https://lore.kernel.org/all/b023614f7765fc003a4aa854440c0b66d200d27b.ca...@linuxfoundation.org/
On 07/03/2024 16:22:32-0800, leimaohui via lists.openembedded.org wrote:
> Ping
>
>
>
> > -Original Message-
> > From: openembedded-core@lists.openembedded.org
> > On Behalf Of Khem Raj
>
From: Enrico Scholz
Instead of shipping the whole configuration files for openssh, add
small patch includes configuration snippets from subdirectories.
This allows us to keep the original upstream configuration which is
mainly useful for documentation purposes. It makes it more easy to
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/1-7-v2-openssh-replace-complete-configuration-files-by-patch.patch
FAIL: test Signed-off-by presence: A patch file
patcht...@automation.yoctoproject.org writes:
> FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM changed
> without "License-Update:" tag and description in commit message
> (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
This failure seems to be
Hi,
Thank you very much. I'm sorry I didn't notice the same patch with me.
Best regards
Lei
> -Original Message-
> From: Alexandre Belloni
> Sent: Tuesday, March 12, 2024 6:26 AM
> To: Lei, Maohui
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH] glibc:
Packages + overrides are a very common way to configure/customize images.
Take OE itself as an example, the sshd_config is a conffile for openssh, but in
rootfs-postcommands.bbclass, it is customized.
This means sshd_config might be different from the one that is recorded in rpm
database. This
- add a backport patch to fix compatibility with older gtk4 versions
Signed-off-by: Markus Volk
---
...tk4-Preserve-compatibility-with-4.14.patch | 39 +++
meta/recipes-devtools/vala/vala_0.56.15.bb| 5 ++-
2 files changed, 43 insertions(+), 1 deletion(-)
create mode
Signed-off-by: Markus Volk
---
meta/recipes-devtools/vala/vala.inc| 71 -
meta/recipes-devtools/vala/vala_0.56.15.bb | 72 +-
2 files changed, 71 insertions(+), 72 deletions(-)
delete mode 100644 meta/recipes-devtools/vala/vala.inc
diff --git
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/PATCHv3-1-2-vala-merge-bb-and-inc-files.patch
FAIL: test commit message presence: Please include a commit message
On Thu, 2023-12-07 at 16:33 -1000, Steve Sakoman wrote:
> From: Narpat Mali
>
> cryptography is a package designed to expose cryptographic primitives
> and recipes to Python developers. Calling
> `load_pem_pkcs7_certificates`
> or `load_der_pkcs7_certificates` could lead to a NULL-pointer
>
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/PATCHv2-vala-fix-for-gtk4-prior-to-4.14.patch
FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM
From: Lee Chee Yang
libxml2 2.11.7
Security
[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
libxml2 2.11.6
Regressions
threads: Fix --with-thread-alloc
xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
Bug fixes
parser: Fix potential use-after-free in
From: Lee Chee Yang
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
* A file in PKCS12 format can contain certificates and keys and may
come from
an untrusted source. The PKCS12 specification allows certain fields
to be
NULL, but OpenSSL did not correctly check for this case. A fix has
been
From: Wang Mingyu
Changelog:
==
-Fix compiler error when checking if required blocks in parent templates are
empty.
-xmlattr filter does not allow keys with spaces.
-Make error messages stemming from invalid nesting of {% trans %} blocks more
helpful
upgrade include fix for
From: Soumya Sambu
Changelog:
=
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL
From: Wang Mingyu
bind-ensure-searching-for-json-headers-searches-sysr.patch
refreshed for 9.18.21
Changelog:
==
-Improve LRU cleaning behaviour.
-The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are
deprecated; a warning will be logged if they are used.
-BIND
From: Wang Mingyu
Changelog:
** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
** libgnutls: Add API functions to perform ECDH and DH key agreement
** libgnutls: Added support for AES-GCM-SIV ciphers
** libgnutls: transparent KTLS support is extended to FreeBSD
From: Simone Weiß
Upgrade version to adress recent CVE findings.
