Backport a patch from upstream [1] to fix CVE-2022-42012
dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
[1]
https://gitlab.freedesktop.org/dbus/dbus/-/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946
Signed-off-by: Xiangyu Chen
---
...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76
Backport a patch from upstream[1] to fix CVE-2022-42011 dbus-daemon can be
crashed by messages with array length inconsistent with element type
[1]
https://gitlab.freedesktop.org/dbus/dbus/-/commit/b9e6a7523085a2cfceaffca7ba1ab4251f12a984
Signed-off-by: Xiangyu Chen
---
...idate-Validate-lengt
Signed-off-by: Xiangyu Chen
---
...95-potential-heap-overflow-for-passw.patch | 57 +++
meta/recipes-extended/sudo/sudo_1.9.10.bb | 1 +
2 files changed, 58 insertions(+)
create mode 100644
meta/recipes-extended/sudo/files/0001-Fix-CVE-2022-43995-potential-heap-overflow-for
gcc stable version upgraded from v9.3 to v9.5
Below is the bug fix list for v9.5
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=9.5
Signed-off-by: Sundeep KOKKONDA
---
...-PR-tree-optimization-97236-fix-bad-.patch | 119
...ight-Line-Speculat
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../xwayland/{xwayland_22.1.4.bb => xwayland_22.1.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.4.bb =>
xwayland_22.1.5.bb} (95%)
diff --git a/meta/recipes-graphics/xwa
From: Wang Mingyu
Signed-off-by: Wang Mingyu
---
.../{wayland-protocols_1.27.bb => wayland-protocols_1.28.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/wayland/{wayland-protocols_1.27.bb =>
wayland-protocols_1.28.bb} (91%)
diff --git a/meta/recipes
From: Wang Mingyu
Changelog:
==
* Various HTTP/2 Fixes:
* Fix `content-sniffed` not being emitted for resources without content
* Fix leak of SoupServerConnection when stolen
Signed-off-by: Wang Mingyu
---
.../libsoup/{libsoup_3.2.1.bb => libsoup_3.2.2.bb} | 2 +-
From: Wang Mingyu
Changelog:
=
- ISO 3166-1: Update name for TR. Fixes #38
- Translation updates for ISO 3166-1
- Translation updates for ISO 3166-2. Closes: #1020633
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation
From: Wang Mingyu
Changelog:
===
* Fix: distutils removed in python 3.12
* Fix: use-after-free with popt 1.19
* configure.ac: Basic fixes for autoconf 2.70
* Add gerrit config for stable-1.5
* port: disable debug-info by default on FreeBSD
* port: add missing includes for FreeBSD compat
*
On 11/11/22 22:34, Steve Sakoman wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Master branch is currently at 2.13.7, so you will need to submit the
version bump to 2.13.
Signed-off-by: Xiangyu Chen
---
...idate-Check-brackets-in-signature-ne.patch | 119 ++
meta/recipes-core/dbus/dbus_1.14.0.bb | 1 +
2 files changed, 120 insertions(+)
create mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature
To answer second question. When you don't include
EXTRA_OECMAKE:append:class-native = "\
-DLLVM_LIBDIR_SUFFIX=64 \
"
meson configure fails with
| llvm-config found: YES
(/../../../../../../../../tmp/work/amd64-northstar-linux/mesa/2_22.2.2-r0/recipe-sysroot/usr/bin/crossscripts/ll
O I see usr/lib directory does exists for me in recipe-sysroot-native too, but
not in recipe-sysroot.
Think mesa configure may be utilizing the version of llvm-config in
recipe-sysroot and
not recipe-sysroot-native.
mesa/2_22.2.2-r0/mesa-22.2.2# ldd ../recipe-sysroot-native/usr/bin/llvm-config
l
Hello,
This was actually the version I tested and that failed on the
autobuilders.
