Adding fix for CVE-2021-20266
Upstream-Status: Backport
[https://github.com/rpm-software-management/rpm/pull/1587/commits/9646711891df851dfbf7ef54cc171574a0914b15]
Note: Hunk#2 and Hunk#3 refreshed to apply patch and match value of
dl_max variable to make it with current version
All Hunks are
Steve,
It is strange as I have not faced this issue during the local build.
I will update the patch and resend it.
Thanks,
Best Regards,
Ranjitsinh Rathod
Technical Leader | | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
From: Armin Kuster
Source: qemu.org
MR: 111845, 111839
Type: Security Fix
Disposition: Backport from
https://gitlab.com/qemu-project/qemu/-/commit/9f22893a & 121841b2
ChangeID: 111b168e0fe4d2a722158c6bfdaceb06a8789e69
Description:
Fixes: CVE-2021-3545 and CVE-2021-3546
Signed-off-by: Armin
From: Armin Kuster
Source: qemu.org
MR: 111833
Type: Security Fix
Disposition: Backport from
https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac..63736af5
ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e
Description:
https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac
From: Sakib Sajal
Source: https://git.yoctoproject.org/git/poky
MR: 110290
Type: Security Fix
Disposition: Backport from
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott=5c1a29e6deec8f92ac43363bd72439aec7e27721
ChangeID:
Hi Joe,
On Mon, 2021-08-23 at 14:29 -0700, Joe Slater wrote:
> Mitigate pathname truncation when installing in a project
> with a very long pathname. The patch is on the master
> branch, but they have moved to a later version of icu
> so we cannot cherry-pick.
>
> Signed-off-by: Joe Slater
>
Currently the mkfs.btrfs generates large images with a lot of wasted
space. This happens since OE-core updated btrfs-tools from 4.13.3 to
4.15.1 in commit 94b645aa77 ("btrfs-tools: update to 4.15.1") .
Note in mkfs.btrfs(8) manpage section -r says the following:
"
-r|--rootdir
...
Note
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
Hi,
I updated the bitbake to run git pull in master branch, now it is
broken, what does the following error message mean, how to fix it?
$ bitbake-layers show-layers
NOTE: Starting bitbake server...
ERROR: Variable PROVIDES_prepend contains an operation using the old
override syntax. Please
On Mon, Aug 23, 2021 at 10:12 AM Andrej Valek wrote:
>
> Hello Khem,
>
> I looked exactly into configure.ac which arguments are expecting for those
> options. So I think, it has to be mentioned explicitly.
Assuming configure.ac is based around AC_ARG_ENABLE / AC_ARG_WITH then
an explicit option
Mitigate pathname truncation when installing in a project
with a very long pathname. The patch is on the master
branch, but they have moved to a later version of icu
so we cannot cherry-pick.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 43 +++
Hi Khem,
This is regarding the weston systemd watchdog timeout of 20 seconds:
https://github.com/openembedded/openembedded-core/commit/c21fa5a291ab207a084285935ab73a0b4225c965#diff-ac8a4b56ade4a43a070c93486fb1d7606573da5d44de96bc1529d15b0b216660R36
For GPU-limited parts, we see watchdog
On Mon, Aug 23, 2021 at 1:09 PM Lukasz Majewski wrote:
>
> On Mon, 23 Aug 2021 12:52:44 -0700
> Khem Raj wrote:
>
> > On Mon, Aug 23, 2021 at 11:24 AM Lukasz Majewski
> > wrote:
> >
> > > Hi Khem,
> > >
> > > > On 8/23/21 8:08 AM, ?ukasz Majewski wrote:
> > > > > This patch introduces new
On Mon, 23 Aug 2021 12:52:44 -0700
Khem Raj wrote:
> On Mon, Aug 23, 2021 at 11:24 AM Lukasz Majewski
> wrote:
>
> > Hi Khem,
> >
> > > On 8/23/21 8:08 AM, ?ukasz Majewski wrote:
> > > > This patch introduces new recipe - namely 'glibc-tests', which
> > > > builds and installs glibc test
On Mon, Aug 23, 2021 at 8:12 AM Ranjitsinh Rathod
wrote:
>
> Adding fix for CVE-2021-20266
> Upstream-Status: Backport
> [https://github.com/rpm-software-management/rpm/pull/1587/commits/9646711891df851dfbf7ef54cc171574a0914b15]
>
> Note: Hunk#2 and Hunk#3 refreshed to apply patch and match
On Mon, Aug 23, 2021 at 11:24 AM Lukasz Majewski wrote:
> Hi Khem,
>
> > On 8/23/21 8:08 AM, ?ukasz Majewski wrote:
> > > This patch introduces new recipe - namely 'glibc-tests', which
> > > builds and installs glibc test suite to OE/Yocto built image.
