Please fix your Upstream-Status formatting
CVE-2023-52356.patch and all 4 CVE-2023-6277-[1-4].patch trigger:
Please correct according to
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations:_Upstream-Status
:
Upstream-Status: Backport
ERROR: tiff-4.3.0-r0
On Fri, Mar 29, 2024, 11:52 Vijay Anusuri via lists.openembedded.org
wrote:
> Hi Steve,
>
> Please ignore this patch.
>
> Thanks & Regards,
> Vijay
>
Hi Vijay,
I expect that's fine with Steve but in the future, it would be good if,
when you ask for a patch to be ignored, you briefly explain
Under some load conditions, the result event can come back before the
command complete event. If that happens, the code would hang
indefinitely.
Rework the code to wait for both events and avoid the hang.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/selftest/cases/sstatetests.py | 5 +++--
On Sat, 2024-03-30 at 14:06 +0100, Martin Jansa wrote:
> From what is publicly known it injected malicious code (through m4
> macro using payload hidden in obfuscated compressed test file) into
> built liblzma.so.5 which then hijacks RSA_public_decrypt call e.g. in
> sshd (when sshd is built with
>From what is publicly known it injected malicious code (through m4
macro using payload hidden in obfuscated compressed test file) into
built liblzma.so.5 which then hijacks RSA_public_decrypt call e.g. in
sshd (when sshd is built with patch adding systemd notifications which
brings liblzma
I’m slightly worried. Does this compromise build systems (given that back
door was injected into autoconf scripts) or only systems where xz binaries
are installed?
Ale
On Sat 30. Mar 2024 at 13.26, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Sat, 2024-03-30 at 13:08 +0100,
On Sat, 2024-03-30 at 13:08 +0100, Marta Rybczynska wrote:
> Absolutely confirm. DO NOT UPDATE
>
> Marta
>
> On Sat, 30 Mar 2024, 02:04 Mark Hatle,
> wrote:
> > I know this request is a week or so old..
> >
> > But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been
> > compromised:
> >
> >
Absolutely confirm. DO NOT UPDATE
Marta
On Sat, 30 Mar 2024, 02:04 Mark Hatle,
wrote:
> I know this request is a week or so old..
>
> But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been compromised:
>
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> --Mark
>
> On 3/14/24 8:40
On Thu, 2024-03-28 at 22:50 -0700, Khem Raj wrote:
> These tests have been fixed in prior to 3.22 release
>
> Signed-off-by: Khem Raj
> ---
> meta/recipes-devtools/valgrind/valgrind_3.22.0.bb | 6 --
> 1 file changed, 6 deletions(-)
From: lixiaoyong
Replace `${HOST_PREFIX}objdump` with `${OBJDUMP}`.
When utilizing llvm for compiling packages, the invocation of GNU objdump
will consistently occur during package precess. This behavior is unfriendly
to llvm. So prefer `${OBJDUMP}` over `${HOST_PREFIX}objdump`.
Signed-off-by:
From: lixiaoyong
Replace `${HOST_PREFIX}readelf` with `${READELF}`.
When utilizing llvm for compiling packages, the invocation of GNU readelf
will consistently occur if the oe_soinstall and oe_libinstall functions,
which are defined in utils.bbclass, are called. This behavior is unfriendly
to
*** BLURB HERE ***
lixiaoyong (2):
utils.bbclass: enhance readelf command call with llvm
oe/package.py: enhance objdump command call with llvm
meta/classes-global/utils.bbclass | 4 ++--
meta/lib/oe/package.py| 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--
2.34.1
12 matches
Mail list logo