Re: [OE-Core][PATCH v5 1/5] bitbake.conf: add acl and xattr distro native features support

2023-07-16 Thread Piotr Łobacz 
Ok, this is odd. Can you tell me how can I reproduce this, step by step on my 
local machine? Because I have to admit that it is not happening for me…

BR
Piotr

Wysyłane z aplikacji Outlook dla systemu iOS

Od: Alexandre Belloni 
Wysłane: Sunday, July 16, 2023 11:38:57 PM
Do: Piotr Łobacz 
DW: Alex Stewart ; 
openembedded-core@lists.openembedded.org 

Temat: Re: ODP: [OE-Core][PATCH v5 1/5] bitbake.conf: add acl and xattr distro 
native features support

Hello,

On 14/07/2023 10:14:50+, Piotr Łobacz wrote:
> OK so, does any one have any thoughts regarding this patchset?

This still fails on the autobuilder, most of the builds failed:

https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F37%2Fbuilds%2F7477%2Fsteps%2F11%2Flogs%2Fstdio=05%7C01%7Cp.lobacz%40welotec.com%7C10c1276b3fd543cc67b708db8645103e%7C25111a7f1d5a4c51a4ca7f8e44011b39%7C0%7C0%7C638251403412289373%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=zXRK85lPPyJLxmXEhO%2BgnfIiGFrOgxG5caBoqkHILO8%3D=0

ERROR: nativesdk-xcb-proto-1.15.2-r0 do_package_write_ipk: Fatal errors 
occurred in subprocesses:
Command 
'PATH="/home/pokybuild/yocto-worker/genericx86-64/build/scripts/nativesdk-intercept:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/python3-native:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/chrpath-native:/home/pokybuild/yocto-worker/genericx86-64/build/scripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/i686-pokysdk-linux:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot/usr/local/oe-sdk-hardcoded-buildpath/sysroots/i686-pokysdk-linux/usr/bin/crossscripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/bin:/home/pokybuild/yocto-worker/genericx86-64/build/bitbake/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/hosttools"
 opkg-build -Z xz -a "--memlimit=5% --threads=8" "" "" nativesdk-python-xcbgen 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/deploy-ipks/i686-nativesdk'
 returned non-zero exit status 1.
Subprocess output:Usage: 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/opkg-build
 [-A] [-X] [-c] [-C] [-Z compressor] [-a compressor_args] [-O] [-o owner] [-g 
group]  []
Command

[OE-core] [PATCH] wic: Add dependencies for erofs-utils

2023-07-16 Thread Heiko 
In order to build erofs filesystems, wic must have the erofs-utils package 
installed into its sysroot.

Signed-off-by: Heiko Thole 
---
 meta/classes/image_types_wic.bbclass | 2 +-
 meta/recipes-core/meta/wic-tools.bb  | 2 +-
 scripts/lib/wic/misc.py  | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/image_types_wic.bbclass 
b/meta/classes/image_types_wic.bbclass
index 6453dd1b74..8497916d48 100644
--- a/meta/classes/image_types_wic.bbclass
+++ b/meta/classes/image_types_wic.bbclass
@@ -83,7 +83,7 @@ do_image_wic[recrdeptask] += "do_deploy"
 do_image_wic[deptask] += "do_image_complete"

 WKS_FILE_DEPENDS_DEFAULT = '${@bb.utils.contains_any("BUILD_ARCH", [ 'x86_64', 
'i686' ], "syslinux-native", "",d)}'
-WKS_FILE_DEPENDS_DEFAULT += "bmap-tools-native cdrtools-native 
btrfs-tools-native squashfs-tools-native e2fsprogs-native"
+WKS_FILE_DEPENDS_DEFAULT += "bmap-tools-native cdrtools-native 
btrfs-tools-native squashfs-tools-native e2fsprogs-native erofs-utils-native"
 # Unified kernel images need objcopy
 WKS_FILE_DEPENDS_DEFAULT += "virtual/${MLPREFIX}${TARGET_PREFIX}binutils"
 WKS_FILE_DEPENDS_BOOTLOADERS = ""
diff --git a/meta/recipes-core/meta/wic-tools.bb 
b/meta/recipes-core/meta/wic-tools.bb
index daaf3ea576..9282d36a4d 100644
--- a/meta/recipes-core/meta/wic-tools.bb
+++ b/meta/recipes-core/meta/wic-tools.bb
@@ -6,7 +6,7 @@ DEPENDS = "\
parted-native gptfdisk-native dosfstools-native \
mtools-native bmap-tools-native grub-native cdrtools-native \
btrfs-tools-native squashfs-tools-native pseudo-native \
-   e2fsprogs-native util-linux-native tar-native \
+   e2fsprogs-native util-linux-native tar-native erofs-utils-native \
virtual/${TARGET_PREFIX}binutils \
"
 DEPENDS:append:x86 = " syslinux-native syslinux grub-efi systemd-boot"
diff --git a/scripts/lib/wic/misc.py b/scripts/lib/wic/misc.py
index a8aab6c524..2b90821b30 100644
--- a/scripts/lib/wic/misc.py
+++ b/scripts/lib/wic/misc.py
@@ -36,6 +36,7 @@ NATIVE_RECIPES = {"bmaptool": "bmap-tools",
   "mkdosfs": "dosfstools",
   "mkisofs": "cdrtools",
   "mkfs.btrfs": "btrfs-tools",
+  "mkfs.erofs": "erofs-utils",
   "mkfs.ext2": "e2fsprogs",
   "mkfs.ext3": "e2fsprogs",
   "mkfs.ext4": "e2fsprogs",
--
2.41.0

eQ-3 Entwicklung GmbH, Maiburger Str. 36, 26789 Leer
Geschäftsführer: Prof. Heinz-G. Redeker
Registergericht: Amtsgericht Aurich, HRB 110388
eQ-3 AG, Maiburger Str. 29, 26789 Leer
Vorstand: Prof. Heinz-G. Redeker (Vorsitzender), Helga Redeker
Vorsitzende des Aufsichtsrats: Irmgard Keplin
Registergericht: Amtsgericht Aurich, HRB 200335

