[OE-core][PATCH v7 1/3] cve-check: add option to add additional patched CVEs
From: Andrej Valek - Replace CVE_CHECK_IGNORE with CVE_STATUS to be more flexible. The CVE_STATUS should contain an information about status wich is decoded in 3 items: - generic status: "Ignored", "Patched" or "Unpatched" - more detailed status enum - description: free text describing reason for
[OE-core][PATCH v7 2/3] oeqa/selftest/cve_check: rework test to new cve status handling
From: Andrej Valek - After introducing the CVE_STATUS and CVE_CHECK_STATUSMAP flag variables, CVEs could contain a more information for assigned statuses. - Add an example conversion in logrotate recipe. Signed-off-by: Andrej Valek --- meta/lib/oeqa/selftest/cases/cve_check.py | 26 +++
[OE-core][PATCH v7 0/3] CVE-check handling
After discussion in all parallel threads we proposed following variant which covers both expressed requirements to have very small number of different cve statuses and also very large number of them at the same time. This is a compromise version which maybe is not ideal but deals with conflicting r
[OE-core][mickledore 23/23] maintainers.inc: correct Carlos Rafael Giani's email address
From: Alexander Kanavin As confirmed via private email. Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit c7f934368d3fb3e9cf268f8237eae80b1c1665a5) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/maintainers.inc | 2 +- 1 file changed, 1 i
[OE-core][mickledore 22/23] layer.conf: Add missing dependency exclusion
From: Richard Purdie Add a dependency which should have been in this list but wasn't, found when debugging create-spdx hash issues. Signed-off-by: Richard Purdie (cherry picked from commit 1075b9fc5d562dada45b3187cb737511ff8c7376) Signed-off-by: Steve Sakoman --- meta/conf/layer.conf | 1 + 1
[OE-core][mickledore 21/23] binutils: stable 2.40 branch updates
From: Deepthi Hemraj Below commits on binutils-2.40 stable branch are updated. 0dc8f96598a Updated Swedish translation for the opcodes directory 85c5365527f New Georgian translation for the bfd sub-directory. Signed-off-by: Deepthi Hemraj Signed-off-by: Steve Sakoman --- meta/recipes-devtools
[OE-core][mickledore 20/23] glibc: stable 2.37 branch updates.
From: Deepthi Hemraj Below commits on glibc-2.37 stable branch are updated. 3593050c27 (HEAD -> release/2.37/master, origin/release/2.37/master) io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64 e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t 0e3e9dbb0e D
[OE-core][mickledore 19/23] dbus: upgrade 1.14.6 -> 1.14.8
From: Xiangyu Chen Update dbus to 1.14.8 to fix CVE-2023-34969 and serveral bugs changes: https://gitlab.freedesktop.org/dbus/dbus/-/blob/f90d4f16933ee5153fe02c405eb883c9cb8f0ad5/NEWS commits: 55d11f57 doc/dbus-api-design: fix wrong closing tag a96f417f CI: Run a detached pipeline for merge req
[OE-core][mickledore 18/23] linux-yocto/6.1: update to v6.1.32
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 76ba310227d2 Linux 6.1.32 cd51ba98aeaa tools headers UAPI: Sync the linux/in.h with the kernel sources 2cd02ae65654 netfilter: ctnetlink: Support offloaded conntrack entry deletio
[OE-core][mickledore 17/23] linux-yocto/6.1: update to v6.1.31
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: d2869ace6eeb Linux 6.1.31 2f32b89d8120 net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE 3bcb97e4241b 3c589_cs: Fix an error handling path in tc589_probe() 9540765d1882 net/sm
[OE-core][mickledore 16/23] linux-yocto/6.1: update to v6.1.30
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: a343b0dd87b4 Linux 6.1.30 da9a8dc33da2 drm/amdgpu: reserve the old gc_11_0_*_mes.bin 616843d5a11b drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 09bf14907d86 drm/amdgpu: declare f
[OE-core][mickledore 14/23] linux-yocto/6.1: update to v6.1.28
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: bf4ad6fa4e53 Linux 6.1.28 4507918cd1f8 netfilter: nf_tables: deactivate anonymous set from preparation phase 1887a4faff5c scsi: libsas: Grab the ATA port lock in sas_ata_device_l
[OE-core][mickledore 15/23] linux-yocto/6.1: update to v6.1.29
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: fa74641fb6b9 Linux 6.1.29 49f63bd0625a drm/amd/display: Fix hang when skipping modeset 7f6738e003b3 spi: fsl-cpm: Use 16 bit mode for large transfers with even size 441fa64299
[OE-core][mickledore 13/23] linux-yocto/6.1: update to v6.1.27
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: ca48fc16c493 Linux 6.1.27 0bbec73fdd9e riscv: No need to relocate the dtb as it lies in the fixmap region 17509e73ac8b riscv: Do not set initial_boot_params to the linear address
