Hello again,
I have kept been pondering on this topic for quite some time and have
after quite some thought come to the conclusion that the mismatch in
the CPE Name Matching actually is due to a wrong interpretion of the
specification on the side of the dependencytrack maintainers and by
On 2023-08-25 11:30, Shinde, Yash wrote:
Hi Luca,
The current version of Rust Oe-selftest is based on Rust 1.70 and
works well there. It is yet to be updated for Rust 1.71 (eventually
1.72 which is latest). With every new Rust version there are newly
test cases added from which some might
Signed-off-by: Adrian Freihofer
---
meta-selftest/recipes-test/cpp/cmake-example.bb | 6 ++
1 file changed, 6 insertions(+)
diff --git a/meta-selftest/recipes-test/cpp/cmake-example.bb
b/meta-selftest/recipes-test/cpp/cmake-example.bb
index 96d543180b4..fbf1f266721 100644
---
Signed-off-by: Adrian Freihofer
---
documentation/sdk-manual/extensible.rst | 97 -
1 file changed, 96 insertions(+), 1 deletion(-)
diff --git a/documentation/sdk-manual/extensible.rst
b/documentation/sdk-manual/extensible.rst
index 9e08e57a4e7..d05d4e36aa7 100644
---
Signed-off-by: Adrian Freihofer
---
meta/lib/oeqa/selftest/cases/devtool.py | 133
1 file changed, 133 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
b/meta/lib/oeqa/selftest/cases/devtool.py
index a2b77e528de..21644ef7bc2 100644
---
Instead of calling devtool deploy-target which starts a bitbake server
to get some variables the previous refactoring allows to generate a
simple script which does no longer depend on variables from bitbake.
This is much faster.
---
scripts/lib/devtool/ide.py | 115
Signed-off-by: Adrian Freihofer
---
meta/classes-global/staging.bbclass | 3 ++-
meta/lib/oe/package.py | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/meta/classes-global/staging.bbclass
b/meta/classes-global/staging.bbclass
index 3a300c32e7c..7f4075a5f6e
Signed-off-by: Adrian Freihofer
---
scripts/lib/devtool/__init__.py | 5 +-
scripts/lib/devtool/deploy.py | 230 +---
2 files changed, 124 insertions(+), 111 deletions(-)
diff --git a/scripts/lib/devtool/__init__.py b/scripts/lib/devtool/__init__.py
index
Signed-off-by: Adrian Freihofer
---
meta/lib/oe/package.py | 5 +++--
meta/lib/oe/utils.py | 12 +---
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py
index 9d70925b9b7..ffca7559ba7 100644
--- a/meta/lib/oe/package.py
+++
This simple C++ project supports compilation with cmake and with meson.
It's supposed to be used with oe-selftest for the devtool ide plugin.
Signed-off-by: Adrian Freihofer
---
meta-selftest/recipes-test/cpp/.gitignore | 1 +
.../recipes-test/cpp/cmake-example.bb | 17 ++
The new devtool ide plugin configures an IDE to work with the eSDK.
With this initial implementation VSCode is the default IDE.
The plugin works for recipes inheriting the cmake or the meson bbclass.
Support for more programming languages and build tools may be added in
the future.
Using the
Signed-off-by: Adrian Freihofer
---
meta/classes-recipe/cmake.bbclass | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/cmake.bbclass
b/meta/classes-recipe/cmake.bbclass
index 7c40df4cdbf..c63b0a80b18 100644
--- a/meta/classes-recipe/cmake.bbclass
+++
Define the CMAKE_CROSSCOMPILING_EMULATOR variable similar to what the
meson bbclass does. This allows for example to execute cross compilied
unit tests on the build machine.
CMAKE_CROSSCOMPILING_EMULATOR is a semi colon separated list of
paramters which could directly handle the -L and the -E
Changes in comparison to v2:
- Fix the oe-selftests to run on a mchine without vscode installed
According to
https://www.yoctoproject.org/community/yocto-project-engineering-request-for-quotation/
one of the proposed areas for development of the Yocto project is "VSCode IDE
Integration - New
It is essential to configure VSCode indexer plugins to ignore the build
folder of bitbake. Otherwise, the indexer plugins run with 100% CPU load
until an OOM exception occurs. In practice, this makes VSCode more or
less unusable for working with Yocto until a file like the one added by
this commit
Make the details of the cmake configure arguments available to
d.getVar(). This allows to share them with devtool via tinfoil.
