[OE-core] [oe][zeus][PATCH] xserver-xorg: Security Advisory - xserver-xorg - CVE-2020-14347

Backport patch from to solve CVE-2020-14347. Signed-off-by: Li Zhou --- .../xorg-xserver/xserver-xorg/CVE-2020-14347.patch | 37 ++ .../xorg-xserver/xserver-xorg_1.20.5.bb

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

[OE-core] ✗ patchtest: failure for gcr: make sure gcr-oids.h is generated

== Series Details == Series: gcr: make sure gcr-oids.h is generated Revision: 1 URL : https://patchwork.openembedded.org/series/25552/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been

[oe-core][PATCH 1/1] gcr: make sure gcr-oids.h is generated

Backport, without modification, a patch from mainline after gcr-3-36 branch created. Signed-off-by: Joe Slater --- ...-meson-Make-sure-gcr-oids.h-is-built.patch | 36 +++ meta/recipes-gnome/gcr/gcr_3.36.0.bb | 2 ++ 2 files changed, 38 insertions(+) create mode 100644

[OE-core] [zeus][PATCH 0/4] zeus review request

Last set of changes before last zeus dot release. Please review. Thanks, Anuj The following changes since commit 74e22d0d2b61d0014f408972725469bb7a024622: gstreamer1.0: fix builds with make 4.3 (2020-07-28 16:16:52 +0800) are available in the Git repository at:

[OE-core] [zeus][PATCH 3/4] go: Security Advisory - go - CVE-2020-15586

From: Li Zhou Backport patch from to solve CVE-2020-15586. Signed-off-by: Li Zhou Signed-off-by: Anuj Mittal --- meta/recipes-devtools/go/go-1.12.inc | 1 + .../go/go-1.12/CVE-2020-15586.patch

[OE-core] [zeus][PATCH 1/4] pypi.bbclass: mind package suffix on version check

From: Konrad Weihmann Some pypi packages do have suffixes like dev, or a0 or b1. When doing a version check on these, the version will get falsely identified as major release versions. Add a terminating slash to rule out those false positives Signed-off-by: Konrad Weihmann Signed-off-by:

[OE-core] [zeus][PATCH 2/4] pypi.bbclass: use new pypi UPSTREAM_CHECK_URI

From: Tim Orling Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/ redirects to https://pypi.org/project/${PYPI_PACKAGE}/ Signed-off-by: Tim Orling Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman (cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0) [Yocto #

[OE-core] [zeus][PATCH 4/4] libpcre: Add fix for CVE-2020-14155

From: Rahul Taya Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number,

[OE-core] [PATCH v2 2/2] python3-manifest.json: Updates

- Regenerate using create_manifest - Fix up some indentation compared to generated - Add "secrets" module into netclient package (introduced in 3.6) - Move "urllib" python package into core package, it is used more commonly than just netclient (e.g. email, xml, mimetypes, pydoc) - Update

[OE-core] [PATCH v2 1/2] python3: Improve handling of python3 manifest generation

Specifically cover detection of modules within a python package that do not import anything within their __init__.py. This is at least the case with the xmlrpc package which is only used via its modules xmlrpc.server and xmlrpc.client. Other important corner cases include ctypes.utils which

Re: [OE-core] [PATCH v2] kernel-fitimage: build configuration for image tree when dtb is not present

On 07/08/2020 22:35, Richard Purdie wrote: On Thu, 2020-08-06 at 15:16 +0100, Usama Arif wrote: Hi, I had submitted patches for both the documentation of kernel-fitimage in yocto mega manual as well as test for kernel-gitimage in oeqa. Just wanted to check if there were any review comments

[OE-core][zeus][PATCH] qemu : fix CVE-2020-15863

From: Li Wang Signed-off-by: Lee Chee Yang Signed-off-by: Richard Purdie Signed-off-by: Li Wang --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-15863.patch| 64 +++ 2 files changed, 65 insertions(+) create mode 100644

[OE-core][PATCH] runqemu: fix permission check of /dev/vhost-net

The code should check /dev/vhost-net instead of /dev/kvm. And the permission check logically belongs to the part when kvm-vhost is enabled. Also fix the URL to point to the correct wiki page. Signed-off-by: Chen Qi --- scripts/runqemu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)