[OE-core] [zeus][PATCH 0/4] zeus pull request - cover letter only

Please merge these changes in zeus. Clean a-full on autobuilder except an unrelated virgl failure in oe-selftest on Ubuntu 18.04 (the test now needs libdrm in zeus to be at a specific version for that OS). Thanks, Anuj The following changes since commit 74e22d0d2b61d0014f408972725469bb7a024622:

[OE-core][dunfell 00/19] Pull request (cover letter only)

The following changes since commit 257758f175cdcb99f4fe890cc0b1a60e82b5b84b: Revert "gtk-icon-cache.bbclass: add runtime dependency" (2020-08-05 04:27:18 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next http://cgit.op

[OE-core] [PATCH] python3-setuptools: update to 49.3.1

Signed-off-by: Oleksandr Kravchuk --- ...ython3-setuptools_49.2.1.bb => python3-setuptools_49.3.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-setuptools_49.2.1.bb => python3-setuptools_49.3.1.bb} (95%) diff --git a/meta/recipes-devtool

[OE-core] [PATCH] ethtool: update to 5.8

Signed-off-by: Oleksandr Kravchuk --- .../ethtool/ethtool/avoid_parallel_tests.patch | 6 +++--- .../ethtool/{ethtool_5.7.bb => ethtool_5.8.bb} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-extended/ethtool/{ethtool_5.7.bb => ethtool_5.8.b

[OE-core] [PATCH] iproute2: update to 5.8.0

Signed-off-by: Oleksandr Kravchuk --- .../0001-devlink.c-add-missing-include.patch | 23 --- ...01-libc-compat.h-add-musl-workaround.patch | 10 .../{iproute2_5.7.0.bb => iproute2_5.8.0.bb} | 2 +- 3 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644

[OE-core] [PATCH] webkitgtk: Upgrade to 2.28.4

backport a patch from master to fix clang11 build error Signed-off-by: Khem Raj --- ...build-errors-due-to-WWc-11-narrowing.patch | 66 +++ ...ebkitgtk_2.28.3.bb => webkitgtk_2.28.4.bb} | 3 +- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-sa

[OE-core] [PATCH 2/2] build-compare: Drop recipe

If we no longer have the packagefeed-stability class, we no longer need need build-compare as it was the only user of it. Therefore drop the recipe too. Signed-off-by: Richard Purdie --- meta/conf/distro/include/distro_alias.inc | 1 - meta/conf/distro/include/maintainers.inc | 1 - .

[OE-core] [PATCH 1/2] packagefeed-stability: Remove as obsolete

This class had great ideas and potential but now we have hash equivalence and reproducibility, its effectively obsolete. I'm not aware of any serious use of the class, we certainly don't get bug reports or patches so remove it and focus on those other areas. Signed-off-by: Richard Purdie --- me

Re: [OE-core][dunfell][PATCH] go: CVE-2020-16845

Since this CVE will be covered in a pending version upgrade, there isn't a need to take this patch. Thanks, though! I really appreciate the help in reducing the number of outrstanding CVE's! Steve On Mon, Aug 10, 2020 at 10:38 PM Zhixiong Chi wrote: > > Backport CVE patch from the upstream: >

Re: [OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

Ah, OK, I understand now. Steve On Tue, Aug 11, 2020 at 8:50 AM Khem Raj wrote: > > On Tue, Aug 11, 2020 at 11:45 AM Steve Sakoman wrote: > > > > On Tue, Aug 11, 2020 at 8:36 AM Khem Raj wrote: > > > > > > On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman wrote: > > > > > > > > Zhixiong Chi subm

Re: [OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

On Tue, Aug 11, 2020 at 11:45 AM Steve Sakoman wrote: > > On Tue, Aug 11, 2020 at 8:36 AM Khem Raj wrote: > > > > On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman wrote: > > > > > > Zhixiong Chi submitted a patch today to fix CVE-2020-16845. > > > > > > I don't see that referenced in your patch, s

[OE-core] [PATCH] go: Upgrade to 1.14.7

CVE_CHECK_WHITELIST += "CVE-2020-16845" Signed-off-by: Khem Raj Cc: Li Zhou --- meta/recipes-devtools/go/go-1.14.inc | 4 ++-- ...{go-binary-native_1.14.6.bb => go-binary-native_1.14.7.bb} | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-d

