On Fri, Apr 29, 2022 at 4:02 PM Bruce Ashfield via
lists.openembedded.org
wrote:
>
> On Fri, Apr 29, 2022 at 8:41 AM Bruce Ashfield via
> lists.openembedded.org
> wrote:
> >
> > On Fri, Apr 29, 2022 at 7:51 AM Richard Purdie
> > wrote:
> > >
> > > On Thu, 2022-04-28 at 09:47 -0400,
On 2022-04-29 20:22, Richard Purdie wrote:
> On Thu, 2022-04-28 at 17:49 +0800, Jiaqing Zhao wrote:
>> Change the shell of all global static users other than root (which
>> retains /bin/sh) and sync (as /bin/sync is rather harmless) to
>> /sbin/nologin (as /usr/sbin/nologin does not exist in
strace ptests can run successfully with root user, there is no need to
run as "nobody". The ptest results are the same.
Signed-off-by: Jiaqing Zhao
---
meta/recipes-devtools/strace/strace/run-ptest | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git
Change the shell of all global static users other than root (which
retains /bin/sh) and sync (as /bin/sync is rather harmless) to
/sbin/nologin (as /usr/sbin/nologin does not exist in openembedded)
Upstream-Status: Backport
[https://launchpad.net/ubuntu/+source/base-passwd/3.5.30]
Signed-off-by:
ptest testsuite/panic-tests.sh of sed need to be run as a non-root user
so that the expected "sed: couldn't open temporary file :
Permission denied" error can be generated. After disabling default
shell for "nobody", a shell needs to be specified for running ptest.
Signed-off-by: Jiaqing Zhao
This patchset changes the default shell of default users other than
root and sync from /bin/sh to /sbin/nologin to fix potential security
vulnerabilities. This is backported from base-passwd 3.5.30.
Upstream issue trackers:
https://launchpad.net/bugs/216813
https://launchpad.net/bugs/248844
v3:
Just to clarify, you can certainly make rdepends of a subpackage depend on
a packageconfig, you just use inline python to do it. There are a number of
examples of this sort of conditional in oe-core.
On Fri, Apr 29, 2022 at 11:17 AM Steve Sakoman wrote:
> On Fri, Apr 29, 2022 at 2:27 AM Peter
On Fri, Apr 29, 2022 at 3:17 PM Portia Stephens
wrote:
> On Sat, Apr 30, 2022 at 1:39 AM Khem Raj wrote:
> >
> >
> >
> > On 4/29/22 12:34 AM, Portia wrote:
> > > Remove setting TimeoutSec and allow the DefaultTimeSec to be set for
> the
> > > volatile-binds services.
> > >
> >
> > Whats the
On Sat, Apr 30, 2022 at 1:39 AM Khem Raj wrote:
>
>
>
> On 4/29/22 12:34 AM, Portia wrote:
> > Remove setting TimeoutSec and allow the DefaultTimeSec to be set for the
> > volatile-binds services.
> >
>
> Whats the default value? I hope it does not go into infinite loop in
> case the service gets
On 4/27/22 09:37, Dmitry Baryshkov wrote:
> Since the commit fe26b2379ecd ("image.bbclass: Depend on
> virtual/kernel:do_deploy"), the image.bbclass made building images
> depend on virtual/kernel. For some images, including small initramfs,
> this is not the case. Allow overriding this dependency
On Fri, Apr 29, 2022 at 8:41 AM Bruce Ashfield via
lists.openembedded.org
wrote:
>
> On Fri, Apr 29, 2022 at 7:51 AM Richard Purdie
> wrote:
> >
> > On Thu, 2022-04-28 at 09:47 -0400, bruce.ashfi...@gmail.com wrote:
> > > From: Bruce Ashfield
> > >
> > > Richard,
> > >
> > > This is mainly a
On Fri, Apr 29, 2022 at 11:24 AM Steve Sakoman wrote:
>
> On Thu, Apr 28, 2022 at 5:00 AM Khem Raj wrote:
> >
> > On Thu, Apr 28, 2022 at 4:27 AM Andrei Gherzan wrote:
> > >
> > > On Thu, 28 Apr 2022, at 07:26, Khem Raj wrote:
> > > > RPi kernel has started building compressed kernel modules by
On Thu, Apr 28, 2022 at 5:00 AM Khem Raj wrote:
>
> On Thu, Apr 28, 2022 at 4:27 AM Andrei Gherzan wrote:
> >
> > On Thu, 28 Apr 2022, at 07:26, Khem Raj wrote:
> > > RPi kernel has started building compressed kernel modules by default
> > > starting 5.15, currenrly therefore meta-raspberrypi
On Fri, Apr 29, 2022 at 2:27 AM Peter Marko wrote:
>
> This is important for seamless migration of applications to openssl3.
