I'd like to take a deeper look at this, please hold.
Alex
On Tue, 15 Jun 2021 at 10:12, Alexander Kanavin via lists.openembedded.org
wrote:
> weston tests start additional compositors, other tests are also
> heavy on RAM, weston itself takes 256M with opengl enabled,
> so 512M causes OOM errors
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
recently the expat upstream sources have been renamed to
${PN}-{PV}-RENAMED-VULNERABLE-PLEASE-USE-2.4.1-INSTEAD.tar.xz
which causes the fetch to fail. This effects all layers except master.
IMO we now have two options:
1. change the SRC_URI and
On 2021-06-15 6:12 p.m., Alejandro Enedino Hernandez Samaniego wrote:
**[Please note: This e-mail is from an EXTERNAL e-mail address]
On 6/1/21 9:09 AM, Trevor Gamblin wrote:
Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.
CVE: CVE-2021-2289
[Re: [swat] ltp failures on autobuilder] On 11/06/2021 (Fri 14:19) Richard
Purdie wrote:
> On Fri, 2021-06-11 at 12:36 +0100, Richard Purdie via lists.yoctoproject.org
> wrote:
> > as a .cfg to the kernel and that still reproduced the crash. However:
> >
> > CONFIG_DEBUG_KERNEL=y
> > CONFIG_CGR
The patch backported to address CVE-2021-22890 was missing a bracket to
properly close out the logic in lib/vtls/wolfssl.c. Fix this so to avoid
any surprise failures when using curl with hardknott.
Also fix the CVE designation in the patch descriptions for CVEs
CVE-2021-22890 and CVE-2021-22876 s
Please review this next set of patches for dundell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2247
The following changes since commit 2246b0d7a71c69eb2e89c55991d1387069895466:
kernel-devicetree
From: Lee Chee Yang
updates include fixes for
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216
CVE-2020-8625 fixed in 9.11.28, so drop that patch
Signed-off-by: Lee Chee Yang
tmp
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
.../bind/bind/CVE-2020-8625.patch | 17
From: Lee Chee Yang
Signed-off-by: Lee Chee Yang
Signed-off-by: Steve Sakoman
---
.../CVE-2021-3497.patch | 207 ++
.../CVE-2021-3498.patch | 44
.../gstreamer1.0-plugins-good_1.16.3.bb | 2 +
3 files changed, 253 insert
From: Kai Kang
Signed-off-by: Kai Kang
Signed-off-by: Richard Purdie
(cherry picked from commit 0478d9b04d6a6d10e439116b23b641a1e2553e26)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/valgrind/valgrind_3.15.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta
From: Lee Chee Yang
This release includes security fixes.
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
CVE-2020-25613 fixed in 2.7.2, do drop the patch
release notes for 2.7.2 and 2.7.3
https://www.ruby-lang.org/en/news/2020/10/02/
From: Lee Chee Yang
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before
3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable
to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by
using a vector called parameter cloaking. W
From: Andrea Adami
The routine do_sizecheck() was historically needed by legacy
devices with limited flash memory.
The lowest extreme is probably with Zaurus collie having exactly
1024*1024 = 1048576 bytes for the kernel partition.
In the years the KERNEL_IMAGE_MAXSIZE has been converted to kilo
It seems that mesa, for some reason, allocates a lot more RAM in qemuarm64
(150 Mb more or so), than it does in qemux86_64. I'll investigate.
Alex
On Wed, 16 Jun 2021 at 12:06, Alexander Kanavin via lists.openembedded.org
wrote:
> I'd like to take a deeper look at this, please hold.
