On Fri, 2023-03-10 at 17:40 -0800, Khem Raj wrote:
> On Fri, Mar 10, 2023 at 4:27 PM Richard Purdie
> wrote:
> >
> > The gawk ptests need some locale information, add the missing dependency
> > so tests work in minimal images.
> >
> > Signed-off-by: Richard Purdie
> > ---
> > meta/recipes-exte
On Fri, Mar 10, 2023 at 4:27 PM Richard Purdie
wrote:
>
> The gawk ptests need some locale information, add the missing dependency
> so tests work in minimal images.
>
> Signed-off-by: Richard Purdie
> ---
> meta/recipes-extended/gawk/gawk_5.2.1.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 del
Add a missing ptest perl module dependency to fix execution in minimal
ptest images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/perl/libxml-sax-perl_1.02.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/perl/libxml-sax-perl_1.02.bb
b/meta
Improve the ptest runner script:
* log output is available should any test fail to aid debugging
* document how to limit the runner to a single test
* stop hiding errors to stderr
* allow easier single test execution by avoiding path issues with PWD
Also depend upon binutils since one of the test
Ironically, busybox ptests don't all work without coreutils being present. This
dependency fixes execution in minimal images but the failing start-stop-daemon
test case should probably be investigated in due course and the dependency
removed when possible.
Signed-off-by: Richard Purdie
---
meta/
Tweak the ptest dependencies so they work correctly in minimal images. There
appears to be some usage of find or xargs that doesn't work with busybox.
Also improve the test runner so the test-suite.log is dumped upon error
which makes debugging much easier.
Signed-off-by: Richard Purdie
---
met
Add a missing dependency on make so ptests can run in a minimal image.
Signed-off-by: Richard Purdie
---
meta/recipes-kernel/lttng/babeltrace_1.5.11.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
b/meta/recipes-kernel/lttng/
Add dependencies for missing perl modules to fix execution in
minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb
b
Some of the ptests fail in a minimal image. Add the missing perl
module dependencies.
Signed-off-by: Richard Purdie
---
.../recipes-devtools/perl/libmodule-build-perl_0.4232.bb | 9 +
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl_0.4232.bb
The gawk ptests need some locale information, add the missing dependency
so tests work in minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/gawk/gawk_5.2.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/gawk/gawk_5.2.1.bb
b/met
The quoting in the script was mangled leading to "0" tests being
found by our log parsing code. Fix the quoting to allow the correct
test counts to appear.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/bc/bc/run-ptest | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --gi
The options used with 'od' don't work with our busybox config.
Add a dependency on the full utility from coreutils to fix execution
in minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/findutils/findutils_4.9.0.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
dif
Some of the ptests fail in a minimal image as they depend on options
to ps which busybox doesn't support. Add the full utility.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/perl/perl-ptest.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pe
Add a missing perl module dependency for the ptest packages and also
improve the run-ptest script so that the error log is saved allowing
easier debugging if this fails in future.
Signed-off-by: Richard Purdie
---
meta/recipes-support/attr/acl/run-ptest | 6 ++
meta/recipes-support/attr/acl
One of the openssl ptests needs the openssl binary so fails
on a minimal image without this. Add the missing dependency.
Signed-off-by: Richard Purdie
---
meta/recipes-connectivity/openssh/openssh_9.2p1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectiv
Some of the ptests fail in a minimal image. Add the missing gconv
dependency needed to allow those tests to pass.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/valgrind/valgrind_3.20.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/valgrind
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/m4/m4-1.4.19.inc | 2 +-
meta/recipes-devtools/opkg/opkg_0.6.1.bb | 2 +-
meta/recipes-extended/ethtool/ethtool_6.2.bb | 2 +-
meta/recipes-support/attr/attr.inc | 1 +
meta/recipes
Some of the ptests fail in a minimal image. Add the missing gconv
dependency needed to allow those tests to pass.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/m4/m4-1.4.19.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/m4/m4-1.4.19.inc
b/meta/recipes-de
On 2023-03-10 05:04, Alexander Kanavin wrote:
Ok, I'll bite. Should we just drop valgrind from ptests? It's by far,
the most brittle, finicky ptest we have, and doesn't seem to expose
actual issues, instead just giving everyone a never ending stream of
intermittent failures or tests that won't wo
Add support to the runqemu script for a new option, 'guestagent', that
enables the virtio serial port for host-to-guest communication.
