On 15.11.2023 08:30, Lukas Funke wrote:
Hi Slava,
No problem. Party is still going on. The 'modules.txt' is intendet to
be in your ${WORKDIR} as it is part of the SRC_URI, generated by
the recipetool. My guess would be, that there is some
missconfiguration in your SRC_URI?
Yes, I noticed
Hi Slava,
On 15.11.2023 06:59, Vyacheslav Yurkov wrote:
Hi Lukas,
Thanks for the v3. I know I'm late to the party, because it's already
merged, but my testing results are below anyway.
No problem. Party is still going on. The 'modules.txt' is intendet to be
in your ${WORKDIR} as it is part
From: Vijay Anusuri
import patches from ubuntu to fix
CVE-2023-43785
CVE-2023-43786
CVE-2023-43787
Upstream-Status: Backport [import from ubuntu
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
Hi Lukas,
Thanks for the v3. I know I'm late to the party, because it's already
merged, but my testing results are below anyway.
The series seems to have handled my ssh URL correctly.
I've got an error in do_go_vendor though.
File: ''/meta/classes/go-vendor.bbclass', lineno: 166, function:
On 11/14/23 01:34, Ross Burton wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On 11 Nov 2023, at 10:30, Xiangyu Chen via lists.openembedded.org
wrote:
Taken a patch
From: Xiangyu Chen
The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:
systemd[1]: sshd.service start operation timed out. Terminating.
sshd[374]: Received signal 15; terminating.
When
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/dunfell-v2-libx11-backport-Debian-patches-to-fix-CVE-2023-43785-CVE-2023-43786-and-CVE-2023-43787.patch
FAIL: test
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/dunfell-libx11-backport-Debian-patches-to-fix-CVE-2023-43785-CVE-43786-and-CVE-2023-43787.patch
FAIL: test
From: Vijay Anusuri
import patches from ubuntu to fix
CVE-2023-43785
CVE-2023-43786
CVE-2023-43787
Upstream-Status: Backport [import from ubuntu
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
From: Vijay Anusuri
import patches from ubuntu to fix
CVE-2023-43785
CVE-2023-43786
CVE-2023-43787
Upstream-Status: Backport [import from ubuntu
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/dunfell-11-17-cve-check-slightly-more-verbose-warning-when-adding-the-same-package-twice.patch
FAIL: test shortlog
There are cached reproducibility issues on the autobuilder due to CFLAGS
issues, flush the bad data out the system by bumping the versions.
Signed-off-by: Steve Sakoman
---
meta/recipes-support/lz4/lz4_1.9.2.bb | 4
1 file changed, 4 insertions(+)
diff --git
From: Ross Burton
We don't make do_cve_check depend on do_unpack because that would be a
waste of time 99% of the time. The compromise here is that we can't
scan remote patches for issues, but this isn't a problem so downgrade
the warning to a note.
Also move the check for CVEs in the filename
This test will fail any time the host has libdrm > 2.4.107
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/selftest/cases/runtime_test.py | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py
From: Mikko Rapeli
Currently lz4 uses it's own defaults which include O3 optimization.
Switch from O3 to bitbake default O2 reduces binary package size
from 467056 to 331888 bytes. Enables also building with Os if needed.
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
(cherry
From: Naveen Saini
Branch 'master' renamed to 'unstable', which causing following failure.
Error:
Fetcher failure: Unable to find revision
cb19bbfbe7e52174332f68bf2f295b39d119fad3 in branch master even from upstream
Switch to 'unstanble' branch.
Signed-off-by: Naveen Saini
Signed-off-by:
From: Naveen Saini
Branch 'assimp_5.0_release' is not present in repo.
Error:
assimp-5.0.1-r0 do_fetch: Fetcher failure: Unable to find revision
8f0c6b04b2257a520aaab38421b2e090204b69df in branch assimp_5.0_release even from
upstream
Set nobranch=1, to fetch from v5.0.1 tag.