> > >
> > > It reuses code from already
Hi Khem,
> On 8/23/21 8:08 AM, ?ukasz Majewski wrote:
> > This patch introduces new recipe - namely 'glibc-tests', which
> > builds and installs glibc test suite to OE/Yocto built image.
> >
> > It reuses code from already available 'glibc-testsuite' recipe,
> > which is run with 'bitbake
Adding fix for CVE-2021-20266
Upstream-Status: Backport
[https://github.com/rpm-software-management/rpm/pull/1587/commits/9646711891df851dfbf7ef54cc171574a0914b15]
Note: Hunk#2 and Hunk#3 refreshed to apply patch and match value of
dl_max variable to make it with current version
Signed-off-by:
Hello,
This is a reminder request for review.
Best,
Andres Beltran
On 8/12/2021 9:58 AM, Andres Beltran wrote:
Currently, buildhistory does not produce a single file combining relevant
information of installed packages. Produce an output file
"installed-package-info.txt" listing a package's
gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based
on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html.
Signed-off-by: Andrej Valek
---
...-deprecated-exception-specification-cpp17.patch | 431 +
.../mklibs/mklibs-native_0.1.44.bb
Hello Khem,
I looked exactly into configure.ac which arguments are expecting for those
options. So I think, it has to be mentioned explicitly.
Regards,
Andrej
> On 8/23/21 3:12 AM, Andrej Valek wrote:
>> - Some distributions with UTF-8 locale have problem when National Language
>> Support
On 8/23/21 8:08 AM, ?ukasz Majewski wrote:
This patch introduces new recipe - namely 'glibc-tests', which
builds and installs glibc test suite to OE/Yocto built image.
It reuses code from already available 'glibc-testsuite' recipe,
which is run with 'bitbake glibc-testsuite -c check' and uses
On 8/23/21 3:12 AM, Andrej Valek wrote:
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
- refresh options based on configure.ac
Signed-off-by: Andrej Valek
---
meta/recipes-support/vim/vim.inc | 8 +---
On 8/23/21 3:56 AM, Andrej Valek wrote:
gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based
on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html.
Signed-off-by: Andrej Valek
---
...-deprecated-exception-specification-cpp17.patch | 431
The common code to build tests has been excluded from glibc-testsuite
recipe to glibc-tests.inc
This code will be reused in the recipe necessary for providing glibc
tests executed with ptest framework.
Signed-off-by: Lukasz Majewski
---
meta/recipes-core/glibc/glibc-tests.inc | 32
This patch introduces new recipe - namely 'glibc-tests', which
builds and installs glibc test suite to OE/Yocto built image.
It reuses code from already available 'glibc-testsuite' recipe,
which is run with 'bitbake glibc-testsuite -c check' and uses qemu
to execute remotely (via SSH) tests on
From: Zoltán Böszörményi
If the kernel configuration enables module signing but no key
is provided, then the kernel generates one during the kernel build.
The current runtime-dependency references (with only package names
without full versions) allow mixed package installations from different
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/base.bbclass| 4
meta/classes/image_types.bbclass | 6 --
meta/classes/kernel-fitimage.bbclass | 2 +-
meta/classes/kernel.bbclass | 10 --
4 files changed, 17
From: Zoltán Böszörményi
For some use cases, a monolithic kernel-modules package containing
all modules built from the kernel sources may be preferred.
For one, download time is shorter and installation time is faster.
Set KERNEL_SPLIT_MODULES="0" for this in. The default is one subpackage
per
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/kernel-module-split.bbclass | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/meta/classes/kernel-module-split.bbclass
b/meta/classes/kernel-module-split.bbclass
index
I have been carrying some forked bbclass recipes and I think
these can be beneficial to others, not to mention that I could
get rid of the private forks of these.
v2:
- drop the package_rpm.bbclass / posttrans patch
- squash the previous patches #3 and #4 together (patch #2 now)
- more verbose
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/base.bbclass| 4
meta/classes/image_types.bbclass | 6 --
meta/classes/kernel-fitimage.bbclass | 2 +-
meta/classes/kernel.bbclass | 10 --
4 files changed, 17
From: Zoltán Böszörményi
If the kernel configuration enables module signing but no key
is provided, then the kernel generates one during the kernel build.
The current runtime-dependency references (with only package names
without full versions) allow mixed package installations from different
From: Zoltán Böszörményi
For some use cases, a monolithic kernel-modules package containing
all modules built from the kernel sources may be preferred.
