From: Mike Crowe
Take patch from Debian 7.64.0-4+deb10u7.
Signed-off-by: Mike Crowe
---
.../curl/curl/CVE-2023-38546.patch| 131 ++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 132 insertions(+)
create mode 100644
From: Mike Crowe
Backporting this change required tweaking the error value since the
two-level CURLE_PROXY error reporting was introduced after curl
7.69.1. The test required some tweaks to not rely on more-recent
improvements to the test infrastructure too.
Signed-off-by: Mike Crowe
---
Add fix for tiffcrop tool CVE-2023-1916 [1].
A flaw was found in tiffcrop, a program distributed by the libtiff
package. A specially crafted tiff file can lead to an out-of-bounds
read in the extractImageSection function in tools/tiffcrop.c, resulting
in a denial of service and limited
From: Joe Slater
The patch is copied from kirkstone. master has advanced
to ghostscript 10.02.0 which includes the fix.
Signed-off-by: Joe Slater
---
.../ghostscript/CVE-2023-43115.patch | 62 +++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed,
On Wed, Oct 11, 2023 at 5:39 PM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Tue, 2023-10-10 at 19:11 -0600, Alejandro Enedino Hernandez
> Samaniego wrote:
> >
> >
> >
> >
> > On 10/6/23 05:36, Richard Purdie wrote:
> >
> >
> > >
> > > Drop the version overrides for the kernel
On Tue, 2023-10-10 at 19:11 -0600, Alejandro Enedino Hernandez
Samaniego wrote:
>
>
>
>
> On 10/6/23 05:36, Richard Purdie wrote:
>
>
> >
> > Drop the version overrides for the kernel for the x86 and arm
> > machines
> > so we can go back to following the distro versions. The reasons
On 2023-10-11 15:19, Andreas Cord-Landwehr wrote:
Fix pkgconfig find calls to find wayland protocol XML files, which are
installed into /usr/share/wayland/. This patch fixes specifically the
call `pkg-config --variable=pkgdatadir wayland-client` to locate the
folder containing wayland.xml.
Oops, I meant to drop this patch since it has been reverted in master.
I will remove it from the queue before merging.
Steve
On Tue, Oct 10, 2023 at 2:02 PM Steve Sakoman via
lists.openembedded.org
wrote:
>
> From: Mikko Rapeli
>
> Check return values of each git command and set initial branch
This release has a fix to mitigate CVE-2023-44487: HTTP/2 Rapid Reset:
https://nghttp2.org/blog/2023/10/10/nghttp2-v1-57-0/
Signed-off-by: Alexander Kanavin
---
.../nghttp2/{nghttp2_1.56.0.bb => nghttp2_1.57.0.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
Alexander Kanavin escreveu no dia quarta,
11/10/2023 à(s) 17:05:
> I do recommend using ‘devtool upgrade’ as it will take care of updating
> the checksums in the recipe, and will rebase the patches. Did you run at
> least one build with v2, given that v1 was clearly not tested?
>
The build I
I do recommend using ‘devtool upgrade’ as it will take care of updating the
checksums in the recipe, and will rebase the patches. Did you run at least
one build with v2, given that v1 was clearly not tested?
Alex
On Wed 11. Oct 2023 at 17.54, Jose Quaresma wrote:
> curl and libcurl 8.4.0
>
>
curl and libcurl 8.4.0
Public curl releases: 252
Command line options: 258
curl_easy_setopt() options: 303
Public functions in libcurl: 93
Contributors: 2995
This release includes the following changes:
o curl: add support for the IPFS protocols via HTTP
curl and libcurl 8.4.0
Public curl releases: 252
Command line options: 258
curl_easy_setopt() options: 303
Public functions in libcurl: 93
Contributors: 2995
This release includes the following changes:
o curl: add support for the IPFS protocols via HTTP
On Wed, Oct 11, 2023 at 12:59 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Wed, 2023-10-11 at 09:48 +0200, Alexander Kanavin wrote:
> > Hello Andreas,
> >
> > thanks for the explanation, this s fine, but can you add it to the
> > commit message so it's preserved in history?
Le mer. 11 oct. 2023, 16:32, Sundeep KOKKONDA via lists.openembedded.org
a écrit :
> I looked briefly into the issue 15090 (zvariant recipe) description and as
> per me it should be tested before removing EXCLUDE_FROM_WORLD to ensure the
> builds are reproducible.
I'll try do that in the
I looked briefly into the issue 15090 (zvariant recipe) description and as per
me it should be tested before removing EXCLUDE_FROM_WORLD to ensure the builds
are reproducible.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188961):
On Wed, 2023-10-11 at 14:37 +0200, Frederic Martinsons wrote:
> We may want to remove the EXCLUDE_FROM_WORLD in zvariant
> recipe since it was introduced for reproducibility issue (#15090
> which had been marked as a duplicate of the main rust issue #14875).
> What do you think sundeep ?
