This patch, now integrated in master branch of poky, appears to also fix
this yocto bug:
"Bug 13748 - bitbake doesn't detect changes in code to run do_compile
when using devtool modify on recipe with destsuffix"
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13748
On 2021-01-27 12:33
I am also seeing
ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected:
Applying patch CVE-2020-12825.patch
patching file src/cr-parser.c
Hunk #4 succeeded at 799 with fuzz 1.
The context lines in the patches can be updated with devtool:
devtool modify libcroco-native
devtool
compiler can only use fortify options when some level of optimization is
on, otherwise it ends up sending some warnings.
warning: _FORTIFY_SOURCE requires compiling with optimization (-O) [-W#warnings]
this is usually OK, since -O would be added via CFLAGS to
compiler cmdline in normal compile
Hi All,
This is a Gentle reminder to review this patch.
Thanks & Regards,
Milan Shah
On Fri, Jan 22, 2021 at 11:28 AM Milan Shah
wrote:
> An oe-selftest test is added to ensure
> meta-selftest/recipes-test/images/test-empty-image.bb builds and is empty.
>
> It is just a test that ensures that
Support glibc 2.33.
Signed-off-by: Michael Halstead
---
meta/conf/distro/include/yocto-uninative.inc | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc
b/meta/conf/distro/include/yocto-uninative.inc
index
Final glibc 2.32 based uninative.
Signed-off-by: Michael Halstead
---
meta/conf/distro/include/yocto-uninative.inc | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc
b/meta/conf/distro/include/yocto-uninative.inc
index
On Thu, Feb 4, 2021 at 10:43 PM Douglas via lists.openembedded.org
wrote:
>
> Further to 50ff9afb39, only detect code changes in submodules that are
> subdirectories of the EXTERNALSRC directory.
>
> Signed-off-by: Douglas Royds
> ---
I believe this patch is causing errors in the autobuilder.
On Fri, 2021-02-05 at 09:33 +0800, Anuj Mittal wrote:
> Richard Purdie (3):
> gobject-introspection: Fix variable override order
> pseudo: Update to include passwd and file renaming fixes
> image_types: Ensure tar archives are reproducible
I merged this apart from the image_types one from
I didn't see Sudo issue CVE-2021-3156 in any of the unpatched lists.
>From a quick look, it appears to be that Master is patched (package is new
enough), but Gatesgarth and older are not.
So with the next set, we should check if it shows up in the unpatched set.
--Mark
On 1/31/21 11:18 AM,
* gnu isn't compatible with --xattrs used e.g. here:
https://github.com/advancedtelematic/meta-updater/blob/d3a832f66e8802cb45536ff278d5c77f946d341d/classes/image_types_ostree.bbclass#L16
causing do_image_tar failing with:
| tar: --xattrs can be used only on POSIX archives
| Try 'tar --help' or
Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Signed-off-by: Saloni Jain
---
.../libcroco/files/CVE-2020-12825.patch| 193
Whitelisted below CVEs:
1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
On Fri, Feb 5, 2021 at 4:09 AM saloni wrote:
>
> Whitelisted below CVEs:
>
> 1. CVE-2018-12433
> Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
> Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
> CVE-2018-12433 is marked disputed and ignored by NVD as it does
> not impact
Met vriendelijke groet / kind regards,
Mike Looijmans
System Expert
TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands
T: +31 (0) 499 33 69 69
E: mike.looijm...@topicproducts.com
W: www.topicproducts.com
Please consider the environment before printing this e-mail
On
Sometimes (that is, in all my builds) the lic_manifest_dir and
lic_manifest_symlink_dir end up pointing to the same file, resulting
in an error like this:
Exception: FileExistsError: [Errno 17] File exists:
'/.../tmp-glibc/deploy/licenses/my-image-tdkz15' ->
Met vriendelijke groet / kind regards,
Mike Looijmans
System Expert
TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands
T: +31 (0) 499 33 69 69
E: mike.looijm...@topicproducts.com
W: www.topicproducts.com
Please consider the environment before printing this e-mail
On
On Fri, 2021-02-05 at 15:24 +0100, Mike Looijmans wrote:
> Sometimes (that is, in all my builds) the lic_manifest_dir and
> lic_manifest_symlink_dir end up pointing to the same file, resulting
> in an error like this:
> Exception: FileExistsError: [Errno 17] File exists: '/.../tmp-
>
On Fri, Feb 5, 2021 at 3:01 AM saloni wrote:
>
> Added below CVE:
> CVE-2020-12825
> Link: CVE-2020-12825
> [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
> Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
>
> Signed-off-by: Saloni Jain
>
Sometimes (that is, in all my builds) the lic_manifest_dir and
lic_manifest_symlink_dir end up pointing to the same file, resulting
in an error like this:
Exception: FileExistsError: [Errno 17] File exists:
'/.../tmp-glibc/deploy/licenses/my-image-tdkz15' ->
Hi RP,
Thanks for the comments. Sounds good to me. I'll send another patchset.
