Hello Alex,
This doesn't apply cleanly, it seems the context is from another series.
On 20/10/2023 19:12:32+0200, Alexander Kanavin wrote:
> Specifically, the test checks that everything needed for building
> standard oe-core images for x86_64 and arm64 is available from
> the cache (with minor
Hello,
This doesn't apply on master, can you rebase?
On 20/10/2023 16:09:14+0800, Xiangyu Chen wrote:
> From: Xiangyu Chen
>
> Crafted file system images can cause heap-based buffer overflow and may
> allow arbitrary code execution and secure boot bypass
>
> Reference:
>
This is updated in openssl [1] [2] since opensssl 3.2 onwards
[1]
https://github.com/openssl/openssl/commit/42ee6e7be43c57136d71e5612fed22a06f7f5d0e
[2]
https://github.com/openssl/openssl/commit/c29554245ae107c87d71c8463eef0134391da318
Signed-off-by: Khem Raj
---
On Fri, Oct 20, 2023 at 7:26 AM wrote:
>
> Quoting Steve Sakoman :
>
> > On Thu, Oct 19, 2023 at 3:28 AM Sean Nyekjaer wrote:
> >>
> >> Lets use the launcher-seatd as default, launcher-logind is "sometimes"
> >> failing to provide input events. Further more is the launcher-logind
> >> depricated
Quoting Steve Sakoman :
On Thu, Oct 19, 2023 at 3:28 AM Sean Nyekjaer wrote:
Lets use the launcher-seatd as default, launcher-logind is "sometimes"
failing to provide input events. Further more is the launcher-logind
depricated in newer versions of weston.
Changing behaviour is typically
Signed-off-by: Alex Stewart
---
.../libsndfile1/cve-2022-33065.patch | 739 ++
.../libsndfile/libsndfile1_1.2.2.bb | 1 +
2 files changed, 740 insertions(+)
create mode 100644
meta/recipes-multimedia/libsndfile/libsndfile1/cve-2022-33065.patch
diff --git
This was writing out locked-sigs.inc into cwd with every
'bitbake -S' invocation. When the intent is only to to get task
stamps (-S none), or print the difference between them (-S printdiff),
the file is unnecessary clutter.
A couple of selftests/scripts were however relying on this, so they're
Specifically, the test checks that everything needed for building
standard oe-core images for x86_64 and arm64 is available from
the cache (with minor exceptions). Going forward, a complete
world check could be enabled and additional configurations,
but that requires improvements to performance of
On 10/20/23 6:42 AM, Niko Mauno via lists.openembedded.org wrote:
On 20.10.2023 16.00, Richard Purdie wrote:
Is it common for people to need to manipulate rpms on target without
rpm being present using busybox? Do you know if busybox plans to add
zstd support?
As far as I could tell when we
On Thu, Oct 19, 2023 at 3:28 AM Sean Nyekjaer wrote:
>
> Lets use the launcher-seatd as default, launcher-logind is "sometimes"
> failing to provide input events. Further more is the launcher-logind
> depricated in newer versions of weston.
Changing behaviour is typically not allowed in stable
On 10/20/23 12:49 AM, Mikko Rapeli wrote:
Many recipes embed other SW components. The name and version of the
embedded SW component differs from the main recipe. To detect CVEs in the
embedded SW component, it needs to be added to CVE_PRODUCT list using
name of the SW product in CVE database or
Hi Alex,
You can find the rust 1.73.0 upgrade here -
https://lists.openembedded.org/g/openembedded-core/message/189512
Thanks,
Sundeep K.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189570):
From: Martijn de Gouw
This script is not always called with /sbin and /usr/sbin in the PATH
already, for example when called via ssh. Explicitly set PATH to make
sure it includes /sbin and /usr/sbin since that's where start-stop-daemon
is located.
Signed-off-by: Martijn de Gouw
Signed-off-by:
From: Peter Kjellerstedt
The original solution replaced all overrides with the package name that
was being checked. This can have unforseen consequences where some
variable involved in defining the value for the PKG: variable
may rely on some override which is not set as expected. It also meant
From: Daniel Semkowicz
Debug message about using custom configuration file includes file name
with incorrect extension. Correct file name to "extlinux.conf".
