Hello Yocto and OpenEmbedded professionals and enthusiasts,
The Yocto Project will be hosting a 3 day virtual summit that begins on
May 17th, 2022 [1].
The CFP is now open and will close on April 26th [2].
The cost is the same as before: $40 USD.
For more information, you can visit the links b
On Sun, Apr 3, 2022, 6:23 PM Ranjitsinh Rathod <
ranjitsinhrathod1...@gmail.com> wrote:
> Hi Steve,
>
> There is one commented out line present. Is that really needed?
>
Good catch! I'll remove that prior to the pull request.
Steve
> Thanks,
> Ranjitsinh Rathod
>
> On Mon, 4 Apr, 2022, 8:01 a
Hi Steve,
There is one commented out line present. Is that really needed?
Thanks,
Ranjitsinh Rathod
On Mon, 4 Apr, 2022, 8:01 am Steve Sakoman, wrote:
> From: Davide Gardenal
>
> Patch taken from
>
> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> from the follo
From: Oleksandr Kravchuk
Signed-off-by: Richard Purdie
(cherry picked from commit b280aecd79e95811f8baec6c4479c5752c54d9e5)
Signed-off-by: Steve Sakoman
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extend
From: Peter Kjellerstedt
Signed-off-by: Peter Kjellerstedt
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 261778c1e3665b34c0d4e49bda63b520d5335587)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/python/python3-jinja2_2.11.3.bb | 2 +-
1 file
From: Martin Jansa
Signed-off-by: Martin Jansa
Signed-off-by: Steve Sakoman
---
...e-warning-with-glibc-2.34-on-Linux-p.patch | 32 +++
...-elide-a-warning-that-caused-Solaris.patch | 24 ++
meta/recipes-support/boost/boost_1.72.0.bb| 2 ++
3 files changed, 58
From: Richard Purdie
The missing gitsm:// mappings looks like an oversight, add them.
Signed-off-by: Richard Purdie
(cherry picked from commit 6600b9fca7888fb41647cd000b9efb7f0762dfde)
Signed-off-by: Steve Sakoman
---
meta/classes/mirrors.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff
From: Ralph Siemsen
Fix heap overflow when appending prepare writes
The code shall check if the prepare writes would append more the
allowed maximum attribute length.
Upstream-Status: Backport
[https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0]
CVE: CVE-2022-0204
From: Ralph Siemsen
Security Fixes
The rules for acceptance of records into the cache have been tightened
to prevent the possibility of poisoning if forwarders send records
outside the configured bailiwick. (CVE-2021-25220)
License-Update: copyright years
Signed-off-by: Ralph Siemsen
Signed-o
From: Davide Gardenal
Patch taken from
https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
from the following issue
https://github.com/golang/go/issues/48797
Original repo
https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
Signed-off-by: Davide Ga
From: Ross Burton
This is specific to SUSE Linux.
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 594baef3b08d40fbbf1899f4cadeb9931c035c1a)
Signed-off-by: Steve Sakoman
---
meta/recipes-bsp/grub/grub2.inc | 2 ++
1 file ch
Please review this set of patches for dunfell and have comments back by end
of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3472
The following changes since commit aa2bb4f62dd7e5c6fdf220264c3d62fbf2cc7d16:
xserver-xorg: update to
From: Ferry Toth
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned
repositories by default.
Currently when building images this requirement is worked around by using
[allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters t
From: Ferry Toth
Implement debian package repository signature.
For each Release file created in repository subdirectory, a signature
Release.gpg is created.
Signature is performed using gpg backend when the following variables
are set in local.conf:
PACKAGE_CLASSES += "sign_package_feed"
PACKAG
From: Xavier Berger
output_suffix: If defined, add output_suffix as file name extension.
use_sha256: If True, use sha256 for gpg as digest algorithm
Signed-off-by: Xavier Berger
Signed-off-by: Ferry Toth
---
meta/lib/oe/gpg_sign.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
d
[PATCH v2 0/3] package_manager: support for signed DEB package feeds
[PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function
[PATCH v2 2/3] package_manager: sign DEB package feeds
[PATCH v2 3/3] apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become mo
From: Ferry Toth
*** BLURB HERE ***
Ferry Toth (2):
package_manager: sign DEB package feeds
apt: add apt selftest to test signed package feeds
Xavier Berger (1):
gpg-sign: Add parameters to gpg signature function
meta/lib/oe/gpg_sign.py | 6 +++-
meta/lib/oe/packag
Signed-off-by: Andreas Müller
---
meta/recipes-support/vte/{vte_0.66.2.bb => vte_0.68.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/vte/{vte_0.66.2.bb => vte_0.68.0.bb} (95%)
diff --git a/meta/recipes-support/vte/vte_0.66.2.bb
b/meta/recipes-support/vt
I've already sent fix for this earlier this week, see
https://lists.openembedded.org/g/openembedded-core/message/163944
On Sun, Apr 3, 2022 at 5:14 PM Adrian Freihofer
wrote:
> The same build error as reported with Solaris occurred on a Fedora 35
> machine. The problem is already fixed upstream.
Branch: master
New this week: 0 CVEs
Removed this week: 3 CVEs
CVE-2021-46705: grub:grub-efi:grub-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46705 *
CVE-2022-26353: qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26353 *
CVE-20
Unfortunately changes in master this past week have broken the CVE
reporting scripts for master.
I won't be able to work on this till tomorrow, but will rerun the
report once a fix is identified.
Steve
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online
Branch: honister
New this week: 5 CVEs
CVE-2018-25032: zlib:zlib-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 *
CVE-2021-25220: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25220 *
CVE-2021-3748: qemu:qemu-native:qemu-system-native
https://web.nvd.nis
Branch: hardknott
New this week: 4 CVEs
CVE-2018-25032: zlib:zlib-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 *
CVE-2021-25220: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25220 *
CVE-2022-0396: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=
The same build error as reported with Solaris occurred on a Fedora 35
machine. The problem is already fixed upstream.
Related PR:
https://github.com/boostorg/thread/pull/297
Related commit:
https://github.com/boostorg/thread/commit/e54f7e39606b807b8f9fc84fbd58cafeabea6562
Since the patch only d
Branch: dunfell
New this week: 4 CVEs
CVE-2018-25032: zlib:zlib-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 *
CVE-2021-25220: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25220 *
CVE-2021-3748: qemu:qemu-native:qemu-system-native
https://web.nvd.nist
On Sat, 2022-04-02 at 13:40 +0200, Oleksandr Kravchuk wrote:
> License-Update: copyright years changed.
>
> Signed-off-by: Oleksandr Kravchuk
> ---
> .../python/{python3-mako_1.1.6.bb => python3-mako_1.2.0.bb} | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> rename meta/recipes-d
26 matches
Mail list logo
