Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.
Skip unixInit-3* test on musl
Signed-off-by: Khem Raj
---
meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++--
meta/recipes-devtools/tcltk/tcl_8.6
From: Yogita Urade
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due
Sorry, I thought that a fixed CVE would be incorrectly marked as "has no known
resolution" if (last_affected == version) unless the following patch is applied,
but this was a misunderstanding.
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-e
From: Changqing Li
Fix an issue with early log messages being lost when running in systemd.
Signed-off-by: Changqing Li
---
...KillMode-process-is-not-recommended-.patch | 33
...-messages-lost-when-running-in-syste.patch | 75 +++
.../sysklogd/sysklogd_2.3.0.bb
From: Kai Kang
It fails to compile webkitgtk when debug build enabled:
|
/path_to/tmp/work/core2-64-poky-linux/webkitgtk/2.40.5/webkitgtk-2.40.5/Source/bmalloc/libpas/src/libpas/pas_allocation_result.h:76:1:
error: inlining failed in call to 'always_inline' 'pas_allocation_result
pas_allocat
From: Ross Burton
Do manual review and disposition these CVEs as appropriate.
Signed-off-by: Ross Burton
---
meta/conf/distro/include/cve-extra-exclusions.inc | 4 +---
meta/recipes-kernel/linux/cve-exclusion.inc | 12
2 files changed, 13 insertions(+), 3 deletions(-)
diff
We've seen reproducibility failures where it appears an extra -O3 compiler flag
ends
up in the multiarray library compilation. This can only really have come through
extra_info for BLASS support since it only affects just this library. Rather
than
try and track down exactly where this came from i
From: Ross Burton
These BlueZ issues were mislabelled as Linux issues, but now that the
CPE data is accurate this ignore can be removed.
Signed-off-by: Ross Burton
---
meta/conf/distro/include/cve-extra-exclusions.inc | 5 -
1 file changed, 5 deletions(-)
diff --git a/meta/conf/distro/inc
From: Ross Burton
The bulk of the historic kernel CVEs in this file are now handled by
the include files generated by linux/generate-cve-exclusions.py, so
remove them.
Those that remain date from 2017 or earlier, so rename the group to
'historic' and update the comment.
Signed-off-by: Ross Burt
From: Benjamin Bara
Disable neon if the machine does not support it.
Signed-off-by: Benjamin Bara
---
...dd-option-to-explicitly-disable-neon.patch | 99 +++
.../ghostscript/ghostscript_10.01.2.bb| 4 +
2 files changed, 103 insertions(+)
create mode 100644
meta/recip
On 4 Sep 2023, at 15:12, Poonam Jadhav via lists.openembedded.org
wrote:
>
> From: Poonam Jadhav
>
> Remove 'PD' from 'LICENSE' for pixman recipe as it is not part of package.
>
> PD license comes as a part of the generic do_populate_license task
> and not as a part of the actual package. It
From: Ross Burton
The generated file covers all but two of these CVEs (which will be fixed
when [1] and [2] are resolved) so remove the redundant entries.
[1] https://github.com/nluedtke/linux_kernel_cves/issues/344
[2] https://github.com/nluedtke/linux_kernel_cves/issues/345
Signed-off-by: Ros
From: Ross Burton
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_WHITELIST data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from w
From: Vijay Anusuri
Upstream-commit:
https://github.com/golang/go/commit/2300f7ef07718f6be4d8aa8486c7de99836e233f
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29409.patch | 175 +
From: Vijay Anusuri
Upstream-commit:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
&
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sako
Please review this set of changes for dunfell and have comments back by
end of day Wednesday, September 6.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5815
The following changes since commit 3575290c4cc937ae2f2c5604a5619ac6de9aa071:
grub2.in
From: Poonam Jadhav
Remove 'PD' from 'LICENSE' for pixman recipe as it is not part of package.
PD license comes as a part of the generic do_populate_license task
and not as a part of the actual package. It is nowhere in the source
code pixman - Pixman: The pixel-manipulation library for X and ca
From: Poonam Jadhav
Remove 'PD' from 'LICENSE' for pixman recipe as it is not part of package.
PD license comes as a part of the generic do_populate_license task
and not as a part of the actual package. It is nowhere in the source
code pixman - Pixman: The pixel-manipulation library for X and ca
From: Poonam Jadhav
Remove 'PD' from 'LICENSE' for pixman recipe as it is not part of package.