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184427): 
https://lists.openembedded.org/g/openembedded-core/message/184427
Mute This Topic: https://lists.openembedded.org/mt/100189195/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/1] libwebp: Fix CVE-2023-1999

2023-07-16 Thread Soumya via lists.openembedded.org 
There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999

Upstream patch:
https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129

Signed-off-by: Soumya 
---
 .../webp/files/CVE-2023-1999.patch| 60 +++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |  4 +-
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-1999.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
new file mode 100644
index 00..895d01ea7d
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch
@@ -0,0 +1,60 @@
+From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001
+From: James Zern 
+Date: Wed, 22 Feb 2023 22:15:47 -0800
+Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error
+
+This avoids a double free should the function fail prior to
+VP8BitWriterInit() and a previous trial result's buffer carried over.
+Previously in ApplyFiltersAndEncode() trial.bw (with a previous
+iteration's buffer) would be freed, followed by best.bw pointing to the
+same buffer.
+
+Since:
+187d379d add a fallback to ALPHA_NO_COMPRESSION
+
+In addition, check the return value of VP8BitWriterInit() in this
+function.
+
+Bug: webp:603
+Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
+
+CVE: CVE-2023-1999
+
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129]
+
+Signed-off-by: Soumya 
+---
+ src/enc/alpha_enc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
+index f7c0269..7d20558 100644
+--- a/src/enc/alpha_enc.c
 b/src/enc/alpha_enc.c
+@@ -13,6 +13,7 @@
+
+ #include 
+ #include 
++#include 
+
+ #include "src/enc/vp8i_enc.h"
+ #include "src/dsp/dsp.h"
+@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, 
int width, int height,
+   }
+ } else {
+   VP8LBitWriterWipeOut(_bw);
++  memset(>bw, 0, sizeof(result->bw));
+   return 0;
+ }
+   }
+@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, 
int width, int height,
+   header = method | (filter << 2);
+   if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
+
+-  VP8BitWriterInit(>bw, ALPHA_HEADER_LEN + output_size);
++  if (!VP8BitWriterInit(>bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
+   ok = ok && VP8BitWriterAppend(>bw, , ALPHA_HEADER_LEN);
+   ok = ok && VP8BitWriterAppend(>bw, output, output_size);
+
+--
+2.40.0
diff --git a/meta/recipes-multimedia/webp/libwebp_1.2.4.bb 
b/meta/recipes-multimedia/webp/libwebp_1.2.4.bb
index 263589846a..5d868b3b96 100644
--- a/meta/recipes-multimedia/webp/libwebp_1.2.4.bb
+++ b/meta/recipes-multimedia/webp/libwebp_1.2.4.bb
@@ -13,7 +13,9 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \
 file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7"
 
-SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz;
+SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz \
+   file://CVE-2023-1999.patch \
+   "
 SRC_URI[sha256sum] = 
"7bf5a8a28cc69bcfa8cb214f2c3095703c6b73ac5fba4d5480c205331d9494df"
 
 UPSTREAM_CHECK_URI = 
"http://downloads.webmproject.org/releases/webp/index.html;
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184426): 
https://lists.openembedded.org/g/openembedded-core/message/184426
Mute This Topic: https://lists.openembedded.org/mt/100188605/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [mickledore][PATCH 0/1] Cherry pick commit from master to update webkitgtk to 2.40.2

2023-07-16 Thread Kai Kang 

On 7/14/23 15:15, Kai Kang wrote:

From: Kai Kang 

Hi,

I've discussed with webkitgtk maintainers about api compatable issues on

https://lists.webkit.org/pipermail/webkit-gtk/2023-March/003887.html


WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely update

without needing to change applications. In general, we always keep the API and
ABI backwards compatible.

Note that the current stable releases (2.40.x) introduce a new API level
when using GTK4, but I suppose this is not a problem because most likely you
are still using GTK3


I suggest we apply the update in mickledore too which solves lots of
CVEs.


Hi Steve,

I have no idea why the cover-letter is not in the same thread with the 
patch.


So according to the reply from webkitgtk maintainer, would you like to 
re-consider

to cherry-pick the commit to mickledore, please?

