On 4/11/21 11:03 AM, Khem Raj wrote:
> On Sun, Apr 11, 2021 at 8:49 AM akuster wrote:
>> If BRANCH is defined in local.conf then that name is used to d/l sources
>> for binutils. You will get this error:
>>
>> Fetcher failure for URL:
>> 'git://sourcewar
If BRANCH is defined in local.conf then that name is used to d/l sources
for binutils. You will get this error:
Fetcher failure for URL:
'git://sourceware.org/git/binutils-gdb.git;branch=hardknott;protocol=git'.
Unable to fetch URL from any source.
Rename to SRCBRANCH like glibc has to avoid
compare
>>
>> Scott Murray (1):
>> u-boot: fix CVE-2020-8432 and CVE-2020-10648
>>
>> Teoh Jay Shen (1):
>> oeqa/runlevel : add test for runlevels
>>
>> Thomas Viehweger (1):
>> mtd-utils: Remove duplicate assignments to alternative link names
On 3/3/21 4:26 PM, Wang Mingyu wrote:
> Signed-off-by: Wang Mingyu
There is an open Yocto bug
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14263
Any data if this ptest passes with this update or can you help look into
the failure noted in the bug?
-armin
> ---
>
On 2/20/21 4:07 PM, Martin Jansa wrote:
> Looks like this version of the patch got merged to meta-oe today and
> it fails to apply cleanly, will send update.
it got pushed into dunfell-next which was then removed.
-armin
>
> On Wed, Feb 17, 2021 at 4:20 PM akuster <mailto:akust
On 2/18/21 8:50 AM, Ross Burton wrote:
> Why is the file not found though?
its downloaded there for not in the WORKDIR
-armin
>
> Ross
>
> On Mon, 15 Feb 2021 at 22:41, akuster wrote:
>> This helps avoid these errors:
>> ERROR: lockdev-1_1.0.3-r0 do_cve_check: File
From: Armin Kuster
Source: https://www.sudo.ws
MR: 108078, 108046, 108136
Type: Security Fix
Disposition: Backported from https://www.sudo.ws
ChangeID: 3d266a182918f7a7afe40bdee01b369171125358
Description:
The 1.8.x series is a stable release.
Bug fix only updates.
LIC_FILES_CHKSUM updated do
On 2/17/21 12:57 AM, Rahul Taya wrote:
> Hi,
>
> I have backported this patch from Master branch as in master(v1.43.0)
> and Gatesgarth(v1.41.0) the code of this patch is already present in
> the source code so it is only applicable for Dunfell(v1.40.0) and
> Zeus(v1.39.1) branch.
>
> Yes i will
On 2/16/21 10:23 AM, Steve Sakoman wrote:
> The weekly cve reports for master, gatesgarth, and dunfell currently
> omit linux-yocto since the CPE database for the kernel is notoriously
> incomplete in versioning information.
>
> This morning at the YP technical team meeting we discussed this and
On 2/16/21 12:39 AM, Rahul Taya wrote:
> Added patch for CVE-2020-11080 taken from below link:
> https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
>
> Signed-off-by: Rahul Taya
Wrong ML.
Is master or Gatesgath affected by this?
Also the patch it self is
I don't see the point in logging native, nativesdk etc.
The bottom line is the BPN has the issue.
Allow folks to filter out those other package name variations via
CVE_CHECK_MANIFEST_FILTER
Signed-off-by: Armin Kuster
--
[V2]
rename varible to CVE_CHECK_FILTER_BUILD_TOOLS
---
This helps avoid these errors:
ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found:
/home/build/builds/master/tmp/work/core2-64-poky-linux/lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
We should continuing to scan other applied patches for CVE info.
