[OE-core][dunfell][PATCH] sudo: Use specific BSD license variant

From: Joshua Watt Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: ff27ea21d7c14086335da5c3e2fac353e44438da) Signed-off-by: Joshua Watt

Re: [OE-core] [PATCH] kmod: enable openssl support by default

Hi, On Sat, Dec 17, 2022 at 11:27:50AM +, Richard Purdie wrote: > On Fri, 2022-11-25 at 17:07 +0200, Mikko Rapeli wrote: > > linux-yocto kernel adds openssl-native dependency by default even > > when module signing is still optional. kmod should enable > > openssl support too. This helps see d

[OE-Core][kirkstone][PATCH] openssh: remove RRECOMMENDS to rng-tools for sshd package

It appears that rngd is not needed as of linux-5.6 and later[1] and should not be installed by default since the purpose of rngd is to provide additional trusted sources of entropy. We did some testing on real hardware, the result seems to support that we no longer need rngd by default on kernel v

[OE-Core][langdale][PATCH] openssh: remove RRECOMMENDS to rng-tools for sshd package

It appears that rngd is not needed as of linux-5.6 and later[1] and should not be installed by default since the purpose of rngd is to provide additional trusted sources of entropy. We did some testing on real hardware, the result seems to support that we no longer need rngd by default on kernel v

Re: [OE-core] [langdale][master][PATCH v2] rust: Do not use default compiler flags defined in CC crate

Hello, This caused errors on the autobuilders: https://autobuilder.yoctoproject.org/typhoon/#/builders/37/builds/6367/steps/12/logs/stdio On 09/12/2022 09:50:08+, Anton Antonov wrote: > Rust crates build dependecy C libraries using "CC" crate. > This crate adds some default compiler parameter

[OE-core][kirkstone 19/19] efibootmgr: update compilation with musl

From: Marta Rybczynska Since the commit 005b6aba89eaf1b79fdd7565dd028fdd9bbfcc7d (efivar: add musl libc compatibility) efibootmgr compiles with musl too. Update the variable to take that into account. Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- meta/recipes-bsp/efibootmgr

[OE-core][kirkstone 18/19] yocto-check-layer: Allow OE-Core to be tested

From: Richard Purdie For unknown reasons we've never seemingly run the check layer script against OE-Core itself. This isn't entirely straightforward as the core layer is a bit of a special case, we can't for example compare signatures against ourselve and we can't remove core from bblayers.conf.

[OE-core][kirkstone 17/19] combo-layer: add sync-revs command

From: Ross Burton When starting to use combo-layer, or if someone else is using it too, the local last_revision may be incorrect. This command will forcibly update the last_revision config values to the latest SHA on the remote branch that is tracked. Signed-off-by: Ross Burton Signed-off-by:

[OE-core][kirkstone 16/19] combo-layer: dont use bb.utils.rename

From: Ross Burton Bitbake may not be configured, and bb isn't imported anyway. Instead just use os.rename(), and take the filename from the file object instead of duplicating logic. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 528f4fb3683d048537604e4562e

[OE-core][kirkstone 15/19] combo-layer: remove unused import

From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit ebfab6c3034d41252d19c6e1a0ba79072aa51146) Signed-off-by: Steve Sakoman --- scripts/combo-layer | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/combo-layer b/scripts/combo-layer ind

[OE-core][kirkstone 14/19] oeqa/selftest/externalsrc: add test for srctree_hash_files

From: Peter Marko Signed-off-by: Peter Marko Signed-off-by: Alexandre Belloni (cherry picked from commit 7b9728e5b8bdf1193c1304ec3beeca4b5bf8d2da) Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/externalsrc.py | 44 + 1 file changed, 44 insertions(+) create

[OE-core][kirkstone 13/19] externalsrc: fix lookup for .gitmodules

From: Peter Marko Commit 0533edac277080e1bd130c14df0cbac61ba01a0c broke bitbake parsing when bitbake is executed from directory with existing .gitmodules and the recipe in externalsrc does not have .gitmodules The check needs to search for .gitmodules in sources path, not cwd. iParsing recipes

[OE-core][kirkstone 12/19] lib/buildstats: fix parsing of trees with reduced_proc_pressure directories

From: Ross Burton The /proc/pressure support in buildstats is creating directories in the buildstats tree called reduced_proc_pressure, which confuses the parsing logic as that cannot be parsed as a name-epoc-version-revision tuple. Explicitly skip this directory to solve the problem. Signed-of

[OE-core][kirkstone 11/19] rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work

