Yes, this looks suspicious to me as well. If the tools are absent you need
to investigate why they are absent; skipping the tools execution is just
sweeping the problem under the carpet, not fixing it.
Alex
On Wed, 26 Jun 2019 at 04:15, ChenQi wrote:
> Under which circumstances will the tools
== Series Details ==
Series: cve-update-db: Manage proxy if needed.
Revision: 1
URL : https://patchwork.openembedded.org/series/18358/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been
From: Joerg Hofrichter
Date: Wed, 26 Jun 2019 10:30:34 +0200
Subject: [PATCH] systemd: fix build with resolved enabled
Signed-off-by: Joerg Hofrichter
---
...e-also-add-missing.h-needed-for-musl.patch | 25 +++
meta/recipes-core/systemd/systemd_242.bb | 2 +-
2 files
Fixed:
MACHINE = "qemux86-64"
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
$ bitbake core-image-minimal
update-alternatives: libtool has multiple providers with the same priority,
please check
The following changes since commit 4bb3e8f98e2bbfcb20f1b32d2b7674d1a6cb47be:
local.conf.sample.extended: remove redundant RUNTIMETARGET assignment
(2019-06-24 17:32:37 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib rbt/multilib
From: Pierre Le Magourou
To be able to populate NVD database on a fetchall
(bitbake --run-all=fetch), set the do_populate_cve_db task to be
executed before do_fetch.
Signed-off-by: Pierre Le Magourou
---
meta/recipes-core/meta/cve-update-db.bb | 3 +--
1 file changed, 1 insertion(+), 2
== Series Details ==
Series: systemd: fix build with resolved enabled
Revision: 1
URL : https://patchwork.openembedded.org/series/18353/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been
On 2019年06月25日 20:23, Matt Madison wrote:
On Fri, Jun 21, 2019 at 2:08 AM Yu, Mingli wrote:
Hi Matt,
I noticed your commit is the latest update for go-dep ptest. But the
go-dep ptest doesn't work in my environment. I'm trying to figure out
what's wrong is here though I didn't know much
From: Pierre Le Magourou
If https_proxy environment variable is defined, manage proxy to be able
to download meta and json data feeds from https://nvd.nist.gov
Signed-off-by: Pierre Le Magourou
---
meta/recipes-core/meta/cve-update-db.bb | 11 +--
1 file changed, 9 insertions(+), 2
On Wed, Jun 26, 2019 at 2:02 AM Yu, Mingli wrote:
>
>
>
> On 2019年06月25日 20:23, Matt Madison wrote:
> > On Fri, Jun 21, 2019 at 2:08 AM Yu, Mingli wrote:
> >>
> >> Hi Matt,
> >>
> >> I noticed your commit is the latest update for go-dep ptest. But the
> >> go-dep ptest doesn't work in my
On Wednesday 26 June 2019 at 15:21:08 +0100, Mike Crowe wrote:
> It looks like not all the parts required for fixing CVE-2011-5325 made
> it into oe-core master before the recipe was upgraded to the upstream
> fixed version.
>
> The partial fix meant that symlinks deemed unsafe enough to delay
It looks like not all the parts required for fixing CVE-2011-5325 made
it into oe-core master before the recipe was upgraded to the upstream
fixed version.
The partial fix meant that symlinks deemed unsafe enough to delay were
never actually realized. This backport from upstream fixes the
== Series Details ==
Series: busybox: Include complete fix for CVE-2011-5325
Revision: 1
URL : https://patchwork.openembedded.org/series/18360/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have
The patch doesn't have an Upstream-Status tag, and at no point do you
explain in the log that this is for musl, and results in resolved
being enabled in musl builds.
Ross
On Wed, 26 Jun 2019 at 09:36, Jörg Hofrichter wrote:
>
> From: Joerg Hofrichter
> Date: Wed, 26 Jun 2019 10:30:34 +0200
>
Building lttng-modules for a "lib32" multilib, then changing to a "lib64"
multilib with "lib32" removed doesn't rebuild lttng-modules.