Signed-off-by: Daniel Semkowicz
Signed-off-by: Richard Purdie
(cherry picked from commit dd63e1520454b2d53a48b72eaae126059af9809b)
From: Richard Purdie
Fix warnings from oe-selftest -j:
/usr/lib/python3.10/os.py:1030: RuntimeWarning: line buffering (buffering=1)
isn't supported in binary mode, the default buffer size will be used
return io.open(fd, mode, buffering, encoding, *args, **kwargs)
Remove the option since it
From: Richard Purdie
The test results repository contains tags like:
master/64501-g65c94ca3196e5ef3344a469fea8e30444f2e967a/0
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/3
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/2
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/1
From: Richard Purdie
The test above this removal correctly looks at symlinks however to
remove a symlink we should call unlink(), not remove(). This avoids
some build failures/tracebacks.
Signed-off-by: Richard Purdie
(cherry picked from commit dbdb6e73b0f52bc5f9429aca47802d51edbbc834)
From: Jan Garcia
Operating systems limit the shebang to a maximum number of bytes.
This patch makes the shebang-size check count raw bytes instead of UTF-8
characters.
Signed-off-by: Jan Garcia
Signed-off-by: Richard Purdie
(cherry picked from commit d4ac66c5cdaf971fb717cc5c5bf9aa51a787d412)
From: Martin Jansa
* this caused liberation-font-native to depend on TUNE_PKGARCH target fontconfig
because ${MLPREFIX}fontconfig-utils is added to RDEPENDS in anonymous python
* the dependency tree for liberation-font-native got much shorter
(just quilt-native and liberation-font-native
From: Michael Opdenacker
Signed-off-by: Michael Opdenacker
Signed-off-by: Richard Purdie
(cherry picked from commit 8c987afb2054f24d9bf86305774c186a6e015a8f)
Signed-off-by: Steve Sakoman
---
...test-retriable-tests-are-marked-failed-only-when-all-a.patch | 2 +-
1 file changed, 1
From: Michael Opdenacker
Replace "Accepted" by "Backport" as specified on
https://docs.yoctoproject.org/migration-guides/migration-3.2.html#miscellaneous-changes
Signed-off-by: Michael Opdenacker
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Quentin Schulz
uboot-extlinux-config allows to specify multiple "labels" (entries in a
menu, à-la grub) and each of them have their own values for some fields.
Each "base" variable, e.g. UBOOT_EXTLINUX_FDT can be overridden for each
label. This is done via the OVERRIDES mechanism based on
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5535.
Signed-off-by: Siddharth Doshi
Signed-off-by: Steve Sakoman
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
082280fe94a0 Linux 6.1.57
a4cc925e2e12 xen/events: replace evtchn_rwlock with RCU
a4fcf8a242c6 ipv6: remove one read_lock()/read_unlock() pair in
rt6_check_neigh()
Signed-off-by: Steve Sakoman
---
meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index b6b9ca00d4..d172261886 100644
---
From: Bruce Ashfield
Integrating the following commit(s) to linux-yocto/.:
0816d0a6984 qemuarma15: add ARM_PATCH_PHYS_VIRT
Signed-off-by: Bruce Ashfield
Signed-off-by: Richard Purdie
(cherry picked from commit 732d1ee4bc824cb52fab4327601efdb1558b6d9c)
Signed-off-by: Steve Sakoman
---
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
ecda77b46871 Linux 6.1.56
8c515d4f2d66 ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
a3c1da448353 mm, memcg: reconsider kmem.limit_in_bytes deprecation
b8901b6c2e9b
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
d23900f974e0 Linux 6.1.55
0db211ec0f1d interconnect: Teach lockdep about icc_bw_lock order
b93aeb6352b0 net/sched: Retire rsvp classifier
4c6bb9158179 drm/amdgpu: fix
From: Ross Burton
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 46dd8ce41756dbc2aa0f9001416f208cced1c8d5)
Signed-off-by: Steve Sakoman
---
.../xorg-lib/{libxpm_3.5.16.bb =>
From: Ross Burton
This incorporates fixes for the following CVEs:
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit a1534bb34b680bfc5cb2f35b5fd5a0c2afed6368)
Signed-off-by: Steve Sakoman
---
From: Lee Chee Yang
1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)
1.26.16 (2023-05-23)
Fixed thread-safety issue
From: Antoine Lubineau
This allows building detailed vulnerability analysis tools without
relying on external resources.
