[OE-core] [dunfell][PATCH] curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response

Upstream-Status: Backport from https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2022-43552.patch| 82 +++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 83

[OE-core] [PATCH][kirkstone] package.bbclase: Add check for /build in copydebugsources()

This is needed when the SDK or eSDK is installed in a /build top level directory as it conflicts with the build directory within the existing /usr/src/debug/build (which is really a link). Rename it and then do the copy, this is not an issue with master currently due to some other changes that

Re: [OE-core] [PATCH] package.bbclase: Add check for /build in copydebugsources()

On 2/20/23 14:40, Richard Purdie wrote: On Mon, 2023-02-20 at 13:30 -0800, Saul Wold wrote: This is needed when the SDK or eSDK is installed in a /build top level directory as it conflicts with the build directory within the existing /usr/src/debug/build (which is really a link). Rename it

[OE-core] [PATCH v2] mesa: provide support for packing development and testing tools

Mesa contains several optional tools that can be useful for application and driver developers. Add a packageconfig option to build a mesa-tools package containing relevant programs. Note, the fdperf tool for the freedreno depends on libconfig, which is not a part of oe-core, thus this tool is not

Re: [OE-core] [PATCH] package.bbclase: Add check for /build in copydebugsources()

On Mon, 2023-02-20 at 13:30 -0800, Saul Wold wrote: > This is needed when the SDK or eSDK is installed in a /build top level > directory as it conflicts with the build directory within the existing > /usr/src/debug/build (which is really a link). Rename it and then do the > copy,  > > this is

[OE-core][dunfell 16/16] busybox: rm temporary files if do_compile was interrupted

From: Antonin Godard To avoid working with undeterministic config files, remove all the temporary files to start from scratch. Signed-off-by: Antonin Godard Signed-off-by: Steve Sakoman --- meta/recipes-core/busybox/busybox.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git

[OE-core][dunfell 15/16] busybox: always start do_compile with orig config files

From: Antonin Godard When compiling busybox a second time (e.g. with `compile -f`), busybox can use an altered autoconf.h file for compiling, which can ultimately produces different and unwanted binaries. This can produce errors like this one: ERROR: busybox-1.35.0-r0 do_package: Error

[OE-core][dunfell 14/16] oeqa context.py: fix --target-ip comment to include ssh port number

From: Mikko Rapeli Providing ssh port number is supported too with "--target-ip 192.168.0.10:22". Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie (cherry picked from commit 637919b9df0abc06da5b2f9b389cf25376bd6b7c) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/runtime/context.py

[OE-core][dunfell 12/16] meta: remove True option to getVar and getVarFlag calls (again)

From: Martin Jansa * True is default since 2016 and most layers were already updated not to pass this parameter where not necessary, e.g. oe-core was updated couple times, first in: https://git.openembedded.org/openembedded-core/commit/?id=7c552996597faaee2fbee185b250c0ee30ea3b5f

[OE-core][dunfell 13/16] libc-locale: Fix on target locale generation

From: Richard Purdie If on target locale generation is used, it fails at first boot showing errors about a missing directory. Ensure the directory exists. Signed-off-by: Richard Purdie (cherry picked from commit f2844c9f1bbb729562063d96a3d1cc9d44dafa0a) Signed-off-by: Steve Sakoman ---

[OE-core][dunfell 11/16] oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal

From: Alexander Kanavin This does not actually guarantee that the child runqemu process has completely exited: poll() may return prematurely while the SIGTERM handler in runqemu is still running. This thwarts the rest of the processing, and may terminate the handler before it completes. Use

[OE-core][dunfell 10/16] make-mod-scripts: Ensure kernel build output is deterministic

From: Richard Purdie The definitions in linux-kernel-base are needed to ensure the generated headers are consistent. This was a small step that was missing from the previous changes to linux-kernel-base as both kernel-devsrc and make-mod-scripts need this information defined consistently.

