[OE-core] [kirkstone][PATCH 5/5] binutils: Mark CVE-2022-47696 as patched

Signed-off-by: Chaitanya Vadrevu --- .../binutils/binutils/0025-CVE-2023-25588.patch | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch b/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch index

[OE-core] [kirkstone][PATCH 4/5] binutils: Mark CVE-2022-47673 as patched

Signed-off-by: Chaitanya Vadrevu --- .../binutils/binutils/0022-CVE-2023-25584-3.patch | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch

[OE-core] [kirkstone][PATCH 3/5] binutils: Fix CVE-2022-45703

Upstream-Status: Backport following * https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636 * https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=69bfd1759db41c8d369f9dcc98a135c5a5d97299 Signed-off-by: Chaitanya Vadrevu ---

[OE-core] [kirkstone][PATCH 2/5] binutils: Fix CVE-2022-47695

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386] Signed-off-by: Chaitanya Vadrevu --- .../binutils/binutils-2.38.inc| 1 + .../binutils/0031-CVE-2022-47695.patch| 58 +++

[OE-core] [kirkstone][PATCH 1/5] binutils: Fix CVE-2022-44840

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=28750e3b967da2207d51cbce9fc8be262817ee59] Signed-off-by: Chaitanya Vadrevu --- .../binutils/binutils-2.38.inc| 1 + .../binutils/0030-CVE-2022-44840.patch| 151 ++

[OE-core][mickledore 27/27] gdb: fix RDEPENDS for PACKAGECONFIG[tui]

From: Stefan Tauner TUI mode needs terminfo at runtime, which is required to be explicitly stated in the respective PACKAGECONFIG variable. Without this change /etc/terminfo/ might be missing, which leads to a runtime error when trying to use tui, e.g.: (gdb) tui enable Cannot enable the TUI:

[OE-core][mickledore 26/27] oeqa/selftest/wic: Improve assertTrue calls

From: Richard Purdie assertTrue is a problematic call use in test cases since when it fails, you just get an unhelpful "False is not True" message. Replace some uses with assertIn/assertNotIn which will give more helpful results and for the rest, add msg entries which given more helpful

[OE-core][mickledore 25/27] libsoup-2.4: Only specify --cross-file when building for target

From: Peter Kjellerstedt The soup.cross file is only created when building for target so only tell meson to read it when it exists. This allows libsoup-2.4-native to be built again. Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][mickledore 24/27] openssl: ensure all ptest fails are caught

From: Alexander Kanavin Piping results through sed may mask failures that sed isn't catching. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 2b1b0e9e4d5011e7c2fd1b59fc277a7cfdc41194) Signed-off-by: Steve Sakoman ---

[OE-core][mickledore 23/27] openssl: parallelize tests

From: Alexander Kanavin This brings them from 15 minutes to just over 4. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 978aa94aaa441da012aeb904a0f1cbcd4d91) Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/openssl/openssl/run-ptest |

[OE-core][mickledore 22/27] strace: parallelize ptest

From: Alexander Kanavin strace is one of the slowest tests otherwise (can take 40 minutes or more), and this brings it to under 10 minutes \0/ Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 0c632b418a785494318d9f375a07d879772e8ced) Signed-off-by:

[OE-core][mickledore 21/27] ptest: report tests that were killed on timeout

From: Alexander Kanavin I'm not sure if this was reported correctly before, but it currently is not. Test that is stuck is an error in itself. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 002e27c9932a83e46be0b03a5232594cfba7212c) Signed-off-by:

[OE-core][mickledore 20/27] igt-gpu-tools: do not write shortened git commit hash into binaries

From: Alexander Kanavin Shortened hashes are prone to collisions, and in this case git lengthens the hash to resolve the collision. This in turn breaks reproducibility, depending on whether the colliding hash is present in the history or not. This has been observed here:

[OE-core][mickledore 19/27] oeqa/selftest/context.py: check git command return values