Re: [OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

On Tue, Aug 11, 2020 at 8:36 AM Khem Raj wrote: > > On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman wrote: > > > > Zhixiong Chi submitted a patch today to fix CVE-2020-16845. > > > > I don't see that referenced in your patch, so I assume we'll need to > > take both patches. > > right that will com

Re: [OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman wrote: > > Zhixiong Chi submitted a patch today to fix CVE-2020-16845. > > I don't see that referenced in your patch, so I assume we'll need to > take both patches. right that will come with 1.14.7 update which is not yet proposed, so I guess we shou

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 09 Aug 2020 12:00:01 AM HST

On Tue, Aug 11, 2020 at 11:17 AM Steve Sakoman wrote: > > On Tue, Aug 11, 2020 at 7:28 AM Khem Raj wrote: > > > The gcc CVE [1] is already patched in gcc 9.3.0 which is in dunfell, I > > think its wrongly flagged. > > > > [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15847 * > >

[OE-core] [dunfell][PATCH] gcc-9.3.inc: Mark CVE-2019-15847 as fixed

We do not have explicit patch to mark it and cve checker gets confused, so help it out Signed-off-by: Khem Raj --- meta/recipes-devtools/gcc/gcc-9.3.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc index c9ea

Re: [OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

Zhixiong Chi submitted a patch today to fix CVE-2020-16845. I don't see that referenced in your patch, so I assume we'll need to take both patches. Will do an autobuilder test this morning with both applied. Steve On Tue, Aug 11, 2020 at 8:17 AM Khem Raj wrote: > > Includes security Fixes for

[OE-core] [PATCH] maintainers: Update entries for Mark Hatle

db/rpm/depmodwrapper-cross no longer have a maintainer, update his address on prelink. I take pseudo since I'm doing the work there in the absence of anyone else. Signed-off-by: Richard Purdie --- meta/conf/distro/include/maintainers.inc | 10 +- 1 file changed, 5 insertions(+), 5 deleti

[OE-core] [dunfell][PATCH] go: update 1.14.4 -> 1.14.6

Includes security Fixes for CVE-2020-14039 and CVE-2020-15586 (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633) (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5) (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1) Signed-off-by: Khem Raj ---

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 09 Aug 2020 12:00:01 AM HST

On Tue, Aug 11, 2020 at 7:28 AM Khem Raj wrote: > The gcc CVE [1] is already patched in gcc 9.3.0 which is in dunfell, I > think its wrongly flagged. > > [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15847 * The database indicates that all versions prior to ggc 10 are vulnerable

[OE-core] [dunfell][PATCH] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch

Drop 0016-Add-unused-attribute.patch since its fixed by Rewrite iconv option parsing [BZ #19519] [1] Upgrade to latest on 2.31 branch which brings following bug fixes * 6fdf971c9db (origin/release/2.31/master) Add NEWS entry for CVE-2016-10228 (bug 19519) * 70d585151c0 Rewrite iconv option parsi

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 09 Aug 2020 12:00:01 AM HST

Hi Steve The gcc CVE [1] is already patched in gcc 9.3.0 which is in dunfell, I think its wrongly flagged. [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15847 * On Tue, Aug 11, 2020 at 9:56 AM Steve Sakoman wrote: > > On Tue, Aug 11, 2020 at 6:20 AM Ross Burton wrote: > > > >

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 09 Aug 2020 12:00:01 AM HST

On Tue, Aug 11, 2020 at 6:20 AM Ross Burton wrote: > > In the interest of avoiding reproducing work, I'm slowly trawling > through the qemu CVEs in date order (starting from 2012) to fix up the > CPE entries so they disappear from these lists. Thanks Ross, much appreciated! Steve > On Sun, 9 Au

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 09 Aug 2020 12:00:01 AM HST

In the interest of avoiding reproducing work, I'm slowly trawling through the qemu CVEs in date order (starting from 2012) to fix up the CPE entries so they disappear from these lists. Ross On Sun, 9 Aug 2020 at 11:03, Steve Sakoman wrote: > > Branch: master > > New this week: > CVE-2019-14865:

[oe-core][V2][PATCH 1/1] gcr: make sure gcr-oids.h is generated

Backport, without modification, a patch from mainline after gcr-3-36 branch created. Signed-off-by: Joe Slater --- ...-meson-Make-sure-gcr-oids.h-is-built.patch | 36 +++ meta/recipes-gnome/gcr/gcr_3.36.0.bb | 2 ++ 2 files changed, 38 insertions(+) create mode 100644