[OE-core][dunfell 09/16] classes/fs-uuid: Fix command output decoding issue

From: Pawel Zalewski The default return value from subprocess.check_output is an encoded byte. The applied fix will decode the value to a string. Signed-off-by: Pawel Zalewski Signed-off-by: Alexandre Belloni (cherry picked from commit 046769fa952a511865c416b80d10af6287147fb7) Signed-off-by:

[OE-core][dunfell 08/16] git: ignore CVE-2022-41953

From: Ross Burton This is specific to Git-for-Windows. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit c8849af809e0213d43e18e5d01067eeeb61b330d) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/git.inc | 2 ++ 1 file changed, 2 insertions(+)

[OE-core][dunfell 07/16] quilt: use upstreamed faildiff.test fix

From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 50b81a263187af4452d3b99967bffd01c6ddb476) Signed-off-by: Steve Sakoman --- .../quilt/quilt/faildiff-order.patch | 47 --- 1 file

[OE-core][dunfell 06/16] quilt: fix intermittent failure in faildiff.test

From: Ross Burton This test assumes that if a child process writes one line to stderr and then another line to stdout, and stderr is redirected to stdout, that the order the lines will be read is stable. This isn't the case and occasionally the lines will be read in a different order. Change

[OE-core][dunfell 05/16] nativesdk: Handle chown/chgrp calls in nativesdk do_install tasks

From: Richard Purdie We disable the useradd code for nativesdk targets since we don't support postinstalls or multiple users in those cases. This means any usage of chown/chgrp inside do_install tasks won't work and would have to be conditional. Rather than require all recipes to do that, add

[OE-core][dunfell 04/16] git: CVE-2022-23521 gitattributes parsing integer overflow

From: Hitendra Prajapati Backport from: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24 https://github.com/git/git/commit/8d0d48cf2157cfb914db1f53b3fe40785b86f3aa https://github.com/git/git/commit/24557209500e6ed618f04a8795a111a0c491a29c

[OE-core][dunfell 03/16] sudo: Fix CVE-2023-22809

From: Omkar Patil Add CVE-2023-22809.patch to fix CVE-2023-22809. Signed-off-by: Omkar Patil Signed-off-by: pawan Signed-off-by: Steve Sakoman --- .../sudo/files/CVE-2023-22809.patch | 113 ++ meta/recipes-extended/sudo/sudo_1.8.32.bb | 1 + 2 files changed,

[OE-core][dunfell 02/16] qemu: fix CVE-2021-3929 nvme DMA reentrancy issue leads to use-after-free

From: Vivek Kumbhar Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-3929.patch | 78 +++ 2 files changed, 79 insertions(+) create mode 100644

[OE-core][dunfell 01/16] qemu: Fix slirp determinism issue

Add a PACKAGECONFIG option for slirp, defaulting to internal. This avoids the presence of libslirp on the host causing qemu to link against that instead breaking reproducibility and usability of the binary on hosts where the library isn't present. We need to add it to PACKAGECONFIG by default

[OE-core][dunfell 00/16] Patch review

Please review this set of patches for dunfell and have comments back by end of day Wednesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4950 The following changes since commit daaee6fcb0d201f041678af433d8e1cd6f924d09:

[OE-core] [PATCH] package.bbclase: Add check for /build in copydebugsources()

This is needed when the SDK or eSDK is installed in a /build top level directory as it conflicts with the build directory within the existing /usr/src/debug/build (which is really a link). Rename it and then do the copy, this is not an issue with master currently due to some other changes that

Re: [OE-core] [meta-ti][kirkstone][PATCH] ti-img-rogue-umlibs: drop unused patch

Wrong mailing list! Sorry, please drop this patch Jose Jose Quaresma via lists.openembedded.org escreveu no dia segunda, 20/02/2023 à(s) 17:41: > Signed-off-by: Jose Quaresma > --- > ...kefile-handle-firmware-with-usrmerge.patch | 32 --- > 1 file changed, 32 deletions(-) >

Re: [OE-core] [meta-ti][master/kirkstone][PATCH] ti-img-rogue-umlibs: handling the firmware installation with usrmerge

Wrong mailing list! Sorry, please drop this patch Jose Jose Quaresma via lists.openembedded.org escreveu no dia segunda, 20/02/2023 à(s) 17:41: > The ti-img-rogue-umlibs package is not obeying usrmerge distro feature. > /lib should be relocated to /usr. [usrmerge] > > Signed-off-by: Jose