Regards,
Kai




Regards,
Kai

Alexander Kanavin (1):
   webkitgtk: update 2.38.5 -> 2.40.2

  meta/recipes-gnome/epiphany/epiphany_43.1.bb  |  3 ++
  ...tCore-CMakeLists.txt-ensure-reproduc.patch | 28 +
  ...44e17d258106617b0e6d783d073b188a2548.patch | 42 ---
  ...290ab4ab35258a6da9b13795c9b0f7894bf4.patch | 41 ++
  ...bb461f040b90453bc4e100dcf967243ecd98.patch | 30 -
  ...ebkitgtk_2.38.5.bb => webkitgtk_2.40.2.bb} | 15 +--
  6 files changed, 111 insertions(+), 48 deletions(-)
  create mode 100644 
meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
  create mode 100644 
meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
  delete mode 100644 
meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
  rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb => webkitgtk_2.40.2.bb} 
(90%)






--
Kai Kang
Wind River Linux


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184425): 
https://lists.openembedded.org/g/openembedded-core/message/184425
Mute This Topic: https://lists.openembedded.org/mt/100136728/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [mickledore][PATCH] libx11: fix CVE-2023-3138

2023-07-16 Thread Kai Kang 

On 7/15/23 00:13, Steve Sakoman wrote:

This is being handled with a stable branch version bump which is in
the current test queue: "libx11: upgrade 1.8.5 -> 1.8.6"


OK. Thanks.

Kai



Steve

On Fri, Jul 14, 2023 at 5:05 AM Kai Kang  wrote:

From: Kai Kang 

CVE: CVE-2023-3138

Backport patch to fix CVE-2023-3138 for libx11.

Signed-off-by: Kai Kang 
---
  .../xorg-lib/libx11/CVE-2023-3138.patch   | 113 ++
  .../recipes-graphics/xorg-lib/libx11_1.8.5.bb |   4 +-
  2 files changed, 116 insertions(+), 1 deletion(-)
  create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-3138.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-3138.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-3138.patch
new file mode 100644
index 00..0d9397dd95
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-3138.patch
@@ -0,0 +1,113 @@
+From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith 
+Date: Sat, 10 Jun 2023 16:30:07 -0700
+Subject: [PATCH] InitExt.c: Add bounds checks for extension request, event, &
+ error codes
+
+Fixes CVE-2023-3138: X servers could return values from XQueryExtension
+that would cause Xlib to write entries out-of-bounds of the arrays to
+store them, though this would only overwrite other parts of the Display
+struct, not outside the bounds allocated for that structure.
+
+Reported-by: Gregory James DUCK 
+Signed-off-by: Alan Coopersmith 
+
+CVE: CVE-2023-3138
+Upstream-Status: Backport 
[https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654]
+
+Signed-off-by: Kai Kang 
+---
+ src/InitExt.c | 42 ++
+ 1 file changed, 42 insertions(+)
+
+diff --git a/src/InitExt.c b/src/InitExt.c
+index 4de46f15..afc00a6b 100644
+--- a/src/InitExt.c
 b/src/InitExt.c
+@@ -33,6 +33,18 @@ from The Open Group.
+ #include 
+ #include 
+
++/* The X11 protocol spec reserves events 64 through 127 for extensions */
++#ifndef LastExtensionEvent
++#define LastExtensionEvent 127
++#endif
++
++/* The X11 protocol spec reserves requests 128 through 255 for extensions */
++#ifndef LastExtensionRequest
++#define FirstExtensionRequest 128
++#define LastExtensionRequest 255
++#endif
++
++
+ /*
+  * This routine is used to link a extension in so it will be called
+  * at appropriate times.
+@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
+   WireToEventType proc)   /* routine to call when converting event */
+ {
+   register WireToEventType oldproc;
++  if (event_number < 0 ||
++  event_number > LastExtensionEvent) {
++  fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
++  event_number);
++  return (WireToEventType)_XUnknownWireEvent;
++  }
+   if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
+   LockDisplay (dpy);
+   oldproc = dpy->event_vec[event_number];
+@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie(
+ )
+ {
+   WireToEventCookieType oldproc;
++  if (extension < FirstExtensionRequest ||
++  extension > LastExtensionRequest) {
++  fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
++  extension);
++  return (WireToEventCookieType)_XUnknownWireEventCookie;
++  }
+   if (proc == NULL) proc = 
(WireToEventCookieType)_XUnknownWireEventCookie;
+   LockDisplay (dpy);
+   oldproc = dpy->generic_event_vec[extension & 0x7F];
+@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie(
+ )
+ {
+   CopyEventCookieType oldproc;
++  if (extension < FirstExtensionRequest ||
++  extension > LastExtensionRequest) {
++  fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
++  extension);
++  return (CopyEventCookieType)_XUnknownCopyEventCookie;
++  }
+   if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
+   LockDisplay (dpy);
+   oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
+@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
+   EventToWireType proc)   /* routine to call when converting event */
+ {
+   register EventToWireType oldproc;
++  if (event_number < 0 ||
++  event_number > LastExtensionEvent) {
++  fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
++  event_number);
++  return (EventToWireType)_XUnknownNativeEvent;
++  }
+   if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
+   LockDisplay (dpy);
+   oldproc = dpy->wire_vec[event_number];
+@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
+   WireToErrorType proc)   /* routine to call when converting error */
+ {
+   register WireToErrorType oldproc = NULL;
++  if (error_number < 0 ||
++  error_number > LastExtensionError) {
++ fprintf(stderr, "Xlib: ignoring invalid extension error

