Re: [OE-core] [PATCH] squashfs-tools: always install prebuilt manpage

On Tue, 2022-05-17 at 02:27 +, Li, Changqing wrote: > > > From: richard.pur...@linuxfoundation.org > > Sent: Monday, May 16, 2022 6:54 PM > To: Li, Changqing ; > openembedded-core@lists.openembedded.org > > Subject: Re: [OE-core] [PATCH] squashfs-tools: always install > prebuilt manpage  >

[OE-core] [PATCH] cve-check: Fix report generation

The addition of summary output caused two issues: error when building an image and the fact that JSON output was generated even when CVE_CHECK_FORMAT_JSON. When generating an image it caused an error like: ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

Re: [OE-core] [kirkstone] [PATCH 1/1] mmc-utils: upgrade to latest revision

Yes, this only occurs on 5.4 kernel, will CC to you next time for kirkstone patches. //Ming Liu Steve Sakoman 於 2022年5月16日 週一 下午4:29寫道： > On Sun, May 15, 2022 at 9:17 PM Ming Liu wrote: > > > Our products are based on LTS kirkstone, we found a build issue of > mmc-utils, which has been fixed

Re: [OE-core] [PATCH] cve-check: Fix report generation

Tested-by: Alex Kiernan On Tue, May 17, 2022 at 8:55 AM Ernst Sjöstrand wrote: > > Reviewed-by: Ernst Sjöstrand > > Den tis 17 maj 2022 kl 08:01 skrev Marta Rybczynska : >> >> The addition of summary output caused two issues: error when building >> an image and the fact that JSON output was

Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves

On Wed, May 11, 2022 at 4:37 PM akash hadke via lists.openembedded.org wrote: > > Add new method get_ignored_cves in cve_check.py > to get ignored CVEs from recipe by excluding distro-wide > ignored CVEs from meta/conf/distro/include/cve-extra-exclusions.inc > > While calling this method use

[OE-core] [PATCH] udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist

Signed-off-by: Richard Purdie --- .../initrdscripts/files/init-install-efi-testfs.sh | 2 +- .../initrdscripts/files/init-install-efi.sh| 2 +- .../initrdscripts/files/init-install-testfs.sh | 2 +- meta/recipes-core/initrdscripts/files/init-install.sh | 2 +-

[OE-Core][dunfell][PATCH] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE

Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch Signed-off-by: Ranjitsinh Rathod --- meta/recipes-devtools/git/git.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index

Re: [OE-core] [PATCH] cve-check: Fix report generation

Reviewed-by: Ernst Sjöstrand Den tis 17 maj 2022 kl 08:01 skrev Marta Rybczynska : > The addition of summary output caused two issues: error when building > an image and the fact that JSON output was generated even when > CVE_CHECK_FORMAT_JSON. > > When generating an image it caused an error

[OE-Core][dunfell][PATCH 1/2] freetype: Fix CVEs for freetype

From: Ranjitsinh Rathod Apply below patches to fix the CVEs for freetype: CVE-2022-27404.patch Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db.patch CVE-2022-27405.patch Link:

[OE-Core][dunfell][PATCH 2/2] openssl: Minor security upgrade 1.1.1n to 1.1.1o

From: Ranjitsinh Rathod This security upgrade fixes CVE-2022-1292 as per below link Link: https://www.openssl.org/news/cl111.txt Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod --- .../openssl/{openssl_1.1.1n.bb => openssl_1.1.1o.bb}| 2 +- 1 file changed, 1

Re: [OE-Core][dunfell][PATCH] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE

Hi, On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > branch Good finding, thanks. I think it makes sence to support both CVE_CHECK_WHITELIST and CVE_CHECK_IGNORE variables in dunfell as patches will be

Re: [OE-core] [PATCH v2 1/7] python3-cryptography: add python3-pytest-benchmark rdepends

