From: Mingli Yu
Backport patch to remove metalink [1] to fix below CVEs:
- CVE-2021-22922 [2]
- CVE-2021-22923 [3]
[1] https://github.com/curl/curl/commit/265b14d6b37c4298bd5556fabcbc37d36f911693
[2] https://curl.se/docs/CVE-2021-22922.html
[3] https://curl.se/docs/CVE-2021-22923.html
Signed-
Signed-off-be: Steve Sakoman
---
meta/lib/oeqa/selftest/cases/reproducible.py | 5 -
1 file changed, 5 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py
b/meta/lib/oeqa/selftest/cases/reproducible.py
index 0e44ce4dbf..c8604a2054 100644
--- a/meta/lib/oeqa/selftest/cases
From: Joshua Watt
If an existing source date epoch file was found during do_unpack, it was
deleted and a new one would be written in its place. This causes a race
with check-before-use code in get_source_date_epoch_value. Resolve the
problem by making do_unpack write the new source date epoch to
From: Richard Purdie
SOURCE_DATE_EPOCH can be expanded early in the parsing process before
the class extensions are applied. This can mean the directory pointed
to for the SDE can be incorrect until later in parsing. Cache the file
name in the cached value and allow it to dynamically update.
Thi
From: Richard Purdie
On an aarch64 build host, vendor is found to be "unknown", on x86 systems
it is "pc". This filters through to the PLATFORM tag in target rpms.
We saw reproducibility test failures where the PLATFORM tags in noarch
rpms were changing depending upon which host built them. Forc
Please review this set of patches for dunfell and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2804
The following changes since commit 62cdc20a2186ecd54d3a7131ec8f6937aa0229ed:
uninative: Upgrade to
1.2.2
* Fixed
- Illegal characters in error messages were surrounded by two
pairs of quotation marks
* Improved
- TOMLDecodeError.__module__ is now the public import path (tomli)
instead of private import path (tomli._parser)
- Eliminated an import cycle when typing.TYP
6.24.0 - 2021-10-23
* This patch updates our vendored list of top-level domains, which is used
by the provisional domains() strategy.
* (did you know that gTLDs can be both added and removed?)
6.23.4 - 2021-10-20
* This patch adds an error for when shapes in xps.arrays() is not passed
python3-profile includes dataclasses.
pprint imports dataclasses:
https://github.com/python/cpython/blob/3.10/Lib/pprint.py#L38
Signed-off-by: Tim Orling
---
meta/recipes-devtools/python/python3/python3-manifest.json | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/rec
All,
The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:
https://wiki.yoctoproject.org/wiki/Bug_Triage#Newc
The exceptions generated with repre are more detailed but escaped the
newlines making them unreadable. Fix this.
Signed-off-by: Richard Purdie
---
meta/classes/patch.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bb
When rebuilds are triggered, autoconf-native can fail with:
| DEBUG: Executing shell function update_gnu_config
| install: cannot stat
'[BUILDPATH]tmp/work/x86_64-linux/autoconf-native/2.71-r0/recipe-sysroot-native/usr/share/gnu-config/config.guess':
No such file or directory
which is due to up
I went through and cleaned up the headers/descriptions on several of the
libtool patchset and submitted (or resubmitted in some cases) them
upstream. This patch updates/renames them to match what I did.
