Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On Wed, 18 Jan 2023 at 03:08, Randy MacLeod wrote: > So far, there haven't been many Rust/Cargo CVEs so maybe we're making > too big a deal out of this. I certainly don't miss the deluge of memory > management CVEs that > C/C++ applications suffer from! For what it's worth I'm with you here,

Re: [OE-core] [PATCH 1/4] mdadm: Define alignof using _Alignof when using C11 or newer

Please submit the patch upstream first. Alex On Wed, 18 Jan 2023 at 00:18, Khem Raj wrote: > > Signed-off-by: Khem Raj > --- > ...sing-_Alignof-when-using-C11-or-newe.patch | 52 +++ > meta/recipes-extended/mdadm/mdadm_4.2.bb | 1 + > 2 files changed, 53 insertions(+) >

Re: [OE-core] 4.1.2 Releasenote : The CVE in bind has already been fixed in the 4.1 release.

Thanks for catching this, I overlooked the changelog version in the commit message. > -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Takayasu Ito > Sent: Wednesday, January 18, 2023 11:53 AM > To:

Re: [OE-core] [kirkstone][PATCH] bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c

Hi Team, Gentle Reminder ! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176072): https://lists.openembedded.org/g/openembedded-core/message/176072 Mute This Topic: https://lists.openembedded.org/mt/94860718/21656 Group Owner:

[OE-core] 4.1.2 Releasenote : The CVE in bind has already been fixed in the 4.1 release.

I was checking the following RELEASENOTE contents, and the CVE for bind, which has already been addressed in Yocto 4.1, was shown again. http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/RELEASENOTES The commit for updating bind in this release is

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On 2023-01-17 17:37, Steve Sakoman wrote: On Tue, Jan 17, 2023 at 12:00 PM Alexander Kanavin wrote: Option 1 looks like a new policy too. If we can upgrade rust across many major versions in a stable release, then why not other items? In oe-core we have a trivial exception for vim but of

[OE-core] [PATCH 3/4] vulkan-samples: Drop using u8string_view

Its deprecated in upstream fmt as well. Moreover it helps compile with latest compiler Signed-off-by: Khem Raj --- .../0001-Deprecate-u8string_view.patch| 59 +++ .../vulkan/vulkan-samples_git.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644

[OE-core] [PATCH 4/4] musl-obstack: Update to 1.2.3

Switch to void-linux github handle, void-linux is the upstream anyway this brings Signed-off-by: Khem Raj --- meta/recipes-core/musl/musl-obstack.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-core/musl/musl-obstack.bb

[OE-core] [PATCH 1/4] mdadm: Define alignof using _Alignof when using C11 or newer

Signed-off-by: Khem Raj --- ...sing-_Alignof-when-using-C11-or-newe.patch | 52 +++ meta/recipes-extended/mdadm/mdadm_4.2.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644

[OE-core] [PATCH 2/4] python3-numpy: Define _ALIGN using _Alignof when using C11 or newer

Signed-off-by: Khem Raj --- ...ing-_Alignof-when-using-C11-or-newer.patch | 77 +++ .../python/python3-numpy_1.24.1.bb| 1 + 2 files changed, 78 insertions(+) create mode 100644

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On Tue, Jan 17, 2023 at 12:00 PM Alexander Kanavin wrote: > > Option 1 looks like a new policy too. If we can upgrade rust across > many major versions in a stable release, then why not other items? According to the stable release "rules" option 1 would require an exception granted by the TSC.

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

Option 1 looks like a new policy too. If we can upgrade rust across many major versions in a stable release, then why not other items? Alex On Tue, 17 Jan 2023 at 22:57, Randy MacLeod wrote: > > On 2023-01-17 16:54, Richard Purdie wrote: > > On Tue, 2023-01-17 at 15:29 -0500, Randy MacLeod

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On 2023-01-17 16:54, Richard Purdie wrote: On Tue, 2023-01-17 at 15:29 -0500, Randy MacLeod wrote: On 2023-01-16 10:20, Kokkonda, Sundeep via lists.openembedded.org wrote:  Rust community said the security fixes are only for the current stable relases.

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On Tue, 2023-01-17 at 15:29 -0500, Randy MacLeod wrote: > On 2023-01-16 10:20, Kokkonda, Sundeep via lists.openembedded.org > wrote: >   > >  Rust community said the security fixes are only for the current > > stable relases. > >   > >

Re: [OE-core] [PATCH] rust: Upgrade 1.66.0 -> 1.66.1

On 2023-01-16 10:20, Kokkonda, Sundeep via lists.openembedded.org wrote: Rust community said the security fixes are only for the current stable relases. https://internals.rust-lang.org/t/cargo-cve-2022-46176-fix-for-older-releases/18152/3?u=sundeep-kokkonda For old release we've to backport the

Re: [OE-core] [PATCH] create-spdx: fix config build by adding dependency to enable reruns

Also, signed off by Paul Eggleton: paul.eggle...@microsoft.com From: maanyagoe...@linux.microsoft.com Sent: Tuesday, January 17, 2023 10:01 AM To: openembedded-core@lists.openembedded.org Cc: Maanya Goenka ; Maanya Goenka Subject: [PATCH] create-spdx: fix

