[OE-core] [kirkstone][PATCH] libtiff: fix CVE-2023-26965 heap-based use after free

Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-26965.patch | 97 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed

[OE-core] [dunfell] [PATCH] harfbuzz: Resolve backported commit bug.

The commit [https://github.com/openembedded/openembedded-core/commit/c22bbe9b45e3] backports fix for CVE-2023-25193 for version 2.6.4. The apply() in src/hb-ot-layout-gpos-table.hh ends prematurely. The if block in apply() has an extra return statement, which causes it to return w/o executing buff

Re: [OE-core] Toolchain test results

On Tue, 2023-07-25 at 23:29 -0700, Khem Raj wrote: > On Tue, Jul 25, 2023 at 11:00 PM Anuj Mittal > wrote: > > > > On Thu, 2023-07-20 at 12:26 +0100, Richard Purdie wrote: > > > On Tue, 2023-07-18 at 10:14 +0100, Richard Purdie via > > > lists.openembedded.org wrote: > > > > qemuarm has ~350 fail

[OE-core][PATCH] meta-networking: cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

From: Sanjay Chitroda - OE-core has added support for CVE_STATUS: https://github.com/openembedded/openembedded-core/commit/1634ed4048cf - Try to add convert and apply statuses for old CVEs Signed-off-by: Sanjay Chitroda --- .../freeradius/freeradius_3.0.26.bb | 7 +++--- .../mbedt

Re: [OE-core] Toolchain test results

On Tue, Jul 25, 2023 at 11:00 PM Anuj Mittal wrote: > > On Thu, 2023-07-20 at 12:26 +0100, Richard Purdie wrote: > > On Tue, 2023-07-18 at 10:14 +0100, Richard Purdie via > > lists.openembedded.org wrote: > > > qemuarm has ~350 failures > > > qemuarm64 has ~350 failures > > > qemux86-64 has ~4000

[OE-core] [kirkstone][PATCH] tiff: fix multiple CVEs

Backport fixes for: * CVE-2023-25433 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 * CVE-2023-25434 & CVE-2023-25435 - Upstream-Status:

Re: [OE-core] Toolchain test results

On Thu, 2023-07-20 at 12:26 +0100, Richard Purdie wrote: > On Tue, 2023-07-18 at 10:14 +0100, Richard Purdie via > lists.openembedded.org wrote: > > qemuarm has ~350 failures > > qemuarm64 has ~350 failures > > qemux86-64 has ~4000 (3900 in glibc) > > qemux86 has ~4000 (3500 in glibc) > > qemuppc h

Re: [OE-core] [PATCH] rpm: Allow setting platform macro settings externally

Sure, $SUBJECT should have been [RFC][PATCH]. Thanks. 2023. 07. 25. 18:30 keltezéssel, Alexander Kanavin írta: I would want to hold this until we have a reaction from upstream. RPM_CUSTOM_* exports should go to specific tasks where they are needed. Alex On Tue, 25 Jul 2023 at 15:57, Zoltán B

[OE-core][kirkstone][PATCH] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header

Signed-off-by: Vivek Kumbhar --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2023-29406.patch | 210 ++ 2 files changed, 211 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch diff --git a/meta/recipes-d

Re: [OE-core] OpenEmbedded Happy Hour July 26 5pm/1700 UTC

In less than a day, tomorrow, we hope to see everyone at OE Happy Hour. On Wed, Jul 19, 2023 at 06:07:04PM -0400, Denys Dmytriyenko wrote: > All, > > A friendly reminder - our regular monthly OpenEmbedded Happy Hour is 1 week > away, on July 26 for Europe/Americas timezones @ 1700/5pm UTC (1pm

Re: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic configuration

> -Original Message- > From: Louis Rannou > Sent: den 29 juni 2023 15:04 > To: Peter Kjellerstedt ; openembedded- > c...@lists.openembedded.org > Cc: anuj.mit...@intel.com > Subject: Re: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic > configuration > > Hello, please find an

[OE-core] [PATCH] file: fix the way path is written to environment-setup.d

From: Oleksandr Hnatiuk $OECORE_NATIVE_SYSROOT is not escaped, thus it is expanded to an empty string. This happens to work because we have ${datadir} which in this context is relocated to the buildtools sysroot after installation of buildtools. If the $ before OECORE_NATIVE_SYSROOT is escaped,

Re: [OE-core] [PATCH] rpm: Allow setting platform macro settings externally

I would want to hold this until we have a reaction from upstream. RPM_CUSTOM_* exports should go to specific tasks where they are needed. Alex On Tue, 25 Jul 2023 at 15:57, Zoltán Böszörményi wrote: > > Feed platform settings to installplatform externally. Based on the patch > submitted under h

