Re: [oe-core][PATCH 2/4] python3: add libxcrypt-native dependency

On Sun, 2023-05-28 at 17:16 +0200, Alexander Kanavin wrote: > Adding libxcrypt-native to DEPENDS definitely isn't correct, so you > could check why virtual/crypt dependency isn't working properly for > adding the needed headers into native variant's sysroot. If all fails, > adjust

Re: [OE-core][PATCH] uninative: Upgrade to 4.0 to include latest gcc 13.1.1

Works on gentoo with 13.1.1_p20230520 which was failing before and seems to work with 13.1.1_p20230527 as well (I did only a few builds since upgrade this morning). Thanks Tested-By: Martin Jansa On Mon, May 29, 2023 at 1:04 AM Michael Halstead < mhalst...@linuxfoundation.org> wrote: >

[OE-core][PATCH v2] sysstat: Fix CVE-2023-33204

From: Xiangyu Chen References: https://nvd.nist.gov/vuln/detail/CVE-2023-33204 https://ubuntu.com/security/CVE-2023-33204 Upstream Patch: https://github.com/sysstat/sysstat/commit/954ff2e2673c Signed-off-by: Xiangyu Chen Signed-off-by: Sanjay Chitroda ---

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

The patch author seems a bit mangled by ML, see: author schitrod=cisco@lists.openembedded.org 2023-05-27 22:52:52 -0700 https://git.openembedded.org/openembedded-core/commit/?h=master-next=5f15caa526bb57070b9abb9ba2f488ee1bfb5372 Is it correct? On Sun, May 28, 2023 at 7:53 AM Sanjaykumar

Re: [OE-core][PATCH v3 1/3] cve-check: add option to add additional patched CVEs

Hello again Richard, Maybe this email was little bit unclear..., so I will try to recap it here. There are 2 open points, where some final decision has to be made. - Could we rename the CVE_STATUS_REASONING -> CVE_STATUS_REASON? The first idea came from you. - What is the final enum for

[OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

Cargo build is failing on 32-bit machines with a 'signal: 11, SIGSEGV: invalid memory reference error'. This is a workaround to disable the Debug builds for 32-bit machines. Signed-off-by: Sundeep KOKKONDA --- meta/classes-recipe/cargo.bbclass | 5 + 1 file changed, 5 insertions(+) diff

[OE-core] [PATCH] pybootchartgui: show elapsed time for each task

From: Mauro Queiros Currently, finding the elapsed time of each task in buildtimes.svg is a manual effort of checking the top axis and finding and subtracting the end and start time of the task. This change adds the elapsed time for each task, so that manual effort of comparing start/end time

[OE-core] Current high bug count owners for Yocto Project 4.3

All, Below is the list as of top 34 bug owners as of the end of WW21 of who have open medium or higher bugs and enhancements against YP 4.3. There are 104 possible work days left until the final release candidates for YP 4.3 needs to be released. Who Count ross.bur...@arm.com 32

[OE-core] [mickledore 2/6] linux-yocto/5.15: update to v5.15.109

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: f48aeeaaa64c Linux 5.15.109 4aed6b5809bb soc: sifive: l2_cache: fix missing of_node_put() in sifive_l2_init() 71e7ed6e3aa9 soc: sifive: l2_cache: fix missing free_irq() in error

[OE-core] [mickledore 1/6] yocto-bsps: update to v5.15.106

From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: d86dfc4d95cd Linux 5.15.106 06a948b8347c x86/PVH: avoid 32-bit build warning when obtaining VGA console info 3abdf6d71fdb hsr: ratelimit only when errors are

[OE-core] [mickledore 3/6] linux-yocto/5.15: update to v5.15.110

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 8a7f2a5c5aa1 Linux 5.15.110 cab0f985037b riscv: No need to relocate the dtb as it lies in the fixmap region 1f09c9bab723 riscv: Do not set initial_boot_params to the linear

[OE-core] [mickledore 4/6] linux-yocto/5.15: update to v5.15.111

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: b0ece631f84a Linux 5.15.111 0a008c5098d8 sched: Fix DEBUG && !SCHEDSTATS warn 21c2a454486d netfilter: nf_tables: deactivate anonymous set from preparation phase aa6ff950f875

[OE-core] [mickledore 5/6] linux-yocto/5.15: update to v5.15.112

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 9d6bde853685 Linux 5.15.112 0788273bd0a6 drm/amd/display: Fix hang when skipping modeset de9a3ed42333 RISC-V: Fix up a cherry-pick warning in setup_vm_final() 3c9b08a16978

[OE-core] [mickledore 6/6] linux-yocto/5.15: update to v5.15.113

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 1fe619a7d252 Linux 5.15.113 7de20a23e52a HID: wacom: add three styli to wacom_intuos_get_tool_type 25b835d40838 HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs

[OE-core] [dunfell 1/5] linux-yocto/5.4: update to v5.4.238

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 6849d8c4a61a Linux 5.4.238 eb7716a054a6 HID: uhid: Over-ride the default maximum data buffer value with our own b687ac70e66a HID: core: Provide new max_buffer_size attribute to

[OE-core] [dunfell 2/5] linux-yocto/5.4: update to v5.4.240

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 32bea3bac5ca Linux 5.4.240 4d4cb7663613 gfs2: Always check inode size of inline inodes 928240c36891 firmware: arm_scmi: Fix device node validation for mailbox transport

[OE-core] [kirkstone 1/5] linux-yocto/5.10: update to v5.10.176

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: ca9787bdecfa Linux 5.10.176 e57f797e3ffa HID: uhid: Over-ride the default maximum data buffer value with our own 9bc878756b01 HID: core: Provide new max_buffer_size attribute to

[OE-core] [kirkstone 2/5] linux-yocto/5.10: update to v5.10.177

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 387078f9030c Linux 5.10.177 34a02011c5d1 hsr: ratelimit only when errors are printed 7c414f6f06e9 gfs2: Always check inode size of inline inodes 3392d67af0a4 ext4: fix kernel

[OE-core] [kirkstone 3/5] linux-yocto/5.10: update to v5.10.178

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 791a854ae5a5 Linux 5.10.178 f177b382c339 sysctl: Fix data-races in proc_dou8vec_minmax(). 56314b90fd43 panic, kexec: make __crash_kexec() NMI safe d425f348211f kexec: turn all

[OE-core] [kirkstone 4/5] linux-yocto/5.10: update to v5.10.179

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: f1b32fda06d2 Linux 5.10.179 0367bf3f4a4e ASN.1: Fix check for strdup() success 4ab5f8f9d026 ASoC: fsl_asrc_dma: fix potential null-ptr-deref 42604b4ad5f3 iio: adc:

[OE-core] [dunfell 4/5] linux-yocto/5.4: update to v5.4.242

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: ea7862c507ec Linux 5.4.242 d54a9f999ea7 ASN.1: Fix check for strdup() success 2500d7edebfb iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()

[OE-core] [dunfell 5/5] linux-yocto/5.4: update to v5.4.243

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: f53660ec669f Linux 5.4.243 d60f15682a5c drm/amd/display: Fix hang when skipping modeset 93ca0d7b88e8 mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock

[OE-core] [dunfell 3/5] linux-yocto/5.4: update to v5.4.241

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 58f42ed1cd31 Linux 5.4.241 879593643717 xfs: force log and push AIL to clear pinned inodes when aborting mount c76dd368759a xfs: don't reuse busy extents on extent trim

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

Yes, the same issues are present in master branch. But this series of patches won't work on master, it needs some adaptation. Because in kirkstone we have Nodejs 16.19.1 and in master we have Nodejs 18.16, and they generate shrinkwrap files that are slightly different. For Mickledore, I didn't

[OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

Forgot to reply all! -- Forwarded message - From: Steve Sakoman Date: Mon, May 29, 2023 at 12:58 PM Subject: Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts To: On Mon, May 29, 2023 at 10:16 AM wrote: > >

Re: [OE-core][kirkstone][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

On Mon, May 29, 2023 at 12:16 AM Riyaz Ahmed Khan wrote: > > As upstream removed this BSD-4-clause license, there are still some files > has this license. Below file affected by this BSD-4-clause contents when > below command is executed > grep -rl "All advertising materials mentioning features

[OE-core] [kirkstone 5/5] linux-yocto/5.10: update to v5.10.180

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 4c893ff55907 Linux 5.10.180 3ebe5d6d69ce drm/amd/display: Fix hang when skipping modeset a992c387b411 mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

Hi Richard, Please find below information on specific SQLite3. NVD has CVEs reported for sqlite against two different products: 1. sqlite:sqlite - Ref: https://nvd.nist.gov/vuln/detail/CVE-2020-13435 - This product is applicable to our sqlite3 SDK source 2. ghost:sqlite3

[OE-core][kirkstone][PATCH 3/4] curl: Fix CVE-2023-28321

From: Bhabu Bindu Add patch to fix CVE-2023-28321 IDN wildcard match curl supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This

[OE-core][kirkstone][PATCH 4/4] curl: Fix CVE-2023-28322

From: Bhabu Bindu Add patches to fix CVE-2023-28322 more POST-after-PUT confusion When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle

[OE-core][kirkstone][PATCH 2/4] curl: Fix CVE-2023-28320

From: Bhabu Bindu Add patch to fix CVE-2023-28320 siglongjmp race condition libcurl provides several different backends for resolving host names, selectedat build time. If it is built to use the synchronous resolver, it allows nameresolves to time-out slow operations using `alarm()` and