I did fix some whitespace issues in some of the patches and also merged
one case where we had a
All,
Our next OpenEmbedded Happy Hour is on October 27 for Asia/Pacific timezones @
2100/9pm UTC (5pm ET / 2pm PT):
https://www.openembedded.org/wiki/Calendar
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+October+27&iso=20211027T21
--
Regards,
Denys Dmytriye
On Mon, Oct 25, 2021 at 11:28 AM Alexandre Belloni
wrote:
>
> Hello,
>
> I did fix it up but as this is the second time this is happening, I want
> to let you know that git am fails while applying this patch:
>
> error: cannot convert from y to UTF-8
> fatal: could not parse patch
>
> Indeed, the
On Mon, Oct 25, 2021 at 7:59 AM Steve Sakoman via
lists.openembedded.org
wrote:
>
> On Mon, Oct 25, 2021 at 6:43 AM Steve Sakoman via
> lists.openembedded.org
> wrote:
> >
> > On Sun, Oct 24, 2021 at 9:29 PM Minjae Kim wrote:
> > >
> > > vim is vulnerable to Use After Free
> > > Problem: Checkin
Hello,
I did fix it up but as this is the second time this is happening, I want
to let you know that git am fails while applying this patch:
error: cannot convert from y to UTF-8
fatal: could not parse patch
Indeed, the declared charset is y which isn't a thing. I think that what
happens is that
Hi Szabolcs,
> The 10/25/2021 16:04, Lukasz Majewski wrote:
> > > > > Either fix the prelink tool not to prelink shared objects
> > > > > that do not have a dependency on libc.so.6, or fix the
> > > > > dynamic loader to work if prelinked on AArch64.
> > > >
> > > > Just for the correctness -
On Mon, 2021-10-25 at 14:03 -0400, Sakib Sajal wrote:
> From: Matt Cowell
>
> Some symlinks in /proc, such as those under /proc/[pid]/fd,
> /proc/[pid]/cwd, and /proc/[pid]/exe that are not real and should not
> have readlink called on them. These look like symlinks, but behave like
> hardlinks.
From: Matt Cowell
Some symlinks in /proc, such as those under /proc/[pid]/fd,
/proc/[pid]/cwd, and /proc/[pid]/exe that are not real and should not
have readlink called on them. These look like symlinks, but behave like
hardlinks. Readlink does not return actual paths. Previously
pseudo_fix_pa
On Mon, Oct 25, 2021 at 6:43 AM Steve Sakoman via
lists.openembedded.org
wrote:
>
> On Sun, Oct 24, 2021 at 9:29 PM Minjae Kim wrote:
> >
> > vim is vulnerable to Use After Free
> > Problem: Checking first character of url twice.
> >
> > reference:
> > https://github.com/vim/vim/commit/35a9a00afc
On Sun, Oct 24, 2021 at 9:29 PM Minjae Kim wrote:
>
> vim is vulnerable to Use After Free
> Problem: Checking first character of url twice.
>
> reference:
> https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3
>
> Signed-off-by: Minjae Kim
> ---
> .../vim/files/CVE-2021-379
Hello,
Unless I'm doing something wrong, this still fails to apply:
https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/4207/steps/11/logs/stdio
On 24/10/2021 15:40:42+0900, Minjae Kim wrote:
> vim is vulnerable to Use After Free
> Problem: Checking first character of url twice.
>
On 10/25/21 7:55 AM, Richard Purdie wrote:
Just for info, it is possible libtool might make a release. Some of our fixes
are quite useful and would be helpful if adopted by binutils and so on so
getting them upstream would be good. As such I created a git recipe for libtool
locally, rebased our
Just for info, it is possible libtool might make a release. Some of our fixes
are quite useful and would be helpful if adopted by binutils and so on so
getting them upstream would be good. As such I created a git recipe for libtool
locally, rebased our patches and then sent a curated set of 12 of t
Signed-off-by: Wang Mingyu
---
meta/recipes-support/vte/{vte_0.64.2.bb => vte_0.66.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/vte/{vte_0.64.2.bb => vte_0.66.0.bb} (95%)
diff --git a/meta/recipes-support/vte/vte_0.64.2.bb
b/meta/recipes-support/vte/v
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Jose Quaresma
> Sent: den 20 oktober 2021 19:26
> To: openembedded-core@lists.openembedded.org
> Cc: Jose Quaresma
> Subject: [OE-core] [PATCH v2] sstate: fix touching files ins
0002-src-privsep-linux.c-add-support-for-arc-28.patch
removed since it is included in 9.4.1
-License-Update: Copyright year updated to 2021.