Signed-off-by: Antoine Lubineau
Signed-off-by: Alexandre Belloni
(cherry picked from commit 048ff0ad927f4d37cc5547ebeba9e0c221687ea6)
Signed-off-by: Steve Sakoman
---
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/qemu/qemu.inc | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 00decc57e5..a7f1099dd5 100644
---
From: Sean Nyekjaer
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:
+u32 len;
Please review this set of changes for mickledore and have comments back by
end of day Tuesday, October 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6075
with the exception of the meta-arm test which fails due to the linux-yocto 6.1
version
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +++
2 files changed, 43 insertions(+)
create mode 100644
On Fri, Oct 20, 2023 at 10:24 AM Richard Purdie
wrote:
>
> On Fri, 2023-10-20 at 08:52 -0400, Bruce Ashfield wrote:
> > On Fri, Oct 20, 2023 at 7:19 AM Rasmus Villemoes
> > wrote:
> > >
> > > On 20/10/2023 12.13, Richard Purdie wrote:
> > > > On Fri, 2023-10-20 at 12:03 +0200, Rasmus Villemoes
Le ven. 20 oct. 2023 à 16:04, Richard Purdie
a écrit :
>
> On Fri, 2023-10-20 at 14:57 +0200, Julien Stephan wrote:
> > Le jeu. 19 oct. 2023 à 20:34, Alexandre Belloni
> > a écrit :
> > >
> > > On 19/10/2023 20:20:33+0200, Julien Stephan wrote:
> > > > Le jeu. 19 oct. 2023 à 15:49, Alexandre
the test_lic_files_chksum_modified_not_mentioned test in patchtest
wasn't picking up on 'License-Update:' tags correctly. Use pyparsing's
AtLineStart class to simplify the regex setup and search.
Signed-off-by: Trevor Gamblin
---
meta/lib/patchtest/tests/test_metadata_lic_files_chksum.py | 5
On Fri, 2023-10-20 at 16:34 +0200, Alexander Kanavin wrote:
> On Fri, 20 Oct 2023 at 15:44, Richard Purdie
> wrote:
> > I did idly wonder if we need to set the sig handler to not use
> > hashequiv for these tests? I haven't checked if that would help though,
> > I'm just making a wild guess.
>
>
On Fri, 20 Oct 2023 at 15:44, Richard Purdie
wrote:
> I did idly wonder if we need to set the sig handler to not use
> hashequiv for these tests? I haven't checked if that would help though,
> I'm just making a wild guess.
I fired it up with BB_HASHSERVE = "auto" set inside the test, let's see:
On Fri, 2023-10-20 at 08:52 -0400, Bruce Ashfield wrote:
> On Fri, Oct 20, 2023 at 7:19 AM Rasmus Villemoes
> wrote:
> >
> > On 20/10/2023 12.13, Richard Purdie wrote:
> > > On Fri, 2023-10-20 at 12:03 +0200, Rasmus Villemoes wrote:
> > > > On 20/10/2023 11.38, Richard Purdie wrote:
> > > > > On
Hi Marta
On 20.10.23 at 10:36, Marta Rybczynska wrote:
Hello everyone,
We have a constant flow of work on pending CVEs. During my discussion
with multiple people, there is a common need for synchronization of
this work to avoid duplication or forgotten fixes.
We have a decision on the tooling
On Fri, 2023-10-20 at 14:57 +0200, Julien Stephan wrote:
> Le jeu. 19 oct. 2023 à 20:34, Alexandre Belloni
> a écrit :
> >
> > On 19/10/2023 20:20:33+0200, Julien Stephan wrote:
> > > Le jeu. 19 oct. 2023 à 15:49, Alexandre Belloni
> > > a écrit :
> > > >
> > > > Hello,
> > > >
> > > > On
On 20 Oct 2023, at 14:58, Ross Burton wrote:
> We might want to belt-and-braces this by backporting the fix to LLVM too?