Signed-off-by: Adrian Freihofer
---
meta/classes-recipe/cmake.bbclass | 43 +--
1 file changed, 24 insertions(+), 19 deletions(-)
diff
Hi Steve,
I don't think it makes much of a difference at this point. When looking
at the recipes in openembedded core (master), only a handful of recipes
provide the CVE vendor:
➜ meta git:(master) pwd
/home/jasper/git/openembedded-core/meta
➜ meta git:(master)
On Fri, Aug 25, 2023 at 9:18 AM Jasper Orschulko via
lists.openembedded.org
wrote:
>
> Hi Richard,
> hi all,
>
> I want to address a flaw in the current CPE generation functionality in
> openembedded, which renders the CPEs unusable in regards to the minimal
> requirements of the NIST CPE Name
Hi Richard,
hi all,
I want to address a flaw in the current CPE generation functionality in
openembedded, which renders the CPEs unusable in regards to the minimal
requirements of the NIST CPE Name Matching Specification standard
(https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7696.pdf).
This
On 8/25/23 12:54 AM, Richard Purdie wrote:
On Fri, 2023-08-25 at 00:09 -0700, Khem Raj wrote:
cppext test needs full toolchain as it tries to build an extention with
C, using packagegroup-core-buildessential ensures that a function
toolchain bits are pulled into ptest image, as an aside it also
After commit a8e7b0f932 (base/package: Move source revision information
from PV to PKGV) was integrated, having a recipe with a SRCREV that
currently cannot be fetched would lead to an exception during parsing.
Catch that exception and instead raise bb.parse.SkipRecipe. That way
the parsing
From: Ross Burton
The generated file covers all but two of these CVEs (which will be fixed
when [1] and [2] are resolved) so remove the redundant entries.
[1] https://github.com/nluedtke/linux_kernel_cves/issues/344
[2] https://github.com/nluedtke/linux_kernel_cves/issues/345
Signed-off-by:
From: Ross Burton
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_WHITELIST data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from
From: Ross Burton
The generated file covers all but one of these CVEs (which will be fixed
when [1] is resolved) so remove the redundant entries.
[1] https://github.com/nluedtke/linux_kernel_cves/issues/344
Signed-off-by: Ross Burton
---
meta/recipes-kernel/linux/cve-exclusion.inc | 869
From: Ross Burton
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_IGNORE data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from
From: Ross Burton
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_IGNORE data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from
From: Ross Burton
No changes to the data, but the version checks are added.
Signed-off-by: Ross Burton
---
meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 11 ++-
meta/recipes-kernel/linux/cve-exclusion_6.4.inc | 11 ++-
2 files changed, 20 insertions(+), 2 deletions(-)
From: Ross Burton
Embed the version that this file was generated for in the include, and
compare it to the version that is being checked.
This should act as a reminder to update the file when the kernel is
upgraded.
Signed-off-by: Ross Burton
---
.../linux/generate-cve-exclusions.py
Hi Luca,
The current version of Rust Oe-selftest is based on Rust 1.70 and works well
there. It is yet to be updated for Rust 1.71 (eventually 1.72 which is latest).
With every new Rust version there are newly test cases added from which some
might fail leading to failure of Rust Oe-selftest.
On 24 Aug 2023, at 14:41, Emil Kronborg Andersen via lists.openembedded.org
wrote:
>
> Signed-off-by: Emil Kronborg Andersen
> ---
> meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git
Please hold off on this. The -common design is not working correctly and is
causing those firmware packages to be registered as a runtime dependency of the
main package.
Tom
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Tom Hochstein via
From: Ross Burton
No changes to the data, but the version checks are added.
Signed-off-by: Ross Burton
---
meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 11 ++-
meta/recipes-kernel/linux/cve-exclusion_6.4.inc | 11 ++-
2 files changed, 20 insertions(+), 2 deletions(-)
From: Ross Burton
Embed the version that this file was generated for in the include, and
compare it to the version that is being checked.
This should act as a reminder to update the file when the kernel is
upgraded.
Signed-off-by: Ross Burton
---
.../linux/generate-cve-exclusions.py
Hello Yash,
On Thu, 24 Aug 2023 07:30:18 -0700
"Shinde, Yash via lists.openembedded.org"
wrote:
> Switch libstd-rs to use the dummy `sysroot` crate which represents the
> standard library crates. Target getrandom-open64.patch at 0.2.8 (merged
> for 0.2.9).
>
> Drop bootstrap_fail.patch as it
From: Narpat Mali
The delta between 3.1.27 & 3.1.32 contains the CVE-2022-24439 &
CVE-2023-40267 fixes and other bugfixes.