This is due to the multilib pieces in RPROVIDES being added after RecipeParsed
which is after the signatures are generated.
Changing this to RecipeTaskPreProcess
On Wed, 2019-06-26 at 13:33 -0400, Sinan Kaya wrote:
> Here is my investigation:
>
> The intercepts are executed on QEMU during cross-compilation using
> qemu-wrapper.
>
> I see that the tools were built for the native architecture but
> of course they do not exist on the target image and I have
The systemd-journald process doesn't restart/change the way syslog
does, don't test/error in this case.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/runtime/cases/oe_syslog.py | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/oe_syslog.py
We're seeing races on the autobuilder where syslogd fails to shut down
fast enough to be restarted leading to failures.
Add some checks to ensure when restarting that processes exit before
being restarted.
Signed-off-by: Richard Purdie
---
meta/recipes-core/busybox/files/syslog | 22
On a loaded builder we've seen the log message not make it to the log file
before the ssh command completes. Add a short delay to try and ensure
this does happen. There is unforunately no way to flush syslog in all
cases we test.
Signed-off-by: Richard Purdie
---
From: Martin Jansa
Source: OpenEmbedded.org
MR: 98320, 98319
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/python/python_2.7.16.bb?id=9d23b982fa4e0290761b3d15f6959779fed72ad6
ChangeID:
From: Armin Kuster
Source: Python.org
MR: 98220
Type: Security Fix & Integration
Disposition: Backport from python.org
ChangeID: 96fdd2dee9fe9317eb72584583ae0100c0be9eaa
Description:
Bug fix update per Python.org
https://www.python.org/downloads/release/python-2716/
drop backported patch
Source: busybox.git
MR: 97332
Type: Security Fix
Disposition: Backport from busybox.git
ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d
Description:
Affects < 1.30.0
Fixes:
CVE-2018-20679
CVE-2019-5747
Signed-off-by: Armin Kuster
---
.../busybox/busybox/CVE-2018-20679.patch | 142
From: Chen Qi
Source: OpenEmbedded.org
MR: 97351
Type: Integration
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior=ee57d79aec06e9b160cf2713636cda650ba68d5a
ChangeID: ee57d79aec06e9b160cf2713636cda650ba68d5a
Description:
The
From: Armin Kuster
Source: sqlite.org
MR: 97484, 97490
Type: Security Fix
Disposition: Backport from sqilte.org
ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5
Description:
Affects < 3.26.0
fixes:
CVE-2018-20505
CVE-2018-20506
Signed-off-by: Armin Kuster
Signed-off-by: Armin Kuster
---
From: Richard Purdie
The crosssdk dependencies are handled using the virtual/ namespace so
this name doesn't matter in the general sense. We want to be able to provide
recipe maintainer information through overrides though, so this standardises it
with the behaviour from gcc-crosssdk and ensures
From: Ross Burton
Source: OpenEmbedded.org
MR: 97538, 97543
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-graphics/cairo?h=warrior=078e4d5c2114d942806cd0d5ad501805a011e841
ChangeID: fa8bdd44ad8613bb0679a1f6d9d670c3b47a0677
From: Hongxu Jia
Go binaries were installed to ${libdir}/go/bin, and create symlink
in ${bindir}, while enabling multilib, libdir was extended (such as
/usr/lib64), but BASELIB was not (still /lib), so use
baselib (such as /lib64)) to replace
Signed-off-by: Hongxu Jia
Signed-off-by: Richard
From: Armin Kuster
Source: https://github.com/file
MR: 97573, 97578, 97583, 97588
Type: Security Fix
Disposition: Backport from https://github.com/file/file
ChangeID: 159e532d518623f19ba777c8edc24d2dc7e3a4e9
Description:
CVE-2019-8905 is the same fix as CVE-2019-8907
Affects < 5.36.0
Fixes:
From: Armin Kuster
Source: tar.git
MR: 97928
Type: Security Fix
Disposition: Backport from
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3
Description:
Affects tar < 1.32
fixes CVE-2019-9923
From: Joshua DeWeese
I goofed up the scissor line on the last attempt. Not sure how much it matters,
but here it is correct this time.
