Re: [OE-core] [PATCH 2/4] vala: Fix install conflict when enable multilib.

> This looks a bit odd since crossscripts wouldn't be installed on the target? I also feel a little strange. It seems that this file should not be installed on target. But I'm not sure, so I didn't delete this file from target > Also, when posting these kinds of changes, can you show a diff of

Re: [OE-core] [PATCH] binutils: Enable --enable-new-dtags

On Thu, Feb 23, 2023 at 5:56 PM Khem Raj wrote: > > On Thu, Feb 23, 2023 at 3:34 PM Alexandre Belloni > wrote: > > > > Could this be the cause of this? > > > > https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20230223-79c9rmcw/packages/diff-html/ > > most likely yes. I will take a

[OE-core] [PATCH] VOLATILE_TMP_DIR: add

Provide a mechanism to allow users to choose whether the /tmp directory is on persistent storage (non-volatile) or a RAM-based tmpfs (volatile). The default is volatile. Works for both sysvinit-based and systemd-based systems. Signed-off-by: Trevor Woerner --- meta/conf/bitbake.conf

[OE-core][master][PATCH] Upgrade bind-9.18.11 -> bind-9.19.9

Fix below security CVEs: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Fix serve-stale crash when recursive clients soft quota is reached. (CVE-2022-3924) [GL #3619] Handle RRSIG lookups when serve-stale is active. (CVE-2022-3736) [GL #3622] An UPDATE message flood could cause named to exhaust all

[OE-core] [kirkstone][PATCH] libsdl2: fix CVE-2022-4743

From: Changqing Li Signed-off-by: Changqing Li --- ...ial-memory-leak-in-GLES_CreateTextur.patch | 40 +++ .../libsdl2/libsdl2_2.0.20.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644

[OE-core][kirkstone][PATCH] rpm: update 4.17.1 -> 4.18

(From OE-Core rev: 5bef402da334595ed9302b8bca1acdf5e88bfe11) This will fix #CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation upstream branch=rpm-4.18: git://github.com/rpm-software-management/rpm Signed-off-by: Vivek Kumbhar ---

[OE-core][dunfell][PATCH] harfbuzz: fix CVE-2023-25193 allows attackers to trigger O(n^2) growth via consecutive marks

[layout] Limit how far we skip when looking back Signed-off-by: Vivek Kumbhar --- .../harfbuzz/harfbuzz/CVE-2023-25193.patch| 71 +++ .../harfbuzz/harfbuzz_2.6.4.bb| 5 +- 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644

[OE-core][kirkstone][PATCH] harfbuzz: fix CVE-2023-25193 allows attackers to trigger O(n^2) growth via consecutive marks

[layout] Limit how far we skip when looking back Signed-off-by: Vivek Kumbhar --- .../harfbuzz/harfbuzz/CVE-2023-25193.patch| 71 +++ .../harfbuzz/harfbuzz_4.0.1.bb| 4 +- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644

[OE-core][langdale 28/28] runqemu: kill qemu if it hangs

From: Mikko Rapeli qemu doesn't always behave well and can hang too. kill it with force if it was still alive. Move clean up commands into cleanup() function. Signed-off-by: Mikko Rapeli Signed-off-by: Alexandre Belloni (cherry picked from commit 079c2935d2f585ce49e1c7daab2155fcf0094c48)

[OE-core][langdale 27/28] oeqa ssh.py: fix hangs in run()

From: Mikko Rapeli When qemu machine hangs, the ssh commands done by tests are not timing out. do_testimage() task has last logs like this: DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502 The test process is stuck for hours, or for ever if the executing command or test case did not

[OE-core][langdale 26/28] libseccomp: fix for the ptest result format

From: Narpat Mali The output of libseccomp ptest should follow a unified format as per this https://wiki.yoctoproject.org/wiki/Ptest Replaced the test results SUCCESS, FAILURE & SKIPPPED with PASS, FAIL & SKIP and printing the ptest result with the below format result: testname Signed-off-by:

[OE-core][langdale 25/28] kernel-yocto: fix kernel-meta data detection

From: Ulrich Ölmann Fixes: 7ef7af5c03ba ("kernel-yocto: restore kernel-meta data detection for SRC_URI elements") Signed-off-by: Ulrich Ölmann Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c77754f23e3fb49a62602a6c6a04d5525d1cf457) Signed-off-by:

[OE-core][langdale 24/28] cml1: remove redundant addtask

From: Ross Burton The configure task is added by base.bbclass, no need to do it again. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 2d7897bcab2b70d850bfe02ded42b20eb695eda8) Signed-off-by: Steve Sakoman --- meta/classes-recipe/cml1.bbclass | 1 - 1

[OE-core][langdale 23/28] lib/buildstats: handle tasks that never finished

From: Ross Burton If a task is aborted the buildstats file isn't complete, so calculate when the build finished and use that as a end time. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 23ebaec476dc46aebe5997f025661137f3e341bd) Signed-off-by: Steve

