On Mon, Oct 9, 2023, 11:37 AM Marek Vasut wrote:
> On 10/9/23 23:15, Steve Sakoman wrote:
> > Sorry I didn't catch this earlier, but I stopped reviewing after
> > noticing the Signed-off-by omission.
>
> What Signed-off-by omission ?
>
Sorry, I meant the Upstream-Status omission in the first
On 10/9/23 23:15, Steve Sakoman wrote:
Sorry I didn't catch this earlier, but I stopped reviewing after
noticing the Signed-off-by omission.
What Signed-off-by omission ?
There was already a patch submitted for this CVE:
https://lists.openembedded.org/g/openembedded-core/message/188624
OK
Sorry I didn't catch this earlier, but I stopped reviewing after
noticing the Signed-off-by omission.
There was already a patch submitted for this CVE:
https://lists.openembedded.org/g/openembedded-core/message/188624
Steve
On Mon, Oct 9, 2023 at 9:19 AM Marek Vasut wrote:
>
> Pick fix for
-Original Message-
From: Vincent Prince
Sent: Monday, October 9, 2023 21:09
To: Marko, Peter (ADV D EU SK BFS1)
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone][PATCH] glibc: Update to latest on stable 2.35
branch
> Hello,
>
> I have a small question
-Original Message-
From: Marek Vasut
Sent: Monday, October 9, 2023 21:28
To: Marko, Peter (ADV D EU SK BFS1) ;
richard.pur...@linuxfoundation.org
Cc: Alexandre Belloni ; st...@sakoman.com;
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] ncurses: Mitigate
On 10/9/23 19:29, Steve Sakoman wrote:
On Mon, Oct 9, 2023 at 6:27 AM Marek Vasut wrote:
Pick fix for CVE-2023-4156 from ubuntu 20.04
A heap out-of-bounds read flaw was found in builtin.c in the gawk
package. This issue may lead to a crash and could be used to read
sensitive information.
On 10/9/23 18:44, Richard Purdie wrote:
On Mon, 2023-10-09 at 18:31 +0200, Marek Vasut wrote:
Configure with "--disable-root-environ" to disallow loading of
custom terminfo entries in setuid/setgid programs, mitigating the
impact of CVE-2023-29491.
This is taken from debian:
On 10/9/23 19:27, Marko, Peter wrote:
-Original Message-
From: Marek Vasut
Sent: Monday, October 9, 2023 18:57
To: Marko, Peter (ADV D EU SK BFS1) ;
richard.pur...@linuxfoundation.org
Cc: Alexandre Belloni ; st...@sakoman.com;
openembedded-core@lists.openembedded.org
Subject: Re:
Pick fix for CVE-2023-4156 from ubuntu 20.04
A heap out-of-bounds read flaw was found in builtin.c in the gawk
package. This issue may lead to a crash and could be used to read
sensitive information.
https://nvd.nist.gov/vuln/detail/CVE-2023-4156
Upstream commit:
Hello,
I have a small question concerning glibc source handling.
I have a machine connected to the Internet that runs
bitbake -k -f --runall=fetch universe
and another offline machine that uses the previous fetch as a source mirror.
When I bitbake my image, it fails to use this with
ERROR:
On 05.10.23 23:14, Khem Raj wrote:
On Thu, Oct 5, 2023 at 12:27 PM Richard Purdie
wrote:
On Thu, 2023-10-05 at 21:22 +0200, Andreas Cord-Landwehr wrote:
On 04.10.23 20:42, Richard Purdie wrote:
On Wed, 2023-10-04 at 20:19 +0200, Andreas Cord-Landwehr wrote:
On 04.10.23 20:10, Khem Raj
On Mon, Oct 9, 2023 at 6:27 AM Marek Vasut wrote:
>
> Pick fix for CVE-2023-4156 from ubuntu 20.04
>
> A heap out-of-bounds read flaw was found in builtin.c in the gawk
> package. This issue may lead to a crash and could be used to read
> sensitive information.
>
>
-Original Message-
From: Marek Vasut
Sent: Monday, October 9, 2023 18:57
To: Marko, Peter (ADV D EU SK BFS1) ;
richard.pur...@linuxfoundation.org
Cc: Alexandre Belloni ; st...@sakoman.com;
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] ncurses: Mitigate
On 10/9/23 18:47, Marko, Peter wrote:
Hi Marek,
Could you please describe why you add this configuration in kirkstone branch?