Changelog
=
** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange
[GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553]
** libgnutls: Fix assertion failure when verifying a certificate chain with a
Please split the .bb/.inc merge into a separate commit.
Alex
On Mon, 11 Mar 2024 at 08:21, Markus Volk wrote:
>
> - add a backport patch to fix compatibility with older gtk4 versions
> - merge .bb and .inc
>
> Signed-off-by: Markus Volk
> ---
> meta/recipes-devtools/vala/vala.inc |
On Sun, 2024-03-10 at 23:34 -0700, Anuj Mittal wrote:
> On Thu, 2023-12-07 at 16:33 -1000, Steve Sakoman wrote:
> > From: Narpat Mali
> >
> > cryptography is a package designed to expose cryptographic
> > primitives
> > and recipes to Python developers. Calling
> > `load_pem_pkcs7_certificates`
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/vala-fix-for-gtk4-prior-to-4.14.patch
FAIL: test Signed-off-by presence: A patch file has been added without a
- add a backport patch to fix compatibility with older gtk4 versions
- merge .bb and .inc
Signed-off-by: Markus Volk
---
meta/recipes-devtools/vala/vala.inc | 71 -
...tk4-Preserve-compatibility-with-4.14.patch | 39 ++
- add a backport patch to fix compatibility with older gtk4 versions
- merge .bb and .inc
Signed-off-by: Markus Volk
---
meta/recipes-devtools/vala/vala.inc | 71 -
...tk4-Preserve-compatibility-with-4.14.patch | 37 +
meta/recipes-devtools/vala/vala_0.56.15.bb
From: Dhairya Nagodra
Includes fixes for CVE-2023-6816, CVE-2024-0408, CVE-2024-0409
Signed-off-by: Dhairya Nagodra
---
.../xwayland/{xwayland_23.2.3.bb => xwayland_23.2.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
I simply dropped the part that patched gtk-4.0.metadata. The problem is
fixed without it
and I dont really have an idea what this file is used for. So I dislike
adding it
On Mon, Mar 11 2024 at 12:10:36 AM -07:00:00, Markus Volk
wrote:
- add a backport patch to fix compatibility with older
2024. 03. 09. 17:39 keltezéssel, Alexander Kanavin írta:
I think (noreplace) flag only matters when the file has been manually
edited after rpm installation and its checksum diverges from what is
registered in rpm database. Which is not a common scenario in
embedded.
So from Yocto's POV it's
On Mon, 11 Mar 2024 at 10:30, Böszörményi Zoltán wrote:
> > If you manually edit the file on target, you might as well
> > manually resolve which version you want after the update as both are
> > available regardless of whether (noreplace) was used or not. Or
> > perhaps merge the manual edits
2024. 03. 11. 10:37 keltezéssel, Alexander Kanavin írta:
On Mon, 11 Mar 2024 at 10:30, Böszörményi Zoltán wrote:
If you manually edit the file on target, you might as well
manually resolve which version you want after the update as both are
available regardless of whether (noreplace) was
From: Christian Taedcke
The file fetcher does not support the destsuffix parameter. It does
not rename the supplied folder during the fetch. Therefore the folder
name (i.e. basepath) is added to the kernel-meta search directories.
Signed-off-by: Christian Taedcke
---
On Mon, 11 Mar 2024 at 11:09, Böszörményi Zoltán wrote:
> Yes, I am aware. But why not use the package manager's
> own features instead of adding a workaround?
Because I see it the opposite way: noreplace in this case is a
workaround for a file name conflict between what the tool generates
and
Thanks Alex for the reply.
So till now we are using meta-rust master along with the kirkstone yocto layers
and are trying to understand if it makes sense to use it further.
We had a few questions for the maintainence of Rust.