From: Mikko Rapeli Don't ignore return values from the git command lines. If something goes wrong, fail the test right away. Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie (cherry picked from commit dfc178a70d6fa60e89d4716f05d68e2c72c6ecd3) Signed-off-by: Steve Sakoman ---

[OE-core][mickledore 18/27] oeqa dnf_runtime.py: fix HTTP server IP address and port

From: Mikko Rapeli Use correct HTTPService parameters like apt.py when setting up the repo server. These work with qemu tun and slirp networking. Fixes test failure with slirp networking when executing testimage.bbclass selftests "oe-selftest -r runtime_test.TestImage". Signed-off-by: Mikko

[OE-core][mickledore 17/27] libc-test: Run as non-root user

From: Khem Raj Some of tests impose rlimit on it before running which wont be imposed when running as root user. Fixes src/regression/pthread_atfork-errno-clobber.c:23: (pid = fork()) == -1 failed: fork succeeded despite rlimit src/regression/pthread_atfork-errno-clobber.c:23: (pid = fork())

[OE-core][mickledore 16/27] weston-init: fix init code indentation

From: Otavio Salvador Tested-by: Tom Hochstein Signed-off-by: Otavio Salvador Signed-off-by: Richard Purdie (cherry picked from commit c08d474c97ce071ba376b66f30d6ee0a6159d596) Signed-off-by: Steve Sakoman --- meta/recipes-graphics/wayland/weston-init/init | 2 +- 1 file changed, 1

[OE-core][mickledore 15/27] weston-init: remove misleading comment about udev rule

From: Otavio Salvador The udev rule has been removed but the comment has kept, by mistake. Remove it. Fixes: dd83fb40f7 ("weston-init: Stop running weston as root") Tested-by: Tom Hochstein Signed-off-by: Otavio Salvador Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][mickledore 14/27] build-sysroots: target or native sysroot population need to be selected explicitly

From: Alexander Kanavin Running them in parallel is prone to races as postinsts from target sysroots rely on executables from native sysroots which may or may not be fully prepared yet. This was observed for example here:

[OE-core][mickledore 13/27] runqemu: check permissions of available render nodes as well as their presence

From: Alexander Kanavin qemu itself is not helpful when render nodes exist, but can't be opened: qemu-system-x86_64: egl: render node init failed To fix this, users likely need to * modprobe vgem (presence when physical graphic card is absent or has a driver without support for render

[OE-core][mickledore 12/27] avahi: handle invalid service types gracefully

From: Ross Burton Services which broadcast an invalid service type will cause the browse to fail. Instead of failing, replace the service type and continue. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit e581da6c4db21312833395e96b48e868a202f0f9)

[OE-core][mickledore 11/27] nativesdk-intercept: Fix bad intercept chgrp/chown logic

From: Eilís 'pidge' Ní Fhlannagáin Running either of these ends up corrupting the os.execv args. If we run: ./scripts/nativesdk-intercept/chown -R foo:foo bar The loop here ends up missing the conversion of foo:foo to root:root because it sees sys.argv[0] and assumes that it's the user:group

[OE-core][mickledore 10/27] vim: Upgrade 9.0.1894 -> 9.0.2009

From: Siddharth Doshi This includes CVE fix for CVE-2023-5441. Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc

[OE-core][mickledore 09/27] screen: update 4.9.0 -> 4.9.1

From: Alexander Kanavin * Support stop/parity bits on serial port * Add needed system headers in checks and return values for implicit function declarations * Fixes: - Avoid zombies after shell exit - Missed signal sending permission check on failed query messages (CVE-2023-24626) -

[OE-core][mickledore 08/27] gzip: update 1.12 -> 1.13

From: Alexander Kanavin Stable release update Drop autoconf-2.73.patch as issue resolved upstream. License-update: http -> https Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 1ddf9e053b17913718c780ad4c877d5ddb6ff536) Signed-off-by: Steve Sakoman