Here it is, updated to work with wpa-supplicant_2.6.bb.
-- >8 --
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
When building
From: Armin Kuster
Source: Qemu.org
MR: 97453
Type: Security Fix
Disposition: Backport from git.qemu.org/gemu.git
ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace
Description:
In the spirt of YP Compatible, sending change upstream.
fixes CVE CVE-2018-19489
Affect < = 4.0.0
Signed-off-by:
From: Armin Kuster
Source: http://git.savannah.gnu.org/cgit/wget.git
MR: 89341
Type: Security Fix
Disposition: Backport from
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b
Description:
Fixes
From: Armin Kuster
Source: CUrl.org
MR: 98455
Type: Security Fix
Disposition: Backport from https://curl.haxx.se/
ChangeID: 86b094a440ea473b114764e8d64df8142d561609
Description:
Fixes CVE-2019-5435 CVE-2019-5436
Signed-off-by: Armin Kuster
---
From: Chen Qi
Source: OpenEmbedded.org
MR: 97351
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior=fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd
ChangeID: fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd
Description:
From: Khem Raj
Source: OpenEmbedded.org
MR: 98328, 98329, 98330
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/go?h=warrior=b964551a0d08aa921d4e0ceea2f1e28a5e83510e
ChangeID: 0b4cc69c357ba14c4e7a6c7ff926cfc6f09489b2
From: Armin Kuster
Source: glib-2.0
MR: 98443
Type: Security Fix
Disposition: Backport from
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741
Description:
Signed-off-by: Armin Kuster
---
From: Richard Purdie
This includes libstdc++ changes from gcc 9.X.
It also switches uninative from bz2 to xz compression.
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/yocto-uninative.inc | 8
1 file changed, 4 insertions(+), 4 deletions(-)
From: Armin Kuster
Source: golang.org
MR: 97548,
Type: Security Fix
Disposition: Backport from
https://github.com/golang/go/issues?q=milestone%3AGo1.11.5
ChangeID: 54377c454f038a41bf35dd447a784e3e66db6268
Description:
Bug fix updates only
https://golang.org/doc/devel/release.html#go1.11
Basically they are executed only when you have something in your target image
that requires their execution (usually to populate some database). If the
execution fails for some reason, the correct way to handle that is to look into
the failure instead of fixing the symptoms (missing files for
From: Armin Kuster
Signed-off-by: Armin Kuster
---
meta/recipes-core/glibc/glibc/CVE-2019-9169.patch | 63 +++
meta/recipes-core/glibc/glibc_2.28.bb | 1 +
2 files changed, 64 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
From: Armin Kuster
Source: http://sourceware.org/git/elfutils.git
MR: 97563, 97568, 97558
Type: Security Fix
Disposition: Backport from http://sourceware.org/git/elfutils.git
ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24
Description:
Affects <= 0.175
Fixes:
CVE-2019-7146
CVE-2019-7149
Here is the next set for patches for Thud.
Please have comments by Friday.
The following changes since commit f162d5bfe6eaeca24f441c83c87252c8d05744fc:
core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit (2019-05-17
22:05:59 -0700)
are available in the git repository at:
From: Armin Kuster
Source: qemu.org
MR: 97258, 97342, 97438, 97443
Type: Security Fix
Disposition: Backport from git.qemu.org/qemu.git
ChangeID: a5e9fd03ca5bebc880dcc3c4567e10a9ae47dba5
Description:
These issues affect qemu < 3.1.0
Fixes:
CVE-2018-16867
CVE-2018-16872
CVE-2018-18849
Its useful to test whether the restart command returned an error code and
exit early from the test if so.
Also add different messages to tell if the syslog processes didn't
die or didn't restart.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/runtime/cases/oe_syslog.py | 32
KERNEL_VERSION gets expanded at runtime to contain the real kernel
version. There is code to ensure the signatures are determinisic but
the multilib expansion code breaks this.