This CVE is already patched:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/ncurses/files/CVE-2023-29491.patch?h=kirkstone
Peter
-Original
On 10/9/23 18:51, Marko, Peter wrote:
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Richard Purdie via
lists.openembedded.org
Sent: Monday, October 9, 2023 18:44
To: Marek Vasut ; st...@sakoman.com;
openembedded-core@lists.openembedded.org
Cc:
We're struggling with the 6.5 kernel as the serial port getty doesn't appears
sometimes
leading to failures in CI. Add a workaround of sending some newlines as a way of
unblocking the kernel/release issues whilst we try and work out how to get to
the bottom
of the issue.
Signed-off-by: Richard
This disables Nagle's algorithm for our tcp serial connections which may
be causing data transfer issues.
Signed-off-by: Richard Purdie
---
meta/conf/machine/include/loongarch/qemuloongarch.inc | 2 +-
meta/conf/machine/include/riscv/qemuriscv.inc | 2 +-
meta/conf/machine/qemuarm.conf
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Richard Purdie via
lists.openembedded.org
Sent: Monday, October 9, 2023 18:44
To: Marek Vasut ; st...@sakoman.com;
openembedded-core@lists.openembedded.org
Cc: Alexandre Belloni
Subject: Re: [OE-core]
Hi Marek,
Could you please describe why you add this configuration in kirkstone branch?
This CVE is already patched:
https://git.openembedded.org/openembedded-core/tree/meta/recipes-core/ncurses/files/CVE-2023-29491.patch?h=kirkstone
Peter
-Original Message-
From:
On Mon, 2023-10-09 at 18:31 +0200, Marek Vasut wrote:
> Configure with "--disable-root-environ" to disallow loading of
> custom terminfo entries in setuid/setgid programs, mitigating the
> impact of CVE-2023-29491.
>
> This is taken from debian:
>
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.8..go1.20.9
68f9a6e2ad (tag: go1.20.9) [release-branch.go1.20] go1.20.9
31d5b604ac [release-branch.go1.20] cmd/compile: use absolute file name in isCgo
check
83dce45959 [release-branch.go1.20] cmd/link: suppress -bind_at_load
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.7..go1.20.8
d5b8518043 (tag: go1.20.8) [release-branch.go1.20] go1.20.8
2070531d2f [release-branch.go1.20] html/template: properly handle special tags
within the script context
023b542edf [release-branch.go1.20] html/template:
Configure with "--disable-root-environ" to disallow loading of
custom terminfo entries in setuid/setgid programs, mitigating the
impact of CVE-2023-29491.
This is taken from debian:
https://salsa.debian.org/debian/ncurses/-/commit/1c530aad772f7aeef039b8780d51cd09bd5a08ac
Signed-off-by: Marek
Configure with "--disable-root-environ" to disallow loading of
custom terminfo entries in setuid/setgid programs, mitigating the
impact of CVE-2023-29491.
This is taken from debian:
https://salsa.debian.org/debian/ncurses/-/commit/1c530aad772f7aeef039b8780d51cd09bd5a08ac
Signed-off-by: Marek
Configure with "--disable-root-environ" to disallow loading of
custom terminfo entries in setuid/setgid programs, mitigating the
impact of CVE-2023-29491.
This is taken from debian:
https://salsa.debian.org/debian/ncurses/-/commit/1c530aad772f7aeef039b8780d51cd09bd5a08ac
Signed-off-by: Marek
Pick fix for CVE-2023-4156 from ubuntu 20.04
A heap out-of-bounds read flaw was found in builtin.c in the gawk
package. This issue may lead to a crash and could be used to read
sensitive information.
https://nvd.nist.gov/vuln/detail/CVE-2023-4156
https://packages.ubuntu.com/source/focal/gawk
There is a stack overflow vulnerability in ash.c:6030 in busybox before
1.35. In the environment of Internet of Vehicles, this vulnerability can
be executed from command to arbitrary code execution.
https://nvd.nist.gov/vuln/detail/CVE-2022-48174
CVE: CVE-2022-48174
Signed-off-by: Marek Vasut
Replace the original "Wrong CRC with ASCII CRC for large files"
patch with upstream backport, and add additional fix on top of
the same problem which upstream detected and fixed.