[OE-core][kirkstone][PATCH 1/4] curl: Fix CVE-2023-28319

From: Bhabu Bindu Add patch to fix CVE-2023-28319 UAF in SSH sha256 fingerprint check libcurl offers a feature to verify an SSH server's public key using a SHA 256hash. When this check fails, libcurl would free the memory for the fingerprintbefore it returns an error message containing the

Re: [OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

On Mon, 2023-05-29 at 15:12 +0530, Sundeep KOKKONDA wrote: > Cargo build is failing on 32-bit machines with a 'signal: 11, SIGSEGV: > invalid memory reference error'. > This is a workaround to disable the Debug builds for 32-bit machines. > > Signed-off-by: Sundeep KOKKONDA > --- >

Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

Are these same issues present in the master branch? If so, this series should be submitted for the master branch first, and I will then backport to kirkstone (and mickledore). Steve On Fri, May 26, 2023 at 8:25 PM wrote: > > From: BELOUARGA Mohamed > > Npm packages do not have yocto friendly

Re: [OE-core] [PATCH] u-boot: do_compile depends on the value of UBOOT_LOCALVERSION

On Mon, May 29, 2023 at 01:41:00PM +0100, Richard Purdie wrote: > On Sun, 2023-05-28 at 17:15 +, Denys Dmytriyenko wrote: > > UBOOT_LOCALVERSION is often used to pass SCM commit SHA to the code > > via populating .scmversion file at the start of do_compile(). Let's > > explicitly mark

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

Hi, I have proposed second commit to revert Revert "sqlite3: update CVE_PRODUCT" - Patchwork (yoctoproject.org). Once above commit is added on master then we don’t require to add this commit.

[OE-core][kirkstone][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

Hi Richard, Please find below information on specific SQLite3. NVD has CVEs reported for sqlite against two different products: 1. sqlite:sqlite - Ref: https://nvd.nist.gov/vuln/detail/CVE-2020-13435 - This product is applicable to our sqlite3 SDK source 2. ghost:sqlite3

[OE-core][kirkstone][PATCH] openssh: Remove BSD-4-clause contents completely from codebase

As upstream removed this BSD-4-clause license, there are still some files has this license. Below file affected by this BSD-4-clause contents when below command is executed grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort

Re: [oe-core][PATCH 2/4] python3: add libxcrypt-native dependency

On Mon, 2023-05-29 at 14:02 +0200, Markus Volk wrote: > Am Mo, 29. Mai 2023 um 08:08:09 +0100 schrieb Richard Purdie > : > > Alex is right and I should have spotted this, the -native > > dependency > > definitely isn't right. We'll either need to fix things or revert > > them > > and wait for the

Re: [OE-core] [PATCH] u-boot: do_compile depends on the value of UBOOT_LOCALVERSION

On Sun, 2023-05-28 at 17:15 +, Denys Dmytriyenko wrote: > UBOOT_LOCALVERSION is often used to pass SCM commit SHA to the code > via populating .scmversion file at the start of do_compile(). Let's > explicitly mark do_compile() as depending on the the value of this > variable to avoid errors

Re: [OE-core][PATCH v2] sysstat: Fix CVE-2023-33204

Hi, Updated patchset and commit format as per reference CVE guideline. Thanks, Sanjay -Original Message- From: openembedded-core@lists.openembedded.org On Behalf Of Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org Sent: Monday, May

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

On Mon, 2023-05-29 at 08:39 +, Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) wrote: > Hi, >   > I have proposed second commit to revertRevert "sqlite3: update > CVE_PRODUCT" - Patchwork (yoctoproject.org). >   > Once above commit is added on master then we don’t

[OE-core] [PATCH] Revert "python3/ruby/shadow: Revert add libxcrypt-native dependency"

This reverts commit c6198e1b1c3e3a3413b6ff9f014b40114f1850db. This reverts commit 167c2c9f15c1bfe401c0512e420a76fa1379c012. This reverts commit 65532fc751dc00e5568e256166f7b259d3a3c06c. The dependencies should not be a -native in the target case. Revert these whilst the proper patch is worked

Re: [OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

I still did not get this reproduced on rust sources (Since it is occurring only on 32-bit builds, the rust build is giving some unknown errors which are yet to be analyzed...). Until then, to avoid DEBUG_BUILD failures this workaround is sent. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all

[OE-core][PATCH] libsdl2: disable SDL's own ccache

From: Chen Qi OE has its own ccache mechanism, disable libsdl2's own ccache searching/enabling mechanism. Otherwise, if ccache is installed on system, it will be used by default. Signed-off-by: Chen Qi --- meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb | 1 + 1 file changed, 1 insertion(+)