This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).
In this commit we add a fix for (*) that wasn't marked as a CVE
initially upstream. A fix of (**) previosly available in OE
backports is in fact fixing CVE-20
The raspberry3-64 machine from meta-raspberrypi is affected by this bug.
https://sourceware.org/bugzilla/show_bug.cgi?id=28355
https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=eb79b2318066cafb75ffdce310e3bbd44f7c79e3
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=7fd8546853e3f03
When mozjs in firefox is built with DEBUG_BUILD = "1"
in local.conf, it will fail with the following error:
rustc-1.56.0-src/vendor/compiler_builtins/src/int/specialized_div_rem
/asymmetric.rs:57:
more undefined references to `core::panicking::panic' follow
Switch to building libstd-rs in "r
The vulkan module has a dependency on libxkbcommon which needs to be
listed so the dependency is correctly handled with debian renaming.
Signed-off-by: Richard Purdie
---
.../gstreamer/gstreamer1.0-plugins-bad_1.18.5.bb| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -
The patch to gcc to disable use of libstdc++ when configuring the library
during gcc-runtime is old and there are perhaps better ways to do this now.
If removed, most builds still "work" but incorrect values for things like
atomic ops are found during configure. mips64 and ppc fail with on target
We've recently seen issues where libxkbcommon was changed in/out of debian
renaming and weston which DEPENDS but doesn't RDEPEND on it would show build
failures.
Looking at the sigdata file for weston:do_package_write_XXX, there were
dependencies on packagedata for RDEPENDS but not DEPENDS. Some i
Signed-off-by: Richard Purdie
---
.../patchelf/{patchelf_0.14.1.bb => patchelf_0.14.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/patchelf/{patchelf_0.14.1.bb =>
patchelf_0.14.2.bb} (91%)
diff --git a/meta/recipes-devtools/patchelf/patchelf_0.
So far only rpi4 cortexa72 SOCs are one which don’t have crypto are you
aware of some others ?
JK: I do not know other SoCs which do not have crypto. The change is
similar to other
meta/conf/machine/include/arm/armv8a/tune-cortexa*.inc files where crypto
has been added as
separate DEFAULTTUNE.
Reg
The newly added
* cortexa72-crc tune builds programs for armv8a with crc.
* cortexa72-crc-crypto builds programs for armv8a with crc and crypto.
The default tune cortexa72 builds programs with armv8a only.
Changes in v2:
Separate tunes for cortexa72-crc and cortexa72-crc-crypto.
[YOCTO #14641]
On Sun, Dec 5, 2021 at 3:36 AM Jagadeesh Krishnanjanappa <
workjagade...@gmail.com> wrote:
> The newly added cortexa72-crypto tune builds programs for armv8a
> with crc+crypto. Whereas default tune cortexa72 builds programs
> with armv8a only.
There is another patch I sent to add converse infact
Since Oracle relicensed bdb, the open source community is slowly but surely
replacing bdb with
supported and open source friendly alternatives. As a result these CVEs are
unlikely to ever be fixed.
Signed-off-by: Steve Sakoman
---
meta/conf/distro/include/cve-extra-exclusions.inc | 9 -
Branch: honister
New this week: 2 CVEs
CVE-2021-3984: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984 *
CVE-2021-4019: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019 *
Removed this week: 1 CVEs
CVE-2021-3968: vim
https://web.nvd.nist.gov/view/vuln/detail?
Branch: hardknott
New this week: 2 CVEs
CVE-2021-3984: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984 *
CVE-2021-4019: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019 *
Removed this week: 5 CVEs
CVE-2021-38297: go
https://web.nvd.nist.gov/view/vuln/detail
Branch: dunfell
New this week: 2 CVEs
CVE-2021-3984: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984 *
CVE-2021-4019: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019 *
Removed this week: 10 CVEs
CVE-2021-29921: python3:python3-native
https://web.nvd.nist.g
On Sun, Dec 5, 2021, 2:39 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Fri, 2021-12-03 at 08:18 -1000, Steve Sakoman wrote:
> > Since Oracle relicensed bdb, the open source community is slowly but
> surely replacing bdb with
> > supported and open source friendly alternative
Branch: master
New this week: 1 CVEs
CVE-2021-3984: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984 *
Removed this week: 1 CVEs
CVE-2021-3968: vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3968 *
Full list: Found 10 unpatched CVEs
CVE-2019-12067: qemu:qemu-n
On Fri, 2021-12-03 at 08:18 -1000, Steve Sakoman wrote:
> Since Oracle relicensed bdb, the open source community is slowly but surely
> replacing bdb with
> supported and open source friendly alternatives. As a result these CVEs are
> unlikely to ever be fixed.
>
> Signed-off-by: Steve Sakoman
The newly added cortexa72-crypto tune builds programs for armv8a
with crc+crypto. Whereas default tune cortexa72 builds programs
with armv8a only.
[YOCTO #14641]
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../conf/machine/include/arm/armv8a/tune-cortexa72.inc | 10 +++---
1 file changed,
On Sun, 2021-12-05 at 01:24 +, Peter Kjellerstedt wrote:
> > -Original Message-
> > From: openembedded-core@lists.openembedded.org
> > On Behalf Of Richard Purdie
> > Sent: den 5 december 2021 00:20
> > To: Ross Burton ;
> > openembedded-core@lists.openembedded.org
> > Subject: Re: [O
19 matches
Mail list logo
