On Thu, Dec 8, 2022 at 8:42 AM Samuli Piippo wrote:
> Qt6 should handle this already with
> https://codereview.qt-project.org/c/qt/qtbase/+/371780 in place.
> I tried test build with the mesa upgrade and didn't catch any build errors.
>
I've tried qemux86-64 build with 6.4.1 and 6.5.0 from
Qt6 should handle this already with
https://codereview.qt-project.org/c/qt/qtbase/+/371780 in place.
I tried test build with the mesa upgrade and didn't catch any build errors.
-samuli
From: Martin Jansa
Sent: 07 December 2022 16:10
To: Otavio Salvador ; Samuli
Upstream-Status: Backport from
https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
Signed-off-by: Hitendra Prajapati
---
.../libarchive/CVE-2022-36227.patch | 43 +++
.../libarchive/libarchive_3.4.2.bb| 1 +
2 files
Patch so ppoll is properly redirected to it's 64bit time variant even
when source fortification is active.
Signed-off-by: Ola x Nilsson
---
...fortify-symbol-for-64-bit-time_t-BZ-.patch | 528 ++
meta/recipes-core/glibc/glibc_2.36.bb | 1 +
2 files changed, 529
Signed-off-by: Ola x Nilsson
---
meta/conf/distro/time64.conf | 23 +++
1 file changed, 23 insertions(+)
create mode 100644 meta/conf/distro/time64.conf
diff --git a/meta/conf/distro/time64.conf b/meta/conf/distro/time64.conf
new file mode 100644
index
Check for known symbols that should have been redirected to 64bit
variants when -D_FILE_OFFSET_BITS=64 and -D_TIME_BITS=64 are set.
Signed-off-by: Ola x Nilsson
---
meta/classes-global/insane.bbclass | 132 +
1 file changed, 132 insertions(+)
diff --git
Here is my sanity checker that check for glibc symbols that use 32-bit
time_t or file offsets.
I include one glibc patch that fixes a problem where the redirect for
ppoll did not work when fortify_source was enabled.
Also include some distro settings for the -F_TIME_BITS=64 flags that I
have
Signed-off-by: Hitendra Prajapati
---
.../sysstat/sysstat/CVE-2022-39377.patch | 92 +++
.../sysstat/sysstat_12.2.1.bb | 4 +-
2 files changed, 95 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
libksba: integer overflow may lead to remote code execution.
Reference:
https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
Upstream fixes:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b
Signed-off-by: Manoj Saun
---
-> libksba: fix CVE-2022-3515
-> libksba: integer overflow may lead to remote code execution.
-> Reference:
-> https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
-> Upstream fixes:
->
I'm very sorry. I sent the meta-oe patch to poky by mistake.
Please ignore them.
--
Best Regards
---
Wang Mingyu
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road,
Nanjing, 210012, China
TEL:
From: Wang Mingyu
Changelog:
=
Update vendored double-conversion to 3.2.1 (#570)
Fix len integer overflow issue (#567)
Signed-off-by: Wang Mingyu
---
.../python/{python3-ujson_5.5.0.bb => python3-ujson_5.6.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../python/{python3-web3_5.31.1.bb => python3-web3_5.31.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-web3_5.31.1.bb =>
python3-web3_5.31.2.bb} (84%)
diff --git
From: Wang Mingyu
Changelog:
Remove deprecated function to fix twine check with pkginfo 1.9.0. (#941)
Signed-off-by: Wang Mingyu
---
.../python/{python3-twine_4.0.1.bb => python3-twine_4.0.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
From: Wang Mingyu
Changelog:
Adopt jupyter releaser #806
Use base setup dependency type #805
More CI Cleanup #803
More maintenance cleanup #802
Add project description #801
Bump actions/setup-python from 2 to 4 #798
Bump actions/checkout from 2 to 3 #797
Bump
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../{python3-protobuf_4.21.9.bb => python3-protobuf_4.21.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-protobuf_4.21.9.bb =>
python3-protobuf_4.21.10.bb} (92%)
diff --git
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../python/{python3-web3_5.31.1.bb => python3-web3_5.31.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-web3_5.31.1.bb =>
python3-web3_5.31.2.bb} (84%)
diff --git
From: Wang Mingyu
Changelog:
=
Update vendored double-conversion to 3.2.1 (#570)
Fix len integer overflow issue (#567)
Signed-off-by: Wang Mingyu
---
.../python/{python3-ujson_5.5.0.bb => python3-ujson_5.6.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
From: Wang Mingyu
Changelog:
Remove deprecated function to fix twine check with pkginfo 1.9.0. (#941)
Signed-off-by: Wang Mingyu
---
.../python/{python3-twine_4.0.1.bb => python3-twine_4.0.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
