Re: [oe-core][kirkstone][PATCH 1/1] expat: fix CVE-2023-52425

On Fri, 2024-03-29 at 05:02 +, Meenali Gupta via lists.openembedded.org wrote: > +2.40.0 > diff --git a/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch > b/meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch > new file mode 100644 > index 00..8ca364e4eb > --- /dev/null >

[OE-core] [PATCH 3/3] readline: Apply patches from readline-8.2-patches

These patches are submitted/backported to 8.2 release and address issues reported by different distros. Signed-off-by: Khem Raj --- .../readline/readline/readline82-001.patch| 45 .../readline/readline/readline82-002.patch| 51 +

[OE-core] [PATCH 1/3] valgrind: Backport fixes from 3.22 branch

These fixes are helping some ptests on musl and 6.6 kernel Signed-off-by: Khem Raj --- py-regular-expressions-should-use-r.patch | 64 + ...ind-3.22.0-fails-on-assertion-when-l.patch | 147 .../0003-Add-fchmodat2-syscall-on-linux.patch | 221 ++

[OE-core] [PATCH 2/3] valgrind: Re-enable fixed test cases

These tests have been fixed in prior to 3.22 release Signed-off-by: Khem Raj --- meta/recipes-devtools/valgrind/valgrind_3.22.0.bb | 6 -- 1 file changed, 6 deletions(-) diff --git a/meta/recipes-devtools/valgrind/valgrind_3.22.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.22.0.bb

Re: [OE-core] [PATCH v5 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Do not add pending patches please. Upstream submission first. Even better if you can review already present patches and submit them too. Alex On Fri 29. Mar 2024 at 2.24, Dan McGregor wrote: > From: Daniel McGregor > > Add support for the nfsv4 user ID mapping daemon, configured with > a

[oe-core][kirkstone][PATCH 1/1] expat: fix CVE-2023-52425

From: Meenali Gupta libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52425 Signed-off-by: Meenali

[OE-core][dunfell][PATCH] tar: Fix for CVE-2023-39804

From: Vijay Anusuri Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 Signed-off-by: Vijay Anusuri --- .../tar/tar/CVE-2023-39804.patch | 64 +++ meta/recipes-extended/tar/tar_1.32.bb

[OE-core] [PATCH v5 2/3] nfs-utils: Use upstream systemd service files

From: Daniel McGregor Reduce diffs against upstream by using the service files provided by them. This reduces our dependence on patches that simply change the names of a service. This also changes the way some nfs options get set for systemd, it introduces the nfs.conf file for configuration,

[OE-core] [PATCH v5 1/3] nfs-utils: clean up startup

From: Daniel McGregor Change the sysvinit script to start at the S runlevel, this matches Debian, and prevents systemd from generating a unit file for it. Also have the nfsd systemd service request the nfsd kernel filesystem mountpoint. This avoids startup failures in unpriviled containers or

[OE-core] [PATCH v5 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

From: Daniel McGregor Add support for the nfsv4 user ID mapping daemon, configured with a sensible default, and add a packageconfig for Kerberos support. This is reasonably tested in production in our environment, but only systemd support. There'll be some more work to do to get GSSAPI and NFS

Re: [OE-core] [PATCH v4 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

On Thu, Mar 28, 2024, 17:39 Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Thu, 2024-03-28 at 17:17 -0600, Dan McGregor wrote: > > From: Daniel McGregor > > > > Add support for the nfsv4 user ID mapping daemon, configured with > > a sensible default, and add a packageconfig for

Re: [OE-core] [PATCH v4 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

On Thu, 2024-03-28 at 17:17 -0600, Dan McGregor wrote: > From: Daniel McGregor > > Add support for the nfsv4 user ID mapping daemon, configured with > a sensible default, and add a packageconfig for Kerberos support. > > This is reasonably tested in production in our environment, but only >

[OE-core] [PATCH v4 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

From: Daniel McGregor Add support for the nfsv4 user ID mapping daemon, configured with a sensible default, and add a packageconfig for Kerberos support. This is reasonably tested in production in our environment, but only systemd support. There'll be some more work to do to get GSSAPI and NFS

[OE-core] [PATCH v4 1/3] nfs-utils: clean up startup

From: Daniel McGregor Change the sysvinit script to start at the S runlevel, this matches Debian, and prevents systemd from generating a unit file for it. Also have the nfsd systemd service request the nfsd kernel filesystem mountpoint. This avoids startup failures in unpriviled containers or

[OE-core] [PATCH v4 2/3] nfs-utils: Use upstream systemd service files

From: Daniel McGregor Reduce diffs against upstream by using the service files provided by them. This reduces our dependence on patches that simply change the names of a service. This also changes the way some nfs options get set for systemd, it introduces the nfs.conf file for configuration,