[OE-core][langdale 22/28] oeqa/selftest/resulttooltests: fix minor typo

From: Alexis Lothoré Signed-off-by: Alexis Lothoré Signed-off-by: Richard Purdie (cherry picked from commit 80cfa56d133bd3abbb1f37272607d8e15ce70861) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/resulttooltests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[OE-core][langdale 21/28] libssh2: Clean up ptest patch/coverage

From: Richard Purdie Martin Jansa spotted patchreview.py reports Malformed Upstream-Status in a patch in this recipe. The patch is not being applied since there is no ptest override. The test in question was also disabled due to an issue with new versions of openssh. Add a workaround for the

[OE-core][langdale 20/28] lttng-modules: fix for kernel 6.2+

From: Bruce Ashfield Backporting a patching from the 2.13.x stable branch of lttng to fix the build against kernel 6.2+. Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 3aed7dfe5ff6f52497dcffa58bc2f06cf709ea18) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 19/28] dhcpcd: fix dhcpcd start failure on qemuppc64

From: Xiangyu Chen Backport patch to fix dhcpcd start failed on qemuppc64. Signed-off-by: Xiangyu Chen Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit a31d658198566de12cdd1aad18776b8da8065787) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 18/28] sstatesig: Improve output hash calculation

From: Mateusz Marciniec Symbolic links to the files are included during the output hash calculation but symlinks to the directories are missed. So if the new symlink to a directory was the only change made, then the output hash won't change, and the Hash Equivalence server may change unihash. In

[OE-core][langdale 17/28] busybox: Fix depmod patch

From: Saul Wold The original patch was actually allowing .debug modules though which was in-correct. This change blocks the parsing of .debug modules (which is correct). As noted in [YOCTO #15022] this should address the empty modules.dep when using the BusyBox depmod. Signed-off-by: Saul Wold

[OE-core][langdale 16/28] bblayers/makesetup: skip git repos that are submodules

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit d8bc9cd4ca8ae268a61024f8ac5083a2bbdc432f) Signed-off-by: Steve Sakoman --- meta/lib/bblayers/makesetup.py | 10 ++ 1 file changed, 10

[OE-core][langdale 15/28] bblayers/setupwriters/oe-setup-layers: create dir if not exists

From: Adrian Freihofer Without this patch: $ bitbake-layers create-layers-setup /home/adrian/temp/poky-clone NOTE: Starting bitbake server... Traceback (most recent call last): File "/home/adrian/projects/poky/bitbake/lib/bb/process.py", line 169, in run pipe = Popen(cmd, **options)

[OE-core][langdale 14/28] wic: Fix usage of fstype=none in wic

From: Pavel Zhukov This allows to specify partition with fstype=none in the wks file to have partition created but without following mkfs. The none fstype is in the list already but the usage is not documented. Example; part /data --ondisk mmcblk0 --fstype=none --align 4096 --fixed-size 512

[OE-core][langdale 13/28] curl: fix dependencies when building with ldap/ldaps

From: Federico Pellegrin openldap is added as a dependency so the build will not fail, as otherwise ldap headers are not found during configure phase Note: due to upstream bug (now fixed) building LDAP/LDAPS support with minimal configurations can sometimes not work, see details at:

[OE-core][langdale 12/28] classes/populate_sdk_base: Append cleandirs

From: Joshua Watt Append to cleandirs in do_populate_sdk so that other classes (specifically, create-spdx-2.2) can add additional directories Signed-off-by: Joshua Watt Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][langdale 10/28] linux-firmware: upgrade 20230117 -> 20230210

From: Alexander Kanavin License-Update: additional firmwares Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit 8e6134d39b840d96e1c37d3df21a522afea8bc76) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20230117.bb => linux-firmware_20230210.bb}

[OE-core][langdale 11/28] wireless-regdb: upgrade 2022.08.12 -> 2023.02.13

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit a8e8ea1b4b100b6f0ba5ca9441a8f3f1ac31fbfd) Signed-off-by: Steve Sakoman --- ...ireless-regdb_2022.08.12.bb => wireless-regdb_2023.02.13.bb} | 2 +- 1 file changed, 1

[OE-core][langdale 09/28] linux-firmware: add yamato fw files to qcom-adreno-a2xx package

From: Dmitry Baryshkov Newest linux-firmware release got firmware for Adreno A200. Add these two files to the ${PN}-qcom-adreno-a2xx package. As these files are licensed under a separate BSD-3-Clause license, add separate license package too. Signed-off-by: Dmitry Baryshkov Signed-off-by:

[OE-core][langdale 08/28] linux-firmware: properly set license for all Qualcomm firmware

From: Dmitry Baryshkov It is not enough to depend on the ${PN}-qcom-license package. Set LICENSE variable for all the qcom packages to point to the proper license. Signed-off-by: Dmitry Baryshkov Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][langdale 07/28] openssl: Upgrade 3.0.7 -> 3.0.8

