Hi Alex,
Thanks for your suggestion!
Both sshd.socket and sshd.service belong to openssh-sshd package, so using
SYSTEMD_AUTO_ENABLE can't enable one of them, it just can enable both or
disable both.
Thanks,
From: Alex Kiernan
Sent: Wednesday, December 6,
Hi Peter,
Thanks very much for your comments!
Please use v4([OE-core] [PATCH v4] openssh: Add PACKAGECONFIG option to
customize sshd mode) to track the series.
Thanks,
From: Peter Kjellerstedt
Sent: Thursday, December 7, 2023 06:34
To: Yu, Mingli ;
Require the presence of a recent change in bitbake 2.6.1 for runqueue
setscene dependency handling improvements.
Signed-off-by: Richard Purdie
---
meta/conf/sanity.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/conf/sanity.conf b/meta/conf/sanity.conf
index
With recent changes to runqueue in bitbake, this horrible hack is no longer
needed
and we can drop it.
Signed-off-by: Richard Purdie
---
meta/classes-global/sstate.bbclass | 5 -
1 file changed, 5 deletions(-)
diff --git a/meta/classes-global/sstate.bbclass
On Mon, 2023-12-04 at 03:36 +, Soumya via lists.openembedded.org
wrote:
> From: Soumya Sambu
>
> These CVEs affect path handling on Windows.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2023-45283
> https://nvd.nist.gov/vuln/detail/CVE-2023-45284
>
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Yu, Mingli
> Sent: den 5 december 2023 06:52
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH v2] openssh: Add PACKAGECONFIG option to customize
> sshd mode
>
> From: Mingli
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Xiangyu Chen
> Sent: den 4 december 2023 08:07
> To: Khem Raj
> Cc: quaresma.j...@gmail.com; openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][PATCH] openssh:
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Johannes Pointner via
> lists.openembedded.org
> Sent: den 1 december 2023 11:54
> To: openembedded-core@lists.openembedded.org
> Cc: Johannes Pointner
> Subject: [OE-core] [PATCH] ldconfig-native: Add
From: Peter Kjellerstedt
Running `devtool search gcc` would result in errors for virtual recipes.
The reason was the newly introduced :layer- override.
When tinfoil parsed the recipes using the parseRecipeFile() function, it
failed to properly identify the layername for virtual recipes, which
In addition to updating the sha256sum and removing the md5sum, update
all other existing checksums. If the only existing checksum is md5sum,
then replace it with the default expected checksums (currently only
sha256sum).
Signed-off-by: Peter Kjellerstedt
---
[PATCHv2] Updated the commit message
The recent Yocto Project Summit and the devtool hands-on class triggered
a couple of questions for me, and when I investigated them, I stumbled
upon a number of problems. This series of patches solves them.
The first four patches are needed for me to be able to execute the
devtool and recipetool
Rather than having a static list of crunched MD5 checksums for some of
the most common licenses, calculate it for all common licenses. This
should improve the identification of license text variantions.
Signed-off-by: Peter Kjellerstedt
---
scripts/lib/recipetool/create.py | 91
This avoids the following error when using --no-extract, introduced in
commit 900129cbdf (devtool: add support for git submodules):
Traceback (most recent call last):
File ".../scripts/devtool", line 349, in
ret = main()
File ".../scripts/devtool", line 336, in main
ret =
* Avoid trying to write to read-only directories and file systems.
* Support symbolic links in BBPATH.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/devtool.py | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git
Rather than including all SRC_URI checksums, include the ones that are
expected. These are the same as are output if no checksums are included
when building the recipe.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/recipetool.py | 19 ---
Before, a variable such as SRC_URI[sha512sum] would end up as:
SRC_URI[sha512sum] = "45ff3abce4dab24a8090409e6d7bb26afa7fa7812a51e067 \
28c2aa47d5b4de610d97ba4609cf13d9173087bd909fdf377235eee988a6fdcf52abb7 \
0341c40b5b"
when updated by patch_recipe_lines().
Signed-off-by: Peter Kjellerstedt
To avoid potential problems due to global Git hooks, add --no-verify to
a `git commit --amend` command.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
If the build environment is setup using `repo`, then poky/.git/object
is a symbolic link rather than a directory. To clone such repositories,
the source path must be prefixed with "file://". This avoids the
following error:
fatal: failed to start iterator over '.../poky/.git/objects': Not a
* Avoid trying to write to read-only directories and file systems.
* Support symbolic links in BBPATH.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/recipetool.py | 25 +-
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git
I wonder if we should start using sha512sum along with sha256sum as
default with devtool upgrade and skip others.
