On Mon, 15 Jan 2024, Randy MacLeod via lists.openembedded.org wrote:
> On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org wrote:
> > This is breaking meta-agl-core until this gets into meta-oe:
> >
> >
On Thu, 5 Oct 2023, Mike Crowe wrote:
> On Thursday 05 October 2023 at 11:16:29 -0400, Scott Murray wrote:
> > Debian's page at https://security-tracker.debian.org/tracker/CVE-2023-4911
> > indicates at the bottom that they're only vulnerable on their 2.31 based
>
On Thu, 5 Oct 2023, Steve Sakoman wrote:
> Hmmm ... does this build for you?
>
> I'm getting:
>
> ERROR: glibc-2.31+gitAUTOINC+2d4f26e5cf-r0 do_patch: Applying patch
> 'CVE-2023-4911.patch' on target directory
>
graphics backend options.
Signed-off-by: Scott Murray
---
scripts/runqemu | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index 36af764b1b..6e1f073ed2 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -182,6 +182,7 @@ class BaseConfig
The convert-spdx-licenses.py script needs the same file closing
fix as was made to convert-variable-renames to ensure modified
file contents get flushed out.
Signed-off-by: Scott Murray
---
scripts/contrib/convert-spdx-licenses.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts
. Adding an explicit close to flush the modified
contents out before moving into place fixes the issue for me.
Signed-off-by: Scott Murray
---
scripts/contrib/convert-variable-renames.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts/contrib/convert-variable-renames.py
b/scripts/contrib
Update the example BB_DISKMON_DIRS definitions in the sample
local.conf files for the rename of the "ABORT" action to "HALT",
and also update related error messages in one selftest to use
the new action name.
Signed-off-by: Scott Murray
---
meta/conf/local.conf.sample
On Mon, 7 Feb 2022, Joshua Watt wrote:
>
> On 2/7/22 14:33, Scott Murray wrote:
> > On Mon, 7 Feb 2022, Saul Wold wrote:
> >
> >> This patch will read the begining of source files and try to find
> >> the SPDX-License-Identifier to populate the licenseInfoInF
On Mon, 7 Feb 2022, Saul Wold wrote:
> This patch will read the begining of source files and try to find
> the SPDX-License-Identifier to populate the licenseInfoInFiles
> field for each source file. This does not populate licenseConcluded
> at this time, nor rolls it up to package level.
>
> We
On Thu, 9 Dec 2021, Joshua Watt wrote:
> Adds a PACKAGECONFIG option to use libsoup2 instead of libsoup3.
> Including libsoup2 and libsoup3 in the same process can cause strange
> runtime failures, and the latest release of each major version will
> cause the process to exit if either if both are
On Mon, 6 Dec 2021, Jon Mason wrote:
> This email is a follow-up from the session held on Friday at the
> OpenEmbedded Developer's Virtual Meeting (see
> https://www.openembedded.org/wiki/OEDVM_Nov_2021)
>
> The session was not recorded, but the slides can be found at
>
to avoid one source of this problem. It is believed
that in practice this should have little impact on overall performance.
Signed-off-by: Scott Murray
---
NOTE: Do not apply this without the prerequisite bitbake PR server
rework patches, see the bitbake-devel for the v6 patchset.
meta
On Tue, 15 Jun 2021, Bruce Ashfield wrote:
> On Tue, Jun 15, 2021 at 6:02 AM Ross Burton wrote:
> >
> > From: Matt Spencer
> >
> > We need to prevent systemd-network from managing veth interface when
> > using platforms like k3s as they control creation and management of the
> > interfaces.
>
>
down. Those tests are
currently not used for ptest or oe-selftest, so it is believed
their absence should not be problematic.
Signed-off-by: Scott Murray
---
.../files/0001-add-valid-fdt-check.patch | 36 ++
.../u-boot/files/CVE-2021-27097-1.patch | 71 +++
.../u-boot/files/CVE-2021
Apply patch from Debian to fix CVE-2021-26937.
Signed-off-by: Scott Murray
---
.../screen/screen/CVE-2021-26937.patch| 68 +++
meta/recipes-extended/screen/screen_4.8.0.bb | 1 +
2 files changed, 69 insertions(+)
create mode 100644 meta/recipes-extended/screen/screen
Backport fixes for CVE-2020-8432 and CVE-2020-10648 from upstream.
Signed-off-by: Scott Murray
---
.../u-boot/files/CVE-2020-10648-1.patch | 98 +++
.../u-boot/files/CVE-2020-10648-2.patch | 52
.../u-boot/files/CVE-2020-8432.patch | 114
On Tue, 16 Feb 2021, Lee Chee Yang wrote:
> From: Lee Chee Yang
>
> release notes:
> https://www.sudo.ws/legacy.html#1.8.32
>
> updates include fixes for
> CVE-2021-23239
> CVE-2021-23240
>
> Also backport patch to fix build error with musl
>
> Signed-off-by: Lee Chee Yang
Please also mention
On Sun, 7 Feb 2021, saloni wrote:
> CVE-2000-0006 is not a valid bug number nor an alias to a bug
> and no remedy for the CVE is available till now. Hence, can be
> marked whitelisted.