[OE-core] Current high bug count owners for Yocto Project 4.2

All, Below is the list as of top 32 bug owners as of the end of WW07 of who have open medium or higher bugs and enhancements against YP 4.2. There are 47 possible work days left until the final release candidates for YP 4.2 needs to be released. Who Count michael.opdenac...@bootlin.com 33

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

[OE-core] [RFC PATCH 2/2] oe-setup-build: add a tool for discovering config templates and setting up builds

This is the last (I believe) piece of the puzzle in setting up builds from nothing without having to write custom scripts or use external tools. After layers have been fetched and placed into their respective locations by oe-setup-layers, one would surely want to proceed to the actual build, and

[OE-core] [RFC PATCH 1/2] scripts/oe-setup-layers: write a list of layer paths into the checkout's top dir

This is beneficial for setting up builds, as this list can be used to determine reliably where the actual layers are, and discover available configurations from them. Also adjust the selftest to check the presence of that file rather than any specific layer in a hardcoded location. Sample output

Re: [OE-core] [PATCH] devtool: ignore patch-fuzz errors when extracting source

On Mon, 20 Feb 2023 at 19:59, Martin Jansa wrote: > > @@ -567,6 +567,7 @@ def _extract_source(srctree, keep_temp, devbranch, > > sync, config, basepath, works > > logger.debug('writing append file %s' % appendfile) > > with open(appendfile, 'a') as f: > >

Re: [OE-core] [PATCH] devtool: ignore patch-fuzz errors when extracting source

On Mon, Feb 20, 2023 at 07:28:13PM +0100, Alexander Kanavin wrote: > So that patch fuzz issues can actually be fixed, > as extracting source with 'devtool modify' is the first step > for that. > > Signed-off-by: Alexander Kanavin > --- > scripts/lib/devtool/standard.py | 1 + > 1 file changed,

[OE-core] [PATCH] devtool: ignore patch-fuzz errors when extracting source

So that patch fuzz issues can actually be fixed, as extracting source with 'devtool modify' is the first step for that. Signed-off-by: Alexander Kanavin --- scripts/lib/devtool/standard.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/lib/devtool/standard.py

Re: [OE-core] [PATCH] ref-manual: Fix invalid feature name

Hi Nico, On 20.02.23 at 10:20, Quentin Schulz via lists.openembedded.org wrote: Hi Niko, This should be sent to the docs mailing list instead (d...@lists.yoctoproject.org). Cc'ing now. Thanks for the patch! You also have an issue with the way your e-mails are received here. Here is a

[OE-core] [meta-ti][kirkstone][PATCH] ti-img-rogue-umlibs: drop unused patch

Signed-off-by: Jose Quaresma --- ...kefile-handle-firmware-with-usrmerge.patch | 32 --- 1 file changed, 32 deletions(-) delete mode 100644 meta-ti-bsp/recipes-graphics/libgles/ti-img-rogue-umlibs/0001-Makefile-handle-firmware-with-usrmerge.patch diff --git

[OE-core] [meta-ti][master/kirkstone][PATCH] ti-img-rogue-umlibs: handling the firmware installation with usrmerge

The ti-img-rogue-umlibs package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge] Signed-off-by: Jose Quaresma --- .../libgles/ti-img-rogue-umlibs_1.18.6276027.bb | 4 1 file changed, 4 insertions(+) diff --git

[OE-core] [PATCH v2 2/3] python3-iniconfig: add BBCLASSEXTEND

Needed to build a native python3-pytest. Signed-off-by: Ross Burton --- meta/recipes-devtools/python/python3-iniconfig_2.0.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-iniconfig_2.0.0.bb

[OE-core] [PATCH v2 3/3] python3-pytest: set RDEPENDS globally, not just target

Now that we have the dependencies we can set the RDEPENDS for all builds, not just target. Signed-off-by: Ross Burton --- meta/recipes-devtools/python/python3-pytest_7.2.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/python/python3-pytest_7.2.1.bb

[OE-core] [PATCH v2 1/3] python3-atomicwrites: add BBCLASSEXTEND

Needed to build a native python3-pytest. Signed-off-by: Ross Burton --- meta/recipes-devtools/python/python3-atomicwrites_1.4.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-atomicwrites_1.4.1.bb