[OE-core][mickledore 12/23] linux-yocto/6.1: update to v6.1.26
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: ca1c9012c941 Linux 6.1.26 ab91b09f399f ASN.1: Fix check for strdup() success 1831d8cbaea8 ASoC: fsl_sai: Fix pins setting for i.MX8QM platform 6cb818ed5f08 ASoC: fsl_asrc_dma:
[OE-core][mickledore 11/23] xdpyinfo: upgrade 1.3.3 -> 1.3.4
From: Wang Mingyu Changelog: = configure: Make xf86misc support disabled by default Variable scope reduction Remove unnecessary downcast of double to float Call memset() instead of hand-coding our own equivalent Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked
[OE-core][mickledore 10/23] bind: upgrade 9.18.14 -> 9.18.15
From: Wang Mingyu Changelog: = [bug] Set the rndc idle read timeout back to 60 seconds, from the netmgr default of 30 seconds, in order to match the behavior of 9.16 and earlier. [GL #4046] [bug] Fix log file rotation when using absolute path as file. [GL #3991] [
[OE-core][mickledore 09/23] mobile-broadband-provider-info: upgrade 20221107 -> 20230416
From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit 125f72393c9b6fea02757cdc3a22696945e0f490) Signed-off-by: Steve Sakoman --- .../mobile-broadband-provider-info_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deleti
[OE-core][mickledore 08/23] libxpm: upgrade 3.5.15 -> 3.5.16
From: Wang Mingyu Changelog: === test: skip compressed file tests when --disable-open-zfile is used itlab CI: build with each of --enable-open-zfile & --disable-open-zfile configure: correct error message to suggest --disable-open-zfile Fix a memleak in ParsePixels error code path Fix CVE
[OE-core][mickledore 07/23] libxft: upgrade 2.3.7 -> 2.3.8
From: Wang Mingyu Changelog: = add check for missing glyph in XftFontCheckGlyph() issue 17: libxft-2.3.7: Bold fonts in urxvt missing leftmost pixels issue 18: Problems with rotated text (monospace font only) configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL Clea
[OE-core][mickledore 06/23] libmicrohttpd: upgrade 0.9.76 -> 0.9.77
From: Wang Mingyu Changelog: == API changes: - + Added new function MHD_get_version_bin(). Improvements and enhancements: --- * Digest Auth: changed algorithm identifiers in server generated headers from "md5" / "sha-256" to "MD5" / "SHA-256
[OE-core][mickledore 04/23] fribidi: upgrade 1.0.12 -> 1.0.13
From: Wang Mingyu Changelog: * Adding missing man pages to the tar release file. Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit 0f6da8601fd4d992550e8afe7b09ba7c491250fd) Signed-off-by: Steve Sakoman --- .../fribidi/{fribidi_1.0.12.bb => fribidi_1.0.13.
[OE-core][mickledore 05/23] libdnf: upgrade 0.70.0 -> 0.70.1
From: Wang Mingyu Changelog: == Add repoid to solver errors for RPMs (RhBug:2179413) Avoid using obsolete RPM API and drop redundant calls Remove DNF from list of protected packages Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit 965f0b5f50c2c1
[OE-core][mickledore 03/23] babeltrace2: upgrade 2.0.4 -> 2.0.5
From: Wang Mingyu Changelog: == * bt2: honor build system compiler/linker preferences * Fix: clear_string_field(): set first character to 0 * Fix: src.ctf.fs: Not resolving event common ctx * debug-info: fix -Wenum-int-mismatch problem in copy_field_class_content_internal * fix: pas
[OE-core][mickledore 02/23] cups: Fix CVE-2023-32324
From: Sanjay Chitroda OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remo
[OE-core][mickledore 01/23] ninja: ignore CVE-2021-4336, wrong ninja
From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devt
[OE-core][mickledore 00/23] Patch review
Please review this set of changes for mickledore and have comments back by end of day Friday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5503 The following changes since commit c734906a901c5dead9d879df0f251ba848fdb577: systemd-systemctl: su
Re: [OE-core] [PATCH V3 1/3] kernel-module-split: make autoload and probeconf distribution specific
Hi Luca, Luca Ceresoli escreveu no dia quarta, 21/06/2023 à(s) 21:22: > Hi Jose, > > On Tue, 20 Jun 2023 22:19:42 + > "Jose Quaresma" wrote: > > > Also take the oportunity to only add configuration files to FILES > > and CONFFILES when they exist and are used. > > > > The modules-load.d [1]
Re: [OE-core] [PATCH V3 1/3] kernel-module-split: make autoload and probeconf distribution specific
Hi Jose, On Tue, 20 Jun 2023 22:19:42 + "Jose Quaresma" wrote: > Also take the oportunity to only add configuration files to FILES > and CONFFILES when they exist and are used. > > The modules-load.d [1] - Configure kernel modules to load at boot > should install their configuration files i
