I have meanwhile been addressing all these issues in parallel with
pidge. There's a patch here:
https://git.yoctoproject.org/poky-contrib/log/?h=akanavin/package-version-updates
and it doesn't show issues in a-full. If you''re pressed for time, I
can simply submit my version when the whole
There was a race condition during the Makefile execution in
between the assemble and compile targets, only the assemble
target had a dependency on creating the build directory.
If the compile target was executed first, an error was thrown
by bitbake since the build directory did not exist yet:
|
This ensures that weak algorithms are not included, which should improve
the defauls to be more secure
Signed-off-by: Khem Raj
---
meta/recipes-core/libxcrypt/libxcrypt.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc
Signed-off-by: Khem Raj
---
.../0001-gallium-Fix-build-with-llvm-17.patch | 34 +++
meta/recipes-graphics/mesa/mesa.inc | 6
2 files changed, 40 insertions(+)
create mode 100644
meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch
diff
These symbols are currently generated as undefined in the shared object,
which means we really do not need them.
Signed-off-by: Khem Raj
---
meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
But then you can set the parameters as you want them in your local
configuration. Setting -g globally in the absence of DEBUG_BUILD needs
a use case that applies to most users.
Alex
On Thu, 22 Jun 2023 at 19:11, Maxime Roussin-Bélanger
wrote:
>
> Hi Alex,
>
> I don't want a complete debug
On Thu, 22 Jun 2023 at 20:04, Maxime Roussin-Bélanger
wrote:
> > I'm not sure I understand this. The check is to ensure build process
> > works as it should, specifically to prevent build host ownership
> > leaking into packages. Yes this information doesn't matter when these
> > packages are
On 22 June 2023 19:01, openembedded-core@lists.openembedded.org wrote:
> If there are other tap interfaces than the interfaces created by the
> runqemu-* scripts, these interfaces are not ignored. This is now fixed
> by filtering the interfaces for a specific prefix in the interface name.
>
>
On Fri, 2023-06-23 at 11:33 +0200, Martin Jansa wrote:
> mke2fs.real, mkfs.ext2.real, mkfs.ext3.real, mkfs.ext4.real are indentical
> binary with multiple hardlinks and we end calling patchelf-uninative 4
> times even when the interpreter is already set correctly from the build
>
> To avoid
On 22 Jun 2023, at 13:00, Andrej Valek via lists.openembedded.org
wrote:
> - Replace CVE_CHECK_IGNORE with CVE_STATUS to be more flexible.
> The CVE_STATUS should contain an information about status wich
> is decoded in 3 items:
> - generic status: "Ignored", "Patched" or "Unpatched"
> - more
Hello Eilís,
On Fri, 23 Jun 2023 11:21:29 +0100
Eilís 'pidge' Ní Fhlannagáin wrote:
> On 23/06/2023 09:46, Luca Ceresoli wrote:
> > Hello Eilís,
> >
> > On Thu, 22 Jun 2023 15:42:14 +0100
> > Eilís 'pidge' Ní Fhlannagáin wrote:
> >
> >> Nothing really surprising here, except we should note
Hi Luca,
On Mon, 2023-06-05 at 16:13 +0200, Luca Ceresoli via lists.openembedded.org
wrote:
> From: Luca Ceresoli
>
> Writing a simple recipe that inherits kernel.bbclass and downloads a kernel
> tarball (e.g. a mainline release from kernel.org) via http or ftp fails
> with either:
>
>
From: Ross Burton
The replacement cve-update-nvd2-native is working, so we can remove the
old recipe now.
Signed-off-by: Ross Burton
---
meta/conf/distro/include/maintainers.inc | 1 -
meta/lib/oeqa/selftest/cases/distrodata.py| 2 +-
.../recipes-core/meta/cve-update-db-native.bb
From: Ross Burton
This CVE now has a version range, indicating that this Ghostscript
release isn't vulnerable.
Signed-off-by: Ross Burton
---
meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb | 3 ---
1 file changed, 3 deletions(-)
diff --git
From: Ross Burton
When requesting updates in a specific range, use the actual current time
and database mtime instead of truncating to midnight, and explicitly set
the timezone to UTC so that NIST don't treat the timestamps as _their_ local
time when they're _our_ local time.
Signed-off-by:
From: Ross Burton
Some CVEs, such as CVE-2013-6629, list multiple configurations which are
vulnerable. The current JSON parser only considers the first
configuration.
Instead, consider every configuration. We don't yet handle the AND/OR
logical operators, but this is a step in the right
On 22 June 2023 19:01, openembedded-core@lists.openembedded.org wrote:
> ip tuntap does not need the uid, it was an unused variable/parameter.
> Backward compatibility should be fine.
