From: Changqing Li
Signed-off-by: Changqing Li
---
.../rpm/files/0001-CVE-2021-3521.patch| 57 +++
.../rpm/files/0002-CVE-2021-3521.patch| 64
.../rpm/files/0003-CVE-2021-3521.patch| 329 ++
meta/recipes-devtools/rpm/rpm_4.17.0.bb | 3 +
4
From: Changqing Li
Signed-off-by: Changqing Li
---
.../rpm/files/0001-CVE-2021-3521.patch| 57 +++
.../rpm/files/0002-CVE-2021-3521.patch| 64
.../rpm/files/0003-CVE-2021-3521.patch| 329 ++
meta/recipes-devtools/rpm/rpm_4.17.0.bb | 3 +
4
Should there be tests for this? Would be good to check that the network is
indeed disabled in these tasks.
Alex
On Thu 23. Dec 2021 at 2.20, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> Use the newly added nonetwork task flag to disable network access where
> possible in unpack/
From: Ross Burton
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch.
Signed-off-by: Ross Burton
Si
Use the newly added nonetwork task flag to disable network access where
possible in unpack/patch/configure/compile/install tasks.
We can't disable networking in sstate tasks due to sstate downloads and
also so we can report hash equivalence to the server.
Signed-off-by: Richard Purdie
---
meta/
Wayland 1.20.0 is released!
This release contains the following major changes:
- FreeBSD support has been entirely upstreamed and has been added to
our continuous integration system.
- The autotools build system has been dropped. Meson has replaced it.
- A few protocol additions: wl_surface.off
We're seeing failures on systems with old selinux headers. Add a PACKAGECONFIG
entry so that we don't try and build this unless enabled. I'll leave
dependencies to someone who wants it and can test, I just need to fix
build failures right now as this shouldn't be enabled.
Signed-off-by: Richard Pu
On Wed, Dec 22, 2021 at 11:04 AM Ross Burton wrote:
> On Mon, 20 Dec 2021 at 15:04, Marta Rybczynska
> wrote:
> > An example entry:
> > LAYER: meta
> > PACKAGE NAME: libsdl2-native
> > PACKAGE VERSION: 2.0.14
> > CVES FOUND IN RECIPE: Yes
> > PRODUCT: simple_directmedia_layer (Yes)
> > P
Thanks for all the help with this Paul. Hopefully someone will step up
and do this. (And hopefully this is the last time we need to worry abot
a virtual stand)
Philip
On 12/22/21 10:28, Paul Barker wrote:
Hi all,
I'm unable to take the lead on organising a virtual stand for
OpenEmbedded at
Hi all,
I'm unable to take the lead on organising a virtual stand for
OpenEmbedded at FOSDEM 2022. I'm forwarding this mail to the lists to
see if anyone else would like to take over - you'll need to review how
the virtual stands work, update the website content as detailed below
and be aroun
With the sdl frontend, qemu isn't able to even boot fully,
so let's skip the test early.
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py
b/meta/lib/oeqa/selftest/case
From: Anuj Mittal
Backport a patch to increase the timeout that might help with the
intermittent seek test failure.
[YOCTO #14194]
[YOCTO #14669]
(From OE-Core rev: a7dc7a35334ad634926a1386f4a56b27aad3ce68)
Signed-off-by: Anuj Mittal
Signed-off-by: Richard Purdie
(cherry picked from commit 7
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
e8ef940326ef Linux 5.4.167
c97579584fa8 arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
6026d4032dbb arm: extend pfn_valid to take into account freed memory map
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
7f70428f0109 Linux 5.4.165
3a99b4baff3c bpf: Add selftests to cover packet access corner cases
b8a2c49aa956 misc: fastrpc: fix improper packet size calculation
8f9a25e452f8 irqc
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
57899c4e26bf Linux 5.4.163
6c728efe164f tty: hvc: replace BUG_ON() with negative return value
c3024e1945fe xen/netfront: don't trust the backend response data blindly
828b1d3861
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
9334f48f5673 Linux 5.4.162
46a8e16fcf2c ALSA: hda: hdac_stream: fix potential locking issue in
snd_hdac_stream_assign()
293385739d68 ALSA: hda: hdac_ext_stream: fix potential l
From: Bruce Ashfield
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
5915b0ea6746 Linux 5.4.159
abc49cc45d0a rsi: fix control-message timeout
64e6632ab4c1 media: staging/intel-ipu3: css: Fix wrong size comparison
imgu_css_fw_init
From: Mingli Yu
When boot with "init=/sbin/bootchartd" as below:
# runqemu qemux86 bootparams="init=/sbin/bootchartd"
There are two bootchartd process after boot [1].
# ps -ef | grep bootchart
root 101 1 0 03:27 ?00:00:00 /bin/sh /sbin/bootchartd
root 103 101 8 03:2
From: Ernst Sjöstrand
Dropbear shares a lot of code with other SSH implementations, so this is
a port of CVE-2018-20685 to dropbear by the dropbear developers.
Reference:
https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
CVE: CVE-2020-36254
Upstream-Status: Backpor
From: Minjae Kim
The ftp client in GNU Inetutils before 2.2 does not validate addresses
returned by PASV/LSPV responses to make sure they match the server
address. This is similar to CVE-2020-8284 for curl.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-40491
Patch from:
https://git.sava
From: Minjae Kim
Use After Free in vim/vim
Upstream-Status: Backport
[https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9]
CVE: CVE-2021-4069
Signed-off-by: Steve Sakoman
---
.../vim/files/CVE-2021-4069.patch | 43 +++
meta/recipes-support/vi
From: sana kazi
Whitelist CVE-2016-20012 as the upstream OpenSSH developers
see this as an important security feature and do not intend to
'fix' it.
Link: https://security-tracker.debian.org/tracker/CVE-2016-20012
https://ubuntu.com/security/CVE-2016-20012
Signed-off-by: Sana Kazi
Signed-off-by
From: sana kazi
Add patch to fix CVE-2021-41617
Link: https://bugzilla.suse.com/attachment.cgi?id=854015
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
Signed-off-by: Steve Sakoman
---
.../openssh/openssh/CVE-2021-41617.patch | 52 +++
.../openssh/openssh_8.2p1.bb
From: Marta Rybczynska
Improper access control in BlueZ may allow an authenticated user to
potentially enable information disclosure via adjacent access.
This issue can be fixed in the kernel, in BlueZ or both. This patch
fixes it on the BlueZ side, so that the configuration no longer
depends on
Please review this set of patches for dunfell and have comments back by end
of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3047
with the exception of a known intermittent autobuilder issue on
oe-selftest-centos
which passed on subs
On Mon, 20 Dec 2021 at 15:04, Marta Rybczynska wrote:
> An example entry:
> LAYER: meta
> PACKAGE NAME: libsdl2-native
> PACKAGE VERSION: 2.0.14
> CVES FOUND IN RECIPE: Yes
> PRODUCT: simple_directmedia_layer (Yes)
> PRODUCT: sdl (No)
Is this meant to be human-readable or machine-readable
On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote:
> Stop ignoring or skipping the kernel and kernel modules code in the
> split debug and striping functions, this will allow create_spdx to
> process the kernel and modules.
>
> Signed-off-by: Saul Wold
> ---
> meta/classes/package.bbclass | 8 +
27 matches
Mail list logo