[OE-core][mickledore 07/27] wireless-regdb: upgrade 2023.05.03 -> 2023.09.01

From: Wang Mingyu Changelog: == wireless-regdb: update regulatory database based on preceding changes wireless-regdb: Update regulatory rules for Australia (AU) for June 2023 wireless-regdb: Update regulatory info for Türkiye (TR) wireless-regdb: Update regulatory rules for Egypt (EG)

[OE-core][mickledore 06/27] dbus: upgrade 1.14.8 -> 1.14.10

From: Wang Mingyu Changelog: === • Avoid a dbus-daemon crash if re-creating a connection's policy fails. • If getting the groups from a user ID fails, report the error correctly, instead of logging "(null)" • Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs

[OE-core][mickledore 05/27] curl: fix CVE-2023-38546

From: Archana Polampalli A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman ---

[OE-core][mickledore 04/27] curl: fix CVE-2023-38545

From: Archana Polampalli This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../curl/curl/CVE-2023-38545.patch| 133 ++ meta/recipes-support/curl/curl_8.0.1.bb |

[OE-core][mickledore 03/27] ghostscript: fix CVE-2023-43115

From: Joe Slater The patch is copied from kirkstone. master has advanced to ghostscript 10.02.0 which includes the fix. Signed-off-by: Joe Slater Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2023-43115.patch | 62 +++ .../ghostscript/ghostscript_10.0.0.bb

[OE-core][mickledore 02/27] tiff: fix CVE-2023-41175

From: Yogita Urade libtiff: potential integer overflow in raw2tiff.c References: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://security-tracker.debian.org/tracker/CVE-2023-41175 https://gitlab.com/libtiff/libtiff/-/issues/592 Signed-off-by: Yogita Urade Signed-off-by: Richard

[OE-core][mickledore 00/27] Patch review

Please review this set of changes for mickledore and have comments back by end of day Tuesday, October 17 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6043 The following changes since commit c451a9cb6adbc9480dacd81e935a0b9369f22e07:

[OE-core][mickledore 01/27] tiff: fix CVE-2023-40745

From: Yogita Urade libtiff: integer overflow in tiffcp.c References: https://security-tracker.debian.org/tracker/CVE-2023-40745 https://gitlab.com/libtiff/libtiff/-/issues/591 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 Signed-off-by: Yogita Urade Signed-off-by: Richard Purdie

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

Hello Jörg, On Thu, 12 Oct 2023 18:34:35 +0200 Jörg Sommer via lists.openembedded.org wrote: > If the ipv6 feature for the distribution is not set, the package should not > contain settings for ipv6. This makes rpcbind doesn't try to bind to a IPv6 > socket, and complain that this fails. > >

Re: [OE-core][PATCH] create-spdx: fix do_create_spdx cannot find any SPDX file for recipe

I can try to reproduce this issue again with just-oe-core and some bsp layer that have multiconfig machines. I have only see this when using meta-ti and after they switch to barematel [1]. This commit fixes the issue in my meta-lmp layer distro but this can also be fixed if we build the failing

Re: [OE-core] [PATCH 2/2] qemux86/qemuarm: Drop kernel version overrides

On 10/11/23 15:54, Bruce Ashfield wrote: On Wed, Oct 11, 2023 at 5:39 PM Richard Purdie wrote: On Tue, 2023-10-10 at 19:11 -0600, Alejandro Enedino Hernandez Samaniego wrote: > > > > > On 10/6/23 05:36, Richard Purdie wrote: > > > > > > Drop the

Re: [OE-core][PATCH] create-spdx: fix do_create_spdx cannot find any SPDX file for recipe

The dependency chain here is a little weird, because do_create_spdx() depends on do_collect_spdx_deps(), and the do_collect_spdx_deps has a deptask on do_create_sdpx to get the dependencies from upstream recipes (read the comment in there for why that is). We avoided recrdeptask because we

