How are you making the list? I think this might be somewhat sped up,
if you first grep
${WORKDIR}/packages-split/openssl-ptest/usr/lib/openssl/ptest/test/
(and util/perl/OpenSSL/ as well) for "^use " and transform the output
lines into 'perl-module-something'. Then try it on the target in qemu
to
From: Ranjitsinh Rathod
OS command injection might occur if a user name or host name has shell
metacharacters, and this name is referenced by an expansion token in
certain situations. For example, an untrusted Git repository can have a
submodule with shell metacharacters in a user name or host
From: Yogita Urade
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
On Thu, Jan 18, 2024 at 02:19:09AM +, Jamin Lin wrote:
> > -Original Message-
> > From: Tom Rini
> > Sent: Wednesday, January 17, 2024 10:37 PM
> > To: Jamin Lin
> > Cc: openembedded-core@lists.openembedded.org
> > Subject: Re: [PATCH] uboot-sign: support to load optee-os and TFA
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
.../libtiff/files/CVE-2023-6228.patch | 30 +++
From: Vijay Anusuri
Updated 0012-fix-libcap-header-issue-on-some-distro.patch to resolve
patch fuzz caused by the CVE-2023-2861 patch
Upstream-Status: Backport
[https://gitlab.com/qemu-project/qemu/-/commit/a5804fcf7b22fc7d1f9ec794dd284c7d504bd16b
&
From: Peter Marko
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
From: Vijay Anusuri
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
*
From: Vijay Anusuri
Upstream-Status: Backport
[https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255
&
https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3
&
https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807
&
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve
Please review this set of changes for dunfell and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6460
The following changes since commit b3dd6852c0d6b8aa9b36377d7024ac95062e8098:
> -Original Message-
> From: Tom Rini
> Sent: Wednesday, January 17, 2024 10:37 PM
> To: Jamin Lin
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [PATCH] uboot-sign: support to load optee-os and TFA images
>
> On Tue, Jan 16, 2024 at 07:37:04PM -0800, Jamin Lin wrote:
>
From: Vijay Anusuri
Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a]
Signed-off-by: Vijay Anusuri
---
.../openssh/openssh/CVE-2023-51385.patch | 96 +++
.../openssh/openssh_8.2p1.bb |
Changelog:
* ping
- fix: Restore -i0 (commit: 7a51494, PR: #519, regression from 2a63b94)
* localization
- Updated Turkish and Indonesian
- 100% translated: Chinese (Simplified), Czech, French, Georgian, German,
Korean, Portuguese (Brazil), Turkish, Ukrainian
- > 90% translated: Finnish,
From: Fabio Estevam
Update to the 20240117 release.
Signed-off-by: Fabio Estevam
---
.../iputils/{iputils_20231222.bb => iputils_20240117.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/iputils/{iputils_20231222.bb =>
iputils_20240117.b
Three further patches were merged to upstream libtool, update the patch
status to Backport.
Signed-off-by: Richard Purdie
---
.../libtool/0001-ltmain.in-Parse-additional-clang-options.patch | 2 +-
.../libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch | 2 +-
I have iteratively added the following 45 modules, and I still not at the point
of covering all perl-module-* dependencies for openssl-test. Should I continue
on with this effort? Using "perl-module-force-all" is a lot more convenient
without conflicting with any existing usage of
OK, good to know. I mostly use gitk and it doesn't do a good job at
following renames, so I thought that was the reason for this file
structure.
Etienne
On Wed, Jan 17, 2024 at 6:26 PM Ross Burton wrote:
>
> On 17 Jan 2024, at 17:19, Etienne Cordonnier wrote:
> >
> > Hi Ross,
> > I thought the
On 17/01/2024 19:19:28+, Simone Weiß wrote:
> I see, the warning is correct and a fix should be applied to meta-
> oe/recipes-core/opencl/ocl-icd_2.3.2.bb for this, I will send out a
> patch for this as well. Afterwards this should be fixed implicitly.
> Just one question: Which branch is
From: Simone Weiß
Fixes [YOCTO #12388]
QEMUs documentation does recommend to not use n270 and core2duo as
an argument to -cpu anymore. See also the QEMU documentation for this at
[0].
Update therefore the QEMU cpu option for the core2duo tune to Nehalam.
Tested it locally with QEMU and KVM.
Hi,
On Wed, 2024-01-17 at 00:29 +0100, Alexandre Belloni via
lists.openembedded.org wrote:
> Hello,
>
> This causes warnings for meta-aws:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/122/builds/3840/steps/12/logs/warnings
>
> On 14/01/2024 17:19:03+, Simone Weiß wrote:
> >
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/v2-1-1-eudev-modify-predictable-network-if-name-search.patch
FAIL: test Upstream-Status presence: Upstream-Status
From: Joe Slater
Consider a name based on mac address in addition to
those based on slot or path.
Note that as of this commit predictable naming is
suppressed by eudev, but can be enabled by removing
/etc/udev/rules.d/80-net-name-slot.rules from the
root filesystem.