Signed-off-by:
From: Ross Burton
The JSON report generated by the cve-check class is basically a huge
list of packages. This list of packages is, however, unsorted.
To make things easier for people comparing the JSON, or more
specifically for git when archiving the JSON over time in a git
repository, we can
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve
From: Ross Burton
Occasionally the cve-check tool will warn that it is adding the same
package twice. Knowing what this package is might be the first step
towards understanding where this message comes from.
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit
This reverts commit 45ce9885351a2344737170e6e810dc67ab3e7ea9.
Unfortunately this backport results in qemuarmv5 failing to boot with
a qemu lsi hw error.
[YOCTO #15274]
See discussion: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15274
Signed-off-by: Steve Sakoman
---
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.
Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.
CVE: CVE-2023-4863
References:
From: Ashish Sharma
Upstream-Status: Backport from
[https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]
Signed-off-by: Ashish Sharma
Signed-off-by: Steve Sakoman
---
.../zlib/zlib/CVE-2023-45853.patch| 40 +++
From: Peter Marko
This vulnerability was introduced in 2.36, so 2.31 is not vulnerable.
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-core/glibc/glibc_2.31.bb | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb
Please review this set of changes for dunfell and have comments back by
end of day Thursday, November 16
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6194
The following changes since commit 0dbf3a15321b8033ff8ed86c6aa261fdb9c3d5bb:
From: Vijay Anusuri
Upstream-Status: Backport [import from debian
security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz
Upstream commit
https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee]
Reference:
From: Hitendra Prajapati
Upstream-Status: Backport from
https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../libtiff/files/CVE-2023-40745.patch| 34 +++
From: Vijay Anusuri
- The commit
[https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
fixes CVE-2023-3576
- Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch
- Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
index
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/selftest-reproducible-Allow-packages-exclusion-via-config.patch
FAIL: test max line length: Patch line too long
Le mer. 15 nov. 2023 à 00:53, Yoann Congal a écrit :
>
> From: Richard Purdie
>
> OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
> not-reproducible packages to make the reproducible test fail.
>
> For example, in local.conf:
> OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES =
Hi Richard,
Le mer. 15 nov. 2023 à 00:32, Richard Purdie
a écrit :
>
> Add a new variable to the reproducible test so the list of excluded
> packages can be extended from the metadata. This might be useful for
> meta-openembedded for example so known issues can be excluded and
> therefore new
From: Richard Purdie
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
not-reproducible packages to make the reproducible test fail.
For example, in local.conf:
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "example-not-reproducible"
To quote the original exclusion commit
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/1-2-oeqa-selftest-reproducible-Add-OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES-support.patch
FAIL: test max line length:
Add a new variable to the reproducible test so the list of excluded
packages can be extended from the metadata. This might be useful for
meta-openembedded for example so known issues can be excluded and
therefore new regressions become more visible.
Signed-off-by: Richard Purdie
---
When making checkouts from git, the timestamps can vary and occasionally two
files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po
from
ru.po for example. If it isn't regenerated, the output isn't quite the same
leading
to reproducibility issues (CP1251 vs cp1251).
* Enable systemd knob for distros with systemd in them.
* Add dependency on gtk4 which is needed
* Package systemd unit files
* Add packageconfig for fribidi defaulted to disabled
Signed-off-by: Khem Raj
---
...01-Add-W_EXITCODE-macro-for-non-glibc-systems.patch | 4 ++--
Android-targeted devices support so called sparse image format. This is
the raw filesystem image with dropped zero blocks. This way the image
takes less space and the bootloaders and/or filesystem manipulation
tools can flash it quicker (as they do not have to write useless
sequences of zeroes).