>
> Signed-off-by: Adrian Freihofer
> ---
> scripts/runqemu-ifup | 13 -
> 1 file changed, 8
Hello Eilís,
On Thu, 22 Jun 2023 15:42:16 +0100
Eilís 'pidge' Ní Fhlannagáin wrote:
> Tracking https://gitlab.freedesktop.org/wayland/weston/-/issues/488
> we're keeping -Ddeprecated-launcher-logind but plans should be made to
> remove this/work around.
>
> We also need to add xcb-util-cursor
After discussion in all parallel threads we proposed following variant which
covers both expressed requirements to have very small number of different cve
statuses and also very large number of them at the same time.
This is a compromise version which maybe is not ideal but deals with
conflicting
From: Andrej Valek
- Replace CVE_CHECK_IGNORE with CVE_STATUS to be more flexible.
The CVE_STATUS should contain an information about status wich
is decoded in 3 items:
- generic status: "Ignored", "Patched" or "Unpatched"
- more detailed status enum
- description: free text describing reason
From: Andrej Valek
- After introducing the CVE_STATUS and CVE_CHECK_STATUSMAP flag
variables, CVEs could contain a more information for assigned statuses.
- Add an example conversion in logrotate recipe.
Signed-off-by: Andrej Valek
---
meta/lib/oeqa/selftest/cases/cve_check.py | 26
On Fri, 2023-06-23 at 10:02 +, Ross Burton wrote:
> On 22 Jun 2023, at 13:00, Andrej Valek via lists.openembedded.org
> wrote:
> > - Replace CVE_CHECK_IGNORE with CVE_STATUS to be more flexible.
> > The CVE_STATUS should contain an information about status wich
> > is decoded in 3 items:
> >
Hello Peter,
On Thu, 22 Jun 2023 17:34:13 +0100
"Peter Hoyes" wrote:
> From: Peter Hoyes
>
> The testdata.json file generated as part of the rootfs postprocess
> commands currently contains almost all Bitbake variables and is used by
> OEQA test cases to inspect the build environment. However
Hello Eilís,
On Thu, 22 Jun 2023 15:42:14 +0100
Eilís 'pidge' Ní Fhlannagáin wrote:
> Nothing really surprising here, except we should note that launcher-logind is
> being depreciated so some thought on how that is dealt with will need to occur
Should we file a bug in bugzilla to avoid
Hi Luca,
Luca Ceresoli escreveu no dia quinta,
22/06/2023 à(s) 17:36:
> Hi Jose,
>
> On Thu, 22 Jun 2023 08:44:51 +
> "Jose Quaresma" wrote:
>
> > Also take the oportunity to only add configuration files to FILES
> > and CONFFILES when they exist and are used.
> >
> > The modules-load.d
mke2fs.real, mkfs.ext2.real, mkfs.ext3.real, mkfs.ext4.real are indentical
binary with multiple hardlinks and we end calling patchelf-uninative 4
times even when the interpreter is already set correctly from the build
To avoid corrupted binaries created by patchelf-0.18.0 when set-interpreter
is
Hi Max,
I use the following lines in my local.conf file (on kirkstone). Maybe that this
is not
optimal as it may cause silent side effects in case the original values for
BUILDSDK_OPTIMIZATION/_CFLAGS/_CXXFALGS will change same day.
# Build -nativesdk packages with debug info (required for
On Fri, 23 Jun 2023 at 17:42, Christian Eggers wrote:
> In my project I have added BBCLASSEXTEND="nativesdk" to many bbappends in
> order to have most
> libraries I use on my target also for nativesdk (I can compile my embedded
> application also
> for nativesdk then). As debugging performance
On Fri, 23 Jun 2023, 08:32 , wrote:
> From: Ross Burton
>
> Some CVEs, such as CVE-2013-6629, list multiple configurations which are
> vulnerable. The current JSON parser only considers the first
> configuration.
>
> Instead, consider every configuration. We don't yet handle the AND/OR
>
On Fri, Jun 23, 2023 at 3:50 AM Alexander Kanavin
wrote:
>
> But then you can set the parameters as you want them in your local
> configuration. Setting -g globally in the absence of DEBUG_BUILD needs
> a use case that applies to most users.
>
> Alex
If user wants to install nativesdk dgb/src
On Fri, Jun 23, 2023 at 3:53 AM Alexander Kanavin
wrote:
>
> On Thu, 22 Jun 2023 at 20:04, Maxime Roussin-Bélanger
> wrote:
> > > I'm not sure I understand this. The check is to ensure build process
> > > works as it should, specifically to prevent build host ownership
> > > leaking into
On Fri, 23 Jun 2023 at 16:59, Maxime Roussin-Bélanger
wrote:
> If user wants to install nativesdk dgb/src package you need to add that flag,
> so instead of modifying the `BUILDSDK_CPPFLAGS`, it should probably be
> documented.
