When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
Signed-off-by: Yoann Congal
---
meta/recipes-core/meta/cve-update-nvd2
Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database
Signed-off-by: Yoann Congal
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-n
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
Signed-o
CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).
Remove it to avoid confusion. Otherwise, this should not change
anything.
Signed-off-by: Yoann Congal
---
meta/recipes-core/meta/cve-update-nvd2-native.bb
g database: no diff on the SQL dump.
Patches 1&2/4 are code cleanups
Fixes are in 3&4/4
Yoann Congal (4):
cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
cve-update-nvd2-native: nvd_request_next: Improve comment
cve-update-nvd2-native: Fix CVE configuration update
Le jeu. 14 mars 2024 à 13:14, Marta Rybczynska a
écrit :
>
>
> On Wed, 13 Mar 2024, 16:15 Yoann Congal, wrote:
>
>> Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
>> specify the maximum age of the database for doing an incremental upd
atabase. That should fix the metrics on master and any branch
sharing the CVE database with it.
Best regards,
--
Yoann Congal
Smile ECS - Tech expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197080):
https://lists.openembedded.org/g/openembe
Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.
With a value of "0", this forces a full-redownload.
Signed-off-by: Yoann Conga
attmepts -> attempts
Signed-off-by: Yoann Congal
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index bfe48b2
Le dim. 3 mars 2024 à 15:10, Yoann CONGAL a écrit :
>
>
> Le dim. 3 mars 2024 à 14:18, Peter Marko via lists.yoctoproject.org
> a écrit :
>
>> I already mentioned this last week.
>> https://lists.openembedded.org/g/openembedded-core/message/196199
>>
>
to know!
> >
> > >
> > > > Full list: Found 41 unpatched CVEs
> >
> > I'm a bit puzzled/worried that our patch metrics page says 50 rather
> than 41:
> >
> >
> https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-master.txt
> >
&
pt CVE-2024-24806:
libuv : 4 days)
* locally these CVE do not appear as Unpatched
Something is weird on the autobuilder. Maybe keep the build directory
around and a copy of the current CVE database for analysis
($DL_DIR/CVE_CHECK/nvdcve_2-1.db) ?
> Cheers,
>
> Richard
>
>
>
, ...)
waf X.Y.Z ...
This patch makes the version parsing more precise by looking at the
first line matching "waf ".
[0]: https://docs.python.org/3.12/library/tarfile.html#extraction-filters
Signed-off-by: Yoann Congal
---
meta/classes-recipe/waf.bbclass | 14 --
1 file c
_in_recipe:
> bb.note("No CVE records for products in recipe %s" % (pn))
> --
> 2.39.2
>
>
>
>
>
--
Yoann Congal
Smile ECS - Tech expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196116):
https://l
mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 =
> pre0.59s for CVE-2007-0578
> WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 =
> pre0.59s_r11 for CVE-2007-0578
> WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 =
&g
builds/11/steps/32/logs/stdio
line 31883
Signed-off-by: Yoann Congal
---
meta/classes-recipe/waf.bbclass | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/waf.bbclass b/meta/classes-recipe/waf.bbclass
index 5fa0cc4987..70bf3be8fd 100644
--- a/meta/classes-rec
nt_1.33.0.bb does not
have an assigned maintainer. Please add an entry into
meta/conf/distro/include/maintainers.inc. [missing-maintainer]
Regards,
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194
purpose in there at the end.
>
(Oops I've previously answered to Pavel in private, sorry :( )
I guess you are talking about PTESTS_PROBLEMS =>
https://git.openembedded.org/openembedded-core/tree/meta/conf/distro/include/ptest-packagelists.inc#n142
Regards,
Alex
>
>
>
>
-
self.min_size += GPT_OVERHEAD
> +self.min_size += (self.main_ptable_offset * 1024 //
> self.sector_size) + GPT_OVERHEAD
>
> self.min_size *= self.sector_size
> self.min_size += self.extra_space
> @@ -606,6 +684,14 @@ class PartitionedImage()
sector_size) + GPT_OVERHEAD
>
> self.min_size *= self.sector_size
> self.min_size += self.extra_space
> @@ -606,6 +684,14 @@ class PartitionedImage():
> exec_native_cmd("sfdisk --part-type %s %s %s" % \
> (self.path, part.
