[OE-core] OE-core CVE metrics for master on Sun 10 Oct 2021 06:19:07 AM HST

Branch: master New this week: 3 CVEs CVE-2021-22945: curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22945 * CVE-2021-22946: curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22946 * CVE-2021-22947: curl:curl-native https://web.nvd.nist.gov/vi

[OE-core] OE-core CVE metrics for dunfell on Sun 10 Oct 2021 06:23:21 AM HST

Branch: dunfell New this week: 1 CVEs CVE-2020-21913: icu:icu-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21913 * Removed this week: 2 CVEs CVE-2021-28041: openssh https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28041 * CVE-2021-3778: vim https://web.nvd.nist.gov

[OE-core] OE-core CVE metrics for hardknott on Sun 10 Oct 2021 06:27:12 AM HST

Branch: hardknott New this week: 2 CVEs CVE-2021-22945: curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22945 * CVE-2021-22946: curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22946 * Removed this week: 2 CVEs CVE-2019-6470: bind https://we

[OE-core] [PATCH v2] license: Allow treating missing license as error

Use mechanism inspired by insane.bbclass to allow individual recipes or other configuration to determine whether a missing licence should be treated as a warning (as it is now) or as an error. This is controlled by whether the error class is in WARN_LICENSE or ERROR_LICENSE. Use bb.fatal in the er

Re: [OE-core] [PATCH] license: Allow treating missing license as error

On Saturday 09 October 2021 at 15:51:35 +, Peter Kjellerstedt wrote: > > -Original Message- > > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Mike Crowe via > > lists.openembedded.org > > Sent: den 8 oktober 2021 10:54 > > To: openembedded-c

[OE-core] [PATCH 02/13] rust: update 1.54.0 -> 1.55.0

Signed-off-by: Alexander Kanavin --- meta/conf/distro/include/tcmode-default.inc | 2 +- ..._1.54.0.bb => cargo-cross-canadian_1.55.0.bb} | 0 .../cargo/{cargo_1.54.0.bb => cargo_1.55.0.bb} | 0 .../{libstd-rs_1.54.0.bb => libstd-rs_1.55.0.bb} | 0 ...n_1.54.0.bb => rust-cross-canadian

[OE-core] [PATCH 03/13] librsvg: update 2.40.21 -> 2.52.0 (transition to rust!)

After some poking and hacking I have arrived to the settings that work. Please refer to the commit for details. Some of these issues may re-occur in other components; in that case we need to come up with more generic solutions or upstream fixes. So far, it's a learning exercise for everybody in g

[OE-core] [PATCH 04/13] librsvg: do not enable nativesdk

From: Alexander Kanavin rust is not currently available for nativesdk builds: WARNING: Nothing PROVIDES 'nativesdk-libstd-rs' (but virtual:nativesdk:/home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/librsvg/librsvg_2.52.0.bb DEPENDS on or otherwise requires it). Close matches: WARNI

[OE-core] [PATCH 07/13] librsvg: restore reproducibility

Signed-off-by: Alexander Kanavin --- ...ps-sort-dependencies-before-using-th.patch | 53 +++ meta/recipes-gnome/librsvg/librsvg_2.52.0.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-gnome/librsvg/librsvg/0001-vendor-system-deps-sort-dependencies-be

[OE-core] [PATCH 06/13] librsvg: use only the target architecture to determine availability of atomic primitives

This eliminates the hardcoded list of rust targets which can't possibly include everything from OE universe. Signed-off-by: Alexander Kanavin --- ...check-only-the-architecture-not-the-.patch | 148 ++ meta/recipes-gnome/librsvg/librsvg_2.52.0.bb | 1 + 2 files changed, 149 in

[OE-core] [PATCH 09/13] gstreamer1.0-plugins-bad: disable rsvg on x32

librsvg throws: | error[E0080]: erroneous constant used |--> /home/alex/development/poky/build-x32/tmp/work/x86_64_x32-poky-linux-gnux32/librsvg/2.52.0-r0/librsvg-2.52.0/vendor/thin-slice/src/lib.rs:111:25 | | | 111 | } else if len < TAG_LIMIT { | | Signed-off-by: Alexander K

