[OE-core] [PATCH] go: Update to 1.15.5

Define CXX_FOR_TARGET and CC_FOR_TARGET for target go since we are cross building it, it helps in defining the compiler for cgo on target Signed-off-by: Khem Raj --- meta/recipes-devtools/go/go-1.15.inc | 4 ++-- ...{go-binary-native_1.15.3.bb => go-binary-native_1.15.5.

[OE-core] [PATCH] msmtp: upgrade 1.8.12 -> 1.8.13

Signed-off-by: Zang Ruochen --- .../recipes-extended/msmtp/{msmtp_1.8.12.bb => msmtp_1.8.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-extended/msmtp/{msmtp_1.8.12.bb => msmtp_1.8.13.bb} (91%) diff --git a/meta/recipes-extended/msmtp/msmtp_1.8.12.bb b/meta/re

[OE-core] [PATCH] glib-2.0: RDEPEND on dbusmock only when GI_DATA_ENABLED is True

python3-dbusmock depends on pygobject unconditionally and it's not going to work if g-i is disabled. Signed-off-by: Anuj Mittal --- meta/recipes-core/glib-2.0/glib.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/gli

[OE-core] [PATCH] libunwind: upgrade 1.4.0 -> 1.5.0

0001-Fix-compilation-with-fno-common.patch 0002-backtrace-Use-only-with-glibc-and-uclibc.patch sigset_t.patch Removed since these are included in 1.5.0 Signed-off-by: Zang Ruochen --- ...0001-Fix-compilation-with-fno-common.patch | 448 -- ...trace-Use-only-with-glibc-and-uclibc.

[OE-core] [PATCH] gpgme: upgrade 1.14.0 -> 1.15.0

Signed-off-by: Zang Ruochen --- meta/recipes-support/gpgme/{gpgme_1.14.0.bb => gpgme_1.15.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/gpgme/{gpgme_1.14.0.bb => gpgme_1.15.0.bb} (97%) diff --git a/meta/recipes-support/gpgme/gpgme_1.14.0.bb b/meta/reci

[OE-core] [PATCH] gmp: upgrade 6.2.0 -> 6.2.1

Signed-off-by: Zang Ruochen --- meta/recipes-support/gmp/{gmp_6.2.0.bb => gmp_6.2.1.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/gmp/{gmp_6.2.0.bb => gmp_6.2.1.bb} (89%) diff --git a/meta/recipes-support/gmp/gmp_6.2.0.bb b/meta/recipes-support/gmp/g

Re: [OE-core] [PATCH 1/2] systemd-systemctl: capable to call without argument

Any comment, please? Thanks, Kai On 11/2/20 10:17 AM, kai wrote: From: Kai Kang Make systemctl prints help mesages if run without any argument. It helps to judge whether systemctl works in postscripts in systemd.bbclass. Remove trailing white spaces as well. Signed-off-by: Kai Kang ---

[OE-core][RFC] weston-init: Stop running weston as root

Running the weston compositor as the root user is an insecure default behavior for OE-core. We can do much better, at least when using systemd. Change the recipe to create a dedicated "weston" user and start weston as this user. The systemd service and socket units are no longer template units, as

Re: [OE-core] [PATCH 0/5] linux-yocto: consolidated pull request

On Thu, Nov 19, 2020 at 9:18 AM Bruce Ashfield wrote: > > From: Bruce Ashfield > > Richard, > > Here's my next set of collected changes for linux-yocto. I built and booted > the > 5.4 -stable bump .. and obviously it looks good. > > I've also grabbed a pending devsrc change, that looks good to m

[OE-core] [meta-oe][PATCH] haveged: remove appending of the service file

Commit c1dd93296ff69c0c29dfaa22f586b8738e71ee52 ("haveged: use the Fedora service file available from upstream") changed the systemd service file from service.redhat to service.fedora. The line "SuccessExitStatus=137 143" is available in service.fedora, so it is not necessary to append SuccessExitS

Re: [OE-core] YPBZ 14125: busybox wget: where to add openssl-bin dependency?

