From: Simone Weiß
Additionally build and package tzdata.zi info file, as e.g. Systemd expects it
to be present.
[YOCTO #15172]
Signed-off-by: Simone Weiß
---
meta/recipes-extended/timezone/tzdata.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/timezone
From: Simone Weiß
In sanity.bbclass the tar version is checked as tar needs to be recent enough
for reproducible builds. Tar could also be provided by other means then gnutar,
but we mean the version of gnutar in the check. Hence we also should ensure
that the installed tar is gnutar.
[YOCTO
From: Simone Weiß
Additionally build and package tzdata.zi info file, as e.g. Systemd expects it
to be present.
[YOCTO #15172]
Signed-off-by: Simone Weiß
---
meta/recipes-extended/timezone/tzdata.bb | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended
On Sat, 2024-04-13 at 20:55 +, Simone Weiß wrote:
> On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote:
> > On 11/04/2024 19:41:09+0000, Simone Weiß wrote:
> > > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via
> > > lists.openembedded.org w
From: Simone Weiß
When upgrading gnutls to the newest version 3.8.5, some ptest failed.
Backported a patch from upstream gnutls(not in any release yet) to
fix this issue.
Signed-off-by: Simone Weiß
---
...PKCS1-v1_5-system-wide-configuration.patch | 269 ++
meta/recipes
From: Wang Mingyu
Add-ptest-support.patch
refreshed for 3.8.5
Changelog:
==
* libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated
On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote:
> On 11/04/2024 19:41:09+0000, Simone Weiß wrote:
> > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via
> > lists.openembedded.org wrote:
> > > Failed ptests:
> > > {'gnutls': ['alerts
On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via
lists.openembedded.org wrote:
> Failed ptests:
> {'gnutls': ['alerts',
> 'cert-status',
> 'ciphersuite-name',
> 'dtls-etm',
> 'dtls10-cert-key-exchange',
>
From: Simone Weiß
- Upgrade gnutls SRCREV for new version
- Refresh patches for 3.8.4
Changelog:
==
** libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a gnutls_x509_spki_t object with necessary
On Sun, 2024-03-17 at 01:17 -1000, Steve Sakoman wrote:
> Branch: master
>
> New this week: 0 CVEs
>
> Removed this week: 0 CVEs
>
> Full list: Found 37 unpatched CVEs
> CVE-2023-7216 (CVSS3: 5.3 MEDIUM): cpio
Hi, checked all the upstream developments, no news at all this week,
besides
On Sun, 2024-03-10 at 04:18 -0700, Steve Sakoman wrote:
> Branch: master
>
> New this week: 0 CVEs
>
> Removed this week: 4 CVEs
>
Hi, again a quick check:
- wiki updated.
- rest all still same status as last week(no fixes available for any, no
direct action item for porting/upgrading)
-
On Wed, 2024-03-06 at 19:19 -0800, Chen Qi via lists.openembedded.org
wrote:
> Is this a patchtest bug? I can see the 'Signed-off-by:' is there.
>
> Regards,
> Qi
>
Yes, see also 15341 in Bugzilla
Cheers,
Simone
> -Original Message-
> From:
> patcht...@automation.yoctoproject.org >
>
On Sun, 2024-03-03 at 14:37 -0500, Robert P. J. Day wrote:
>
> apologies if i already asked this, i'm trying to juggle a dozen
> things at once.
>
> here:
>
> https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb#n63
>
> what is the
Hi all,
quick check: No news for any old issue, except cpio, which is disputed by
the maintainer.
Simone
> Branch: master
>
> New this week: 2 CVEs
...
> Removed this week: 3 CVEs
wiki updated
> Full list: Found 41 unpatched CVEs
> CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto
>
From: Simone Weiß
Backported from upstream to fix CVE-2024-0684
Signed-off-by: Simone Weiß
---
.../coreutils/coreutils/CVE-2024-0684.patch | 39 +++
meta/recipes-core/coreutils/coreutils_9.4.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-core
From: Simone Weiß
Backported from upstream to fix CVE-2023-6683
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-6683.patch | 91 +++
2 files changed, 92 insertions(+)
create mode 100644 meta/recipes
Hi,
quick summary (besides linux-yocto):
- No new CVEs
- 13 fixed in oe-core
- qemu: CVE-2023-6683: Fixed upstream on master now via
https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a
- coreutils: CVE-2024-0684: Fixed upstream via
On Sat, 2024-02-24 at 14:28 +, Peter Marko via lists.openembedded.org
wrote:
> Hello,
>
> This change looks like the right way forward, but it will need two
> things first:
> * dissolve cve-extra-exclusions.inc into recipes, as every exclusion in
> that file will generate a warning in all
From: Simone Weiß
Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a
component. This should hopefully help to clean up not needed CVE_STATUS
settings.