> https://github.com/llvm/llvm-project/issues/6057
Hm maybe not. That’s the referenced bug in the shared-mime-info commit but it
was closed years ago…
Ross
We might want to belt-and-braces this by backporting the fix to LLVM too?
https://github.com/llvm/llvm-project/issues/6057
Ross
> On 19 Oct 2023, at 18:44, Khem Raj via lists.openembedded.org
> wrote:
>
> Clang finds it, gcc does not.
>
> Signed-off-by: Khem Raj
> ---
> v2: Some more
On Thu, Oct 19, 2023 at 1:02 PM Khem Raj wrote:
>
>
>
> On Thu, Oct 19, 2023 at 5:16 AM Sanjana.Venkatesh via lists.openembedded.org
> wrote:
>>
>> Hi Khem,
>>
>> We tried increasing the memory and no regression failures were found.
>>
>
>
> Thanks for following up
>
> Steve
>
> We can cherry
On Fri, 2023-10-20 at 15:12 +0200, Alexander Kanavin wrote:
> On Wed, 18 Oct 2023 at 21:39, Alexandre Belloni
> wrote:
> > ERROR: Can't find a task we're supposed to have written out? (hash:
> > e79d70b9c2cc72030c1ce822525510699a1eeb1ddf5986271d3217422244366a)?
> > ERROR: Can't find a task we're
On 20.10.2023 16.00, Richard Purdie wrote:
Is it common for people to need to manipulate rpms on target without
rpm being present using busybox? Do you know if busybox plans to add
zstd support?
As far as I could tell when we looked at this, the rpm world was moving
over to zstd so adding in
From: Glenn Strauss
- remove obsolete modules
- replace mod_compress directives with mod_deflate
- do not enable debug.log-request-handling by default
(should not be enabled *by default* on any production system,
especially not an embedded system)
- update TLS syntax for modern recommended
From: Glenn Strauss
Signed-off-by: Glenn Strauss
---
.../lighttpd/{lighttpd_1.4.71.bb => lighttpd_1.4.72.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/lighttpd/{lighttpd_1.4.71.bb =>
lighttpd_1.4.72.bb} (97%)
diff --git
From: Glenn Strauss
- add configtest option
- add configtest before starting, restart, reload, force-reload
- change reload,force-reload to use lighttpd graceful restart
via kill signal USR1
Signed-off-by: Glenn Strauss
---
.../lighttpd/lighttpd/lighttpd| 19
From: Glenn Strauss
Glenn Strauss (3):
lighttpd: upgrade 1.4.71 -> 1.4.72
lighttpd: update init script
lighttpd: modernize lighttpd.conf
.../lighttpd/lighttpd/lighttpd| 19 +-
.../lighttpd/lighttpd/lighttpd.conf | 38 ---
On Wed, 18 Oct 2023 at 21:39, Alexandre Belloni
wrote:
> ERROR: Can't find a task we're supposed to have written out? (hash:
> e79d70b9c2cc72030c1ce822525510699a1eeb1ddf5986271d3217422244366a)?
> ERROR: Can't find a task we're supposed to have written out? (hash:
>
On Fri, 2023-10-20 at 12:44 +, Niko Mauno via
lists.openembedded.org wrote:
> From: Niko Mauno
>
> Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd
> instead of xz") changed the rpm package compressor from 'xz' to 'zstd'
> which results in decompression failure with
Le jeu. 19 oct. 2023 à 20:34, Alexandre Belloni
a écrit :
>
> On 19/10/2023 20:20:33+0200, Julien Stephan wrote:
> > Le jeu. 19 oct. 2023 à 15:49, Alexandre Belloni
> > a écrit :
> > >
> > > Hello,
> > >
> > > On 19/10/2023 09:36:53+0200, Julien Stephan wrote:
> > > > add support for PEP517 [1]
On Fri, Oct 20, 2023 at 7:19 AM Rasmus Villemoes
wrote:
>
> On 20/10/2023 12.13, Richard Purdie wrote:
> > On Fri, 2023-10-20 at 12:03 +0200, Rasmus Villemoes wrote:
> >> On 20/10/2023 11.38, Richard Purdie wrote:
> >>> On Fri, 2023-10-20 at 10:10 +0200, Rasmus Villemoes wrote:
> On
From: Niko Mauno
Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd
instead of xz") changed the rpm package compressor from 'xz' to 'zstd'
which results in decompression failure with BusyBox-provided 'rpm2cpio'
applet and 'rpm' applet when given the '-i' (Install package)
From: Niko Mauno
Some local variables defined in do_package_rpm() are not referenced, so
remove such dead code lines.