Le 14/12/2023 à 22:50, Yoann Congal a écrit :
> Le 14/12/2023 à 17:24, Steve Sakoman a écrit :
>> This patch resulted in oe-seftest failures on the autobuilder:
>>
>> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6322
>>
>>
to bb.fetch.get_srcrev().
Fixes [YOCTO #14918]
Signed-off-by: Yoann Congal
Suggested-by: Chris Wyse
---
v1->v2:
* Only call get_srcrev() if SRCREV is used (without it the call may
throw an exception e.g with a file:// SRC_URI)
---
meta/classes/externalsrc.bbclass | 4
1 file changed, 4 inserti
Le 14/12/2023 à 20:36, Khem Raj a écrit :
> On Thu, Dec 14, 2023 at 11:33 AM Alexandre Belloni
> wrote:
>>
>> On 14/12/2023 10:53:05-0800, Khem Raj wrote:
>>> On Thu, Dec 14, 2023 at 1:10 AM Alexander Kanavin
>>> wrote:
>>>>
>&g
e bluez from the dependency chain
of a default core-image-minimal build
(https://bugzilla.yoctoproject.org/show_bug.cgi?id=15323)
Regards,
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#192424):
https://list
d=14918#c7
I'll look into this.
> Steve
>
> On Thu, Dec 7, 2023 at 12:33 PM Yoann Congal wrote:
>>
>> Call bb.fetch.get_srcrev() before accessing SRC_URI. Without this new
>> bb.fetch.get_srcrev() call, SRC_URI might be accessed before SRCREV had
>> a chance to be
| 33 ++---
> meta/recipes-extended/cups/cups.inc | 2 ++
> 2 files changed, 27 insertions(+), 8 deletions(-)
>
>
> base-commit: 564339afb73fc52a66c1a08437587cad1c4d46e7
>
>
>
>
>
--
Yoann Congal
Smile ECS - Tech Ex
Le 13/12/2023 à 09:35, Martin Jansa a écrit :
> There is missing leading space in suggested:
> PACKAGECONFIG:append:pn-strace = "bluez"
V3 sent. Thanks!
> On Wed, Dec 13, 2023 at 8:43 AM Yoann Congal <mailto:yoann.con...@smile.fr>> wrote:
>
> The bluetoot
, add "bluez" to strace
PACKAGECONFIG. For example, in local.conf:
PACKAGECONFIG:append:pn-strace = " bluez"
Fixes [YOCTO #15323]
Signed-off-by: Yoann Congal
Suggested-by: Ross Burton
---
v1->v2:
* Fixed local.conf example (thanks Tim)
* Added Suggested-by: Ross
, add "bluez" to strace
PACKAGECONFIG. For example, in local.conf:
PACKAGECONFIG:append:pn-strace = "bluez"
Fixes [YOCTO #15323]
Signed-off-by: Yoann Congal
Suggested-by: Ross Burton
---
v1->v2:
* Fixed local.conf example (thanks Tim)
* Added Suggested-by: Ross (thanks R
Le 13/12/2023 à 04:45, Tim Orling a écrit :
>
>
> On Tue, Dec 12, 2023 at 3:37 PM Yoann Congal <mailto:yoann.con...@smile.fr>> wrote:
>
> The bluetooth support adds a bluez5 dependency (and,recursively, a lot
> of other stuff). Disable it by default t
, add "bluez" to strace
PACKAGECONFIG. For example, in local.conf:
PACKAGECONFIG:append:pn-strace = "bluetooth"
Fixes [YOCTO #15323]
Signed-off-by: Yoann Congal
---
meta/recipes-devtools/strace/strace_6.6.bb | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta/rec
lowing ideas.
> If an HTTP error occurs, assume that the rate limit has already been reached
> and wait 30 seconds to ensure that the next window starts. The patch will be
> something like this.
>
> ---
> meta/recipes-core/meta/cve-update-nvd2-native.bb | 5 -
> 1 file ch
[YOCTO #14918]
Signed-off-by: Yoann Congal
Suggested-by: Chris Wyse
---
Richard, Steve: This is the commit we discussed at today's bug triage.
---
meta/classes/externalsrc.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/classes/externalsrc.bbclass b/meta/classes
ranch but this branch is EOL
(End-of-life). See :
https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#LTS_.E2.80.9CMixin.E2.80.9D_repositories
https://wiki.yoctoproject.org/wiki/Releases
Regards,
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all message
in patch files that does not apply on the original sources.