Signed-off-by: Joe Slater
On Wed, Jan 17, 2024 at 7:07 AM Ross Burton wrote:
>
> From: Ross Burton
>
> musl doesn't support riscv32, so set COMPATIBLE_HOST appropriately.
>
> Signed-off-by: Ross Burton
> ---
> meta/recipes-core/musl/musl.inc | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git
Qi, according to the comments in the perl_5.38.2.bb recipe, perl-modules
recommends "all the other perl packages" which might include optional packages.
I assume leaving optional packages as "runtime recommended" (RRECOMMENDS) -
aka. soft dependencies - can reduce the possibility of conflicts.
On 17 Jan 2024, at 17:19, Etienne Cordonnier wrote:
>
> Hi Ross,
> I thought the main reason of having .inc files was to have a stable git
> history, since the bb files get constantly renamed with each update? There
> are many recipes using a split .inc file without a need for it, so I assumed
Use STAGING_BASE_LIBDIR_NATIVE for the value of base_libdir instead of
STAGING_LIBDIR_NATIVE. This will avoid conflicts between the two
directories.
Signed-off-by: William Hauser
---
meta/classes-recipe/native.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Hi Ross,
I thought the main reason of having .inc files was to have a stable git
history, since the bb files get constantly renamed with each update? There
are many recipes using a split .inc file without a need for it, so I
assumed this is the standard codestyle of poky? Is it not the case?
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-3-7-sqlite3-backport-patch-for-CVE-2023-7104.patch
FAIL: test CVE check ignore: CVE_CHECK_IGNORE is
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-4-7-zlib-ignore-CVE-2023-6992.patch
FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-6-7-cpio-upgrade-to-2.14.patch
FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-1-7-openssl-Backport-fix-for-CVE-2023-6129.patch
FAIL: test CVE check ignore: CVE_CHECK_IGNORE is
On Wed, Jan 17, 2024 at 1:47 AM Hitendra Prajapati via
lists.openembedded.org
wrote:
>
> Upstream-Status: Backport from
> https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db
>
> Signed-off-by: Hitendra Prajapati
> ---
> .../openssl/openssl/CVE-2023-6237.patch
On Wed, Jan 17, 2024 at 6:54 AM Alexandre Belloni via
lists.openembedded.org
wrote:
>
> Hello,
>
> This causes failures on the autobuilders:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4241/steps/12/logs/stdio
>
From: Martin Jansa
scripts/pybootchartgui/pybootchartgui/draw.py:820: SyntaxWarning: "is not" with
a literal. Did you mean "!="?
if (OPTIONS.show_pid or OPTIONS.show_all) and ipid is not 0:
scripts/pybootchartgui/pybootchartgui/draw.py:918: SyntaxWarning: "is not" with
a literal. Did you
From: Soumya Sambu
This includes fix for CVE-2023-7207.
Drop all submitted patches.
Apply a patch from git to fix the build with clang.
[ YOCTO #11674 ]
$git log --oneline release_2_13..v2.14
4a41909 (HEAD, tag: v2.14) Version 2.14
6f9e5d3 Update NEWS
807b3ea Use GNU ls algorithm for
From: Hitendra Prajapati
Upstream-Status: Backport from
https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../systemd/systemd/CVE-2023-7008.patch | 40 +++
From: Peter Marko
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
From: Peter Marko
Backport https://sqlite.org/src/info/0e4e7a05c4204b47
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
.../sqlite/files/CVE-2023-7104.patch | 44 +++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
2 files changed, 45 insertions(+)
From: Poonam Jadhav
This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.
CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link:
From: Vivek Kumbhar
Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/8d847a3ffd4f0b17ee33962cf69c36224925b34f]
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../openssl/openssl/CVE-2023-6129.patch | 113 ++
Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458
The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/2-4-libunwind-merge-.inc-and-.bb.patch
FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM
From: Ross Burton
0001-src-Gtrace-remove-unguarded-print-calls.patch has been merged, so
update the Upstream-Status.
0003-x86-Stub-out-x86_local_resume.patch has been hopefully obsoleted by
the use of libucontext, remove.
Split 004-Fix-build-on-mips-musl.patch into two, as there's two
From: Ross Burton
There's no need to these to be split, so merge them together.
Signed-off-by: Ross Burton
---
meta/recipes-support/libunwind/libunwind.inc | 23 ---
.../libunwind/libunwind_1.6.2.bb | 28 +--
2 files changed, 25 insertions(+), 26
From: Ross Burton
Add a PACKAGECONFIG for the support for zlib-compressed debuginfo.
There's no need to explicitly enable reading of .debug_frame segments as
this is enabled automatically for arm/aarch64.
Enable static globally, there's not much to gain by making this
musl-specific.
Don't
From: Ross Burton
musl doesn't support riscv32, so set COMPATIBLE_HOST appropriately.
Signed-off-by: Ross Burton
---
meta/recipes-core/musl/musl.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/musl/musl.inc b/meta/recipes-core/musl/musl.inc
index
From: Jermain Horsman
This includes a simple test which creates a layer setup using
custom references, and subsequently modifies the resulting layers
setup using a different custom reference.