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 4
1 file changed, 4 deletions(-)
diff --git a/meta/classes-global/package_rpm.bbclass
From: Niko Mauno
Add the missing conventional space characters around bitbake variable
assignment operators. Also fix a typo on a comment line.
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git
From: Niko Mauno
Fix following subset of observations reported by version 2.10.0 of
pycodestyle utility:
meta/classes-global/package_rpm.bbclass:65:46: E231 missing whitespace after
','
meta/classes-global/package_rpm.bbclass:66:46: E231 missing whitespace after
','
From: Xiangyu Chen
shadow-utils: possible password leak during passwd(1) change
Signed-off-by: Xiangyu Chen
---
.../shadow/files/CVE-2023-4641.patch | 147 ++
meta/recipes-extended/shadow/shadow.inc | 1 +
2 files changed, 148 insertions(+)
create mode 100644
On 20/10/2023 12.13, Richard Purdie wrote:
> On Fri, 2023-10-20 at 12:03 +0200, Rasmus Villemoes wrote:
>> On 20/10/2023 11.38, Richard Purdie wrote:
>>> On Fri, 2023-10-20 at 10:10 +0200, Rasmus Villemoes wrote:
On 19/10/2023 14.48, Richard Purdie wrote:
>>
> The fact this works suggests
Le ven. 20 oct. 2023 à 08:01, Alexandre Belloni
a écrit :
>
> Hello,
>
> On 19/10/2023 09:36:52+0200, Julien Stephan wrote:
> > In order to prepare the support for pyproject.toml (PEP517 [1]) enabled
> > projects, refactor the code and move setup.py specific code into a
> > specific class in
From: Xiangyu Chen
Based on Alex's 4.13->4.14.0 patch (oe-core maillist #187776)
Refresh patch: commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
Drop patches:
0001-Disable-use-of-syslog-for-sysroot.patch
0001-Fix-can-not-print-full-login.patch
0001-Overhaul-valid_field.patch
On Fri, 2023-10-20 at 12:03 +0200, Rasmus Villemoes wrote:
> On 20/10/2023 11.38, Richard Purdie wrote:
> > On Fri, 2023-10-20 at 10:10 +0200, Rasmus Villemoes wrote:
> > > On 19/10/2023 14.48, Richard Purdie wrote:
>
> > > > The fact this works suggests perf is ignoring TARGET_CFLAGS. Is there
>
On 20/10/2023 11.38, Richard Purdie wrote:
> On Fri, 2023-10-20 at 10:10 +0200, Rasmus Villemoes wrote:
>> On 19/10/2023 14.48, Richard Purdie wrote:
>>> The fact this works suggests perf is ignoring TARGET_CFLAGS. Is there
>>> anything in the perf build system where we should be passing in
On Fri, 2023-10-20 at 10:10 +0200, Rasmus Villemoes wrote:
> On 19/10/2023 14.48, Richard Purdie wrote:
> > On Thu, 2023-10-19 at 14:32 +0200, Rasmus Villemoes via
> > lists.openembedded.org wrote:
> > > From: Rasmus Villemoes
> > >
> > > Building perf without security_flags.inc being included
Hello everyone,
We have a constant flow of work on pending CVEs. During my discussion
with multiple people, there is a common need for synchronization of
this work to avoid duplication or forgotten fixes.