Signed-off-by: Marek Vasut
---
...g-CRC-with-ASCII-CRC-for-large-files.patch | 39 ---
On Tue, 2023-09-26 at 16:25 +0800, wangmy wrote:
> From: Wang Mingyu
>
> License-Update: Rely on external copy of iso8601
>
> Changelog:
> ==
> * Subunit now has a dependency on an external iso8601
> module rather than shipping its own.
I checked and the code does now import iso8601
> FYI I also sent a patch to fix this issue the day just before you :) You can
> find it
> here:
> https://lists.op/
> enembedded.org%2Fg%2Fopenembedded-
> core%2Fmessage%2F188767=05%7C01%7Cchris.laplante%40agilent.com
> %7C34ce8f731f6f4590172108dbc89c6739%7Ca9c0bc098b46420693512ba12fb
>
Two tests to cover both installing package with IMAGE_INSTALL as
well as installing versioned dependencies of the package (using perl (>=
5.XX).
Related: [Yocto #13338] [Yocto #14995] [Yocto #14066]
Signed-off-by: Pavel Zhukov
---
.../testsdk-perldepends.bb| 16
Some of the packages require versioned providers
(DEPENDS: perl (>= 5.38) is an example and for such packages
do_populate_sdk fails because dummy packages provided unversioned
packages (PROVIDES: perl) which doesn't meet the version requirement.
Specify 999.9-r9 version for such provides to work
dpkg and apt seem to handle versioned provides correctly now [1] so this
workaround is not needed anymore.
This fixes [Yocto #14995] for package_deb.
[1]
https://www.debian.org/doc/debian-policy/ch-relationships.html#virtual-packages-provides
Signed-off-by: Pavel Zhukov
---
if packages is provided by dummysdk and in the same time marked for
installation with IMAGE_INSTALL it causes conflict in apt because virtual
providers are
not taken into account if package is asked to be installed explicitly.
Filter such packages from provides/conflicts to workaround this
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.7..go1.20.8
d5b8518043 (tag: go1.20.8) [release-branch.go1.20] go1.20.8
2070531d2f [release-branch.go1.20] html/template: properly handle special tags
within the script context
023b542edf [release-branch.go1.20] html/template:
On Sun, 2023-10-08 at 09:23 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Sat, 2023-10-07 at 23:05 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > I thought I'd summarise where things are at with the 6.5 kernel.
> >
> > We've fixed:
> > * the ARM LTP OOM lockup
Add a QA test to the SDK to test that a basic cargo build works for the
SDK host.
Signed-off-by: Sean Nyekjaer
---
Changes since v1:
- use SDK_SYS for compiling for SDK Host
meta/lib/oeqa/sdk/cases/rust.py | 22 ++
1 file changed, 22 insertions(+)
diff --git
This will enable us to build and run rust programs on the sdk host.
% cargo run --target x86_64-oesdk-linux-gnu -vv
Fresh hello v0.1.0 (~/development/hello)
Finished dev [unoptimized + debuginfo] target(s) in 0.02s
Running
Avoid setting sdk-wide RUSTFLAGS as these flags only are valid when
building for target.
This will enable building for different targets with different
RUSTFLAGS.
Signed-off-by: Sean Nyekjaer
---
meta/recipes-devtools/rust/rust-cross-canadian.inc | 4 +++-
1 file changed, 3 insertions(+), 1
Hi linux-serial and Greg,
Yocto Linux distro maintainer Richard Purdie is seeing a regression or behavior
change after updating kernel from 6.4 to 6.5. Yocto runs a lot of automated
tests with qemu
where a python test framework configures and spawns qemu (version 8.1) with two
serial ports and
Also remove the warning than doesn't make sense as the code will generate
an exception and bitbake will abort.
Before:
| WARNING: core-image-minimal-initramfs-1.0-r0 do_image_complete: KeyError in .
| Exception: Exception: KeyError: 'getpwuid(): uid not found: x'
| Path . is owned by uid
Le sam. 7 oct. 2023 à 19:47, Chris Laplante via lists.openembedded.org
a écrit :
>
> The tests will fail anyway (since you will have two 'workspacelayer'
> layers), so might as well make it fail faster and be clear.
>
Hi Chris,
FYI I also sent a patch to fix this issue the day just before you
42 matches
Mail list logo