On 11/11/2022 21:47:14+, Jordan Crouse via lists.openembedded.org wrote:
> Add a recipe to build the Khronos official Vulkan validation layers that can
> assist developers in verifying that their applications c
Hello,
On 10/11/2022 20:42:32+, Jordan Crouse via lists.openembedded.org wrote:
> Add a recipe to build the Khronos official Vulkan validation layers that can
> assist developers in verifying that their applications correctly use the
> Vulkan APIs.
>
This failed on the autobuilders:
NOTE:
To be specific:
alex@Zen2:/srv/storage/alex/yocto/build-64-alt$ ldd
tmp/work/core2-64-poky-linux/mesa/2_22.2.2-r0/recipe-sysroot-native/usr/bin/llvm-config
linux-vdso.so.1 (0x7fffe9964000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x7f415335d000)
libtinfo.so.5 =
Wait. When you invoke native llvm-config it must be able to locate
*native* libraries that it is linked with. And so rpath must be set to
where they are, which is $ORIGIN/../lib. Why does it need to be
changed to something defined differently for some target?
Then you seem to say that 'llvm-config
Hey,
Desired outcome is for mesa meson configure to succeeded by updating
RUNPATH on llvm-config native binary required by mesa when gallium-llvm
included. When running bitbake -c devshell mesa. Then chrpath -l on llvm-config
Should return on TARGET_ARCH x86_64
$ORIGIN/../lib64:$ORIGIN/../../lib6
It helps if you explain what use case this enables that cannot be
currently fulfilled. (not a generic 'change features with weak
defaults' but specific examples of adding and removing and setting
features).
Alex
On Sun, 13 Nov 2022 at 14:43, Peter Kjellerstedt
wrote:
>
> > -Original Message-
I'm not sure I understand the desired outcome properly. Does this
patch native llvm-config according to the target libdir, or according
to the build host libdir? The first one is not correct (native items
must be reusable between targets), the second one is not solving the
problem?
Alex
On Sun, 1
---
meta-selftest/files/static-group | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index b2e0e2f870..b13dde3218 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -23,3 +23,4 @@ _apt:x:52
>From NEWS for v236:
* The "uaccess" udev tag has been dropped from /dev/kvm and
/dev/dri/renderD*. These devices now have the 0666 permissions by
default (but this may be changed at build-time). /dev/dri/renderD*
will now be owned by the "render" group along with /dev/kfd.
Without the grou
v2: update meta-selftest static ids
Peter Marko (2):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
meta-selftest/files/static-group | 1 +
meta/recipes-core/systemd/systemd_251.8.bb | 2 ++
2 files changed, 3 insertions(+)
--
2.30
From: Ross Burton
io_uring is enabled or disabled depending on whether liburing is available,
so add a PACKAGECONFIG to make this explicit, disabled by default.
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit daee79639c39ac6278855b35e0ddf71e52dd13f8)
Signed-
From: Michael Opdenacker
[YOCTO #14948]
Signed-off-by: Michael Opdenacker
Signed-off-by: Alexandre Belloni
(cherry picked from commit 89f1abd5e00807cf179ddf658f74d48119523b0c)
Signed-off-by: Steve Sakoman
---
meta/classes/create-spdx.bbclass | 2 --
1 file changed, 2 deletions(-)
diff --git
From: ciarancourtney
- Regression in 7aa678ce804c21dc1dc51b9be442671bc33c4041
Signed-off-by: Ciaran Courtney
Signed-off-by: Alexandre Belloni
(cherry picked from commit f1243572ad6b6303fe562e4eb7a9826fd51ea3c3)
Signed-off-by: Steve Sakoman
---
scripts/lib/wic/plugins/imager/direct.py | 2 +-
From: Ross Burton
We need the system tar to be GNU tar, as we reply on --xattrs. Some
distributions may be using libarchive's tar binary, which is definitely
not as featureful, so check for this and abort early with a clear
message instead of later with mysterious errors.