Signed-off-by: Simone Weiß
---
v2: Add this to oe.qa mechanism instead of using bb.warn. This way it will only
On Sat, 2024-02-24 at 07:43 +, Richard Purdie wrote:
> On Fri, 2024-02-23 at 19:18 +0000, Simone Weiß wrote:
> > From: Simone Weiß
> >
> > Upgraded to address CVE-2024-25062
> >
> > License-Update: hash.c was rewritten and now also has MIT license,
> >
On Fri, 2024-02-23 at 22:52 +0100, Yoann CONGAL wrote:
> Le ven. 23 févr. 2024 à 22:09, Simone Weiß a
> écrit :
> > From: Simone Weiß
> >
> > Log if the CVE_STATUS is set for a CVE, but the cve is not reported
> > for a
> > component. This should h
From: Simone Weiß
CVE_STATUS was set for those components, but meanwhile databases are updated
with corrected information, so setting the CVE_STATUS is not needed anymore.
Signed-off-by: Simone Weiß
---
meta/recipes-connectivity/openssl/openssl_3.2.1.bb | 2 --
meta/recipes-devtools/qemu
From: Simone Weiß
Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a
component. This should hopefully help to clean up not needed CVE_STATUS
settings.
Signed-off-by: Simone Weiß
---
meta/classes/cve-check.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git
From: Simone Weiß
Skip the test for checking if CVE_CHECK_IGNORE is not used.
It is deprecated now, but was not deprecated for kirkstone and dunfell.
Skip it therefore if a patch is intended for those branches.
Signed-off-by: Simone Weiß
---
meta/lib/patchtest/tests/test_metadata.py | 6
From: Simone Weiß
Cross-reference the wiki page on patchtest now that it is updated and contains
more information how to address failed testcases. Adding it in patchtest only
is enough as patchtest-send-result already points to the wikipage for failures.
Signed-off-by: Simone Weiß
---
v2
From: Simone Weiß
Cross-reference the wiki page on patchtest now that it is updated and contains
more information how to address failed testcases. Adding it in patchtest only
is enough as patchtest-send-result already points to the wikipage for failures.
Signed-off-by: Simone Weiß
---
v2
From: Simone Weiß
Upgraded to address CVE-2024-25062
License-Update: hash.c was rewritten and now also has MIT license,
trio was totally removed, hence remove license checksum as well.
Files are not mentioned as exception in overall license any more,
therefore, checksum changed there as well
From: Simone Weiß
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
Signed-off-by: Simone Weiß
---
meta/recipes-bsp/grub/grub2.inc | 2 ++
meta/recipes-devtools/binutils/binutils-2.42.inc | 2 ++
meta/recipes-extended
From: Simone Weiß
All are already fixed in 8.2.1, NVD was informed that cpes are wrong.
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/qemu/qemu.inc | 6 ++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index
On Sun, 2024-02-18 at 17:42 +, Richard Purdie wrote:
> On Sun, 2024-02-18 at 16:52 +0000, Simone Weiß wrote:
> > From: Simone Weiß
> >
> > All are already fixed in 8.2.1, NVD was informed that cpes are wrong.
> >
> > Signed-off-by: Simone Weiß
> &
From: Simone Weiß
Upgrade libuv to pull in the fix for CVE-2024-24806
Changes:
* misc: remove deprecated stalebot file (Jameson Nash)
* build: disable windows asan buildbot (Ben Noordhuis)
* test: don't run tcp_writealot under msan (Ben Noordhuis)
* build,win: remove extraneous -lshell32 (Ben
From: Simone Weiß
All are already fixed in 8.2.1, NVD was informed that cpes are wrong.
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/qemu/qemu.inc | 6 ++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index
Hi,
This time we have some real new issues, mostly we need to upgrade some
recipes.
For wrong entries NVD was now multiple times pinged. I'll set the
CVE_STATUS now, but ping them again anyhow.
On Sun, 2024-02-18 at 01:18 -1000, Steve Sakoman wrote:
> Branch: master
>
> New this week: 13 CVEs
On Sun, 2024-02-18 at 07:01 -0800, Tim Orling wrote:
>
>
> On Sun, Feb 18, 2024 at 4:33 AM Simone Weiß
> wrote:
> > From: Simone Weiß
> >
> > Changes:
> > https://github.com/vim/vim/compare/v9.0.2130...v9.0.2142
> >
> > This fixes CV
From: Simone Weiß
Update libgit2 to pull in securtiy fixes.
Changelog summary:
- A bug in git_revparse_single is fixed that could cause a Denial of
Service attack. This fixes CVE-2024-24575
- A bug in git_index_add is fixed that could lead to arbitrary code execution.
This fixes CVE-2024
From: Simone Weiß
Changes:
https://github.com/vim/vim/compare/v9.0.2130...v9.0.2142
This fixes CVE-2024-22667
Signed-off-by: Simone Weiß
---
meta/recipes-support/vim/vim.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes
From: Simone Weiß
Redhat/Fedora specific as it affects the grub2-set-bootflag extension
added by Redhat to grub.
Signed-off-by: Simone Weiß
---
meta/recipes-bsp/grub/grub2.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
Please ignore this, v2 is already sent...
On Fri, 2024-02-16 at 21:00 +, simone.p.we...@posteo.com wrote:
> From: Simone Weiß
>
> Do not only log that there has been an issue but add WARNING before for
> local
> runs. Hopefully this helps to avoid that people reading the l
From: Simone Weiß
Do not only log that there has been an issue but add WARNING before for local
runs. Hopefully this helps to avoid that people reading the log to quickly miss
issues.
