Alexander Kanavin writes:
> These two are orthogonal. "amalgamation" is building sqlite from a
> single source file for performance and simplicity reasons, which is
> what yocto does as well, despite there being no mention of it in the
> recipe. Enabling or disabling specific sqlite features can
* CVE-2018-8740
In SQLite through 3.22.0, databases whose schema is corrupted
using a CREATE TABLE AS statement could cause a NULL pointer dereference,
related to build.c and prepare.c.
Affects sqlite3 <= 3.22.0
Upstream-Status: Backport [
* CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the
png_check_chunk_length function (pngrutil.c) may trigger an
integer overflow and resultant divide-by-zero while processing
a crafted PNG file, leading to a denial of service.
(cherry picked from
* CVE-2017-15874
busybox: Integer underflow in archival/libarchive/decompress_unlzma.c
(cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b)
Affects busybox <= 1.27.2
Upstream-Status: Backport [
https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b]
CVE:
From: Piotr Tworek
Musl libc does not implement file traversal functions from fts.h.
Oe-core provides fts library which implements those. Libselinux makefile
allows us to use such additional library by specifying required linker
flags via FTS_LDLIBS variable.
Signed-off-by: Piotr Tworek
---
From: Piotr Tworek
The package needs logging, json and argparse modules to start.
Additionaly, it also needs libselinux-python in order to really work.
Without it it'll just print an error message instructing the user to
install it.
Signed-off-by: Piotr Tworek
---
On 9/21/2018 4:35 PM, akuster808 wrote:
I already have in my sumo-next
http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=stable/sumo-next
libcroco: patch for CVE-2017-7960
On 9/21/2018 4:35 PM, akuster808 wrote:
For the rest can you sent them to the proper mailing list
openembedded-c...@lists.openembedded.org via git send-patch.
I noticed a few of the patches for recipes need some addition information:
please review
Sinan,
On 09/21/2018 12:43 PM, Sinan Kaya wrote:
> I'm sure this has been discussed recently but I wanted to raise this
> question
> one more time as I have seen a lot of CVEs patches getting pulled into
> the sumo
> branch recently.
>
> We started enabling the cve-check feature and are triaging
2018-09-21 21:43 GMT+02:00 Sinan Kaya :
> 2. Apply the attached patches to sumo branch.
>
> We'd like to hear the community opinion.
For stable branches the yocto project tends to be on the conservative
side. Which means option 2: backport the cve fixes.
For the master branch, version upgrades
I'm sure this has been discussed recently but I wanted to raise this question
one more time as I have seen a lot of CVEs patches getting pulled into the sumo
branch recently.
We started enabling the cve-check feature and are triaging the results of CVE
reports. We think that the following CVEs
You can probably have a .bbappend file which removes all the unneeded files in
do_install_append()
Alex
2018-09-21 19:29 GMT+02:00 Matthias Schoepfer
:
> Hi!
>
> In my case, I am using coreutils and busybox. But I only need one
> program of coreutils. Now, I have plenty binaries with .coreutils
Hi!
In my case, I am using coreutils and busybox. But I only need one
program of coreutils. Now, I have plenty binaries with .coreutils
installed in my image, which bloats the image (every byte counts ;) ).
Its a read-only-image, update-alternatives or package management is not
used. Is there a
Signed-off-by: Armin Kuster
---
.../{samhain-client_4.2.4.bb => samhain-client_4.3.0.bb} | 0
.../{samhain-server_4.2.4.bb => samhain-server_4.3.0.bb} | 0
...amhain-standalone_4.2.4.bb => samhain-standalone_4.3.0.bb} | 0
recipes-security/samhain/samhain.inc |
On 2018-09-21 14:34, Evan O'Loughlin wrote:
From: Bas Mevissen [ab...@basmevissen.nl]
Sent: 20 September 2018 23:21
To: Evan O'Loughlin
Cc: yocto@yoctoproject.org
Subject: Re: [yocto] Yocto SDK generated - unable to compile
application
On 9/20/18 3:32
Wired: I've just sent a patch to update oe-core to use the current
HEAD of pseudo.
Tired: WARNING: glibc-locale-2.28-r0 do_package_qa: QA Issue:
glibc-locale:
/glibc-binary-localedata-en-za.iso-8859-1/usr/lib/locale/en_ZA.ISO-8859-1/LC_PAPER
is owned by uid 1000, which is the same as the user
From: Bas Mevissen [ab...@basmevissen.nl]
Sent: 20 September 2018 23:21
To: Evan O'Loughlin
Cc: yocto@yoctoproject.org
Subject: Re: [yocto] Yocto SDK generated - unable to compile application
On 9/20/18 3:32 PM, Evan O'Loughlin wrote:
>
>
17 matches
Mail list logo