We have a decision on the tooling to make: do we want to create a
Bugzilla entry for each
From: Xiangyu Chen
There an out-of-bounds read at fs/ntfs.c, a physically present attacker
may leverage that by presenting a specially crafted NTFS file system
image to read arbitrary memory locations. A successful attack may allow
sensitive data cached in memory or EFI variables values to be
On 19/10/2023 14.48, Richard Purdie wrote:
> On Thu, 2023-10-19 at 14:32 +0200, Rasmus Villemoes via
> lists.openembedded.org wrote:
>> From: Rasmus Villemoes
>>
>> Building perf without security_flags.inc being included in one's
>> distro results in the buildpaths warning
>>
>> WARNING:
From: Siddharth Doshi
CVE's Fixed:
CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: libX11: stack exhaustion from infinite recursion in
PutSubImage()
CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap
overflow
Signed-off-by:
From: Xiangyu Chen
Crafted file system images can cause heap-based buffer overflow and may
allow arbitrary code execution and secure boot bypass
Reference:
https://security-tracker.debian.org/tracker/CVE-2023-4692
Signed-off-by: Xiangyu Chen
---
.../grub/files/CVE-2023-4692.patch
On 10/19/23 17:21, Michael Opdenacker wrote:
> Hi Yoann
Hi,
> On 19.10.23 at 10:00, Yoann Congal wrote:
>> Hi everyone,
>>
>> We recently implemented a way to detect recipes for upstream code that
>> contain unit tests but does not implement ptests.
>> Those recipes make good candidates for
On Fri, Oct 20, 2023 at 08:56:43AM +0100, Jose Quaresma wrote:
> Mikko Rapeli escreveu no dia quinta, 19/10/2023
> à(s) 13:45:
>
> > Hi,
> >
> > Could something like this work?
> >
> > --- a/meta/lib/oe/cve_check.py
> > +++ b/meta/lib/oe/cve_check.py
> > @@ -140,15 +140,14 @@ def
Hi Alexandre,
This patch is still on master-next but It is no longer necessary because
[2] was merged on master and contains the same fixes.
[2]
https://git.yoctoproject.org/poky/commit/?id=64f76114da1f2d79e24a6a79572f2682b6379452
Jose
Erik Schilling escreveu no dia quarta,
18/10/2023 à(s)
Mikko Rapeli escreveu no dia quinta, 19/10/2023
à(s) 13:45:
> Hi,
>
> Could something like this work?
>
> --- a/meta/lib/oe/cve_check.py
> +++ b/meta/lib/oe/cve_check.py
> @@ -140,15 +140,14 @@ def get_patched_cves(d):
> return patched_cves
>
>
> -def get_cpe_ids(cve_product, version):
>
Many recipes embed other SW components. The name and version of the
embedded SW component differs from the main recipe. To detect CVEs in the
embedded SW component, it needs to be added to CVE_PRODUCT list using
name of the SW product in CVE database or with "vendor:product" syntax.
Then the
If the distro feature usrmerge is set, all files from /bin are moved to
/usr/bin, i.e. /usr/bin/sh is the same as /bin/sh and should be allowed be
ignored, because it's always present.
Signed-off-by: Jörg Sommer
---
meta/classes-global/insane.bbclass | 4
1 file changed, 4 insertions(+)
Mikko Rapeli escreveu no dia quinta, 19/10/2023
à(s) 13:21:
> Hi,
>
> On Thu, Oct 19, 2023 at 12:54:44PM +0100, Jose Quaresma wrote:
> > Hi
> >
> > This change will need some adaptations in the create-spdx.bbclass to
> handle
> > this new variable with _PN
>
> Good point. How does SPDX tooling
Hello Alexandre,
On 10/20/23 08:05, Alexandre Belloni via lists.openembedded.org wrote:
> Hello Alexis,>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/5886/steps/14/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5935/steps/14/logs/stdio
>
Hello Alexis,
On 19/10/2023 11:53:50+0200, Alexis Lothoré via lists.openembedded.org wrote:
> It has been observed that useful information in regression report can be
> drowned in huge regression lists which are often false-positives (for
> example, a whole set of tests has been temporarily
Hello,
On 19/10/2023 09:36:52+0200, Julien Stephan wrote:
> In order to prepare the support for pyproject.toml (PEP517 [1]) enabled
> projects, refactor the code and move setup.py specific code into a
> specific class in order to allow sharing the PythonRecipeHandler class
>
> No functionnal
84 matches
Mail list logo