[OE-core] [PATCH] binutils: Remove RISC-V PIE patch

Remove the out of tree patch that is trying to address a PIE issue. This patch causes RISC-V applications to seg fault when running _dl_relocate_object. This fixes: https://github.com/riscv/meta-riscv/issues/236 Signed-off-by: Alistair Francis --- .../binutils/binutils-2.35.inc|

[OE-core] Yocto Project Status WW32'20

Current Dev Position: YP 3.2 M3 Next Deadline: YP 3.2 M3 build date 2020/8/31 Next Team Meetings: * Bug Triage meeting Thursday Aug. 13th at 7:30am PDT ( https://zoom.us/j/454367603) * Monthly Project Meeting Tuesday Sept. 1st at 8am PDT (

Re: [OE-core] systemd-getty-generator present but undesired

Met vriendelijke groet / kind regards, Mike Looijmans System Expert TOPIC Embedded Products B.V. Materiaalweg 4, 5681 RJ Best The Netherlands T: +31 (0) 499 33 69 69 E: mike.looijm...@topicproducts.com W: www.topicproducts.com Please consider the environment before printing this e-mail On 30

[OE-core] [PATCH] gcc: backport a fix for out-of-line atomics on aarch64

From: Ross Burton Signed-off-by: Ross Burton --- meta/recipes-devtools/gcc/gcc-10.1.inc| 1 + ...-up-__aarch64_cas16_acq_rel-fallback.patch | 66 +++ 2 files changed, 67 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc-10.1/0001-aarch64-Fix-up-__aarch64_

[OE-core][dunfell][PATCH] go: CVE-2020-16845

Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 Signed-off-by: Zhixiong Chi --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2020-16845.patch | 110 ++ 2 files changed, 1

Re: [OE-core] [PATCH] bitbake.conf: set the default pigz thread

On 8/11/20 4:19 PM, Richard Purdie wrote: On Tue, 2020-08-11 at 16:09 +0800, Yu, Mingli wrote: Hi RP, On 8/11/20 3:57 PM, Richard Purdie wrote: On Tue, 2020-08-11 at 15:22 +0800, Yu, Mingli wrote: From: Mingli Yu pigz, which stands for parallel implementation of gzip, is a fully functiona

Re: [OE-core] [PATCH] bitbake.conf: set the default pigz thread

On Tue, 2020-08-11 at 16:09 +0800, Yu, Mingli wrote: > Hi RP, > > On 8/11/20 3:57 PM, Richard Purdie wrote: > > On Tue, 2020-08-11 at 15:22 +0800, Yu, Mingli wrote: > > > From: Mingli Yu > > > > > > pigz, which stands for parallel implementation of gzip, is a > > > fully functional replacement f

Re: [OE-core] [PATCH] bitbake.conf: set the default pigz thread

Hi RP, On 8/11/20 3:57 PM, Richard Purdie wrote: On Tue, 2020-08-11 at 15:22 +0800, Yu, Mingli wrote: From: Mingli Yu pigz, which stands for parallel implementation of gzip, is a fully functional replacement for gzip that exploits multiple processors and multiple cores to the hilt when compre

Re: [OE-core] [PATCH] bitbake.conf: set the default pigz thread

On Tue, 2020-08-11 at 15:22 +0800, Yu, Mingli wrote: > From: Mingli Yu > > pigz, which stands for parallel implementation of gzip, is a > fully functional replacement for gzip that exploits multiple > processors and multiple cores to the hilt when compressing data. > > do_package uses pigz to co

[OE-core][PATCH] go: CVE-2020-16845

Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 Signed-off-by: Zhixiong Chi --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2020-16845.patch | 110 ++ 2 files changed, 1

[OE-core][zeus][PATCH] go: CVE-2020-16845

Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 Signed-off-by: Zhixiong Chi --- meta/recipes-devtools/go/go-1.12.inc | 1 + .../go/go-1.12/CVE-2020-16845.patch | 110 ++ 2 files changed, 1

[OE-core] [PATCH] bitbake.conf: set the default pigz thread

From: Mingli Yu pigz, which stands for parallel implementation of gzip, is a fully functional replacement for gzip that exploits multiple processors and multiple cores to the hilt when compressing data. do_package uses pigz to compress data to speed up the time if there is pigz available on the