Signed-off-by: Jermain Horsman
---
meta/lib/oeqa/selftest/cases/bblayers.py | 53
From: Jermain Horsman
This creates a new layers setup with, or, modifies an existing layers
setup using, one or more repositories where the references are provided
by the user.
This is a very minimal implementation, no validation of any reference
is done and it is left to the user to provide a
Hello,
This causes failures on the autobuilders:
https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4241/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8438/steps/11/logs/stdio
New ptest failures:
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6163/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/5977/steps/12/logs/stdio
On 15/01/2024 16:57:25+0800, wangmy wrote:
> From: Wang Mingyu
>
>
New ptest failures:
https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/5977/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6163/steps/12/logs/stdio
On 15/01/2024 17:26:40+0800, wangmy wrote:
> From: Wang Mingyu
>
> Changelog:
> Bugfix
On Tue, Jan 16, 2024 at 07:37:04PM -0800, Jamin Lin wrote:
> Hi Alexander,
>
> One more thing, So far, bitman only support hash 256.
What hashing algorithm would you like to be using instead? We can always
include more and better options with configuration as needed.
--
Tom
Our patches were rather out of sync, update the line offsets to match the
current
patchset/underlying code.
Signed-off-by: Richard Purdie
---
...-trailing-slashes-on-install-command.patch | 4 ++--
...e-the-with-sysroot-option-to-avoid-c.patch | 19 ++-
The sysroot path cleanup change was reworked after discussion/review upstream.
It
appeared there were two different changes in one of our patches so separate out
the second one and mark as inappropriate as it is unlikely upstream would take
such a change in defaults. We need further investigation
Several patches merged upstream, mark as such.
Signed-off-by: Richard Purdie
---
...9-Makefile.am-make-sure-autoheader-run-before-autoconf.patch | 2 +-
...0-Makefile.am-make-sure-autoheader-run-before-automake.patch | 2 +-
...2-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch | 2 +-
The patches were submitted upstream and adjusted after discussion. Update to
match
the changes requested.
Signed-off-by: Richard Purdie
---
...in.in-Parse-additional-clang-options.patch | 31 +++
...-prefix-map-compiler-options-correct.patch | 31 ---
2 files
Update the patch to match the version merged upstream.
Signed-off-by: Richard Purdie
---
...tool-Fix-support-for-NIOS2-processor.patch | 81 +--
1 file changed, 38 insertions(+), 43 deletions(-)
diff --git
On Thu, 11 Jan 2024 at 15:15, Alexander Kanavin wrote:
>
> shadow 4.14.x adds a number of libraries it dynamically links with
> (md, bsd, attr). This causes troubles in setscene tasks where
> shadow executables are used (such as useradd), as pulling in
> the needed dynamic libraries needs
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-PATCHv2-openssl-fix-CVE-2023-6237-Excessive-time-spent-checking-invalid-RSA-public-keys.patch
FAIL: test
Upstream-Status: Backport from
https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db
Signed-off-by: Hitendra Prajapati
---
.../openssl/openssl/CVE-2023-6237.patch | 127 ++
.../openssl/openssl_3.0.12.bb | 3 +-
2 files
From: Thomas Perrot
This release has:
- Synopsys DesignWare APB GPIO driver
- Zicntr and Zihpm support
- Console print improvements
- Smepmp support
- Simple FDT based syscon regmap driver
- Syscon based reboot and poweroff driver
- Non-contiguous hpm counters
- Smcntrpmf support
- Full sparse
On Tue, 16 Jan 2024, Richard Purdie wrote:
> On Tue, 2024-01-16 at 09:23 -0500, Robert P. J. Day wrote:
> > a very weird question, to be sure, but i literally just ran across a
> > recipe that does the following (i will paraphrase some stuff to
> > protect the innocent).
> >
> > the recipe
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/meta-oe-1-2-buildstats-consider-multiconfigs-when-collecting-statistics..patch
FAIL: test target mailing list:
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/meta-oe-2-2-buildstats-support-of-custom-disk-usage-command.patch
FAIL: test target mailing list: Series sent to
When multiconfigs are used, statistics for the same package name but
from the different multiconfigs is collected into the same file.
This causes incorrect charts generated with pybootchartgui, when
only the most recent part of statistics is shown.
This patch adds custom multiconfig prefix to
Isar project (https://github.com/ilbers/isar) borrows from OE
some functionality including buildstats.
Here are the changes that are mostly suitable to use in Isar but
they should not break anything in OE/Yocto.
Uladzimir Bely (2):
buildstats: consider multiconfigs when collecting statistics.
This helps to make buildstats code usage easier in third-party projects
like Isar (https://github.com/ilbers/isar/). In Isar, rootfs is created
with 'sudo' privileges and some subpaths like '/proc' may be mounted at
build time. So, using "du -sh" on rootfs may produces multiple
'Permission denied'
Hi Meenali Gupta,
Already CVE-2023-48795 patch for openssh recipe has been merged to
kirkstone branch.
Please find the below links
https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut=df5dc8d67e67a2aebf1a552c3e22374e305270bf
69 matches
Mail list logo