From: Teoh Jay Shen
CVE fixed :
-CVE-2022-2795
-CVE-2022-2881
-CVE-2022-2906
-CVE-2022-3080
-CVE-2022-38178
Notes for BIND 9.18.7
[https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7]
Signed-off-by: Teoh Jay Shen
---
Backport patch from upstream to handle negative time and offset from Epoch[1]
and fix the yocto autobuilder ptest failures for both qemux86-64 and qemuarm64
when
applied this backport patch[2].
[1] 0001-Handle-negative-time-and-offset-from-Epoch.patch backport from
Hi,
On 23/09/2022 16:48:10+0100, Ross Burton wrote:
> The DNF test case exercises a lot of functionality that we don't really
> care about in the runtime QA: we mainly care that DNF is capable of
> connecting to a remote repository and installing a package.
> Specifically, we don't need to
From: Mingli Yu
Add devmem 128-bit support [1].
[1]
https://git.busybox.net/busybox/commit/?id=d432049f288c9acdc4a7caa729c68ceba3c5dca1
Signed-off-by: Mingli Yu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Alexandre Belloni
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 454b85fc612bd060b51ac2b94e36698ed1b76d56)
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/runtime/cases/dnf.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Ruiqiang Hao
Backport some patches from GCC 12 to support arm-v9.
Signed-off-by: Ruiqiang Hao
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/gcc/gcc-11.3.inc| 5 +
...rch64-Update-Neoverse-N2-core-defini.patch | 42 +++
.../0002-aarch64-add-armv9-a-to-march.patch |
From: Ruiqiang Hao
We supported neoversen2 base on armv8.5a in the past, add tune include
for armv9a and support neoversen2 base on armv9a.
Signed-off-by: Ruiqiang Hao
Signed-off-by: Steve Sakoman
---
meta/conf/machine/include/arm/arch-armv9a.inc | 28 +++
From: Xiangyu Chen
Backport a patch to fix the pread02 case trigger the glibc overflow
detection.
Signed-off-by: Xiangyu Chen
Signed-off-by: Steve Sakoman
---
...er-to-avoid-glibc-overflow-detection.patch | 58 +++
meta/recipes-extended/ltp/ltp_20220121.bb | 1 +
2 files
From: Samuli Piippo
Fix multilib sdk issue where gcc is unable to find linker. Previous
fix was in cdd86896c8d29135f937968e9aa07f919cf543d3 using real-ld
symlink, but that prevented switching between bfd and gold linkers.
Running compiler with debug arguments shows that collect2 tries and
fails
From: Samuli Piippo
This reverts commit cdd86896c8d29135f937968e9aa07f919cf543d3.
real-ld is always used if that is found, which means you cannot
switch between bfd and gold linkers using -fuse-ld gcc option.
Signed-off-by: Samuli Piippo
Signed-off-by: Richard Purdie
(cherry picked from
From: Mikko Rapeli
The :append can not be removed via bbappends in custom layers so it's
better to use += appends when ever possible.
(From OE-Core rev: 6604795a3f7e53fd748d4103b521d8baf35cf7be)
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Mikko Rapeli
The :append can not be removed via bbappends if needed. Thus it's better
for open source layers to use += append if possible.
(From OE-Core rev: 1e09be9455fb054b3f74f088b355116828cb4626)
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Mikko Rapeli
The :append can not be removed if needed in other layers.
(From OE-Core rev: e129d2f7e3ba312ab5383397eeabf7273d23a529)
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
(cherry picked from commit 09ed655c2a8a0a246e7dcc745ec89f7a1d13813d)
Signed-off-by: Steve
From: Mikko Rapeli
:append can not be modified in bbappends and thus += is
better in re-usable, generic layers and recipes.
(From OE-Core rev: da88406ba592504a718f516b985adc0d4553080d)
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Mikko Rapeli
+= allows custom layers to change the SRC_URI e.g. when
updating the whole recipe to newer u-boot version.
With :append, there is no way to change the variable
from a bbappend.
(From OE-Core rev: be96b384ce964ff14536d3bc40c89851a12dfb60)
Signed-off-by: Mikko Rapeli
From: Robert Joslyn
Signed-off-by: Robert Joslyn
Signed-off-by: Richard Purdie
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff
From: Dmitry Baryshkov
Add packages for the new Qualcomm firmware released for Lenovo X13s
laptop.
The INSANE_SKIP:${PN} has to be provided to silent following warnings:
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn' from
linux-firmware was already stripped, this will
From: Dmitry Baryshkov
License-Update: additional files
Signed-off-by: Dmitry Baryshkov
Signed-off-by: Richard Purdie
(cherry picked from commit 68ce822b765a7b67f8cc8590688860cc2530cf04)
Signed-off-by: Steve Sakoman
---
...{linux-firmware_20220708.bb => linux-firmware_20220913.bb} | 4 ++--
From: Richard Purdie
With recent kernel changes in stable, the full path to python was being
encoded into binaries and python install files. Add some workarounds
for both issues to fix build reproducibility issues.
