From: Shubham Kulkarni
Backport from
https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
Signed-off-by: Shubham Kulkarni
---
meta/recipes-core/glibc/glibc/CVE-2023-0687.patch | 82 +++
meta/recipes-core/glibc/glibc_2.35.bb
From: Wang Mingyu
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of
On Tue, 7 Mar 2023 at 06:51, wangmy wrote:
> @@ -42,14 +42,20 @@ EXTRA_OECONF += " --disable-valadoc"
> # Vapigen wrapper needs to be available system-wide, because it will be used
> # to build vapi files from all other packages with vala support
> do_install:append:class-target() {
> -
You probably should make a kirkstone mixin layer like we did for dunfell.
https://git.yoctoproject.org/meta-lts-mixins/
Alex
On Tue, 7 Mar 2023 at 07:32, Andrej Valek wrote:
>
> Hello everyone,
>
> I would like to ask you how to proceed with multiple CVEs for Google Go
> component in kirkstone
Hello everyone,
I would like to ask you how to proceed with multiple CVEs for Google Go
component in kirkstone branch.
CVEs in current version 1.17.13:
- CVE-2022-41722
- CVE-2022-41725
- CVE-2022-41724
- CVE-2022-41723
They are fixed in 1.19.6/1.20.1 branches, but a fixing patches are
2023. 03. 06. 16:59 keltezéssel, Otavio Salvador írta:
Em seg., 6 de mar. de 2023 às 06:11, Zoltan Boszormenyi
escreveu:
In the anonymous python function that creates packages based
on PACKAGECONFIG, use a single synthetic "opencl" setting
that is added when either "clover" or "rusticl" are
From: Wang Mingyu
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of
All,
Below is the list as of top 38 bug owners as of the end of WW09 of who have
open medium or higher bugs and enhancements against YP 4.2. There are 38
possible work days left until the final release candidates for YP 4.2 needs
to be released.
Who
Count
michael.opdenac...@bootlin.com
33
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
Oh I didn't see your reply, Gmail threw it in the spam folder.
I made a prototype here if anyone's interested:
https://github.com/ernstp/meta-setuptools-backport
//E
Den tis 28 feb. 2023 kl 17:14 skrev Ross Burton :
> On 28 Feb 2023, at 15:00, Ernst Sjöstrand via lists.openembedded.org
>
On Mon, 2023-02-27 at 17:42 +0200, Ovidiu Panait wrote:
> The following scenario currently fails:
> git clone git://git.yoctoproject.org/poky
> cd poky; . oe-init-build-env
>
> add to local.conf:
> require conf/multilib.conf
> MACHINE = "qemuarm64"
> MULTILIBS = "multilib:lib32"
>
"""
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
"""
and then inspecting the lib32* manifest files under recipe-sysroot-native shows
them referencing lib32-recipe-sysroot
From: Siddharth Doshi
Upstream-Status: Backport from
[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
Signed-off-by: Siddharth Doshi
---
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90
From: Siddharth Doshi
Upstream-Status: Backport from
[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
Signed-off-by: Siddharth Doshi
---
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90
Em seg., 6 de mar. de 2023 às 06:11, Zoltan Boszormenyi
escreveu:
>
> In the anonymous python function that creates packages based
> on PACKAGECONFIG, use a single synthetic "opencl" setting
> that is added when either "clover" or "rusticl" are present.
>
> Without this, creating variables for
Em seg., 6 de mar. de 2023 às 06:11, Zoltan Boszormenyi
escreveu:
>
> There is another OpenCL frontend called "rusticl" now.
>
> Signed-off-by: Zoltán Böszörményi
...
> +PACKAGECONFIG[clover] = "-Dgallium-opencl=icd -Dopencl-spirv=true
> ${OPENCL_NATIVE},-Dgallium-opencl=disabled
Em seg., 6 de mar. de 2023 às 06:11, Zoltan Boszormenyi
escreveu:
>
> Signed-off-by: Zoltán Böszörményi
Acked-by: Otavio Salvador
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.brhttp://code.ossystems.com.br
Mobile: +55 (53) 9 9981-7854
This fixes CVE-2023-26081.
Signed-off-by: Ross Burton
---
.../epiphany/{epiphany_43.0.bb => epiphany_43.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/epiphany/{epiphany_43.0.bb => epiphany_43.1.bb} (93%)
diff --git
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.
