Backport an upstream patch for the CVE.
Signed-off-by: Richard Purdie
---
...9813e0eb0246f63b54e9e154970e609575af.patch | 58 +++
.../xdg-utils/xdg-utils_1.1.3.bb | 1 +
2 files changed, 59 insertions(+)
create mode 100644
* the output is shown 3 times with default configuration and 5 times when
--verbose
is being used with knotty, there might be other use-cases where we actually
need
this, but until the logging is resolved better, setting this to empty looks
like
more reasonable option (considering that
On Friday 03 September 2021 at 13:55:21 +0200, Martin Jansa wrote:
> * the output is shown 3 times with default configuration and 5 times when
> --verbose
> is being used with knotty, there might be other use-cases where we actually
> need
> this, but until the logging is resolved better,
From: Ross Burton
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 4accf77ea5b5810cb2330acc6773690ec1b1c71b)
Signed-off-by: Steve Sakoman
---
.../cpio/cpio-2.13/CVE-2021-38185.patch | 581 ++
meta/recipes-extended/cpio/cpio_2.13.bb
From: Andrej Valek
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
Signed-off-by: Andrej Valek
Signed-off-by: Richard Purdie
(cherry picked from commit da630d6d81a396c3e1635fbd7b8103df47ed2732)
Signed-off-by:
From: Matt Madison
Commit 05a87be51b44608ce4f77ac332df90a3cd2445ef introduced
a Python conditional expression when updating PATH that
generates syntax warnings in bitbake-cookerdaemon.log:
Var :1: SyntaxWarning: "is not" with a literal. Did you mean "!="?
Fix this by using the more
From: Armin Kuster
Source: https://github.com/lz4/lz4
MR: 111604
Type: Security Fix
Disposition: Backport from
https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
ChangeID:
From: Richard Purdie
Add SDKPATHINSTALL which is used as the default install location of the SDK
instead of SDKPATH. This means the default install path isn't encoded into
every SDK binary, meaning if a date is used there the entire SDK doesn't
have to rebuild. Most distros can switch to only
The xinetd license is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use the specific xinetd
license.
Signed-off-by: Ross Burton
---
meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
Signed-off-by: Ross Burton
---
meta/classes/create-spdx.bbclass | 25 ++---
1 file changed, 14 insertions(+), 11
Now that recipetool writes BSD-3-Clause, update the test appropriately.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/selftest/cases/recipetool.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py
Specifically, the actual recipe now has LICENSE=MIT.
Signed-off-by: Ross Burton
---
documentation/dev-manual/common-tasks.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/documentation/dev-manual/common-tasks.rst
b/documentation/dev-manual/common-tasks.rst
index
The python-async-test recipe is now BSD-3-Clause.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/selftest/cases/recipeutils.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/recipeutils.py
b/meta/lib/oeqa/selftest/cases/recipeutils.py
index
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton
---
meta/recipes-devtools/valgrind/valgrind_3.17.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/valgrind/valgrind_3.17.0.bb
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Note that the actual license text is BSD 4-Clause with clause 3 rescinded:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/blob/master/COPYING#L157
Signed-off-by: Ross Burton
---
meta/recipes-graphics/xorg-lib/libxfont_1.5.4.bb | 2
This recipe is just a single data file from shadow, but as we can't
easily tell what license that specific file is under just copy the full
license statement.
Signed-off-by: Ross Burton
---
meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
"BSD" is ambiguous, use the precise license BSD-2-Clause-Patent.
Signed-off-by: Ross Burton
---
meta/recipes-core/ovmf/ovmf_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb
b/meta/recipes-core/ovmf/ovmf_git.bb
index
"BSD" is ambiguous, ffmpeg comprises of several licenses which are
BSD-like.
Signed-off-by: Ross Burton
---
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
"BSD" is ambiguous, use the precise licenses BSD-3-Clause-Attribution
and BSD-3-Clause.
Signed-off-by: Ross Burton
---
meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
Upstream has moved to GitHub. Whilst it's now too late to upgrade to
the latest release, we can add upstream check variables so that we get
notified we're out of date.
Signed-off-by: Ross Burton
---
meta/recipes-extended/lsof/lsof_4.91.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git
The lsof LICENSE is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use Spencer-94.
Signed-off-by: Ross Burton
---
meta/recipes-extended/lsof/lsof_4.91.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The xinetd license is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use the specific xinetd
license.
Signed-off-by: Ross Burton
---
meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton
---
meta-selftest/recipes-devtools/python/python-async-test.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-selftest/recipes-devtools/python/python-async-test.inc
The PyPI license classifiers include "OSI Approved: BSD", which does not
specify which of the many variations of BSD license it actually means.