On Wed, Nov 18, 2020 at 10:46 PM Shachar Menashe wrote: > > Hi Andre, > The way I see it - even if something is declared, it does not mean it is > reasonable or even expected > I mean - do you earnestly believe that every Yocto user (or busybox wget user > for that matter) read the help text ass

[OE-core] [PATCH 5/5] linux-yocto/5.4: update to v5.4.78

From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 315443293a2d Linux 5.4.78 9fda2e762498 Convert trailing spaces and periods in path components ebc24aeb8694 net: sch_generic: fix the missing new qdisc assignment bug

[OE-core] [PATCH 4/5] linux-yocto/5.8: ext4/tipc warning fixups

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.8: 3c5d210805d6 tipc: fix -Wstringop-truncation warnings cc89fd77c248 ext4: fix -Wstringop-truncation warnings Signed-off-by: Bruce Ashfield --- .../recipes-kernel/linux/linux-yocto-rt_5.8.bb | 2 +- .../linux/

[OE-core] [PATCH 3/5] linux-yocto/5.8: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.8: 52b840afae05 perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t Signed-off-by: Bruce Ashfield --- .../recipes-kernel/linux/linux-yocto-rt_5.8.bb | 2 +- .../linux/linux-yocto-tiny_5.

[OE-core] [PATCH 2/5] linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.4: 356914747645 perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t Signed-off-by: Bruce Ashfield --- .../recipes-kernel/linux/linux-yocto-rt_5.4.bb | 2 +- .../linux/linux-yocto-tiny_5.

[OE-core] [PATCH 1/5] kernel-devsrc: improve reproducibility for arm64

From: "INC@Cisco)" .vdso-offsets.h.cmd contains command that was used to produce vdso-offsets.h. It breaks reproducibility because it has an absolute path in it. There is no any value to package such files so it can be dropped. Signed-off-by: Denys Zagorui Signed-off-by: Bruce Ashfield --- me

[OE-core] [PATCH 0/5] linux-yocto: consolidated pull request

From: Bruce Ashfield Richard, Here's my next set of collected changes for linux-yocto. I built and booted the 5.4 -stable bump .. and obviously it looks good. I've also grabbed a pending devsrc change, that looks good to me. Finally, I have a fix Khem sent for perf builds. I kept 5.4 and 5.8 s

[OE-core] [PATCH] valgrind: helgrind: Intercept libc functions

From: Stacy Gaikovaia PTH_FUNC definition needs to be modified in order to intercept posix thread functions in both libc and libpthread. In order to handle this in helgrind, weak alias the pthread functions in glibc. This also prevents any need for a special case for musl, where these definitions

[OE-core] OpenEmbedded Happy Hour November 25 9pm/2100 UTC

Hi, Just a reminder about our upcoming OpenEmbedded Happy Hour on November 25 for Oceania/Asia timezones @ 2100/9pm UTC (4pm EDT): https://www.openembedded.org/wiki/Calendar https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+November+25&iso=20201125T21 -- Denys -

Re: [OE-core] [PATCH 3/5] sqlite3: add CVE-2015-3717 to whitelist

Or is the problem here that sqlite version 3.33 is not listed correctly on https://nvd.nist.gov/vuln/detail/CVE-2015-3717#match-3021743 as I don't see this reported even for older 3.22 version in by yocto CVE checker? -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this gro

Re: [OE-core] [PATCH 3/5] sqlite3: add CVE-2015-3717 to whitelist

Is this also suitable for dunfell? Steve On Thu, Nov 19, 2020 at 12:38 AM Ross Burton wrote: > > As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue > is believed to be either iOS specific, or fixed in 3.8.9. > > Signed-off-by: Ross Burton > --- > meta/recipes-support/sqlite

Re: [OE-core] [PATCH 2/5] python3: add CVE-2007-4559 to whitelist

Is this also suitable for dunfell? Steve On Thu, Nov 19, 2020 at 12:38 AM Ross Burton wrote: > > This issue describes expected behaviour, do not use tarfile with > untrusted data. > > Signed-off-by: Ross Burton > --- > meta/recipes-devtools/python/python3_3.9.0.bb | 2 ++ > 1 file changed, 2 i

[OE-core] [dunfell][PATCH 1/5] libproxy: fix CVE-2020-26154

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../libproxy/libproxy/CVE-2020-26154.patch| 98 +++ .../libproxy/libproxy_0.4.15.bb | 1 + 2 files changed, 99 insertions(+) create mode 100644 meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch d