Exclude the variable from the datastore used for expansion to avoid this.
Signed-off-by: Richard Purdie
---
== Series Details ==
Series: "multilib_global: Fix KERNEL_VE..." and 4 more
Revision: 1
URL : https://patchwork.openembedded.org/series/18362/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been
Here is my investigation:
The intercepts are executed on QEMU during cross-compilation using
qemu-wrapper.
I see that the tools were built for the native architecture but
of course they do not exist on the target image and I have no
interest in pulling fonts and such into my image to make
From: Armin Kuster
Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:
Fixes CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by:
From: Richard Purdie
The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes
compatibility with recent fedora/suse releases.
The difference is one is built with obsolete APIs enabled and one disabled.
We now ship both in uninative for compatibility regardless of which distro
a
From: Richard Purdie
(From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a)
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/classes/uninative.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/uninative.bbclass
* For changes, see:
https://gitlab.gnome.org/GNOME/glib/blob/glib-2-60/NEWS
* Remove backported CVE-2019-12450.patch.
Signed-off-by: Peter Kjellerstedt
---
.../glib-2.0/glib-2.0/CVE-2019-12450.patch| 62 ---
...{glib-2.0_2.60.3.bb => glib-2.0_2.60.4.bb} | 5 +-
2 files
On 6/26/2019 5:21 PM, Richard Purdie wrote:
>> What is so special about these?
> Put another way, why aren't lots of people seeing failures due to this?
>
> You're obviously doing something differently to everyone else but we're
> having a hard time understanding what, or how we'd trigger the
*** BLURB HERE ***
The following changes since commit 67266331b0f557c01cde1cc1b1a1de7197443a6c:
local.conf.sample.extended: remove redundant RUNTIMETARGET assignment
(2019-06-24 17:34:25 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib
Currently `devtool finish RECIPE meta' will silently succeed even
if there are multiple layers having the same base name of 'meta'.
e.g. meta layer from oe-core and meta layer from meta-secure-core.
We should at least give user a warning in such case. With the patch,
we will get warning like
Recipe upgrade statistics:
* Failed (devtool error): 40
gettext, 0.20.1, Robert Yang
gtk+3, 3.24.9, Ross Burton
iputils, s20190515, Changhyeok Bae
hwlatdetect, 1.4, Alexander Kanavin
squashfs-tools, 4.3-new-commits-available, Robert Yang
Recipes like postfix run command newaliases in postinst, but newaliases is
installed as newaliases.postfix, it needs run update-alternatives to update it
to newaliases, so there was an error when installed postinst on target.
Fixed:
$ opkg install postfix
Configuring postfix.
The gtk-update-icon-cache is provided by gtk+3, gdk-pixbuf-query-loaders is
provided by gdk-pixbuf, and gtk+3 depends on gdk-pixbuf, so depends on gtk+3
can fix the problems.
Signed-off-by: Robert Yang
---
meta/classes/gtk-icon-cache.bbclass | 14 ++
1 file changed, 10
The update-alternatives.bbclass' postinst script runs firstly before other
postinst, but busybox needs set basic tools such as sed command firstly,
otherwise, update-alternatives doesn't work, so run busybox' postinst firstly
to fix the problem.
Signed-off-by: Robert Yang
---
* V3
- Rather make the exception in update-alternatives.bbclass, but add a
populate_packages_updatealternatives_append() in busybox.inc to make
busybox's postinst runs firstly.
* V2
- The patch for update-alternatives.bbclass makes update-alternatives runs
firstly
before other
On 6/25/19 10:14 PM, Richard Purdie wrote:
On Tue, 2019-06-25 at 20:44 +0800, Robert Yang wrote:
Recipes like postfix run command newaliases in postinst, but newaliases is
installed as newaliases.postfix, it needs run update-alternatives to update it
to newaliases, so there was an error when
60 matches
Mail list logo