On Tue, 2022-05-17 at 16:16 +0800, Yu, Mingli wrote: > From: Mingli Yu > > The new version introduced below change, so add python3-pytest-benchmark > to rdepends to fix the gap. > 496703c8 Refs #7079 -- added basic scaffholding for benchmarks (#7087) > > Fixes: > # ./run-ptest > Free

Re: [OE-core] [PATCH v3] classes: rootfs-postcommands: add skip option to overlayfs_qa_check

Hi, On 2022-05-03 10:22, Claudius Heine wrote: The overlayfs_qa_check checks if the current root file system has a mount configured for each overlayfs, when the overlayfs class is used. However there are certain instances where this mount point is created at runtime and not static in a fstab

Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves

Hello Marta, Actually, I wanted to add the ignored and patched CVEs in buildhistory and for that purpose, I am exporting variables CVE_IGNORED and CVE_PATCHED with those values. I don't want to use cve-check.bbclass as it checks for the CVEs from the NVD database, and I only want to get

Re: [OE-Core][dunfell][PATCH] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE

On Tue, 2022-05-17 at 11:41 +, Mikko Rapeli wrote: > Hi, > > On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > > branch > > Good finding, thanks. I think it makes sence to support both >

[OE-core] [PATCH 3/7] python3-aspectlib: move from meta-python

From: Mingli Yu aspectlib is an aspect-oriented programming, monkey-patch and decorators library. It is useful when changing behavior in existing code is desired. It includes tools for debugging and testing: simple mock/record and a complete capture/replay framework. Signed-off-by: Mingli Yu

[OE-core] [PATCH 6/7] python3-process-tests: move from meta-python

From: Mingli Yu Signed-off-by: Mingli Yu --- .../python/python3-process-tests_2.1.2.bb | 15 +++ 1 file changed, 15 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-process-tests_2.1.2.bb diff --git

[OE-core] [PATCH 7/7] python3-tornad: move from meta-python

From: Mingli Yu Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Signed-off-by: Mingli Yu --- .../python/python3-tornado_6.1.bb | 28 +++ 1 file changed, 28 insertions(+) create mode 100644

[OE-core] [PATCH 2/7] python3-pytest-benchmark: move from meta-python

From: Mingli Yu A pytest fixture for benchmarking code. It will group the tests into rounds that are calibrated to the chosen timer. Signed-off-by: Mingli Yu --- .../python/python3-pytest-benchmark_3.4.1.bb | 15 +++ 1 file changed, 15 insertions(+) create mode 100644

[OE-core] [PATCH v2 1/7] python3-cryptography: add python3-pytest-benchmark rdepends

From: Mingli Yu The new version introduced below change, so add python3-pytest-benchmark to rdepends to fix the gap. 496703c8 Refs #7079 -- added basic scaffholding for benchmarks (#7087) Fixes: # ./run-ptest Free memory: 31.283 GB ERROR: usage: pytest [options] [file_or_dir]

[OE-core] [PATCH 5/7] python3-fields: move from meta-python

From: Mingli Yu Container class boilerplate killer. Signed-off-by: Mingli Yu --- .../python/python3-fields_5.0.0.bb| 15 +++ 1 file changed, 15 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-fields_5.0.0.bb diff --git

[OE-core] [PATCH 4/7] python3-py-cpuinfo: move from meta-python

From: Mingli Yu Py-cpuinfo gets CPU info with pure Python. Py-cpuinfo should work without any extra programs or libraries, beyond what your OS provides. It does not require any compilation(C/C++, assembly, et cetera) to use. It works with Python 2 and 3. Signed-off-by: Mingli Yu ---

Re: [OE-core] [dunfell 05/11] git: Ignore CVE-2022-24975

On Sat, Apr 16, 2022 at 12:15 PM, Steve Sakoman wrote: > > CVE_CHECK_IGNORE Hi Steve, Is this variable CVE_CHECK_IGNORE valid in dunfell branch too? Because when I check with "bitbake -c cve_check git" it is still showing as Unpatched only. Thanks, Ranjitsinh Rathod -=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3] python3-cryptography: remove --benchmark-disable option