[OE-core] NFSv4 with Kerberos and uid mapping

This patch series is functionall identical to v3, but hopefully my work email gets picked up. The previous series used the address I use for this mailing list :/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197610):

Re: [OE-core] [PATCH] gcc: Allow using libc++

On Thu, 28 Mar 2024 at 11:07, Dan McGregor via lists.openembedded.org wrote: > > On Thu, 28 Mar 2024 at 10:59, Khem Raj wrote: > > > > On Thu, Mar 28, 2024 at 9:29 AM Dan McGregor > > wrote: > > > > > > On Thu, 28 Mar 2024 at 10:11, Khem Raj wrote: > > > > > > > > On Thu, Mar 28, 2024 at 8:43 

[OE-core] Yocto status mailing list

Hi all, Following some discussions and suggestions to improve, the yocto-sta...@lists.yoctoproject.org mailing list has been created. It will serve as a low-traffic, high-density list aimed at those who want a big picture of things going on without getting overwhelmed by patches and their

[OE-core] [PATCH] gstreamer: upgrade 1.22.10 -> 1.22.11

From: Randy MacLeod Changelog: https://gstreamer.freedesktop.org/releases/1.22/#1.22.11 Change the Upstream-Status URL for patch: 0002-ssaparse-enhance-SSA-text-lines-parsing.patch since the bug tracker moved but the bug is not yet resolved. Signed-off-by: Randy MacLeod ---

[OE-core] [PATCH 3/4] linux-yocto/6.6: update to v6.6.23

From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 5c7587f69194 Linux 6.6.23 5ad5dcfd7543 x86/efistub: Don't clear BSS twice in mixed mode ae863aa18493 x86/efistub: Clear decompressor BSS in native EFI entrypoint

[OE-core] [PATCH 4/4] linux-yocto/6.6: update CVE exclusions (6.6.23)

From: Bruce Ashfield Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.lued...@uwalumni.com Subject: Update 25Feb24 Date: Sun, 25 Feb 2024 07:03:08 -0500 ] Signed-off-by: Bruce Ashfield ---

[OE-core] [PATCH 2/4] linux-yocto/6.6: nftables: ptest and cleanup tweaks

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/2 [ Author: William Lyu Email: william@windriver.com Subject: features/nf_tables: nft_objref is now builtin Date: Wed, 27 Mar 2024 08:52:14 -0700 Starting from kernel v6.2 (including all rc

[OE-core] [PATCH 0/4]: linux-yocto: pull request

From: Bruce Ashfield Richard, Take what you want from these for the upcoming release, if they don't make it in, they are all valid for a inclusion in -stable later. Bruce The following changes since commit ae7056844aa05a239384335a66684394e10290a6: README.hardware.md: add section on

[OE-core] [PATCH 1/4] linux-yocto/6.6: cfg: genericarm64 configuration updates

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/3 [ Author: Ross Burton Email: ross.bur...@arm.com Subject: bsp/genericarm64: enable support for Xilinx KV260 Date: Wed, 27 Mar 2024 17:08:08 + Add more config options so that the Xilinx KV260

Re: [OE-core][Patch v1 1/2] perf: fix build with latest kernel

On Tue, Mar 26, 2024 at 6:48 PM Bruce Ashfield wrote: > > > > On Tue, Mar 26, 2024 at 1:46 PM Bruce Ashfield > wrote: >> >> >> >> On Mon, Mar 25, 2024 at 6:21 AM wrote: >>> >>> From: Max Krummenacher >>> >>> Kernel commit 9eea8fafe33e ("libbpf: fix __arg_ctx type enforcement for >>>

Re: [OE-core][Patch v1 2/2] perf: tests: fix qa error, missing perl

On Tue, Mar 26, 2024 at 6:10 PM Richard Purdie wrote: > > On Mon, 2024-03-25 at 11:20 +0100, Max Krummenacher wrote: > > From: Max Krummenacher > > > > Kernel commit 61d348f1e96f ("perf testsuite: Add common output checking > > helpers") added with 6.9-rc1 added addional testscripts written in

[OE-core] [PATCH] curl: fix quoting when disabling flaky tests

From: Ross Burton The list of test labels to disable shouldn't be quoted, and this meant that tests were running when they should not. [ YOCTO #15268 ] Signed-off-by: Ross Burton --- meta/recipes-support/curl/curl/run-ptest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: [OE-core] [PATCH] gcc: Allow using libc++

On Thu, 28 Mar 2024 at 10:59, Khem Raj wrote: > > On Thu, Mar 28, 2024 at 9:29 AM Dan McGregor > wrote: > > > > On Thu, 28 Mar 2024 at 10:11, Khem Raj wrote: > > > > > > On Thu, Mar 28, 2024 at 8:43 AM Dan McGregor > > > wrote: > > > > > > > > With the addition of the C++ runtime setting