For one, download time is shorter and installation time is faster.
Set KERNEL_SPLIT_MODULES="0" for this in. The default is one subpackage
per
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/kernel-module-split.bbclass | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/meta/classes/kernel-module-split.bbclass
b/meta/classes/kernel-module-split.bbclass
index
I have been carrying some forked bbclass recipes and I think
these can be beneficial to others, not to mention that I could
get rid of the private forks of these.
v2:
- drop the package_rpm.bbclass / posttrans patch
- squash the previous patches #3 and #4 together (patch #2 now)
- more verbose
Hi Anuj,
Sent v2 patch with fix for hunk offsets.
Confirmed with below log.do_patch for both glibc and nativesdk-glibc.
glibc
==
$tail -f -n 9
/ala-lpggp31/vinay/cve/b2/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/glibc/2.33-r0/temp/log.do_patch
NOTE: Applying
From: Leif Middelschulte
Using backslashes in file:// URIs was broken.
Either the resolver would fail or the subsequent `cp` command.
Try to avoid this by putting the filenames into quotes.
Fixes https://bugzilla.yoctoproject.org/show_bug.cgi?id=8161
(Bitbake rev:
From: jbouchard
Previously the bootimg-pcbios wic plugin was not respecting
the --label option provided from the wks file. The plugin
was setting the label to 'boot'. With this fix, the --label
option is use. If no option are specified, then the default
is 'boot'.
(From OE-Core rev:
Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28213
Backported upstream commits b805aebd42364fe696e417808a700fdb9800c9e8 and
4cc79c217744743077bf7a0ec5e0a4318f1e6641
to glibc-2.33 source.
Upstream-Status: Backport
2021. 08. 23. 15:38 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 9:30 AM Böszörményi Zoltán wrote:
2021. 08. 23. 15:03 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
From: Zoltán Böszörményi
Some Yocto
2021. 08. 23. 15:23 keltezéssel, Richard Purdie írta:
On Mon, 2021-08-23 at 15:14 +0200, Zoltan Boszormenyi via lists.openembedded.org
wrote:
It's documented at www.rpm.org, Red Hat and SuSE.
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/
On Mon, Aug 23, 2021 at 9:30 AM Böszörményi Zoltán wrote:
>
> 2021. 08. 23. 15:03 keltezéssel, Bruce Ashfield írta:
> > On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
> > lists.openembedded.org wrote:
> >>
> >> From: Zoltán Böszörményi
> >>
> >> Some Yocto users do use package
On Mon, Aug 23, 2021 at 9:31 AM Böszörményi Zoltán wrote:
>
> 2021. 08. 23. 15:27 keltezéssel, Bruce Ashfield írta:
> > On Mon, Aug 23, 2021 at 9:18 AM Böszörményi Zoltán wrote:
> >>
> >> 2021. 08. 23. 14:55 keltezéssel, Bruce Ashfield írta:
> >>> On Mon, Aug 23, 2021 at 8:23 AM Zoltan
2021. 08. 23. 15:27 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 9:18 AM Böszörményi Zoltán wrote:
2021. 08. 23. 14:55 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
From: Zoltán Böszörményi
For some
2021. 08. 23. 15:03 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
From: Zoltán Böszörményi
Some Yocto users do use package repositories and sometimes the PR
value is forgotten. Use full versions for inter-package
On Mon, Aug 23, 2021 at 9:18 AM Böszörményi Zoltán wrote:
>
> 2021. 08. 23. 14:55 keltezéssel, Bruce Ashfield írta:
> > On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
> > lists.openembedded.org wrote:
> >>
> >> From: Zoltán Böszörményi
> >>
> >> For some use cases, a monolithic
On Mon, 2021-08-23 at 15:14 +0200, Zoltan Boszormenyi via lists.openembedded.org
wrote:
> It's documented at www.rpm.org, Red Hat and SuSE.
>
> https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/
> https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
>
2021. 08. 23. 14:55 keltezéssel, Bruce Ashfield írta:
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
From: Zoltán Böszörményi
For some use cases, a monolithic kernel-modules package containing
all modules built from the kernel sources may be preferred.
It's documented at www.rpm.org, Red Hat and SuSE.
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/
https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
https://rpm-packaging-guide.github.io/
It's available since RPM 4.4. RPM 4.16.1.3 is in Hardknott.
A short
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
>
> From: Zoltán Böszörményi
>
> Some Yocto users do use package repositories and sometimes the PR
> value is forgotten. Use full versions for inter-package dependencies
> for the kernel subpackages.