1. Can we say, that oe-core will support Rust in future after
On Mon, Mar 11, 2024 at 5:15 AM Taedcke, Christian
wrote:
>
> From: Christian Taedcke
>
> The file fetcher does not support the destsuffix parameter. It does
> not rename the supplied folder during the fetch. Therefore the folder
> name (i.e. basepath) is added to the kernel-meta search
On Sun, Mar 10, 2024 at 11:39:00PM +, Richard Purdie wrote:
> On Sun, 2024-03-10 at 09:05 -0700, Bruce Ashfield wrote:
> > On Sun, Mar 10, 2024 at 11:52 AM Richard Purdie
> > wrote:
> > >
> > > On Sun, 2024-03-10 at 06:20 -0700, Richard Purdie via
> > > lists.openembedded.org wrote:
> > > >
On Mon, 11 Mar 2024 at 13:15, wrote:
> 1. Can we say, that oe-core will support Rust in future after Kirkstone as a
> standalone (without any external dependency )?
Yes. Rust is now part of the core, and will stay there.
> 2. We assume that kirkstone will stay with 1.59 and those who want
On 11.03.2024 13:46, Bruce Ashfield via lists.openembedded.org wrote:
On Mon, Mar 11, 2024 at 5:15 AM Taedcke, Christian
wrote:
From: Christian Taedcke
The file fetcher does not support the destsuffix parameter. It does
not rename the supplied folder during the fetch. Therefore the folder
On Sun, Mar 10, 2024 at 4:25 PM Steve Sakoman via
lists.openembedded.org
wrote:
>
> On Sun, Mar 10, 2024 at 4:10 PM Bruce Ashfield
> wrote:
> >
> > On Fri, Mar 8, 2024 at 10:24 PM Bruce Ashfield via
> > lists.openembedded.org
> > wrote:
> > >
> > > On Fri, Mar 8, 2024 at 6:44 PM Richard Purdie
On Mon, Mar 11, 2024 at 4:01 AM Bruce Ashfield wrote:
>
> On Mon, Mar 11, 2024 at 9:51 AM Steve Sakoman wrote:
> >
> > On Sun, Mar 10, 2024 at 4:25 PM Steve Sakoman via
> > lists.openembedded.org
> > wrote:
> > >
> > > On Sun, Mar 10, 2024 at 4:10 PM Bruce Ashfield
> > > wrote:
> > > >
> > >
From: Max Krummenacher
git is delegating webacces for URLs using TLS to libcurl.
However our native libcurl build does not find a ca-certificate.crt
unless its curl-native work dir still exists and thus git will
fail.
If a recipe uses AUTOREV with a git repo using https as its protocol
parsing
On Mon, Mar 11, 2024 at 8:54 AM Max Krummenacher wrote:
>
> On Sun, Mar 10, 2024 at 11:39:00PM +, Richard Purdie wrote:
> > On Sun, 2024-03-10 at 09:05 -0700, Bruce Ashfield wrote:
> > > On Sun, Mar 10, 2024 at 11:52 AM Richard Purdie
> > > wrote:
> > > >
> > > > On Sun, 2024-03-10 at 06:20
On Mon, Mar 11, 2024 at 9:51 AM Steve Sakoman wrote:
>
> On Sun, Mar 10, 2024 at 4:25 PM Steve Sakoman via
> lists.openembedded.org
> wrote:
> >
> > On Sun, Mar 10, 2024 at 4:10 PM Bruce Ashfield
> > wrote:
> > >
> > > On Fri, Mar 8, 2024 at 10:24 PM Bruce Ashfield via
> > >
On Mon, Mar 11, 2024 at 9:22 AM Taedcke, Christian
wrote:
>
>
>
> On 11.03.2024 13:46, Bruce Ashfield via lists.openembedded.org wrote:
> > On Mon, Mar 11, 2024 at 5:15 AM Taedcke, Christian
> > wrote:
> >>
> >> From: Christian Taedcke
> >>
> >> The file fetcher does not support the destsuffix
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
aa6ca808a467 Linux 5.10.210
cf5a69e35591 PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
9f53d24852ff net: bcmgenet: Fix EEE implementation
From: Bruce Ashfield
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
80efc6265290 Linux 5.15.150
da6cabc1981e r8169: use new PM macros
b7f3fac6d301 netfilter: nf_tables: can't schedule in nft_chain_validate
a4efc62cd1ed ext4:
From: Bruce Ashfield
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.lued...@uwalumni.com
Subject: Update 25Feb24
Date: Sun, 25 Feb 2024 07:03:08 -0500
]
Signed-off-by: Bruce Ashfield
---
From: Bruce Ashfield
Integrating the following commit(s) to linux-yocto/5.15:
1/1 [
Author: Christoph Hellwig
Email: h...@lst.de
Subject: block, loop: support partitions without scanning
Date: Fri, 27 May 2022 07:58:06 +0200
Historically we did distinguish between a flag
From: Bruce Ashfield
Bumping the reference BSPs to match the version of the qemu*
BSPs in oe-core.
