[OE-core] OE-core CVE metrics for dunfell on Sun 14 Apr 2024 02:00:01 AM HST

Branch: dunfell New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 106 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-25742 (CVSS3: 3.2 LOW):

Re: [RFC][oe-core][PATCH] xwayland: update 23.2.5 -> 23.2.6

This requires libei which is currently in meta-oe On Sun, Apr 14 2024 at 04:06:52 PM +02:00:00, Markus Volk wrote: - add a PACKAGECONFIG for libdecor ! This will require to move libei from meta-oe to oe-core ! Signed-off-by: Markus Volk > ---

Re: [OE-core][PATCH] openssl: openssl: patch CVE-2024-2511

I think that sending this patch was correct, see comments below. Peter From: openembedded-core@lists.openembedded.org On Behalf Of Tim Orling via lists.openembedded.org Sent: Sunday, April 14, 2024 6:45 To: Marko, Peter (ADV D EU SK BFS1) Cc: openembedded-core@lists.openembedded.org Subject:

[OE-core] OE-core CVE metrics for master on Sun 14 Apr 2024 01:00:01 AM HST

Branch: master New this week: 0 CVEs Removed this week: 21 CVEs CVE-2014-4859 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4859 * CVE-2014-4860 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native

[OE-core] OE-core CVE metrics for kirkstone on Sun 14 Apr 2024 03:00:01 AM HST

Branch: kirkstone New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 35 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native

[RFC][oe-core][PATCH] xwayland: update 23.2.5 -> 23.2.6

- add a PACKAGECONFIG for libdecor ! This will require to move libei from meta-oe to oe-core ! Signed-off-by: Markus Volk --- .../xwayland/{xwayland_23.2.5.bb => xwayland_23.2.6.bb} | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename

[OE-core] OE-core CVE metrics for nanbield on Sun 14 Apr 2024 04:00:01 AM HST

Branch: nanbield New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 128 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto

[OE-core] [PATCH 1/2] gnutls: upgrade 3.8.4 -> 3.8.5

From: Wang Mingyu Add-ptest-support.patch refreshed for 3.8.5 Changelog: == * libgnutls: Due to majority of usages and implementations of RSA decryption with PKCS#1 v1.5 padding being incorrect, leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5 is being deprecated

[OE-core] [PATCH 2/2] gnutls: Fix failing ptests

From: Simone Weiß When upgrading gnutls to the newest version 3.8.5, some ptest failed. Backported a patch from upstream gnutls(not in any release yet) to fix this issue. Signed-off-by: Simone Weiß --- ...PKCS1-v1_5-system-wide-configuration.patch | 269 ++

Re: [OE-core] [PATCH 10/33] gnutls: upgrade 3.8.4 -> 3.8.5

On Sat, 2024-04-13 at 20:55 +, Simone Weiß wrote: > On Fri, 2024-04-12 at 16:39 +0200, Alexandre Belloni wrote: > > On 11/04/2024 19:41:09+, Simone Weiß wrote: > > > On Wed, 2024-04-10 at 02:45 +0200, Alexandre Belloni via > > > lists.openembedded.org wrote: > > > > Failed ptests: > > > >

[OE-core] [PATCH] devtool: sync: Fix Execution error

From: Vincent Kriek When executing devtool sync on a recipe that was extract with devtool extract earlier the following error occured: Traceback (most recent call last): [...] bb.process.ExecutionError: Execution of 'git fetch

[OE-core] [PATCH] kernel.bbclass: check, if directory exists before removing empty module directory

If the kernel folder does not exist, find will result in an error. This can occur if the kernel has no modules but, for example, custom modules are created. Add check before deleting. Signed-off-by: Heiko Thole --- meta/classes-recipe/kernel.bbclass | 2 +- 1 file changed, 1 insertion(+), 1