Re: [OE-core] [PATCH] multilib.conf: Remove the incorrect PKG_CONFIG_PATH setting

Hi Richard, On 9/20/23 18:41, Richard Purdie wrote: CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Wed, 2023-09-20 at 17:06 +0800, Yu, Mingli wrote: From: Mingli Yu The

[OE-core] [PATCH V5] tar: add ptest support

From: Yan Add a ptest for tar. - It is taking around 3m to execute with kvm, so added it to PTEST_SLOW. - It contains 242 cases. - Below is parts of the run log: START: ptest-runner 2023-09-25T05:06 BEGIN: /usr/lib/tar/ptest ## ## ## GNU tar 1.35 test suite. ##

[OE-core] [meta-oe][kirkstone][PATCH

- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f (Add str len check in config_sortlist to avoid stack overflow), fixes the CVE-2022-4904 instead of CVE-2022-4415 https://security-tracker.debian.org/tracker/CVE-2022-4904 - CVE-ID inside the CVE-2022-4904.patch is wrong

Re: [OE-core] [PATCH 09/40] boost: upgrade 1.82.0 -> 1.83.0

This fails cpp-netlib in meta-oe - https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/3169/steps/14/logs/stdio On Fri, Sep 22, 2023 at 12:24 AM Alexander Kanavin wrote: > > Signed-off-by: Alexander Kanavin > --- > .../boost/{boost-1.82.0.inc => boost-1.83.0.inc}|

[OE-core] [PATCH] systemd-boot-cfg: add .conf suffix to default entry label

Since systemd v245 (commit 6cd12ebcfe459466257ea63022a32515d756e719), systemd-boot expects default entry to have the complete filename as value. LABELS from poky are by default without any suffixes like "boot install", so default entry does not have the .conf suffix as well and systemd-boot is

[OE-core] OpenEmbedded Happy Hour September 27 5pm/1700 UTC

All, A friendly reminder - our regular monthly OpenEmbedded Happy Hour is coming up in 3 days, on September 27 for Europe/Americas timezones @ 1700/5pm UTC (1pm ET/10am PT) https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours

Re: [OE-core][PATCH] create-spdx/sbom: Ensure files don't overlap between machines

Hi Joshua On master-next poky, I am seeing a failure in usb-modeswitch do_create_runtime_spdx from meta-oe (. musl/qemuarm64 ) https://errors.yoctoproject.org/Errors/Build/172015/ building individually works ok. So perhaps some sort of race ? Another issue similar to this I see is in

[OE-core] [mickledore][PATCH v2] glibc: fix CVE-2023-4527

From: Yash Shinde Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] Signed-off-by: Yash Shinde --- .../glibc/glibc/0023-CVE-2023-4527.patch | 219 ++ meta/recipes-core/glibc/glibc_2.37.bb |

[OE-core] [PATCH v2] glibc: fix CVE-2023-4527

From: Yash Shinde Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] Signed-off-by: Yash Shinde --- .../glibc/glibc/0024-CVE-2023-4527.patch | 219 ++ meta/recipes-core/glibc/glibc_2.38.bb |

[OE-core] OE-core CVE metrics for mickledore on Sun 24 Sep 2023 04:00:01 AM HST

Branch: mickledore New this week: 13 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-25585 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64

[OE-core] OE-core CVE metrics for kirkstone on Sun 24 Sep 2023 03:00:01 AM HST

Branch: kirkstone New this week: 8 CVEs CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-4039

[OE-core] OE-core CVE metrics for dunfell on Sun 24 Sep 2023 02:00:01 AM HST

Branch: dunfell New this week: 12 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native

[OE-core] OE-core CVE metrics for master on Sun 24 Sep 2023 01:00:01 AM HST

Branch: master New this week: 6 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native

Re: [OE-core] [PATCH 3/6] sstate: Stop allowing overlapping symlinks from sstate

On Sun, 2023-09-24 at 11:14 +0200, Martin Jansa wrote: > Just FYI I think this change is now causing few more recipes to be mutually > exclusive, when they build the same library (even when it's packaged in > differently named package), in world builds I'm seeing e.g. libslirp and >

Re: [OE-core] [PATCH 3/6] sstate: Stop allowing overlapping symlinks from sstate

Just FYI I think this change is now causing few more recipes to be mutually exclusive, when they build the same library (even when it's packaged in differently named package), in world builds I'm seeing e.g. libslirp and libslirp-virt (from meta-virtualization) causing packagedata failure for one