[OE-Core][master][langdale][PATCH] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775

Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532) Backport patch from upstream to fix following CVEs: CVE-2022-2601

[OE-Core][kirkstone][PATCH] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775

Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency: font: Fix size overflow in grub_font_get_glyph_internal() (https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532) Backport patch from upstream to fix following CVEs: CVE-2022-2601

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Alexandre Belloni via > lists.openembedded.org > Sent: den 22 november 2022 23:29 > To: Alexander Kanavin > Cc: Richard Purdie ; Ross Burton > ; Khem Raj ; Markus Volk > ; opene

[OE-Core][kirkstone][PATCH] bash: backport patch to fix CVE-2022-3715

CVE Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-3715 Signed-off-by: Xiangyu Chen --- .../bash/bash/CVE-2022-3715.patch | 33 +++ meta/recipes-extended/bash/bash_5.1.16.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipe

Re: [OE-core] [master][PATCH v2] libtiff: Fix CVE-2022-3970

On Tue, 2022-11-22 at 17:43 -0500, Randy MacLeod wrote: > On 2022-11-22 10:49, Zheng Qiu wrote: >   > > > This patch contains a fix for CVE-2022-3970 > > > > Reference: > > https://nvd.nist.gov/vuln/detail/CVE-2022-3970 > > https://security-tracker.debian.org/tracker/CVE-2022-3970 > > > > Patch

[OE-core][dunfell 00/21] Pull request (cover letter only)

This should be the final pull request for the 3.1.21 release. The following changes since commit ce99d451a54b8ce46b7f9030deaba86355009b1a: wic: swap partitions are not added to fstab (2022-11-11 04:24:18 -1000) are available in the Git repository at: https://git.openembedded.org/openembedde

Re: [OE-core] [master][PATCH v2] libtiff: Fix CVE-2022-3970

On 2022-11-22 10:49, Zheng Qiu wrote: This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

On 22/11/2022 19:32:17+0100, Alexander Kanavin wrote: > On Tue, 22 Nov 2022 at 19:14, Richard Purdie > wrote: > > Rightly or wrongly, this patch will cause large amounts of pain for > > some portion of our userbase and I'm not sure we have enough > > justification to do that. That pain wouldn't li

Re: [OE-core] [PATCH 06/17] man-db: update 2.10.2 -> 2.11.1

On Tue, 2022-11-22 at 21:53 +0100, Alexander Kanavin wrote: > On Tue, 22 Nov 2022 at 13:31, Richard Purdie > wrote: > > From a quick look at the changes, I'm not sure this is correct. At > > least some pieces of the codebase are still under GPL-2.0* so at the > > very least that should still be he

Re: [OE-core] [PATCH 06/17] man-db: update 2.10.2 -> 2.11.1

On Tue, 22 Nov 2022 at 13:31, Richard Purdie wrote: > From a quick look at the changes, I'm not sure this is correct. At > least some pieces of the codebase are still under GPL-2.0* so at the > very least that should still be here even if the output result is 3.0. > It may be some of our output pa

Re: [OE-core][kirkstone][PATCH] golang: Fix CVE-2022-2879\

On Tue, Nov 22, 2022 at 6:08 AM Ashish Sharma wrote: > > Reader.Read doesn't set a limit on the maximum size of file headers. > > Upstream-Status: Backport from > [https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08] > CVE: CVE-2022-2879 > Signed-off-by: Ashish Sharma >

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

On Tue, 22 Nov 2022 at 19:14, Richard Purdie wrote: > Rightly or wrongly, this patch will cause large amounts of pain for > some portion of our userbase and I'm not sure we have enough > justification to do that. That pain wouldn't likely be realised for > some time either :/. I have to point out

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

On Tue, 2022-11-22 at 19:03 +0100, Alexander Kanavin wrote: > The serious need is that we need to patch all the scripts that ask > for python to add a 3 to it. And there will be more of these going > forward, not less. I’d rather just always have python available. Not > a problem worth deliberating

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

I use a bbappend for python3 in meta-wayland for almost a year now because i had issues installing python scripts with /usr/bin/python shebang e.g. here in sway: Issue has been that, if adding this script to d

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

The serious need is that we need to patch all the scripts that ask for python to add a 3 to it. And there will be more of these going forward, not less. I’d rather just always have python available. Not a problem worth deliberating over to be honest. Alex On Tue 22. Nov 2022 at 18.41, Ross Burton