Can you
On Mon, Aug 23, 2021 at 8:55 AM Bruce Ashfield via
lists.openembedded.org
wrote:
>
> On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
> lists.openembedded.org wrote:
> >
> > From: Zoltán Böszörményi
> >
> > For some use cases, a monolithic kernel-modules package containing
> > all modules
On Mon, Aug 23, 2021 at 8:23 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
>
> From: Zoltán Böszörményi
>
> For some use cases, a monolithic kernel-modules package containing
> all modules built from the kernel sources may be preferred.
> For one, download time is shorter and
This needs to be better documented and tested.
What does this posttrans thing really do?
Who would want to use it?
Can there be examples?
Can the Postinst test in meta/lib/oeqa/selftest/cases/runtime_test.py be
extended to regression-check that it works?
Alex
On Mon, 23 Aug 2021 at 14:23,
On Thu, May 06, 2021 at 08:51:00AM +0100, Richard Purdie wrote:
> If the scripts/postinst-intercepts is owned by root/root then the copyfile()
> calls
> will fail due to chown issues. We don't care about ownership of these files so
> use shutil.copy() instead which won't perform any chown.
>
>
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/base.bbclass| 4
meta/classes/image_types.bbclass | 6 --
meta/classes/kernel-fitimage.bbclass | 2 +-
meta/classes/kernel.bbclass | 10 --
4 files changed, 17
From: Zoltán Böszörményi
Some Yocto users do use package repositories and sometimes the PR
value is forgotten. Use full versions for inter-package dependencies
for the kernel subpackages.
Signed-off-by: Zoltán Böszörményi
---
meta/classes/kernel.bbclass | 13 +++--
1 file changed, 7
From: Zoltán Böszörményi
Extra RDEPENDS and other inter-package references are needed.
Signed-off-by: Zoltán Böszörményi
---
meta/classes/kernel.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index
From: Zoltán Böszörményi
For some use cases, a monolithic kernel-modules package containing
all modules built from the kernel sources may be preferred.
For one, download time is shorter and installation time is faster.
Set KERNEL_SPLIT_MODULES="0" for this.
The default is one subpackage per
From: Zoltán Böszörményi
Signed-off-by: Zoltán Böszörményi
---
meta/classes/kernel-module-split.bbclass | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/meta/classes/kernel-module-split.bbclass
b/meta/classes/kernel-module-split.bbclass
index
From: Zoltán Böszörményi
The "posttrans" scriptlet is the RPM equivalent of the
OPKG "intercept script" concept and probably a cleaner one.
"pretrans" also exists in RPM but there's no equivalent
for it in OPKG.
Signed-off-by: Zoltán Böszörményi
---
meta/classes/package_rpm.bbclass | 30
I have been carrying some forked bbclass recipes and I think
these can be beneficial to others, not to mention that I could
get rid of the private forks of these.
Please, review.
Best regards,
Zoltán Böszörményi
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
- update to next stable version 1.34.0
- refresh defconfig
- remove and refresh already merged patches
Signed-off-by: Andrej Valek
---
...inittab_1.33.0.bb => busybox-inittab_1.34.0.bb} | 0
...iles-Use-C-locale-when-calling-sed-on-glo.patch | 28 --
gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based
on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html.
Signed-off-by: Andrej Valek
---
...-deprecated-exception-specification-cpp17.patch | 431 +
.../mklibs/mklibs-native_0.1.44.bb
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
- refresh options based on configure.ac
Signed-off-by: Andrej Valek
---
meta/recipes-support/vim/vim.inc | 8 +---
1 file changed, 5 insertions(+), 3
On Sun, 2021-08-22 at 08:45 -0400, Randy MacLeod wrote:
> On 2021-08-22 7:19 a.m., Richard Purdie wrote:
> > On Sat, 2021-08-21 at 23:12 -0400, Randy MacLeod wrote:
> > > On 2021-08-20 10:48 p.m., Randy MacLeod wrote:
> > > With a patch from Richard, and the http_proxy check removed,
> > > $ git
- update to next stable version 1.34.0
- refresh defconfig
- remove and refresh already merged patches
Signed-off-by: Andrej Valek
---
...inittab_1.33.0.bb => busybox-inittab_1.34.0.bb} | 0
...iles-Use-C-locale-when-calling-sed-on-glo.patch | 28 --
This is giving warnings for nativesdk-glibc:
Applying patch 0001-CVE-2021-38604.patch
patching file sysdeps/unix/sysv/linux/mq_notify.c
Hunk #1 succeeded at 132 with fuzz 1 (offset 1 line).
Applying patch 0002-CVE-2021-38604.patch
patching file rt/Makefile
Hunk #1 succeeded at 44 with fuzz 1
68 matches
Mail list logo