Signed-off-by: Armin Kuster
---
On 2/15/21 12:11 PM, Robert P. J. Day wrote:
> yes, i know fedora 33 is not a supported build distro, but in trying
> an absolutely stock build of core-image-minimal from poky (zeus
> branch) on my F33 system, i ran into a gcc 10-related build error for
> which this:
>
>
On 2/14/21 11:51 PM, mikko.rap...@bmw.de wrote:
> Hi,
>
> On Sun, Feb 14, 2021 at 11:20:27PM +, akuster wrote:
>> I don't see the point in logging native, nativesdk etc.
>> The bottom line is the BPN has the issue.
> While I agree to some part and do alot of:
>
I don't see the point in logging native, nativesdk etc.
The bottom line is the BPN has the issue.
Allow folks to filter out those other package name variations via
CVE_CHECK_MANIFEST_FILTER
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 9 +
1 file changed, 9
Provide a method to clone and push to a git repo
Provide a method to pre-populate buildhistory
Maybe remove the need for external scripts to do the same
Three new variables:
BUILDHISTORY_BRANCH - branch used for checkout and pushing
BUILDHISTORY_CLONE - git repo uri
example:
On 2/14/21 10:43 AM, Konrad Weihmann wrote:
>
>
> On 14.02.21 18:59, akuster wrote:
>> Let archive package cve.logs too
>>
>> Signed-off-by: Armin Kuster
>> ---
>> meta/classes/buildhistory.bbclass | 24
>> 1 file chan
Let archive package cve.logs too
Signed-off-by: Armin Kuster
---
meta/classes/buildhistory.bbclass | 24
1 file changed, 24 insertions(+)
diff --git a/meta/classes/buildhistory.bbclass
b/meta/classes/buildhistory.bbclass
index 8ed420174e9..a119981d9b7 100644
---
On 2/14/21 9:12 AM, Richard Purdie wrote:
> On Sun, 2021-02-14 at 15:53 +0000, akuster wrote:
>> Provide a method to clone and push to a git repo
>> Provide a method to pre-populate buildhistory
>> Maybe remove the need for external scripts to do the same
>
Provide a method to clone and push to a git repo
Provide a method to pre-populate buildhistory
Maybe remove the need for external scripts to do the same
Three new variables:
BUILDHISTORY_CLONE - Enable the cloning function
BUILDHISTORY_BRANCH - branch used for checkout and pushing
From: Alexander Kanavin
Drop a patch merged upstream.
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
(cherry picked from commit ce2948af5293258a69a9cfefba9e883cefecac87)
[ 1.38 changelog:
Fix issue with online check on IP address update.
Fix issue with OpenVPN and encrypted
From: akuster
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix
From: akuster
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix
[Yocto #14231]
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Signed-off-by: Armin Kuster
---
.../connman/{connman_1.38.bb => connman_1.39.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename
On 2/10/21 7:54 AM, Oleksandr Kravchuk wrote:
> Changelog:
> - Fix issue with scanning state synchronization and iwd.
> - Fix issue with invalid key with 4-way handshake offloading.
> - Fix issue with DNS proxy length checks to prevent buffer overflow.
> - Fix issue with DHCP leaking stack data
On 2/10/21 3:11 AM, Ray Smith wrote:
> Mesa doesn't _require_ either of these features of the distribution,
> it (conditionally) _provides_ them.
>
> This has a desirable side-effect of enabling a build of mesa that
> supports only OpenGL ES and EGL, without having the rest of the
> distribution
[Yocto #14231]
Bug fix only and includes two security fixes:
CVE-2021-26676
CVE-2021-26676
Signed-off-by: Armin Kuster
---
.../connman/{connman_1.38.bb => connman_1.39.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename
Signed-off-by: Armin Kuster
---
meta/conf/documentation.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
index eee3c43ff2c..c5a38b07642 100644
--- a/meta/conf/documentation.conf
+++ b/meta/conf/documentation.conf
@@ -123,6
From: Lee Chee Yang
https://github.com/p11-glue/p11-kit/releases/tag/0.23.22
Release notes:
Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361,
CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook
anchor: Prefer persistent format when storing anchor [#329]
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Richard Purdie
(cherry picked from commit 6e811db2f614500f16415fc09801f229968428e7)
[0.23.x is an lts release, bug fix only update]
Signed-off-by: Armin Kuster
---
.../p11-kit/{p11-kit_0.23.20.bb => p11-kit_0.23.21.bb}
On 2/8/21 2:16 AM, Richard Purdie wrote:
> On Mon, 2021-02-08 at 05:51 +0000, akuster wrote:
>> There are times when exluding or including a layer
>> may be desired. This provide the framwork for that via
>> two variables. The default is all layers in bblayers.