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

On Fri, Oct 13, 2023 at 2:55 AM Jörg Sommer via lists.openembedded.org wrote: > > On 12 October 2023 21:13, Dan McGregor wrote: > > On Thu, 12 Oct 2023 at 11:10, Jörg Sommer via lists.openembedded.org > > wrote: > > > > > > This is only a minor change, because oelint-adv had warned about the >

[OE-core][PATCH] create-spdx: fix do_create_spdx cannot find any SPDX file for recipe

Given that we need some SPDX files produced in other recipes by do_create_spdx task, we need to ensure that any of this other do_create_spdx build-time dependencies runs first to produce the artidacts we need in the do_create_spdx of the current recipe. Fix the following which especially

Re: [OE-core] Summary of the remaining 6.5 kernel serial issue (and 6.5 summary)

So, here is an update for those not following on IRC: [Re: [OE-core] Summary of the remaining 6.5 kernel serial issue (and 6.5 summary)] On 11/10/2023 (Wed 00:50) Paul Gortmaker wrote: [snip details of getting RP's chunk of AB python working as a 1% reproducer] > Next steps: > > Each run

Re: [OE-core] Summary of the remaining 6.5 kernel serial issue (and 6.5 summary)

On Wed, 2023-10-11 at 00:49 -0400, Paul Gortmaker via lists.openembedded.org wrote: > [Re: [OE-core] Summary of the remaining 6.5 kernel serial issue (and 6.5 > summary)] On 10/10/2023 (Tue 21:53) Richard Purdie via lists.openembedded.org > wrote: > > > On Tue, 2023-10-10 at 21:37 +0100,

[OE-core] [kirkstone][PATCH 3/7] python3-urllib3: upgrade 1.26.11 -> 1.26.12

From: wangmy Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit cb05578af3ace6e3983f93e16d9ad1ac2a65fbe2) Signed-off-by: Lee Chee Yang --- .../{python3-urllib3_1.26.11.bb => python3-urllib3_1.26.12.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

[OE-core] [kirkstone][PATCH 6/7] python3-urllib3: upgrade 1.26.14 -> 1.26.15

From: Wang Mingyu Changelog: == * Fix socket timeout value when "HTTPConnection" is reused ('#2645 '__) * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ('#2899

[OE-core] [kirkstone][PATCH 7/7] python3-urllib3: 1.26.15 -> 1.26.17

From: Lee Chee Yang 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (CVE-2023-43804) 1.26.16 (2023-05-23) Fixed thread-safety issue

[OE-core] [kirkstone][PATCH 1/7] python3-urllib3: upgrade 1.26.9 -> 1.26.10

From: wangmy Add dependence python3-logging. Changelog: = * Removed support for Python 3.5 * Fixed an issue where a "ProxyError" recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. Signed-off-by: Wang Mingyu

[OE-core] [kirkstone][PATCH 2/7] python3-urllib3: upgrade 1.26.10 -> 1.26.11

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit dbe07ff87e2cb1a8276e69a43c7cdbb9ae6e5493) Signed-off-by: Lee Chee Yang --- .../{python3-urllib3_1.26.10.bb => python3-urllib3_1.26.11.bb} | 2

[OE-core] [kirkstone][PATCH 5/7] python3-urllib3: upgrade 1.26.13 -> 1.26.14

From: Tim Orling https://github.com/urllib3/urllib3/blob/1.26.14/CHANGES.rst#12614-2023-01-11 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. (#2850) Removed deprecated getheaders() calls in contrib module. Signed-off-by: Tim Orling Signed-off-by:

[OE-core] [kirkstone][PATCH 4/7] python3-urllib3: upgrade 1.26.12 -> 1.26.13

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit b18552f69a2eb8900981a10ba386dc4f862b29c3) Signed-off-by: Lee Chee Yang --- .../{python3-urllib3_1.26.12.bb => python3-urllib3_1.26.13.bb} | 2