On Wed, Dec 6, 2023 at 11:22 AM Peter Kjellerstedt
wrote:
>
> Rather than only updating the sha256sum and removing the md5sum, update
> all existing checksums. If the only existing
On Wed, 6 Dec 2023 at 20:46, Peter Kjellerstedt
wrote:
> Will changing that to:
>
> In addition to updating the sha256sum and removing the md5sum, update
> all other existing checksums. If the only existing checksum is md5sum, then
> replace it with the default expected checksums (currently only
Since I've seen Richard's reply and his reluctance to merge this,
this is mostly technical.
I would use either PW_DIR = "${sysconfdir}/pwdb" or PW_DIR:append = "/pwdb".
Using "/etc" (and other hardcoded paths) should be avoided wherever
possible.
//Peter
> -Original Message-
> From:
> -Original Message-
> From: Alexander Kanavin
> Sent: den 6 december 2023 20:26
> To: Peter Kjellerstedt
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH 8/9] devtool: upgrade: Update all existing
> checksums for the SRC_URI
>
> I mean, what possible
I mean, what possible reason there could be to keep them? None as far
as I can see.
Alex
On Wed, 6 Dec 2023 at 20:25, Alexander Kanavin wrote:
>
> We've been relying on this to actually remove md5sums on version
> updates, so please do not regress that.
>
> Alex
>
> On Wed, 6 Dec 2023 at 20:22,
We've been relying on this to actually remove md5sums on version
updates, so please do not regress that.
Alex
On Wed, 6 Dec 2023 at 20:22, Peter Kjellerstedt
wrote:
>
> Rather than only updating the sha256sum and removing the md5sum, update
> all existing checksums. If the only existing
If the build environment is setup using `repo`, then poky/.git/object
is a symbolic link rather than a directory. To clone such repositories,
the source path must be prefixed with "file://". This avoids the
following error:
fatal: failed to start iterator over '.../poky/.git/objects': Not a
To avoid potential problems due to global Git hooks, add --no-verify to
a `git commit --amend` command.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
* Avoid trying to write to read-only directories and file systems.
* Support symbolic links in BBPATH.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/recipetool.py | 25 +-
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git
This avoids the following error when using --no-extract, introduced in
commit 900129cbdf (devtool: add support for git submodules):
Traceback (most recent call last):
File ".../scripts/devtool", line 349, in
ret = main()
File ".../scripts/devtool", line 336, in main
ret =
Rather than including all SRC_URI checksums, include the ones that are
expected. These are the same as are output if no checksums are included
when building the recipe.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/recipetool.py | 19 ---
Before, a variable such as SRC_URI[sha512sum] would end up as:
SRC_URI[sha512sum] = "45ff3abce4dab24a8090409e6d7bb26afa7fa7812a51e067 \
28c2aa47d5b4de610d97ba4609cf13d9173087bd909fdf377235eee988a6fdcf52abb7 \
0341c40b5b"
when updated by patch_recipe_lines().
Signed-off-by: Peter Kjellerstedt
Rather than only updating the sha256sum and removing the md5sum, update
all existing checksums. If the only existing checksum is md5sum, then
replace it with the default expected checksums.
Signed-off-by: Peter Kjellerstedt
---
.../devtool/devtool-upgrade-test3_1.5.3.bb| 16 ++
* Avoid trying to write to read-only directories and file systems.
* Support symbolic links in BBPATH.
Signed-off-by: Peter Kjellerstedt
---
meta/lib/oeqa/selftest/cases/devtool.py | 25 -
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git
Rather than having a static list of crunched MD5 checksums for some of
the most common licenses, calculate it for all common licenses. This
should improve the identification of license text variantions.
Signed-off-by: Peter Kjellerstedt
---
scripts/lib/recipetool/create.py | 91
The recent Yocto Project Summit and the devtool hands-on class triggered
a couple of questions for me, and when I investigated them, I stumbled
upon a number of problems. This series of patches solves them.
The first four patches are needed for me to be able to execute the
devtool and recipetool
From: Jörg Sommer
The function `update_fstab` should not touch the fstab for partitions with
`--no-fstab-update`.