>>
>
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 17
Lets include whcih layer a package belongs to and
add it to the cve logs
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 4
1 file changed, 4 insertions(+)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ed86403b6bc..061af7a2760 100644
This is still needed by libest in meta-security
Signed-off-by: Armin Kuster
Cc: Shachar Menashe
---
meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
For your info see:
https://lore.kernel.org/lkml/xmqqk0t1g326@gitster.c.googlers.com/T/
Signed-off-by: Armin Kuster
---
meta/recipes-devtools/git/{git_2.29.2.bb => git_2.30.0.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/git/{git_2.29.2.bb =>
On 1/16/21 9:44 AM, Martin Jansa wrote:
> Aren't the missing spaces in appends fixes also needed for meta-oe
> recipes?
>
> I think at least top 5 commits from:
> https://git.openembedded.org/meta-openembedded/log/?qt=grep=space.*append
> were also follow-up from these changes in oe-core.
>
Do
From: Joshua Watt
Adds variables that can be used to allow a recipe to pass extra
arguments to `waf build` and `waf install`. In most cases, you want to
pass the same arguments to `build` and `install` (since install is a
superset of `build`), so by default setting EXTRA_OEWAF_BUILD also
affects
From: Ross Burton
Waf typically uses `python` as the intepretter but inside a task this
does not exist. Typically this is solved by patching waf (see the
glmark2 recipe) but not all versionf of Waf support Python 3 so we can't
assume a specific interpretter.
Instead, create a new variable
World builds failed for mvp. These two changes fix
Exception: PermissionError: [Errno 13] Permission denied:
'TOPDIR/tmp/work/core2-64-poky-linux/mpv/0.32.0-r0/git/waf'
https://errors.yoctoproject.org/Errors/Details/539929/
Issue introduced by
From: Armin Kuster
Source: https://curl.se/
MR: 105190
Type: Security Fix
Disposition: Backport from
https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
ChangeID: 7cb4278f48b0da2009b5b7cf2b2383b12a5660ab
Description:
Fixes CVE-2020-8231
Affects 7.29.0 to 7.71.1
From: Khairul Rohaizzat Jamaluddin
Source: git.openembedded.org
MR: 107592, 107620, 107606
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core-contrib/commit/?h=anujm/gatesgarth=f1a0ea55c0ae2cce7f7c3c6c73f57c5b8222c860
ChangeID:
From: Scott Murray
Source: openembedded.org
MR: 107928
Type: Security Fix
Disposition: Backport from
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=53d149df4d8832e34ace2470c31ddc688176faf7
ChangeID: 462441a4a91cb481401e170876c25dcdbd00f1e0
Description:
* CVE
From: Armin Kuster
Source: glibc.org
MR: 107580
Type: Security Fix
Disposition: Backport from
https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
ChangeID: 7bc5edb2e1947ac0774a453000a1568bbe3bb7d2
Description:
Fixedup to match 2.31 context. ldbl2mpn.c
From: Armin Kuster
Source: freedesktop.org
MR: 105894
Type: Security Fix
Disposition: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
ChangeID: 2c6b7553d8e5bc152258ad1794d95cb7d8b215eb
Description:
CVE-2020-14345 fix
Signed-off-by:
This reverts commit 8ce691e47f5b3f795821a439536f4b54b24f887f.