[OE-core] [PATCH 01/13] rust: drop PV from include file names

This complicates (semi) automated upgrades, and isn't necessary as we carry only a single version of the toolchain. Signed-off-by: Alexander Kanavin --- .../cargo/cargo-cross-canadian_1.54.0.bb | 4 ++-- meta/recipes-devtools/cargo/cargo_1.54.0.bb| 4 ++-- ...initions-for-riscv64-mus

[OE-core] [PATCH 10/13] rust/cargo: exclude UNINATIVE_LOADER from task signature

Signed-off-by: Alexander Kanavin --- meta/recipes-devtools/cargo/cargo.inc | 2 ++ meta/recipes-devtools/rust/rust.inc | 1 + 2 files changed, 3 insertions(+) diff --git a/meta/recipes-devtools/cargo/cargo.inc b/meta/recipes-devtools/cargo/cargo.inc index 71e1c64f72d..607c51fc3d1 100644 --- a

[OE-core] [PATCH 12/13] rust: do not write ar into target json definitions

latest rust does not use it and prints a ton of warnings because of it. Signed-off-by: Alexander Kanavin --- meta/recipes-devtools/rust/rust-common.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-devtools/rust/rust-common.inc b/meta/recipes-devtools/rust/rust-common.inc inde

[OE-core] [PATCH 13/13] rust: generate target definitions from (arch, abi), not just arch

This allows to add the missing x32 definition and others in the future. Signed-off-by: Alexander Kanavin --- meta/recipes-devtools/rust/rust-common.inc | 57 +- meta/recipes-devtools/rust/rust-cross.inc | 4 +- 2 files changed, 38 insertions(+), 23 deletions(-) diff --git

[OE-core] [PATCH 08/13] adwaita-icon-theme: update 3.34/38 -> 41.0

The original reason to pin the version (outdated librsvg) no longer applies. Signed-off-by: Alexander Kanavin --- meta/conf/distro/include/default-versions.inc | 2 - ...1-Don-t-use-AC_CANONICAL_HOST-3.34.3.patch | 27 .../0001-Don-t-use-AC_CANONICAL_HOST.patch| 6 +-- ...-ins

[OE-core] [PATCH 05/13] librsvg: add backports to fix big endian targets (e.g. mips)

Signed-off-by: Alexander Kanavin --- ...GdkPixbufRGBA-start-naming-types-and.patch | 81 ++ .../librsvg/0002-New-ToPixel-trait.patch | 100 ++ .../librsvg/0003-New-ToCairoARGB-trait.patch | 81 ++ .../0004-impl-ToPixel-for-CairoARGB.patch | 49

[OE-core] [PATCH 11/13] rust-common.bbclass: rewrite toolchain wrappers in (native) python

librsvg on centos 7 and friends exhibits the same libtinfo leakage problem, this time coming from the compiler and not the linker. Simply covering the compiler by the existing C wrapper-of-wrapper does not work, as rust-native builds put Important Stuff into LD_LIBRARY_PATH and unsetting it breaks

Re: [OE-core] [PATCH 01/26] meson: update 0.58.1 -> 0.59.1

On 9/9/21 02:01, Alexander Kanavin wrote: CAUTION: Email originated externally, do not click links or open attachments unless you recognize the sender and know the content is safe. Drop 0003-native_bindir.patch: it doesn't seem to actually define anything where the use_native parameter is se

[OE-core] How to trigger Yocto Linux /etc/profile or shell scripts in /etc/profile.d without shell logging in?

Hi, The Yocto uses /etc/profile for root login, but there is no root physical login in an embedded device so the /etc/profile is never called, I added a shell script to /etc/profile.d, it was not called either. Both /etc/profile and scripts in /etc/profile.d can only be invoked when I physically l

Re: [OE-core] How to trigger Yocto Linux /etc/profile or shell scripts in /etc/profile.d without shell logging in?

On Sun, Oct 10, 2021 at 9:30 PM JH wrote: > The Yocto uses /etc/profile for root login, but there is no root > physical login in an embedded device so the /etc/profile is never > called, I added a shell script to /etc/profile.d, it was not called > either. Both /etc/profile and scripts in /etc/pr

Re: [OE-core] How to trigger Yocto Linux /etc/profile or shell scripts in /etc/profile.d without shell logging in?

Hi Jupiter, /etc/profile and similar are interactive shell (/bash) concepts, not really system startup ones. So indeed: just on a login (be it local, ssh and so on) they are executed. If you want to execute something else without the need for logging it, you should look elsewhere, depending on you