From: Kai Kang
Backport patch to fix CVE-2021-36370.
CVE: CVE-2021-36370
Signed-off-by: Kai Kang
---
.../mc/files/CVE-2021-36370.patch | 609 ++
meta/recipes-extended/mc/mc_4.8.26.bb | 1 +
2 files changed, 610 insertions(+)
create mode 100644
* Test info
IMAGE_CLASSES += "testimage"
$ bitbake core-image-sato -cpopulate_sdk && bitbake core-image-sato -ctestsdk
The following changes since commit ec20e1a0e0ba61a7615b361bfc9d9dc58a91f9b3:
create-spdx: remove trailing comma (2021-09-08 15:32:45 +0100)
are available in the Git
The downloaded non-free sources, now download expat-2.4.1.tar.bz2 to replace
it, and also rename the test case to cmake.py since it is used for testing
cmake.
Signed-off-by: Robert Yang
---
meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} | 12 ++--
1 file changed, 6 insertions(+), 6
Pull in the following changes:
* pseudo_client: Make msg static in pseudo_op_client
* ports/linux/guts: Add close_range wrapper for glibc 2.34
* pseudo_client: Do not pass null argument to pseudo_diag()
* test-openat: Consider device as well as inode number
* test: Add missing test-statx test
Hold off on this, it breaks some potential use-cases.
Ross
On Fri, 10 Sept 2021 at 11:20, Ross Burton via lists.openembedded.org
wrote:
>
> When using the simpleremote test target, TEST_SERVER_IP doesn't have to
> be configured as the code will detect the host's IP if it isn't set.
>
>
On 9/9/21 11:43 PM, Khem Raj wrote:
On Thu, Sep 9, 2021 at 3:26 AM Robert Yang wrote:
Hi Khem,
On 9/9/21 1:06 PM, Khem Raj wrote:
also delete meta/lib/oeqa/sdk/cases/assimp.py
It's a test case for testing cmake, it should be OK to keep it? Or we need add a
new one to replace it.
is it
We've seen issues where shell/python tasks lose their log file entries
or output and also where output is duplicated. Add some tests to attempt
to spot regressions in this area in future.
Signed-off-by: Richard Purdie
---
.../recipes-test/logging-test/logging-test.bb | 24
On Wed, 2021-09-08 at 16:05 +0800, Yu, Mingli wrote:
> From: Mingli Yu
>
> Add pkgconfig setting for selinux.
>
> Signed-off-by: Mingli Yu
> ---
> meta/recipes-extended/tar/tar_1.34.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-extended/tar/tar_1.34.bb
>
Specifying a port that the test host can open sockets on isn't that
useful as the package management tests will open multiple ports, so the
specified port won't be used anyway. The value was never set so used
the default of value, which meant the kernel picked the port.
Remove the server port
There's no need to inherit from object in Python 3, and marking the
methods as abstract is overkill considering the type hierarchy.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/core/target/__init__.py | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git
When using the simpleremote test target, TEST_SERVER_IP doesn't have to
be configured as the code will detect the host's IP if it isn't set.
Signed-off-by: Ross Burton
---
meta/classes/testimage.bbclass | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git
Move towards a consistent interface across OETarget subclasses by
moving target_ip to the superclass.
QemuTarget automatically determines the target IP on startup, so default
that to None.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/core/target/__init__.py | 3 ++-
Move towards a consistent interface across OETarget subclasses by
moving server_ip to the superclass.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/core/target/__init__.py | 3 ++-
meta/lib/oeqa/core/target/qemu.py | 4 +---
meta/lib/oeqa/core/target/ssh.py | 3 +--
3 files changed, 4
The target_dumper property is only set by the QemuTarget subclass, so
assign a default value and check it isn't None before calling it.
Signed-off-by: Ross Burton
---
meta/lib/oeqa/core/target/ssh.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
Also pass the the base image name to the target class. This is the full
path to the deploy directory and the image name without any extensions,
so makes it easier to find ancillary files.
Signed-off-by: Ross Burton
---
meta/classes/testimage.bbclass | 1 +
1 file changed, 1 insertion(+)
diff
On Thu, 2021-09-09 at 17:53 +, Kristian Klausen via lists.openembedded.org
wrote:
> "A unified kernel image is a single EFI PE executable combining an EFI
> stub loader, a kernel image, an initramfs image, and the kernel command
> line.
>
> [...]
>
> Images of this type have the advantage
On Fri, 10 Sept 2021 at 09:08, Robert Yang wrote:
> -self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON
> {source}".format(**dirs))
> +self._run("cd {build} && cmake {source}".format(**dirs))
Verbose makefiles were turned on for a reason: when it breaks, we
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/selftest/cases/oescripts.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/oescripts.py
b/meta/lib/oeqa/selftest/cases/oescripts.py
index 8a10ff357be..1decce39e96 100644
---
If the distro does not include the group 'wheel' systemd will
complain when trying to parse ACL rules for tmpfiles.d.
systemd-tmpfiles[273]: Failed to parse ACL
"d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Systemd has a configuration parameter to avoid using 'wheel'
group
From: Armin Kuster
Source: golang.org
MR: 111958, 112390, 112393
Type: Security Fix
Disposition: Backport from https://github.com/golang/go.git
ChangeID: 662d021814f025b3d768a04864498486f94819a7
Description:
Affects < 1.16.5
Fixes:
CVE-2021-33196
CVE-2021-33197
CVE-2021-34558
Signed-off-by:
From: Armin Kuster
Source: https://gitlab.freedesktop.org/xorg/xserver
MR: 108223,
Type: Security Fix
Disposition: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
and
From: Richard Purdie
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.
