[OE-core] [dunfell][PATCH 2/2] go: fix CVE-2022-23772

math/big: prevent large memory consumption in Rat.SetString An attacker can cause unbounded memory growth in a program using (*Rat).SetString due to an unhandled overflow. Upstream-Status: Backport [https://go.dev/issue/50699] CVE: CVE-2022-23772 Signed-off-by:Minjae Kim --- meta/recipes-devto

[OE-core] [dunfell][PATCH 1/2] go: fix CVE-2022-23806

crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note

Re: [OE-core] [PATCH v3] setuptools3.bbclass: add check for pyproject.toml

On Fri, Feb 25, 2022 at 11:27 PM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Fri, 2022-02-25 at 15:43 -0800, Tim Orling wrote: > > From: Tim Orling > > > > With help from Peter Kjellerstedt via IRC. > > > > Add a check for pyproject.toml in ${S} and if so check if it has a >

Re: [OE-core] [PATCH] pip_install_wheel: Use BPN instead of PN to construct PYPI_PACKAGE default

Thank you. On Sat, Feb 26, 2022 at 12:21 AM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > This fixes the name for native and nativesdk recipes. > > Signed-off-by: Richard Purdie > --- > meta/classes/pip_install_wheel.bbclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-

Re: [OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

On Sat, 26 Feb 2022 at 01:00, Richard Purdie wrote: > Yes, this needs a tweak. Imagine you have a TMPDIR where you build with two > different machines, an x86 one and an arm one. > > Your patch as it stands removes the current cross toolchain but not the other > one. The ABI of TMPDIR changes onl

[OE-core] [PATCH 1/2] sstate: do not add TARGET_ARCH to pkgarch for cross recipes.

This is redundant (target arch is already in PN), and breaks compiling a cross-canadian toolchain, as that needs populating the sysroot with two different native-hosted toolchains built from cross recipes. Inserting TARGET_ARCH allows only one or the other. Signed-off-by: Alexander Kanavin --- m

[OE-core] [PATCH 2/2] OELAYOUT_ABI: bump, avoid tmp/ breakage by removing old cross manifests

Signed-off-by: Alexander Kanavin --- meta/classes/sanity.bbclass | 23 ++- meta/conf/abi_version.conf | 2 +- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 773902e619..92807dc88e 100644 --- a/m

Re: [OE-core] [PATCH v2 2/2] pip_install_wheel: improved wheel filename guess

On Sat, 2022-02-26 at 08:56 +0100, Konrad Weihmann wrote: > > On 25.02.22 05:03, Tim Orling wrote: > > From: Tim Orling > > > > Rather than only use PYPI_PACKAGE as a guess, fall back on PN for cases > > where a recipe does not inherit pypi. > > > > Wheels can only have alphanumeric characters

[OE-core] [PATCH] pip_install_wheel: Use BPN instead of PN to construct PYPI_PACKAGE default

This fixes the name for native and nativesdk recipes. Signed-off-by: Richard Purdie --- meta/classes/pip_install_wheel.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/pip_install_wheel.bbclass b/meta/classes/pip_install_wheel.bbclass index 9f9feda6ee0..5