From: Mingli Yu The new version introduced below change, so remove the option to avoid python3-pytest-benchmark rdepends to fix the gap. 496703c8 Refs #7079 -- added basic scaffholding for benchmarks (#7087) Fixes: # ./run-ptest Free memory: 31.283 GB ERROR: usage: pytest [options]

[OE-core] [PATCH] layer.conf: Don't use indirect help2man-native dependencies

Similarly to other tools such as pkgconfig and quilt, don't pull in help2man-native unless there is a direct DEPENDS. This is generally good for keeping the recipe sysroots leaner and cleaner and should fix some issues with squashf-tools in particular. This will mean any recipe with an indirect

Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves

On Tue, May 17, 2022 at 1:42 PM Akash Hadke wrote: > > Hello Marta, > > Actually, I wanted to add the ignored and patched CVEs in buildhistory and > for that purpose, I am exporting variables CVE_IGNORED and CVE_PATCHED with > those values. I don't want to use cve-check.bbclass as it checks for

Re: [OE-core] [dunfell 05/11] git: Ignore CVE-2022-24975

On Tue, May 17, 2022 at 1:09 AM Ranjitsinh Rathod wrote: > > On Sat, Apr 16, 2022 at 12:15 PM, Steve Sakoman wrote: > > CVE_CHECK_IGNORE > > Is this variable CVE_CHECK_IGNORE valid in dunfell branch too? > Because when I check with "bitbake -c cve_check git" it is still showing as > Unpatched

[OE-core] Yocto Project Status WW20`22

Current Dev Position: YP 4.1 M1 Next Deadline: 30th May 2022 YP 4.1 M1 Build Next Team Meetings: * Yocto Project Summit - 17th-19th May ( https://www.yoctoproject.org/yocto-project-summit-2022-05/) * Bug Triage meeting

Re: [OE-core] [PATCH 7/7] python3-tornad: move from meta-python

don't forget to send a patch to delete it from meta-python once merged into core. On Tue, May 17, 2022 at 1:16 AM Yu, Mingli wrote: > > From: Mingli Yu > > Tornado is a Python web framework and asynchronous networking > library, originally developed at FriendFeed. > > Signed-off-by: Mingli Yu

Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves

On Tue, 2022-05-17 at 11:42 +, akash hadke via lists.openembedded.org wrote: > Actually, I wanted to add the ignored and patched CVEs in > buildhistory and for that purpose, I am exporting variables > CVE_IGNORED and CVE_PATCHED with those values. I don't want to use > cve-check.bbclass as it

Re: [OE-core] [poky][master][PATCH 1/3] cve_check.py: Add new method get_ignored_cves

Hi Marta, If you see the code from the succeeding patch to this https://lists.openembedded.org/g/openembedded-core/message/165502 here I have checked if cve-extra-exclusions.inc is included or not. If it is not included then the code will not get executed. -=-=-=-=-=-=-=-=-=-=-=- Links: You

Re: [OE-Core][dunfell][PATCH] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE

On Tue, May 17, 2022 at 1:57 AM Richard Purdie wrote: > > On Tue, 2022-05-17 at 11:41 +, Mikko Rapeli wrote: > > Hi, > > > > On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > > > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > > > branch > > > > Good

[OE-core][master][kirkstone] python3: fix reproducibility issue with python3-core

traceback.cpython-310.pyc is non-deterministic due to 'frozenset' being written without strict ordering. For now let's just not install the problematic file. Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3_3.10.4.bb | 5 + 1 file changed, 5 insertions(+) diff --git

Re: [OE-core] [PATCH v2] wic: added fspassno parameter to partition

Hi all, On Sun, May 15, 2022 at 08:36 AM, Kanagarajan, Vijaikumar wrote: > > From: Claudius Heine > > The `fspassno` parameter allows to overwrite the value of the last > column (`fs_passno`) in the /etc/fstab of the target root file system. > This allows to have periodic file system checks. >