The above commit introduced an issue now being seen on Ubuntu 20.
ERROR: mpv-0.32.0-r0 do_configure: Error executing a python function in
exec_python_func() autogenerated:
The stack trace of python calls that resulted in this
On 11/27/20 8:24 PM, Tim Orling wrote:
> From: Tim Orling
>
> We are increasingly needing pytest in oe-core, so it is time to move it
> from meta-python.
>
> This series first imports the recipes -- as-is -- from meta-python.
> Second, the maintainers.inc is updated to add myself as maintainer
On 11/13/20 11:48 AM, Alexander Kanavin wrote:
> Setting _PYTHON_SYSCONFIGDATA_NAME in python3native class globally was
> problematic as it was leaking into host python environment, which
> was causing tracebacks depending on host distro and action
> (typically anything involving importing
From: akuster
Failure seen on my CentOS7 build host
Signed-off-by: akuster
---
.../0001-xf86drm.c-fix-build-failure.patch| 87 +++
meta/recipes-graphics/drm/libdrm_2.4.102.bb | 4 +-
2 files changed, 90 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes
From: Armin Kuster
Fixes:
WARNING: core-image-sato-sdk-1.0-r0 do_testimage: Couldn't login into serial
console as root using blank password
WARNING: core-image-sato-sdk-1.0-r0 do_testimage: The output:
root
<<< run_serial(): command timed out after 60 seconds without output >>>
In another
On 9/11/20 12:37 AM, Lee Chee Yang wrote:
> From: Lee Chee Yang
>
> use safelist instead of whitelist.
Thanks for sending the patch. There is some unfinished conclusions for
renaming various variables to be more inclusive. I am personally fine
with this word choice.
Is this what other open
Hello,
The Zeus branch was defined as a transitional branch with a 9 month
stable cycle since LTS was created. The 3.0.4 was the last Zeus dot
release. We have since added several Build stabilization changes and
last minute backports . We intend on doing on last formal build cycle
but no QA so no
Sorry. still have the old email address in my contacts.
re-sending.
Forwarded Message
Subject:[yocto] Warrior and Thud stable branches
Date: Tue, 8 Sep 2020 21:39:28 -0700
From: akuster via lists.yoctoproject.org
Reply-To: akuster...@gmail.com
From: Khem Raj
This supports glibc upto 2.32 which is now rolling into distributions
Signed-off-by: Khem Raj
Signed-off-by: Richard Purdie
(cherry picked from commit 5cda8c7d642cfb72242c95f450e3391bd6537709)
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/yocto-uninative.inc | 10
On 9/4/20 1:39 AM, Andrey Zhizhikin wrote:
> Hello Armin,
>
> On Tue, Sep 1, 2020 at 5:23 PM akuster wrote:
>> Removed obsolete packageconfig options
>>
>> License change to MPL-2.0
>> https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE
>>
.cgi/poky/commit/?h=master-next=a5a4fa3d7cf7a88a7788e64306b8797e60999005
-armin
> in meta-networking networkmanager recipe
> depends on it too which I think I can take care.