We
From: Yash Shinde
Signed-off-by: Yash Shinde
---
.../binutils/binutils-2.38.inc| 1 +
.../binutils/0030-CVE-2022-44840.patch| 151 ++
2 files changed, 152 insertions(+)
create mode 100644
From: Yash Shinde
Signed-off-by: Yash Shinde
---
.../binutils/binutils-2.38.inc| 2 +
.../binutils/0031-CVE-2022-45703-1.patch | 147 ++
.../binutils/0031-CVE-2022-45703-2.patch | 31
3 files changed, 180 insertions(+)
create mode 100644
On Wed, 11 Oct 2023 at 14:27, Frederic Martinsons via lists.openembedded.org
wrote:
> very great news to read !
>
>
> On Wed, 11 Oct 2023 at 13:03, Alex Kiernan wrote:
>
>> On Wed, Oct 11, 2023 at 5:06 AM Sundeep KOKKONDA via
>> lists.openembedded.org
>> wrote:
>> >
>> > [Yocto#14875]
>> > The
very great news to read !
On Wed, 11 Oct 2023 at 13:03, Alex Kiernan wrote:
> On Wed, Oct 11, 2023 at 5:06 AM Sundeep KOKKONDA via
> lists.openembedded.org
> wrote:
> >
> > [Yocto#14875]
> > The '--remap-path-prefix' option removes all references to build
> directory structure in the debug
Upgrade to latest 1.20.x release [1]:
$ git log --oneline go1.20.9..go1.20.10
8042fd87f3 (tag: go1.20.10) [release-branch.go1.20] go1.20.10
e175f27f58 [release-branch.go1.20] net/http: regenerate h2_bundle.go
[1] https://github.com/golang/go/compare/go1.20.9...go1.20.10
Fixes CVE-2023-39325
On Wed, Oct 11, 2023 at 5:06 AM Sundeep KOKKONDA via
lists.openembedded.org
wrote:
>
> [Yocto#14875]
> The '--remap-path-prefix' option removes all references to build directory
> structure in the debug information within the compiled output for Cargo
> dependencies and the project's binary.
>
On 11 Oct 2023, at 05:05, Sundeep KOKKONDA via lists.openembedded.org
wrote:
>
> [Yocto#14875]
> The '--remap-path-prefix' option removes all references to build directory
> structure in the debug information within the compiled output for Cargo
> dependencies and the project's binary.
>
On Wed, 2023-10-11 at 10:06 +0200, Alexander Kanavin wrote:
> Is this a recent regression tied to some other commit or is this
> intermittent? What does the output look like? Is there an upstream
> ticket?
>
> How the failure occurs to be better documented, and upstreams do need
> to be notified,
On Tue, 2023-10-10 at 21:05 -0700, Sundeep KOKKONDA via
lists.openembedded.org wrote:
> [Yocto#14875]
> The '--remap-path-prefix' option removes all references to build directory
> structure in the debug information within the compiled output for Cargo
> dependencies and the project's binary.
>
If the BrokenPipeError occurs when writing to the serial port to wake it
up, defer the write and try again (which will happen on the 5s timeout
of the select call). Why it should return ESHUTDOWN and then work later
I'm not sure but it does appear to make it work. For now we need 'working'
QA
Excellent, thanks!
Alex
On Wed, 11 Oct 2023 at 06:06, Sundeep KOKKONDA via
lists.openembedded.org
wrote:
>
> [Yocto#14875]
> The '--remap-path-prefix' option removes all references to build directory
> structure in the debug information within the compiled output for Cargo
> dependencies and
On 10/10/23 11:30, Alexis Lothoré via lists.openembedded.org wrote:
> With those two patches, I have been able to properly generate the
> regression report from [1] with the following command:
It looks like I forgot to paste the relevant command. Here it is, for
documentation purpose:
Absolutely, yes. It's a proper upstream release.
But the EOL notice with the link should be in the commit message.
Perhaps you can send a v2?
Alex
On Wed, 11 Oct 2023 at 10:04, Ranjitsinh Rathod via
lists.openembedded.org
wrote:
>
> On Wed, Oct 11, 2023 at 01:21 PM, Alexander Kanavin wrote:
>
>
Is this a recent regression tied to some other commit or is this
intermittent? What does the output look like? Is there an upstream
ticket?
How the failure occurs to be better documented, and upstreams do need
to be notified, please don't just add pending patches to quickly
resolve AB fails.
On Wed, Oct 11, 2023 at 01:21 PM, Alexander Kanavin wrote:
>
> Note that with this release, openssl 1.1.1 reaches end of life:
Yes, but this we can take in the dunfell, right?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188945):
On Wed, 2023-10-11 at 09:48 +0200, Alexander Kanavin wrote:
> Hello Andreas,
>
> thanks for the explanation, this s fine, but can you add it to the
> commit message so it's preserved in history?
>
> I'd say we do need to switch to a maintained implementation of
> pkgconfig, and align with
Note that with this release, openssl 1.1.1 reaches end of life:
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Alex
On Fri, 6 Oct 2023 at 14:32, Sourav Kumar Pramanik
wrote:
>
> From: Sourav Pramanik
>
> https://www.openssl.org/news/openssl-1.1.1-notes.html
>
> Major changes between
Hello Andreas,
thanks for the explanation, this s fine, but can you add it to the
commit message so it's preserved in history?
I'd say we do need to switch to a maintained implementation of
pkgconfig, and align with regular distros on that, Ross, do you know
if something's holding that back
35 matches
Mail list logo