[OE-core] [PATCH 1/1] wic/plugins/images/direct: Allow changes in fstab on rootfs

Allow wic to also manipulate the rootfs entry in fstab, which it currently refuses to write. Reasons one might want to do that include using systemd-growfs via --fsoptions on / With this change / is now handled exactly the same as other mountpoints, the former exception seemingly was not even

[OE-core] [PATCH 0/1] wic/plugins/images/direct: Allow changes in fstab on rootfs

This patch removes the exclusion of `/` in the fstab update. This is useful for a lot of things, including but not limited to: - The setting of `fspassno`, proposed as "[PATCH v2] wic: added fspassno parameter to partition" - The writing of `fsoptions` The latter is used for example for

Re: [OE-core] [PATCH v2] wic: added fspassno parameter to partition

> -Original Message- > From: Schmidl, Tobias (T CED SES-DE) > Sent: 17 May 2022 23:46 > To: openembedded-core@lists.openembedded.org; Kanagarajan, > Vijaikumar > Cc: c...@denx.de; Schild, Henning (T CED SES-DE) > > Subject: Re: [PATCH v2] wic: added fspassno parameter to partition >

[OE-core] convert-overrides.py

Hi, openembedded-core/scripts/contrib/convert-overrides.py missing conversions for architectures like i386, i586 and so on. It leaves untouched something like: foo_i586 = "bar" I'm not sure if it should be fixed for all existing iX86 sequence. Regards, Oleksiy -=-=-=-=-=-=-=-=-=-=-=- Links: You

[OE-core][kirkstone 05/31] qemu: backport patch for CVE-2021-4207

From: Davide Gardenal CVE: CVE-2021-4207 Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-4207.patch

[OE-core][kirkstone 06/31] systemd: upgrade 250.4 -> 250.5

From: Alexander Kanavin Latest stable branch update Drop 0029-network-enable-KeepConfiguration-when-running-on-net.patch as patch merged upstream. Changes: 4a31fa2fb0 (tag: v250.5) hwdb: run "update-hwdb-autosuspend" e92e2d0e3b hwdb: run "update-hwdb" e1e4395775 hwdb: make sure "ninja

[OE-core][kirkstone 00/31] Patch review

Please review this set of patches for kirkstone and have comments back by end of day Thursday. Once again I've been proactive in cherry-picking security/bug fix version bumps for select packages. And as last time I've edited the commit messages to include either the release notes or a commit

[OE-core][kirkstone 01/31] freetype: backport patch for CVE-2022-27404

From: Davide Gardenal CVE: CVE-2022-27404 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- .../freetype/freetype/CVE-2022-27404.patch| 48 +++ .../freetype/freetype_2.11.1.bb

[OE-core][kirkstone 02/31] freetype: backport patch for CVE-2022-27405

From: Davide Gardenal CVE: CVE-2022-27405 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- .../freetype/freetype/CVE-2022-27405.patch| 41 +++ .../freetype/freetype_2.11.1.bb

[OE-core][kirkstone 03/31] freetype: backport patch for CVE-2022-27406

From: Davide Gardenal CVE: CVE-2022-27406 Upstream issue: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- .../freetype/freetype/CVE-2022-27406.patch| 32 +++ .../freetype/freetype_2.11.1.bb

[OE-core][kirkstone 07/31] systemd: Fix build regression with latest update

From: Khem Raj This happens when ptest is enabled with clang compiler Signed-off-by: Khem Raj Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit a1f51bae8e4717da2375b9a476c368554a795487) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 08/31] mesa: upgrade 22.0.0 -> 22.0.2

From: Alexander Kanavin Mesa 22.0.1 is a bug fix release which fixes bugs found since the 22.0.0 release: freedreno: crash in PUBG MSVC: Build failure in libmesa_util when targeting x86 32-bit A crash in radeonsi driver freedreno: deqp cts fails Mesa 22.0.2 is a bug fix release which fixes

[OE-core][kirkstone 09/31] bind: upgrade 9.18.1 -> 9.18.2

From: Alexander Kanavin Update to latest stable branch release Bug Fixes - Previously, zone maintenance DNS queries retried forever if the destination server was unreachable. These queries included outgoing NOTIFY messages, refresh SOA queries, parental DS checks, and stub zone NS queries.