>
> On Tue, Sep 1, 2020 at 8:23 AM akuster wrote:
>> update maintainers.inc too
>>
>> Signed-off
update maintainers.inc too
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/maintainers.inc | 1 -
meta/recipes-connectivity/dhcp/dhcp.inc | 149 --
...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch | 27
...-limitation-in-linux-dhclient-script.patch | 65
pkg need for kea
Signed-off-by: Armin Kuster
---
.../log4cplus/log4cplus_2.0.5.bb | 19 +++
1 file changed, 19 insertions(+)
create mode 100644 meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
diff --git a/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
Signed-off-by: Armin Kuster
---
.../kea/files/0001-remove-AC_TRY_RUN.patch| 34 ++
.../kea/files/kea-dhcp-ddns.service | 13
.../kea/files/kea-dhcp4.service | 13
.../kea/files/kea-dhcp6.service | 13
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/maintainers.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/distro/include/maintainers.inc
b/meta/conf/distro/include/maintainers.inc
index b83be2c5f9e..27e3474da8b 100644
--- a/meta/conf/distro/include/maintainers.inc
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/maintainers.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/conf/distro/include/maintainers.inc
b/meta/conf/distro/include/maintainers.inc
index c3a1f273328..b83be2c5f9e 100644
--- a/meta/conf/distro/include/maintainers.inc
Signed-off-by: Armin Kuster
---
...1-avoid-start-failure-with-bind-user.patch | 27 --
in-remove-useless-L-use_openssl-lib.patch | 30 --
...d-V-and-start-log-hide-build-options.patch | 34 --
...ching-for-json-headers-searches-sysr.patch | 47 ---
Removed obsolete packageconfig options
License change to MPL-2.0
https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE
Refreshed:
bind-ensure-searching-for-json-headers-searches-sysr.patch
0001-named-lwresd-V-and-start-log-hide-build-options.patch
Signed-off-by: Armin Kuster
---
.../dhcpcd/dhcpcd_9.1.4.bb| 28
...e-INCLUDEDIR-to-prevent-build-issues.patch | 45 +++
2 files changed, 73 insertions(+)
create mode 100644 meta/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb
create mode 100644
From: Armin Kuster
Source: isc.org
MR: 105232, 105246, 105260
Type: Security Fix
Disposition: Backport from https://www.isc.org/bind/
ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366
Description:
Bug fix only update
Three CVE fixes
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
For more
This update has been attempted a few times. It has many moving parts.
the latest work is sitting @
https://git.openembedded.org/openembedded-core-contrib
akuster/bind_update
<https://git.openembedded.org/openembedded-core-contrib/log/?h=akuster/bind_update>
- armin
On 8/15/20 11
From: Konrad Weihmann
Some pypi packages do have suffixes like dev, or a0 or b1.
When doing a version check on these, the version will get falsely
identified as major release versions.
Add a terminating slash to rule out those false positives
Signed-off-by: Konrad Weihmann
Signed-off-by:
From: Tim Orling
Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/
redirects to https://pypi.org/project/${PYPI_PACKAGE}/
Signed-off-by: Tim Orling
Signed-off-by: Richard Purdie
Signed-off-by: Steve Sakoman
(cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0)
[Yocto #
2020 3:58 PM
>> To: yo...@lists.yoctoproject.org
>> Cc: ota...@ossystems.com.br; yi.z...@windriver.com; Sangal, Apoorv
>> ; Yeoh, Ee Peng ; Chan,
>> Aaron Chun Yew ;
>> richard.pur...@linuxfoundation.org; akuster...@gmail.com;
>> sjolley.yp...@gmail.com; Jain, Sangeeta ;
On 7/27/20 7:47 AM, Richard Purdie wrote:
> On Mon, 2020-07-27 at 06:57 -0700, akuster808 wrote:
>> On 7/27/20 2:39 AM, Richard Purdie wrote:
>>> On Sun, 2020-07-26 at 19:52 -0700, akuster wrote:
>>>> If the "tmp/cve_check" file was not create as in the c
Adrian,
On 7/21/20 1:53 AM, Richard Purdie wrote:
> On Tue, 2020-07-14 at 16:56 +0300, Adrian Bunk wrote:
>> On Thu, Jun 04, 2020 at 09:28:00PM -0700, akuster wrote:
>>> Hello,
>>>
>>> The Warrior branch of Poky has had its last official dot release.
>>&g
On 7/27/20 2:39 AM, Richard Purdie wrote:
> On Sun, 2020-07-26 at 19:52 -0700, akuster wrote:
>> If the "tmp/cve_check" file was not create as in the case for -c
>> populate_sdk, just print a
>> warning instead of dumping a trace back
>>
>> ---
>&g
ignore this one. should have been squished a local change.