> In particular poco from meta-oe needs this as packageconfig cannot add
> rdepends to a sub-package.
> Could this be picked to kirkstone or do I need to send it as new
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
(cherry picked from commit 2e21e1e5e2659b02a771ce986fc3194deeda9f4d)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/libxml/libxml2/runtest.patch | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
From: Khem Raj
busybox also installs findfs but into base_sbindir which works out to be
ok when sbindir != base_sbindir but with usrmerge distro feature enabled
this starts to cause trouble because busybox's postinst is trying to
create a symlink for findfs applet in base_sbindir which is same
From: Richard Purdie
Adding a dependency on ourselves in this function doesn't make sense, the hash
may change after hash equivalence is applied. Other code using BB_TASKDEPDATA
does
handle the self reference correctly (which is there for a reason), update this
code to do likewise.
From: Nicolas Dechesne
This is a follow up patch of:
ad5829aa1f8a (sanity: Show a warning that make 4.2.1 is buggy on non-ubuntu
systems)
Debian10 has the exact same version/sources for make as Ubuntu
(focal), e.g. https://packages.debian.org/source/buster/make-dfsg and
From: Rahul Kumar
The tarball (neard-0.16.tar.xz) fetched by the recipe is incomplete.
Few plugins (e.g. tizen) and tests scripts (e.g. Test-channel, test-see,
neard-ui.py, ndef-agent etc) are missing.
Since neard did not release latest tarballs, so as per community
recommendation switching the
From: Ross Burton
Recent git releases containing [1] have an ownership check when opening
repositories, and refuse to open a repository if it is owned by a
different user.
This breaks any use of git in do_install, as that is executed by the
(fake) root user. Whilst not common, this does happen.
From: Richard Purdie
We're going to use the environment approach for solving this issue.
Signed-off-by: Richard Purdie
(cherry picked from commit 0982977dc052ad4e65608f6853f930121d08837a)
Signed-off-by: Steve Sakoman
---
meta/classes/base.bbclass | 1 -
1 file changed, 1 deletion(-)
diff
From: Paul Gortmaker
In a devshell, recent versions of git will complain if the repo is owned
by someone other than the current UID - consider this example:
--
bitbake -c devshell linux-yocto
[...]
kernel-source#git branch
fatal: unsafe repository
From: Chen Qi
We need to disable the use the default configuration file. This is
to ensure that user settings do not mess things up when building go
recipes.
For example, if I set 'GOBIN=./relative/path' in $HOME/.config/go/env,
then go-runtime fails to build with error like below:
cannot
From: Davide Gardenal
When building FreeRTOS this dependency generates an error because
bitbake cannot find any provider for "virtual/kernel".
>From a dependency analysis the task is executed independently from
this so it can be safely removed.
This patch has been discussed in this ML thread:
From: Chen Qi
Signed-off-by: Chen Qi
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 3a9b6e71d1e7e8e2ebc0ed047841e36f09300387)
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/sdk/cases/buildepoxy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
From: Peter Kjellerstedt
Otherwise it will fail if using OE_TERMINAL = "xterm" with the not so
helpful error:
xterm: Xt error: Can't open display: localhost:0.0
Signed-off-by: Peter Kjellerstedt
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Peter Kjellerstedt
In bitbake commit 1ecc1d94 (process: Do not mix stderr with stdout),
bb.process.Popen() was changed to no longer combine stdout and stderr by
default. However, the Terminal class was not updated to reflect this and
subsequently only output stdout in case of failures.
From: Naveen Saini
With latest gstreamer version pkg-config able to find header
path with msdk enabled.
Drop this patch as its not require anymore.
