
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-49292 (CVSS3: 4.8 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 *
CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
CVE-2023-52355 (CVSS3: 7.5 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 *
CVE-2023-5380 (CVSS3: 4.7 MEDIUM): xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5380 *
CVE-2023-5574 (CVSS3: 7.0 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 *
CVE-2023-7216 (CVSS3: 5.3 MEDIUM): cpio 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7216 *
CVE-2024-1048 (CVSS3: 3.3 LOW): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1048 *
CVE-2024-22860 (CVSS3: 9.8 CRITICAL): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22860 *
CVE-2024-22861 (CVSS3: 7.5 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22861 *
CVE-2024-22862 (CVSS3: 9.8 CRITICAL): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22862 *

Summary of CVE counts by recipe:
  ffmpeg: 5
  go: 5
  qemu:qemu-native:qemu-system-native: 4
  rpm:rpm-native: 3
  tiff: 3
  webkitgtk: 3
  gnupg:gnupg-native: 2
  grub:grub-efi:grub-native: 2
  cpio: 1
  libssh2:libssh2-native: 1
  openssh: 1
  perl:perl-native: 1
  pixman:pixman-native: 1
  python3:python3-native: 1
  xserver-xorg: 1
  xwayland: 1

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198208): 
https://lists.openembedded.org/g/openembedded-core/message/198208
Mute This Topic: https://lists.openembedded.org/mt/105516435/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub

[OE-core] OE-core CVE metrics for dunfell on Sun 14 Apr 2024 02:00:01 AM HST

2024-04-14 Thread Steve Sakoman 
Branch: dunfell

New this week: 0 CVEs

Removed this week: 0 CVEs

Full list:  Found 106 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 *
CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 *
CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 *
CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 *
CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 *
CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 *
CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 *
CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
CVE-2022-0358 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358 *
CVE-2022-2294 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294 *
CVE-2022-2347 (CVSS3: 7.1 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2347 *
CVE-2022-23773 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 *
CVE-2022-24765 (CVSS3: 7.8 HIGH): git 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 *
CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 *
CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 *
CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30293 *
CVE-2022-30767 (CVSS3: 9.8 CRITICAL): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30767 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *

[OE-core] OE-core CVE metrics for master on Sun 14 Apr 2024 01:00:01 AM HST

2024-04-14 Thread Steve Sakoman 
Branch: master

New this week: 0 CVEs

Removed this week: 21 CVEs
CVE-2014-4859 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4859 *
CVE-2014-4860 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4860 *
CVE-2019-14553 (CVSS3: 4.9 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14553 *
CVE-2019-14559 (CVSS3: 7.5 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14559 *
CVE-2019-14562 (CVSS3: 5.5 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14562 *
CVE-2019-14563 (CVSS3: 7.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14563 *
CVE-2019-14575 (CVSS3: 7.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14575 *
CVE-2019-14586 (CVSS3: 8.0 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14586 *
CVE-2019-14587 (CVSS3: 6.5 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14587 *
CVE-2022-36763 (CVSS3: 7.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36763 *
CVE-2022-36764 (CVSS3: 7.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36764 *
CVE-2022-36765 (CVSS3: 7.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36765 *
CVE-2023-45229 (CVSS3: 6.5 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45229 *
CVE-2023-45230 (CVSS3: 8.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45230 *
CVE-2023-45231 (CVSS3: 6.5 MEDIUM): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45231 *
CVE-2023-45232 (CVSS3: 7.5 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45232 *
CVE-2023-45233 (CVSS3: 7.5 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45233 *
CVE-2023-45234 (CVSS3: 8.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45234 *
CVE-2023-45235 (CVSS3: 8.8 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45235 *
CVE-2023-45236 (CVSS3: 7.5 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45236 *
CVE-2023-45237 (CVSS3: 7.5 HIGH): ovmf:ovmf-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45237 *

Full list:  Found 37 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *
CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 *
CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 *
CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 *
CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 *
CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 *
CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 *
CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
CVE-2023-6238 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 *
CVE-2023-6240 (CVSS3: 6.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6240 *
CVE-2023-6270 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 *
CVE-2023-6356 (CVSS3:

Re: [OE-core][PATCH] openssl: openssl: patch CVE-2024-2511

2024-04-14 Thread Peter Marko via lists.openembedded.org 
I think that sending this patch was correct, see comments below.
Peter

From: openembedded-core@lists.openembedded.org 
 On Behalf Of Tim Orling via 
lists.openembedded.org
Sent: Sunday, April 14, 2024 6:45
To: Marko, Peter (ADV D EU SK BFS1) 
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] openssl: openssl: patch CVE-2024-2511

> Looks like when 3.2.2 is released it will include this. So 3.2.2 should be 
> applied to scarthgap.

Sure, once it is available, it will be used.
But waiting for it could take months.

> “master” will be moving to 3.3.0 soon for styhead

Currently both scarthgap and styhead use the same master-next branch for 
staging/testing patches.
So sending update to 3.3.0 would prevent patching styhead until the branches 
are separated.


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198205): 
https://lists.openembedded.org/g/openembedded-core/message/198205
Mute This Topic: https://lists.openembedded.org/mt/105508900/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-