0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
removed since it is included in 1.33.1
Signed-off-by: Zheng Ruoqin
---
...ss_gunzip-Fix-DoS-if-gzip-is-corrupt.patch | 58 ---
.../{busybox_1.33.0.bb => busybox_1.33.1.bb} | 3 +-
2 files changed, 1 insertion(+), 60 deleti
From: Mingli Yu
For the jitter entropy source, each task thread will create an internal
counter timer thread when the system clock resolution is under 5MHz.
But it will introduce high cpu usage for a long time and also make random
data generate too slow if sets the CPU affinity mask of the inter
On Sat, May 8, 2021 at 6:30 PM Alejandro Hernandez Samaniego
wrote:
>
> Add support for MACHINE=qemuriscv64.
>
> $ runqemu nographic
>
> BIOS:
> [tmp/deploy/images/qemuriscv64/baremetal-helloworld-image-qemuriscv64.elf]
> MACHINE: [qemuriscv64]
>
> runqemu - INFO - Running
> tmp/work/x86_64-linu
On Sat, 2021-05-08 at 09:04 +0800, wangmy wrote:
> Signed-off-by: Wang Mingyu
> ---
> .../libepoxy/{libepoxy_1.5.5.bb => libepoxy_1.5.7.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-graphics/libepoxy/{libepoxy_1.5.5.bb =>
> libepoxy_1.5.7.bb} (93%)
On Thu, 2021-05-06 at 07:12 -1000, Steve Sakoman wrote:
> The preferred methods for CVE resolution are:
>
> 1. Version upgrades where possible
> 2. Patches where not possible
> 3. Database updates where version info is incorrect
> 4. Exclusion from checking where it is determined that the CVE
>
On Thu, 2021-05-06 at 07:12 -1000, Steve Sakoman wrote:
> The preferred methods for CVE resolution are:
>
> 1. Version upgrades where possible
> 2. Patches where not possible
> 3. Database updates where version info is incorrect
> 4. Exclusion from checking where it is determined that the CVE
>
Only qemux86* and qemuarm* support SMP with our current configurations so
rework qemu SMP enabling to account for that and only use it on the
architectures
where it works.
Signed-off-by: Richard Purdie
---
meta/classes/qemuboot.bbclass | 2 +-
meta/conf/machine/include/qemuboot-x86
From: Alexander Kanavin
Each of the cores is mapped to a thread on the host, this
should speed up things inside qemu which can take advantage of that.
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
---
meta/classes/qemuboot.bbclass | 4
scripts/runqemu | 4 +
On Sun, 2021-05-09 at 11:17 -0700, Armin Kuster wrote:
>
> On 5/6/21 10:12 AM, Steve Sakoman wrote:
> > The preferred methods for CVE resolution are:
> >
> > 1. Version upgrades where possible
> > 2. Patches where not possible
> > 3. Database updates where version info is incorrect
> > 4. Exclusi
On Sun, May 9, 2021 at 8:17 AM akuster808 wrote:
> On 5/6/21 10:12 AM, Steve Sakoman wrote:
> > The preferred methods for CVE resolution are:
> >
> > 1. Version upgrades where possible
> > 2. Patches where not possible
> > 3. Database updates where version info is incorrect
> > 4. Exclusion from c
On 5/6/21 10:12 AM, Steve Sakoman wrote:
> The preferred methods for CVE resolution are:
>
> 1. Version upgrades where possible
> 2. Patches where not possible
> 3. Database updates where version info is incorrect
> 4. Exclusion from checking where it is determined that the CVE
>does not appl
We're using a pre-release version of 2.06 so these issues are fixed but
continue to show up in the checks since it is pre-2.06 and the CPE
entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out.
Signed-off-by: Richard Purdie
---
meta/rec
Branch: master
New this week: 2 CVEs
CVE-2021-25215: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25215 *
CVE-2021-31879: wget
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
Removed this week: 1 CVEs
CVE-2021-20263: qemu:qemu-native:qemu-system-native
https
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
tools commands are built by ovmf-native so we need to patch this in
at target build time when we know the right values. This function also
has to be able to undo
Branch: hardknott
New this week: 2 CVEs
CVE-2021-25215: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25215 *
CVE-2021-31879: wget
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
Removed this week: 1 CVEs
CVE-2021-28153: glib-2.0:glib-2.0-native
https://web.n
Branch: gatesgarth
New this week: 3 CVEs
CVE-2021-20294:
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20294 *
CVE-2021-25215: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25215 *
CVE-2021-3187
When running a shutdown command, the serial port can close without the
command returning. This is seen as the socket being readable but having
no data. Change the way this case is handled in the code to avoid
tracebacks.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/utils/qemurunner.py | 7 +++
Branch: dunfell
New this week: 3 CVEs
CVE-2021-20294:
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20294 *
CVE-2021-25215: bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25215 *
CVE-2021-31879:
When running a shutdown command, the serial port can close without the
command returning. This is seen as the socket being readable but having
no data. Change the way this case is handled in the code to avoid
tracebacks.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/utils/qemurunner.py | 7 +++
19 matches
Mail list logo