Signed-off-by: Jörg Sommer
---
scripts/lib/wic/plugins/imager/direct.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.11..go1.20.12
97c8ff8d53 (tag: go1.20.12, origin/release-branch.go1.20)
[release-branch.go1.20] go1.20.12
6446af942e [release-branch.go1.20] net/http: limit chunked data overhead
77397ffcb2 [release-branch.go1.20]
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.10..go1.20.11
1d0d4b149c (tag: go1.20.11) [release-branch.go1.20] go1.20.11
46fb781685 [release-branch.go1.20] path/filepath: fix various issues in parsing
Windows paths
998fdce3ae [release-branch.go1.20] net/http: pull http2
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.11..go1.20.12
97c8ff8d53 (tag: go1.20.12, origin/release-branch.go1.20)
[release-branch.go1.20] go1.20.12
6446af942e [release-branch.go1.20] net/http: limit chunked data overhead
77397ffcb2 [release-branch.go1.20]
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.10..go1.20.11
1d0d4b149c (tag: go1.20.11) [release-branch.go1.20] go1.20.11
46fb781685 [release-branch.go1.20] path/filepath: fix various issues in parsing
Windows paths
998fdce3ae [release-branch.go1.20] net/http: pull http2
From: Massimiliano Minella
zstd is dual-licensed under BSD _OR_ GPLv2. License wording in the
README for v1.5.5 is misleading, but license headers in the code clearly
state that there is a choice between the two licenses.
Signed-off-by: Massimiliano Minella
---
On Wed, Dec 6, 2023 at 4:02 AM wrote:
>
> Thank you for your submission. Patchtest identified one
> or more issues with the patch. Please see the log below for
> more information:
>
> ---
> Testing patch
> /home/patchtest/share/mboxes/dunfell-05-11-epiphany-fix-CVE-2022-29536.patch
>
> FAIL:
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/dunfell-11-11-cve-exclusion_5.4.inc-update-for-5.4.262.patch
FAIL: test commit message presence: Please include a
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/dunfell-05-11-epiphany-fix-CVE-2022-29536.patch
FAIL: test CVE tag format: Missing or incorrectly formatted CVE
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
8e221b47173d Linux 5.4.262
b053223b7cf4 netfilter: nf_tables: bogus EBUSY when deleting flowtable
after flush (for 5.4)
c35df8b8c572 netfilter: nf_tables: disable toggling
Signed-off-by: Steve Sakoman
---
.../linux/cve-exclusion_5.4.inc | 79 +++
1 file changed, 64 insertions(+), 15 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
index 4c17b701df..983424d427
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
87e8e7a7aa1f Linux 5.4.260
8b0ecf2167a0 tty: 8250: Add support for Intashield IS-100
6dd5561b2385 tty: 8250: Add support for Brainboxes UP cards
03145e0ff8ab tty: 8250: Add
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
02f78c59a0ed Linux 5.4.258
f70c285cf02c xen/events: replace evtchn_rwlock with RCU
e2614ab16a7e ima: rework CONFIG_IMA dependency block
b5c3bc4b8104 NFS: Fix a race in
From: Tim Orling
https://github.com/vim/vim/compare/v9.0.2068...v9.0.2130
CVE: CVE-2023-48231
CVE: CVE-2023-48232
CVE: CVE-2023-48233
CVE: CVE-2023-48234
CVE: CVE-2023-48235
CVE: CVE-2023-48236
CVE: CVE-2023-48237
Signed-off-by: Tim Orling
Signed-off-by: Alexandre Belloni
(cherry picked from
From: Lee Chee Yang
Ignore RHEL specific CVE-2021-20295 CVE-2023-2680.
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/qemu/qemu.inc | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
.../recipes-gnome/epiphany/epiphany_3.34.4.bb | 1 +
.../epiphany/files/CVE-2022-29536.patch | 46 +++
2 files changed, 47 insertions(+)
create mode 100644
From: Vivek Kumbhar
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../libsndfile1/CVE-2022-33065.patch | 46 +++
.../libsndfile/libsndfile1_1.0.28.bb | 3 +-
2 files changed, 48 insertions(+), 1 deletion(-)
create mode 100644
From: Ashish Sharma
Upstream-Status: Backport from
[https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
CVE: CVE-2023-28938
Signed-off-by: Ashish Sharma
Signed-off-by: Steve Sakoman
---
.../mdadm/files/CVE-2023-28938.patch | 80
From: poojitha adireddy
CVE-2022-47696 and CVE-2023-25588 are representing similar kind
of vulnerability.
Reference:
https://ubuntu.com/security/CVE-2022-47696
https://sourceware.org/bugzilla/show_bug.cgi?id=29677
Signed-off-by: poojitha adireddy
Signed-off-by: Steve Sakoman
---
Please review this set of changes for dunfell and have comments back by
end of day Friday, December 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6293
The following changes since commit 0764da7e3f1d71eb390e5eb8a9aa1323c24d1c19:
vim: use
From: poojitha adireddy
Upstream Repository: https://sourceware.org/git/binutils-gdb.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46174
Type: Security Fix
CVE: CVE-2021-46174
Score: 7.5
Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97
Signed-off-by:
> Look for the patchset '[RFC 0/7] bitbake-layers: Add
> update-layers-setup' posted on 7 November, particularly the comments
> to the individual patches, where we get to the design that should work
> and cover the use cases.