Changelog:
https://github.com/gitpython-developers/GitPython/releases/tag/3.1.32
https://gitpython.readthedocs.io/en/stable/changes.html#id5
- Bump
Signed-off-by: Alexander Kanavin
---
meta/lib/oe/recipeutils.py | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oe/recipeutils.py b/meta/lib/oe/recipeutils.py
index 6996e426ec0..3336db8ab06 100644
--- a/meta/lib/oe/recipeutils.py
+++
Signed-off-by: Alexander Kanavin
---
meta/recipes-devtools/python/python3-sphinx_7.1.1.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/python/python3-sphinx_7.1.1.bb
b/meta/recipes-devtools/python/python3-sphinx_7.1.1.bb
index fa616cd5044..92d60126922 100644
---
Hi Luca,
Sorry about that. I sent them to the meta-oe mailing list now.
Best regards,
Emil
From: Luca Ceresoli
Sent: Friday, August 25, 2023 10:24
To: Emil Kronborg Andersen via lists.openembedded.org
Cc: Emil Kronborg Andersen ;
From: Yogita Urade
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests
Hello Emil,
On Thu, 24 Aug 2023 16:07:44 +0200
"Emil Kronborg Andersen via lists.openembedded.org"
wrote:
> Some recipes does not have 'CVE_PRODUCT' set, and will thus pass a check
> against the NIST database with 0 CVEs, even though there could be
> several.
>
> Emil Kronborg Andersen (3):
>
The commit
[https://github.com/openembedded/openembedded-core/commit/9bd4ddeb4b5efc65b0514d50d6991211271924c1]
backports fix for CVE-2023-2861 for version 6.2.0.
The 'qemu_fstat' in `do_create_others' is not defined which leads to the
undefined symbol error on certain architectures.
Also, the
On Fri, 2023-08-25 at 00:09 -0700, Khem Raj wrote:
> cppext test needs full toolchain as it tries to build an extention with
> C, using packagegroup-core-buildessential ensures that a function
> toolchain bits are pulled into ptest image, as an aside it also
> abstracts hardcoding compiler to be
From: Narpat Mali
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg
CLI)
and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0
which
is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at
all.
Debian & Bugzilla
From: Soumya Sambu
Extremely large RSA keys in certificate chains can cause a
client/server to expend significant CPU time verifying
signatures. With fix, the size of RSA keys transmitted
during handshakes is restricted to <= 8192 bits. Based on
a survey of publicly trusted RSA keys, there are
Hi Richard,
On 8/25/23 08:41, Richard Purdie wrote:
> On Thu, 2023-08-24 at 11:18 +0200, Alexis Lothoré via
> lists.openembedded.org wrote:
>> From: Alexis Lothoré
>>
>> Whenever a script needs to list tags, if it falls back to the third method
>> (reading local tags only), it emits a warning.
Hi,
On Fri, Aug 25, 2023 at 07:34:25AM +0100, Richard Purdie wrote:
> On Fri, 2023-08-25 at 09:27 +0300, Mikko Rapeli wrote:
> > Hi,
> >
> > On Thu, Aug 24, 2023 at 09:18:03PM +0100, Richard Purdie wrote:
> > > On Thu, 2023-08-24 at 15:04 +0100, Richard Purdie via
> > > lists.openembedded.org
cppext test needs full toolchain as it tries to build an extention with
C, using packagegroup-core-buildessential ensures that a function
toolchain bits are pulled into ptest image, as an aside it also
abstracts hardcoding compiler to be gcc
Signed-off-by: Khem Raj
---
On Thu, 2023-08-24 at 11:18 +0200, Alexis Lothoré via
lists.openembedded.org wrote:
> From: Alexis Lothoré
>
> Whenever a script needs to list tags, if it falls back to the third method
> (reading local tags only), it emits a warning. While this warning is useful
> for future diagnostic if some
On Fri, 2023-08-25 at 09:27 +0300, Mikko Rapeli wrote:
> Hi,
>
> On Thu, Aug 24, 2023 at 09:18:03PM +0100, Richard Purdie wrote:
> > On Thu, 2023-08-24 at 15:04 +0100, Richard Purdie via
> > lists.openembedded.org wrote:
> > > On Wed, 2023-08-23 at 22:16 +0100, Richard Purdie via
> > >
Hi,
On Thu, Aug 24, 2023 at 09:18:03PM +0100, Richard Purdie wrote:
> On Thu, 2023-08-24 at 15:04 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > On Wed, 2023-08-23 at 22:16 +0100, Richard Purdie via
> > lists.openembedded.org wrote:
> > > On Tue, 2023-08-22 at 23:01 +0100, Richard
50 matches
Mail list logo