[OE-core] [PATCH] selftest/sstatetests: run CDN check twice, ignoring errors the first time

The current CDN isn't able to serve all objects on first request, and it was suggested to work around that by trying again: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15335#c16 Once CDN moves to a better location this can probably be reverted. [YOCTO #15335] Signed-off-by: Alexander

Re: [OE-core] [PATCH] gcc: Allow using libc++

On Thu, Mar 28, 2024 at 9:29 AM Dan McGregor wrote: > > On Thu, 28 Mar 2024 at 10:11, Khem Raj wrote: > > > > On Thu, Mar 28, 2024 at 8:43 AM Dan McGregor > > wrote: > > > > > > With the addition of the C++ runtime setting added recently, allow > > > gcc to use libc++ as its runtime. There's

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 24 Mar 2024 01:00:01 AM HST

On Mar 28, 2024, at 12:37, Alexander Kanavin wrote: > > On Thu, 28 Mar 2024 at 17:28, Marta Rybczynska wrote: >> I think you weren't there at the weekly meeting when we discussed >> that: it started around Feb 14th and I see that in my data >> (I have a daily report). >> >> To make the story

[OE-core] [PATCH] glib-2.0: skip a timing sensitive ptest

From: Ross Burton The /timeout/rounding test is sensitive to system load, as it expects timeouts to trigger in windows that on an idle system are realistic but not when running inside a qemu-system on a loaded system. [ YOCTO #14464 ] Signed-off-by: Ross Burton ---

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 24 Mar 2024 01:00:01 AM HST

On Thu, 28 Mar 2024 at 17:28, Marta Rybczynska wrote: > I think you weren't there at the weekly meeting when we discussed > that: it started around Feb 14th and I see that in my data > (I have a daily report). > > To make the story short: NVD is close to 0 activity since mid-February > and there

Re: [OE-core] [PATCH] gcc: Allow using libc++

On Thu, 28 Mar 2024 at 10:11, Khem Raj wrote: > > On Thu, Mar 28, 2024 at 8:43 AM Dan McGregor > wrote: > > > > With the addition of the C++ runtime setting added recently, allow > > gcc to use libc++ as its runtime. There's some minor fixes still > > required, such as allowing setting the

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 24 Mar 2024 01:00:01 AM HST

On Sun, Mar 24, 2024 at 3:11 PM Alexander Kanavin wrote: > > I’m getting slightly concerned, no new CVEs second week in a row? Did the > checker break? > I think you weren't there at the weekly meeting when we discussed that: it started around Feb 14th and I see that in my data (I have a daily

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 24 Mar 2024 01:00:01 AM HST

On Sun, Mar 24, 2024 at 3:25 PM Rich Persaud wrote: > > https://www.darkreading.com/cybersecurity-operations/nist-vuln-database-downshifts-prompting-questions-about-its-future > > > Next week, vulnerability researchers will gather for the VulnCon conference > > in Raleigh, N.C., where an "NVD

[OE-core] [PATCH 2/2] liberror-perl: move to meta-perl

The upstream maintainer for Error has deprecated it for quite some time [1]. The only dependency in oe-core was coreutils-ptest. [YOCTO #15461] [1] https://metacpan.org/pod/Error#WARNING Using the "Error" module is no longer recommended due to the black-magical nature of its syntactic

[OE-core] [PATCH 1/2] coreutils: drop obsolete liberror-perl RDEPENDS

The upstream maintainer for Error has deprecated it for quite some time [1]. There is no dependency in current coreutils tests for it. [YOCTO #15461] [1] https://metacpan.org/pod/Error#WARNING Using the "Error" module is no longer recommended due to the black-magical nature of its

[OE-core] [PATCH 0/2] Move liberror-perl to meta-perl

This perl package has not seen any updates since 2020. The upstream author of Error has deprecated it for quite some time. https://metacpan.org/pod/Error#WARNING 'Using the "Error" module is no longer recommended due to the black-magical nature of its syntactic sugar, which often tends

Re: [OE-core] [PATCH] gcc: Allow using libc++

On Thu, Mar 28, 2024 at 8:43 AM Dan McGregor wrote: > > With the addition of the C++ runtime setting added recently, allow > gcc to use libc++ as its runtime. There's some minor fixes still > required, such as allowing setting the unwinder library. But this > allows for testing libc++ with gcc. >

[OE-core] [PATCH v3 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Add support for the nfsv4 user ID mapping daemon, configured with a sensible default, and add a packageconfig for Kerberos support. This is reasonably tested in production in our environment, but only systemd support. There'll be some more work to do to get GSSAPI and NFS idmapd support

Re: [OE-core] [PATCH] recipeutils: use UPSTREAM_CHECK_URI in get_recipe_upstream_version