Re: [OE-core] [PATCH 3/3] glibc: backport the fix for CVE-2023-25139

But then the cve should be marked as resolved? Alex On Mon 20. Feb 2023 at 17.34, Ross Burton wrote: > Ignore this, "glibc: stable 2.37 branch updates” incorporates it. > > Ross > > > On 20 Feb 2023, at 16:28, Ross Burton via lists.openembedded.org > wrote: > > > > Signed-off-by: Ross Burton

Re: [OE-core] [PATCH 3/3] python3-pytest: add BBCLASSEXTEND

On 16 Feb 2023, at 17:09, Jose Quaresma wrote: > > Hi Ross, > > Ross Burton escreveu no dia quinta, 16/02/2023 à(s) > 15:10: > Signed-off-by: Ross Burton > --- > meta/recipes-devtools/python/python3-pytest_7.2.1.bb | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git

Re: [OE-core] [PATCH 3/3] glibc: backport the fix for CVE-2023-25139

Ignore this, "glibc: stable 2.37 branch updates” incorporates it. Ross > On 20 Feb 2023, at 16:28, Ross Burton via lists.openembedded.org > wrote: > > Signed-off-by: Ross Burton > --- > ...r-grouping-in-printf-width-bug-30068.patch | 84 +++ >

[OE-core] [PATCH 3/3] glibc: backport the fix for CVE-2023-25139

Signed-off-by: Ross Burton --- ...r-grouping-in-printf-width-bug-30068.patch | 84 +++ meta/recipes-core/glibc/glibc_2.37.bb | 1 + 2 files changed, 85 insertions(+) create mode 100644

[OE-core] [PATCH 2/3] tiff: backport fix for CVE-2022-48281

Signed-off-by: Ross Burton --- .../libtiff/files/CVE-2022-48281.patch| 29 +++ meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 3 +- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch diff

[OE-core] [PATCH 1/3] less: backport the fix for CVE-2022-46663

Signed-off-by: Ross Burton --- .../less/files/CVE-2022-46663.patch | 28 +++ meta/recipes-extended/less/less_608.bb| 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-extended/less/files/CVE-2022-46663.patch diff --git

Re: [oe-core][RFC][PATCH] glib-2.0: update 2.74.5 -> 2.75.3

Gnome Release is planned for the end of march, thus I've updated my local layers to build gnome 44 beta for testing and found only some minor bugs so far. But you are right, that would be a close call Am Mo, 20. Feb 2023 um 17:17:02 +0100 schrieb Alexander Kanavin : Most likely merging

Re: [OE-core] [PATCH 05/39] insane.bbclass: make patch-fuzz a warning again

On Mon, 20 Feb 2023 at 16:21, Richard Purdie wrote: > Should we tweak devtool to disable this check rather than disabling > globally? I'd really prefer we stopped the fuzz issues... I agree, I'll see if it can be tweaked via .bbappend that devtool writes into the workspace layer. Alex

Re: [OE-core] [PATCH 31/39] harfbuzz: upgrade 6.0.0 -> 7.0.0

Yes, and it will be picked up by the next AUH round, just like this one was :-) I'm not chasing the hottest updates, for the sake of personal sanity. Alex On Mon, 20 Feb 2023 at 17:02, Ross Burton wrote: > > FYI there’s a 7.0.1 now too. > > Ross > > > On 19 Feb 2023, at 19:30, Alexander

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 19 Feb 2023 04:05:17 AM HST

On 19 Feb 2023, at 14:09, Steve Sakoman via lists.yoctoproject.org wrote: > CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * > CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native >

Re: [oe-core][RFC][PATCH] glib-2.0: update 2.74.5 -> 2.75.3

Most likely merging gnome 44 updates will have to wait until after mickledore is out. Historically, gnome releases happen too late for making it into 'spring' yocto releases. Alex On Mon, 20 Feb 2023 at 17:13, Markus Volk wrote: > > This was marked [RFC] because I'm unsure if glib-2.0-2.76 will

Re: [oe-core][RFC][PATCH] glib-2.0: update 2.74.5 -> 2.75.3

This was marked [RFC] because I'm unsure if glib-2.0-2.76 will be released in time for mickledore but this update would be required for the upcoming gnome 44 release. (gnome-control-center requires glib >= 2.75.0) Am Mo, 20. Feb 2023 um 17:10:45 +0100 schrieb Markus Volk : - Remove