Re: [oe-core][PATCH] python3: add ${bindir}/python symlink

On 22 Nov 2022, at 04:42, Markus Volk via lists.openembedded.org wrote: > On Mon, Nov 21 2022 at 06:48:07 PM +0100, Alexander Kanavin > wrote: >> On my Debian systems, indeed, /usr/bin/python is absent. > > Debian has a package for this > https://packages.debian.org/bookworm/python-is-python3

Re: [OE-core] [PATCH v2 1/2] oeqa: add utils/data.py with get_data() function

On Fri, 2022-11-18 at 18:08 +0200, Mikko Rapeli wrote: > get_data() uses oeqa test method name and an optional > key to get data from image specific "testimage_data.json" > file located in image deploy directory. Image recipes can > provide custom versions of this file which configures > generic te

Re: [OE-core] [PATCH v2 1/2] oeqa: add utils/data.py with get_data() function

On 18 Nov 2022, at 16:08, Mikko Rapeli via lists.openembedded.org wrote: > > get_data() uses oeqa test method name and an optional > key to get data from image specific "testimage_data.json" > file located in image deploy directory. Image recipes can > provide custom versions of this file which

[OE-core][kirkstone][PATCH] golang: Fix CVE-2022-2879\

Reader.Read doesn't set a limit on the maximum size of file headers. Upstream-Status: Backport from [https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08] CVE: CVE-2022-2879 Signed-off-by: Ashish Sharma --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go

Re: [oe-core][PATCH 1/1] libpam: fix CVE-2022-28321

There were a few versions of this patch but this one is good aside from the whitespace noise. ;-) I suspect it was just missed in the commotion, please merge. ../Randy On 2022-10-28 13:30, Archana Polampalli wrote: The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentic

[OE-core] [master][PATCH v2] libtiff: Fix CVE-2022-3970

This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be Upstream-Status: Accepted S

[OE-core] Yocto Project Status 22 November 2022 (WW47)

Current Dev Position: YP 4.2 M1 Next Deadline: 5th December 2022 YP 4.2 Build Next Team Meetings: * Bug Triage meeting Thursday November 24th 7:30 am PDT ( https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09

Re: [OE-core] [master][PATCH] tiff: Security fix for CVE-2022-3970

This patch has a problem. Please waiting for v2. Zheng Qiu Linux Developer M/ (437) 341-1849 >-Original Message- >From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Qiu, Zheng via >lists.openembedded.org >Sent: Tuesday, November 22, 2022 10:38 AM >T

[OE-core] [master][PATCH] tiff: Security fix for CVE-2022-3970

This patch contains a fix for CVE-2022-3970 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security-tracker.debian.org/tracker/CVE-2022-3970 Patch generated from : https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be Upstream-Status: Accepted S

Re: [OE-core] [PATCH 13/17] webkitgtk: update 2.36.7 -> 2.38.2

On Sun, 2022-11-20 at 14:31 +0100, Alexander Kanavin wrote: > Upstream has rewritten gobject introspection support, > so the two related patches are ported to that: > 0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch > 0001-When-building-introspection-files-do-not-quote-CFLAG.patch >

Re: [OE-core] [PATCH 05/17] unfs: update 0.9.22 -> 0.10.0

On Tue, 22 Nov 2022 at 16:09, Richard Purdie wrote: > > There was one failure in a-full with glibc tests, and that's fixed, > > but I can see there are more spots revealed by grep, e.g. runqemu and > > sdk_ext. They just aren't automatically tested. > > A change that worried me a lot was the remov

Re: [OE-core] [PATCH 05/17] unfs: update 0.9.22 -> 0.10.0

On Tue, 2022-11-22 at 16:03 +0100, Alexander Kanavin wrote: > On Tue, 22 Nov 2022 at 13:29, Richard Purdie > wrote: > > I understand why you want to do that but this will totally break the > > nfs export support, I could see at least one issue having looked at the > > first few patches this was dr

Re: [OE-core] [PATCH 05/17] unfs: update 0.9.22 -> 0.10.0

On Tue, 22 Nov 2022 at 13:29, Richard Purdie wrote: > I understand why you want to do that but this will totally break the > nfs export support, I could see at least one issue having looked at the > first few patches this was dropping. I can go over every spot in poky/ where unfs is mentioned and