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

I ran this with buildhistory-diff (as I had requested you do from the start), and it immediately gave some clues: packages/all-poky-linux/linux-firmware/linux-firmware-mt7601u: RDEPENDS: added "linux-firmware" packages/all-poky-linux/linux-firmware/linux-firmware-mt7601u: PKGSIZE changed from 4541

ODP: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

Oh jesus I'm a morron I haven't noticed that I'm missing chrpath​ Do not bother this messages:P Cheers, Piotr Od: openembedded-core@lists.openembedded.org w imieniu użytkownika Piotr Łobacz via lists.openembedded.org Wysłane: wtorek, 25 lipca 2023 17:22 Do: Al

ODP: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

Hi Alex, at the beginning I would like to thank you for your suggestions, and I want to mention that this is what I wanted to do that from the very beginning, but I could not find any good HowTo or manual how to do that. Right now, I have this poky-contrib:abelloni/master-next branch downloaded,

Re: [OE-core] [RFT][PATCH] binutils: Upgrade to 2.41 release

On Tue, Jul 25, 2023 at 1:24 AM Martin Jansa wrote: > On Tue, Jul 25, 2023 at 8:53 AM Khem Raj wrote: > >> Detailed changes [1] >> >> [1] https://sourceware.org/pipermail/binutils/2023-August/122246.html > > > Release announcement from future? Now we know your secret! :). > Look at RFT tag it’

[OE-core] Yocto Project Status 25 July 2023 (WW30)

Current Dev Position: YP 4.3 M3 Next Deadline: 28th August 2023 YP 4.3 M3 build date Next Team Meetings: * Bug Triage meeting Thursday July 27th 7:30 am PDT ( https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6d

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

Hey, I tried a bit and as Martin suggested - if I remove `linux-firmware-mt7601u` the issue is gone. as you can see in my list, there are also other packages depending on linux-firmware "linux-firmware-adsp-sst" -> "linux-firmware" "linux-firmware-bcm4373" -> "linux-firmware" "linux-firmware-mt7

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 25. 12:30 keltezéssel, Alexander Kanavin írta: On Tue, 25 Jul 2023 at 12:27, Böszörményi Zoltán wrote: I have a working recipe change based on https://github.com/rpm-software-management/rpm/pull/2579 (for 4.18.x) https://github.com/rpm-software-management/rpm/pull/2580 (for 4.19.x) I

[OE-core] [PATCH] rpm: Allow setting platform macro settings externally

Feed platform settings to installplatform externally. Based on the patch submitted under https://github.com/rpm-software-management/rpm/pull/2579 Signed-off-by: Zoltán Böszörményi --- ...ng-plaform-macro-settings-externally.patch | 56 +++ meta/recipes-devtools/rpm/rpm_4.18.1.bb

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

Indeed, does this issue happen on plain poky dunfell build with no other layers added to it? If it doesn't, then it's very difficult to give help because it becomes a never ending exchange of 'try this' and 'try that' - not a good use of anyone's time. You need to demonstrate how we can reproduce t

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

That shows you that e.g. linux-firmware-mt7601u now depends on linux-firmware: "linux-firmware-mt7601u" -> "linux-firmware" "linux-firmware-mt7601u" -> "linux-firmware-mt7601u-license" now use bitbake-getvar or bitbake -e to figure out this happens for you (doesn't for me). Probably some other la

[OE-core] [RESEND][PATCH v4] sstatesig: Fix pn and taskname derivation in find_siginfo

From: Yang Xu The `bb.siggen.compare_sigfiles` method transforms the key format from `[mc::][virtual:][native:]:` to `/:[:virtual][:native][:mc:]` by `clean_basepaths`. However, `find_siginfo` uses the original format to get the package name (pn) and task name. This commit corrects the method fo

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

before: "linux-firmware-mt7601u" -> "linux-firmware-mt7601u-license" "linux-firmware-ralink" -> "linux-firmware-ralink-license" "linux-firmware-rtl8168" -> "linux-firmware-whence-license" "linux-firmware-rtl8188" -> "linux-firmware-rtl-license" "linux-firmware-rtl8192ce" -> "linux-firmware-rtl-lice

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

now figure out what depends on linux-firmware from your image grep linux-firmware buildhistory/images/your-machine/your-libc/your-image/depends.dot and then git log will help you with the rest (FWIW: I don't see linux-firmware in our dunfell images). On Tue, Jul 25, 2023 at 2:01 PM Andreas Rehn

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

hey alex, thx for have a look before linux-firmware-mt7601u-license linux-firmware-mt7601u linux-firmware-ralink-license linux-firmware-ralink linux-firmware-rtl8168 linux-firmware-rtl8188 linux-firmware-rtl8192ce linux-firmware-rtl8192cu linux-firmware-rtl8192eu linux-firmware-rtl8192su linux-fi

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 25. 12:42 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta: 2023. 07. 25. 12:30 keltezéssel, Alexander Kanavin írta: On Tue, 25 Jul 2023 at 12:27, Böszörményi Zoltán wrote: I have a working recipe change based on https://github.com/rpm-software-management/rpm/pull/257

