Backport the CVE patch from upstream:
[https://sourceware.org/git/gitweb.cgi?p=glibc.git;
a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
Signed-off-by: Zhixiong Chi
---
.../glibc/glibc/CVE-2020-10029.patch | 128 ++
meta/recipes-core/glibc/glibc_2.30.bb |
Backport the CVE patch from upstream:
[https://sourceware.org/git/gitweb.cgi?p=glibc.git;
a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
Signed-off-by: Zhixiong Chi
---
.../glibc/glibc/CVE-2020-10029.patch | 128 ++
meta/recipes-core/glibc/glibc_2.31.bb |
Hello,
On 09.03.20 01:23, Adrian Bunk wrote:
On Sun, Mar 08, 2020 at 11:08:08PM +0100, Alexander Kanavin wrote:
On Sun, 8 Mar 2020 at 22:46, Adrian Bunk wrote:
It is on YP to make it clear to users whether or not Yocto comes with
the same set of security guarantees as distributions like Ubun
A rootfs post command function vuln_cve_make_manifests() generates
some manifests about CVE_REPORTS list variable where files are generated
in per package task. A vuln_cve_make_manifests() gather these files about
installed packages in image from sstate directory to deploy manifest files
specified
To give any extensibility about CVE task in OE-Core with introducing plug and
call style CVE task execution in patch set.
If pluggable CVE frameworks will provide from OE-Core for embedded people
include Linux distributors, CVE tool makers, embedded product maintainers or
developers, they may get c
A do_vulnerability() which can run CVE tasks plugged by function variables
VULNFUNC_SCAN_CVE, VULNFUNC_JUDGE_CVE and VULNFUNC_REPORT_CVE.
Variable VULNFUNC_SCAN_CVE is used for the purpose of CVE search based on
CPE (Common Platform Enumeration).
A do_vulnerability() decides two CVE statements 'P
Hello Richard,
I can try to explain it in some examples.
I would like to add some extra (dynamic) variables into local.conf in
eSDK mode. I have found, that there are 2 possibilities (in
populate_sdk_ext.bbclass) sdk-extra.conf and sdk_extraconf.
- sdk-extra.conf
- You have to have handle own f
The intent is to say that security patches are eligible for inclusion into
stable release updates (while e.g. version updates are not). If the wording
is vague, it can be improved. I tend to agree that there has to be a more
clear message that users must set up their own security process or pay
som
On Mar 9, 2020, at 03:45, Ayoub Zaki wrote:
>> Nothing to discuss in public.
>>
>>> This
>>> has been the situation from the start of the project, certainly this was
>>> the case 5 years ago when I joined it, and the only person ever to make an
>>> issue out of it is you. Everyone else seems to
On Mar 7, 2020, at 11:17, Richard Purdie
wrote:
> Hi,
>
> I just wanted to mention that we now have the ability to wrap builds on
> specific workers with specific buildtools tarballs.
>
> Currently this functionality is in master, we do have the option of
> porting the helper code to other sta
On Sat, Mar 07, 2020 at 04:17:28PM +, Richard Purdie wrote:
>...
> This does mean we could drop gcc 4.8/4.9 support if we wanted to and
> rely on the tarball support for centos7/debian8.
>...
Debian 8
- will have LTS support ending at the end of June, and
- ships Python 3.4, which is no longer
On Mon, 2020-03-09 at 12:52 +0200, Adrian Bunk wrote:
> On Sat, Mar 07, 2020 at 04:17:28PM +, Richard Purdie wrote:
> > ...
> > This does mean we could drop gcc 4.8/4.9 support if we wanted to
> > and
> > rely on the tarball support for centos7/debian8.
> > ...
>
> Debian 8
> - will have LTS s
I will check/fix it
Anders Wallin
On Sat, Mar 7, 2020 at 3:17 PM Khem Raj wrote:
> I am seeing a QA textrel issue with clang/arm
>
> http://errors.yoctoproject.org/Errors/Details/393983/
>
> On Thu, Mar 5, 2020 at 4:07 AM Anders Wallin wrote:
> >
> > Babeltrace 1 vs. Babeltrace 2
> >
> > The B
On Mon, Mar 09, 2020 at 11:41:13AM +, Richard Purdie wrote:
> On Mon, 2020-03-09 at 12:52 +0200, Adrian Bunk wrote:
> > On Sat, Mar 07, 2020 at 04:17:28PM +, Richard Purdie wrote:
> > > ...