[OE-core][kirkstone 10/31] cronie: upgrade 1.6.0 -> 1.6.1

From: Alexander Kanavin Release 1.6.1 crond: Fix regression of handling ranges (x-y) in crontab Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 4bcd528050c01a1e7a3d1a847379833672900ad9) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 11/31] epiphany: upgrade 42.0 -> 42.2

From: Alexander Kanavin 42.2 - April 21, 2022 = * Fix Save As context menu items (#1760) * Fix CVE-2022-29536 (#1766) Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][kirkstone 12/31] ffmpeg: upgrade 5.0 -> 5.0.1

From: Alexander Kanavin version 5.0.1: - avcodec/exr: Avoid signed overflow in displayWindow - avcodec/diracdec: avoid signed integer overflow in global mv - avcodec/takdsp: Fix integer overflow in decorrelate_sf() - avcodec/apedec: fix a integer overflow in long_filter_high_3800() -

[OE-core][kirkstone 13/31] fribidi: upgrade 1.0.11 -> 1.0.12

From: Alexander Kanavin Overview of changes between 1.0.11 and 1.0.12 - Various fuzzing fixes. Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 5396115fc726f0a9f8a76d1b3ec27ea73062367b) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 04/31] qemu: backport patch for CVE-2021-4206

From: Davide Gardenal CVE: CVE-2021-4206 Upstream fix: https://git.qemu.org/?p=qemu.git;a=commit;h=fa892e9abb728e76afcf27323ab29c57fb0fe7aa Signed-off-by: Davide Gardenal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-4206.patch

[OE-core][kirkstone 14/31] libinput: upgrade 1.19.3 -> 1.19.4

From: Alexander Kanavin libinput 1.19.4 fixes CVE-2022-1215 with a format string vulnerability Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit d32d51753aadf6c2747c79927dad0c9a044ad5df) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 15/31] sqlite3: upgrade 3.38.2 -> 3.38.3

From: Alexander Kanavin 2022-04-27 - Version 3.38.3 Version 3.38.3 fixes a bug in the automatic-index and Bloom filter construction logic that might cause SQLite to be overly aggressive in the use of ON clause constraints, resulting in a incorret automatic-index or Bloom filter that excludes

Re: [OE-core] [PATCH v2] wic: added fspassno parameter to partition

Am Tue, 17 May 2022 18:21:27 + schrieb "Kanagarajan, Vijaikumar" : > > -Original Message- > > From: Schmidl, Tobias (T CED SES-DE) > > Sent: 17 May 2022 23:46 > > To: openembedded-core@lists.openembedded.org; Kanagarajan, > > Vijaikumar > > Cc: c...@denx.de; Schild, Henning (T CED

Re: [OE-core] convert-overrides.py

On Tue, 2022-05-17 at 17:17 +, Oleksiy Obitotskyy via lists.openembedded.org wrote: > openembedded-core/scripts/contrib/convert-overrides.py missing conversions > for architectures like i386, i586 and so on. > It leaves untouched something like: foo_i586 = "bar" > I'm not sure if it should be

[OE-core][kirkstone 29/31] sed: Specify shell for "nobody" user in run-ptest

From: Jiaqing Zhao ptest testsuite/panic-tests.sh of sed need to be run as a non-root user so that the expected "sed: couldn't open temporary file : Permission denied" error can be generated. After disabling default shell for "nobody", a shell needs to be specified for running ptest.