>
> Signed-off-by: Saloni Jain
> ---
> meta/recipes-devtools/strace/strace_5.10.bb | 3 +++
> 1 file changed,
On Sat, 6 Feb 2021, Richard Purdie wrote:
> From: Ross Burton
>
> After too many years, autoconf has made a new release. On the whole it
> is compatible with previous releases, but some macros are more specific
> about what they expose so minor tweaks to configure.ac may be required.
>
>
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-25013
* upstream tracking: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
* patch from upstream:
https://sourceware.org/git/?p=glibc.git;a=patch;
h=ee7a3144c9922808181009b7b3e50e852fb4999b
Signed-off-by: Scott Murray
A couple of hopefully straightforward fixes to knock some CVEs off the
unpatched list. The grub change does not add a patch but fixes the existing
"CVE:" line in a patch so all the associated CVEs will be picked up as patched.
Scott Murray (2):
grub: fix "CVE:" line i
Signed-off-by: Scott Murray
---
...1-malloc-Use-overflow-checking-primitives-where-we-do-.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/meta/recipes-bsp/grub/files/CVE-2020-14309-CVE-2020-14310-CVE-2020-14311-malloc-Use-overflow-checking-primitives-where-we-do-.patch
b/me
-off-by: Scott Murray
---
.../patch/patch/CVE-2019-20633.patch | 31 +++
meta/recipes-devtools/patch/patch_2.7.6.bb| 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-devtools/patch/patch/CVE-2019-20633.patch
diff --git a/meta/recipes-devtools
On Tue, 23 Jun 2020, Chris Laplante via lists.openembedded.org wrote:
> > > Does anyone know what the intended audience is for the Developer Day
> > presentations? E.g. would someone who uses bitbake day-to-day but perhaps
> > doesn't edit recipes benefit?
> > >
> >
> > I would say look at the
generated image header destination to B instead of S
since that now works after the recent makefile changes, and will
avoid unnecessarily polluting the source tree
Signed-off-by: Scott Murray
---
meta/recipes-core/psplash/files/psplash-start.service | 1 +
meta/recipes-core/psplash/pspl
On Fri, 13 Sep 2019, akuster808 wrote:
> On 9/13/19 3:28 PM, Scott Murray wrote:
> > On Sat, 14 Sep 2019, Adrian Bunk wrote:
> >
> >> On Fri, Sep 13, 2019 at 05:58:09PM -0400, Scott Murray wrote:
[snip]
>
> When your happy with the series, I will through it on A
-wait.h.patch
0003-src-basic-copy.c-include-signal.h.patch
0004-src-shared-cpu-set-util.h-add-__cpu_mask-definition.patch
Also applied libc-glibc over-ride to pkg_postinst and pkg_prerm function
definitions, as musl does not provide nsswitch.conf.
Signed-off-by: Scott Murray
---
...ystemd-boot_242.bb
On Sat, 14 Sep 2019, Adrian Bunk wrote:
> On Fri, Sep 13, 2019 at 05:58:09PM -0400, Scott Murray wrote:
> >...
> > --- /dev/null
> > +++
> > b/meta/recipes-core/systemd/systemd/0002-src-login-brightness.c-include-wait.h.patch
> > @@ -0,0 +1,25 @@
> > +In
-wait.h.patch
0003-src-basic-copy.c-include-signal.h.patch
0004-src-shared-cpu-set-util.h-add-__cpu_mask-definition.patch
Also applied libc-glibc over-ride to pkg_postinst and pkg_prerm function
definitions, as musl does not provide nsswitch.conf.
Signed-off-by: Scott Murray
---
...ystemd-boot_242.bb
-wait.h.patch
0003-src-basic-copy.c-include-signal.h.patch
0004-src-shared-cpu-set-util.h-add-__cpu_mask-definition.patch
Also applied libc-glibc over-ride to pkg_postinst and pkg_prerm function
definitions, as musl does not provide nsswitch.conf.
Signed-off-by: Scott Murray
---
...ystemd-boot_242.bb
On Thu, 29 Jun 2017, Richard Purdie wrote:
> On Wed, 2017-06-28 at 13:38 -0400, Scott Murray wrote:
> > On Mon, 19 Jun 2017, Richard Purdie wrote:
> >
> > >
> > > I suspect this has been missed by some people so I want to spell it
> > > ou
On Mon, 19 Jun 2017, Richard Purdie wrote:
> I suspect this has been missed by some people so I want to spell it
> out. We have our first CVE in OE-Core itself.
>
> The issue is limited to binary ipks potentially exposing sensitive
> information through the "Source:" field which contained the
32 matches
Mail list logo