Re: [OE-core] Building SDK from Feeds
Here's how we configure building from feeds in our distro: https://github.com/ni/meta-nilrt/blob/nilrt/master/hardknott/conf/distro/nilrt.inc#L156-L167 Alex, are you referring to the the improvements you made to meta-ide-support? I hadn't seen those yet as I've mostly been using kirkstone. I'll h
Re: [OE-core] Building SDK from Feeds
Just to note, there's now an additional option of setting up an SDK environment from sstate cache using bitbake, added about a year ago. No need to build and distributed gigantic shell archives, or maintain package feeds. Alex On Wed, 21 Jun 2023 at 19:04, Khem Raj wrote: > > On Wed, Jun 21, 202
Re: [OE-core] Building SDK from Feeds
On Wed, Jun 21, 2023 at 9:58 AM Charlie Johnston wrote: > > On 6/21/23 11:52, Khem Raj wrote: > > On Wed, Jun 21, 2023 at 9:47 AM Charlie Johnston > > wrote: > >> > >> Hello, > >> > >> I'm trying to build an SDK (or even just meta-toolchain) from feeds. For > >> context, there are some dev packa
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
On Wed, Jun 21, 2023 at 12:55 PM Michael Opdenacker wrote: > > > On 21.06.23 at 18:52, Bruce Ashfield wrote: > > It really isn't a variable that most people will use. Most kernel > > recipes that have needed > > to set a local version have already been doing it a different way. > > > So, we wouldn
Re: [OE-core] Building SDK from Feeds
On 6/21/23 11:52, Khem Raj wrote: > On Wed, Jun 21, 2023 at 9:47 AM Charlie Johnston > wrote: >> >> Hello, >> >> I'm trying to build an SDK (or even just meta-toolchain) from feeds. For >> context, there are some dev packages in our feeds that aren't in our >> OpenEmbedded build that I'd like to
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
On 21.06.23 at 18:52, Bruce Ashfield wrote: It really isn't a variable that most people will use. Most kernel recipes that have needed to set a local version have already been doing it a different way. So, we wouldn't document this new variable? Would you have details about this different wa
Re: [OE-core] Building SDK from Feeds
On Wed, Jun 21, 2023 at 9:47 AM Charlie Johnston wrote: > > Hello, > > I'm trying to build an SDK (or even just meta-toolchain) from feeds. For > context, there are some dev packages in our feeds that aren't in our > OpenEmbedded build that I'd like to include in the SDK. The normal process I >
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
On Wed, Jun 21, 2023 at 12:32 PM Michael Opdenacker wrote: > > Hi Bruce, > > Thanks for your help. > > On 21.06.23 at 18:17, Bruce Ashfield wrote: > > linux-yocto uses a different mechanism for setting this (and will > > continue to use that existing mechanism). > > > > So this would work in absen
[OE-core] Building SDK from Feeds
Hello, I'm trying to build an SDK (or even just meta-toolchain) from feeds. For context, there are some dev packages in our feeds that aren't in our OpenEmbedded build that I'd like to include in the SDK. The normal process I use for building an image from feeds is to build the packages from OE
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
Hi Bruce, Thanks for your help. On 21.06.23 at 18:17, Bruce Ashfield wrote: linux-yocto uses a different mechanism for setting this (and will continue to use that existing mechanism). So this would work in absence of a kernel recipe using CONFIG_LOCALVERSION. That's good to know from a docu
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
On Wed, Jun 21, 2023 at 12:03 PM Michael Opdenacker via lists.openembedded.org wrote: > > Greetings, > > On 30.05.23 at 19:09, Ming Liu wrote: > > From: Ming Liu > > > > Just like UBOOT_LOCALVERSION, an end user can set KERNEL_LOCALVERSION > > to append a string to the name of the local version o
Re: [OE-core] [PATCH] kernel.bbclass: introduce KERNEL_LOCALVERSION
Greetings, On 30.05.23 at 19:09, Ming Liu wrote: From: Ming Liu Just like UBOOT_LOCALVERSION, an end user can set KERNEL_LOCALVERSION to append a string to the name of the local version of the kernel image. How is this supposed to be used? I added the following to my conf/local.conf file:
Re: [oe-core][kirkstone][PATCH 1/1] go: fix CVE-2023-29405
Hi Archana, In the future could you please send patch sets like this as a patch series rather than individual patches? That way it will be obvious to me what order the patches should be applied. Thanks for helping out with CVE fixes! Steve On Wed, Jun 21, 2023 at 12:49 AM Polampalli, Archana v
