Hi Steve,
I resent the patch (
https://lists.openembedded.org/g/openembedded-core/message/180326). Please
let me know if this is ok OR shall I need to send it as v2 ?
Thanks,
Shubham
On Sun, Apr 23, 2023 at 3:52 AM Steve Sakoman wrote:
> I don't see the patch on this list or in patchworks. Co
From: Shubham Kulkarni
The vulnerability was introduced in go1.15beta1 with commit d5734d4.
Dunfell uses go1.14 version which does not contain the affected code.
Ref: https://security-tracker.debian.org/tracker/CVE-2022-1705
Signed-off-by: Shubham Kulkarni
---
meta/recipes-devtools/go/go-1.14
I don't see the patch on this list or in patchworks. Could you please resend?
Thanks,
Steve
On Sat, Apr 22, 2023 at 6:12 AM Shubham Kulkarni wrote:
>
> Hi Steve,
>
> Is there any issue with this patch? It's not included in the patch review
> list email.
>
> Thanks,
> Shubham
>
> On Fri, 21 Ap
On Fri, Apr 21, 2023 at 05:23:25PM +0200, Petr Kubizňák wrote:
> Add DT_FILES variable to allow the user of the class to select specific
> dts files to build. This is useful for packages featuring dts files
> for multiple machines.
>
> Since many machine configs contain a list of dtb files
> (e.g.
Hi Steve,
Is there any issue with this patch? It's not included in the patch review
list email.
Thanks,
Shubham
On Fri, 21 Apr, 2023, 4:54 pm Shubham Kulkarni,
wrote:
> From: Shubham Kulkarni
>
> The vulnerability was introduced in go1.15beta1 with commit d5734d4.
> Dunfell uses go1.14 versio
From: Frederic Martinsons
Signed-off-by: Frederic Martinsons
---
.../recipes-extended/zvariant/zvariant_3.12.0.bb | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/meta-selftest/recipes-extended/zvariant/zvariant_3.12.0.bb
b/meta-selftest/recipes-extended/zva
From: Frederic Martinsons
The source code of bcrypt extension doesn't define any tests
but it is to show the ptest-cargo usage
Signed-off-by: Frederic Martinsons
---
meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta
From: Frederic Martinsons
This new class offer the capbility to build rust tests and
find them correctly.
Due to non deterministic name of generated binaries, a custom
parsing of build result must be performed.
See https://github.com/rust-lang/cargo/issues/1924
All rust project will generate a t
From: Frederic Martinsons
This brings the possibility to use this class to build and ship
unit tests of rust projects, the class also create (or modified)
standard run-ptest script to run the generated rust test suite.
It has been tested successfully with core-image-sato under qemu
for zvariant-
From: Vivek Kumbhar
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
Signed-off-by: Vive
From: Shubham Kulkarni
encoding/xml: replace comments inside directives with a space
Backport from
https://github.com/golang/go/commit/a9cfd55e2b09735a25976d1b008a0a3c767494f8
Signed-off-by: Shubham Kulkarni
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.14.inc | 1
From: Hitendra Prajapati
Upstream-Status: Backport from
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../screen/screen/CVE-2023-24626.patch| 40 +++
From: Peter Marko
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old co
From: rajmohan r
Below patch files to fix CVE-2023-26604
CVE-2023-26604-1.patch, CVE-2023-26604-2.patch and
CVE-2023-26604-3.patch and CVE-2023-26604-4.patch
make pager secure when under euid is changed or explicitly
requested
Reference:
CVE-2023-26604-1.patch:
https://github.com/systemd/system
From: Shubham Kulkarni
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from
https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
Signed-off-by: Shubham Kulkarni
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.14.inc |
From: Hitendra Prajapati
Upstream-Status: Backport from
https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../curl/curl/CVE-2023-27538.patch| 31 +++
meta/recipes-support
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210
The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:
curl: CVE-2023-27534 SF
From: Vivek Kumbhar
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
Fixes CVE-2023-2453
From: Hitendra Prajapati
Upstream-Status: Backport from
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../screen/screen/CVE-2023-24626.patch| 40 +++
From: Peter Marko
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old co
From: Xiangyu Chen
The fix of CVE-2023-29383.patch contains a bug that it rejects all
characters that are not control ones, so backup another patch named
"0001-Overhaul-valid_field.patch" from upstream to fix it.
Signed-off-by: Xiangyu Chen
Signed-off-by: Steve Sakoman
---
.../files/0001-Over
From: Shubham Kulkarni
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from
https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
Signed-off-by: Shubham Kulkarni
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.17.13.inc |
From: Sundeep KOKKONDA
This cve (https://nvd.nist.gov/vuln/detail/CVE-2022-46176) is a security
vulnirability when using cargo ssh.
Kirkstone doesn't support rust on-target images and the bitbake using the
'wget' (which uses 'https') for fetching the sources instead of ssh.
So, cargo-native als
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/curl/curl/commit/ed5095ed94281989e103c72e032200b83be37878,
https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1,
https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb,
https
From: Hitendra Prajapati
Upstream-Status: Backport from
https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
.../ruby/ruby/CVE-2023-28756.patch| 73 +++
meta/recipes-devtool
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209
The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304:
package.bbclass: corr
Am 21.04.23 um 22:28 schrieb Bruce Ashfield:
On Wed, Apr 19, 2023 at 11:03 PM Bruce Ashfield via
lists.openembedded.org
wrote:
On Wed, Apr 19, 2023 at 6:54 PM Richard Purdie
wrote:
On Wed, 2023-04-19 at 23:34 +0100, Jose Quaresma wrote:
Hi,
Not related with the previous discussion but jus
27 matches
Mail list logo