https://github.com/golang/go/issues/30999#issuecomment-910470358
Signed-off-by: Richard Purdie
(cherry picked from commit
On Fri, 2021-09-10 at 17:36 +0100, Mike Crowe wrote:
> On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via
> lists.openembedded.org wrote:
> > On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via
> > lists.openembedded.org wrote:
> > > When running the test suite on my Debian 11
On Thu, 2021-09-09 at 16:58 -1000, Steve Sakoman wrote:
> The following changes since commit b46b059a306b2823624e64adecded9f76430471a:
>
> layer.conf: fix syntax error in PATH setting (2021-09-03 04:05:12 -1000)
>
> are available in the Git repository at:
>
>
From: Bruce Ashfield
Updating linux-yocto/5.13 to the latest korg -stable release that comprises
the following commits:
7aeadb5bb82a Linux 5.13.13
2ff626b14003 fs: warn about impending deprecation of mandatory locks
a57b2a703e44 io_uring: fix xa_alloc_cycle() error return value
From: Bruce Ashfield
Updating linux-yocto/5.13 to the latest korg -stable release that comprises
the following commits:
b8c3cc76091b Linux 5.13.15
2f939f346edb media: stkwebcam: fix memory leak in stk_camera_probe
26874d67198b ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
452ea6a15ed2 Linux 5.10.61
f15e64267393 io_uring: only assign io_uring_enter() SQPOLL error in actual
error case
695ab28a7fa1 io_uring: fix xa_alloc_cycle() error
From: Ovidiu Panait
X specific configs are already handled through PACKAGECONFIG:
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
...
PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x
--disable-x11-autolaunch, virtual/libx11
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
e07f317d5a28 Linux 5.10.63
4405ea221dea media: stkwebcam: fix memory leak in stk_camera_probe
ad5e13f15db7 fuse: fix illegal access to inode with reused nodeid
From: Wang Mingyu
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)
Signed-off-by: Wang Mingyu
Signed-off-by: Richard Purdie
(cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028)
[Bug fix only update, drop cve patch now included
a0926ef86f (tag: dbus-1.12.18)
From: Wang Mingyu
(From OE-Core rev: 839695e0c1b0c0fcfbb924c2b174c4a638067a32)
Signed-off-by: Wang Mingyu
Signed-off-by: Richard Purdie
(cherry picked from commit 5cbf053481642a820b9f4c6bed9ac79246719087)
Signed-off-by: Armin Kuster
Signed-off-by: Steve Sakoman
---
From: Bruce Ashfield
Richard,
Here are the latest -stable updates for the active kernels. Nothing jumped
out as particularly risky.
I've kept the updates separeate on purpose, since they represent a test
point and a known good state. Which will come in handy if something does pop
up during
From: Ovidiu Panait
dbus and dbus-test share the same source code and base configuration options,
so factor out the common parts into dbus.inc.
This way we can eliminate the need to keep the two recipes in sync. When they
are not properly in sync (e.g. when dbus recipe has extra patches/config
From: Wang Mingyu
Source: https://git.openembedded.org/openembedded-core
MR: 108825
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/dbus?id=bfaef91e77cd54e4f642e966903aac3f3291c325
ChangeID:
Please review this next set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2570
The following changes since commit fcc609d3bafef2f63039dc54c0fd0eaf062710a1:
rt-tests: set
From: Richard Purdie
CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.
https://github.com/westes/flex/issues/414
From: Armin Kuster
Source: https://gitlab.gnome.org/GNOME/glib
MR: 108788, 108795, 109707
Type: Security Fix https://gitlab.gnome.org/GNOME/glib branch glic-2-66
Disposition: Backport from
ChangeID: 96b965a23bcdb0881b0de534d6eb5878f6d99d9a
Description:
On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via
lists.openembedded.org wrote:
> On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via
> lists.openembedded.org wrote:
> > When running the test suite on my Debian 11 box I see many occurrences
> > of:
> >
> > unknown fcntl
Hello,
On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote:
> From: Tobias Kaufmann
>
> If a package-name contains characters which are used
> in regular expressions (e.g. libstdc++) this might
> break the regexp compilation.
>
> To solve this issue the package names are escaped before
On 10/09/2021 21:37:29+0200, Alexandre Belloni wrote:
> Hello,
>
> On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote:
> > From: Tobias Kaufmann
> >
> > If a package-name contains characters which are used
> > in regular expressions (e.g. libstdc++) this might
> > break the regexp
From: Armin Kuster
Source: https://dist.apache.org
MR: 112793
Type: Security Fix
Disposition: Backport from
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc
Description:
An out-of-bounds array read in the
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0
regressed
compared to 1.6.3 and is vulnerable to the same issue.
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0
regressed
compared to 1.6.3 and is vulnerable to the same issue.
From: Armin Kuster
Source: https://sources.debian.org/patches/libgcrypt20/1.8.4-5+deb10u1
MR: 111591
Type: Security Fix
Disposition: Backport from
https://sources.debian.org/data/main/libg/libgcrypt20/1.8.4-5%2Bdeb10u1/debian/patches/31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch
Hello all,
Intel and WR YP QA is planning for QA execution for YP build yocto-3.3.3.rc2 We
are planning to execute following tests for this cycle:
OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw
Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3.
45 matches
Mail list logo