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 25. 12:30 keltezéssel, Alexander Kanavin írta: On Tue, 25 Jul 2023 at 12:27, Böszörményi Zoltán wrote: I have a working recipe change based on https://github.com/rpm-software-management/rpm/pull/2579 (for 4.18.x) https://github.com/rpm-software-management/rpm/pull/2580 (for 4.19.x) I

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 25. 12:29 keltezéssel, Richard Purdie írta: On Tue, 2023-07-25 at 12:24 +0200, Böszörményi Zoltán wrote: 2023. 07. 24. 22:16 keltezéssel, Richard Purdie írta: On Mon, 2023-07-24 at 20:13 +0200, Böszörményi Zoltán wrote: 2023. 07. 24. 17:59 keltezéssel, Richard Purdie írta: On Mon, 2

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

On Tue, 25 Jul 2023 at 12:27, Böszörményi Zoltán wrote: > I have a working recipe change based on > https://github.com/rpm-software-management/rpm/pull/2579 (for 4.18.x) > https://github.com/rpm-software-management/rpm/pull/2580 (for 4.19.x) > > I will send it soon. I'd want to see what rpm upstr

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

On Tue, 2023-07-25 at 12:24 +0200, Böszörményi Zoltán wrote: > 2023. 07. 24. 22:16 keltezéssel, Richard Purdie írta: > > On Mon, 2023-07-24 at 20:13 +0200, Böszörményi Zoltán wrote: > > > 2023. 07. 24. 17:59 keltezéssel, Richard Purdie írta: > > > > On Mon, 2023-07-24 at 14:35 +0200, Zoltan Boszorm

Re: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

On Tue, 25 Jul 2023 at 11:58, Piotr Łobacz wrote: > > Yeah, I have just checked it for acpid-src packages and diffoscope worked > without any errors. > > Question, is this test being run with acl or/and xattr? Because from what I > remember it was not. Can you check? > If this will confirm, then

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 24. 17:20 keltezéssel, Alexander Kanavin írta: On Mon, 24 Jul 2023 at 16:59, Böszörményi Zoltán wrote: I'll rework it using a template file. Still, sed would be used, but in a more readable fashion. Will this work for you? What would be preferred is a patch to the source code, and i

Re: [OE-core] [PATCH] rpm: Install and/or tweak rpm macros file to make rpmbuild work

2023. 07. 24. 22:16 keltezéssel, Richard Purdie írta: On Mon, 2023-07-24 at 20:13 +0200, Böszörményi Zoltán wrote: 2023. 07. 24. 17:59 keltezéssel, Richard Purdie írta: On Mon, 2023-07-24 at 14:35 +0200, Zoltan Boszormenyi wrote: Some BSP architecture builds (e.g. genericx86-64 or anything fro

ODP: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

Yeah, I have just checked it for acpid-src packages and diffoscope worked without any errors. Question, is this test being run with acl or/and xattr? Because from what I remember it was not. Can you check? If this will confirm, then something is still wrong with the gnu format, because right no

Re: [OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

On Tue, 25 Jul 2023 at 11:28, Andreas wrote: > i encountered issues with the new poky release on dunfell. > explicitly linux-firmware: commit hash > a04b507d39d668a02b7ebd990c94194cde16bf2f > > i building dunfell images since 1,5 years and my images are normaly 1,9 GB > big. > however since Sund

ODP: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

Hmmm, this is odd because yesterday I have checked this and the additional parameters added to tar have fixed the issue for me. But I have added them only for posix tar format, because for gnu format there is no need. BTW. only these packages are different? AssertionError: The following ipk pa

Re: ODP: [OE-Core][PATCH v10][master-next 1/5] package_ipk.bbclass: add support for ACLs and xattr

Hello Piotr, On 24/07/2023 20:50:50+, Piotr Łobacz wrote: > > Hello Alexandre, > this is a final patchest which works for me, even with reproducible builds, > but additionally, with posix format of tar archives. > > I hope that this time it will work for autobuild as well. We are almost th

[OE-core] dunfell: poky 3.1.27 - full linux-firmware always in image

hey, i encountered issues with the new poky release on dunfell. explicitly linux-firmware: commit hash a04b507d39d668a02b7ebd990c94194cde16bf2f i building dunfell images since 1,5 years and my images are normaly 1,9 GB big. however since Sunday 23.07, the image size increases by 1GB due to the fu

Re: [OE-core] [RFT][PATCH] binutils: Upgrade to 2.41 release

On Tue, Jul 25, 2023 at 8:53 AM Khem Raj wrote: > Detailed changes [1] > > [1] https://sourceware.org/pipermail/binutils/2023-August/122246.html Release announcement from future? Now we know your secret! :). -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Repl