[OE-core] [meta-oe][PATCH V2] xz: add ptest support

From: duep Add a ptest for xz - It is taking around 1s to execute with kvm, so added it to PTESTS_FAST - It contains 11 test files: test_bcj_exact_size test_block_header test_check test_filter_flags test_hardware test_index test_index_hash test_lzip_decoder test_memlimit

[OE-core][dunfell][PATCH] golang: Fix CVE-2023-24539

Fixing of improper sanitization of CSS values in html/template Signed-off-by: Ashish Sharma --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-24539.patch | 60 +++ 2 files changed, 61 insertions(+) create mode 100644

[oe-core][kirkstone][PATCH 1/1] perl: Fix CVE-2023-31486

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Signed-off-by: Soumya --- .../perl/files/CVE-2023-31486.patch | 89 +++

Re: [OE-core][mickledore 13/13] uninative: Upgrade to 4.0 to include latest gcc 13.1.1

> It might be useful to delay backporting this for a bit longer (and I'll soon confirm if 3.10 was already affected or not). I can confirm that 3.10 is also affected. I did build with

Re: [OE-core] [PATCH] libubootenv: upgrade 0.3.3 -> 0.3.4

Hello Stefano, This caused the following failure: https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7124/steps/12/logs/stdio | DEBUG: Executing shell function do_compile | NOTE: VERBOSE=1 cmake --build

Re: [oe-core][PATCH 2/4] python3: add libxcrypt-native dependency

Thanks for the link Am Sa, 3. Jun 2023 um 20:20:48 +0200 schrieb Alexander Kanavin : On Sat, 3 Jun 2023 at 19:52, Markus Volk > wrote: I had some time to look at this problem. virtual/crypt-native is not installed into recipe-sysroot-native because of this entry in

Re: [OE-core][mickledore 13/13] uninative: Upgrade to 4.0 to include latest gcc 13.1.1

On Sun, Jun 4, 2023 at 7:39 AM Martin Jansa wrote: > > Hi, > > it looks like this change is causing mkfs.ext4 to segfault on some builders. > > I'm seeing it on ubuntu-18.04 (I know it's unsupported now). It might be > related to older docker or libseccomp2 there, because there is similar issue

Re: [OE-core][mickledore 13/13] uninative: Upgrade to 4.0 to include latest gcc 13.1.1

Hi, it looks like this change is causing mkfs.ext4 to segfault on some builders. I'm seeing it on ubuntu-18.04 (I know it's unsupported now). It might be related to older docker or libseccomp2 there, because there is similar issue with gdk-pixbuf-native which fails when buildtools-extended is

[OE-core] OE-core CVE metrics for mickledore on Sun 04 Jun 2023 04:00:01 AM HST

Branch: mickledore New this week: 9 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-0459 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0459 * CVE-2023-2804 (CVSS3:

[OE-core] OE-core CVE metrics for kirkstone on Sun 04 Jun 2023 03:00:01 AM HST

Branch: kirkstone New this week: 3 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *

[OE-core] [PATCH 3/3] image_types: use IMAGE_FILE_MAXSIZE variable for f2fs image types

If defined, this variable value overrides the size of f2fs partition file created by mkfs. Otherwise previous logic based on ROOTFS_SIZE variable is used. It should be set when the final file size would not be above a specific value due to fixed partitionning for example. Signed-off-by:

[OE-core] [PATCH 2/3] image_types: use IMAGE_FILE_MAXSIZE variable for btrfs image types

If defined, this variable value overrides the size of btrfs partition file created by mkfs. Otherwise previous logic based on ROOTFS_SIZE variable is used. It should be set when the final file size would not be above a specific value due to fixed partitionning for example. Signed-off-by:

[OE-core] [PATCH 1/3] image_types: use IMAGE_FILE_MAXSIZE variable for ext2/3/4 image types

If defined, this variable value overrides the size of ext* partition file created by mkfs. Otherwise previous logic based on ROOTFS_SIZE variable is used. It should be set when the final file size would not be above a specific value due to fixed partitionning for example. Signed-off-by:

[OE-core] [PATCH 0/3] image_types: use IMAGE_FILE_MAXSIZE variable to create fixed partition size

In case of fixed partitionning where the rootfs partition can't exceed an amount of bytes, there is currently no automatic and no generic way to have this requirement met in any case. Until now, ROOTFS_SIZE value got from directory_size() does not takes into account the size of required metadata

[OE-core] OE-core CVE metrics for dunfell on Sun 04 Jun 2023 02:00:01 AM HST

Branch: dunfell New this week: 6 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *

[OE-core] OE-core CVE metrics for master on Sun 04 Jun 2023 01:00:01 AM HST

Branch: master New this week: 4 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-0459 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0459 * CVE-2023-2804 (CVSS3: 6.5

Re: [OE-core][PATCH v3 1/3] cve-check: add option to add additional patched CVEs

Hi Richard, Thank you for acknowledgement on my proposal. Please consider my additional input for VEX standard. There is total four main VEX standard status: - Fixed - Affected - Not Affected - Under Investigation Out for 4 standard we can adopt Fixed and Not affected status for CVE fixing. As