Upstream-Status: Backport from
https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780
Signed-off-by: Hitendra Prajapati
---
.../xdg-utils/xdg-utils/CVE-2022-4055.patch | 165 ++
.../xdg-utils/xdg-utils_1.1.3.bb | 1 +
2
Fix warnings from oe-selftest -j:
/usr/lib/python3.10/os.py:1030: RuntimeWarning: line buffering (buffering=1)
isn't supported in binary mode, the default buffer size will be used
return io.open(fd, mode, buffering, encoding, *args, **kwargs)
Remove the option since it clearly doesn't do
From: Ross Burton
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
Signed-off-by: Ross Burton
---
.../xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
From: Ross Burton
This incorporates fixes for the following CVEs:
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
Signed-off-by: Ross Burton
---
.../xorg-lib/{libx11_1.8.6.bb => libx11_1.8.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename
On Wed, 2023-10-04 at 22:34 +0300, Mikko Rapeli wrote:
> Hi,
>
> On Wed, Oct 04, 2023 at 02:29:40PM +0100, Richard Purdie wrote:
> > On Wed, 2023-10-04 at 16:07 +0300, Mikko Rapeli wrote:
> > > Hi,
> > >
> > > Acked-by: Mikko Rapeli
> > >
> > > for the full series. I hope our discussion over
From: Daniel McGregor
This is for upcoming work to support gssapi in nfs-utils for nfsv4
and kerberos mountpoints.
Signed-off-by: Daniel McGregor
---
meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
Hi,
On Wed, Oct 04, 2023 at 02:29:40PM +0100, Richard Purdie wrote:
> On Wed, 2023-10-04 at 16:07 +0300, Mikko Rapeli wrote:
> > Hi,
> >
> > Acked-by: Mikko Rapeli
> >
> > for the full series. I hope our discussion over #yocto irc channel
> > helped resolve these and the test failures seen
From: Daniel McGregor
The newly released version 1.2.2 adds version 17 to CMake LLVM
detection, so we will now choose the OE provided LLVM version
instead of the one on host during native builds.
Signed-off-by: Daniel McGregor
---
meta/recipes-devtools/meson/{meson_1.2.1.bb => meson_1.2.2.bb}
On Wed, 2023-10-04 at 20:19 +0200, Andreas Cord-Landwehr wrote:
> On 04.10.23 20:10, Khem Raj wrote:
> > On Wed, Oct 4, 2023 at 9:09 AM Andreas Cord-Landwehr
> > wrote:
> > >
> > > Gstreamer release 1.22.0 introduced option for Qt6 API.
> > >
> > > Signed-off-by: Andreas Cord-Landwehr
> > >
On 04.10.23 20:10, Khem Raj wrote:
On Wed, Oct 4, 2023 at 9:09 AM Andreas Cord-Landwehr
wrote:
Gstreamer release 1.22.0 introduced option for Qt6 API.
Signed-off-by: Andreas Cord-Landwehr
---
.../gstreamer/gstreamer1.0-plugins-good_1.22.5.bb | 10 --
1 file changed, 8
From: Bruce Ashfield
making the following commits available in our 6.5 kernel:
49e3d8448aea locking/atomic: scripts: fix fallback ifdeffery
9ba8e064374d crypto: jitter - add RCT/APT support for different OSRs
50f59f46583a crypto: jitter - Add clarifying comments to Jitter Entropy
On Wed, Oct 4, 2023 at 9:09 AM Andreas Cord-Landwehr
wrote:
>
> Gstreamer release 1.22.0 introduced option for Qt6 API.
>
> Signed-off-by: Andreas Cord-Landwehr
> ---
> .../gstreamer/gstreamer1.0-plugins-good_1.22.5.bb | 10 --
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
>
if packages is provided by dummysdk and in the same time marked for
installation with IMAGE_INSTALL it causes conflict in apt because virtual
providers are
not taken into account if package is asked to be installed explicitly.
Filter such packages from provides/conflicts to workaround this
Two tests to cover both installing package with IMAGE_INSTALL as
well as installing versioned dependencies of the package (using perl (>=
5.XX).
Related: [Yocto #13338] [Yocto #14995] [Yocto #14066]
Signed-off-by: Pavel Zhukov
---
.../testsdk-perldepends.bb| 16
dpkg and apt seem to handle versioned provides correctly now [1] so this
workaround is not needed anymore.
This fixes [Yocto #14995] for package_deb.
[1]
Signed-off-by: Pavel Zhukov
---
meta/classes-global/package_deb.bbclass | 9 +
meta/recipes-core/meta/dummy-sdk-package.inc | 9
From: Jermain Horsman
These changes allow for situations where one or more layers are checked out
using a branch instead of a revision, care is taken to make sure this works
when using multiple remotes.
All changes made are backwards compatible with older setup-layer json files.
Signed-off-by:
> There are 2 files in the patch sent and the first
> patch(0024-CVE-2023-5156-1.patch) is the duplicate of
> https://lists.openembedded.org/g/openembedded-core/message/188490
> (CVE-2023-4806) which was sent to the mailing list.