Signed-off-by: Naveen Saini
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Carlos Rafael Giani
This clears up some confusing packageconfigs.
Signed-off-by: Carlos Rafael Giani
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit b5b682f80fba4a62cb1ff7050c97f5b1e204d5a9)
Signed-off-by: Steve Sakoman
---
From: Carlos Rafael Giani
Signed-off-by: Carlos Rafael Giani
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 7f66a3123c9ce77e9af538009fc51bf190703433)
Signed-off-by: Steve Sakoman
---
.../gstreamer/gstreamer1.0-plugins-good_1.20.1.bb | 7
From: Khem Raj
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' ->
'/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
From: Khem Raj
Some recipes are marked machine specific which need qemu usermode during
build eg. if they use meson build system, which means they wont get
right -cpu settings to run qemu-ppc/qemu-ppc64 and build fails, this
ensures that we set the right options when PACKAGE_ARCH is set to
From: Khem Raj
Fixes
NOTE: Multiple providers are available for virtual/crypt (libxcrypt, musl)
Consider defining a PREFERRED_PROVIDER entry to match virtual/crypt
Signed-off-by: Khem Raj
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Henning Schild
When using "msdos" partition tables and "--label" but not "--use-uuid"
one can generate images which will not find their root, because
PARTLABEL does not work for "msdos".
Fix that by simply not going the PARTLABEL path in case of "msdos".
Fixes: 2fb247c5ecf0 ("wic:
From: Khem Raj
Signed-off-by: Khem Raj
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit b1154d5fe7e75bb46132165b13ed76ce95413b25)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/musl/gcompat_git.bb | 8
1 file changed, 4 insertions(+), 4
From: Khem Raj
Signed-off-by: Khem Raj
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 02fd8e760cac1d2e0e25a4e3dbea3f2844b9fd01)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/musl/musl_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3
From: Dmitry Baryshkov
Fix a typo in the TUNEVALID[armv8-2a]: It enables instructions for
ARMv8.2-a, not just ARMv8-a.
Signed-off-by: Dmitry Baryshkov
Signed-off-by: Luca Ceresoli
(cherry picked from commit 0a4404c117ef8733713962767c1d2c9f87c2c990)
Signed-off-by: Steve Sakoman
---
From: Dmitry Baryshkov
According to the WHENCE file, some a3k firmware files are licensed
under the special ar3k license, while others are licensed under the more
generic Atheros license. Document this by adding extending the
LICENSE:${PN}-ar3k and depending on both of them.
Signed-off-by:
From: Russ Dill
The do_kernel_configcheck task requires a meta directory, normally
set by ${KMETA}. The meta directory is taken as a relative path
from ${S}:
outfile = "{}/{}/cfg/mismatch.txt".format( s, kmeta )
However, when checking for the presence of ${KMETA} the current
working
From: Russ Dill
The files in /sysroot-only are intended to make it into the
recipes sysroot output, but not into the package. However, if
do_package is run before do_populate_sysroot, the files are
removed.
Use a smaller hammer to avoid copying the files into the package so
they are still
From: Pgowda
Run glibc-tests only when its enabled in the DISTRO_FEATURES.
Signed-off-by: pgowda
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit e7cf935b047a3dc3228d26bf0fd52eb425e5)
Signed-off-by: Steve Sakoman
---
From: Khem Raj
Disabling the warning is easier fix then trying to fix it
in musl which results in ABI breakage and disabling the Werror
gets us along by doing minimal change, also see [1]
[1] https://todo.sr.ht/~kennylevinsen/seatd/10
Signed-off-by: Khem Raj
Signed-off-by: Luca Ceresoli
From: Alexander Kanavin
Bug fix release
Overview of changes in GLib 2.72.1
Fix building projects which use g_warning_once() with clang++ (#2625)
Fix g_file_trash() not deleting directories via the portals backend (work by
Matthias Clasen) (#2629)
A number more compiler warnings fixed for MSVC
From: Ross Burton
This release is primarily to fix two CVEs:
- CVE-2021-28544
- CVE-2022-24070
It also rewrites the macOS autoconf macros to be cross-compile friendly,
so we don't need to delete them anymore.