Re: [OE-core] [langdale][PATCH] kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR

Hi Diego, This patch is already in the patchset currently out for review: https://lists.openembedded.org/g/openembedded-core/message/173569 I'll be sending the pull request later today, so it should appear in the langdale branch in the next day or two. Thanks! Steve On Mon, Nov 21, 2022 at

[OE-core] [PATCH 2/2] python3: make tkinter avaiable when enabled

From: Mingli Yu After Python upgrade to 3.11, it requires pkg-config to detect tcl and tk when configure tkinter, so add tcl depends to fix below error. | The necessary bits to build these optional modules were not found: | _tkinter Signed-off-by: Mingli Yu --- meta/recipes-devtools/python/py

[OE-core] [PATCH 1/2] tcl: correct the header location in tcl.pc

From: Mingli Yu The patch alter-includedir.patch previouly install the header to /usr/include/tcl8.6, but it doesn't reflect in tcl.pc and the header location still /usr/include in tcl.pc and result in the below configure failure for other packages such as python3 which depends on tcl and uses pk

Re: [OE-core] [PATCH] kernel_dep_check.bbclass: help track kernel depend

On Tue, 2022-11-15 at 15:44 -0800, John Broadbent via lists.openembedded.org wrote: > From: John Edward Broadbent > > This recipe can be used to identify kernel dependencies, and > immediately throw build errors if those dependencies are not met. > > Signed-off-by: John Edward Broadbent > --- >

Re: [OE-core] [PATCH 06/17] man-db: update 2.10.2 -> 2.11.1

On Sun, 2022-11-20 at 14:31 +0100, Alexander Kanavin wrote: > License-Update: upstream has clarified that it is gpl3 > https://salsa.debian.org/debian/man-db/-/commit/695a3560fdf91f829f21f00a502244b0cf28e29d > > Signed-off-by: Alexander Kanavin > --- > .../man-db/{man-db_2.10.2.bb => man-db_2.11

Re: [OE-core] [PATCH 05/17] unfs: update 0.9.22 -> 0.10.0

On Sun, 2022-11-20 at 14:31 +0100, Alexander Kanavin wrote: > This is the first release in 13 years; > accordingly I took the liberty of dropping all the patches > (none of which were ever reviewed or merged, and all of which > are difficult to impossible to rebase), and removed all > non-standard

Re: [OE-core] [PATCH v2] sstate: show progress bar again

Hi Enrico, My last suggestion on this patch is that we can use the existing progress variable to store the counter, when the progress is 0 nothing is changed when not 0 they have the counter on it. Enrico Scholz escreveu no dia sábado, 19/11/2022 à(s) 10:39: > From: Enrico Scholz > > Transitio

Re: [OE-core] [PATCH] sstate: show progress bar again

Enrico Scholz escreveu no dia quinta, 17/11/2022 à(s) 11:47: > Jose Quaresma writes: > > >> Transition to ThreadPoolExecutor > (eb6a6820928472ef194b963b606454e731f9486f) > >> broke he > >> > >> | Checking sstate mirror object availability: ... > >> > >> progress bar because the removed 'thread_w

Re: [OE-core][master][kirkstone][PATCH V2] kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild

Hi Qi, Chen, Qi escreveu no dia sexta, 18/11/2022 à(s) 14:06: > Hi Jose, > > > > Thanks a lot for your review. I’d like to explain the case in more details. > > > > * indeterministic (not reproducible) issue > > The use case is: the user wants to disable reproducible build for kernel, > and want

Re: [OE-core] [PATCH] libsndfile1: fix CVE-2021-4156

Is there a reason why this wasn't merged? Looks like the 1.0.31 version in kirkstone is still affected (master has 1.1.0 now), I've sent backport for it now. On Tue, Feb 22, 2022 at 4:34 AM Changqing Li wrote: > From: Changqing Li > > Signed-off-by: Changqing Li > --- > .../libsndfile1/CVE-20

[OE-core] [PATCH][kirkstone] libsndfile1: Backport fix for CVE-2021-4156

CVE: CVE-2021-4156 Signed-off-by: Martin Jansa --- ...flac-Fix-improper-buffer-reusing-732.patch | 29 +++ .../libsndfile/libsndfile1_1.0.31.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-imp