>
> Alex
>
On Wed, 2021-06-16 at 08:56 -0400, Paul Gortmaker wrote:
> [Re: [swat] ltp failures on autobuilder] On 11/06/2021 (Fri 14:19) Richard
> Purdie wrote:
>
> > On Fri, 2021-06-11 at 12:36 +0100, Richard Purdie via
> > lists.yoctoproject.org wrote:
> > > as a .cfg to the kernel and that still reprodu
We've seen some reproducibility issues on the autobuilder in perf where the
size of the python module varies slightly between systems. After some head
scratching and removing the --quiet option to the python module build,
you can see it using -Lrecipe-sysroot-native in the linking commandline
for t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
Additio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
P.S.: I am not too familiar with expat, this particular CVE, not with
the practise of backporting security patches, so someone(TM) should
definitely take a closer look at this first.
- --
With best regards
Jasper Orschulko
DevOps Engineer
Tel. +4
On Wed, Jun 16, 2021 at 4:49 AM Jasper Orschulko
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> P.S.: I am not too familiar with expat, this particular CVE, not with
> the practise of backporting security patches, so someone(TM) should
> definitely take a closer look at this firs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Steve!
Thanks for the quick feedback! I just noticed that the archive folder
structure from sourceforge differs to to the git content, thus the
"inner" patch currently fails. Oops!
I'm thinking about setting the git repository as SRC_URI, as the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
P.S.: I was looking
at
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Example:_CVE_patch_header
and this page as far as I can tell only mentions the patch header
convention, not the file name itself. Maybe this needs an update? :)
Hi Bruce and Steve,
> Von: Bruce Ashfield
> On Fri, Jun 4, 2021 at 11:09 AM Steve Sakoman wrote:
> >
> > On Fri, Jun 4, 2021 at 2:45 AM Jonas Mark (BT-FIR/ENG1-Grb)
> > wrote:
> > >
> > > Hi,
> > >
> > > We are using DT overlays and have the need to pass the -@ parameter
> > > in DTC_FLAGS to
On Wed, Jun 16, 2021 at 5:28 AM Jonas Mark (BT-FIR/ENG1-Grb)
wrote:
>
> Hi Bruce and Steve,
>
> > Von: Bruce Ashfield
>
> > On Fri, Jun 4, 2021 at 11:09 AM Steve Sakoman wrote:
> > >
> > > On Fri, Jun 4, 2021 at 2:45 AM Jonas Mark (BT-FIR/ENG1-Grb)
> > > wrote:
> > > >
> > > > Hi,
> > > >
> > >
On Wed, Jun 16, 2021 at 5:17 AM Jasper Orschulko
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi Steve!
>
> Thanks for the quick feedback! I just noticed that the archive folder
> structure from sourceforge differs to to the git content, thus the
> "inner" patch currently fails
perhaps i've just never noticed before, but a colleague asked me to
debug some strangeness with his WRLinux build, and what i noticed was
that the recipe that generated a package with a single (aarch64)
executable created WORKDIRs under both directories:
* cortexa53...
* acme-coyote
Part of the WORKDIR component is the target (package) architecture. If the
recipe or one of it's inherits sets PACKAGE_ARCH = "${MACHINE_ARCH}" it will
move the component.