> Will I have to drop the (0024-CVE-2023-5156-1.patch) and send
On Wed, 2023-10-04 at 16:07 +0300, Mikko Rapeli wrote:
> Hi,
>
> Acked-by: Mikko Rapeli
>
> for the full series. I hope our discussion over #yocto irc channel
> helped resolve these and the test failures seen with master-next.
Yes, thanks! It was useful to have someone to talk the issues
Hi,
Acked-by: Mikko Rapeli
for the full series. I hope our discussion over #yocto irc channel
helped resolve these and the test failures seen with master-next.
Cheers,
-Mikko
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188685):
From: Jérémy Rosen
match_line_in_files will look for a regex in all files matching a glob.
we use iglob to avoid a complete, recursive scan of all source. iglob is
based on python iterators and will scan as we walk through the directories
pytest are detected by looking for "import pytest" or
From: Jérémy Rosen
most build-systems have a way to implement a "make check" or equivalent
command that will run tests in the source directory.
This heuristic will detect the keywords in the build-system configuration
that activates tests.
Note that in the case of autotools, we use Makefile.in
From: Jérémy Rosen
if there is a "test" or "tests" subdirectory at toplevel, this usually
means we have some unit tests available.
This test is very good at detecting handcrafted tests and I was not able
to find any false positive.
False positive can be dealt with the usual INSANE_SKIP
From: Jérémy Rosen
This infrastructure will use heuristics to detect when package sources seem
to have unit tests implemented but no ptest have been implemented in the
recipe.
No heuristics have been implemented at this point, only the infrastructure
to skip the test when ptest are implemented.
To increase ptest coverage we can check if the sources of a recipe looks like
it contains unittest and warn the user that a test may be implemented there.
This series provide the check infrastructure as a package QA check and some
checks for :
python pytest, perl Test::, meson, cmake,
Currently our wic test images boot up without kernel output on the consoles
which means we have no way to debug if anything goes wrong. Add the console
parameters runqemu would have added if the kernel wasn't built into an image
to improve our chances of debugging.
Signed-off-by: Richard Purdie
It is unclear when things fail which output was on which serial port. Improve
the output
to show the last lines of both data to improve debugging.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/utils/qemurunner.py | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git
To aid debugging, always log the second serial console as well as the first
to a seperate log file. This should make it clearer what happened when we
see test failures.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/utils/qemurunner.py | 9 +++--
1 file changed, 3 insertions(+), 6
Switch to the backslashreplace error handling when decoding strings so that
invalid characters are clear in the stream to improve debugging.
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/utils/qemurunner.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
There is no point in decoding binary data only to encode it again risking
conversion issues. Write the raw data to the log file as binary and skip
the conversion.
Also always update self.msg even if a logfile isn't specified to improve
logging/debug.
Signed-off-by: Richard Purdie
---
From: Yogita Urade
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset
in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not
prevent s->qdev.blocksize from being 256. This stops QEMU and the guest
immediately.
References:
From: Soumya Sambu
A flaw was found in the QEMU virtual crypto device while handling
data encryption/decryption requests in virtio_crypto_handle_sym_req.
There is no check for the value of `src_len` and `dst_len` in
virtio_crypto_sym_op_helper, potentially leading to a heap buffer
overflow when
From: Soumya Sambu
Adresses CVE-2023-4813, CVE-2023-4806, CVE-2023-5156. Added these to
CVE_CHECK_IGNORE
to avoid in cve-check reports since the recipe version did not change.
These are the complete list of changes this brings
* 73d4ce728a Document CVE-2023-4806 and CVE-2023-5156 in NEWS
*
Yes, that's how we designed this feature.
Peter
-Original Message-
From: Shinji Matsunaga (Fujitsu)
Sent: Wednesday, October 4, 2023 4:19
To: Marko, Peter (ADV D EU SK BFS1) ;
richard.pur...@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: RE: [OE-core] [PATCH]
From: Julian Haller
Upstream commit
https://gitlab.freedesktop.org/dbus/dbus/-/commit/37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c
Signed-off-by: Julian Haller
---
meta/recipes-core/dbus/dbus.inc | 1 +
.../dbus/dbus/CVE-2023-34969.patch| 96 +++
2
From: Julian Haller
The current dunfell CVE scans report 0 CVEs for our dbus version. This
is not correct, though, as we use the wrong product name to query it.
Fix this to get a proper CVE list.
Signed-off-by: Julian Haller
---
meta/recipes-core/dbus/dbus.inc | 2 ++
1 file changed, 2
There are 2 files in the patch sent and the first
patch(0024-CVE-2023-5156-1.patch) is the duplicate of
https://lists.openembedded.org/g/openembedded-core/message/188490
(CVE-2023-4806) (
https://lists.openembedded.org/g/openembedded-core/message/188490(CVE-2023-4806)
) which was sent to the
Hello,
This causes failures on the autobuilders:
https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/5799/steps/14/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/5866/steps/14/logs/stdio
37 matches
Mail list logo