[OE-core] [meta-oe][PATCH] net-tools: split into binary packages

Support per binary package to not bloat the system with unneeded tools. Signed-off-by: Sinan Kaya --- .../net-tools/net-tools_1.60-26.bb| 27 +++ 1 file changed, 27 insertions(+) diff --git a/meta/recipes-extended/net-tools/net-tools_1.60-26.bb b/meta/recipes-extend

[OE-core] [PATCH] distutils-common-base: fix LINKSHARED expansion

Add the missing $ so SECURITY_CFLAGS actually gets expanded. Signed-off-by: Anuj Mittal --- meta/classes/distutils-common-base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/distutils-common-base.bbclass b/meta/classes/distutils-common-base.bbclass inde

Re: [OE-core] YPBZ 14125: busybox wget: where to add openssl-bin dependency?

On Wed, Nov 18, 2020 at 2:30 PM Randy MacLeod wrote: > > Hi Shachar, > > On 2020-11-18 1:49 p.m., Shachar Menashe wrote: > > About the busybox patch, I realized that Dunfell doesn't come with the > > "openssl" binary built-in (only the library) but this fix will actually > > requires having the

[OE-core] [gatesgarth][PATCH 00/18] pull request (cover letter only)

Please merge these changes in gatesgarth. I have dropped the kernel change from this request and will include it along with the fix up sent by Bruce in next series. Thanks, Anuj The following changes since commit a1db1e71129c3e67ddd9dbef21e1c5eb31552e00: grub: clean up CVE patches (2020-11-1

Re: [OE-core] [oe][zeus][PATCH] go: Security Advisory - go - CVE-2020-28366

Please omit this patch. Thank you. On 11/17/20 2:26 PM, Li Zhou wrote: Backport commit from to solve CVE-2020-28366. Adapted the patch to solve context issues. Signed-off-by: Li Zhou --- meta/recipes-devtools/go/

[OE-core] [PATCH] buildtools-tarball: add wic dependency into buildtools

fix below error: wic ls ./core-image-minimal-intel-x86-64.wic ERROR: Can't find executable parted wic depend on some tools like parted/mtools/..., and we have those tools in native_sysroot. so above problem can be avoided by run command like wic ls imagename.wic --native-sysroot but this cannot

Re: [OE-core] [PATCH V2] vulkan-samples: fix do_compile failure

ping On 16/11/20 9:43 am, Changqing Li wrote: fix error: | framework/lib/ppc/libframework.a(device.cpp.o): in function `std::__atomic_base::load(std::memory_order) const': | /usr/include/c++/10.2.0/bits/atomic_base.h:426: undefined reference to `__atomic_load_8' some arch don't have built-in

Re: [OE-core] [PATCH 1/4] libproxy: fix CVE-2020-26154

Yes, will send separate patch series for dunfell and gatesgarth. >-Original Message- >From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Steve Sakoman >Sent: Wednesday, 18 November, 2020 10:44 PM >To: Lee, Chee Yang >Cc: Patches and discussions about

Re: [OE-core] cups: whitelist CVE-2018-6553

On Wed, Nov 18, 2020 at 1:56 PM Mittal, Anuj wrote: > > On Wed, 2020-11-18 at 05:25 -1000, Steve Sakoman wrote: > > This an Ububtu specific issue: > > > > The CUPS AppArmor profile incorrectly confined the dnssd backend > > due to use of hard links. A local attacker could possibly use this > > iss

Re: [OE-core] cups: whitelist CVE-2018-6553

On Wed, 2020-11-18 at 05:25 -1000, Steve Sakoman wrote: > This an Ububtu specific issue: > > The CUPS AppArmor profile incorrectly confined the dnssd backend > due to use of hard links. A local attacker could possibly use this > issue to escape confinement. This flaw affects versions prior to > 2.

[OE-core] [meta-oe][PATCH v2] volatile-binds: add /srv to mount and install

We are installing a service to volatile mount /srv directory but we are not creating it on the target. Signed-off-by: Sinan Kaya --- meta/recipes-core/volatile-binds/volatile-binds.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/volatile-binds/volatile-

Re: [OE-core] [meta-oe][PATCH] volatile-binds: add /srv to mount and install

On 18.11.20 23:53, Sinan Kaya wrote: On 11/18/2020 5:40 PM, Konrad Weihmann wrote:     FILES_${PN} += "${systemd_unitdir}/system/*.service" +FILES_${PN}_append = " ${servicedir}" Just out of interest, why does that need to be an append? Why can't that be part of the line above? I can fix

Re: [OE-core] [meta-oe][PATCH] volatile-binds: add /srv to mount and install

On 11/18/2020 5:40 PM, Konrad Weihmann wrote: >>     FILES_${PN} += "${systemd_unitdir}/system/*.service" >> +FILES_${PN}_append = " ${servicedir}" > > Just out of interest, why does that need to be an append? > Why can't that be part of the line above? I can fix that. I copied from a bbappend fi

Re: [OE-core] [meta-oe][PATCH] volatile-binds: add /srv to mount and install

On 18.11.20 23:37, Sinan Kaya wrote: Signed-off-by: Sinan Kaya --- meta/recipes-core/volatile-binds/volatile-binds.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/volatile-binds/volatile-binds.bb b/meta/recipes-core/volatile-binds/volatile-binds.bb index b273293e9a

[OE-core] [meta-oe][PATCH] volatile-binds: add /srv to mount and install

We are installing a service to volatile mount /srv directory but we are not creating it on the target. Signed-off-by: Sinan Kaya --- meta/recipes-core/volatile-binds/volatile-binds.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/volatile-binds/volatile-binds.bb b/meta

[OE-core] YPBZ 14125: busybox wget: where to add openssl-bin dependency?

