Hello all,
I'm drafting a fetcher for kernelcves (
https://github.com/nluedtke/linux_kernel_cves/) and the data conflicts in a
certain way with cve-extra-exclusions.inc. With multiple fetchers we'll
need to have a way to say which data set has priority.
For now I can see examples of two cases
On Mon, Jun 5, 2023 at 6:25 PM Ross Burton wrote:
> From: Ross Burton
>
> These CVEs have all been fixed <6.1.30, which is the default linux-yocto
> kernel version.
>
>
Those are pretty new ones, should be all covered by the new CVE format. Is
anyone already
sending pull requests to include
On Mon, Jun 5, 2023 at 6:48 PM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Mon, 2023-06-05 at 16:31 +, Ross Burton wrote:
> > I did some triage of the CVEs in this list but realised that this
> > file is a bad location for them: whilst we don’t expect people to
> > switch
Hello all,
I'm in process of clarifying entries for NVD to have them fixed in the
sources. The comments in the patch linked do not include all the needed
information, however.
Let's take this one:
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12
Signed-off-by: Anuj Mittal
---
.../stress-ng/{stress-ng_0.15.07.bb => stress-ng_0.15.08.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/stress-ng/{stress-ng_0.15.07.bb =>
stress-ng_0.15.08.bb} (94%)
diff --git
Signed-off-by: Anuj Mittal
---
.../{gst-devtools_1.22.2.bb => gst-devtools_1.22.3.bb} | 2 +-
...streamer1.0-libav_1.22.2.bb => gstreamer1.0-libav_1.22.3.bb} | 2 +-
.../{gstreamer1.0-omx_1.22.2.bb => gstreamer1.0-omx_1.22.3.bb} | 2 +-
...plugins-bad_1.22.2.bb =>
Signed-off-by: Anuj Mittal
---
.../{glib-networking_2.74.0.bb => glib-networking_2.76.0.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/glib-networking/{glib-networking_2.74.0.bb =>
glib-networking_2.76.0.bb} (95%)
diff --git
SystemTap 4.9 release went out with a little hick up: release date was not
set correctly and fix for it was added as
ebb424eee5599fcc131901c0d82d0bfc0d2f57ab
commit and tagged as 'release-4.9'. Unfortunately by that time 'master'
branch already has moved on, and it turns out that now
All,
Below is the list as of top 33 bug owners as of the end of WW22 of who have
open medium or higher bugs and enhancements against YP 4.3. There are 100
possible work days left until the final release candidates for YP 4.3 needs
to be released.
Who
Count
michael.opdenac...@bootlin.com
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
Hi, Ross
> If you _really_ want a big endian aarch64 system then instead of fixing qemu
> you
> can remove the qemu-usermode MACHINE_FEATURE, as it’s clearly broken.
Thank you! I will try this method.
Best regards.
Lei
> -Original Message-
> From: Ross Burton
> Sent: Monday, June 5,
Hi, Alex
Thank you for your reply.
> Presumably qemu usermode has regressed in big endian mode because nobody
> tests it, and you need to look into how it fails and where.
> It's not simple, but it's not impossible either.
Yes,it seems that qemu-aarch64_be doesn't work well. I'm not familiar
On riscv32 configurations OpenSSL fails to build with "undefined
reference to `__atomic_foo'" kind of errors. Change OpenSSL recipe to
use linux-latomic configuration instead of linux-generic32.
Signed-off-by: Dmitry Baryshkov
---
meta/recipes-connectivity/openssl/openssl_3.1.1.bb | 2 +-
1
On Mon, 2023-06-05 at 10:57 -0400, Trevor Gamblin wrote:
> Changelog: https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
>
> The following patch files were removed because they are in v1.5.3:
>
> 0001-run-xtests.sh-check-whether-files-exist.patch
>
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31484.patch | 29 +++
meta/recipes-devtools/perl/perl_5.34.1.bb | 1 +
2 files changed, 30 insertions(+)
create mode
On Mon, 2023-06-05 at 16:31 +, Ross Burton wrote:
> I did some triage of the CVEs in this list but realised that this
> file is a bad location for them: whilst we don’t expect people to
> switch out most recipes, we do have to expect BSPs to switch the
> kernel, so by accumulating a list of
I did some triage of the CVEs in this list but realised that this file is a bad
location for them: whilst we don’t expect people to switch out most recipes, we
do have to expect BSPs to switch the kernel, so by accumulating a list of
exclusions in this recipe that are based on the current
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
76ba310227d2 Linux 6.1.32
cd51ba98aeaa tools headers UAPI: Sync the linux/in.h with the kernel sources
2cd02ae65654 netfilter: ctnetlink: Support offloaded conntrack entry
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
d2869ace6eeb Linux 6.1.31
2f32b89d8120 net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
3bcb97e4241b 3c589_cs: Fix an error handling path in tc589_probe()
9540765d1882
From: Ross Burton
These CVEs have all been fixed <6.1.30, which is the default linux-yocto
kernel version.
Signed-off-by: Ross Burton
---
.../distro/include/cve-extra-exclusions.inc | 41 +++
1 file changed, 41 insertions(+)
diff --git
From: Ross Burton
Backport a patch from upstream to fix CVE-2023-1972.