Signed-off-by: Ross Burton
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard
From: wangmy
apt (2.4.5) release notes:
* Only protect two kernels, not last installed one (LP: #1968154)
* Fix segfault in CacheSetHelperAPTGet::tryVirtualPackage()
Signed-off-by: Wang Mingyu
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Ross Burton
If a remote patch is compressed we need to have run the unpack task for
the file to exist locally. Currently cve_check only depends on fetch so
instead of erroring out, emit a warning that this file won't be scanned
for CVE references.
Typically, remote compressed patches
From: Ross Burton
CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.
Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap
From: Ross Burton
Backport a submitted patch to fix CVE-2022-1304.
Signed-off-by: Ross Burton
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 31fd4ca6fa85ed1e62faf37e6d7bed5b558cb309)
Signed-off-by: Steve Sakoman
---
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3589
with the exception of qemuarm-oe-core, which was due to operator error (this
test uses oe-core +
Hi Marta,
This explains why the CVE database update seemed to happen far more
frequently than it should. Thanks for digging into it.
On Fri, Apr 29, 2022 at 2:32 AM Marta Rybczynska wrote:
>
> Add a new variable FORCE_CVE_DB_UPDATE allowing the user to force
> the database update, if the
Hi Davide,
On Fri, Apr 29, 2022 at 4:22 AM Davide Gardenal
wrote:
>
> My idea was to convert cve_check_write_rootfs_manifest to a handler listening
> for BuildCompleted but then if someone builds more than one image the output
> is broken.
Actually that is already the case, if one builds
On 4/29/22 12:34 AM, Portia wrote:
Remove setting TimeoutSec and allow the DefaultTimeSec to be set for the
volatile-binds services.
Whats the default value? I hope it does not go into infinite loop in
case the service gets stuck
Signed-off-by: Portia Stephens
---
On Fri, Apr 29, 2022 at 2:18 AM Davide Gardenal
wrote:
>
> I saw that this patch was not included in the kirkstone backport list. Could
> you consider to add it please?
It is in the set of patches currently under test.
Just as with dunfell, you can view the patches under test in the
-nut
Jose Quaresma via lists.openembedded.org escreveu no dia sexta, 29/04/2022 à(s)
14:33:
>
>
> Richard Purdie escreveu no dia
> quinta, 28/04/2022 à(s) 13:30:
>
>> On Tue, 2022-04-19 at 10:46 +0100, Jose Quaresma wrote:
>> > The python set() is not thread safe and we use it on the ThreadedPool.
Richard Purdie escreveu no dia quinta,
28/04/2022 à(s) 13:30:
> On Tue, 2022-04-19 at 10:46 +0100, Jose Quaresma wrote:
> > The python set() is not thread safe and we use it on the ThreadedPool.
> > With this LockedSet python class we can call the 'add' and 'remove'
> > safely inside the
On Fri, 2022-04-29 at 05:32 +, Teoh, Jay Shen wrote:
> Hi All,
>
> This is the full report for yocto-3.1.16.rc1:
> https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
>
> === Summary
> No high milestone defects.
>
> No new
On Thu, 2022-04-14 at 07:24 +0200, J?rg Vehlow wrote:
> Hi,
>
> Am 4/11/2022 um 6:04 PM schrieb Khem Raj:
> > On Mon, Apr 11, 2022 at 6:30 AM Jose Quaresma
> > wrote:
> > >
> > >
> > >
> > > J?rg Vehlow escreveu no dia segunda, 11/04/2022 à(s)
> > > 13:35:
> > > >
> > > > From: Joerg
On Fri, Apr 29, 2022 at 7:51 AM Richard Purdie
wrote:
>
> On Thu, 2022-04-28 at 09:47 -0400, bruce.ashfi...@gmail.com wrote:
> > From: Bruce Ashfield
> >
> > Richard,
> >
> > This is mainly a resend of the pull request that I sent just before
> > the release builds.
> >
> > At that time, there
This is important for seamless migration of applications to openssl3.
In particular poco from meta-oe needs this as packageconfig cannot add rdepends
to a sub-package.
Could this be picked to kirkstone or do I need to send it as new patch?
