On Mon, 13 Sept 2021 at 18:26, Steve Sakoman wrote:
> Taking a quick look at the code in cve-update-db-native.bb I see that
> database updates can fail with a warning message printed. So it could
> well be that the update failed for some reason, printed the warning,
> and then used the old
On Wed, Sep 15, 2021 at 1:08 AM Ross Burton wrote:
>
> On Mon, 13 Sept 2021 at 18:26, Steve Sakoman wrote:
>
> > Taking a quick look at the code in cve-update-db-native.bb I see that
> > database updates can fail with a warning message printed. So it could
> > well be that the update failed for
On Wed, Sep 8, 2021 at 4:02 AM Ranjitsinh Rathod
wrote:
>
> From: Ranjitsinh Rathod
>
> Change in 2 patch as below to avoid critical issues
> 1) 0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> Handled return values of getrlimit() and lzma_cputhreads() functions
> to avoid
At this point I have to note that I am removing the patch altogether with
the upcoming upgrade of rpm to 4.17, as I'm also switching the compression
format to zstd, and the patch is generally difficult to maintain and
rebase. If you care about xz compression, please do work with upstream to
get it
> -Original Message-
> From: Konrad Weihmann
> Sent: den 14 september 2021 20:25
> To: Peter Kjellerstedt ; openembedded-
> c...@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH] create-spdx.bbclass: Search all license
> directories for licenses
>
> On 14.09.21 20:11, Peter
Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> Hi Kristian,
>
> On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via
> lists.openembedded.org wrote:
> > The TPM2 support is used, among other things, for unlocking encrypted
> > volumes.
> >
> > Signed-off-by: Kristian
Hi Trevor,
On Tue, Sep 14, 2021 at 08:38:04PM -0400, Trevor Woerner wrote:
> Convert to the newer pr_xxx aliases for logging, which embed the log level in
> the macro names.
>
> Signed-off-by: Trevor Woerner
Reviewed-by: Quentin Schulz
Thanks!
Quentin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You
Hi Trevor,
On Tue, Sep 14, 2021 at 08:38:03PM -0400, Trevor Woerner wrote:
> Switch away from the old init_module/cleanup_module function names for the
> main entry points. Change them to the documented method with module_init()
> and module_exit() markers next to static functions.
>
>
The race issue resulted in some empty directories not being deleted.
During staging_copyfile, it results in "file already exists error" on
creating link for directories during do_prepare_recipe_sysroot.
The following patch checks whether the directory and its sub directories
have no files in it
Hi Kristian,
On Wed, Sep 15, 2021 at 01:31:07PM +0200, Kristian Klausen wrote:
> Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> > Hi Kristian,
> >
> > On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via
> > lists.openembedded.org wrote:
> > > The TPM2 support is
From: Kiran Surendran
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 40 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 42 insertions(+), 1 deletion(-)
create mode 100644
Hi Steve,
If you wanted to take changes only for the
0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch then you can
cherry-pick it from master as I have submitted it for master and it is
available on master branch now. Below is the link.
poky - Poky Build Tool and Metadata
Can we also set commercial flag while generating this list so recipes
like ffmpeg are also picked up?
Thanks,
Anuj
On Sun, 2021-09-12 at 05:01 -1000, Steve Sakoman wrote:
> Branch: hardknott
>
> New this week: 0 CVEs
>
> Removed this week: 2 CVEs
> CVE-2020-27748: xdg-utils
>
On Wed, Sep 15, 2021 at 6:59 AM Anuj Mittal wrote:
>
> Can we also set commercial flag while generating this list so recipes
> like ffmpeg are also picked up?
Yes, I can do that.
Steve
>
> Thanks,
>
> Anuj
>
> On Sun, 2021-09-12 at 05:01 -1000, Steve Sakoman wrote:
> > Branch: hardknott
> >
>
On 9/14/21 1:11 PM, Peter Kjellerstedt wrote:
Before, even if the code was seemingly written to search through all
licenses in ${COMMON_LICENSE_DIR} and ${LICENSE_PATH}, it would
actually bail out after only searching ${COMMON_LICENSE_DIR} due to
the exception handling.