I'll see if I can also set up a renaming patch for the other IPKG variables for
review comments.
Kind regards,
Michael
--
BMW Car IT GmbH
Michael Ho
Spezialist Entwicklung – Build and Release Engineering
Whitelisted below CVEs:
1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
Hello Steve,
The patches are generic to all Yocto implementations and are not reported for
any particular distros.
I have re-sent another patch version mentioning in detail why these CVEs can be
safely whitelisted. Please review and let me know for any change.
Thanks & Regards,
Saloni
From: Lee Chee Yang
existing test case test_permissions use Wic command as standalone
tools to create wic image and check that wic image for permissions.
add extra steps to the test case to also check against image build
using bitbake do_image_wic.
Signed-off-by: Lee Chee Yang
Signed-off-by:
From: Ricardo Ribalda Delgado
Make sure that the permissions and username are respected when using all
the rootfs modifiers.
Add tests for change-directory command
Cc: Paul Barker
Signed-off-by: Ricardo Ribalda Delgado
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Ricardo Ribalda
When IMAGE_FSTYPES contains more types than wic, it can happen than the
pseudo database is not flushed properly.
This can be solved by changing the order of when do_flush_pseudodb is
launched.
Yocto Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13898
Fixes:
Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Signed-off-by: Saloni Jain
---
.../libcroco/files/CVE-2020-12825.patch| 193
On Fri, 2021-02-05 at 13:14 +0100, Martin Jansa wrote:
> On Sat, Jan 30, 2021 at 7:02 PM Richard Purdie <
> richard.pur...@linuxfoundation.org> wrote:
> > The tar output seems to vary depending on the version of tar used
> > and distro
> > configuration. Be explict about the output format to avoid
On Fri, 2021-02-05 at 09:51 +0100, Michael Ho wrote:
> From: Michael Ho
>
> The OpkgPM class has several constructor options that allows for skipping
> the ipk repository set up and controlling the ipk repository directory. This
> commit exposes these option via the OpkgRootfs class so others
On Thu, 2021-02-04 at 08:25 +, Awais Belal wrote:
> The do_bundle_initramfs() only processes kernel image
> types that are found in KERNEL_IMAGETYPE_FOR_MAKE whereas
> the build system can generate other types that are not
> directly supported by the kernel build system. In which
> case when
On Sat, Jan 30, 2021 at 7:02 PM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> The tar output seems to vary depending on the version of tar used and
> distro
> configuration. Be explict about the output format to avoid this and be
> determinstic.
>
Is it the tar format selection
* it breaks KDE's qca and dependencies
* it is not deprecated. Openssl 3.0 (currently alpha) will deprecate whirlpool
[1] https://www.openssl.org/news/changelog.html#openssl-30
Signed-off-by: Andreas Müller
---
V1 -> V2: Add comment for whirlpool
On 05.02.21 12:14, Andreas Müller wrote:
* it breaks KDE's qca and dependencies
* it is not deprecated. Openssl 3.0 (currently alpha) will deprecate whirlpool
[1] https://www.openssl.org/news/changelog.html#openssl-30
Signed-off-by: Andreas Müller
---
* it breaks KDE's qca and dependencies
* it is not deprecated. Openssl 3.0 (currently alpha) will deprecate whirlpool
[1] https://www.openssl.org/news/changelog.html#openssl-30
Signed-off-by: Andreas Müller
---
meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 2 +-
1 file changed, 1
Have you confirmed that ptests still pass?
Alex
On Fri, 5 Feb 2021 at 03:28, Wang Mingyu wrote:
> 0001-Move-python-helper-scripts-used-only-in-tests-to-Pyt.patch
> 0001-libparted-fs-add-sourcedir-lib-to-include-paths.patch
> 0002-tests-use-skip_-rather-than-skip_test_-which-is-unde.patch
>
From: Michael Ho
The OpkgPM class has several constructor options that allows for skipping
the ipk repository set up and controlling the ipk repository directory. This
commit exposes these option via the OpkgRootfs class so others can make use
of them if they wish to.
Adds the bitbake variables
From: Michael Ho
Hi,
The OpkgPM class has two arguments for advanced control over the ipk
repository creation/use that I would like to make use of from outside of
OpkgRootfs (which wraps OpkgPM). This is for purposes beyond just standard
image generation so it's more of an advanced interface
This fixes openssh failing to work on qemux86 with glibc 2.33 due to
seccomp and the fact new syscalls are used. Also likely fixes issues
on other platforms.
Signed-off-by: Richard Purdie
---
...440ca70abab947acbd77795e9f130967956c.patch | 28 +++
.../openssh/openssh_8.4p1.bb
Update to a pseudo version which contains some heqader fixes for
glibc 2.33.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb
In glibc 2.33, they've removed the _STAT_VER and _MKNOD_VER definitions
from public headers. They have no plans to add these back so pseudo needs
to attempt its own definitions. There is some protection as if they were
wrong and there was a mismatch, we'd get an error art runtime.
Signed-off-by:
39 matches
Mail list logo