PD license comes as a part of the generic do_populate_license task
and not as a part of the actual package. It is nowhere in the source
code pixman - Pixman: The pixel-manipulation library for X and ca
My bad, I dropped the [dunfell] prefix when sending the patch. This patch is
intended to be applied to dunfell.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187178):
https://lists.openembedded.org/g/openembedded-core/message/187178
Mute This Top
My bad, I dropped the [dunfell] prefix when sending the patch. This patch is
intended to be applied to dunfell.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187177):
https://lists.openembedded.org/g/openembedded-core/message/187177
Mute This Top
From: Julian Haller
Upstream commit
https://gitlab.freedesktop.org/dbus/dbus/-/commit/37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c
Signed-off-by: Julian Haller
---
meta/recipes-core/dbus/dbus.inc | 1 +
.../dbus/dbus/CVE-2023-34969.patch| 96 +++
2 files
From: Julian Haller
Signed-off-by: Julian Haller
---
meta/recipes-core/dbus/dbus.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
index 948aaf2e24..9b5cc53d92 100644
--- a/meta/recipes-core/dbus/dbus.inc
+++ b/meta/recip
On 30/08/2023 21:10, Richard Purdie wrote:
On Wed, 2023-08-30 at 21:08 +0100, Richard Purdie via
lists.openembedded.org wrote:
On Wed, 2023-08-30 at 18:07 +0100, Eilís 'pidge' Ní Fhlannagáin wrote:
On 30/08/2023 15:08, Richard Purdie wrote:
On Wed, 2023-08-30 at 15:04 +0100, Eilís 'pidge' Ní F
From: Ross Burton
Handles the following CVEs:
6.1:
- CVE-2022-4098
- CVE-2023-0160
- CVE-2023-20569
- CVE-2023-20588
- CVE-2023-33250
- CVE-2023-34319
- CVE-2023-40283
- CVE-2023-4128
- CVE-2023-4155
- CVE-2023-4194
- CVE-2023-4273
- CVE-2023-4385
- CVE-2023-4387
- CVE-2023-4389
6.4:
- CVE-2022
Hi Alex,
On Mon, 4 Sept 2023 at 11:04, Alexander Kanavin wrote:
> On Mon, 4 Sept 2023 at 10:49, Benjamin Bara wrote:
> > +do_configure:prepend () {
> > +if ! [ "${@bb.utils.filter('TUNE_FEATURES', 'neon', d)}" ]; then
> > +# unset the neon-specific variables if no neon available
> >
From: Chee Yang Lee
ignore changes to FILE_RCSID part.
Signed-off-by: Chee Yang Lee
---
.../file/file/CVE-2022-48554.patch| 35 +++
meta/recipes-devtools/file/file_5.41.bb | 4 ++-
2 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 meta/reci
From: Chee Yang Lee
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted
From: Chee Yang Lee
Signed-off-by: Chee Yang Lee
---
.../libssh2/libssh2/CVE-2020-22218.patch | 34 +++
.../recipes-support/libssh2/libssh2_1.10.0.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
dif
On Mon, 4 Sept 2023 at 10:49, Benjamin Bara wrote:
> +do_configure:prepend () {
> +if ! [ "${@bb.utils.filter('TUNE_FEATURES', 'neon', d)}" ]; then
> +# unset the neon-specific variables if no neon available
> +sed -i 's/HAVE_NEON=".*"/HAVE_NEON=""/g' ${S}/configure.ac
> +
From: Benjamin Bara
Disable neon if the machine does not support it.
Signed-off-by: Benjamin Bara
---
meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb | 8
1 file changed, 8 insertions(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
b/meta/recipes-ex
From: Benjamin Bara
Disable neon if the machine does not support it.
Signed-off-by: Benjamin Bara
---
meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb
From: Benjamin Bara
Disable neon if the machine does not support it. --enable-fat also
includes the neon assembler code, therefore also disable it.
Signed-off-by: Benjamin Bara
---
meta/recipes-support/nettle/nettle_3.9.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-s
From: Benjamin Bara
Signed-off-by: Benjamin Bara
---
README.OE-Core.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.OE-Core.md b/README.OE-Core.md
index 31b1bf52b4..687c58e410 100644
--- a/README.OE-Core.md
+++ b/README.OE-Core.md
@@ -22,7 +22,7 @@ for full details
From: Kai Kang
Backport and rebase patch to fix CVE-2023-23529.
CVE: CVE-2023-23529
Signed-off-by: Kai Kang
---
.../webkit/webkitgtk/CVE-2023-23529.patch | 65 +++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644 m
From: Benjamin Bara
Disable neon if the machine does not support it.
Signed-off-by: Benjamin Bara
---
meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb
b/meta/recipes-graphics/xorg-lib/pixman_
Hi Ross,
On Fri, 1 Sept 2023 at 12:19, Ross Burton wrote:
> On 31 Aug 2023, at 10:16, Benjamin Bara via lists.openembedded.org
> wrote:
> >
> > From: Benjamin Bara
> >
> > This commit should look for unsupported instructions depending on the
> > active tune features. For now, it checks for vfp
37 matches
Mail list logo