[OE-core] [mickledore][PATCH 1/2] python3-urllib3: 1.26.15 -> 1.26.17

From: Lee Chee Yang 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (CVE-2023-43804) 1.26.16 (2023-05-23) Fixed thread-safety issue

[OE-core] [mickledore][PATCH 2/2] cups: fix CVE-2023-4504

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2023-4504.patch | 42 +++ 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch diff

[OE-core] [PATCH] reproducible: Exclude rust for now again

Unfortunately there is still an issue with rustdoc not being reproducible so part of the problem has been fixed but not everything. Add the exclusion back until this has been addressed to avoid autobuilder failures and long diffoscope analysis time. Signed-off-by: Richard Purdie ---

[OE-core] [meta-oe][PATCH] base-files: profile: allow profile.d to set EDITOR

>From 0013c8a6482018d5476e4eb2f4d537c96551e0c6 Mon Sep 17 00:00:00 2001 From: Johannes Schneider Date: Fri, 13 Oct 2023 08:28:38 +0200 Subject: [PATCH v1] base-files: profile: allow profile.d to set EDITOR With a profile.d configuration in place that sets the EDITOR variable, the automatic

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

On 12 October 2023 21:13, Dan McGregor wrote: > On Thu, 12 Oct 2023 at 11:10, Jörg Sommer via lists.openembedded.org > wrote: > > > > This is only a minor change, because oelint-adv had warned about the space > > after " of PACKAGECONFIG. > > > > > > From:

[oe-core][kirkstone][PATCH 2/2] curl: fix CVE-2023-38546

From: Archana Polampalli A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. Signed-off-by: Archana Polampalli --- .../curl/curl/CVE-2023-38546.patch| 137

[oe-core][kirkstone][PATCH 1/2] curl: fix CVE-2023-38545

From: Archana Polampalli This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Signed-off-by: Archana Polampalli --- .../curl/curl/CVE-2023-38545.patch| 133 ++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 134

[OE-core] [PATCH] python3-ruamel-yaml: upgrade 0.17.32 -> 0.17.35

From: Wang Mingyu Changelog: == - support for loading dataclasses with 'InitVar' variables (some special coding was necessary to get the, unexecpected, default value in the corresponding instance attribute in [this question](https://stackoverflow.com/q/77228378/1307905)) -

[OE-core] [PATCH] python3-pycairo: upgrade 1.24.0 -> 1.25.0

From: Wang Mingyu Changelog: == Update to cairo 1.18.0 for the Windows wheel Provide a Windows arm64 wheel Signed-off-by: Wang Mingyu --- .../{python3-pycairo_1.24.0.bb => python3-pycairo_1.25.0.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename

[OE-core] [PATCH] python3-packaging: upgrade 23.1 -> 23.2

From: Wang Mingyu Changelog: == -Document calendar-based versioning scheme -Enforce that the entire marker string is parsed -Requirement parsing no longer automatically validates the URL -Canonicalize names for requirements comparison -Introduce metadata.Metadata -Introduce the validate

[OE-core] [PATCH] python3-markdown: upgrade 3.4.4 -> 3.5

From: Wang Mingyu Changelog: === Add permalink_leading configuration option to the toc extension (#1339) Add support for cPython version 3.12 (and PyPy 3.10) and drop support for Python version 3.7 (#1357). Refactor changelog to use the format defined at https://keepachangelog.com/.