Signed-off-by: Ross Bu
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit b5001af5c711a373bd2f1ea108c8b597dd40faca)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/quilt/quilt.inc | 1 +
.../quilt/quilt/fix-grep-3.8.patch
From: Alexander Kanavin
2022-08-19 (National Potato Day) LTTng modules 2.13.5
* Fix: incorrect stub prototypes when CONFIG_HAVE_SYSCALL_TRACEPOINTS=n
* fix: mm/tracing: add 'accounted' entry into output of allocation
tracepoints (v6.0)
* fix: block: remove bdevname (v6.0)
From: Narpat Mali
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of
Service
when using the Lexer class to parse. This also affects babelplugin and
linguaplugin.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-40023
Reference to Upstream Patch:
https://github.com/
From: Hitendra Prajapati
Upstream-Status: Backport from
https://gitlab.com/qemu-project/qemu/-/commit/d307040b18
Signed-off-by: Hitendra Prajapati
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/qemu/qemu.inc | 2 +-
.../qemu/qemu/CVE-2022-3165.patch | 61 ++
From: Ross Burton
Signed-off-by: Ross Burton
Signed-off-by: Steve Sakoman
(cherry picked from commit 23df4760ebc153c484d467e51b414910c570a6f8)
Signed-off-by: Steve Sakoman
---
.../xorg-lib/pixman/CVE-2022-44638.patch | 33 +++
.../xorg-lib/pixman_0.40.0.bb
Please review this set of patchesd for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4468
The following changes since commit 0c0723757fbba9a4b88c0f98477a18d1e220da2e:
mirrors.bbclass: use
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Christoph Lauer
> Sent: den 12 november 2022 17:31
> To: openembedded-core@lists.openembedded.org
> Cc: Christoph Lauer
> Subject: [OE-core] [PATCH] initial configs: set initial
> {DISTRO|MACHINE|IMAGE}
Branch: langdale
New this week: 3 CVEs
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
Branch: kirkstone
New this week: 3 CVEs
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
Branch: dunfell
New this week: 2 CVEs
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 *
Branch: master
New this week: 2 CVEs
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 *
R
From: Christoph Lauer
This gives BSP creators the flexibility to change features with weak defaults.
Non-empty FEATURES must not be weaker because then the empty weaker value from
bitbake.conf might be applied.
Signed-off-by: Christoph Lauer
---
meta/conf/bitbake.conf|
Problem occurs when native llvm-config binary is
required by another recipe. RUNPATH is hardcoded
to $ORIGIN/../lib:$ORIGIN/../../lib which depending
upon architecture 'lib' directory name may vary
(i.e 'lib64').
Commit fixes issue by updating rpath on binary to include
architecture dependent dire
From: Christoph Lauer
This gives BSP creators the flexibility to change features with weak defaults
Signed-off-by: Christoph Lauer
---
meta-poky/conf/distro/poky.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/pok
From: Christoph Lauer
This gives BSP creators the flexibility to change PREFERRED_PROVIDERs with weak
defaults
Signed-off-by: Christoph Lauer
---
meta-yocto-bsp/conf/machine/beaglebone-yocto.conf | 6 +++---
meta-yocto-bsp/conf/machine/edgerouter.conf | 2 +-
meta-yocto-
From: Christoph Lauer
This gives BSP creators the flexibility to change PREFERRED_PROVIDERs with weak
defaults
Signed-off-by: Christoph Lauer
---
meta/conf/bitbake.conf| 2 +-
.../conf/distro/include/default-providers.inc | 82 +--
meta/conf/distro/inc
From: Christoph Lauer
This gives BSP creators the flexibility to change features with weak defaults
Signed-off-by: Christoph Lauer
---
meta/conf/bitbake.conf| 28 +--
.../distro/include/default-distrovars.inc | 6 ++--
meta/conf/machine/include/qemu
44 matches
Mail list logo