> > > This does mean we could drop gcc 4.8/4.9 support if we wanted to
> > > and
> > > rely on the ta
On Mon, 2020-03-09 at 08:29 +0100, Ayoub Zaki wrote:
> On 09.03.20 01:23, Adrian Bunk wrote:
> > On Sun, Mar 08, 2020 at 11:08:08PM +0100, Alexander Kanavin wrote:
> > > On Sun, 8 Mar 2020 at 22:46, Adrian Bunk wrote:
> > https://www.yoctoproject.org/is-yocto-project-for-you/
> > 13. Yocto Project
These changes fix the archival of git submodules, do_deploy_archives
dependencies and externalsrc support for the kernel.
The gitsm archiver fix is independent of the patch sent to bitbake - the
patch here fixes the generation of archives for git submodules, the separate
bitbake patch fixes the us
When the externalsrc class is used the tasks listed in
SRCTREECOVEREDTASKS are deleted to prevent them being executed. If
externalsrc is used for the kernel then this will include
virtual/kernel:do_patch.
We can depend on do_shared_workdir instead as this will survive when
externalsrc is used.
Si
To ensure that archives are captured for all dependencies of a typical
bitbake build we add do_deploy_archives to the list of recursive
dependencies of do_build. Without this, archives may be missed for
recipes such as gcc-source which do not create packages or populate a
sysroot.
do_deploy_archiv
To fully archive a `gitsm://` entry in SRC_URI we need to also capture
the submodules recursively. If shallow mirror tarballs are found, they
must be temporarily extracted so that the submodules can be determined.
Signed-off-by: Paul Barker
---
meta/classes/archiver.bbclass | 31
When the externalsrc class is used the tasks listed in
SRCTREECOVEREDTASKS are deleted to prevent them being executed. If
externalsrc is used for the kernel then this will include
virtual/kernel:do_patch.
We can depend on do_shared_workdir instead as this will survive when
externalsrc is used.
Si
The merging of config fragments is performend in the do_kernel_configme
task and so config fragments will not be supported when this task is
removed from the dependency tree.
kernel-yocto adds additional tasks which may modify the source directory
to SRCTREECOVEREDTASKS so that they are removed wh
I've a branch with systemd 245 on it which fails testing because
psplash gets restarted all the time.
But ignoring the systemd 245 piece, it looks to me like psplash could
be restarted under systemd 244 too as the main process exits and our
units aren't marked RemainAfterExit. I haven't figured ou
On Sun, Mar 8, 2020 at 12:18 AM Richard Purdie
wrote:
>
> On Sat, 2020-03-07 at 20:17 -0800, Khem Raj wrote:
> > On Sat, Mar 7, 2020 at 2:37 PM Richard Purdie
> > wrote:
> > > If configure is rerun it finds msgfmt from gettext-native which is
> > > installed
> > > during package_write_ipk|deb and
The nativesdk variant is needed by the buildtools-tarball, when
p11-kit feature is enabled for gnutls. The error message is:
Missing or unbuildable dependency chain was: ['buildtools-tarball',
'nativesdk-wget', 'nativesdk-gnutls', 'nativesdk-p11-kit']
Signed-off-by: Codrin Ciubotariu
Cc: Alexan
== Series Details ==
Series: p11-kit: Add nativesdk variant
Revision: 1
URL : https://patchwork.openembedded.org/series/23169/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
https://wiki.yoctoproject.org/wiki/Bug_Triage#N
The nativesdk variant is needed by the buildtools-tarball, when
p11-kit feature is enabled for gnutls. The error message is:
Missing or unbuildable dependency chain was: ['buildtools-tarball',
'nativesdk-wget', 'nativesdk-gnutls', 'nativesdk-p11-kit']
Signed-off-by: Codrin Ciubotariu
Cc: Alexan
On 2020-03-06 8:24 a.m., Oleksandr Popovych wrote:
Hello, Randy
Hi,
Back from a holiday so my reply was delayed.