Typically the generated filesystem image contains a lot of free space,
which is filled with zeroes. Android ecosystem has come up with the
'sparse' image formwat, which basically drops all irrelevant data blocks
instead of storing them. This way the generated image consumes less
space when stored
The Android's simg2img/img2simg comes from android-tools, which is a
huge package with lots of dependencies on its own. It resides inside
meta-oe rather than OE-Core. Add lightweight tool to handle sparse
images, which is small enough to be pushed into OE-Core.
Signed-off-by: Dmitry Baryshkov
Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
Signed-off-by: Joakim Tjernlund
---
.../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++
meta/recipes-extended/shadow/shadow.inc | 30 +-
2 files changed,
Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
Signed-off-by: Joakim Tjernlund
---
.../base-passwd/base-passwd_3.5.29.bb | 24 ---
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git
Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
Signed-off-by: Joakim Tjernlund
---
meta/recipes-devtools/pseudo/pseudo.inc | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git
These patches adds the possibility to store passwd/shadow files
in a sub dir, like /etc/pwdb
In a RO Root FS one can bind mount a writeable dir on /etc/pwdb
to support password changes etc.
This patchset is to probe wether OE would be interested in such feature
Joakim Tjernlund (3):
From: Max Krummenacher
This reverts commit d1d09bd4d7be88f0e341d5fccbfbefeb98d4b727.
The commit not only removes the dependencies on the cross compiler
but also does not depend on e.g. virtual/${TARGET_PREFIX}compilerlibs
and virtual/libc which in turn makes the file-rdeps qa check fail
if
Brings following changes
* 98bfdac5ce82 [BranchFolding] Remove dubious assert from operator< (#71639)
* 12c6ee8fd204 [GlobalOpt] Cache whether CC is changeable (#71381)
* 0a1274224ef8 [libc++] Fix UB in related to "has value" flag
(#68552) (#68733)
* 42f8800b720f [clang] fix test PR69717.cpp
On Tue, 2023-11-14 at 07:29 -0800, Khem Raj wrote:
> If these directories are removed from binary, it does not find the
> needed libraries it may need from recipe-sysroot-native, e.g. when
> building with clang+llvm-runtime, it also builds rust-native with
> clang-native and links to libc++.so.1
${RUST_ALTERNATE_EXE_PATH_NATIVE} ${RUST_ALTERNATE_EXE_PATH}
-chrpath -d ${RUST_ALTERNATE_EXE_PATH}
fi
oe_cargo_fix_env
---
base-commit: abf3e54d118139e1fcd952a691b77a0c53db6a30
change-id: 20231114-rust-with-clang-21ace8ddf286
Best regards,
--
Khem Raj
Hello Martin,
The perf change uncovers:
https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/8098/steps/12/logs/warnings
https://autobuilder.yoctoproject.org/typhoon/#/builders/59/builds/8056/steps/12/logs/warnings
And many more
On 13/11/2023 08:25:24+0100, Martin Jansa wrote:
> *
-Original Message-
From: Alexander Kanavin
Sent: Tuesday, November 14, 2023 2:28 PM
> I'm fine with that. Can you tweak the tools?
Yeah I will, just need some time to work on this,
so it might take a bit of time.
Sincerely,
Jermain Horsman
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/PATCHv2-meta-classes-sed--i-destroys-symlinks.patch
FAIL: test shortlog format: Commit shortlog (first line of
On Wed, 8 Nov 2023 at 16:22, Jermain Horsman wrote:
> I was working with the assumption that not validating would not be
> acceptable.
> I guess it comes down to whether we (want to) trust the users to validate
> their input, or if we think it is more important to make sure that it is.