-armin
On 7/26/20 7:50 PM, akuster via lists.openembedded.org wrote:
> If the "tmp/cve_check" file was not create as in the case for -c
> populate_sdk, just print a
> warning instead of dumping a trace back
>
If the "tmp/cve_check" file was not create as in the case for -c populate_sdk,
just print a
warning instead of dumping a trace back
---
v2] lets include the missing part of the patch
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 4
1 file changed, 4 insertions(+)
diff
If the "tmp/cve_check" file was not create as in the case for -c populate_sdk,
just print a
warning instead of dumping a trace back
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/cve-check.bbclass
On 7/26/20 10:11 AM, Trevor Gamblin wrote:
>
>
> On 7/25/20 10:58 AM, akuster808 wrote:
>> Per release notes, riscv is now supported.
>> https://releases.llvm.org/10.0.0/docs/ReleaseNotes.html#changes-to-the-risc-v-target
>>
>> If you have time, can you also double check Riscv so these two can
fixes:
NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'gtk+3' (but
/.../poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb DEPENDS on or
otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
Signed-off-by: Armin
Per release notes, riscv is now supported.
https://releases.llvm.org/10.0.0/docs/ReleaseNotes.html#changes-to-the-risc-v-target
If you have time, can you also double check Riscv so these two can be
removed, if not maybe we can wait until this is in core.
|
COMPATIBLE_HOST_riscv64 = "null"
On 7/25/20 4:13 AM, Konrad Weihmann wrote:
> Hi all,
>
> I'm just too lazy to check if that has been fixed in master already,
> but since yesterday cve-check breaks on zeus for me with the following
I think I just saw this on master. We need to check if NVD changed their
format again.
-armin
This error has been reported earlier.
I am working on a fix .
-armin
On 7/24/20 5:25 AM, vygu via lists.yoctoproject.org wrote:
> Hello,
>
> We observe this following error about cve_check after a populate_sdk:
>
> ERROR: Execution of event handler 'cve_save_summary_handler' failed
> Traceback
On 7/21/20 2:54 AM, Adrian Bunk wrote:
> This breaks building the SDK in distributions with INHERIT += "cve-check":
>
> $ bitbake tmp-sdk -c populate_sdk
> ...
> NOTE: Tasks Summary: Attempted 2785 tasks of which 2785 didn't need to be
> rerun and all succeeded.
> ERROR: Execution of event
From: Armin Kuster
Source: glibc.org
MR: 104799
Type: Security Fix
Disposition: Backport from beea361050728138b82c57dda0c4810402d342b9
ChangeID: 29df826fb697fdd2742c3bace33388bda962c5f1
Description:
Signed-off-by: Armin Kuster
---
.../glibc/glibc/CVE-2020-6096.patch | 112
The update via Commit
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=2c7e0e0bf32eb1ed0b7d8acddb16c0d1e93f2aa1
should have added the whitelist for this CVE removed
Signed-off-by: Armin Kuster
---
meta/recipes-core/glibc/glibc_2.31.bb | 2 ++
1 file changed, 2
On 7/12/20 3:38 PM, akuster via lists.openembedded.org wrote:
> The cve-check file should be saved always, it has good info.
>
> Put a copy in the log dir as cve-summary with symlinks to latest run.
>
> [Yocto #13974]
ping. Any issues with this? Did I miss a response to this?
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 32
1 file changed, 32 insertions(+)
diff --git
On 7/11/20 6:21 PM, Rahul Kumar wrote:
> CVE: CVE-2018-1000500
>
> Signed-off-by: Rahul Kumar
Does this affect master?
-armin
> ---
> .../busybox/busybox/busybox-CVE-2018-1000500.patch | 98
> ++
> meta/recipes-core/busybox/busybox_1.31.1.bb| 1 +
> 2 files
From: Armin Kuster
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from
https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:
Affects sqlite < 3.32.3
Fixes CVE CVE-2020-15358
Signed-off-by: Armin Kuster
From: Armin Kuster
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from
https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:
Affects sqlite < 3.32.3
Fixes CVE CVE-2020-15358
Signed-off-by: Armin Kuster
Looks like I forgot to update the contrib branch.