From: Chen Qi For now, if we use rm_work and `bitbake core-image-minimal', some recipes' WORKDIRs are not cleaned up, e.g., makedevs-native. Adjust the dependency to make do_rm_work_all depend on do_rm_work to solve this problem. Below are the detailed explanation of why this would work. Witho

[OE-core][kirkstone 10/19] lsof: add update-alternatives logic

From: Alex Stewart Some distributions (NI LinuxRT) provide both busybox-lsof and full-featured lsof implementations. When users install the full-featured lsof package, the full-binary fails to replace the bbox-binary in PATH, because `lsof` contains no update-alternatives logic. Inherit the upda

[OE-core][kirkstone 09/19] xwayland: libxshmfence is needed when dri3 is enabled

From: Carlos Alberto Lopez Perez * The build error happens already at configure time: | meson.build: ERROR: Problem encountered: DRI3 requested, but xshmfence not found Signed-off-by: Carlos Alberto Lopez Perez Signed-off-by: Alexandre Belloni (cherry picked from commit 451fe4a067432b432b9cd

[OE-core][kirkstone 08/19] bc: extend to nativesdk

From: Chen Qi bc is needed for compiling kernel modules, more specifially whenr running `make scripts prepare'. In linux-yocto.inc, we have bc-native in DEPENDS. But we will need nativesdk-bc in case we compile a kernel module inside SDK. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni

[OE-core][kirkstone 07/19] python3: upgrade 3.10.8 -> 3.10.9

From: Florin Diaconescu Security and bug fixes. Drop patch for CVE-2022-42919 and CVE-2022-37454 which were merged in 3.10.9 Fixes: * CVE-2022-45061 (gh-98433) https://nvd.nist.gov/vuln/detail/CVE-2022-45061 List of changes: https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-

[OE-core][kirkstone 06/19] libxcrypt-compat: upgrade 4.4.30 -> 4.4.33

From: Wang Mingyu Changelog: == * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c. With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some changes to huge page handling, that show this error when building with GCC v12.2.1, and thus need a small fix. Signe

[OE-core][kirkstone 05/19] mpfr: upgrade 4.1.0 -> 4.1.1

From: Wang Mingyu Changelog: = - Bug fixes (see and/or the ChangeLog file), in particular for macros implementing functions. - Improved manual formatting. Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit f

[OE-core][kirkstone 04/19] bind: upgrade 9.18.8 -> 9.18.9

From: Wang Mingyu Changelog: === Fix a crash that could happen when you change a dnssec-policy zone with NSEC3 to start using inline-signing. [GL #3591] Don't trust a placeholder KEYDATA from the managed-keys zone by adding it into secroots. [GL #2895] Fixed a race condition

[OE-core][kirkstone 03/19] dbus: Add missing CVE product name

From: Mathieu Dubois-Briand Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Alexandre Belloni (cherry picked from commit 67b2db202834f1213bed3580badda2a67655ab7d) Signed-off-by: Steve Sakoman --- meta/recipes-core/dbus/dbus_1.14.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/m

[OE-core][kirkstone 02/19] libxml2: Fix CVE-2022-40303 && CVE-2022-40304

From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 && https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b Signed-off-by: Hitendra Prajapati Signed-off-by: Steve

[OE-core][kirkstone 01/19] golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps

From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2022-41715.patch

[OE-core][kirkstone 00/19] Patch review

Please review this set of patches for kirkstone and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4645 The following changes since commit 45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2: build-appliance-image

[OE-core] OE-core CVE metrics for langdale on Sun 18 Dec 2022 03:30:01 AM HST

Branch: langdale New this week: 5 CVEs CVE-2022-2601 (CVSS3: 8.6 HIGH): grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2601 * CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-417

[OE-core] OE-core CVE metrics for kirkstone on Sun 18 Dec 2022 03:00:01 AM HST

Branch: kirkstone New this week: 4 CVEs CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-41717 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41717 * CVE-2022-41720 (CVSS3: 7.5 HIG

[OE-core] OE-core CVE metrics for dunfell on Sun 18 Dec 2022 02:30:01 AM HST

Branch: dunfell New this week: 4 CVEs CVE-2022-2601 (CVSS3: 8.6 HIGH): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2601 * CVE-2022-41717 (CVSS3: 5.3 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41717 * CVE-2022-41720

[OE-core] OE-core CVE metrics for master on Sun 18 Dec 2022 02:00:01 AM HST

Branch: master New this week: 5 CVEs CVE-2022-2601 (CVSS3: 8.6 HIGH): grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2601 * CVE-2022-3996 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3996 * CVE-2022-41717