Also refrain from using
On Wed, Sep 15, 2021 at 5:38 AM Bruce Ashfield wrote:
>
> Obviously these are for dunfell .. my script misfired and didn't put
> the [dunfell] tag on the send!
Not a problem, I knew they were for me and already grabbed them :-)
Stev
>
> Bruce
>
> On Wed, Sep 15, 2021 at 11:32 AM Bruce Ashfield
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
fd80923202c6 Linux 5.4.143
4bf194158102 netfilter: nft_exthdr: fix endianness of tcp option cast
e4fd994f02c5 fs: warn about impending deprecation of mandatory
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
c6bf0ed9d1a7 Linux 5.4.144
0634c0f91995 audit: move put_tree() to avoid trim_trees refcount underflow
and UAF
cab0003311a0 net: don't unconditionally
The preinst data in pkgdata will not expand out the ${XXX_PARAM} variables
since they don't use a package suffix. It happens that the final expansion
used for the packages is corrected by a second trip through the datastore.
The first version is used for calculation of the task output hash and
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Peter Kjellerstedt
> Sent: den 9 september 2021 21:54
> To: Ross Burton ; openembedded-
> c...@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH 12/14] ffmpeg: update
From: Armin Kuster
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0
regressed
compared to 1.6.3 and is vulnerable
From: Kai Kang
Backport patch to fix CVE-2021-36370.
CVE: CVE-2021-36370
Signed-off-by: Kai Kang
Signed-off-by: Anuj Mittal
---
.../mc/files/CVE-2021-36370.patch | 609 ++
meta/recipes-extended/mc/mc_4.8.26.bb | 1 +
2 files changed, 610 insertions(+)
From: Kai Kang
Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.
CVE: CVE-2021-40153
Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153
Signed-off-by: Kai Kang
Signed-off-by: Anuj Mittal
---
From: Kiran Surendran
backport from upstream
Signed-off-by: Kiran Surendran
Signed-off-by: Anuj Mittal
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38291.patch| 54 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644
From: Trevor Gamblin
Backport a fix from version 5.57 rather than doing an uprev, since there
appear to be some minor functional changes between our current version
and that version, despite the changelog only listing fixes.
Signed-off-by: Trevor Gamblin
Signed-off-by: Anuj Mittal
---
From: Richard Purdie
Upstream don't believe this is an issue.
Signed-off-by: Richard Purdie
(cherry picked from commit adf7bafee3f8884e525b5639ba092a1cd8e3beb9)
Signed-off-by: Anuj Mittal
---
meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git
From: Yi Zhao
CVE-2021-31810:
A malicious FTP server can use the PASV response to trick Net::FTP into
connecting back to a given IP address and port. This potentially makes
Net::FTP extract information about services that are otherwise private
and not disclosed (e.g., the attacker can conduct
Please review these changes for hardknott. No issues seen on
autobuilder.
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2592
Thanks,
Anuj
The following changes since commit 567dd35d893c5d8969d41f263a24da8fbae3fc2f:
build-appliance-image: Update to hardknott head revision
From: Mingli Yu
Backport a patch to fix CVE-2021-31799.