Signed-off-by: Richard Purdie
(cherry picked from commit
From: Bruce Ashfield
commit b627b8bd17501400649d38bf61c8a3d2121a1b8f (HEAD -> master,
origin/master, origin/HEAD)
Author: Bruce Ashfield
Date: Sun Sep 18 16:36:43 2022 -0400
symbol_why: allow options to be flagged as built-in or module
Some options that are
From: Bruce Ashfield
As reported by Peter Hoyes, in some very specific configurations
the processing done by the kern-tools results in errors. This is
due to the bad creation of relative paths to patches and configuration.
This is fixed by the following kern-tools commit (based on a similar
From: Bruce Ashfield
In situations where a buid needs to be reproducible, it is
sometimes desireable to use a patches author date, versus the
time when it is applied. This generates a consistent hash
between different patch applications.
We leverage the existing KERNEL_DEBUG_TIMESTAMPS to
From: Bruce Ashfield
Integrating the following commit(s) to linux-yocto/.:
1128d7bcdcd acpi: fix defaults for x86 and qemuarm64
Signed-off-by: Bruce Ashfield
Signed-off-by: Steve Sakoman
---
.../linux/linux-yocto-rt_5.15.bb | 4 ++--
.../linux/linux-yocto-tiny_5.15.bb
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
dd20085f2a88 Linux 5.15.68
e04b25638aef ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency
154e72a4b381 perf machine: Use path__join() to compose a path instead of
snprintf(dir,
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
633c3b4c71bb Linux 5.15.65
572b646c8d93 net: neigh: don't call kfree_skb() under spin_lock_irqsave()
facf99bc3a95 net/af_packet: check len when min_header_len equals to 0
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
addc9003c2e8 Linux 5.15.63
b92be74cb2da xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
1350a4cdfbe6 xfs: revert "xfs: actually bump warning counts when we send
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
f1101295c145 Linux 5.10.143
71d3adbb2890 arm64: errata: add detection for AMEVCNTR01 incrementing
incorrectly
202341395ce3 hwmon: (mr75203) enable polling for all VM channels
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
0b8e37cbaa76 Linux 5.10.141
bdc786d737ec net: neigh: don't call kfree_skb() under spin_lock_irqsave()
4931af31c402 net/af_packet: check len when min_header_len equals to 0
From: Richard Purdie
Includes a fix for CVE-2022-3234.
Signed-off-by: Richard Purdie
(cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Steve Sakoman
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
From: Richard Purdie
Changes since the previous public release (version 1.6.37)
--
* Added configurations and scripts for continuous integration.
* Fixed various errors in the handling of tRNS, hIST and eXIf.
* Implemented many
From: Sundeep KOKKONDA
Below commits on glibc-2.35 development branch are updated.
f8ad66a4ca nscd: Fix netlink cache invalidation if epoll is used [BZ #29415]
9e960717e1 Apply asm redirections in wchar.h before first use
577c2fc7f3 elf: Call __libc_early_init for reused namespaces (bug 29528)
From: Florin Diaconescu
Changelog:
=
Security fixes:
#629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
Bug
From: Florin Diaconescu
Changelog:
=
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version " and
From: pgowda
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5]
Signed-off-by: pgowda
Signed-off-by: Steve Sakoman
---
.../binutils/binutils-2.38.inc| 1 +
.../binutils/0016-CVE-2022-38126.patch
From: Teoh Jay Shen
Signed-off-by: Teoh Jay Shen
Signed-off-by: Steve Sakoman
---
.../inetutils/inetutils/CVE-2022-39028.patch | 54 +++
.../inetutils/inetutils_2.2.bb| 1 +
2 files changed, 55 insertions(+)
create mode 100644
From: Teoh Jay Shen
Upstream-Status: Backport
[https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479]
Signed-off-by: Teoh Jay Shen
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2022-27664.patch |
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4265
The following changes since commit f7766da462905ec67bf549d46b8017be36cd5b2a:
On Sun, Sep 25, 2022 at 7:35 AM Changhyeok Bae
wrote:
> Signed-off-by: Changhyeok Bae
> ---
> meta/recipes-connectivity/iproute2/iproute2.inc | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc
>
Branch: kirkstone
New this week: 8 CVEs
CVE-2022-2795 (CVSS3: 7.5 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 *
CVE-2022-2881 (CVSS3: 8.2 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2881 *
CVE-2022-2906 (CVSS3: 7.5 HIGH): bind
Signed-off-by: Changhyeok Bae
---
.../iproute2/iproute2.inc | 89 --
.../iproute2/iproute2_5.19.0.bb | 91 ++-
2 files changed, 89 insertions(+), 91 deletions(-)
delete mode 100644 meta/recipes-connectivity/iproute2/iproute2.inc
Signed-off-by: Changhyeok Bae
---
meta/recipes-connectivity/iproute2/iproute2.inc | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc
b/meta/recipes-connectivity/iproute2/iproute2.inc
index b1bcc1434c..c292b95e36 100644
---
Branch: dunfell
New this week: 7 CVEs
CVE-2022-2795 (CVSS3: 7.5 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 *
CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 *
CVE-2022-3234
Branch: master
New this week: 4 CVEs
CVE-2022-2795 (CVSS3: 7.5 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 *
CVE-2022-2881 (CVSS3: 8.2 HIGH): bind
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2881 *
CVE-2022-2906 (CVSS3: 7.5 HIGH): bind
43 matches
Mail list logo