The generic "BSD" license in the oe-core set is actually BSD-3-Clause.
>From a random sample of ten PyPI modules that use "BSD", they are all
The bulk of hdparm is under a unique license. Set the correct BSD
version, and specify that the hdparm license is also used.
Signed-off-by: Ross Burton
---
meta/recipes-extended/hdparm/hdparm_9.62.bb | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git
If systemd is built with fdisk support[1] and the openssl and cryptsetup
PACKAGECONFIG are enabled, systemd-homed[1] is automatically enabled.
The org.freedesktop.home1.conf file was forgotten, so this commit adds
the file and make enabling homed a explicit choice.
[1] Automatically enabled if
Added 0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
to fix large memory usage for large file downloads
from dynamic backends reuse or release large memory chunks.
Also, added patch to set default chunk size 8k earlier it was 4k.
This issue is caused by a bug in the lighttpd
some really basic observations and questions about shared libs from
BB recipes as i'm trying to resolve some issues related to a weird
hybrid build system that overrides the standard do_install() task by
manually populating the "image" directory for each recipe, then hands
control over to
This allows extra space to be added after the last partition and is
especially useful when free space is needed for ex: adding partitions on
first boot with ex: systemd-repart[1] and the image is tested in QEMU.
[1] https://www.freedesktop.org/software/systemd/man/systemd-repart.html
Please review this next set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2540
The following changes since commit 448e0271ed831582bb5833486fc17b131676fb53:
selftest: disable
add_extracted_document() is only called if the license isn't known to
SPDX, so there's no need to check again.
Signed-off-by: Ross Burton
---
meta/classes/create-spdx.bbclass | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass
For licenses which are not known to SPDX, find and embed the actual
license text in an ExtractedLicesingInfo block.
Signed-off-by: Ross Burton
---
meta/classes/create-spdx.bbclass | 51 +++-
1 file changed, 37 insertions(+), 14 deletions(-)
diff --git
spdx-licenses.json contains an array of licenses objects. As we'll be
searching it often, convert that to a dictionary when we parse it.
Signed-off-by: Ross Burton
---
meta/classes/create-spdx.bbclass | 15 ---
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
Signed-off-by: Ross Burton
---
meta/classes/create-spdx.bbclass | 25 ++---
1 file changed, 14 insertions(+), 11
oe-core has only one version of the Rust toolchain,
so remove the ability to change versions.
This file belongs in the meta-rust layer.
Signed-off-by: Randy MacLeod
---
meta/conf/distro/include/rust_versions.inc | 13 -
1 file changed, 13 deletions(-)
delete mode 100644
This removes BSD-0-Clause, Nauman, tcl and vim and adds mappings for
them to their SPDX counterparts (0BSD, Naumen, TCL and Vim).
It also removes FreeType, which already had a mapping to FTL.
Signed-off-by: Peter Kjellerstedt
---
In case anyone is interested, the following command (executed in
On 9/2/21 7:55 PM, Steve Sakoman wrote:
> On Thu, Sep 2, 2021 at 8:38 AM Steve Sakoman wrote:
>> On Thu, Sep 2, 2021 at 8:10 AM Armin Kuster wrote:
>>> ping or did I miss a response to this patch?
>> No you didn't miss anything!
>>
>> I mistakenly stashed this patch along with your "lz4:
On 9/3/21 9:20 AM, Randy MacLeod wrote:
oe-core has only one version of the Rust toolchain,
so remove the ability to change versions.
This file belongs in the meta-rust layer.
I think we should still keep it around. For external rust toolchains
much like we do for gcc, but move it to
On 9/3/21 3:57 AM, Robert P. J. Day wrote:
some really basic observations and questions about shared libs from
BB recipes as i'm trying to resolve some issues related to a weird
hybrid build system that overrides the standard do_install() task by
manually populating the "image" directory
If systemd is built with fdisk support[1] and the openssl and cryptsetup
PACKAGECONFIG are enabled, systemd-homed[1] is automatically enabled.
The org.freedesktop.home1.conf file was forgotten, so this commit adds
the file and make enabling homed a explicit choice.
systemd-homed.service and
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Ross Burton
> Sent: den 3 september 2021 18:01
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH v2 4/4] create-spex: don't duplicate license
Change
This log checking fix is needed for both qemux86 and qemux86-64 so move
to the common section.
[YOCTO #14528]
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/runtime/cases/parselogs.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/runtime/cases/parselogs.py
Upstream don't believe this is an issue.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index 1e91f0827ed..cb9e486698c
43 matches
Mail list logo