Switching to open(..., newline='') allows to detect end-of-line but keep
the original end-of-line intact. This generate correct patches for CRLF
based sources.
Fixes [YOCTO #15285]
Signed-off-by: Yoann Congal
---
v1->v2: Reba
Le mar. 5 déc. 2023 à 08:48, Alexandre Belloni <
alexandre.bell...@bootlin.com> a écrit :
> Hello,
>
> This doesn't apply on master, can you rebase?
>
Yes! I will send a v2 today
On 27/11/2023 14:49:03+0100, Yoann Congal wrote:
> > Using devtool to patch CRLF based sou
in patch files that does not apply on the original sources.
Switching to open(..., newline='') allows to detect end-of-line but keep
the original end-of-line intact. This generate correct patches for CRLF
based sources.
Fixes [YOCTO #15285]
Signed-off-by: Yoann Congal
---
meta/lib/oe/patch.py
Hi Richard,
Le jeu. 16 nov. 2023 à 13:13, Richard Purdie
a écrit :
> On Thu, 2023-09-28 at 23:56 +0200, Yoann Congal wrote:
> > From: Fawzi KHABER
> >
> > Remove superfluous DEV_PKG_DEPENDENCY = "" previously used to bypass
> > ${PN}-dev package RDEPEN
As xuser-account creates a new user, we need to add it to the testing
static passwd file.
Signed-off-by: Yoann Congal
---
meta-selftest/files/static-group | 1 +
meta-selftest/files/static-passwd | 1 +
2 files changed, 2 insertions(+)
diff --git a/meta-selftest/files/static-group b/meta
on-reproducible failing ones to
> make
> investigation easier.
NB: Patch was written by Richard with small fixes and a commit message
from Yoann.
Signed-off-by: Yoann Congal
---
meta/lib/oeqa/selftest/cases/reproducible.py | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --
No other change.
Just cosmetic to avoid tripping the maximum line length of patchtest
when the next element will be added to the list.
Signed-off-by: Yoann Congal
---
meta/lib/oeqa/selftest/cases/reproducible.py | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/meta
Le mer. 15 nov. 2023 à 00:53, Yoann Congal a écrit :
>
> From: Richard Purdie
>
> OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
> not-reproducible packages to make the reproducible test fail.
>
> For example, in local.conf:
> OEQA_REPRODUCIBLE_EXCL
] selftest/reproducible: Allow packages exclusion via config
https://lists.openembedded.org/g/openembedded-core/message/190526
--
Yoann Congal
Smile ECS - Tech expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190527):
https://lists.openembedded.o
on-reproducible failing ones to
> make
> investigation easier.
NB: Patch was written by Richard with small fixes and a commit message
from Yoann.
Signed-off-by: Yoann Congal
---
meta/lib/oeqa/selftest/cases/reproducible.py | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --
On 10/19/23 17:21, Michael Opdenacker wrote:
> Hi Yoann
Hi,
> On 19.10.23 at 10:00, Yoann Congal wrote:
>> Hi everyone,
>>
>> We recently implemented a way to detect recipes for upstream code that
>> contain unit tests but does not implement ptests.
>>
5
Regards,
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189433):
https://lists.openembedded.org/g/openembedded-core/message/189433
Mute This Topic: https://lists.openembedded.org/mt/102056219/21656
G
Le lun. 16 oct. 2023 à 17:37, Mark Hatle
a écrit :
> On 10/16/23 7:17 AM, Yoann Congal wrote:
> > Hi Mark,
> >
> > Le lun. 16 oct. 2023 à 02:40, Mark Hatle via lists.openembedded.org
> > a écrit :
> >> Running a number of builds recently, a small number of t
On S=WORKDIR recipes, the unimplemented-ptest check will scan the whole
WORKDIR and "see" disappearing file and directory.
Signed-off-by: Yoann Congal
Reported-by: Mark Hatle
Closes: https://lists.openembedded.org/g/openembedded-core/message/189254
---
meta/classes-global/insane.b
In some cases, pathlib.Path.glob() might throw FileNotFoundError when
file/directory disappear while it is iterating over them.
This "warning" is not important enough to crash build in this case so
just take a bb.note of the problem and move on.
