PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
Signed-off-by: virendra thakur
---
From: Vijay Anusuri
* CVE-2023-6683: not affected, introduced in v6.1.0-rc0
* CVE-2023-6693: not affected, introduced in v5.1.0-rc0
* CVE-2023-42467: not affected, introduced in v7.1.0-rc0 & v7.1.0-rc2
* CVE-2024-24474: not affected, introduced in v6.0.0-rc0
* CVE-2024-26328: not affected,
yes I am aware of it.
On Thu, Mar 21, 2024 at 3:08 PM Alexandre Belloni
wrote:
>
> Hello,
>
> This report should have gone to the openembedded-devel mailing list as
> libcamera is in meta-oe. But I guess Khem will have a look anyway.
>
>
> On 20/03/2024 09:10:05-0700, Joel Winarske wrote:
> > In
Hello,
This report should have gone to the openembedded-devel mailing list as
libcamera is in meta-oe. But I guess Khem will have a look anyway.
On 20/03/2024 09:10:05-0700, Joel Winarske wrote:
> In master there is a problem running the libcamera "cam" app on a RISC-V
> device:
>
> *** stack
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/2-2-tcl-skip-I-O-channel-46.1.patch
FAIL: test bugzilla entry format: Bugzilla issue ID is not correctly formatted
From: Joe Slater
Some BSPs only provide information to construct a
predictable network interface named based on a mac
address, so we enable that NamePolicy option.
This policy has been adopted for sysvinit as of
commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0.
Signed-off-by: Joe Slater
---
From: Ross Burton
By setting ERROR_ON_FAILURES we don't need to grep the output to know
if the tests failed. By default the log runner will print the failed
test case, so we don't need to store the log at all.
Set the skipped tests across multiple lines so that it's easier to see
what skips
From: Ross Burton
This test, which is in both the io and chanio test suites, has short
timeouts which can trigger on loaded systems.
[ YOCTO #15407 #15421 ]
Signed-off-by: Ross Burton
---
meta/recipes-devtools/tcltk/tcl/run-ptest | 2 ++
1 file changed, 2 insertions(+)
diff --git
Upstream contains the patches that were being carried here.
Signed-off-by: Trevor Woerner
---
meta/recipes-support/bmaptool/bmaptool_git.bb | 12 +--
.../0001-BmapCopy.py-fix-error-message.patch | 36
...fix-block-device-udev-race-condition.patch | 83 ---
On a machine without the file command, the SDK install fails with a
cryptic error message.
```
xargs: file: No such file or directory
sed: no input files
Failed to replace perl. Relocate script failed. Abort!
```
Add a test for 'file' to print a clear error message.
```
The command 'file' is
On a machine without the file command, the SDK install fails with a
cryptic error message.
```
xargs: file: No such file or directory
sed: no input files
Failed to replace perl. Relocate script failed. Abort!
```
Add a test for 'file' to print a clear error message.
```
The command 'file' is
Thanks Alexandre,
On 3/21/2024 10:19 AM, Alexandre Belloni wrote:
Hello Tom,
On 16/03/2024 12:35:58-0500, Tom Hochstein wrote:
On a machine without the file command, the SDK install fails with a
cryptic error message.
```
xargs: file: No such file or directory
sed: no input files
Failed to
unset i j
---
base-commit: 94f99434eff15a92cfdc2dce423d32a1b74aab39
change-id: 20240321-u-boot-defconfig-devtool-905683a1bedc
Best regards,
--
Quentin Schulz
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197422):
https://lists.openembedded.org/g/openemb
On 20 Mar 2024, at 16:08, Emil Kronborg via lists.openembedded.org
wrote:
>
> By specifying the CVE vendor as python, some CVEs are not found. For
> instance, the CVE_PRODUCT for python3-pyopenssl becomes
> python:pyopenssl, which yields no matches in the NIST NVD database
> because the correct
On 20 Mar 2024, at 16:08, Emil Kronborg via lists.openembedded.org
wrote:
>
> Having only file as the CVE product is too generic. What we actually
> want is file from file_project to match the correct CVE(s).
There’s also file:file, for example
https://nvd.nist.gov/vuln/detail/CVE-2007-2799.
On 20 Mar 2024, at 16:09, Emil Kronborg via lists.openembedded.org
wrote:
>
> For some reason, the CVE product is just called py and not pytest in the
> NIST NVD database. Since the database only accept keywords with at least
> 3 characters, the CVE vendor must also be specified.
I can only
When systemd is enabled, we can get into a race condition
between run-postinsts and systemctl restarting services.
If we fail to create the lock file (or fd), then
sleep 10 seconds and retry up to 5 times.
[YOCTO #15428]
Patch submitted upstream to opkg:
If you have any patches you would like to submit for dunfell before
it goes EOL, please do so now!
I'll be taking patches until around April 8 in preparation for an
April 15 build.
Steve
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197417):
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/llvm-Upgrade-to-18.1.2-bugfix-release.patch
FAIL: test commit message presence: Please include a commit message on
Signed-off-by: Khem Raj
---
meta/recipes-devtools/llvm/llvm_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb
b/meta/recipes-devtools/llvm/llvm_git.bb
index 8086c9e2eb9..e1d5fc47a1f 100644
---
Hello Tom,
On 16/03/2024 12:35:58-0500, Tom Hochstein wrote:
> On a machine without the file command, the SDK install fails with a
> cryptic error message.
>
> ```
> xargs: file: No such file or directory
> sed: no input files
> Failed to replace perl. Relocate script failed. Abort!
> ```
>
>
On Wed, 2024-03-20 at 16:09 +, Emil Kronborg via
lists.openembedded.org wrote:
> For some reason, the CVE product is just called py and not pytest in
> the
> NIST NVD database. Since the database only accept keywords with at
> least
> 3 characters, the CVE vendor must also be specified.
>
>
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly, as exploited in
the wild in August through October 2023.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Hi All,
QA for yocto-4.0.17.rc1 is completed. This is the full report for this release:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
=== Summary
No high milestone defects.
No new issue found.
Thanks,
Jing Hui
>
24 matches
Mail list logo