Hi Shachar, On 2020-11-18 1:49 p.m., Shachar Menashe wrote: About the busybox patch, I realized that Dunfell doesn't come with the "openssl" binary built-in (only the library) but this fix will actually requires having the openssl binary (busybox invokes the openssl binary directly) Do you thi

Re: [OE-core][PATCH v2] systemd: Re-enable chvt as non-root user without polkit

On 11/16/20 8:38 AM, Joshua Watt wrote: systemd 245 introduced a regression in behavior where they removed support for non-root users to chvt from a service file. This prevents running compositors (e.g. weston) as any user other than root. The intention is for polkit to be used to allow this (and

[OE-core] [PATCH] cases/bbtests.py: ensure PACKAGE_CLASSES is set to RPM for bbtests.BitbakeTests.test_force_task_1

From: Chris Laplante This is because the test expects to find "do_package_write_rpm" in the bitbake output. Signed-off-by: Chris Laplante --- meta/lib/oeqa/selftest/cases/bbtests.py | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/lib/oeqa/selftest/cases/bbtests.py b/meta/lib/oeqa/sel

[OE-core] [meta-oe][PATCH RESEND] kernel-uboot: allow compression option to be configurable

While some platforms might choose to compress the kernel by default especially when boot medium is slow, others want uncompressed kernel. The choice of decompression speed vs. load speed is very platform dependent. Allow platform to choose the option here. Signed-off-by: Sinan Kaya --- meta/cl

[OE-core] [PATCH] kernel-uboot: allow compression option to be configurable

While some platforms might choose to compress the kernel by default especially when boot medium is slow, others want uncompressed kernel. The choice of decompression speed vs. load speed is very platform dependent. Allow platform to choose the option here. Signed-off-by: Sinan Kaya --- meta/cl

[OE-core] [PATCH] python3-numpy: Add ldd runtime dependency on ptest package

Fixes E RuntimeError: command ['ldd'] cannot be run Signed-off-by: Khem Raj --- meta/recipes-devtools/python-numpy/python3-numpy_1.19.4.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/python-numpy/python3-numpy_1.19.4.bb b/meta/recipes-devtools/python-nump

[OE-core] [PATCH 2/2] sysvinit: remove bashism to be compatible with dash

From: Fedor Ross Replace the equality operator '==' with '=' inside of '[]' to be compatible with bash and dash. Signed-off-by: Fedor Ross --- meta/recipes-core/sysvinit/sysvinit/rc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/sysvinit/sysvinit/rc b/me

[OE-core] [PATCH 1/2] eudev: remove bashism to be compatible with dash

From: Fedor Ross Remove 'echo -e' and replace it with 'printf'. In bash the builtin 'echo' has an option for interpreting backslash escapes. In a shell like dash the builtin 'echo' interprets backslash escapes by default. Therefor the 'echo' in dash doesn't have the '-e' option. When using 'print

[OE-core] cups: whitelist CVE-2018-6553

This an Ububtu specific issue: The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubu

Re: [OE-core] [PATCH 1/4] libproxy: fix CVE-2020-26154

Thanks for helping with CVE fixes! This first patch is also appropriate for dunfell, so I will cherry-pick it when it hits master. Do you plan to do dunfell versions of the other 3 patches? Steve On Wed, Nov 18, 2020 at 3:22 AM Lee Chee Yang wrote: > > From: Lee Chee Yang > > Signed-off-by: L

[OE-core] [PATCH 4/4] qemu: fix CVE-2020-24352

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-24352.patch| 52 +++ 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch diff --g

[OE-core] [PATCH 2/4] python3: fix CVE-2020-27619

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../python/python3/CVE-2020-27619.patch | 69 +++ meta/recipes-devtools/python/python3_3.9.0.bb | 1 + 2 files changed, 70 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch dif

[OE-core] [PATCH 1/4] libproxy: fix CVE-2020-26154

From: Lee Chee Yang Signed-off-by: Lee Chee Yang --- .../libproxy/libproxy/CVE-2020-26154.patch| 98 +++ .../libproxy/libproxy_0.4.15.bb | 1 + 2 files changed, 99 insertions(+) create mode 100644 meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch d

[OE-core] [PATCH 3/4] python3: whitelist CVE-2020-15523

From: Lee Chee Yang This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath. Since it is .dll issue (on windows only), hence whitelist it. https://bugs.python.org/issue29778 Signed-off-by: Lee Chee Yang --- meta/recipes-devtools/python/