[OE-core] [dunfell][PATCH 5/5] qemu: fix CVE-2020-24352

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-24352.patch| 52 +++ 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch diff --g

[OE-core] [dunfell][PATCH 3/5] python3: whitelist CVE-2020-15523

From: Lee Chee Yang This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath. Since it is .dll issue (on windows only), hence whitelist it. https://bugs.python.org/issue29778 Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/python/

[OE-core] [dunfell][PATCH 4/5] python3: fix CVE-2020-27619

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../python/python3/CVE-2020-27619.patch | 70 +++ meta/recipes-devtools/python/python3_3.8.2.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch dif

[OE-core] [dunfell][PATCH 2/5] bison: update to 3.5.4 for CVE-2020-14150

From: Lee Chee Yang Release notes: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg0.html Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/bison/{bison_3.5.3.bb => bison_3.5.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/bison/{bison_

[OE-core] [PATCH 5/5] gstreamer1.0-plugins-base: set CVE_PRODUCT

There are CVEs with the 'gst-plugins-base' product, so set that. Signed-off-by: Ross Burton --- .../gstreamer/gstreamer1.0-plugins-base_1.18.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.1.bb b/meta/rec

[OE-core] [PATCH 4/5] gstreamer1.0-rtsp-server: set CVE_PRODUCT

There are CVEs with the 'gst-rtsp-server' product, so set that. Signed-off-by: Ross Burton --- .../gstreamer/gstreamer1.0-rtsp-server_1.18.1.bb| 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.1.bb b/meta/recip

[OE-core] [PATCH 3/5] sqlite3: add CVE-2015-3717 to whitelist

As per https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA this issue is believed to be either iOS specific, or fixed in 3.8.9. Signed-off-by: Ross Burton --- meta/recipes-support/sqlite/sqlite3_3.33.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/sqlite/sqlite3_

[OE-core] [PATCH 1/5] cve-check: show real PN/PV

The output currently shows the remapped product and version fields, which may not be the actual recipe name/version. As this report is about recipes, use the real values. Signed-off-by: Ross Burton --- meta/classes/cve-check.bbclass | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-)

[OE-core] [PATCH 2/5] python3: add CVE-2007-4559 to whitelist

This issue describes expected behaviour, do not use tarfile with untrusted data. Signed-off-by: Ross Burton --- meta/recipes-devtools/python/python3_3.9.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3_3.9.0.bb b/meta/recipes-devtools/python/python

[OE-core][zeus][PATCH] sqlite3: CVE-2020-13632

backport patch from: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 Signed-off-by: Li Wang --- .../sqlite/sqlite3/CVE-2020-13632.patch | 32 +++ meta/recipes-support/sqlite/sqlite3_3.29.0.bb | 1 + 2 files changed, 33 insertions(+) create

[OE-core] [PATCH] socat: make building with OpenSSL support optional

Signed-off-by: Alexander Vickberg --- meta/recipes-connectivity/socat/socat_1.7.3.4.bb | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/meta/recipes-connectivity/socat/socat_1.7.3.4.bb index 9b0d4071ac..f3f569d262 10064

[OE-core] [gatesgarth][PATCH 2/3] python3: fix CVE-2020-27619

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../python/python3/CVE-2020-27619.patch | 71 +++ meta/recipes-devtools/python/python3_3.8.5.bb | 1 + 2 files changed, 72 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch dif

[OE-core] [gatesgarth][PATCH 3/3] qemu: fix CVE-2020-24352

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-24352.patch| 52 +++ 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch diff --g

[OE-core] [gatesgarth][PATCH 1/3] libproxy: fix CVE-2020-26154

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../libproxy/libproxy/CVE-2020-26154.patch| 98 +++ .../libproxy/libproxy_0.4.15.bb | 1 + 2 files changed, 99 insertions(+) create mode 100644 meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch d

Re: [OE-core] cups: whitelist CVE-2018-6553

On Wed, Nov 18, 2020 at 02:12:18PM -1000, Steve Sakoman wrote: > On Wed, Nov 18, 2020 at 1:56 PM Mittal, Anuj wrote: > > > > On Wed, 2020-11-18 at 05:25 -1000, Steve Sakoman wrote: > > > This an Ububtu specific issue: > > > > > > The CUPS AppArmor profile incorrectly confined the dnssd backend > >