Signed-off-by: Bruce Ashfield
---
.../linux/linux-yocto_5.15.bbappend | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git
From: Bruce Ashfield
Steve,
I've included the meta-yocto-bsp commit in this series, versus
sending it separately. It obviously doesn't go onto OEcore.
These are the updates I've been testing for the pratition scanning
issues.
We have a few -stable bumps, along with the backport of the
From: Bruce Ashfield
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.lued...@uwalumni.com
Subject: Update 25Feb24
Date: Sun, 25 Feb 2024 07:03:08 -0500
]
Signed-off-by: Bruce Ashfield
---
From: Bruce Ashfield
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
458ce51d0356 Linux 5.15.149
d72da18772ff usb: dwc3: gadget: Ignore End Transfer delay on teardown
acff71e58748 media: Revert "media: rkisp1: Drop IRQF_SHARED"
On 06/03/24 17:57, Richard Purdie wrote:
On Wed, 2024-03-06 at 08:37 -0800, Mauro wrote:
Before this commit, the .env file created in
tmp/sysroots//imgdata/.env was never cleaned,
but when the do_clean task is invoked on an image, the .env file
contains paths that are not valid anymore.
If
From: Enrico Scholz
Place OE specific openssh setup (which was removed in a previous
patch) in a configuration snippet.
Signed-off-by: Enrico Scholz
---
.../openssh/openssh-config.bb | 30 +++
.../openssh/openssh-config/80-oe.conf | 5
From: Enrico Scholz
Instead of applying DISTRO_FEATURE based setup directly to
sshd_config, add it to our configuration snippet.
Signed-off-by: Enrico Scholz
---
meta/recipes-connectivity/openssh/openssh-config.bb | 10 ++
meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 8
From: Enrico Scholz
Install 'openssh-config-allow-empty-password' when corresponding
IMAGE_FEATURES are active.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 1 +
meta/classes-recipe/rootfs-postcommands.bbclass | 6 --
From: Enrico Scholz
Instead of shipping the whole configuration files for openssh, add
small patch includes configuration snippets from subdirectories.
This allows us to keep the original upstream configuration which is
mainly useful for documentation purposes. It makes it more easy to
From: Enrico Scholz
Install 'openssh-config-allow-root-login' when corresponding
IMAGE_FEATURES are active.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 1 +
meta/classes-recipe/rootfs-postcommands.bbclass | 6 --
From: Enrico Scholz
Add an OPENSSH_FEATURE_CONFIGURATION variable which will hold openssh
configuration packages.
Signed-off-by: Enrico Scholz
---
meta/classes-recipe/core-image.bbclass | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git
From: Enrico Scholz
This patch replaces the duplicate 'sshd_config_readonly' configuration
file and logic behind by an extra packages which is installed when
corresponding IMAGE_FEATURES are set.
**NOTE**: this causes a regression when host keys are added manually
to the image. Users have to
To deal with system setups, sshd was configured in the following way:
- sshd_config is shipped completely by OE and DISTRO_FEATURES (pam,
x11) are patched in during do_install
--> this is difficulty to maintain; e.g. sshd_config must be
synchronized between OpenSSH releases and OE
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/1-7-openssh-replace-complete-configuration-files-by-patch.patch
FAIL: test Signed-off-by presence: A patch file
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/2-7-openssh-config-initial-checkin.patch
FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM
60 matches
Mail list logo