[OE-core] [meta][kirkstone][PATCH 2/2] curl: Add fix for CVE-2023-23916

From: Pawan Badganchi Add below patch to fix CVE-2023-23916 CVE-2023-23916.patch Link: https://launchpad.net/ubuntu/+source/curl/7.87.0-2ubuntu2/ Signed-off-by: Pawan Badganchi Signed-off-by: pawan --- .../curl/curl/CVE-2023-23916.patch| 223 ++

[OE-core] [meta][kirkstone][PATCH 1/2] curl: Add fix for CVE-2023-23914, CVE-2023-23915

From: Pawan Badganchi Add below patches to fix CVE-2023-23914, CVE-2023-23915 CVE-2023-23914_5-1.patch CVE-2023-23914_5-2.patch CVE-2023-23914_5-3.patch CVE-2023-23914_5-4.patch CVE-2023-23914_5-5.patch Link: https://launchpad.net/ubuntu/+source/curl/7.87.0-2ubuntu2/ Signed-off-by: Pawan

Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-4.0.8.rc2)

Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-4.0.8.rc2. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. NUC 7 3. ADL 4.

Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-4.2_M3.rc1)

Hi All, QA for yocto-4.2_M3.rc1 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary No high milestone defects. No new issue found. Thanks, Jing Hui >

[OE-core] harfbuzz version difference on kirkstone

Hi team, I am working on CVE-2023-25193 for kirkstone branch. CVE patch has been fixed on 7.0.1(latest version) but kirkstone has 4.0.1 version. I am trying to backport the patch to 4.0.1 but since there are lot of code changes and newly added

[OE-core] [PATCH] mesa-demos: packageconfig weston should have a dependency on wayland-protocols

wayland-protocols is a required depency of mesa-demos when the 'wayland' packageconfig option is enabled. Usually this doesn't lead to a build failure because mesa itself depends on wayland-protocols, but when using other graphics drivers this can cause the following build falure: |

Re: [OE-core] [PATCH] vim: add missing pkgconfig inherit

Tested-by:|Sandeep Gundlupet Raju | On 3/2/2023 9:10 AM, Ross Burton via lists.openembedded.org wrote: Vim uses pkgconfig to find dependencies but it wasn't present, so it silently doesn't enable features like GTK+ UI. [ YOCTO #15044 ] Signed-off-by: Ross Burton ---

Re: [OE-core] [PATCH] binutils: Enable --enable-new-dtags

On Thu, 2023-03-02 at 17:54 +, Richard Purdie via lists.openembedded.org wrote: > On Thu, 2023-03-02 at 13:18 +, Richard Purdie via > lists.openembedded.org wrote: > > On Thu, 2023-03-02 at 12:41 +0100, Alexandre Belloni wrote: > > > On 01/03/2023 10:25:58+0100, Alexandre Belloni via

Re: [OE-core][dunfell][PATCH] harfbuzz: fix CVE-2023-25193 allows attackers to trigger O(n^2) growth via consecutive marks

This patch results in build errors on dunfell: | In file included from ../../harfbuzz-2.6.4/src/hb-ot-layout-gpos-table.hh:32, | from ../../harfbuzz-2.6.4/src/hb-kern.hh:32, | from ../../harfbuzz-2.6.4/src/hb-aat-layout-kerx-table.hh:31, | from

[OE-core] [PATCH] libgit2: update license information

The LICENSE did not have complete information. Some examples of missing license: Zlib: deps/zlib/ ISC: tests/clar/clar.c LGPL-2.1-or-later: src/libgit2/xdiff/xdiffi.c CC0-1.0: src/util/rand.c Signed-off-by: Sudip Mukherjee --- meta/recipes-support/libgit2/libgit2_1.5.1.bb | 2 +- 1 file

Re: [OE-core] [PATCH] binutils: Enable --enable-new-dtags

On Thu, 2023-03-02 at 13:18 +, Richard Purdie via lists.openembedded.org wrote: > On Thu, 2023-03-02 at 12:41 +0100, Alexandre Belloni wrote: > > On 01/03/2023 10:25:58+0100, Alexandre Belloni via lists.openembedded.org > > wrote: > > > On 28/02/2023 23:45:05+0100, Alexandre Belloni wrote: >

[OE-core] [PATCH] vim: add missing pkgconfig inherit

Vim uses pkgconfig to find dependencies but it wasn't present, so it silently doesn't enable features like GTK+ UI. [ YOCTO #15044 ] Signed-off-by: Ross Burton --- meta/recipes-support/vim/vim.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: [OE-core] [PATCH] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

Hello Mikko, Thank you for the link to linux_kernel_cves, it will be very helpful. For the target version, since yocto allow building image for kernel version 6.1 and 5.15, we preferred to only add to the ignored list CVE patched in both this versions to avoid adding false negatives. Concerning

Re: [OE-core][kirkstone][PATCH v2] rpm: fix CVE-2021-35938 races with chown/chmod/capabilities calls during installation

On Wed, Mar 1, 2023 at 9:48 PM vkumbhar wrote: > > Set file metadata via fd-based ops for everything but symlinks > > Regular file ops are fd-based already, for the rest we need to open them > manually. Files with temporary suffix must never be followed, for > directories (and pre-existing

Re: [OE-core] [PATCH] binutils: Enable --enable-new-dtags

On Thu, 2023-03-02 at 12:41 +0100, Alexandre Belloni wrote: > On 01/03/2023 10:25:58+0100, Alexandre Belloni via lists.openembedded.org > wrote: > > On 28/02/2023 23:45:05+0100, Alexandre Belloni wrote: > > > On 28/02/2023 17:50:05+, Richard Purdie wrote: > > > > On Tue, 2023-02-28 at 08:43

Re: [OE-core] [PATCH] btrfs-tools: upgrade 6.1.3 -> 6.2

This fails on the AB: stdio: ERROR: btrfs-tools-6.2-r0 do_fetch: Fetcher failure: Unable to find revision 6439e92cba81c068afca76f8e010fb7175620176 in branch master even from upstream stdio: ERROR: btrfs-tools-6.2-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any

Re: [OE-core] [PATCH] binutils: Enable --enable-new-dtags

On 01/03/2023 10:25:58+0100, Alexandre Belloni via lists.openembedded.org wrote: > On 28/02/2023 23:45:05+0100, Alexandre Belloni wrote: > > On 28/02/2023 17:50:05+, Richard Purdie wrote: > > > On Tue, 2023-02-28 at 08:43 -0800, Khem Raj wrote: > > > > On Tue, Feb 28, 2023 at 8:18 AM Alexandre

Re: [OE-core] [PATCH] bootimg-efi: Use the custom .dtb file's path as its final location

Hello, This caused failures on the autobuilders: https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/4867/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/4820/steps/14/logs/stdio

Re: [OE-core] [PATCH 2/4] vala: Fix install conflict when enable multilib.

On Thu, 2 Mar 2023 at 03:01, wangmy wrote: > For the solution to this problem, can I delete this file from the target? This looks like a packaging or dependencies problem, so before you act, you need to investigate why these files get installed, and whether you need two multilib copies of them.

Re: [OE-core] [PATCH 30/52] bind: upgrade 9.18.10 -> 9.18.11

Hi All The following CVEs have been FIXed in this upgrade CVE-2022-3094 ,CVE-2022-3736 and CVE-2022-3924 https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11 On 2023/02/08 16:21, Alexander Kanavin wrote: License-update: copyright years Signed-off-by: Alexander Kanavin