Signed-off-by: Yoann Congal
Reporte
ronly:
> 0444:try:
> Exception: FileNotFoundError: [Errno 2] No such file or directory:
> '/scratch/jenkins-BUILDS-eSDK-dev_eSDK-eSDK-master-next-pipeline-8_ZynqMpDrFull/build/tmp/work/zynqmp_generic-xilinx-linux/depmodwrapper-cross/1.0/sstate-build-create_spdx'
&g
From: Mickael RAMILISON
This introduces support for specifying a search pattern with the -p/--pattern
option in the patchreview.py script. This is designed to accommodate
the directory structure of meta-openembedded.
Signed-off-by: Mickael RAMILISON
Reviewed-by: Yoann Congal
---
Note
is not enabled by default and may be enabled to hunt
down potential ptests with:
WARN_QA += "unimplemented-ptest"
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 9 +
1 file changed, 9 insertions(+)
diff --git a/meta/classes-global/insane.
ytest" or "from pytest" in any
python file.
perl Test:: is detetected by looking for any t/*.t in the toplevel source
directory.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 22 ++
1 file changed, 22 insertions(+
To increase ptest coverage we can check if the sources of a recipe looks like
it contains unittest and warn the user that a test may be implemented there.
This series provide the check infrastructure as a package QA check and some
checks for :
python pytest, perl Test::, meson, cmake,
he usual INSANE_SKIP mechanism
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes-global/insane.bbclass
b/meta/classes-global/insane.bbclass
index 3fa9da8aff..07de974a54 100644
--- a
akefile.in as our source
instead of Makefile.am to easily follow includes. Filenaming conventions
for autotools files are not reliable enough to do naive matching.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 12
1 file changed, 12
Le ven. 6 oct. 2023 à 09:20, Richard Purdie <
richard.pur...@linuxfoundation.org> a écrit :
> On Wed, 2023-10-04 at 14:57 +0200, Yoann Congal wrote:
> > To increase ptest coverage we can check if the sources of a recipe looks
> like
> > it contains unittest and warn
Hi,
Le jeu. 5 oct. 2023 à 10:47, Alexander Kanavin a
écrit :
> On Wed, 4 Oct 2023 at 14:57, Yoann Congal wrote:
> > Currently, this check find:
> > * 309 unimplemented ptest in oe-core/meta-poky/meta-yocto-bsp
> > * 827 unimplemented ptest in meta-openembedd
ytest" or "from pytest" in any
python file.
perl Test:: is detetected by looking for any t/*.t in the toplevel source
directory.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 22 ++
1 file changed, 22 insertions(+
akefile.in as our source
instead of Makefile.am to easily follow includes. Filenaming conventions
for autotools files are not reliable enough to do naive matching.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 12
1 file changed, 12
he usual INSANE_SKIP mechanism
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes-global/insane.bbclass
b/meta/classes-global/insane.bbclass
index 35b6408b57..ffae4b98da 100644
--- a
is not enabled by default and may be enabled to hunt
down potential ptests with:
WARN_QA += "unimplemented-ptest"
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 12
1 file changed, 12 insertions(+)
diff --git a/meta/clas
To increase ptest coverage we can check if the sources of a recipe looks like
it contains unittest and warn the user that a test may be implemented there.
This series provide the check infrastructure as a package QA check and some
checks for :
python pytest, perl Test::, meson, cmake,
Hi,
Le sam. 30 sept. 2023 à 00:05, Yoann Congal a
écrit :
> To increase ptest coverage we can check if the sources of a recipe looks
> like
> it contains unittest and warn the user that a test may be implemented
> there.
>
> This series provide the check infrastructure as
akefile.in as our source
instead of Makefile.am to easily follow includes. Filenaming conventions
for autotools files are not reliable enough to do naive matching.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 12
1 file changed, 12
he usual INSANE_SKIP mechanism
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes-global/insane.bbclass
b/meta/classes-global/insane.bbclass
index a5d3793265..ba12f3ea16 100644
--- a
is not enabled by default and may be enabled to hunt
down potential ptests with:
WARN_QA += "unimplemented-ptest"
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 12
1 file changed, 12 insertions(+)
diff --git a/meta/clas
To increase ptest coverage we can check if the sources of a recipe looks like
it contains unittest and warn the user that a test may be implemented there.
This series provide the check infrastructure as a package QA check and some
checks for :
python pytest, perl Test::, meson, cmake,
ytest" or "from pytest" in any
python file.
perl Test:: is detetected by looking for any t/*.t in the toplevel source
directory.
