Drop patch from 81485be19b18 ("gnutls: don't use HOSTTOOLS_DIR/bash as a
shell on target") as upstream now honours POSIX_SHELL when set as the
primary target shell.
Signed-off-by: Alex Kiernan
---
.../gnutls/gnutls/posix-shell.patch | 39 ---
.../{gnutls_3.6.8.bb => gn
On Mon, Dec 16, 2019 at 07:59:50AM -0800, Armin Kuster wrote:
>...
> Khem Raj (1):
> sdk: Install nativesdk locales for all TCLIBC variants
>
> Ross Burton (12):
>...
> cve-check: ensure all known CVEs are in the report
> cve-check: failure to parse versions should be more visible
> cve-ch
Signed-off-by: Khem Raj
---
.../systemd-bootchart/mips64.patch| 35 +++
.../systemd-bootchart_233.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta/recipes-devtools/systemd-bootchart/systemd-bootchart/mips64.patch
diff --git
a/me
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
https://wiki.yoctoproject.org/wiki/Bug_Triage#N
Hello,
I am still fairly new to Yocto and Openembedded. I've built a custom
distribution and have a few images. I'm now in the process of trying to
determine how to upgrade from one version to another.
I created an image using Yocto 2.6. When I install it, it installs the
following kernel R
From: Ross Burton
A previous optimisation was premature and resulted in false-negatives in the
report.
Rewrite the checking algorithm to first get the list of potential CVEs by
vendor:product, then iterate through every matching CPE for that CVE to
determine if the bounds match or not. By doin
From: Ross Burton
This code used to construct a single SQL statement that fetched the NVD data for
every CVE requested. For recipes such as the kernel where there are over 2000
CVEs to report this can hit the variable count limit and the query fails with
"sqlite3.OperationalError: too many SQL v
From: Ross Burton
Somehow the patch for this CVE only included one of the four required patches.
Signed-off-by: Ross Burton
Signed-off-by: Armin Kuster
---
meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 910 -
1 file changed, 907 insertions(+), 3 deletions(-)
diff -
Signed-off-by: Armin Kuster
---
meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto_4.14.bb | 20 ++--
3 files changed, 16 insertions(+), 16 deletions(-)
diff --
From: Ross Burton
Remove obsolete Python 2 code, and use convenience methods for neatness.
(From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 18 +-
From: Ross Burton
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Sig
From: Ross Burton
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by:
From: Ross Burton
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/recipes-core/meta/cve-update-d
From: Ross Burton
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)
Signed-off-by: Ross Burto
From: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/classes/cve-check.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index f87bcc9..1c8b222 100644
--- a/meta/classe
From: Ross Burton
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019. As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.
To ensure that cve-check continues working, backport the following commits from
master to mov
From: Ross Burton
CVEs that are whitelisted or were not vulnerable when there are version
comparisons were not included in the report, so alter the logic to ensure that
all relevant CVEs are in the report for completeness.
(From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264)
Signed-off-
From: Ross Burton
The patch scanner works with patch files in the layer, not in the workdir, so it
doesn't need to unpack.
(From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/classes/cve-c
From: Dan Tran
Signed-off-by: Dan Tran
Signed-off-by: Armin Kuster
---
.../sudo/sudo/CVE-2019-14287_p1.patch | 170 +
.../sudo/sudo/CVE-2019-14287_p2.patch | 98
meta/recipes-extended/sudo/sudo_1.8.23.bb | 2 +
3 files chan
From: Jed
"dbus_daemon" is supposed to be set to the full dbus-daemon file
path, not just its directory.