[OE-core] [PATCH] python3-iso8601: upgrade 2.0.0 -> 2.1.0

From: Wang Mingyu Changelog: Fixed -- Use ruff for linting Fixed CHANGELOG version links Added -- Add readthedocs configuration Signed-off-by: Wang Mingyu --- .../{python3-iso8601_2.0.0.bb => python3-iso8601_2.1.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1

[OE-core] [PATCH] python3-hypothesis: upgrade 6.86.2 -> 6.87.4

From: Wang Mingyu Changelog: -When randoms() was called with use_true_randoms=False, calling sample on it with an empty sequence and 0 elements would result in an error, when it should have returned an empty sequence to agree with the normal behaviour of random.Random. This fixes

[OE-core] [PATCH] python3-cffi: upgrade 1.15.1 -> 1.16.0

From: Wang Mingyu Changelog: === -Add support for Python 3.12. -Drop support for end-of-life Python versions (2.7, 3.6, 3.7). -Add support for PEP517 builds; setuptools is now a required build dependency. -Declare python_requires metadata for Python 3.8+. This allows unsupported Pythons

[OE-core] [PATCH] python3-beartype: upgrade 0.15.0 -> 0.16.2

From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../{python3-beartype_0.15.0.bb => python3-beartype_0.16.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-beartype_0.15.0.bb => python3-beartype_0.16.2.bb} (75%) diff --git

Re: [OE-core] why does rust recipe file define "rust_do_install()"?

On Fri, Oct 13, 2023 at 9:21 AM Robert P. J. Day wrote: > > > i'm perusing the rust_1.70.0.bb recipe file, and i'm puzzled by the > fact that it defines its own do_install() to simply call > rust_do_install(), which then implements variations of that function: > >

[OE-core] [PATCH] python3-babel: upgrade 2.12.1 -> 2.13.0

From: Wang Mingyu Changelog: === Features Add flag to ignore POT-Creation-Date for updates Support 't' specifier in keywords Add f-string parsing for Python 3.12 (PEP 701) Fixes --- Various typing-related fixes babel.messages.catalog: deduplicate _to_fuzzy_match_key logic

[OE-core] [PATCH] openssh: upgrade 9.4p1 -> 9.5p1

From: Wang Mingyu Changelog: === Potentially incompatible changes * ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys are very convenient due to their small size. Ed25519 keys are specified in RFC 8709 and OpenSSH has supported

[OE-core] [PATCH] python3-git: upgrade 3.1.36 -> 3.1.37

From: Wang Mingyu License-Update: remove excess whitespace Changelog: == -Improve Python version and OS compatibility, fixing deprecations -Better document env_case test/fixture and cwd -Remove spurious executable permissions -Fix up checks in Makefile and make them portable -Fix URLs

[OE-core] [PATCH] libva: upgrade 2.19.0 -> 2.20.0

From: Wang Mingyu Changelog: * va: drop no longer applicable vaGetDriverNames check * va: remove unreachable "DRIVER BUG" * x11/dri2: limit the array handling to avoid out of range access * va/backend: document the vaGetDriver* APIs * va/backend: annotate vafool as deprecated *

[OE-core] [PATCH] ltp: upgrade 20230516 -> 20230929

From: Wang Mingyu Changelog: -New tests -Increased coverage -ebizzy benchmark counter increment races and overflows were fixed -A few more testcases were converted to guarded buffers that is data passed by pointer to kernel are immediatelly following a PROT_NONE page and followed

[OE-core] [PATCH] lighttpd: upgrade 1.4.71 -> 1.4.72

From: Wang Mingyu Changelog: === * [core] save config read from stdin across restart * [core] warn if daemonize w/o absolute config path * [mod_dirlisting] send Link w/ external css or js * [mod_dirlisting] fix missing header/readme (fixes #3211) * [core] ignore coverity

[OE-core] [PATCH] libubootenv: upgrade 0.3.4 -> 0.3.5

From: Wang Mingyu Changelog: == Fix slowness on SPI flash Fixes validating Env flags Feature: get U-Boot namespace from DT Feature: specify UBI volumes from MTD path Signed-off-by: Wang Mingyu --- .../u-boot/{libubootenv_0.3.4.bb => libubootenv_0.3.5.bb} | 2 +- 1 file changed,