Signed-off-by: Jérémy Rosen
Reviewed-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 26 ++
1 file changed, 26 insertions(+
off-by: Yoann Congal
---
meta/classes-global/insane.bbclass | 11 +++
1 file changed, 11 insertions(+)
diff --git a/meta/classes-global/insane.bbclass
b/meta/classes-global/insane.bbclass
index 5743d91240..14334f02a9 100644
--- a/meta/classes-global/insane.bbclass
+++ b/meta/classes-glo
an things up for core and our key layers
Regards,
Yoann
Fawzi KHABER (1):
meta/recipes: Remove empty ${PN}/DEV_PKG_DEPENDENCY workarounds
Yoann Congal (1):
insane: Add QA check for RRECOMMENDS on non-existent packages
meta/classes-global/insane.bbclass| 11 +++
meta
From: Fawzi KHABER
Remove superfluous DEV_PKG_DEPENDENCY = "" previously used to bypass
${PN}-dev package RDEPENDS on empty ${PN}. DEV_PKG_DEPENDENCY
applies RRECOMMENDS now, all workarounds are not needed anymore.
Related to [YOCTO #6839] and [YOCTO #8222]
Signed-off-by: Yoann CONG
File was renamed between kirkstone and master.
Signed-off-by: Yoann Congal
---
meta/classes/cml1.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/cml1.bbclass b/meta/classes/cml1.bbclass
index d319d66ab2..fd087c2a14 100644
--- a/meta/classes/cml1.bbclas
inking the kernel
proper.
| scripts/Kconfig.include:56: Sorry, this linker is not supported.
(From OE-Core rev: 9c483765db762dbe8020423c8778518612b7e5f7)
Signed-off-by: Jaeyoon Jung
Signed-off-by: Richard Purdie
(cherry picked from commit d4664d2b7974354e73d891762ebb2c8a12d62438)
Si
Fix [Yocto #15085]
Co-authored-by: Fawzi KHABER
Signed-off-by: Yoann Congal
---
meta/lib/oeqa/selftest/cases/devtool.py | 32 +
1 file changed, 32 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
b/meta/lib/oeqa/selftest/cases/devtool.py
index
Le mer. 28 juin 2023 à 21:47, Richard Purdie
a écrit :
>
> On Wed, 2023-06-28 at 09:09 +0200, Yoann Congal wrote:
> > From: Fawzi KHABER
> >
> > Fix [Yocto #15085]
> >
> > Signed-off-by: Fawzi KHABER
> > Signed-off-by: Yoann Congal
> > ---
&
native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.
Signed-off-by: Yoann Congal
---
scripts/lib/recipetool/create.py | 4
1 file changed, 4 insertions(+)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib
From: Fawzi KHABER
Fix [Yocto #15085]
Signed-off-by: Fawzi KHABER
Signed-off-by: Yoann Congal
---
meta/lib/oeqa/selftest/cases/devtool.py | 23 +++
1 file changed, 23 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
b/meta/lib/oeqa/selftest/cases
Exclude CVEs that are fixed in current linux-yocto version v5.4.237.
To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
[1]:
https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398
Signed-off-by: Yoann Congal
---
meta/recipes
Exclude CVEs that are fixed in both current linux-yocto version
v5.10.175 and v5.15.108.
To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
[1]:
https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398
Signed-off-by: Yoann Congal
Hi Steve!
On 5/10/23 00:32, Steve Sakoman wrote:
> From: Yoann Congal
>
> Exclude CVEs that are fixed in both current linux-yocto version
> v5.10.175 and v5.15.108.
>
> To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
>
> [1]:
> https://s
Exclude CVEs that are fixed in both current linux-yocto version
v5.10.175 and v5.15.108.
To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
[1]:
https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398
Signed-off-by: Yoann Congal
CVE-2023-1652 & CVE-2023-1829 are fixed by all version used by
linux-yocto.
Fixing commits are not referenced by NVD but are referenced by:
* https://www.linuxkernelcves.com
* Debian kernel-sec team
... this should be trust worthy enough.
Signed-off-by: Yoann Congal
---
.../distro/include
fc2e9b74652f1525603b3209a4539d2d345d704e3df3bf9b957e "
>
> UPSTREAM_CHECK_REGEX = "releases/tag/release-(?P(?!.+rc).+)"
> GITHUB_BASE_URI = "https://github.com/unicode-org/icu/releases;
Hi Florian,
Well, this is not a patch...
Let's see internally how we can cleanu
ception from urllib... Maybe someone
with more knowledge in urllib can tell us?