[OE-core][kirkstone 30/31] strace: Don't run ptest as "nobody"

From: Jiaqing Zhao strace ptests can run successfully with root user, there is no need to run as "nobody". The ptest results are the same. Signed-off-by: Jiaqing Zhao Signed-off-by: Richard Purdie (cherry picked from commit 5ab213178c011152e29dfb0a80251c5e5ab79900) Signed-off-by: Steve

[OE-core][kirkstone 31/31] base-passwd: Disable shell for default users

From: Davide Gardenal Change the shell of all global static users other than root (which retains /bin/sh) and sync (as /bin/sync is rather harmless) to /sbin/nologin (as /usr/sbin/nologin does not exist in openembedded) Upstream-Status: Backport

[OE-core][kirkstone 16/31] webkitgtk: upgrade 2.36.0 -> 2.36.1

From: Alexander Kanavin This is the first bug fix release in the stable 2.36 series. What’s new in the WebKitGTK 2.36.1 release? - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. - Translation updates: Croatian. Signed-off-by: Alexander Kanavin

[OE-core][kirkstone 17/31] xwayland: upgrade 22.1.0 -> 22.1.1

From: Alexander Kanavin Changes in XWayland 22.1.1 include: - Not mapping the composite overlay window by default when running in rootless mode. This is being done since a client trying to get the COW, the X Server will map the window and block all pointer events. - A change to the

[OE-core][kirkstone 18/31] libxml2: Upgrade 2.9.13 -> 2.9.14

From: Jiaqing Zhao Security [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer Fix potential double-free in xmlXPtrStringRangeFunction Fix memory leak in xmlFindCharEncodingHandler Normalize XPath strings in-place Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()

[OE-core][kirkstone 21/31] linux-firmware: upgrade 20220411 -> 20220509

From: Dmitry Baryshkov License-Update: additional files Signed-off-by: Dmitry Baryshkov Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 85b1fef733683be09a1efdb2d8b8ffe543053ace) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20220411.bb =>

[OE-core][kirkstone 22/31] cairo: Add missing GPLv3 license checksum entry

From: Richard Purdie The trace tools are licensed under GPL-3.0-or-later but this wasn't listed in LIC_FILES_CHKSUM. Fix that. Ultimately we could disable that license if the trace PACKAGECONFIG is disabled but I'll leave that to someone else if they're keen. Signed-off-by: Richard Purdie

[OE-core][kirkstone 26/31] overlayfs: add docs about skipping QA check & service dependencies

From: Claudius Heine Add some documentation about skipping the QA check related to missing fstab entries or mount units for base mount points where the overlayfs is mounted from. Also add a short paragraph about adding a systemd unit dependency to services in recipes, so that they are started

[OE-core][kirkstone 27/31] image.bbclass: allow overriding dependency on virtual/kernel:do_deploy

From: Dmitry Baryshkov Since the commit fe26b2379ecd ("image.bbclass: Depend on virtual/kernel:do_deploy"), the image.bbclass made building images depend on virtual/kernel. For some images, including small initramfs, this is not the case. Allow overriding this dependency in case developers knows

[OE-core][kirkstone 23/31] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE

From: Alex Kiernan The CVE product name for PyPI packages is (usually) the same as the PyPI package name (and not our recipe name), so use that as the default. Signed-off-by: Alex Kiernan Signed-off-by: Alex Kiernan Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][kirkstone 24/31] wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions

From: Felix Moessbauer This patches makes locating the file database containing the file and folder usernames and permissions more reliable. In addition to locating it relative to the partition directory, we also try to locate it relative to the IMAGE_ROOTFS. Prior to this patch, the database

[OE-core][kirkstone 25/31] e2fsprogs: update upstream status

From: Aryaman Gupta Status updated but using the existing patch since it is functionally identical. Signed-off-by: Aryaman Gupta Signed-off-by: Richard Purdie (cherry picked from commit aab854a94e73e5035eb82fe1aafe970aaa296a54) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 19/31] vim: Upgrade 8.2.4681 -> 8.2.4912