[OE-core] [PATCH] libsdl2: upgrade 2.28.3 -> 2.28.4

From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../libsdl2/{libsdl2_2.28.3.bb => libsdl2_2.28.4.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/libsdl2/{libsdl2_2.28.3.bb => libsdl2_2.28.4.bb} (97%) diff --git

[OE-core] [PATCH] libcomps: upgrade 0.1.19 -> 0.1.20

From: Wang Mingyu 0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch removed since it's included in 0.1.20 Signed-off-by: Wang Mingyu --- ...hash_t-instead-of-long-in-PyCOMPS_ha.patch | 66 --- ...{libcomps_0.1.19.bb => libcomps_0.1.20.bb} | 3 +- 2 files

[OE-core] [PATCH] kmod: upgrade 30 -> 31

From: Wang Mingyu Changelog: === - Improvements - Allow passing a path to modprobe so the module is loaded from anywhere from the filesystem, but still handling the module dependencies recorded in the indexes. - Use in-kernel decompression if available. - Make modprobe

[OE-core] [PATCH] hwlatdetect: upgrade 2.5 -> 2.6

From: Wang Mingyu Signed-off-by: Wang Mingyu --- meta/recipes-rt/rt-tests/rt-tests.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-rt/rt-tests/rt-tests.inc b/meta/recipes-rt/rt-tests/rt-tests.inc index 527e14ad54..70315c4694 100644 ---

[OE-core] [PATCH] ell: upgrade 0.58 -> 0.59

From: Wang Mingyu Changelog: Fix issue with symbol visibility. Signed-off-by: Wang Mingyu --- meta/recipes-core/ell/{ell_0.58.bb => ell_0.59.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/ell/{ell_0.58.bb => ell_0.59.bb} (89%) diff --git

[OE-core] [PATCH] dhcpcd: upgrade 10.0.2 -> 10.0.3

From: Wang Mingyu 0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch removed since it's included in 10.0.3 Changelog: === Do not crash on dhcpcd test run Add automated CI builds for Ubuntu, OpenBSD, FreeBSD and NetBSD dhcpcd: Fix off-by-one overflow when read() writes full BUFSIZ

[OE-core] [PATCH] createrepo-c: upgrade 1.0.0 -> 1.0.1

From: Wang Mingyu 0001-Move-cr_compress_groupfile-outside-WITH_LIBMODULEMD.patch removed since it's included in 1.0.1. Signed-off-by: Wang Mingyu --- ...s_groupfile-outside-WITH_LIBMODULEMD.patch | 46 --- ...erepo-c_1.0.0.bb => createrepo-c_1.0.1.bb} | 3 +- 2 files changed,

[OE-core] [PATCH] btrfs-tools: upgrade 6.5.1 -> 6.5.2

From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../btrfs-tools/{btrfs-tools_6.5.1.bb => btrfs-tools_6.5.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/btrfs-tools/{btrfs-tools_6.5.1.bb => btrfs-tools_6.5.2.bb} (98%) diff --git

[OE-core] [PATCH] bluez5: upgrade 5.69 -> 5.70

From: Wang Mingyu Signed-off-by: Wang Mingyu --- .../bluez5/{bluez5_5.69.bb => bluez5_5.70.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bluez5/{bluez5_5.69.bb => bluez5_5.70.bb} (94%) diff --git

[OE-core] why does rust recipe file define "rust_do_install()"?

i'm perusing the rust_1.70.0.bb recipe file, and i'm puzzled by the fact that it defines its own do_install() to simply call rust_do_install(), which then implements variations of that function: https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/rust/rust_1.70.0.bb#n244

[OE-core] [PATCH] python3-urllib3: 2.0.5 -> 2.0.6

From: Lee Chee Yang changelog Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (CVE-2023-43804) https://github.com/urllib3/urllib3/blob/main/CHANGES.rst