On Wed, Feb 12, 2020 at 7:17 PM Randy MacLeod
wrote:
On 2/12/20 7:19 AM, Oleksandr Popovych via Openembedded-core wrote:
For ptest support for this package several additional
For legacy bios boot configurations, syslinux supports multiple
labels with per-label APPEND definitions. grub-efi-cfg supports
multiple labels, but only a single APPEND definition.
Enable optional per-label APPEND definitions for grub EFI, with
variable names prefixed by "grub_" to isolate grub
When a target is specified for INITRD_IMAGE_LIVE, a task dependency is
added for do_image_complete. At present, image-live initrd will not
accept multiconfig dependency targets.
If BBMULTICONFIG is non-empty and INITRD_IMAGE_LIVE is a multiconfig
target, use mcdepends instead of depends. The packa
in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
work for musl since it uses glibc specific functions e.g.
getcontext/swapcontext/swapcontext also see [1]
This patch reverts back to using arm32 implementation for coroutines on
arm
[1] https://bugs.ruby-lang.org/issues/1645
This helps compile the testcase with musl on 32bit arches
Signed-off-by: Khem Raj
---
...check-tests-Fix-timerfd-syscall-test.patch | 210 ++
.../valgrind/valgrind_3.15.0.bb | 1 +
2 files changed, 211 insertions(+)
create mode 100644
meta/recipes-devtools/valgr
-a option is linux specific
Errors like below are fixed when -a is used
bus/connection.h is owned by uid 1000, which is the same as t
he user running bitbake. This may be due to host contamination
Signed-off-by: Khem Raj
---
meta/recipes-core/dbus/dbus-test_1.12.16.bb | 4 ++--
1 file changed,
On Mon, Mar 9, 2020 at 4:44 PM Khem Raj wrote:
>
> in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
> work for musl since it uses glibc specific functions e.g.
> getcontext/swapcontext/swapcontext also see [1]
>
> This patch reverts back to using arm32 implementation for co
On Mon, Mar 9, 2020 at 4:47 PM Khem Raj wrote:
>
> -a option is linux specific
Is it?
> Errors like below are fixed when -a is used
Do you mean the errors are fixed when -a is _not_ used ?
Either way, the key fix here looks to be effectively removing
--preserve=ownership from the cp command, n
On 3/9/20 4:52 PM, Andre McCurdy wrote:
> On Mon, Mar 9, 2020 at 4:44 PM Khem Raj wrote:
>>
>> in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
>> work for musl since it uses glibc specific functions e.g.
>> getcontext/swapcontext/swapcontext also see [1]
>>
>> This patch
On Mon, Mar 9, 2020 at 5:33 PM Khem Raj wrote:
>
> On 3/9/20 4:52 PM, Andre McCurdy wrote:
> > On Mon, Mar 9, 2020 at 4:44 PM Khem Raj wrote:
> >>
> >> in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
> >> work for musl since it uses glibc specific functions e.g.
> >> getc
in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
work for musl since it uses glibc specific functions e.g.
getcontext/swapcontext/swapcontext also see [1]
This patch reverts back to using arm32 implementation for coroutines on
arm
[1] https://bugs.ruby-lang.org/issues/1645
-r are not posix defined and -a leaks UID of
build user into target
Errors like below are fixed when -a is used
bus/connection.h is owned by uid 1000, which is the same as t
he user running bitbake. This may be due to host contamination
Signed-off-by: Khem Raj
---
v2: Improve commit message for
This helps compile the testcase with musl on 32bit arches
Signed-off-by: Khem Raj
---
v2: Use header check instead of function checks
...check-tests-Fix-timerfd-syscall-test.patch | 98 +++
.../valgrind/valgrind_3.15.0.bb | 1 +
2 files changed, 99 insertions(+)
in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
work for musl since it uses glibc specific functions e.g.
getcontext/swapcontext/swapcontext also see [1]
This patch reverts back to using arm32 implementation for coroutines on
arm
[1] https://bugs.ruby-lang.org/issues/1645
41 matches
Mail list logo