Re: [OE-core] [PATCH v2] scripts/oe-setup-layers: Make efficiently idempotent

On 1/17/23, 9:05 AM, "Alexander Kanavin" mailto:alex.kana...@gmail.com>> wrote: > On Tue, 17 Jan 2023 at 18:03, Luca Ceresoli via lists.openembedded.org > > wrote: > > > I'm afraind I am unable to apply this patch on my testing branch as it > >

Re: [OE-core] [PATCH v2] scripts/oe-setup-layers: Make efficiently idempotent

Hi Alex, On Tue, 17 Jan 2023 18:05:12 +0100 "Alexander Kanavin" wrote: > On Tue, 17 Jan 2023 at 18:03, Luca Ceresoli via lists.openembedded.org > wrote: > > > I'm afraind I am unable to apply this patch on my testing branch as it > > conflicts with another patch ("oe-setup-build: add a tool

Re: [OE-core] [PATCH v2] scripts/oe-setup-layers: Make efficiently idempotent

On Tue, 17 Jan 2023 at 18:03, Luca Ceresoli via lists.openembedded.org wrote: > I'm afraind I am unable to apply this patch on my testing branch as it > conflicts with another patch ("oe-setup-build: add a tool for > discovering config templates and setting up builds" by Alexander > Kanavin)

Re: [OE-core] [PATCH v2] scripts/oe-setup-layers: Make efficiently idempotent

Hello Chuck, On Mon, 16 Jan 2023 17:59:30 -0800 "Chuck Wolber" wrote: > The effect of subsequent setup-layers executions is now either a NOOP > or the minimal set of changes required to ensure layers precisely match > the JSON configuration. > > This change allows setup-layers to be

Re: [OE-core][PATCH 1/2] gobject-introspection: check for GI_DATA_ENABLED

On Tue, 17 Jan 2023 at 11:57, Petr Kubizňák wrote: > I'm slowly progressing with the patch but always end up at the principal > issue of hard dependency on g-i being enabled. > > For example, graphene recipe does not reflect on "gobject-introspection-data" > being/not being in distro features,

[OE-core] [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211

Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 Signed-off-by: Randy MacLeod --- meta/recipes-support/vim/vim.inc | 4 ++--

Re: [OE-Core][langdale][PATCH v2 1/2] kernel-fitimage: Adjust order of dtb/dtbo files

Hi All, Can someone merge these patches to langdale branch? Thanks, Sandeep On 1/13/2023 9:51 AM, Gundlupet Raju, Sandeep wrote: Hi Richard, Alex, Thanks for merging the patches in master. Can you merge these patches to langdale release as well? Thanks, Sandeep On 1/12/2023 7:19 PM,

Re: [oe-core][PATCH] mesa: update 22.2.3 -> 22.3.0

I think this is now a webos specific issue since they have disabled xlib feature ( https://github.com/shr-project/meta-webosose/blob/c96010fe4df28397a33e447bde650932a3463a9e/meta-webos/recipes-qt/qt6/qtbase_git.bbappend#L56 ) While the qtbase cmake configuration could be improved to better handle

[OE-core] Yocto Project Status 17 January 2023 (WW03)

Current Dev Position: YP 4.2 M2 Next Deadline: 23rd January 2023 YP 4.2 M2 Build Next Team Meetings: * Bug Triage meeting Thursday January 19th 7:30 am PDT (

Re: [OE-core] [PATCH] uninative-tarball: Add libgcc

Richard Purdie escreveu no dia terça, 17/01/2023 à(s) 15:07: > On Tue, 2023-01-17 at 14:35 +, Jose Quaresma wrote: > > No, I don't have libgcc installed on my build container and this is > > the main reason. > > I know that we now need the libgcc on the build host and this can > > satisfied

Re: [OE-core] [PATCH] uninative-tarball: Add libgcc

On Tue, 2023-01-17 at 14:35 +, Jose Quaresma wrote: > No, I don't have libgcc installed on my build container and this is > the main reason. > I know that we now need the libgcc on the build host and this can > satisfied in two different ways: > > 1 - installing the libgcc on the build host

Re: [OE-core] [PATCH] uninative-tarball: Add libgcc

Richard Purdie escreveu no dia segunda, 16/01/2023 à(s) 23:42: > On Mon, 2023-01-16 at 19:21 +, Jose Quaresma wrote: > > Hi Richard, > > > > I am seeing some build errors like this at the end of the build whre > bibake segment fault. > > My problem is this happens on a build that doesn't use

[OE-core][kirkstone 9/9] gtk-icon-cache: Fix GTKIC_CMD if-else condition

From: Daniel Gomez GTKIC_CMD variable gets the wrong assignation leading into a post install script error. Fix if-else condition in GTKIC_CMD variable to assign gtk4-update-icon-cache when GTKIC_VERSION is 4 but gtk-update-icon-cache when is 3. Also, rename gtk-update-icon-cache-3.0.0 to

[OE-core][kirkstone 8/9] freetype:update mirror site.