Signed-off-by: Ross Burton
---
meta/recipes-extended/shadow/shadow_4.13.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git
When running the configure check "checking for ELF support in BFD", LDFLAGS
were not being passed in to libtool. In OE/YP, we need these flags when using
uninative due to the games we play with the dynamic loader.
If a version of libzstd was built against a newer glibc, it would need
newer
Hi,
moving the support or the tests to meta-filesystems does not make sense to
me.
Wic is located in oe-core, move support and tests would not really work at
all and create another dependency.
It may be an option to move f2fs from meta-filesystems to
meta/recipes-devtools where e.g. btrfs, dosfs
On Sun, Mar 5, 2023 at 7:36 PM vkumbhar wrote:
>
> Yes, will revert that patch and backport the correct one.
I will remove that patch from the current kirkstone queue and await a
V2. It hasn't moved out of my testing branch, so a revert isn't
needed.
Steve
> On Mon, Mar 6, 2023 at 10:47 AM DC
On 5 Mar 2023, at 12:03, Steve Sakoman via lists.yoctoproject.org
wrote:
> CVE-2005-1796 (CVSS3: N/A): ncurses:ncurses-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1796 *
Not actually a ncurses issue, contacted NIST to fix the CPE.
> CVE-2016-15024 (CVSS3: 5.5 MEDIUM):
From: Poonam
Add direct dependency of below native python3 modules
to fix the compile issue
python3-semantic-version-native
python3-setuptools-native
python3-setuptools-scm-native
python3-toml-native
python3-typing-extensions-native
python3-wheel-native
This issue is not seen in the upstream
From: Shubham Kulkarni
Backport from
https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
Signed-off-by: Shubham Kulkarni
---
meta/recipes-core/glibc/glibc/CVE-2023-0687.patch | 82 +++
meta/recipes-core/glibc/glibc_2.31.bb
From: Rodolfo Quesada Zumbado
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
2023. 03. 06. 11:09 keltezéssel, Alexander Kanavin írta:
On Mon, 6 Mar 2023 at 10:11, Zoltán Böszörményi wrote:
* bindgen-cli MR has the suggested changes
See https://github.com/kraj/meta-clang/pull/748
I would prefer that this PR is accepted and merged first before a
change that relies on
On Mon, 6 Mar 2023 at 11:09, Alexander Kanavin via
lists.openembedded.org
wrote:
>
> On Mon, 6 Mar 2023 at 10:11, Zoltán Böszörményi wrote:
> > * bindgen-cli MR has the suggested changes
> > See https://github.com/kraj/meta-clang/pull/748
>
> I would prefer that this PR is accepted and merged
On Mon, 6 Mar 2023 at 10:11, Zoltán Böszörményi wrote:
> * bindgen-cli MR has the suggested changes
> See https://github.com/kraj/meta-clang/pull/748
I would prefer that this PR is accepted and merged first before a
change that relies on that recipe to exist is submitted here.
Alex
When running the configure check "checking for ELF support in BFD", LDFLAGS
were not being passed in to libtool. In OE/YP, we need these flags when using
uninative due to the games we play with the dynamic loader.
If a version of libzstd was built against a newer glibc, it would need
newer
In the anonymous python function that creates packages based
on PACKAGECONFIG, use a single synthetic "opencl" setting
that is added when either "clover" or "rusticl" are present.
Without this, creating variables for two "libopencl-mesa" will
confuse the packaging code, resulting in subsequent
There is another OpenCL frontend called "rusticl" now.
Signed-off-by: Zoltán Böszörményi
---
meta/recipes-graphics/mesa/mesa.inc | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-graphics/mesa/mesa.inc
b/meta/recipes-graphics/mesa/mesa.inc
index
Signed-off-by: Zoltán Böszörményi
---
...-backend-fix-gbm-compile-without-dri.patch | 65 ---
...ormat-Check-for-NEON-before-using-it.patch | 16 ++---
.../{mesa-gl_22.3.5.bb => mesa-gl_23.0.0.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 3 +-
Changelog for v3:
* bindgen-cli MR has the suggested changes
See https://github.com/kraj/meta-clang/pull/748
* The rusticl patch relies on the bindgen wrapper doing
the right thing regarding loading libclang.
* Moved the __anonymous() function changes to the 3rd patch
with a comment in
34 matches
Mail list logo