This is a squished set of these changes:
https://git.openembedded.org/meta-openembedded/commit/?id=e03b48481438c747322f07ac1e1f04add541ffac
https://git.openembedded.org/meta-openembedded/commit/?id=9b61f412d36b390f8d71ad1fb5875f5f6e32fd8a
e4e66856ebe8d8800dfc1f0
>
Oh, that is not good. I will be sending an upgrade patch soon.
-armin
> On Mon, Jun 22, 2020 at 4:19 PM akuster <mailto:akuster...@gmail.com>> wrote:
>
> From: Armin Kuster mailto:akus...@mvista.com>>
>
> Signed-off-by: Armin Ku
From: Armin Kuster
Source: http://w1.fi/security/
MR: 104452
Type: Security Fix
Disposition: Backport from http://w1.fi/security/2020-1/
ChangeID: 81edff1c2c8bd592643ad3e9bba41447c34b3468
Description:
Affects <= 2.9 wpa-supplicant
Signed-off-by: Armin Kuster
---
From: Armin Kuster
Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from
https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:
- Affected versions: curl 7.20.0 to and
ISC dhcp is being retiered by kea.
Move kea from meta-oe to core
Signed-off-by: Armin Kuster
---
.../kea/files/0001-remove-AC_TRY_RUN.patch| 34 ++
.../kea/files/kea-dhcp-ddns.service | 13
.../kea/files/kea-dhcp4.service | 13
replaces by kea
Signed-off-by: Armin Kuster
---
meta/recipes-connectivity/dhcp/dhcp.inc | 149 --
...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch | 27
...-limitation-in-linux-dhclient-script.patch | 65
.../dhcp/dhcp/0002-dhclient-dbus.patch| 117
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/maintainers.inc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/maintainers.inc
b/meta/conf/distro/include/maintainers.inc
index fc1b5272da..31dfbf5064 100644
---
From: Armin Kuster
Removed obsolete packageconfig options
License change to MPL-2.0
https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE
Refreshed:
bind-ensure-searching-for-json-headers-searches-sysr.patch
0001-named-lwresd-V-and-start-log-hide-build-options.patch
pkg need for kea
Signed-off-by: Armin Kuster
---
.../log4cplus/log4cplus_2.0.5.bb | 19 +++
1 file changed, 19 insertions(+)
create mode 100644 meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
diff --git a/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
From: Armin Kuster
Signed-off-by: Armin Kuster
---
meta/conf/distro/include/maintainers.inc | 1 +
.../libuv/libuv_1.34.2.bb | 19 +++
2 files changed, 20 insertions(+)
create mode 100644 meta/recipes-connectivity/libuv/libuv_1.34.2.bb
diff --git
Move to the latest Bind ESV and replace the depricated dhcp with kea.
Three packages need to move from meta-oe to core.
The new bind is not compatable with the dhcp
Armin Kuster (6):
libuv: move from meta-oe to core for bind update
bind: Update to latest ESV version 9.16
log4cplus: move
On 6/17/20 1:22 AM, a...@auh.yoctoproject.org wrote:
> Hello,
>
> this email is a notification from the Auto Upgrade Helper
> that the automatic attempt to upgrade the recipe *bind* to *9.16.3* has
> Failed (devtool error).
Its on my list to update the work i did awhile back.
-armin
>
>
On 6/18/20 1:31 AM, jason.lau wrote:
> libjpeg-turbo 2.0.4 has a heap-based buffer over-read
> in get_rgb_row() in rdppm.c via a malformed PPM input file.
>
> CVE: CVE-2020-13790
What about dunfell?
-armin
>
> Upstream-Status: Backport
>
1 - 100 of 170 matches
Mail list logo