>
> Do you have any pointers where it could be documented?
The Yocto
On Fri, 23 Jun 2023 at 16:56, Maxime Roussin-Bélanger
wrote:
> When you mention `packages`, do you mean the .rpm, .deb, etc?
>
> What would be proper desired ownership inside those packages
> for a nativesdk -src package? Is it suppose to be root?
You can probably check how these packages get
From: Randolph Sapp
Backport all the weston-init QOL updates. Getting closer to the point
where we can actually drop our distro specific weston-init bbappend. May
submit a few more QOL patches sooner or later to completely drop it.
Resubmitting this because I forgot to CC Steve and myself on
From: Randolph Sapp
Add the weston user to the wayland group so all users accessing the
global weston socket in /run all share a group.
Signed-off-by: Randolph Sapp
Signed-off-by: Alexandre Belloni
---
meta/recipes-graphics/wayland/weston-init.bb | 2 +-
1 file changed, 1 insertion(+), 1
From: Randolph Sapp
Add the render group explicitly here to make sure it exists for the
useradd command.
Signed-off-by: Randolph Sapp
Signed-off-by: Alexandre Belloni
---
meta/recipes-graphics/wayland/weston-init.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Randolph Sapp
I know my text editor is going to get angry at me if this continues.
Signed-off-by: Randolph Sapp
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/wayland/weston-init.bb | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git
From: Randolph Sapp
Just as sysvinit scripts shouldn't be present in a distro using systemd,
systemd scripts shouldn't be present in a system not using systemd.
Signed-off-by: Randolph Sapp
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/wayland/weston-init.bb | 29
From: Randolph Sapp
Add profile script to point users capable of interacting with the global
socket to it by default.
Signed-off-by: Randolph Sapp
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/wayland/weston-init.bb | 3 +++
.../wayland/weston-init/weston-socket.sh | 20
From: Randolph Sapp
The weston user must be in the render group in order to access render
device nodes for standard user-space graphics.
Signed-off-by: Randolph Sapp
Signed-off-by: Alexandre Belloni
---
meta/recipes-graphics/wayland/weston-init.bb | 2 +-
1 file changed, 1 insertion(+), 1
From: ssuesens
set xwayland support in weston.init file to true
Signed-off-by: ssuesens
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/wayland/weston-init.bb | 4
1 file changed, 4 insertions(+)
diff --git
From: Ming Liu
Some BSPs dont support xwayland in weston, this is easier for them to
control that.
Signed-off-by: Ming Liu
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/wayland/weston-init.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git
gcc stable version upgraded from v12.2 to v12.3
Below is the bug fix list for v12.3
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED=FIXED_milestone=12.3
Signed-off-by: Sundeep KOKKONDA
---
meta/recipes-devtools/gcc/{gcc-12.2.inc => gcc-12.3.inc}| 6 +++---
Fixes a bug where a buffer was used after a potential reallocation.
Signed-off-by: Natasha Bailey
---
.../libtiff/files/CVE-2023-26965.patch| 99 +++
meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 1 +
2 files changed, 100 insertions(+)
create mode 100644
https://git.yoctoproject.org/poky/commit/?id=1ee93dc114df26d94310682e6a632327e8bce062
mandates gobject-introspection-data DISTRO_FEATURE which is not availabe for
native.
Thus python3-pygobject-native gets unbuildable
ERROR: Nothing PROVIDES 'python3-pygobject-native'
python3-pygobject-native
On 23/06/2023 09:46, Luca Ceresoli wrote:
Hello Eilís,
On Thu, 22 Jun 2023 15:42:14 +0100
Eilís 'pidge' Ní Fhlannagáin wrote:
Nothing really surprising here, except we should note that launcher-logind is
being depreciated so some thought on how that is dealt with will need to occur
Should
On 23/06/2023 11:16, Luca Ceresoli wrote:
Hello Eilís,
On Thu, 22 Jun 2023 15:42:16 +0100
Eilís 'pidge' Ní Fhlannagáin wrote:
Tracking https://gitlab.freedesktop.org/wayland/weston/-/issues/488
we're keeping -Ddeprecated-launcher-logind but plans should be made to
remove this/work around.
On 23 Jun 2023, at 18:50, Markus Volk via lists.openembedded.org
wrote:
>
> https://git.yoctoproject.org/poky/commit/?id=1ee93dc114df26d94310682e6a632327e8bce062
> mandates gobject-introspection-data DISTRO_FEATURE which is not availabe for
> native.
> Thus python3-pygobject-native gets
Due to a space in the URL the backport resolves to the wrong patch (HEAD) which
is included rather than the one actually at
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18
From:
49 matches
Mail list logo