[OE-core] [meta][dunfell][PATCH] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310

From: Pawan Badganchi Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 CVE-2022-25309.patch Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d

[OE-core] [meta][dunfell][PATCH] libinput: Add fix for CVE-2022-1215

From: Pawan Badganchi Add below patch to fix CVE-2022-1215 CVE-2022-1215.patch Link: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28 Signed-off-by: Pawan Badganchi --- .../wayland/libinput/CVE-2022-1215.patch | 361 ++ ..

Re: [OE-core] [PATCH v3] classes: rootfs-postcommands: add skip option to overlayfs_qa_check

On 03.05.2022 10:22, Claudius Heine wrote: The overlayfs_qa_check checks if the current root file system has a mount configured for each overlayfs, when the overlayfs class is used. However there are certain instances where this mount point is created at runtime and not static in a fstab entry o

[OE-core] do_package error in kirkstone branch

Hello, I am puzzled by the following final do_package errors for dbus, glib-2.0-dev etc in the kirkstone branch, that error messages were never seen in honister and other branches. dbus glib etc are from oe-core, could oe-core insiders advise what those error messages are about and how to fix it?

Re: [OE-core] [PATCH] bitbake.conf: support persistent /var/tmp

On 9/13/21 7:00 PM, Richard Purdie wrote: [Please note: This e-mail is from an EXTERNAL e-mail address] On Mon, 2021-09-13 at 11:42 +0800, Changqing Li wrote: ping On 8/30/21 4:11 PM, Changqing Li wrote: On 8/6/21 9:21 AM, Changqing Li wrote: From: Changqing Li Steps: 1. build out rootfs

Re: [OE-core] [PATCH v2] gnutls: Added fips support option.

Hi, Alex > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > e" > PACKAGECONFIG[fips-native] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" I'm sorry that this way doesn’t wo

Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1

On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via lists.openembedded.org wrote: > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. > > I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- 27405 and CVE-2022-27406 were already in 2.12.0. I don't think the C

Re: [OE-core] [yocto-security] OE-core CVE metrics for hardknott on Sun 08 May 2022 03:00:01 AM HST

On Sun, May 8, 2022 at 4:35 AM Mittal, Anuj wrote: > > Should we stop tracking numbers for hardknott since it's no longer > maintained? Yes, this will be the last one. Steve > On Sun, 2022-05-08 at 03:05 -1000, Steve Sakoman wrote: > > Branch: hardknott > > > > New this week: 5 CVEs > > CVE-202

Re: [OE-core] [yocto-security] OE-core CVE metrics for hardknott on Sun 08 May 2022 03:00:01 AM HST

Should we stop tracking numbers for hardknott since it's no longer maintained? Thanks, Anuj On Sun, 2022-05-08 at 03:05 -1000, Steve Sakoman wrote: > Branch: hardknott > > New this week: 5 CVEs > CVE-2022-0908 (CVSS3: 5.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022

[OE-core] OE-core CVE metrics for kirkstone on Sun 08 May 2022 04:00:01 AM HST

Branch: kirkstone New this week: 3 CVEs CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 * CV

[OE-core] OE-core CVE metrics for honister on Sun 08 May 2022 03:30:01 AM HST

Branch: honister New this week: 4 CVEs CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 * CVE

[OE-core] OE-core CVE metrics for hardknott on Sun 08 May 2022 03:00:01 AM HST

Branch: hardknott New this week: 5 CVEs CVE-2022-0908 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0908 * CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3:

Re: [OE-core][RFC Patch] Revert "kernel: make kernel-base recommend kernel-image, not depend"

On Sun, 2022-05-08 at 13:04 +0200, Max Krummenacher wrote: > From: Max Krummenacher > > This reverts commit 1c90b27d2c65cfb4f9debf0272820b6a95942f76. [2] > > To exclude the kernel image from the final rootfs the documentation [1] > suggest to override `RDEPENDS:${KERNEL_PACKAGE_NAME}-base`. > Wi

[OE-core] [PATCH 2/2] libgcrypt: Fix reproducibility issues in ptest

The recent ptest addition was causing reproducibility tests to fail. Remove the problematic files as they clearly aren't needed on target to run the ptests. Hack the Makefile so that it doesn't try to rerun configure and similar. Also add a missing dependency on make. Signed-off-by: Richard Purdi

[OE-core] [PATCH 1/2] package: Ensure we track whether PRSERV was active or not

Currently the signatures for do_packagedata don't reflect whether PRServ was active or not. This means that if you have mxiing of PRServ usage and non PRServ usage against the same sstate cache it can rarely become corrupted with one referencing the other. This likely doesn't happen in general but

[OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1

Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. Signed-off-by: Richard Purdie --- .../freetype/{freetype_2.12.0.bb => freetype_2.12.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/freetype/{freetype_2.12.0.bb => freetype_2.12.

[OE-core] [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912

Includes fixes for CVE-2022-1381, CVE-2022-1420. Signed-off-by: Richard Purdie --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 21ff036cf4cf..c5922b7fcd71 100644

[OE-core] OE-core CVE metrics for dunfell on Sun 08 May 2022 02:30:01 AM HST

Branch: dunfell New this week: 5 CVEs CVE-2022-0908 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0908 * CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7

[OE-core] OE-core CVE metrics for master on Sun 08 May 2022 02:00:01 AM HST

Branch: master New this week: 3 CVEs CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 * CVE-2

[OE-core][RFC Patch] Revert "kernel: make kernel-base recommend kernel-image, not depend"

From: Max Krummenacher This reverts commit 1c90b27d2c65cfb4f9debf0272820b6a95942f76. [2] To exclude the kernel image from the final rootfs the documentation [1] suggest to override `RDEPENDS:${KERNEL_PACKAGE_NAME}-base`. With the change to RRECOMMENDS all layers which followed that suggestion no

Re: [OE-core] gcc12 testing results

On Fri, 2022-05-06 at 21:42 -0700, Khem Raj wrote: > On Fri, May 6, 2022 at 8:14 AM wrote: > > > > I reran the gcc 12 testing. We still have an issue with linux-yocto > > 5.10 and edgerouter: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/3046 > > > > why are we pin