Re: [OE-core] [PATCH] linux-yocto/6.1: fix intermittent x86 boot hangs

2023-07-16 Thread Bruce Ashfield 
On Sun, Jul 16, 2023 at 3:35 PM Steve Sakoman  wrote:
>
> On Wed, Jun 14, 2023 at 5:16 PM Bruce Ashfield  
> wrote:
> >
> > From: Bruce Ashfield 
> >
> > The commit in question appeared as -stable backport in 6.1.28, which is
> > where we started to see intermittent boot hangs on x86.
> >
> > Richard noted that others are seeing this is well, as can be seen in
> > this thread:
> >
> > https://lkml.org/lkml/2023/6/13/1460
> >
> > We bump our SRCREVs to pick up the revert:
> >
> > 947f660bde07 Revert "tick/common: Align tick period with the HZ tick."
> >
>
> Unfortunately I am seeing something quite similar on Kirkstone with 5.15.118:
>
> [0.222916] Freeing SMP alternatives memory: 48K
> [274824.332965] smpboot: CPU0: Intel Xeon E3-12xx v2 (Ivy Bridge)
> (family: 0x6, model: 0x3a, stepping: 0x9)
>
> Full log:
>
> https://errors.yoctoproject.org/Errors/Details/716736/
>
> So I suspect we will need the same fix there too :-(

That fix is obselete.

There's a proper upstream fix for it and going through the -stable trees now.

5.15.119+ has the fix, and I'll get to those updates shortly.

Bruce

>
> Steve
>
> >
> > As requested here is the revert of the x86 clock fix that is suspect.
> >
> > You'll need to restore the other dropped linux-yocto version bumps
> > to apply this patch.
> >
> > Bruce
> >
> >  .../linux/linux-yocto-rt_6.1.bb   |  4 ++--
> >  .../linux/linux-yocto-tiny_6.1.bb |  4 ++--
> >  meta/recipes-kernel/linux/linux-yocto_6.1.bb  | 24 +--
> >  3 files changed, 16 insertions(+), 16 deletions(-)
> >
> > diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb 
> > b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> > index 4a2a3ca4ab..1033d307f4 100644
> > --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> > +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> > @@ -14,8 +14,8 @@ python () {
> >  raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel 
> > to linux-yocto-rt to enable it")
> >  }
> >
> > -SRCREV_machine ?= "6871194107bd40397162bfca0a9ef06661057c50"
> > -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> > +SRCREV_machine ?= "2993cbe41f0f859331c81d6ec8001b094f53cb9e"
> > +SRCREV_meta ?= "db25e51e2006721528f5e7bcd8f4501592bd74fe"
> >
> >  SRC_URI = 
> > "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https
> >  \
> > 
> > git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
> > diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb 
> > b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> > index bfc1c7652c..2be9eb9c36 100644
> > --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> > +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> > @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
> >  KMETA = "kernel-meta"
> >  KCONF_BSP_AUDIT_LEVEL = "2"
> >
> > -SRCREV_machine ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> > +SRCREV_machine ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> > +SRCREV_meta ?= "db25e51e2006721528f5e7bcd8f4501592bd74fe"
> >
> >  PV = "${LINUX_VERSION}+git${SRCPV}"
> >
> > diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb 
> > b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> > index 53a583e0a3..f5554e26db 100644
> > --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> > +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> > @@ -20,18 +20,18 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
> >  KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
> >  KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
> >
> > -SRCREV_machine:qemuarm ?= "cff918ff5ee0001dec6493620535d8804f02cd8b"
> > -SRCREV_machine:qemuarm64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemuloongarch64 ?= 
> > "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemumips ?= "7a59adc4cd39bea852101be2873855cfc835ef45"
> > -SRCREV_machine:qemuppc ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemuriscv64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemuriscv32 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemux86 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemux86-64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_machine:qemumips64 ?= "273e099163a72247262a495cb73889d2e0ed6d2c"
> > -SRCREV_machine ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> > -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> > +SRCREV_machine:qemuarm ?= "93797f49c15b6ce9656a607626437e76a3b6c6da"
> > +SRCREV_machine:qemuarm64 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> > +SRCREV_machine:qemuloongarch64 ?= 
> > "947f660bde07ee4111bc96d08b142a6ce3753d38"
> > +SRCREV_machine:qemumips ?= "1279631d08d52a5b20044404da4b01205ba4b725"
> > +SRCREV_machine:qemuppc ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> >

Re: ODP: [OE-Core][PATCH v5 1/5] bitbake.conf: add acl and xattr distro native features support

2023-07-16 Thread Alexandre Belloni via lists.openembedded.org 
Hello,

On 14/07/2023 10:14:50+, Piotr Łobacz wrote:
> OK so, does any one have any thoughts regarding this patchset?

This still fails on the autobuilder, most of the builds failed:

https://autobuilder.yoctoproject.org/typhoon/#/builders/37/builds/7477/steps/11/logs/stdio