Signed-off-by: Brenda Streiff
Signed-off-by: Clément Péron
---
scripts/runqemu | 14 ++
1 file changed, 14 insertions(+)
diff --git a/scripts/runqe
Split out the QEMU guest agent into a separate package. The agent is
intended to be installed within a QEMU VM guest where a user is likely
to not want to have the rest of the QEMU installation within it.
Additionally, an initscript, udev rules file, and systemd unit file are
added to the package
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 191 ++
.../harfbuzz/harfbuzz_5.1.0.bb|
Currently the hosts file (meta/recipes-core/base-files/base-files/hosts)
contains the entry:
127.0.0.1 localhost.localdomain localhost
This seems to be based on Debian, however it seems they've long since reverted
the entry to just "localhost".
https://salsa.debian.org/installer
On Fri, Mar 10, 2023 at 4:49 AM Valek, Andrej wrote:
>
> Hello Steve,
>
> - patch
> - I'm fine with explanation
> - Cert error
> - for example here:
> https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-dunfell.txt
Thanks, I opened a ticket with the infrastructure support team.
Hello Steve,
- patch
- I'm fine with explanation
- Cert error
- for example here:
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-dunfell.txt
Regards,
Andrej
On Fri, 2023-03-10 at 04:40 -1000, Steve Sakoman wrote:
> On Fri, Mar 10, 2023 at 3:09 AM Valek, Andrej
> wrote:
>
On Fri, Mar 10, 2023 at 3:09 AM Valek, Andrej wrote:
>
> Hello again,
>
> Looks like that this patch showed some isses/open points:
> - CVE-2021-22897 is white-listed already, but in hardknott is fixed
> already
> https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-suppor
On Thu, Mar 9, 2023 at 10:24 PM Geoffrey GIRY wrote:
>
> Le jeu. 9 mars 2023 à 23:58, Steve Sakoman a écrit :
> >
> > From: Geoffrey GIRY
> >
> > Multiple CVE are patched in kernel but appears as active because the NVD
> > database is not up to date.
> >
> > CVE are ignored if and only if all ve
On Thu, 9 Mar 2023 at 17:05, Alexander Kanavin via
lists.openembedded.org
wrote:
> meta-oe build is running. Let's see what falls out.
> https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/2543
Ok, this build is not representative because it runs without the
needed 'commercial' lice
From: Martin Larsson
libpam does not have a direct build time dependency toward flex.
The libpam code does not have any references to the lib and does not use
flex for anything else at runtime.
Signed-off-by: Martin Larsson
---
meta/recipes-extended/pam/libpam_1.5.2.bb | 2 +-
1 file changed,
Hello again,
Looks like that this patch showed some isses/open points:
- CVE-2021-22897 is white-listed already, but in hardknott is fixed
already
https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-support/curl/curl/CVE-2021-22897.patch
- So do we have to ignore the pat
2023. 03. 10. 13:45 keltezéssel, Alexander Kanavin írta:
Thanks, I like this better than changing the cmake recipe.
Thank you. I will resend the new module recipes against meta-oe soon.
Alex
On Fri, 10 Mar 2023 at 13:32, Zoltán Böszörményi wrote:
This allows avoiding clashes between sourc
https://curl.se/docs/CVE-2021-22897.html
Signed-off-by: Andrej Valek
---
.../curl/curl/CVE-2021-22897.patch| 73 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 74 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-228
Thanks, I like this better than changing the cmake recipe.
Alex
On Fri, 10 Mar 2023 at 13:32, Zoltán Böszörményi wrote:
>
> This allows avoiding clashes between source archives of a main
> project and a pypi project using the same name and version.
>
> The new optional setting is PYPI_ARCHIVE_NA
This allows avoiding clashes between source archives of a main
project and a pypi project using the same name and version.
The new optional setting is PYPI_ARCHIVE_NAME_PREFIX which is empty
by default so previous downloads can be used. Example usage:
PYPI_ARCHIVE_NAME_PREFIX = "pypi-"
Signed-of
From: Romuald Jeanne
Make sure to expand all MKUBIFS_ARGS_ and UBINIZE_ARGS_ vars
in 'do_image_multiubi' task to use them to init the local 'mkubifs_args'
and 'ubinize_args' vars.
See [YOCTO #15065]
Signed-off-by: Romuald JEANNE
---
meta/classes-recipe/image_types.bbclass | 3 +++
1 file chan
On Fri, 10 Mar 2023 at 11:21, Böszörményi Zoltán wrote:
>
> 2023. 03. 10. 11:15 keltezéssel, Alexander Kanavin írta:
> > It would be good to actually test that these new recipes work
> > properly; if they don't have consumers in oe-core, then such tests
> > will not occur. Maybe meta-oe is a bette
2023. 03. 10. 11:15 keltezéssel, Alexander Kanavin írta:
It would be good to actually test that these new recipes work
properly; if they don't have consumers in oe-core, then such tests
will not occur. Maybe meta-oe is a better place for now?