Thanks,
Peter
> -Original Message-
> From:
On Thu, 2022-04-28 at 17:49 +0800, Jiaqing Zhao wrote:
> Change the shell of all global static users other than root (which
> retains /bin/sh) and sync (as /bin/sync is rather harmless) to
> /sbin/nologin (as /usr/sbin/nologin does not exist in openembedded)
>
> Upstream-Status: Backport
>
I saw that this patch was not included in the kirkstone backport list. Could
you consider to add it please?
Thanks!
Davide
CC: Steve Sakoman
> Il giorno 26 apr 2022, alle ore 15:49, Davide Gardenal
> ha scritto:
>
> When building FreeRTOS this dependency generates an error because
>
On Thu, 2022-04-28 at 09:47 -0400, bruce.ashfi...@gmail.com wrote:
> From: Bruce Ashfield
>
> Richard,
>
> This is mainly a resend of the pull request that I sent just before
> the release builds.
>
> At that time, there was a ppc boot issue, which I've fixed. There was
> also a ptest warning,
From: Ross Burton
Recent git releases containing [1] have an ownership check when opening
repositories, and refuse to open a repository if it is owned by a
different user.
This breaks any use of git in do_install, as that is executed by the
(fake) root user. Whilst not common, this does happen.
A single change to fix issues with git before 3.4.4.
Please review and merge. Tested on autobuilder and no problems seen:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3591
Thanks,
Anuj
The following changes since commit d411ea3114cde55ae68a2d437e854c5b17f78131:
On Tue., Apr. 26, 2022, 04:34 Rahul Chauhan,
wrote:
> Thanks Richard for quick response.
>
> Yesterday, I sent a patch to oe-core and using below command but i am not
> able to see my patch here.
> git send-email --to=openembedded-core@lists.openembedded.org
> --confirm=always -M -1
>
> Is there
Greetings,
In the current version of cve-check there is no way of creating the manifest
when building world. The reason why is due to these two lines:
>
>
> ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest;
> ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
The overlayfs_qa_check checks if the current root file system has a
mount configured for each overlayfs, when the overlayfs class is used.
However there are certain instances where this mount point is created at
runtime and not static in a fstab entry or systemd mount unit.
One such case would
The overlayfs_qa_check checks if the current root file system has a
mount configured for each overlayfs, when the overlayfs class is used.
However there are certain instances where this mount point is created at
runtime and not static in a fstab entry or systemd mount unit.
One such case would
> -Original Message-
> From: Steve Sakoman
> Sent: den 28 april 2022 19:36
> To: Peter Kjellerstedt
> Cc: Patches and discussions about the oe-core layer c...@lists.openembedded.org>
> Subject: Re: [OE-core] [master][kirkstone][PATCH] license_image.bbclass:
> Make QA errors fail the
Remove setting TimeoutSec and allow the DefaultTimeSec to be set for the
volatile-binds services.
Signed-off-by: Portia Stephens
---
meta/recipes-core/volatile-binds/files/volatile-binds.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git
The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.
Signed-off-by: Portia Stephens
---
.../recipes-core/volatile-binds/files/volatile-binds.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
On Fri, 29 Apr 2022 at 06:51, leimao...@fujitsu.com
wrote:
> Sorry, It seems that I should add an explain in commit message.
> I found that if enable fips, a binary build for target will be executed in
> do_compile task. The log(MACHINE ?= "qemuarm64") is as the following:
>
From: Kai Kang
It fails to build wpa-supplicant with gnutls by setting PACKAGECONFIG
with 'gnutls':
| wpa_supplicant/../src/eap_common/eap_pwd_common.c:440: undefined
reference to `crypto_ec_point_deinit'
Disable 3 configure options CONFIG_DPP, CONFIG_EAP_PWD and CONFIG_SAE to
make it work
From: Rahul Kumar
The tarball (neard-0.16.tar.xz) fetched by the recipe is incomplete.
Few plugins (e.g. tizen) and tests scripts (e.g. Test-channel, test-see,
neard-ui.py, ndef-agent etc) are missing.
Since neard did not release latest tarballs, so as per community
recommendation switching the
Add a new variable FORCE_CVE_DB_UPDATE allowing the user to force
the database update, if the default update frequency is too low.
Signed-off-by: Marta Rybczynska
---
meta/recipes-core/meta/cve-update-db-native.bb | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.
As the NVD database changes usually only once a day, we can just
update
76 matches
Mail list logo