Regards,
> Br.
>
> On Wed, Apr 12, 2023 at 1:36 PM Yoann Congal wrote:
>>
>> Hi,
>>
>> On 4/12/23 12:19, Jan Vermaete wrote:
>>> Signed-off-by: Jan Vermaete
>>> ---
>
ou but chose to remove the except block to
get my code running.
[1]:
https://git.yoctoproject.org/poky/tree/meta/recipes-core/meta/cve-update-nvd2-native.bb#n146
>
> headers = {}
> if api_key:
Regards,
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links
On 4/7/23 16:24, Richard Purdie wrote:
> Add some information about some further kernel CVEs which don't apply for
> either linux-yocto or don't apply for linux-yocto 6.1.
>
> Signed-off-by: Richard Purdie
Perfect!
Reviewed-by: Yoann Congal
> ---
> meta/conf/distro
ist.gov/vuln/detail/CVE-2023-1075
> +# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
> +# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
> +# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
> +# 5.15 still has issue, include/net/tls.h:is_tx_ready() would
Signed-off-by: Yoann Congal
Reviewed-by: Frank WOLFF
---
meta/conf/distro/include/cve-extra-exclusions.inc | 10 ++
1 file changed, 10 insertions(+)
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc
b/meta/conf/distro/include/cve-extra-exclusions.inc
index 0b89598501
Ignore CVE-2022-38457 & CVE-2022-40133 as they looks patched in our 6.1
branch.
I've asked the NVD to add the commit as the patch for these CVEs, but in
the meantime, other sources seem to agree that the commit fixes these
CVEs (and I concur).
Signed-off-by: Yoann Congal
---
meta/rec
On 4/6/23 10:36, Richard Purdie wrote:
> On Thu, 2023-04-06 at 10:23 +0200, Yoann Congal wrote:
>>
>> For CVE-2022-38457 and CVE-2022-40133
>
> This one appears to be fixed for 6.1 only with this change:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/t
CVEs CVE-2023-0179, CVE-2023-1079 and CVE-2023-1513 are patched in our
kernels but appear as active because the NVD database is not up to date.
Signed-off-by: Yoann Congal
Reviewed-by: Frank WOLFF
---
.../distro/include/cve-extra-exclusions.inc | 25 +++
1 file changed, 25
Hi
On 4/5/23 11:55, Richard Purdie wrote:
> On Wed, 2023-04-05 at 11:51 +0200, Yoann Congal wrote:
>> Hi Richard,
>>
>> On 4/5/23 00:26, Richard Purdie wrote:
>>> .../...
>>> Thanks, I tweaked those bits. I did a bit more research and the other
>>
el.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
> 5.15.105
> 6.1.20
Included
>
> CVE-2023-28866: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28866 *
> https://git.kernel.org/pub/scm/linux/kerne
23-1077"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
> +# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
> +# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
> +# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
&
:
> This Unittest tries to rename a package, using an already used name and
> fails on do_package.
>
> Reviewed-by: Yoann CONGAL
> Signed-off-by: Fawzi KHABER
> ---
> .../packagenameconflict/packagenameconflict.bb | 10 ++
> meta/classes-global/package.bbclass
; +
>
> ###
> # Optimisations
>
> ###
--
Yoann Congal
Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (
Hi,
On 3/1/23 09:52, Alexandre Belloni wrote:
> On 01/03/2023 01:03:04+0100, Yoann Congal wrote:
>> From: Pavel Modilaynen
>>
>> Use close-on-exec (O_CLOEXEC) flag when open log file to
>> make sure its file descriptor is not leaked to parent
>> process on for
From: Pavel Modilaynen
Use close-on-exec (O_CLOEXEC) flag when open log file to
make sure its file descriptor is not leaked to parent
process on fork/exec.
Fixes [YOCTO #13311]
Signed-off-by: Mingli Yu
Signed-off-by: Yoann Congal
---
pseudo_util.c | 2 +-
1 file changed, 1 insertion(+), 1
Hi,
The following patch is the work done by Pavel Modilaynen in 04-2019 on
[YOCTO #13311]. Then, Mingli Yu tried to get it merged in 01-2020 without
success.
I just added a ref to [YOCTO #13311] in the commit message.
Best regards,
Yoann
Pavel Modilaynen (1):
pseudo_util.c: Open file with
1 - 100 of 111 matches
Mail list logo