Signed-off-by: Ross Burton
---
.../binutils/binutils-2.40.inc| 1 +
...emory-access-when-an-accessing-a-zer.patch | 43 +++
2 files changed, 44 insertions(+)
create mode 100644
Hello,
I have found an issue in the rootfs routine. The
rootfs-postcommands.bbclass has a funtion systemd_create_users that
reads /etc/sysusers.d/*.conf files and parses lines as 'type name id
comment'.
However, the sysusers.d manual says, those lines can be 'type name id
comment home_dir
Ignoring the kernel issues:
> CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 *
Wrong ninja, sent ignore.
> CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native
>
From: Ross Burton
Signed-off-by: Ross Burton
---
meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb
b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 255f5efb703..83d2f012635 100644
---
From: Ross Burton
This minor point release fixes CVE-2023-25652 and CVE-2023-29007.
Signed-off-by: Ross Burton
---
meta/recipes-devtools/git/{git_2.39.2.bb => git_2.39.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/git/{git_2.39.2.bb =>
Changelog: https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
The following patch files were removed because they are in v1.5.3:
0001-run-xtests.sh-check-whether-files-exist.patch
0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
CVE-2022-28321-0002.patch
Signed-off-by:
From: Ross Burton
Drop the merged fix for CVE-2023-28879.
Signed-off-by: Ross Burton
---
.../ghostscript/cross-compile.patch | 40 -
.../ghostscript/cve-2023-28879.patch | 60 ---
...cript_10.0.0.bb => ghostscript_10.01.1.bb} | 4 +-
3 files
This patch will not apply. Based on a quick inspection of your patch
I suspect you are using an older version of dunfell. Please send a v2
based on the current dunfell head.
Thanks!
Steve
On Sun, Jun 4, 2023 at 5:25 PM Ashish Sharma wrote:
>
> Fixing of improper sanitization of CSS values in
From: Luca Ceresoli
Writing a simple recipe that inherits kernel.bbclass and downloads a kernel
tarball (e.g. a mainline release from kernel.org) via http or ftp fails
with either:
ERROR: linux-acme-6.3.3-r0 do_configure: oe_runmake failed
...
| make: *** No rule to make target
From: Ross Burton
Signed-off-by: Ross Burton
---
.../pkgconf/{pkgconf_1.9.4.bb => pkgconf_1.9.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/pkgconf/{pkgconf_1.9.4.bb => pkgconf_1.9.5.bb}
(96%)
diff --git
From: Ross Burton
Signed-off-by: Ross Burton
---
meta/recipes-graphics/piglit/piglit_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/piglit/piglit_git.bb
b/meta/recipes-graphics/piglit/piglit_git.bb
index 6264483bf61..cd97ee53547 100644
---
From: Ross Burton
Backport a patch from upstream to fix the build on 32-bit platforms, and
remove the COMPATIBLE_HOST restriction.
Signed-off-by: Ross Burton
---
.../vulkan/vulkan-samples/32bit.patch | 101 ++
.../vulkan/vulkan-samples_git.bb | 2 +-
2
From: Ross Burton
Signed-off-by: Ross Burton
---
meta/recipes-gnome/gtk+/{gtk+3_3.24.37.bb => gtk+3_3.24.38.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/gtk+/{gtk+3_3.24.37.bb => gtk+3_3.24.38.bb} (86%)
diff --git
On 1 Jun 2023, at 07:58, leimaohui via lists.openembedded.org
wrote:
> It seems that qemu-aarch64_be doesn't work well.
Right, qemu’s aarch64-be isn’t really tested because big-endian aarch64 is
basically non-existent.
If you _really_ want a big endian aarch64 system then instead of fixing
2023. 06. 05. 13:57 keltezéssel, Ross Burton írta:
Do you have a recipe in mind to demonstrate that this works as intended?
I have a working python3-scikit-image recipe for version 0.20.0,
which uses this build backend.
meta-scipy may also use it to add a newer version of python3-scipy.
If
Do you have a recipe in mind to demonstrate that this works as intended?
If there’s nothing in core that needs it, maybe it should sit in meta-python
until then.
Ross
> On 3 Jun 2023, at 09:07, Zoltan Boszormenyi via lists.openembedded.org
> wrote:
>
> This is a new PEP517 compatible build
From: Narpat Mali
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking
Proxy-Authorization headers to destination servers when redirected to an HTTPS
endpoint. This is a product of how we use `rebuild_proxies` to reattach the
`Proxy-Authorization` header to requests. For
I've encountered issues reproducing initramfs and UKI image builds,
which will be fixed with this patch.
1. initramfs
There's a symbolic link to /sbin/init, which is appended to the cpio archive
after creation.
The links timestamp needs to be static and the cpio append command needs the
From: Chen Qi
The error message is a little misleading as the qmp module is a
directory with __init__.py file, not qmp.py file. Also, put the
path where we try to import it from in the error message to make
the message more indicative.
Signed-off-by: Chen Qi
---
Signed-off-by: Stefano Babic
---
Changes since V1:
- added missing dependency to libyaml
.../u-boot/{libubootenv_0.3.3.bb => libubootenv_0.3.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-bsp/u-boot/{libubootenv_0.3.3.bb => libubootenv_0.3.4.bb}
Hi Alexandre,
On 04.06.23 22:33, Alexandre Belloni via lists.openembedded.org wrote:
Hello Stefano,
This caused the following failure:
https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7124/steps/12/logs/stdio
Thanks and sorry, my fault, I send a V2 to fix it.
Regards,
41 matches
Mail list logo