Unfortunately this isn't correct either. UPSTREAM_CHECK_URI is already checked by the wget fetcher to override the default (which is first entry in SRC_URI), so if you need it in other fetchers (e.g git), you should either add support for it there as well, or remove the code from wget fetcher at

[OE-core] Patchtest results for [PATCH v2 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/v2-3-3-nfs-utils-Configure-nfsv4-ID-mapping-Kerberos.patch FAIL: test Signed-off-by presence: A patch file has

[OE-core] [PATCH] gcc: Allow using libc++

With the addition of the C++ runtime setting added recently, allow gcc to use libc++ as its runtime. There's some minor fixes still required, such as allowing setting the unwinder library. But this allows for testing libc++ with gcc. Signed-off-by: Daniel McGregor ---

[OE-core] [PATCH v2 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Add support for the nfsv4 user ID mapping daemon, configured with a sensible default, and add a packageconfig for Kerberos support. This is reasonably tested in production in our environment, but only systemd support. There'll be some more work to do to get GSSAPI and NFS idmapd support

[OE-core] [PATCH] recipeutils: use UPSTREAM_CHECK_URI in get_recipe_upstream_version

Currently, get_recipe_upstream_version blindly takes the first entry in SRC_URI to see if the recipe is at the latest version. If UPSTREAM_CHECK_URI is specified in a recipe, it is probably what should be used to check for the latest version. Use that as the first check, otherwise default back

[OE-core] Patchtest results for [PATCH 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/3-3-nfs-utils-Configure-nfsv4-ID-mapping-Kerberos.patch FAIL: test Signed-off-by presence: A patch file has been

Re: [OE-core] [RFC] recipeutils: check for SRC_URI name in get_recipe_upstream_version

On Wed, Mar 27, 2024 at 4:31 PM Alexander Kanavin wrote: > > I wonder if adding another variable is really necessary if instead you > can set UPSTREAM_CHECK_URI to anything, including entries in SRC_URI? > What is the specific example where you ran into the issue? Wow, I feel stupid. You are

[OE-core] [PATCH 3/3] nfs-utils: Configure nfsv4 ID mapping & Kerberos

Add support for the nfsv4 user ID mapping daemon, configured with a sensible default, and add a packageconfig for Kerberos support. This is reasonably tested in production in our environment, but only systemd support. There'll be some more work to do to get GSSAPI and NFS idmapd support

[OE-core] [PATCH 2/3] nfs-utils: Use upstream systemd service files

Reduce diffs against upstream by using the service files provided by them. This reduces our dependence on patches that simply change the names of a service. This also changes the way some nfs options get set for systemd, it introduces the nfs.conf file for configuration, which all daemons already

[OE-core] [PATCH 1/3] nfs-utils: clean up startup

Change the sysvinit script to start at the S runlevel, this matches Debian, and prevents systemd from generating a unit file for it. Also have the nfsd systemd service request the nfsd kernel filesystem mountpoint. This avoids startup failures in unpriviled containers or other setups that don't

[yocto] New mailing list for layer patches

Hi, At the moment if a layer doesn’t have enough volume to justify a dedicated mailing list for patches (see, for example, meta-...@lists.yoctoproject.org ) then the convention is that the patches can be sent to yo...@lists.yoctoproject.org

[OE-core] [PATCH] populate_sdk_ext.bbclass: only overwirte lsb string if uninative is used

Overwriting the lsb string without inheriting from uninative causes shared state cache entries to end up in the wrong path where they are not beeing picked up by the extensible SDK environment. Signed-off-by: Timon Bergelt --- meta/classes-recipe/populate_sdk_ext.bbclass | 2 +- 1 file changed,

[OE-core] [kirkstone][PATCH 2/3] tiff: fix CVE-2023-52356 CVE-2023-6277

From: Lee Chee Yang import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277 import from http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz Signed-off-by: Lee Chee Yang --- .../libtiff/tiff/CVE-2023-52356.patch | 55 ++

[OE-core] [kirkstone][PATCH 3/3] python3-urllib3: update to v1.26.18

From: Tan Wen Yan https://github.com/urllib3/urllib3/releases/tag/1.26.18 Major changes in python3-urllib3 1.26.18: - Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (CVE-2023-45803) (cherry picked from OE-Core rev:

[OE-core] [kirkstone][PATCH 1/3] xwayland: fix CVE-2023-6816 CVE-2024-0408/0409

From: Lee Chee Yang fix CVE-2023-6816 CVE-2024-0408 CVE-2024-0409 Signed-off-by: Lee Chee Yang --- .../xwayland/xwayland/CVE-2023-6816.patch | 57 .../xwayland/xwayland/CVE-2024-0408.patch | 65 +++ .../xwayland/xwayland/CVE-2024-0409.patch | 47