From: Siddharth Doshi OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level security vulnerability [1]. Upgrade the recipe to point to 3.0.8. CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as well. [1]

[OE-core][langdale 06/28] dbus: upgrade 1.14.4 -> 1.14.6

From: Alexander Kanavin Denial of service fixes: • Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS

[OE-core][langdale 05/28] xwayland: upgrade 22.1.7 -> 22.1.8

From: Wang Mingyu xwayland 22.1.8 - Security fix for CVE-2023-0494 Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit e0ca374267cce807d12d706564989900fe61bd97) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 04/28] libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1

From: Wang Mingyu Changelog: == 1. The SIMD dispatchers in libjpeg-turbo 2.1.4 and prior stored the list of supported SIMD instruction sets in a global variable, which caused an innocuous race condition whereby the variable could have been initialized multiple times if

[OE-core][langdale 03/28] vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2

[OE-core][langdale 02/28] xserver-xorg: 21.1.6 -> 21.1.7

From: Kai Kang According to the ANNOUNCE of xorg-server 21.1.7[1]: This release contains the fix for CVE-2023-0494 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-February/003320.html It also fixes a second possible OOB access during EnqueueEvent and a crasher

[OE-core][langdale 01/28] less: backport the fix for CVE-2022-46663

From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Alexandre Belloni (cherry picked from commit 56d31067a34bc1942c7eb4940a41ecfc81110e58) Signed-off-by: Steve Sakoman --- .../less/files/CVE-2022-46663.patch | 28 +++ meta/recipes-extended/less/less_608.bb

[OE-core][langdale 00/28] Patch review

Please review this set of patches for langdale and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4975 The following changes since commit ab1e3000cee9f5f3496a7e67cc59b2e08a681a89: oeqa qemurunner.py:

Re: [OE-core] [PATCH v3 0/6] scripts/resulttool/regression: add metadata filtering

Hello Richard, On 2/26/23 13:15, Richard Purdie wrote: > On Sat, 2023-02-25 at 16:59 +0100, Alexis Lothoré wrote: >> Hello Richard, >> as usual, thanks for the prompt feedback ! >> >> On 2/25/23 13:32, Richard Purdie wrote: >>> On Sat, 2023-02-25 at 09:15 +, Richard Purdie via >>>

[OE-core] OE-core CVE metrics for langdale on Sun 26 Feb 2023 03:30:01 AM HST

Branch: langdale New this week: 2 CVEs CVE-2022-4304 (CVSS3: 5.9 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4304 * CVE-2023-22743 (CVSS3: 7.3 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22743 * Removed this week: 5 CVEs

[OE-core] OE-core CVE metrics for kirkstone on Sun 26 Feb 2023 03:00:01 AM HST

Branch: kirkstone New this week: 2 CVEs CVE-2022-4304 (CVSS3: 5.9 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4304 * CVE-2023-22743 (CVSS3: 7.3 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22743 * Removed this week: 5 CVEs

[OE-core] OE-core CVE metrics for dunfell on Sun 26 Feb 2023 02:30:01 AM HST

Branch: dunfell New this week: 4 CVEs CVE-2022-4304 (CVSS3: 5.9 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4304 * CVE-2023-22490 (CVSS3: 5.5 MEDIUM): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22490 * CVE-2023-22743 (CVSS3: 7.3

Re: [OE-core] [PATCH v3 0/6] scripts/resulttool/regression: add metadata filtering

On Sat, 2023-02-25 at 16:59 +0100, Alexis Lothoré wrote: > Hello Richard, > as usual, thanks for the prompt feedback ! > > On 2/25/23 13:32, Richard Purdie wrote: > > On Sat, 2023-02-25 at 09:15 +, Richard Purdie via > > lists.openembedded.org wrote: > > > On Fri, 2023-02-24 at 18:06 +,

[OE-core] OE-core CVE metrics for master on Sun 26 Feb 2023 02:00:01 AM HST

Branch: master New this week: 0 CVEs Removed this week: 9 CVEs CVE-2022-4450 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4450 * CVE-2022-46663 (CVSS3: 7.5 HIGH): less https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46663 *

[OE-core] [PATCH 2/2] resulttool/regression: Improve matching of poor ptest test names

Some test case naming is poor and contains random strings, particularly lttng/babeltrace but also curl. Truncating the test names works since they contain file and line number identifiers which allows us to match them without the random components, or in the case or curl, test IDs. Going forward

[OE-core] [PATCH 1/2] resulttool/regression: Ensure LTP results are only compared against other LTP runs

If a test result contains LTP test results, it should only be compared with other runs containing LTP test results. Signed-off-by: Richard Purdie --- scripts/lib/resulttool/regression.py | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git

[OE-core] [kirkstone][PATCH] binutils : Fix CVE-2023-22608

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09] Signed-off-by: Yash Shinde --- .../binutils/binutils-2.38.inc| 3 + .../binutils/0020-CVE-2023-22608-1.patch | 506 ++