I suppose there is no plan.
I do hold the opinion that the 'industry standard' of backporting CVEs
is the wrong approach altogether, and stable branches must get actual
version updates instead. The project policy is that versions must stay
the same, security fixes must happen via backports, and if
[YOCTO #15021]
Create a new runner run_serial_socket which usage matches the traditional ssh
runner. Its return status is 0 when the command succeeded or 0 when it
failed. If an error is encountered, it raises an Exception.
The previous serial runner is maintained and marked as deprecated.
Signe
The actual serial runner has a different usage compare to the ssh runner. The
return status is different and failure are not raised as exceptions.
Initially, I wanted to create a new run_serial_socket and modify the old
run_serial to use the former. And there was a second patch that changed every
From: Thomas Roos
This allows to overwrite this from local.conf etc.
Signed-off-by: Thomas Roos
---
meta/conf/machine/include/x86/qemuboot-x86.inc | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/conf/machine/include/x86/qemuboot-x86.inc
b/meta/conf/machine/inc
From: Thomas Roos
To test nested kvm with qemu QB_CPU* needs to be modified.
E.g. set to "-cpu Haswell-noTSX-IBRS,vmx=on"
This allows to overwrite this from local.conf etc.
Signed-off-by: Thomas Roos
---
meta/conf/machine/include/x86/qemuboot-x86.inc | 8
1 file changed, 4 insertions
From: Vijay Anusuri
Upstream-Status: Backport from https://github.com/git/git/commit/a244dc5b &
https://github.com/git/git/commit/81dc898d &
https://github.com/git/git/commit/b49f309a &
https://github.com/git/git/commit/f6e0b9f3 &
ht
From: Romuald JEANNE
As vname var is needed in multiubi_mkfs() function, we need to keep it
defined and use it as parameter to the new write_ubi_config() function.
See [YOCTO #15027]
Signed-off-by: Romuald JEANNE
---
meta/classes-recipe/image_types.bbclass | 13 +++--
1 file changed,
This is the final pull request for the 4.1.3 release build.
Steve
On Wed, Mar 1, 2023 at 5:57 AM Steve Sakoman via
lists.openembedded.org
wrote:
>
> The following changes since commit ab1e3000cee9f5f3496a7e67cc59b2e08a681a89:
>
> oeqa qemurunner.py: try to avoid reading one character at a time
From: Hugo SIMELIERE
CVE already fixed in CVE-2022-39176.patch
Signed-off-by: Hugo SIMELIERE
---
meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
b/meta/recipes-connectivity/bluez5/bluez5
From: Hugo SIMELIERE
Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
* Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
* Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
* Fix
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4995
The following changes since commit b20e2134daec33fbb8ce358d984751d887752bd5:
build-appliance-image
From: Yash Shinde
Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09]
Signed-off-by: Yash Shinde
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 3 +
.../binutils/0020-CVE-2023-2
From: Vivek Kumbhar
[layout] Limit how far we skip when looking back
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 71 +++
.../harfbuzz/harfbuzz_4.0.1.bb| 4 +-
2 files changed, 74 insertions(+),
From: Changqing Li
Signed-off-by: Changqing Li
Signed-off-by: Steve Sakoman
---
...ial-memory-leak-in-GLES_CreateTextur.patch | 40 +++
.../libsdl2/libsdl2_2.0.20.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644
meta/recipes-graphics/libsdl2/lib
From: Hitendra Prajapati
Upstream-Status: Backport from
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../less/less/CVE-2022-46663.patch| 31 +++
meta/recipes-extende
From: Saul Wold
This is needed when the SDK or eSDK is installed in a /build top level
directory as it conflicts with the build directory within the existing
/usr/src/debug/build (which is really a link). Rename it and then do the
copy, this is not an issue with master currently due to some other
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5)
Signed-off-by: Steve Sakoman
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+)
From: Kai Kang
According to the ANNOUNCE of xorg-server 21.1.7[1]:
This release contains the fix for CVE-2023-0494 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-February/003320.html
It also fixes a second possible OOB access during EnqueueEvent and a
crasher cause
From: Wang Mingyu
xwayland 22.1.8 - Security fix for CVE-2023-0494
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit e0ca374267cce807d12d706564989900fe61bd97)
Signed-off-by: Steve Sakoman
(cherry picked from commit 964ca02deb
From: Wang Mingyu
Changelog:
==
1. The SIMD dispatchers in libjpeg-turbo 2.1.4 and prior stored the list of
supported SIMD instruction sets in a global variable, which caused an innocuous
race condition whereby the variable could have been initialized multiple times
if 'jpeg_start_*compre
From: Siddharth Doshi
OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level
security vulnerability [1].