From: KARN JYE LAU update SAVANNAH_NONGNU_MIRROR to SAVANNAH_GNU_MIRROR to resolve package fetching issues. Signed-off-by: KARN JYE LAU Signed-off-by: Steve Sakoman --- meta/recipes-graphics/freetype/freetype_2.11.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[OE-core][kirkstone 7/9] glibc: stable 2.35 branch updates.

From: Yash Shinde Below commits on glibc-2.35 stable branch are updated. 293211b6fd time: Use 64 bit time on tzfile 26c8278889 nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) f75f61b659 nis: Build libnsl with 64 bit time_t ca97201c24 Apply asm redirections in syslog.h before first use

[OE-core][kirkstone 6/9] libksba: fix CVE-2022-47629

From: Yogita Urade Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE: CVE-2022-47926 References: https://nvd.nist.gov/vuln/detail/CVE-2022-47629 Signed-off-by: Yogita Urade --- ...overflow-in-the-CRL-signature-parser.patch | 72

[OE-core][kirkstone 5/9] python3-git: fix for CVE-2022-24439

From: Narpat Mali All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes

[OE-core][kirkstone 1/9] ffmpeg: refresh patches to apply cleanly

From: Martin Jansa * the last patch added in: https://git.openembedded.org/openembedded-core/commit/?h=kirkstone=874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a doesn't apply cleanly. * fixes: ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected: Applying patch

[OE-core][kirkstone 4/9] python3-wheel: fix for CVE-2022-40898

From: Narpat Mali An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. CVE: CVE-2022-40898 Upstream-Status: Backport

[OE-core][kirkstone 3/9] python3-setuptools: fix for CVE-2022-40897

From: Narpat Mali Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVE: CVE-2022-40897

[OE-core][kirkstone 2/9] qemu: Fix CVE-2022-4144

From: Bhabu Bindu Add patch to fix CVE-2022-4144 Link: https://security-tracker.debian.org/tracker/CVE-2022-4144 Signed-off-by: Bhabu Bindu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2022-4144.patch | 99

[OE-core][kirkstone 0/9] Patch review

Please review this set of patches for kirkstone and have comments back by end of day Thursday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4800 The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee: devtool: process

Re: [OE-core] [PATCH 1/3] binutils: Upgrade to 2.40 release

Hi Khem, On Sun, 15 Jan 2023 10:43:55 -0800 "Khem Raj" wrote: > Signed-off-by: Khem Raj This patchset (perhaps this one specific patch) seems to be causing failures on the autobuilders with meta-mingw: https://autobuilder.yoctoproject.org/typhoon/#/builders/89/builds/6556/steps/16/logs/stdio

Re: [OE-core][PATCH 1/2] gobject-introspection: check for GI_DATA_ENABLED

This issue was actually caused by missing host dependencies. Shame on me... From: Alex Kiernan Sent: Tuesday, January 17, 2023 1:52 PM To: Petr Kubizňák - 2N Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core][PATCH 1/2] gobject-introspection:

Re: [OE-core][PATCH 1/2] gobject-introspection: check for GI_DATA_ENABLED

On Thu, Jan 5, 2023 at 2:13 PM Petr Kubizňák wrote: > > Is the `bitbake world` command guaranteed to succeed for every commit in the > repository? In my case, I end up with failures even with _default_ setup. My > point is whether this has to be an issue on my machine (e.g. native tools?), >

[OE-core][kirkstone][PATCH] lttng-modules: update 2.13.7 -> 2.13.8

Signed-off-by: He Zhe --- .../lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} (94%) diff --git

[OE-core][PATCH] lttng-modules: update 2.13.7 -> 2.13.8

Drop backported 0001-fix-mm-slab_common-drop-kmem_alloc-avoid-dereferenci.patch 0009-Rename-genhd-wrapper-to-blkdev.patch is present only on the master branch and not on 2.13 branch, so keep it in the recipe. Signed-off-by: He Zhe --- ...on-drop-kmem_alloc-avoid-dereferenci.patch | 278

[OE-Core][PATCH] librsvg: Make Vala support dependent on gobject-introspection-data

Build fails as Vala bindings require --enable-introspection: | checking for gobject-introspection... no (disabled, use --enable-introspection to enable) | configure: error: Vala bindings require GObject Introspection Signed-off-by: Alex Kiernan ---

Re: [oe-core][PATCH] mesa: update 22.2.3 -> 22.3.0

Samuli: Similar mesa upgrade was merged recently: https://git.openembedded.org/openembedded-core/commit/?id=3bf4341ef6a681574a1c6f393bf241f412e26eac qtbase still fails the same, more details in: https://github.com/shr-project/meta-webosose/commit/c96010fe4df28397a33e447bde650932a3463a9e The

Re: [OE-core][PATCH 1/2] gobject-introspection: check for GI_DATA_ENABLED

If you have a bit of time, I'd suggest that you check the failures one by one. Some of it, like missing glib-* executables seems like a trivial missing dependency which was previously pulled in indirectly. Others, like python3-pygobject probably have a hard dependency on g-i. I'm slowly