Hi Richard,
On 9/20/23 18:41, Richard Purdie wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Wed, 2023-09-20 at 17:06 +0800, Yu, Mingli wrote:
From: Mingli Yu
The
From: Yan
Add a ptest for tar.
- It is taking around 3m to execute with kvm, so added it to PTEST_SLOW.
- It contains 242 cases.
- Below is parts of the run log:
START: ptest-runner
2023-09-25T05:06
BEGIN: /usr/lib/tar/ptest
## ##
## GNU tar 1.35 test suite. ##
- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f
(Add str len check in config_sortlist to avoid stack overflow),
fixes the CVE-2022-4904 instead of CVE-2022-4415
https://security-tracker.debian.org/tracker/CVE-2022-4904
- CVE-ID inside the CVE-2022-4904.patch is wrong
This fails cpp-netlib in meta-oe -
https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/3169/steps/14/logs/stdio
On Fri, Sep 22, 2023 at 12:24 AM Alexander Kanavin
wrote:
>
> Signed-off-by: Alexander Kanavin
> ---
> .../boost/{boost-1.82.0.inc => boost-1.83.0.inc}|
Since systemd v245 (commit 6cd12ebcfe459466257ea63022a32515d756e719),
systemd-boot
expects default entry to have the complete filename as value.
LABELS from poky are by default without any suffixes like "boot install", so
default entry
does not have the .conf suffix as well and systemd-boot is
All,
A friendly reminder - our regular monthly OpenEmbedded Happy Hour is coming
up in 3 days, on September 27 for Europe/Americas timezones @ 1700/5pm UTC
(1pm ET/10am PT)
https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
Hi Joshua
On master-next poky, I am seeing a failure in usb-modeswitch
do_create_runtime_spdx from meta-oe (. musl/qemuarm64 )
https://errors.yoctoproject.org/Errors/Build/172015/
building individually works ok. So perhaps some sort of race ?
Another issue similar to this I see is in
From: Yash Shinde
Upstream-Status:
Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
Signed-off-by: Yash Shinde
---
.../glibc/glibc/0023-CVE-2023-4527.patch | 219 ++
meta/recipes-core/glibc/glibc_2.37.bb |
From: Yash Shinde
Upstream-Status:
Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f]
Signed-off-by: Yash Shinde
---
.../glibc/glibc/0024-CVE-2023-4527.patch | 219 ++
meta/recipes-core/glibc/glibc_2.38.bb |
Branch: mickledore
New this week: 13 CVEs
CVE-2023-25584 (CVSS3: 7.1 HIGH):
binutils:binutils-cross-testsuite:binutils-cross-x86_64
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
CVE-2023-25585 (CVSS3: 5.5 MEDIUM):
binutils:binutils-cross-testsuite:binutils-cross-x86_64
Branch: kirkstone
New this week: 8 CVEs
CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 *
CVE-2023-3341 (CVSS3: 7.5 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 *
CVE-2023-4039
Branch: dunfell
New this week: 12 CVEs
CVE-2023-25584 (CVSS3: 7.1 HIGH):
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native
Branch: master
New this week: 6 CVEs
CVE-2023-25584 (CVSS3: 7.1 HIGH):
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native
On Sun, 2023-09-24 at 11:14 +0200, Martin Jansa wrote:
> Just FYI I think this change is now causing few more recipes to be mutually
> exclusive, when they build the same library (even when it's packaged in
> differently named package), in world builds I'm seeing e.g. libslirp and
>
Just FYI I think this change is now causing few more recipes to be mutually
exclusive, when they build the same library (even when it's packaged in
differently named package), in world builds I'm seeing e.g. libslirp and
libslirp-virt (from meta-virtualization) causing packagedata failure for
one
15 matches
Mail list logo