Where I've seen both directories used is when someone is building for multiple
target boards.. and some of the targets use th
On Wed, Jun 16, 2021 at 9:30 AM Robert P. J. Day wrote:
> perhaps i've just never noticed before, but a colleague asked me to
> debug some strangeness with his WRLinux build, and what i noticed was
> that the recipe that generated a package with a single (aarch64)
> executable created WORKDIRs u
expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
Additionally, the SRC_URI had to be adjusted due to rena
From: Ed Tanous
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. This commit sets ENABLE_HPACK_TOOLS=OFF, which no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Revision of the the patch file. Please verify. :)
- --
With best regards
Jasper Orschulko
DevOps Engineer
Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com
• • • • • • • • • • • • • • • • • • • • • • • • • •
iri
Signed-off-by: Khem Raj
---
meta/classes/linuxloader.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/linuxloader.bbclass b/meta/classes/linuxloader.bbclass
index 1b64be6405..4447c8847c 100644
--- a/meta/classes/linuxloader.bbclass
+++ b/meta/classes/linuxloader.bbclass
This ensures the glibc based binaries can find it in right place
Signed-off-by: Khem Raj
---
meta/recipes-core/musl/gcompat_git.bb | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/musl/gcompat_git.bb
b/meta/recipes-core/musl/gcompat_git.bb
in
On 6/16/21 11:19 AM, e...@tanous.net wrote:
From: Ed Tanous
For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again. T
As the generated local.conf includes BBMULTICONFIG, the referenced files
in conf/multiconfig also need to be copied. Otherwise with
BBMULTICONFIG="abc" for instance, building the esdk fails with:
ERROR: ParseError at
tmp/build-glibc/work/qemux86_64-oe-linux/core-image-ssh/1.0-r0/sdk-ext/image/tm
On 6/16/21 3:27 PM, Justin Bronder wrote:
As the generated local.conf includes BBMULTICONFIG, the referenced files
in conf/multiconfig also need to be copied. Otherwise with
BBMULTICONFIG="abc" for instance, building the esdk fails with:
ERROR: ParseError at
tmp/build-glibc/work/qemux86_64-oe
From: Bruce Ashfield
linux-yocto-dev tracks the latest mainline kernel, and uses
standard/* for that support.
Archived -dev versions are under v/standard/base.
This policy works, except that a released branch will still follow
the new kernel versions, causing potential breakage with newer
kerne
From: Bruce Ashfield
Richard,
Here's my queued set of update to linux -yocto. These are -stable, and of
course the AB INT fix provided by paulg.
The other change is one to the -dev kernel that allows the single AUTOREV
recipe to continue to work in older releases as we march through newer
kerne
From: Bruce Ashfield
Integrating the following commit(s) to linux-yocto/5.10:
bdda1b6cf99b aufs5: aufs-core
2fa276071d07 aufs5: aufs-standalone
06ed4d532456 aufs5: aufs-mmap
372857834999 aufs5: aufs-kbuild
fd68c9840693 aufs5: aufs-base
Signed-off-by: Bruce Ashfield
---
...
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
3909e2374335 Linux 5.4.125
d99029e6aab6 neighbour: allow NUD_NOARP entries to be forced GCed
8e0bb29446d1 i2c: qcom-geni: Suspend and resume the bus during
SYSTEM_S
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
70154d2f82a9 Linux 5.4.124
23c7e3235a3a usb: core: reduce power-on-good delay time of root hub
241abccc8a33 neighbour: Prevent Race condition in neighbour subsytem
From: Bruce Ashfield
Integrating the following commit(s) to linux-yocto/5.10:
ab49d2db98bd cgroup1: fix leaked context root causing sporadic NULL deref
in LTP
PaulG tracked down the AB intermittent issues and generated a kernel
patch.
See:
https://lore.kernel.org/lkml/20210616125157.4388
From: Bruce Ashfield
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
951358a824f9 Linux 5.10.43
d17d47da59f7 neighbour: allow NUD_NOARP entries to be forced GCed
6b53db8c4c14 xen-netback: take a reference to the RX task thread
31
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I just noticed (additionally to the fact that I messed up the path in
my patch), that the original do_configure_prepend task actually is not
necessary, as there is no ${S}/conftools/libtool.m4 in the 2.9.9
release (neither git, nor sourceforge). Whil
On Sun, 2021-06-06 at 21:51 +0200, Alexander Kanavin wrote:
> On Sun, 6 Jun 2021 at 01:10, Richard Purdie
> wrote:
> > I tried again with the autobuilder, still fails:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/48/builds/3516
> >
> > so whatever it is, it is still "live".