Upgrade the recipe to point to 3.0.8.
CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.
[1] https://www.openssl.org/news/vulnerabilities.h
From: Dmitry Baryshkov
It is not enough to depend on the ${PN}-qcom-license package. Set
LICENSE variable for all the qcom packages to point to the proper
license.
Signed-off-by: Dmitry Baryshkov
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 9dc41e1
From: Alexander Kanavin
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distri
From: Alexander Kanavin
License-Update: additional firmwares
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 8e6134d39b840d96e1c37d3df21a522afea8bc76)
Signed-off-by: Steve Sakoman
---
...{linux-firmware_20230117.bb => linux-firmware_20230210.bb} |
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit a8e8ea1b4b100b6f0ba5ca9441a8f3f1ac31fbfd)
Signed-off-by: Steve Sakoman
---
...ireless-regdb_2022.08.12.bb => wireless-regdb_2023.02.13.bb} | 2 +-
1 file changed, 1 insertion(+
From: Dmitry Baryshkov
Newest linux-firmware release got firmware for Adreno A200. Add these
two files to the ${PN}-qcom-adreno-a2xx package. As these files are
licensed under a separate BSD-3-Clause license, add separate license
package too.
Signed-off-by: Dmitry Baryshkov
Signed-off-by: Alexa
From: Pavel Zhukov
This allows to specify partition with fstype=none in the wks file
to have partition created but without following mkfs. The none fstype
is in the list already but the usage is not documented.
Example;
part /data --ondisk mmcblk0 --fstype=none --align 4096 --fixed-size 512
wi
From: Federico Pellegrin
openldap is added as a dependency so the build will not fail,
as otherwise ldap headers are not found during configure phase
Note: due to upstream bug (now fixed) building LDAP/LDAPS support
with minimal configurations can sometimes not work, see details at:
https://gith
From: Saul Wold
The original patch was actually allowing .debug modules
though which was in-correct. This change blocks the
parsing of .debug modules (which is correct). As noted in
[YOCTO #15022] this should address the empty modules.dep
when using the BusyBox depmod.
Signed-off-by: Saul Wold
From: Xiangyu Chen
Backport patch to fix dhcpcd start failed on qemuppc64.
Signed-off-by: Xiangyu Chen
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit a31d658198566de12cdd1aad18776b8da8065787)
Signed-off-by: Steve Sakoman
---
.../dhcpcd/dhcpcd_9.4.1
From: Bruce Ashfield
Backporting a patching from the 2.13.x stable branch of lttng
to fix the build against kernel 6.2+.
Signed-off-by: Bruce Ashfield
Signed-off-by: Richard Purdie
(cherry picked from commit 3aed7dfe5ff6f52497dcffa58bc2f06cf709ea18)
Signed-off-by: Steve Sakoman
---
...ccesso
From: Mateusz Marciniec
Symbolic links to the files are included during the output hash
calculation but symlinks to the directories are missed.
So if the new symlink to a directory was the only change made,
then the output hash won't change,
and the Hash Equivalence server may change unihash.
In
From: Richard Purdie
Martin Jansa spotted patchreview.py reports Malformed Upstream-Status in a
patch in this recipe. The patch is not being applied since there is no ptest
override.