Can you still take patch 1/4 into oe-core to avoid t
It would be good to actually test that these new recipes work
properly; if they don't have consumers in oe-core, then such tests
will not occur. Maybe meta-oe is a better place for now?
Alex
On Fri, 10 Mar 2023 at 10:54, Zoltan Boszormenyi wrote:
>
>
> Some python modules use "import skbuild", "
Thanks for working on this. Webkit nowadays tracks submissions on
github, but you are not supposed to send there directly; instead
there's custom scripting in webkit's source tree:
https://webkit.org/contributing-code/
Alex
On Thu, 9 Mar 2023 at 21:42, Markus Volk wrote:
>
> This will be require
Some packages like lirc places its unit files into $systemd_user_unitdir
and also uses them in SYSTEMD_SERVICE list in recipe. This fails in
do_package
ERROR: Didn't find service unit 'lircmd.service', specified in
SYSTEMD_SERVICE:lirc.
here lircmd.service is installed in /usr/lib/systemd/system
Ok, I'll bite. Should we just drop valgrind from ptests? It's by far,
the most brittle, finicky ptest we have, and doesn't seem to expose
actual issues, instead just giving everyone a never ending stream of
intermittent failures or tests that won't work on anything except x86
configured in a partic
All mentioned CVEs are related to HSTS check feature, which is not
implemented in version 7.69.1 .
Signed-off-by: Andrej Valek
---
meta/recipes-support/curl/curl_7.69.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb
b/meta/recipes-support/curl
https://curl.se/docs/CVE-2022-43552.html
Signed-off-by: Andrej Valek
---
.../curl/curl/CVE-2022-43552.patch| 79 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 80 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-435
Some python modules rely on "import ninja".
Only build and ship the python parts, and don't download and
build ninja from sources. Use the already built ninja instead.
The CMakeLists.txt file is a crippled copy from this ninja
python module's sources, removing almost everything, and
adding a dumm
Some python modules rely on "import cmake".
Only build and ship the python parts, and don't download and
build cmake from sources. Use the already built cmake instead.
The CMakeLists.txt file is a crippled copy from this cmake
python module's sources, removing almost everything, and
adding a dumm
Used by python3-cmake and python3-ninja.
Signed-off-by: Zoltán Böszörményi
---
.../python/python3-scikit-build_0.16.7.bb | 21 +++
1 file changed, 21 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-scikit-build_0.16.7.bb
diff --git a/meta/recipes-devto
So it won't clash with python3-cmake's download filename
from pypi.org which obviously has a diffferent checksum.
Signed-off-by: Zoltán Böszörményi
---
meta/recipes-devtools/cmake/cmake.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/cmake/cmake.inc
Some python modules use "import skbuild", "import cmake" or
"import ninja" during their builds.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178315):
https://lists.openembedded.org/g/openembedded-core/message/178315
Mute This Topic: https://lis
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/CVE-2023-25193-pre0.patch| 335 ++
.../harfbuzz/CVE-2023-25193-pre1.patch|
2023. 03. 08. 13:40 keltezéssel, Ross Burton írta:
On 8 Mar 2023, at 12:32, Böszörményi Zoltán wrote:
The code in pytorch does "import ninja" conditionally,
so it expects it as a python module. Also, this specific
package and anything that uses pytorch for its build
(like torchvision) complain
The Backport was a bit tricky but i feel its done.
I have submitted for kirkstone branch and the all the tests passed on my end.
Will be submitting it for dunfell soon too.
Let me know incase if the problem still persists. If it passes, i am happy to
help :)
Regards,
Siddharth
-=-=-=-=-=-=-=-
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/CVE-2023-25193-pre1.patch| 135 +
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 185
Le jeu. 9 mars 2023 à 23:58, Steve Sakoman a écrit :
>
> From: Geoffrey GIRY
>
> Multiple CVE are patched in kernel but appears as active because the NVD
> database is not up to date.
>
> CVE are ignored if and only if all versions of kernel used by master are
> patched.
>
> Also ignore CVEs wit
Hi,
One of my team member has worked on it and she will submit patch to upstream
kirkstone in one or two days.
Regards,
Archana
From: openembedded-core@lists.openembedded.org
on behalf of DC via
lists.openembedded.org
Sent: Friday, March 10, 2023 12:59 PM
To:
54 matches
Mail list logo