Re: [OE-core] [OE-core,mickledore][PATCH] cups: Fix CVE-2023-32324
On Tue, Jun 20, 2023 at 10:03 PM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org wrote: > > Hi Steve, > > CVE fix for cups package is accepted and merged on master. > https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603
[OE-core] [PATCH] base: improve LICENSE_FLAGS_DETAILS output
From: Ross Burton Don't prefix the output of LICENSE_FLAGS_DETAILS with "For further details, see" so that recipes can put arbitrary text in their license details instead of being limited to a specific sentence structure. Signed-off-by: Ross Burton --- meta/classes-global/base.bbclass | 2 +-
Re: [OE-core] [OE-core,dunfell][PATCH] cups: Fix CVE-2023-32324
On Tue, Jun 20, 2023 at 10:04 PM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org wrote: > > Hi Steve, > > CVE fix for cups package is accepted and merged on master. > https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603
Re: [OE-core][kirkstone 02/18] cups: Fix CVE-2023-32324
On Tue, Jun 20, 2023 at 10:00 PM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) wrote: > > Hi Steve, > > CVE fix for cups package is accepted and merged on master. > https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e > > Is t
[oe-core][kirkstone][PATCH 1/1] go: fix CVE-2023-29405
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing emb
[oe-core][kirkstone][PATCH 1/1] go: fix CVE-2023-29404
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a
Re: [OE-core] [PATCH 2/2] insane: Improve patch-status layer filtering
On Wed, 2023-06-21 at 10:58 +0200, Martin Jansa wrote: > There is maybe unexpected change in behavior caused by this. > > Before it was triggering error only for .patch files in oe-core, > while now it seems to apply for all recipes from oe-core layer > (independently from where the .patch file wa
Re: [OE-core] [PATCH 2/2] insane: Improve patch-status layer filtering
There is maybe unexpected change in behavior caused by this. Before it was triggering error only for .patch files in oe-core, while now it seems to apply for all recipes from oe-core layer (independently from where the .patch file was added), so e.g. meta-raspberrypi is now causing bluez5 do_patch
Re: [OE-core][PATCH] runqemu-gen-tapdevs: pass STAGING_BINDIR_NATIVE to ifup
On Tue, 2023-06-20 at 18:21 -0600, Alejandro Hernandez wrote: > Just to add more information to this, I've noticed a failure on my > test environment today while trying to run -c testimage, apparently > due to one of these fixes: > > Command '('sudo', '/home/vsts/poky/scripts/runqemu-ifup', '1001'
Re: [OE-core] [OE-core,dunfell][PATCH] cups: Fix CVE-2023-32324
2023-06-21
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
Hi Steve, CVE fix for cups package is accepted and merged on master. https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e Is there any comment for similar fix on dunfell branch? Thanks, Sanjay -Original Message- From: openembedded-core@lists.
Re: [OE-core] [OE-core,mickledore][PATCH] cups: Fix CVE-2023-32324
2023-06-21
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
Hi Steve, CVE fix for cups package is accepted and merged on master. https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e Is there any comment for similar fix on mickledore branch? Thanks, Sanjay -Original Message- From: openembedded-core@lis
Re: [OE-core][kirkstone 02/18] cups: Fix CVE-2023-32324
2023-06-21
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
Hi Steve, CVE fix for cups package is accepted and merged on master. https://github.com/openembedded/openembedded-core/commit/a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e Is there any comment for similar fix on kirkstone branch? Thanks, Sanjay -Original Message- From: openembedded-core@list
Re: [OE-core][PATCH v6 1/2] RFC: cve-check: add option to add additional patched CVEs
Hello Andrej, On Tue, 20 Jun 2023 16:15:56 +0200 "Andrej Valek via lists.openembedded.org" wrote: ^^^ As you can see your sender address has been mangled, and as a result the patch is rejected by the the openembedded git server. This is not your fault
Re: [OE-core][PATCH v3 1/3] cve-check: add option to add additional patched CVEs
On Sun, 2023-06-04 at 09:59 +, Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) wrote: > Hi Richard, > > Thank you for acknowledgement on my proposal. > Please consider my additional input for VEX standard. > > There is total four main VEX standard status: > - Fixed >