>
0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
removed since it is included in 1.2.5.1
Signed-off-by: Wang Mingyu
---
...de-limits.h-explicitly-to-fix-build-.patch | 41 ---
...{alsa-lib_1.2.5.bb => alsa-lib_1.2.5.1.bb} | 5 +--
2 files changed, 2 insertions(+),
Signed-off-by: Wang Mingyu
---
.../alsa/{alsa-ucm-conf_1.2.5.bb => alsa-ucm-conf_1.2.5.1.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-multimedia/alsa/{alsa-ucm-conf_1.2.5.bb =>
alsa-ucm-conf_1.2.5.1.bb} (85%)
diff --git a/meta/recipes-multimedia/alsa/alsa-uc
0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch
removed since it is included in 1.2.5.1
Signed-off-by: Wang Mingyu
---
...1.2.5.bb => alsa-utils-scripts_1.2.5.1.bb} | 0
meta/recipes-multimedia/alsa/alsa-utils.inc | 5 +--
...a-utils_1.2.5.bb => alsa-utils_1.2.5.1.bb} | 0
.
Signed-off-by: Wang Mingyu
---
...sa-topology-conf_1.2.5.bb => alsa-topology-conf_1.2.5.1.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-multimedia/alsa/{alsa-topology-conf_1.2.5.bb =>
alsa-topology-conf_1.2.5.1.bb} (84%)
diff --git a/meta/recipes-multimedia/al
On 2021-06-09 10:17 p.m., Khem Raj wrote:
Even though it is deprecated in GCC 6 [1] it has not yet been
removed from gcc upstream. We do have active machines in OE
ecosystem which use armv4 ( SA11xx ) e.g. collie in meta-handheld
so until upstream gcc takes next step to remove them
lets support a
refresh 0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
Signed-off-by: Wang Mingyu
---
...not-set-PYTHON_INSTALL_DIR-by-running-python.patch | 11 +++
...{createrepo-c_0.17.2.bb => createrepo-c_0.17.3.bb} | 2 +-
2 files changed, 8 insertions(+), 5 deletions(-)
rename meta/r
Signed-off-by: Wang Mingyu
---
.../enchant/{enchant2_2.2.15.bb => enchant2_2.3.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/enchant/{enchant2_2.2.15.bb => enchant2_2.3.0.bb}
(92%)
diff --git a/meta/recipes-support/enchant/enchant2_2.2.15.bb
CVE-2018-10689.patch
ldflags.patch
make-btt-scripts-python3-ready.patch
removed since they're included in 1.3.0
Signed-off-by: Wang Mingyu
---
.../blktrace/blktrace/CVE-2018-10689.patch| 150 -
.../blktrace/blktrace/ldflags.patch | 114 --
.../make-btt-scripts-p
refresh 0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch
Signed-off-by: Wang Mingyu
---
...o-obtain-PYTHON_INSTALL_DIR-by-running-p.patch | 15 +--
.../{librepo_1.14.0.bb => librepo_1.14.1.bb} | 2 +-
2 files changed, 10 insertions(+), 7 deletions(-)
rename meta
On Wed, Jun 16, 2021 at 4:59 PM Randy MacLeod
wrote:
> On 2021-06-09 10:17 p.m., Khem Raj wrote:
> > Even though it is deprecated in GCC 6 [1] it has not yet been
> > removed from gcc upstream. We do have active machines in OE
> > ecosystem which use armv4 ( SA11xx ) e.g. collie in meta-handheld
refresh 0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
Signed-off-by: Zheng Ruoqin
---
...-not-set-PYTHON_INSTALL_DIR-by-running-python.patch | 10 +-
.../{libcomps_0.1.16.bb => libcomps_0.1.17.bb} | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
rename meta
Signed-off-by: Zheng Ruoqin
---
.../{python3-dbusmock_0.23.0.bb => python3-dbusmock_0.23.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-dbusmock_0.23.0.bb =>
python3-dbusmock_0.23.1.bb} (83%)
diff --git a/meta/recipes-devtools/python/p
Signed-off-by: Zheng Ruoqin
---
.../nfs-utils/{nfs-utils_2.5.3.bb => nfs-utils_2.5.4.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/nfs-utils/{nfs-utils_2.5.3.bb =>
nfs-utils_2.5.4.bb} (98%)
diff --git a/meta/recipes-connectivity/nfs-utils/nfs
56 matches
Mail list logo