Signed-off-by: Mingli Yu
Signed-off-by: Anuj Mittal
---
.../ruby/ruby/CVE-2021-31799.patch| 57 +++
meta/recipes-devtools/ruby/ruby_3.0.1.bb | 1 +
2 files changed, 58 insertions(+)
create mode 100644
From: Changqing Li
refer:
https://nvd.nist.gov/vuln/detail/CVE-2021-36690
https://www.sqlite.org/forum/forumpost/718c0a8d17
https://sqlite.org/src/info/b1e0c22ec981cf5f
Signed-off-by: Changqing Li
Signed-off-by: Anuj Mittal
---
.../sqlite/sqlite3/CVE-2021-36690.patch | 62
backport from upstream
Signed-off-by: Kiran Surendran
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644
On Wed, Sep 15, 2021 at 3:26 PM Peter Kjellerstedt
wrote:
>
> > -Original Message-
> > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Peter Kjellerstedt
> > Sent: den 9 september 2021 21:54
> > To: Ross Burton ; openembedded-
> >
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
e07f317d5a28 Linux 5.10.63
4405ea221dea media: stkwebcam: fix memory leak in stk_camera_probe
ad5e13f15db7 fuse: fix illegal access to inode with reused nodeid
From: Richard Purdie
On some x86 platforms there were header issues causing pt_regs compile
failures for our stap tests, e.g. on genericx86-64 but not qemux86-64.
Backport a patch from upstream which fixes the issue.
[YOCTO #14491]
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Kiran Surendran
backport from upstream
Signed-off-by: Kiran Surendran
Signed-off-by: Anuj Mittal
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch| 40 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
fd80923202c6 Linux 5.4.143
4bf194158102 netfilter: nft_exthdr: fix endianness of tcp option cast
e4fd994f02c5 fs: warn about impending deprecation of mandatory
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
c6bf0ed9d1a7 Linux 5.4.144
0634c0f91995 audit: move put_tree() to avoid trim_trees refcount underflow
and UAF
cab0003311a0 net: don't unconditionally
From: Richard Purdie
CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.
https://github.com/westes/flex/issues/414
From: Richard Purdie
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.
https://github.com/golang/go/issues/30999#issuecomment-910470358
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
452ea6a15ed2 Linux 5.10.61
f15e64267393 io_uring: only assign io_uring_enter() SQPOLL error in actual
error case
695ab28a7fa1 io_uring: fix xa_alloc_cycle() error
wayland-protocols 1.23 is now available.
This release adds the new gesture "hold" to the pointer gesture protocol.
https://lists.freedesktop.org/archives/wayland-devel/2021-September/041979.html
Signed-off-by: Denys Dmytriyenko
---
Please note - this is meant for kirkstone(-next), as upgrade
From: Armin Kuster
Source: https://git.lysator.liu.se/nettle/nettle
MR: 112331
Type: Security Fix
Disposition: Backport from
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
ChangeID: ffbbadbfa862e715ec7da4695d7db67484f8517a
Description:
Affects nettle
From: Armin Kuster
Source: qemu.org
MR: 106462
Type: Security Fix
Disposition: Backport from
https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1
ChangeID: b9dc1b656c07d6a0aecaf7680ed33801bd5f6352
Description:
Affects qemu < 5.2.0
Signed-off-by: Armin Kuster
From: Armin Kuster
Source: qemu.org
MR: 107262
Type: Security Fix
Disposition: Backport from
https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
ChangeID: 3024b894ab045c1a74ab2276359d5e599ec9e822
Description:
Affects qemu < 5.0.0
Signed-off-by: Armin Kuster
From: Armin Kuster
Source: qemu.org
MR: 105490
Type: Security Fix
Disposition: Backport from
https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
ChangeID: 6e222b766fc67c76cdc311d02cc47801992d0e66
Description:
Affect qemu < 5.0.0
Signed-off-by: Armin Kuster
From: Sakib Sajal
Source: https://git.yoctoproject.org/git/poky
MR: 112369
Type: Security Fix
Disposition: Backport from
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?id=48960ce56265e9ec7ec352c0d0fcde6ed44569be
ChangeID:
So we wait until that branch is created in 5 months before we can apply
it ? Is this like post dating a check?
-armin
On 9/15/21 6:06 PM, Denys Dmytriyenko wrote:
> wayland-protocols 1.23 is now available.
>
> This release adds the new gesture "hold" to the pointer gesture protocol.
>
>
Obviously these are for dunfell .. my script misfired and didn't put
the [dunfell] tag on the send!