ERROR: nativesdk-xcb-proto-1.15.2-r0 do_package_write_ipk: Fatal errors 
occurred in subprocesses:
Command 
'PATH="/home/pokybuild/yocto-worker/genericx86-64/build/scripts/nativesdk-intercept:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/python3-native:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/chrpath-native:/home/pokybuild/yocto-worker/genericx86-64/build/scripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/i686-pokysdk-linux:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot/usr/local/oe-sdk-hardcoded-buildpath/sysroots/i686-pokysdk-linux/usr/bin/crossscripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/bin:/home/pokybuild/yocto-worker/genericx86-64/build/bitbake/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/hosttools"
 opkg-build -Z xz -a "--memlimit=5% --threads=8" "" "" nativesdk-python-xcbgen 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/deploy-ipks/i686-nativesdk'
 returned non-zero exit status 1.
Subprocess output:Usage: 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/opkg-build
 [-A] [-X] [-c] [-C] [-Z compressor] [-a compressor_args] [-O] [-o owner] [-g 
group]  []
Command 
'PATH="/home/pokybuild/yocto-worker/genericx86-64/build/scripts/nativesdk-intercept:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/python3-native:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/chrpath-native:/home/pokybuild/yocto-worker/genericx86-64/build/scripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/i686-pokysdk-linux:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot/usr/local/oe-sdk-hardcoded-buildpath/sysroots/i686-pokysdk-linux/usr/bin/crossscripts:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/sbin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/bin:/home/pokybuild/yocto-worker/genericx86-64/build/bitbake/bin:/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/hosttools"
 opkg-build -Z xz -a "--memlimit=5% --threads=8" "" "" nativesdk-xcb-proto-dev 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/deploy-ipks/i686-nativesdk'
 returned non-zero exit status 1.
Subprocess output:Usage: 
/home/pokybuild/yocto-worker/genericx86-64/build/build/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-xcb-proto/1.15.2-r0/recipe-sysroot-native/usr/bin/opkg-build
 [-A] [-X] [-c] [-C] [-Z compressor] [-a compressor_args] [-O] [-o owner] [-g 
group]  []
Command

[OE-core] [PATCH] python3-lxml: upgrade 4.9.2 -> 4.9.3

2023-07-16 Thread Khem Raj 
Signed-off-by: Khem Raj 
---
 .../python/{python3-lxml_4.9.2.bb => python3-lxml_4.9.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-lxml_4.9.2.bb => 
python3-lxml_4.9.3.bb} (95%)

diff --git a/meta/recipes-devtools/python/python3-lxml_4.9.2.bb 
b/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
similarity index 95%
rename from meta/recipes-devtools/python/python3-lxml_4.9.2.bb
rename to meta/recipes-devtools/python/python3-lxml_4.9.3.bb
index c7f1e1fc3cb..b911f7b2ad1 100644
--- a/meta/recipes-devtools/python/python3-lxml_4.9.2.bb
+++ b/meta/recipes-devtools/python/python3-lxml_4.9.3.bb
@@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \
 
 DEPENDS += "libxml2 libxslt"
 
-SRC_URI[sha256sum] = 
"2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67"
+SRC_URI[sha256sum] = 
"48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c"
 
 SRC_URI += "${PYPI_SRC_URI}"
 inherit pkgconfig pypi setuptools3
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184421): 
https://lists.openembedded.org/g/openembedded-core/message/184421
Mute This Topic: https://lists.openembedded.org/mt/100182135/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] linux-yocto/6.1: fix intermittent x86 boot hangs

2023-07-16 Thread Steve Sakoman 
On Wed, Jun 14, 2023 at 5:16 PM Bruce Ashfield  wrote:
>
> From: Bruce Ashfield 
>
> The commit in question appeared as -stable backport in 6.1.28, which is
> where we started to see intermittent boot hangs on x86.
>
> Richard noted that others are seeing this is well, as can be seen in
> this thread:
>
> https://lkml.org/lkml/2023/6/13/1460
>
> We bump our SRCREVs to pick up the revert:
>
> 947f660bde07 Revert "tick/common: Align tick period with the HZ tick."
>

Unfortunately I am seeing something quite similar on Kirkstone with 5.15.118:

[0.222916] Freeing SMP alternatives memory: 48K
[274824.332965] smpboot: CPU0: Intel Xeon E3-12xx v2 (Ivy Bridge)
(family: 0x6, model: 0x3a, stepping: 0x9)

Full log:

https://errors.yoctoproject.org/Errors/Details/716736/

So I suspect we will need the same fix there too :-(

Steve

>
> As requested here is the revert of the x86 clock fix that is suspect.
>
> You'll need to restore the other dropped linux-yocto version bumps
> to apply this patch.
>
> Bruce
>
>  .../linux/linux-yocto-rt_6.1.bb   |  4 ++--
>  .../linux/linux-yocto-tiny_6.1.bb |  4 ++--
>  meta/recipes-kernel/linux/linux-yocto_6.1.bb  | 24 +--
>  3 files changed, 16 insertions(+), 16 deletions(-)
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb 
> b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> index 4a2a3ca4ab..1033d307f4 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
> @@ -14,8 +14,8 @@ python () {
>  raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
> linux-yocto-rt to enable it")
>  }
>
> -SRCREV_machine ?= "6871194107bd40397162bfca0a9ef06661057c50"
> -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> +SRCREV_machine ?= "2993cbe41f0f859331c81d6ec8001b094f53cb9e"
> +SRCREV_meta ?= "db25e51e2006721528f5e7bcd8f4501592bd74fe"
>
>  SRC_URI = 
> "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https
>  \
> 
> git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
> diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb 
> b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> index bfc1c7652c..2be9eb9c36 100644
> --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
> @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
>  KMETA = "kernel-meta"
>  KCONF_BSP_AUDIT_LEVEL = "2"
>
> -SRCREV_machine ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> +SRCREV_machine ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_meta ?= "db25e51e2006721528f5e7bcd8f4501592bd74fe"
>
>  PV = "${LINUX_VERSION}+git${SRCPV}"
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb 
> b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> index 53a583e0a3..f5554e26db 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
> @@ -20,18 +20,18 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
>  KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
>  KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
>
> -SRCREV_machine:qemuarm ?= "cff918ff5ee0001dec6493620535d8804f02cd8b"
> -SRCREV_machine:qemuarm64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemuloongarch64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemumips ?= "7a59adc4cd39bea852101be2873855cfc835ef45"
> -SRCREV_machine:qemuppc ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemuriscv64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemuriscv32 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemux86 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemux86-64 ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_machine:qemumips64 ?= "273e099163a72247262a495cb73889d2e0ed6d2c"
> -SRCREV_machine ?= "6034b10d39687bbd6769e4adb2a792524e6b4f16"
> -SRCREV_meta ?= "1dd270d3231f82d94d2123b95e4eb576019440a3"
> +SRCREV_machine:qemuarm ?= "93797f49c15b6ce9656a607626437e76a3b6c6da"
> +SRCREV_machine:qemuarm64 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemuloongarch64 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemumips ?= "1279631d08d52a5b20044404da4b01205ba4b725"
> +SRCREV_machine:qemuppc ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemuriscv64 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemuriscv32 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemux86 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemux86-64 ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
> +SRCREV_machine:qemumips64 ?= "3b25f845f704021fbe223ef48ab22ff5fa3886b9"
> +SRCREV_machine ?= "947f660bde07ee4111bc96d08b142a6ce3753d38"
>