Signed-off-by: Jed
Signed-off-by: Ross Burton
---
meta/recipes-support/atk/at-spi2-core_2.28.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/a
From: Dan Tran
Signed-off-by: Dan Tran
Signed-off-by: Armin Kuster
---
meta/recipes-extended/tar/tar/CVE-2018-20482.patch | 405 +
meta/recipes-extended/tar/tar_1.30.bb | 1 +
2 files changed, 406 insertions(+)
create mode 100644 meta/recipes-extended/tar/ta
From: Shubham Agrawal
fix Upstream-Status: Backport
Signed-off-by: Shubham Agrawal
Signed-off-by: Armin Kuster
---
.../libgcrypt/files/CVE-2019-12904_p1.patch| 176 +++
.../libgcrypt/files/CVE-2019-12904_p2.patch| 330 +
meta/recipes-support/libgcryp
From: Khem Raj
install_locales() here is actually operating on nativesdk and only glibc
is the default library for nativesdk, since thats what most of
desktop/server distros use, therefore bailing out based on TCLIBC is not
needed here, since nativesdk-glibc would be required for all non-glibc
ta
Here are the next series for thud. Passed A-full
The following changes since commit cd7cf933b3235560ec71576d8f3836dff736a39f:
build-appliance-image: Update to thud head revision (2019-10-17 16:45:34
+0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-cor
On Mon, Dec 16, 2019 at 3:21 AM Ross Burton wrote:
>
> On 16/12/2019 04:39, Khem Raj wrote:
> > On Fri, Dec 13, 2019 at 3:22 PM Ross Burton wrote:
> >>
> >> Manpages generated by Pod::Man contain the version number, which isn't
> >> reproducible if we're using the host Perl to generate manpage.
>
On Sun, 15 Dec 2019 at 12:03, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Thu, 2019-12-12 at 19:14 +0100, Alexander Kanavin wrote:
> > License-Update: URLs changed from http to https
> > Signed-off-by: Alexander Kanavin
>
> In an effort to try and get to the bottom of which p
On 12/12/2019 21:41, André Draszik wrote:
This is a mere 24KB (on 32bit arm), avoiding to pull in
all of the remainder +300KB in small initramfs images
when not needed.
Add this new package to RDEPENDS of e2fsprogs so as to
not break existing users.
Between this and util-linux, there's a lot of
On 15/12/2019 18:37, Adrian Bunk wrote:
I am wondering whether patchtest should send warning emails on
Upstream-Status: Pending
In practice patches are usually forwarded upstream either at submission
or never.[1]
Not upstreamed OE-only patches create a technical debt that often makes
recipe
Signed-off-by: Ross Burton
---
meta/classes/podfix.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/classes/podfix.bbclass b/meta/classes/podfix.bbclass
index 54fff6a0a23..cc8210a27e2 100644
--- a/meta/classes/podfix.bbclass
+++ b/meta/classes/podfix.bbclass
@@ -16,6 +16,9 @@ p
On 16/12/2019 04:39, Khem Raj wrote:
On Fri, Dec 13, 2019 at 3:22 PM Ross Burton wrote:
Manpages generated by Pod::Man contain the version number, which isn't
reproducible if we're using the host Perl to generate manpage.
One option is to always depend on perl-native when generating manpages
Hi Andre,
On Dec 12, 2019, at 9:17 PM, André Draszik g...@andred.net wrote:
> Hi,
>
> On Thu, 2019-12-12 at 07:49 -0500, Jean-Marie LEMETAYER wrote:
>> Hi folks,
>>
>> I am currently trying to update/refactor the handling of the NPM packages.
>> [...]
>> Is it OK ? Any thought ? Any advice ?
>
On Mon, Dec 16, 2019 at 11:41:53AM +0100, Jacob Kroon wrote:
> On 12/16/19 10:56 AM, Martin Jansa wrote:
> > * it's terrible, but this is what oe-core wants and it's better than mixing
> > tabs and spaces in the same function
> >
> > Signed-off-by: Martin Jansa
> > ---
> > meta/classes/sstate.
* it's terrible, but this is what oe-core wants and it's better than mixing
tabs and spaces in the same function
Signed-off-by: Martin Jansa
---
meta/classes/sstate.bbclass | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/meta/classes/sstate.bbclass b/meta/classe
On 12/16/19 10:56 AM, Martin Jansa wrote:
* it's terrible, but this is what oe-core wants and it's better than mixing
tabs and spaces in the same function
Signed-off-by: Martin Jansa
---
meta/classes/sstate.bbclass | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git
* it's terrible, but this is what oe-core wants and it's better than mixing
tabs and spaces in the same function
Signed-off-by: Martin Jansa
---
meta/classes/sstate.bbclass | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/
35 matches
Mail list logo