[oe-core][RFC][PATCH] glib-2.0: update 2.74.5 -> 2.75.3

- Remove backported patches - Port relocate-modules.patch Signed-off-by: Markus Volk --- ...-info-don-t-assume-million-in-one-ev.patch | 50 ...build-do-not-use-can_run_host_binari.patch | 48 .../glib-2.0/glib-2.0/cpp-null.patch | 77 ---

Re: [OE-core] [PATCH 31/39] harfbuzz: upgrade 6.0.0 -> 7.0.0

FYI there’s a 7.0.1 now too. Ross > On 19 Feb 2023, at 19:30, Alexander Kanavin via lists.openembedded.org > wrote: > > License-Update: copyright years > > Signed-off-by: Alexander Kanavin > --- > ...subset-threads.cc-add-missing-cstdio.patch | 34 --- >

Re: [OE-core] [PATCH 05/39] insane.bbclass: make patch-fuzz a warning again

On Sun, 2023-02-19 at 20:30 +0100, Alexander Kanavin wrote: > Having it as an error breaks the devtool workflow > ('devtool modify' in particular) that is meant for fixing > the fuzz. > > Signed-off-by: Alexander Kanavin > --- > meta/classes-global/insane.bbclass | 4 ++-- > 1 file changed, 2

[OE-core][langdale 22/22] oeqa qemurunner.py: try to avoid reading one character at a time

From: Mikko Rapeli Read from serial console with a small delay to bundle data to e.g. full lines. Reading one character at a time is not needed and causes busy looping. Signed-off-by: Mikko Rapeli Signed-off-by: Luca Ceresoli (cherry picked from commit

[OE-core][langdale 21/22] oeqa qemurunner.py: add timeout to QMP calls

From: Mikko Rapeli When a qemu machine hangs, the QMP calls can hang for ever too, and when this happens any failing test commands from ssh runner may be followed by dump_monitor() calls which then also hang. Hangs followed by hangs. Use runqemutime at setup and run_monitor() specific timeout

[OE-core][langdale 20/22] oeqa qemurunner: read more data at a time from serial

From: Mikko Rapeli Use a short sleep to bundle serial console reads so that we are not reading one character at a time which reduces busy looping. Signed-off-by: Mikko Rapeli Signed-off-by: Luca Ceresoli (cherry picked from commit cafe65d8cf7544edbd387f7f5f6d77c64c6b18fa) Signed-off-by: Steve

[OE-core][langdale 19/22] oeqa dump.py: add error counter and stop after 5 failures

From: Mikko Rapeli If test target qemu machine hangs completely, dump_target() calls over serial console are taking a long time to time out, possibly for every failing ssh command execution and a lot of test cases, and same with dump_monitor(). Instead of trying for ever, count errors and after

[OE-core][langdale 18/22] oeqa ssh.py: add connection keep alive options to ssh client

From: Mikko Rapeli Configure ssh client to test that connection with server is up. If the server does not respond within a minute then the connection, target machine or sshd daemon are stuck and it's better to exit the command execution with errors. Some tests can execute a long time without

[OE-core][langdale 17/22] oeqa ssh.py: move output prints to new line

From: Mikko Rapeli The output from is garbled otherwise and it's not easy to remove debug output form real command output on target. Signed-off-by: Mikko Rapeli Signed-off-by: Luca Ceresoli (cherry picked from commit 917a70cbc43ac1c70c477b220c4115735457ef04) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 16/22] devshell: Do not add scripts/git-intercept to PATH

From: Peter Kjellerstedt The use of scripts/git-intercept was introduced in commit 3266c327df (install/devshell: Introduce git intercept script due to fakeroot issues) and later reverted in commit af27c81eaf (scripts: Make git intercept global). Signed-off-by: Peter Kjellerstedt Signed-off-by:

[OE-core][langdale 15/22] ffmpeg: fix configure failure on noexec /tmp host

From: Chen Qi The configure scripts uses /tmp to execute some generated files. If /tmp is noexec, then we meet the following error. | Unable to create and execute files in /tmp. Set the TMPDIR environment | variable to another directory and make sure that it is not mounted noexec. |