I'm not
If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed
Signed-off-by: Joakim Tjernlund
---
- v2: Use --follow-symlinks rather than realpath
meta/classes/rootfs-postcommands.bbclass | 4 ++--
On Wed, 8 Nov 2023 at 16:03, Jermain Horsman wrote:
> This is certainly a possibility, there isn't really any issue with this,
> however, it will checkout using a detached head which can be a
> bit of an annoyance if you do a subsequent create-layers-setup
> as all the branches will have changed
> On 14 Nov 2023, at 12:29, Ross Burton wrote:
>
> On 13 Nov 2023, at 09:18, luca fancellu via lists.openembedded.org
> wrote:
>> I see this one has been merged in master:
>> https://git.yoctoproject.org/poky/commit/?id=0f25c8aa775001166a03b8b215b7b9ab80ef4f9e
>>
>> Is it possible to
Hi all,
Intel and WR YP QA is planning for QA execution for YP build yocto-4.2.4.rc3.
We are planning to execute following tests for this cycle:
OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw
Runtime auto test for following platforms:
1. MinnowBoard Turbot - 32bit
Current Dev Position: YP 5.0 M1
Next Deadline: 4th December 2023 YP 5.0 M1 build
Next Team Meetings:
-
Bug Triage meeting Thursday November 16, 7:30 am PDT (
https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
-
Weekly Project Engineering Sync Tuesday November
On 13 Nov 2023, at 09:18, luca fancellu via lists.openembedded.org
wrote:
> I see this one has been merged in master:
> https://git.yoctoproject.org/poky/commit/?id=0f25c8aa775001166a03b8b215b7b9ab80ef4f9e
>
> Is it possible to backport this fix also to mickledore? Or should I send a
> patch
Lukas Funke escreveu no dia terça,
14/11/2023 à(s) 11:00:
> From: Malte Schmidt
>
> The documentation of systemd states that /etc/tmpfiles.d should be
> reserved for the local administrator and packages should put their files
> in /usr/lib/tmpfiles.d [1].
>
> [1]
On 13/11/2023 14:57:45+0100, Lukas Funke wrote:
> From: Stefan Herbrechtsmeier
>
> Extract patches without diffstats to reduce changes during patch
> refresh.
>
> Signed-off-by: Stefan Herbrechtsmeier
This also need your SoB
> ---
> meta/lib/oe/patch.py | 3 ++-
> 1 file changed, 2
On 13/11/2023 15:01:54+0100, Lukas Funke wrote:
> From: Malte Schmidt
>
Please include a commit message and don't forget SoB's
> ---
> scripts/lib/wic/plugins/source/rawcopy.py | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git
Hello Lukas,
On 14/11/2023 09:13:32+0100, Lukas Funke wrote:
> From: Malte Schmidt
>
> Adds features to explicitly write zeros to the start of the
> partition. This is useful to overwrite old content like
> filesystem signatures which may be re-recognized otherwise.
>
> The new features can be
From: Malte Schmidt
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
Signed-off-by: Malte Schmidt
From: Stefan Herbrechtsmeier
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
Signed-off-by: Stefan
From: Malte Schmidt
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
Signed-off-by: Malte Schmidt
From: Lukas Funke
The series intents to move tmpfiles.d configurations from /etc to /usr/lib.
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1]
From: Malte Schmidt
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
Signed-off-by: Malte Schmidt
From: Archana Polampalli
Only affects code running on Windows
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45284
https://nvd.nist.gov/vuln/detail/CVE-2023-45283
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
Signed-off-by: Archana Polampalli
---
On Thu, Oct 12, 2023 at 02:53 PM, Ross Burton wrote:
>
> I’d not noticed image-combined-dbg existed and do wonder if that shoud be
> the behaviour of the debug rootfs. Is there actually a use-case for a tarball
> which is _just_ the symbols?
>
The use for a rootfs containing just the debug
From: Lukas Funke
Adds features to explicitly write zeros to the start of the
partition. This is useful to overwrite old content like
filesystem signatures which may be re-recognized otherwise.
The new features can be enabled with
From: Malte Schmidt
Adds features to explicitly write zeros to the start of the
partition. This is useful to overwrite old content like
filesystem signatures which may be re-recognized otherwise.
The new features can be enabled with
71 matches
Mail list logo