From: Wang Mingyu
Changelog:
Adopt jupyter releaser #806
Use base setup dependency type #805
More CI Cleanup #803
More maintenance cleanup #802
Add project description #801
Bump actions/setup-python from 2 to 4 #798
Bump actions/checkout from 2 to 3 #797
Bump
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../{python3-protobuf_4.21.9.bb => python3-protobuf_4.21.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-protobuf_4.21.9.bb =>
python3-protobuf_4.21.10.bb} (92%)
diff --git
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
---
v2: fix fuzz
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2021-36369.patch| 145 ++
2 files changed, 146 insertions(+)
create mode 100644
Fixes CVE-2022-37460. Also add patch to fix CVE-2022-37454.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37454.patch | 108 ++
.../{python3_3.10.7.bb => python3_3.10.8.bb} | 4 +-
2 files changed, 110 insertions(+), 2 deletions(-)
create mode 100644
Opkg 0.6.1 Changes:
- Opkg will no longer complain when trying to clean up the temporary
directory, if the directory does not exist.
- Fixed a SEGFAULT when parsing package indexes with invalid `Size` or
`Installed-Size` fields. These indexes will now produce a
comprehensible error.
- Fixed
Manoj,
Welcome to Yocto/oe-core.
I'm not sure what happened with your subject line but it's not
what we expect for patches on the oe-core list.
Please read:
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
and several of the commits to this list and then we can work on
If the host has libpng, because of the way we handle the GL dependency in qemu,
it can cause determinism issues. Add a specific PACKAGECONFIG entry for libpng
to avoid this (and the associated autobuilder/uninative glibc symbol mismatch
failures).
Signed-off-by: Richard Purdie
---
I'm getting patch fuzz warnings. Could you refresh the patch and submit a v2?
stdio: WARNING: dropbear-2019.78-r0 do_patch: Fuzz detected:
stdio: WARNING: dropbear-2019.78-r0 do_patch: QA Issue: Patch log
indicates that patches do not apply cleanly. [patch-fuzz]
Thanks!
Steve
On Mon, Dec 5,
- remove deprecated xvmc PACKAGECONFIG
- remove futex.h patch. Code has been reworked, still needed?
- remove the do_install:append() that edits eglplatform.h as it will
now come to naught
Note: mesa-22.3.0 will require libperfetto update to v28. Otherwise compilation
will fail.
Change ptest away from using the upstream Makefiles to manually running
the tests: they're not actually integrated with automake anyway so this
didn't gain us anything apart from patches we can't send upstream. Drops
the following patches:
-
When starting to use combo-layer, or if someone else is using it too,
the local last_revision may be incorrect.
This command will forcibly update the last_revision config values to the
latest SHA on the remote branch that is tracked.
Signed-off-by: Ross Burton
---
scripts/combo-layer | 27
Bitbake may not be configured, and bb isn't imported anyway.
Instead just use os.rename(), and take the filename from the file object
instead of duplicating logic.
Signed-off-by: Ross Burton
---
scripts/combo-layer | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Signed-off-by: Ross Burton
---
scripts/combo-layer | 1 -
1 file changed, 1 deletion(-)
diff --git a/scripts/combo-layer b/scripts/combo-layer
index 045de65642b..c122f4b5e44 100755
--- a/scripts/combo-layer
+++ b/scripts/combo-layer
@@ -21,7 +21,6 @@ import re
import copy
import pipes
import
On Wed 7. Dec 2022 at 16.28, Stefan Herbrechtsmeier <
stefan.herbrechtsmeier-...@weidmueller.com> wrote:
> Hi Alex,
>
> Am 07.12.2022 um 09:53 schrieb Alexander Kanavin via
> lists.openembedded.org:
> > On Wed, 7 Dec 2022 at 01:21, Sergey Bostandzhyan
> wrote:
> >> I think this should be
Hi Alex,
Am 07.12.2022 um 09:53 schrieb Alexander Kanavin via lists.openembedded.org:
On Wed, 7 Dec 2022 at 01:21, Sergey Bostandzhyan wrote:
I think this should be documented more prominently, as missing information
on how to get going was the biggest obstacle, at least for me. The benefit
The following changes since commit 30cdb7fbec8e9cf5c5a25e28a1102fa562a7f6c2:
create-spdx: default share_src for shared sources (2022-11-25 06:16:14 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/langdale-next
The following changes since commit 5b2ee67e3a5587b4c7d97d2a9bc00022d1eedae3:
create-spdx: default share_src for shared sources (2022-11-25 08:08:10 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
Includes fixes for CVE-2022-4141 and CVE-2022-4292.