I had to work on some other issues that needed my attention,
so not too
On Wed, 6 Dec 2023 at 12:51, Andrey Zhizhikin wrote:
> > Unfortunately I have to say no to this. The problem is that this will
> > update to latest revisions on all the layers, which I believe is not
> > what people would want, as everything including poky etc. will be
> > shifting
Hello Alex,
On Wed, Dec 6, 2023 at 11:08 AM Alexander Kanavin
wrote:
>
> Unfortunately I have to say no to this. The problem is that this will
> update to latest revisions on all the layers, which I believe is not
> what people would want, as everything including poky etc. will be
> shifting
On Wed, Dec 6, 2023 at 8:56 AM Yu, Mingli wrote:
>
> From: Mingli Yu
>
> Add systemd-sshd-socket-mode PACKAGECONFIG option to choose sshd.socket
> and systemd-sshd-service-mode PACKAGECONFIG option to choose installing
> sshd.service.
>
> The systemd-sshd-socket-mode PACKAGECONFIG option is
Unfortunately I have to say no to this. The problem is that this will
update to latest revisions on all the layers, which I believe is not
what people would want, as everything including poky etc. will be
shifting uncontrollably.
Conceptually, I would not want oe-setup-layers to suffer from
On Wed, 6 Dec 2023 at 03:39, Changqing Li
wrote:
> The review comments that led to the revert are still valid, and this
> message does not address them. The concern was that the removal via
> rootfs postprocess is too late. If dnf leaves lock files around, they
> should be removed just after the
Current script implementation uses revisions recorded in JSON file to
replicate previously recorded setup. While this is useful for complete
layer setup reproducibility, this does not allow the setup "upgrade" where
this script can be used to use remote branch information and latest HEAD,
have the
Try to execute both gtk-update-icon-cache and
gtk4-update-icon-cache after checking whether the
commands are available.
This attempts to match what gtk-icon-cache.bbclass is doing.
This fixes running update_gtk_icon_cache during do_rootfs
for an image that contains only GTK4 related packages.
Try to execute both gtk-update-icon-cache and
gtk4-update-icon-cache after checking whether the
commands are available.
This attempts to match what gtk-icon-cache.bbclass is doing.
This fixes running update_gtk_icon_cache during do_rootfs
for an image that contains only GTK4 related packages.
From: Alexander Kanavin
This is required by latest webkit when built with x11 support.
(From OE-Core rev: 024edebf6f722ae4d05411be348730d9eeb3bd7c)
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
Signed-off-by: Claus Stovgaard
---
From: Narpat Mali
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. Calling `load_pem_pkcs7_certificates`
or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference
and segfault. Exploitation of this vulnerability poses a
From: Mingli Yu
Add systemd-sshd-socket-mode PACKAGECONFIG option to choose sshd.socket
and systemd-sshd-service-mode PACKAGECONFIG option to choose installing
sshd.service.
The systemd-sshd-socket-mode PACKAGECONFIG option is enabled by default
and user can customize the above two
From: Hongxu Jia
1. No chagne on license [1], original md5 is not right because
beginline=241 does not match
2. Fix two compile and one install failures
[1]
https://repo.or.cz/socat.git/blobdiff/c9ff62744f4140418f4edce7e395d1a30e9161b1..2da070164d454971d5c970b5278e645051f0d0f7:/README
From: Hongxu Jia
Drop obsolete autoconf-2.73.patch
Signed-off-by: Hongxu Jia
---
.../man-db/files/autoconf-2.73.patch | 24 ---
.../{man-db_2.11.2.bb => man-db_2.12.0.bb}| 4 ++--
2 files changed, 2 insertions(+), 26 deletions(-)
delete mode 100644
Le mar. 5 déc. 2023 à 17:27, Julien Stephan via lists.openembedded.org
a écrit :
>
> Le mar. 5 déc. 2023 à 16:45, Alexandre Belloni
> a écrit :
> >
> > On 05/12/2023 15:57:58+0100, Julien Stephan wrote:
> > > Le mar. 5 déc. 2023 à 08:50, Alexandre Belloni
> > > a écrit :
> > > >
> > > > Please
71 matches
Mail list logo