[OE-core][langdale 14/22] update-alternatives: fix typos

From: Ulrich Ölmann Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit d3ca05b072c152b76a86edaaddebabdef312ea95) Signed-off-by: Steve Sakoman --- meta/classes-recipe/update-alternatives.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

[OE-core][langdale 13/22] image.bbclass: print all QA functions exceptions

From: Mauro Queiros For the QA checks in `image.bbclass`, all exceptions other than `oe.utils.ImageQAFailed` always print the following generic message: "Image QA function func_name failed" This can be very misleading, as it may hide python syntax errors and other kind of issues that are hard

[OE-core][langdale 12/22] libgit2: upgrade 1.5.0 -> 1.5.1

From: Alexander Kanavin Fixes: libgit2, when compiled using the optional, included libssh2 backend, fails to verify SSH keys by default. Description: When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior

[OE-core][langdale 11/22] sudo: upgrade 1.9.12p1 -> 1.9.12p2

From: Alexander Kanavin Changes: Fixed a compilation error on Linux/aarch64. GitHub issue #197. Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer. Fixed

[OE-core][langdale 10/22] git: upgrade 2.37.5 -> 2.37.6

From: Sakib Sajal Upgrade git to latest 2.37.x release to address security issues CVE-2022-23521 and CVE-2022-41903. Signed-off-by: Sakib Sajal Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/{git_2.37.5.bb => git_2.37.6.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

[OE-core][langdale 09/22] linux-firmware: upgrade 20221214 -> 20230117

From: Alexander Kanavin License-Update: additional firmwares, copyright years Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit fdb8c12fc71b4a985372f5d02ce59a1402c14c4a) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 08/22] pkgconf: upgrade 1.9.3 -> 1.9.4

From: Alexander Kanavin Changes from 1.9.3 to 1.9.4: * Fix a buffer overflow vulnerability involving very large variable expansions. CVE-2023-24056 * Fix a bunch of minor regressions with the solver. * Create separate solutions for `--cflags` and `--libs` when

[OE-core][langdale 07/22] libjpeg-turbo: upgrade 2.1.4 -> 2.1.5

From: Alexander Kanavin Significant changes relative to 2.1.4 Fixed issues in the build system whereby, when using the Ninja Multi-Config CMake generator, a static build of libjpeg-turbo (a build in which ENABLE_SHARED is 0) could not be installed, a Windows installer could not be built, and

[OE-core][langdale 06/22] bind: upgrade 9.18.10 -> 9.18.11

From: Alexander Kanavin Stable branch update License-update: copyright years Signed-off-by: Alexander Kanavin Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit 63e8a8952c3d1b3b5c481be6bba52a3f4d65648e) Signed-off-by: Steve Sakoman ---

[OE-core][langdale 05/22] apr-util: update 1.6.1 -> 1.6.3

From: Alexander Kanavin Changes with APR-util 1.6.3 *) Correct a packaging issue in 1.6.2. The contents of the release were correct, but the top level directory was misnamed. Changes with APR-util 1.6.2 *) SECURITY: CVE-2022-25147 (cve.mitre.org) Integer Overflow or Wraparound

[OE-core][langdale 04/22] apr: update 1.7.0 -> 1.7.2

From: Alexander Kanavin Changes for APR 1.7.2 *) Correct a packaging issue in 1.7.1. The contents of the release were correct, but the top level directory was misnamed. Changes for APR 1.7.1 *) SECURITY: CVE-2022-24963 (cve.mitre.org) Integer Overflow or Wraparound vulnerability

[OE-core][langdale 03/22] lttng-tools: update 2.13.8 -> 2.13.9

From: Alexander Kanavin 2023-01-13 (National Sticker Day) LTTng modules 2.13.8 * fix: jbd2: use the correct print format * Fix: in_x32_syscall was introduced in v4.7.0 * Explicitly skip tracing x32 system calls * fix: kallsyms wrapper on ppc64el * fix:

[OE-core][langdale 02/22] diffutils: update 3.8 -> 3.9

From: Alexander Kanavin NEWS * Noteworthy changes in release 3.9 (2023-01-15) [stable] ** Bug fixes diff -c and -u no longer output incorrect timezones in headers on platforms like Solaris where struct tm lacks tm_gmtoff. [bug#51228 introduced in 3.4] Drop patch as issue fixed

[OE-core][langdale 01/22] tar: CVE-2022-48303

From: Rodolfo Quesada Zumbado Fixes CVE-2022-48303 by checking Base-256 encoding is at least 2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been

[OE-core][langdale 00/22] Patch review

Please review this set of patches for langdale and have comments bcak by end of day Wednesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4944 The following changes since commit 62b894d75fb3361ed4d5473ae69188bce390980a: oeqa context.py:

[oe-core][PATCH] libportal: allow to build without gtk4 backend

This allows to build libportal for platforms without opengl support Signed-off-by: Markus Volk --- meta/recipes-gnome/libportal/libportal_0.6.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-gnome/libportal/libportal_0.6.bb

Re: [OE-core] [PATCH] libportal: add opengl to REQUIRED_DISTRO_FEATURES

Since this needs to be reworked for the next libportal version anyway, maybe we could do it just like that for now? diff --git a/meta/recipes-gnome/libportal/libportal_0.6.bb b/meta/recipes-gnome/libportal/libportal_0.6.bb index ca58ef4138..bf38fc85fd 100644 ---

Re: [OE-core] [PATCH] libportal: add opengl to REQUIRED_DISTRO_FEATURES

I guess this commit will fix the issue for libportal, because we would then be able to remove the gtk+3 and gtk4 dependency as both are now optional. Am Mo, 20. Feb 2023 um 16:36:53 +0800 schrieb "Yu,

Re: [OE-core] [PATCH 1/2] [YOCTO #13270] Refactor the docbook-xml recipe to use docbook.org packages rather than hacked up debian package

Thank you for the additional tips. This morning I was trying to close out the asks from yesterday. I was about to submit yet again and then I saw your message :D. I will need to try to get to the additional asks this evening instead given the workday is about to begin full on. On 2/20/23

Re: [OE-core] [PATCH 1/2] [YOCTO #13270] Refactor the docbook-xml recipe to use docbook.org packages rather than hacked up debian package

Hi Richard, Thanks for the patch! There are a few things that need tweaking. Firstly, the shortlog and commit log aren't quite right. The shortlog needs to be along the lines of: : so something like: docbook-xml: Switch from debian packages to upstream docbook sources This means someone

[OE-core][PATCH] bluez5: refresh patches with devtool

Signed-off-by: Jose Quaresma --- .../bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch | 10 -- ...dd-a-target-for-building-tests-without-runnin.patch | 10 -- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git

[OE-core] [PATCH] kernel-arch.bbclass: Map arm64 to arm

The kernel calls AArch64 'arm64', but U-Boot calls it just 'arm' so adding arm64 case to existing map. Fixes: | install: cannot stat '.../u-boot/1_2023.01-r0/build/arch/arm64/dts/u-boot.dtb': No such file or directory Signed-off-by: Pavel Zhukov --- meta/classes-recipe/kernel-arch.bbclass |

Re: [OE-core] [PATCH] ref-manual: Fix invalid feature name

Hi Niko, This should be sent to the docs mailing list instead (d...@lists.yoctoproject.org). Cc'ing now. On 2/19/23 15:31, Niko Mauno via lists.openembedded.org wrote: Replace the invalid feature name with correct one which helps to avoid following bitbake error ERROR: Nothing PROVIDES

Re: [OE-core] [PATCH 1/2] [YOCTO #13270] Refactor the docbook-xml recipe to use docbook.org packages rather than hacked up debian package

Please squash the two commits into one. Alex On Sun, 19 Feb 2023 at 22:38, Richard Elberger wrote: > > --- > .../docbook-xml/docbook-xml-dtd4_4.5.bb | 74 --- > 1 file changed, 49 insertions(+), 25 deletions(-) > > diff --git

Re: [OE-core] [PATCH] libportal: add opengl to REQUIRED_DISTRO_FEATURES

Ping. Thanks, On 1/9/23 17:10, Alexander Kanavin wrote: CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, 9 Jan 2023 at 10:02, Yu, Mingli wrote: Sorry for noise!