Fixes [YOCTO #15389]
Signed-off-by: Simone Weiß
---
v2:
Fix commit message.
scripts/patchtest | 4 ++--
1
From: Simone Weiß
Do not only log that there has been an issue but add WARNING before for local
runs. Hopefully this helps to avoid that people reading the log to quickly miss
issues.
Fixes [YOCTO #15389]
Signed-off-by: Simone Weiß
sfdf
Signed-off-by: Simone Weiß
---
scripts/patchtest | 4
On Fri, 2024-02-16 at 11:43 -0500, Trevor Gamblin wrote:
>
> On 2024-02-16 11:19, Simone Weiß wrote:
> > On Thu, 2024-02-15 at 22:10 +, Richard Purdie wrote:
> > > On Thu, 2024-02-15 at 21:39 +, Simone Weiß wrote:
> > > > From: Simone Weiß
> > &
On Thu, 2024-02-15 at 22:10 +, Richard Purdie wrote:
> On Thu, 2024-02-15 at 21:39 +0000, Simone Weiß wrote:
> > From: Simone Weiß
> >
> > Add more information to log messages when a test case fails.
> > Still keep it short and mostly reference
From: Simone Weiß
Add more information to log messages when a test case fails.
Still keep it short and mostly reference the documentation. Reasson is that
documentation should already contain the needed information, do not duplicate
it here, so we also do not need to update here should the doc
From: Simone Weiß
Upgrade version to adress recent CVE findings.
Changelog
=
** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
[GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]
** libgnutls: Fix assertion failure when verifying a certificate chain
On Fri, 2024-01-26 at 20:41 +, Ross Burton wrote:
> Hi,
>
> A somewhat recurring theme about this time in the release cycle is
> people asking what version of a recipe will be in the next release,
> especially more now because the next release is a LTS.
>
> So to avoid the relevant people
References are now added, as requested in v2. Is more still missing?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194306):
https://lists.openembedded.org/g/openembedded-core/message/194306
Mute This Topic:
From: Simone Weiß
This is fixed via a patch added in gcc-13.2.inc already, but still
reported e.g. for libgcc as it is not defining an own source but use the
shared gcc-source.
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/gcc/gcc-13.2.inc | 1 +
1 file changed, 1 insertion(+)
diff
On Mon, 2024-01-22 at 16:18 +, Simone Weiß wrote:
> From: Simone Weiß
>
> This is fixed via a patch added in gcc-13.2.inc already, but still
> reported e.g. for libgcc as it is not defining an own source but use
> the
> shared gcc-source.
>
> Signed-off-by: Si
From: Simone Weiß
This is fixed via a patch added in gcc-13.2.inc already, but still
reported e.g. for libgcc as it is not defining an own source but use the
shared gcc-source.
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/gcc/libgcc-initial_13.2.bb | 2 ++
1 file changed, 2 insertions
From: Simone Weiß
This is fixed via a patch added in gcc-13.2.inc already.
Signed-off-by: Simone Weiß
---
meta/recipes-devtools/gcc/libgcc-initial_13.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb
b/meta/recipes-devtools/gcc/libgcc
From: Simone Weiß
Fixes [YOCTO #12388]
QEMUs documentation does recommend to not use n270 and core2duo as
an argument to -cpu anymore. See also the QEMU documentation for this at
[0].
Update therefore the QEMU cpu option for the core2duo tune to Nehalam.
Tested it locally with QEMU and KVM.
[0
Hi,
On Wed, 2024-01-17 at 00:29 +0100, Alexandre Belloni via
lists.openembedded.org wrote:
> Hello,
>
> This causes warnings for meta-aws:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/122/builds/3840/steps/12/logs/warnings
>
> On 14/01/2024 17:19:03+00
From: Simone Weiß
Fixes [YOCTO #12388]
QEMUs documentation does recommend to not use n270 and core2duo as
an argument to -cpu anymore. Update therefore the QEMU cpu option for
the core2duo tune to Nehalam. Tested it locally with QEMU and KVM.
Signed-off-by: Simone Weiß
---
meta/conf/machine
From: Simone Weiß
Fixes [YOCTO #14538]
Recipes shouldn't use "virtual/" in RPROVIDES and RDEPENDS. This was
addressed already in recipes in meta-oe and oe-core. Add a test for
this in insane.bbclass to ensure no regressions occur.
Signed-off-by: Simone Weiß
---
meta/clas
From: Simone Weiß
Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest
pull for stable branch fixes done in rev
e444d2bed0ea140a574414fcd5a689867e8ba312. Hence the issues are fixed
already.
Signed-off-by: Simone Weiß
---
meta/recipes-core/glibc/glibc-version.inc | 2
On Mon, 2023-12-18 at 12:42 -0800, simone.p.we...@posteo.com wrote:
> > I agree, this would be a good change to make for long-term
> > maintainability. LGTM otherwise.
> I have tried to implement such a check as well, and while this check
> is fine
> and works, the test of a patch with patchtest
56 matches
Mail list logo