Signed-off-by: Wang Mingyu
---
.../{dhcpcd_9.4.0.bb => dhcpcd_9.4.1.bb} | 5 +-
...ivsep-linux.c-add-support-for-arc-28.patch | 63 -
Signed-off-by: Wang Mingyu
---
meta/recipes-devtools/dnf/{dnf_4.9.0.bb => dnf_4.10.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/dnf/{dnf_4.9.0.bb => dnf_4.10.0.bb} (98%)
diff --git a/meta/recipes-devtools/dnf/dnf_4.9.0.bb
b/meta/recipes-devtools/dnf/
Signed-off-by: Wang Mingyu
---
meta/recipes-devtools/file/{file_5.40.bb => file_5.41.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/file/{file_5.40.bb => file_5.41.bb} (97%)
diff --git a/meta/recipes-devtools/file/file_5.40.bb
b/meta/recipes-devtools/fil
Signed-off-by: Wang Mingyu
---
.../libdnf/{libdnf_0.64.0.bb => libdnf_0.65.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/libdnf/{libdnf_0.64.0.bb => libdnf_0.65.0.bb}
(97%)
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.64.0.bb
b/me
2021-10-18 lttng-tools 2.13.1 (National Chocolate Cupcake Day)
Fix: ust: app stuck on recv message during UST comm timeout scenario
Fix: ust: UST communication can return -EAGAIN
Fix: ust: segfault on lttng start on filter bytecode copy
Fix: sessiond: previously created channel cannot be enable
This is the same solution that has been applied to meson.bbclass to
allow building with meson after it has been updated to a new
version. It needs to be applied here as well since qemu uses meson
without inheriting meson.bbclass.
Signed-off-by: Peter Kjellerstedt
---
meta/recipes-devtools/qemu/q
sstate.bbclass no longer removes empty directories to avoid a race (see
commit 4f94d929 "sstate/staging: Handle directory creation race issue").
Unfortunately Python apparently treats an empty egg-info directory as if
the version it previously contained still exists and fails if a newer
version is
Hi Szabolcs,
> The 10/25/2021 12:53, Lukasz Majewski wrote:
> > Hi Florian,
> >
> > > * Lukasz Majewski:
> > >
> > > > Do we have any idea on how to move forward with this issue?
> > >
> > > Either fix the prelink tool not to prelink shared objects that do
> > > not have a dependency on
> -Original Message-
> From: Alexandre Belloni
> Sent: den 23 oktober 2021 12:22
> To: Peter Kjellerstedt
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH] meson.bblcass: Remove empty egg-info
> directories before running meson
>
> Hello Peter,
>
> This cau
Hi Florian,
> * Lukasz Majewski:
>
> > Do we have any idea on how to move forward with this issue?
>
> Either fix the prelink tool not to prelink shared objects that do not
> have a dependency on libc.so.6, or fix the dynamic loader to work if
> prelinked on AArch64.
Just for the correctness
Dear Community,
> * Szabolcs Nagy:
>
> > i don't know much about pelinking, but i'd expect that ld.so
> > has to be prelinked for it to work:
> >
> > if the kernel can load ld.so anywhere it will conflict with
> > other libraries that prelinking allocated to a fixed location.
>
> I think ld.so
Hi Steve!
I also updated the patch for dunfell.
Thanks,
Minjae Kim.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#157334):
https://lists.openembedded.org/g/openembedded-core/message/157334
Mute This Topic: https://lists.openembedded.org/mt/86506
Hi,
Thanks for the comments.
Gentle ping on this patch.
Thanks,
Pgowda
On Sun, Oct 17, 2021 at 10:35 AM Khem Raj wrote:
>
> This looks good to me
>
> On Sat, Oct 16, 2021 at 7:51 PM Pgowda wrote:
>>
>> glibc-2.33 release version of Feb 2021 is used in Hardknott branch.
>> There are many bug f
vim is vulnerable to Use After Free
Problem: Checking first character of url twice.
reference:
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3
Signed-off-by: Minjae Kim
---
.../vim/files/CVE-2021-3796.patch | 50 +++
1 file changed, 50 inse
41 matches
Mail list logo