Re: [OE-core] [PATCH 1/2] u-boot: Switch to nobranch=1

2023-07-16 Thread Tom Rini 
On Sun, Jul 16, 2023 at 07:19:56PM +0200, Alexander Kanavin wrote:
> On Sun, 16 Jul 2023 at 17:03, Tom Rini  wrote:
> > Does bitbake have any infrastructure atm for dealing with signed tags?
> > I'm fine with (for now, as LTS is a hope not a feature) keeping the
> > branch portion.  But if it was possible to say it must be a tag signed
> > by X key, that would help a little with the concern about moving to some
> > more arbitrary commit.
> 
> As far as I know, git fetcher doesn't verify tags. They don't even
> have to be signed, checking that a tag specified in a recipe matches a
> commit id specified in a recipe would also guard against unwanted
> commits, but the fetcher doesn't do that check either.

That's what I figured, thanks.

-- 
Tom


signature.asc
Description: PGP signature

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184419): 
https://lists.openembedded.org/g/openembedded-core/message/184419
Mute This Topic: https://lists.openembedded.org/mt/100144566/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] u-boot: Switch to nobranch=1

2023-07-16 Thread Alexander Kanavin 
On Sun, 16 Jul 2023 at 17:03, Tom Rini  wrote:
> Does bitbake have any infrastructure atm for dealing with signed tags?
> I'm fine with (for now, as LTS is a hope not a feature) keeping the
> branch portion.  But if it was possible to say it must be a tag signed
> by X key, that would help a little with the concern about moving to some
> more arbitrary commit.

As far as I know, git fetcher doesn't verify tags. They don't even
have to be signed, checking that a tag specified in a recipe matches a
commit id specified in a recipe would also guard against unwanted
commits, but the fetcher doesn't do that check either.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184418): 
https://lists.openembedded.org/g/openembedded-core/message/184418
Mute This Topic: https://lists.openembedded.org/mt/100144566/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] u-boot: Switch to nobranch=1

2023-07-16 Thread Tom Rini 
On Sun, Jul 16, 2023 at 08:12:42AM +0300, Alexander Kanavin wrote:
> On Sun 16. Jul 2023 at 4.01, Marek Vasut  wrote:
> 
> > This protection is really weak, this check fails on every single
> > possibly bogus commit which is already on any random branch, so what is
> > the gain here really ?
> 
> The gain is that the branch name is seen in the recipe and we can make the
> judgement about it. You wouldn’t be able to switch from main to
> my-ugly-hacks or dangling commit without having to explain that. With
> nobranch the branch name disappears and this opens the door for bogus
> commits. You may reassure us that right now the commit is not bogus, this
> may not hold in future revision updates or if the branch is force pushed on
> your side.

Does bitbake have any infrastructure atm for dealing with signed tags?
I'm fine with (for now, as LTS is a hope not a feature) keeping the
branch portion.  But if it was possible to say it must be a tag signed
by X key, that would help a little with the concern about moving to some
more arbitrary commit.

-- 
Tom


signature.asc
Description: PGP signature

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184417): 
https://lists.openembedded.org/g/openembedded-core/message/184417
Mute This Topic: https://lists.openembedded.org/mt/100144566/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for mickledore on Sun 16 Jul 2023 04:00:01 AM HST

2023-07-16 Thread Steve Sakoman 
Branch: mickledore

New this week: 3 CVEs
CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *
CVE-2023-37453 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37453 *
CVE-2023-37454 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37454 *