Bruce
On Wed, Sep 15, 2021 at 11:32 AM Bruce Ashfield via
lists.openembedded.org
wrote:
>
> From: Bruce Ashfield
>
> Updating linux-yocto/5.4 to the latest korg -stable release that comprises
>
On Wed, Sep 15, 2021 at 5:43 AM Ranjitsinh Rathod <
ranjitsinh.rat...@kpit.com> wrote:
> Hi Steve,
>
> If you wanted to take changes only for the
> 0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> then you can cherry-pick it from master as I have submitted it for master
> and it
Due to custom option parser implementation weston accepts only one
argument of a given type. As the result if multiple modules add
multiple --modules agruments only last will be used. This fix
introduces wrapper around modules in terms of weston-init to prepare
proper modules argument for weston
Hello Alexandre,
Rebased and resent v2. I'm sorry about that. Something went wrong
with my
mail client setup. Used git send-email this time.
On 2021-09-15 at 10:37 CEST, Alexandre Belloni wrote...
Hello Pavel,
I'm sorry but your patch has been mangled and I didn't manage to
apply
it, do
Hello all,
This is the full report for yocto-3.3.3.rc2:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
=== Summary
No high milestone defects.
1 issue found
BUG id:14491 - stap.StapTest.test_stap failure
===
Hi,
I am running a logout systemd service to clean up in shutdown, the
service was called in boot but was not called in the shutdown process,
I double checked the mlogout.sh script which was not executed.
I tried RemainAfterExit=yes, it did not work either, what could I be missing?
# cat
On 09/15/2021 04:16 PM, JH wrote:
Hi,
I am running a logout systemd service to clean up in shutdown, the
service was called in boot but was not called in the shutdown process,
I double checked the mlogout.sh script which was not executed.
I tried RemainAfterExit=yes, it did not work either,
> How about adding 'ExecStart=/bin/true' here?
It was my first try, but it did not work so I removed it.
Thank you Qi.
Kind regards,
- jupiter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156042):
Hello Pavel,
I'm sorry but your patch has been mangled and I didn't manage to apply
it, do you mind sending it again?
On 08/09/2021 09:14:23+0200, Pavel Zhukov wrote:
>
> Due to custom option parser implementation weston accepts only one
> argument of a given type. As the result if multiple
On Mon, 2021-09-13 at 10:35 -0700, Pgowda wrote:
> The file builds remote-test-server and executes rust testing
> remotely using background ssh. It adds the necessary test environment
> and variables to run the rust oe-selftest.
>
> Print the results in case of failure of runCmd().
>
>
On 09/15/2021 04:32 PM, Jupiter wrote:
How about adding 'ExecStart=/bin/true' here?
It was my first try, but it did not work so I removed it.
Thank you Qi.
Kind regards,
- jupiter
Adding 'Conflicts=shutdown.target' seems to work. I just did a quick test.
Regards,
Qi
Hi Qi,
Indeed that did the trick, you rock!
Thank you so much.
Kind regards,
- jupiter
On 9/15/21, ChenQi wrote:
> On 09/15/2021 04:32 PM, Jupiter wrote:
>>> How about adding 'ExecStart=/bin/true' here?
>> It was my first try, but it did not work so I removed it.
>>
>> Thank you Qi.
>>
>>
On Wed, 2021-09-15 at 15:37 +0530, pgowda cve wrote:
> Hi Richard,
>
> Thanks for reviewing the patch and your comments.
>
> > We did see a couple of failures in testing on our infrastructure:
> We are using the following machine for running tests
> Description:Ubuntu 18.04.3 LTS
> Release:
The TPM2 support is used, among other things, for unlocking encrypted
volumes.
Signed-off-by: Kristian Klausen
---
meta/recipes-core/systemd/systemd_249.3.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/systemd/systemd_249.3.bb
Hi Kristian,
On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via
lists.openembedded.org wrote:
> The TPM2 support is used, among other things, for unlocking encrypted
> volumes.
>
> Signed-off-by: Kristian Klausen
> ---
> meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> 1 file
62 matches
Mail list logo