Signed-off-by: Mathieu Dubois-Briand
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index
Since bitbake now supports an official method to inject python modules,
switch to it.
Anyone using OE_EXTRA_IMPORTS will need to adjust their code accordingly,
probably switching to their own module namespace.
Also switch to using BB_GLOBAL_PYMODULES to list the global modules
to import.
On Mon, Dec 5, 2022 at 3:04 PM Otavio Salvador <
otavio.salva...@ossystems.com.br> wrote:
>
>
> Em seg., 5 de dez. de 2022 às 02:52, Markus Volk
> escreveu:
>
>> Am So, 4. Dez 2022 um 09:23:49 -0800 schrieb Khem Raj > >:
>>
>> Not sure if this is related but I think its somewhere in egl headers
On Wed, Dec 7, 2022 at 2:45 AM Christian Eggers wrote:
> Hi Bruce,
>
> on 2021-11-23, you added the following patch:
>
> > 9172d61c57e23682c3d2c25701cbd53c84d01a27
> >
> > kernel: export native PKGCONFIG variables
> >
> > In a similar manner to cml1.bbclass, we export the pkg-config
> >
It seems some layers want to subvert the intent of LAYERSERIES_COMPAT
so bitbake is going to have to become stricter about the values there.
To work with this, use LAYERSERIES_CORENAMES to generate the entries in
LAYERSERIES_COMPAT instead of the current magic LAYERSERIES_COMPAT_core
value which
-> libksba: fix CVE-2022-3515
-> libksba: integer overflow may lead to remote code execution.
-> Reference:
-> https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
-> Upstream fixes:
->
On Wed, 2022-12-07 at 12:34 +0100, Alexandre Belloni wrote:
> Hello,
>
> oe-selftest fails:
>
> https://autobuilder.yoctoproject.org/typhoon/#builders/87/builds/4504/steps/14/logs/stdio
Sorry, I fixed the hang but clearly caused another :(. I'll get that
fixed.
Cheers,
Richard
Hello,
oe-selftest fails:
https://autobuilder.yoctoproject.org/typhoon/#builders/87/builds/4504/steps/14/logs/stdio
On 06/12/2022 16:45:59+, Richard Purdie wrote:
> It seems some layers want to subvert the intent of LAYERSERIES_COMPAT
> so bitbake is going to have to become stricter about
On 11/7/22 10:18, Khem Raj wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Sun, Nov 6, 2022 at 5:21 PM Xiangyu Chen wrote:
On 11/1/22 09:48, Xiangyu Chen wrote:
On Wed, 7 Dec 2022 at 01:21, Sergey Bostandzhyan wrote:
> I think this should be documented more prominently, as missing information
> on how to get going was the biggest obstacle, at least for me. The benefit of
> this workflow is, that no additional layer is needed and that everything seems
>
Signed-off-by: Mathieu Dubois-Briand
---
.../python/files/CVE-2022-45061.patch | 100 --
.../{python3_3.8.14.bb => python3_3.8.16.bb} | 5 +-
2 files changed, 2 insertions(+), 103 deletions(-)
delete mode 100644 meta/recipes-devtools/python/files/CVE-2022-45061.patch
On Wed, Dec 07, 2022 at 09:07:00AM +0100, Mathieu Dubois-Briand via
lists.openembedded.org wrote:
> delete mode 100644 meta/recipes-devtools/python/files/CVE-2022-45061.patch
> rename meta/recipes-devtools/python/{python3_3.8.14.bb => python3_3.8.16.bb}
> (98%)
Hi,
Just a few additional
---
.../python/files/CVE-2022-45061.patch | 100 --
.../{python3_3.8.14.bb => python3_3.8.16.bb} | 5 +-
2 files changed, 2 insertions(+), 103 deletions(-)
delete mode 100644 meta/recipes-devtools/python/files/CVE-2022-45061.patch
rename
49 matches
Mail list logo