Removed this week: 0 CVEs

Full list:  Found 85 unpatched CVEs
CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 *
CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 *
CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2022-48425 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 *
CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 *
CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 *
CVE-2023-0615 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0615 *
CVE-2023-1380 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1380 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-1611 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1611 *
CVE-2023-1855 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1855 *
CVE-2023-1859 (CVSS3: 4.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1859 *
CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 *
CVE-2023-1989 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1989 *
CVE-2023-1990 (CVSS3: 4.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1990 *
CVE-2023-1998 (CVSS3: 5.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1998 *
CVE-2023-2002 (CVSS3: 6.8 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2002 *
CVE-2023-2124 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2124 *
CVE-2023-2156 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2156 *
CVE-2023-2162 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2162 *
CVE-2023-2194 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2194 *
CVE-2023-2235 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2235 *
CVE-2023-23039 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23039 *
CVE-2023-25433 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25433 *
CVE-2023-25435 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25435 *
CVE-2023-2609 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2609 *
CVE-2023-2610 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2610 *
CVE-2023-26966 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26966 *
CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *
CVE-2023-2828 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2828 *
CVE-2023-2829 (CVSS3: 7.5

[OE-core] OE-core CVE metrics for kirkstone on Sun 16 Jul 2023 03:00:01 AM HST

2023-07-16 Thread Steve Sakoman 
Branch: kirkstone

New this week: 1 CVEs
CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *

Removed this week: 3 CVEs
CVE-2023-2603 (CVSS3: 7.8 HIGH): libcap:libcap-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2603 *
CVE-2023-29400 (CVSS3: 7.3 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29400 *
CVE-2023-34241 (CVSS3: 7.1 HIGH): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34241 *

Full list:  Found 37 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 *
CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 *
CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 *
CVE-2023-0795 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0795 *
CVE-2023-0796 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 *
CVE-2023-0797 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0797 *
CVE-2023-0798 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0798 *
CVE-2023-0799 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0799 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 *
CVE-2023-1999 (CVSS3: 7.5 HIGH): libwebp 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1999 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-24536 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 *
CVE-2023-2609 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2609 *
CVE-2023-2610 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2610 *
CVE-2023-26965 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26965 *
CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 *
CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 *
CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *
CVE-2023-2828 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2828 *
CVE-2023-2829 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2829 *
CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *
CVE-2023-2911 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2911 *
CVE-2023-29403 (CVSS3: 7.8 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 *
CVE-2023-29491 (CVSS3: 7.8 HIGH): ncurses:ncurses-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 *
CVE-2023-30571 (CVSS3: 5.3 MEDIUM): libarchive:libarchive-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30571 *
CVE-2023-30630 (CVSS3: 7.8 HIGH): dmidecode 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30630 *
CVE-2023-3138 (CVSS3: 7.5 HIGH): libx11:libx11-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3138 *
CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3316 *
CVE-2023-36632 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36632 *
CVE-2023-36664 (CVSS3: 7.8 HIGH): ghostscript:ghostscript-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36664 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184415): 
https://lists.openembedded.org/g/openembedded-core/message/184415
Mute This

[OE-core] OE-core CVE metrics for dunfell on Sun 16 Jul 2023 02:00:01 AM HST

2023-07-16 Thread Steve Sakoman 
Branch: dunfell

New this week: 1 CVEs
CVE-2023-2908 (CVSS3: N/A): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *

Removed this week: 6 CVEs
CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 *
CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 *
CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 *
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
CVE-2023-33204 (CVSS3: 7.8 HIGH): sysstat 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33204 *
CVE-2023-34241 (CVSS3: 7.1 HIGH): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34241 *

Full list:  Found 82 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 *
CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-3782 (CVSS3: 6.6 MEDIUM): wayland:wayland-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 *
CVE-2021-3947 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 *
CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 *
CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 *
CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 *
CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 *
CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
CVE-2022-0358 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358 *
CVE-2022-2347 (CVSS3: 7.1 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2347 *
CVE-2022-23773 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 *
CVE-2022-24765 (CVSS3: 7.8 HIGH): git 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 *
CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 *
CVE-2022-29536 (CVSS3: 7.5 HIGH): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29536 *
CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 *
CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk

Re: [OE-core] [PATCH v3] qemu: Add qemu-common package

2023-07-16 Thread Alexandre Belloni via lists.openembedded.org 
Hello,

This causes the following meta-mingw error on the AB:

https://autobuilder.yoctoproject.org/typhoon/#/builders/89/builds/7501/steps/12/logs/stdio

This is due to the added native-sdk dependency.