From: Richard Purdie Includes fixes for CVE-2022-1381, CVE-2022-1420. Signed-off-by: Richard Purdie (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

[OE-core][kirkstone 20/31] linux-firmware: replace mkdir by install

From: Konrad Weihmann if a setup is using RPM for packaging and there are multiple recipes that install to ${nonarch_base_libdir}/firmware by using install -d ${nonarch_base_libdir}/firmware, it will create installation clashes on image install, as linux-firmware in before this patch used mkdir

[OE-core][kirkstone 28/31] sanity: Don't warn about make 4.2.1 for mint

From: Richard Purdie Whilst not a supported distro, we can exclude this from the warning as it is debian derived and doesn't have the issue. Signed-off-by: Richard Purdie Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.0.1.rc1)

Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-4.0.1.rc1. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. NUC 7 3. NUC 6 4.

[OE-core][dunfell 2/9] curl: Fix CVEs for curl

From: Sana Kazi Fix below listed CVEs: CVE-2022-22576 Link: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch CVE-2022-27775 Link: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch CVE-2022-27776 Link:

[OE-core][dunfell 3/9] tiff: Add patches to fix multiple CVEs

From: Ranjitsinh Rathod Add patches to fix below CVE issues CVE-2022-0865 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2022-0865.patch | 39

[OE-core][dunfell 4/9] freetype: Fix CVEs for freetype

From: Ranjitsinh Rathod Apply below patches to fix the CVEs for freetype: CVE-2022-27404.patch Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db.patch CVE-2022-27405.patch Link:

[OE-core][dunfell 5/9] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE

From: Ranjitsinh Rathod Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/git.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[OE-core][dunfell 6/9] openssl: Minor security upgrade 1.1.1n to 1.1.1o

From: Ranjitsinh Rathod This security upgrade fixes CVE-2022-1292 as per below link Link: https://www.openssl.org/news/cl111.txt Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../openssl/{openssl_1.1.1n.bb => openssl_1.1.1o.bb}

[OE-core][dunfell 0/9] Patch review

Please review this set of changes for dunfell and have comments back by end of day Thursday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3677 The following changes since commit 0f6ae13d76129d96f788b7ede312cfc361ee2bda: scripts/git: Ensure

[OE-core][dunfell 1/9] vim: Upgrade 8.2.4681 -> 8.2.4912

From: Richard Purdie Includes fixes for CVE-2022-1381, CVE-2022-1420. Signed-off-by: Richard Purdie (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

Re: [OE-core] [PATCH] squashfs-tools: always install prebuilt manpage

From: richard.pur...@linuxfoundation.org Sent: Tuesday, May 17, 2022 3:32 PM To: Li, Changqing ; openembedded-core@lists.openembedded.org Subject: Re: [OE-core] [PATCH] squashfs-tools: always install prebuilt manpage [Please note: This e-mail is from an

[OE-core][dunfell 7/9] linux-firmware: replace mkdir by install

From: Konrad Weihmann if a setup is using RPM for packaging and there are multiple recipes that install to ${nonarch_base_libdir}/firmware by using install -d ${nonarch_base_libdir}/firmware, it will create installation clashes on image install, as linux-firmware in before this patch used mkdir

[OE-core][dunfell 8/9] linux-firmware: upgrade 20220411 -> 20220509

From: Dmitry Baryshkov License-Update: additional files Signed-off-by: Dmitry Baryshkov Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 85b1fef733683be09a1efdb2d8b8ffe543053ace) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20220411.bb =>

[OE-core][dunfell 9/9] selftest: skip virgl test on alma 8.6

This test will fail any time the host has libdrm > 2.4.107 Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index

[OE-core] [PATCH] base-passwd: Update the status for two patches

The two patches to disable use of debconf and generation of documentation have been merged upstream. Signed-off-by: Peter Kjellerstedt --- ...0006-Make-it-possible-to-build-without-debconf-support.patch | 2 +- ...7-Make-it-possible-to-disable-the-generation-of-the-do.patch | 2 +- 2 files