The test in question was also disabled due to an issue with new versions of
openssh.
Add a workaround for the br
From: Alexis Lothoré
Signed-off-by: Alexis Lothoré
Signed-off-by: Richard Purdie
(cherry picked from commit 80cfa56d133bd3abbb1f37272607d8e15ce70861)
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/selftest/cases/resulttooltests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --
From: Ross Burton
If a task is aborted the buildstats file isn't complete, so calculate
when the build finished and use that as a end time.
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 23ebaec476dc46aebe5997f025661137f3e341bd)
Signed-off-by: Steve Sakoman
From: Ulrich Ölmann
Fixes: 7ef7af5c03ba ("kernel-yocto: restore kernel-meta data detection for
SRC_URI elements")
Signed-off-by: Ulrich Ölmann
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit c77754f23e3fb49a62602a6c6a04d5525d1cf457)
Signed-off-by: Ste
From: Narpat Mali
The output of libseccomp ptest should follow a unified format as
per this https://wiki.yoctoproject.org/wiki/Ptest
Replaced the test results SUCCESS, FAILURE & SKIPPPED with PASS,
FAIL & SKIP and printing the ptest result with the below format
result: testname
Signed-off-by: N
From: Mikko Rapeli
When qemu machine hangs, the ssh commands done by tests
are not timing out. do_testimage() task has last logs like this:
DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
The test process is stuck for hours, or for ever if the
executing command or test case did not
From: Mikko Rapeli
qemu doesn't always behave well and can hang too.
kill it with force if it was still alive. Move clean up
commands into cleanup() function.
Signed-off-by: Mikko Rapeli
Signed-off-by: Alexandre Belloni
(cherry picked from commit 079c2935d2f585ce49e1c7daab2155fcf0094c48)
Signe
From: Joe Slater
This has already been done for oe-core/master.
Signed-off-by: Joe Slater
Signed-off-by: Steve Sakoman
---
meta/recipes-support/nghttp2/nghttp2_1.47.0.bb | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
b/meta/recipes-supp
Signed-off-by: Khem Raj
---
...hash_t-instead-of-long-in-PyCOMPS_ha.patch | 66 +++
.../libcomps/libcomps_0.1.19.bb | 1 +
2 files changed, 67 insertions(+)
create mode 100644
meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-P
Signed-off-by: Khem Raj
---
...y_hash_t-instead-of-long-in-hdr_hash.patch | 35 +++
meta/recipes-devtools/rpm/rpm_4.18.0.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.pa
>From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the firs
This should have been caught by meta/lib/oeqa/sdk/cases/buildepoxy.py
- why wasn't it? Does the test need to be fixed?
Alex
On Fri, 3 Mar 2023 at 19:45, Tom Hochstein wrote:
>
> From an SDK, running a meson setup build without an explicit setup
> command can result in a native build when a cross
On Fri, Mar 3, 2023 at 11:08 AM, Alexander Kanavin wrote:
>
> This should have been caught by meta/lib/oeqa/sdk/cases/buildepoxy.py
> - why wasn't it? Does the test need to be fixed?
The simple test case doesn't have the problematic syntax. Should I add this to
the patch?
diff --git a/meta/lib
>From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the firs
The meson wrapper setup command detection is broken in the case of an
implicit setup command with an option with a space-separated argument,
but the test was not detecting it since the case was not covered.
Add the option `--warnlevel 1` to the meson command line to cover this
case.
Signed-off-by
Hello,
This still fails on the autobuilders:
2023-03-03 19:19:37,778 - oe-selftest - INFO -
imagefeatures.ImageFeatures.test_image_fstypes (subunit.RemotedTestCase)
2023-03-03 19:19:37,779 - oe-selftest - INFO - ... FAIL
2023-03-03 19:19:37,779 - oe-selftest - INFO - 2: 21/40 359/523 (131.33s)
48 matches
Mail list logo