On 10/07/2023 18:32:18+0800, Yu, Mingli wrote:
> From: Mingli Yu 
> 
> We split the qemu package [1] to add support to make user can install
> one qemu arch emulation rpm to ease the concerns who care much about
> the rpm size in embedded device.
> 
> But for the user who only install the qemu-*.rpm can't do anything
> except they install the qemu emulation rpm like qemu-system-x86-64-*.rpm
> explicitly.
> 
> So add qemu-common package to package all thing into qemu-common when
> not split the package, and package only the basic into qemu-common and
> other arch related to each qemu arch emulation rpm when split the package
> to fix the backward compatibility.
> 
> qenu-*.rpm which is meta package rdepends on qemu-common and the available
> qemu arch emulation rpm like qemu-system-x86-64-*.rpm and etc.
> 
> [1] 
> https://git.openembedded.org/openembedded-core/commit/?id=893846ead7ee54d53e9076150cd655e0c8bca5db
> 
> Signed-off-by: Mingli Yu 
> ---
>  meta/recipes-devtools/qemu/qemu.inc  | 23 ---
>  meta/recipes-devtools/qemu/qemu_8.0.0.bb |  3 ++-
>  2 files changed, 14 insertions(+), 12 deletions(-)
> 
> diff --git a/meta/recipes-devtools/qemu/qemu.inc 
> b/meta/recipes-devtools/qemu/qemu.inc
> index a5bdeef66d..94624163d0 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -226,15 +226,18 @@ PACKAGECONFIG[brlapi] = 
> "--enable-brlapi,--disable-brlapi"
>  PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
>  PACKAGECONFIG[debuginfo] = "--enable-libdw,--disable-libdw,elfutils"
>  
> -INSANE_SKIP:${PN} = "arch"
> +INSANE_SKIP:${PN}-common = "arch"
>  
>  FILES:${PN} += "${datadir}/icons"
>  
>  # For user who want to install all arch packages
> -PACKAGES =+ "${PN}-system-all ${PN}-user-all"
> +PACKAGES =+ "${PN}-common"
> +RDEPENDS:${PN} += "${PN}-common"
>  
> -ALLOW_EMPTY:${PN}-system-all = "1"
> -ALLOW_EMPTY:${PN}-user-all = "1"
> +ALLOW_EMPTY:${PN} = "1"
> +FILES:${PN} = ""
> +
> +FILES:${PN}-common = "${bindir}/* ${includedir}/* ${libexecdir}/* 
> ${datadir}/* ${localstatedir}"
>  
>  PACKAGES_DYNAMIC += "^${PN}-user-.*  ^${PN}-system-.*"
>  
> @@ -242,15 +245,13 @@ PACKAGESPLITFUNCS =+ "split_qemu_packages"
>  
>  python split_qemu_packages () {
>  archdir = d.expand('${bindir}/')
> -syspackages = do_split_packages(d, archdir, r'^qemu-system-(.*)$', 
> '${PN}-system-%s', 'QEMU full system emulation binaries(%s)' , prepend=True)
> -if syspackages:
> -d.setVar('RDEPENDS:' + d.getVar('PN') + '-system-all', ' 
> '.join(syspackages))
> +subpackages = do_split_packages(d, archdir, r'^qemu-system-(.*)$', 
> '${PN}-system-%s', 'QEMU full system emulation binaries(%s)' , prepend=True, 
> extra_depends='${PN}-common')
>  
> -userpackages = do_split_packages(d, archdir, 
> r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', 
> '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True)
> -if userpackages:
> -d.setVar('RDEPENDS:' + d.getVar('PN') + '-user-all', ' 
> '.join(userpackages))
> +subpackages += do_split_packages(d, archdir, 
> r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', 
> '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, 
> extra_depends='${PN}-common')
> +if subpackages:
> +d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' 
> '.join(subpackages))
>  mipspackage = d.getVar('PN') + "-user-mips"
> -if mipspackage in ' '.join(userpackages):
> +if mipspackage in ' '.join(subpackages):
>  d.appendVar('RDEPENDS:' + mipspackage, ' ' + d.getVar("MLPREFIX") + 
> 'bash')
>  }
>  
> diff --git a/meta/recipes-devtools/qemu/qemu_8.0.0.bb 
> b/meta/recipes-devtools/qemu/qemu_8.0.0.bb
> index 42e133967e..412c2bc7f0 100644
> --- a/meta/recipes-devtools/qemu/qemu_8.0.0.bb
> +++ b/meta/recipes-devtools/qemu/qemu_8.0.0.bb
> @@ -8,7 +8,8 @@ DEPENDS:append:libc-musl = " libucontext"
>  
>  CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 
> '-DEGL_NO_X11=1', d)}"
>  
> -RDEPENDS:${PN}:class-target += "bash"
> +RDEPENDS:${PN}-common:class-target += "bash"
> +RDEPENDS:${PN}-common:class-nativesdk += "bash"
>  
>  EXTRA_OECONF:append:class-target = " 
> --target-list=${@get_qemu_target_list(d)}"
>  EXTRA_OECONF:append:class-target:mipsarcho32 = 
> "${@bb.utils.contains('BBEXTENDCURR', 'multilib', ' --disable-capstone', '', 
> d)}"
> -- 
> 2.25.1
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184413): 
https://lists.openembedded.org/g/openembedded-core/message/184413
Mute This Topic:

[OE-core] OE-core CVE metrics for master on Sun 16 Jul 2023 01:00:01 AM HST

2023-07-16 Thread Steve Sakoman 
Branch: master

New this week: 2 CVEs
CVE-2023-37453 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37453 *
CVE-2023-37454 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37454 *

Removed this week: 0 CVEs

Full list:  Found 31 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 *
CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 *
CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 *
CVE-2023-23039 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23039 *
CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *
CVE-2023-2898 (CVSS3: 4.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2898 *
CVE-2023-30571 (CVSS3: 5.3 MEDIUM): libarchive:libarchive-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30571 *
CVE-2023-3090 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3090 *
CVE-2023-3117 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3117 *
CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3316 *
CVE-2023-3317 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3317 *
CVE-2023-3358 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3358 *
CVE-2023-3359 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3359 *
CVE-2023-3389 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3389 *
CVE-2023-3390 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3390 *
CVE-2023-35827 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35827 *
CVE-2023-36632 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36632 *
CVE-2023-36664 (CVSS3: 7.8 HIGH): ghostscript 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36664 *
CVE-2023-37453 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37453 *
CVE-2023-37454 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37454 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184412): 
https://lists.openembedded.org/g/openembedded-core/message/184412
Mute This Topic: https://lists.openembedded.org/mt/100174049/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-