[OE-core] [PATCH] python3-urllib3: 2.0.5 -> 2.0.6

From: Lee Chee Yang changelog Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (CVE-2023-43804) https://github.com/urllib3/urllib3/blob/main/CHANGES.rst Signe

[oe-core]mickledore][PATCH V2 1/1] curl: fix CVE-2023-38546

From: Archana Polampalli A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. Signed-off-by: Archana Polampalli --- .../curl/curl/CVE-2023-38546.patch| 137 ++

[OE-core] [dunfell][PATCH v2 2/2] curl: Backport fix for CVE-2023-38546

From: Mike Crowe Take patch from Debian 7.64.0-4+deb10u7. Signed-off-by: Mike Crowe CVE: CVE-2023-38546 --- .../curl/curl/CVE-2023-38546.patch| 132 ++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 133 insertions(+) create mode 100644 meta

[OE-core] [dunfell][PATCH v2 1/2] curl: Backport fix for CVE-2023-38545

From: Mike Crowe Backporting this change required tweaking the error value since the two-level CURLE_PROXY error reporting was introduced after curl 7.69.1. The test required some tweaks to not rely on more-recent improvements to the test infrastructure too. Signed-off-by: Mike Crowe CVE: CVE-2

[OE-core] [PATCH 3/3] oeqa/selftest/devtool: add test for YOCTO# 14723

From: Chris Laplante This relatively exhaustive test is designed to exercise the 'devtool modify' workflow for kernel recipes, with a focus on SRC_URI override branches. Signed-off-by: Chris Laplante --- meta/lib/oeqa/selftest/cases/devtool.py | 132 1 file changed, 13

[OE-core] [PATCH 2/3] oeqa/selftest/devtool: strengthen test_devtool_virtual_kernel_modify test

From: Chris Laplante Call _check_src_repo to confirm that the 'devtool' branch is setup as we expect. This would have caught the basic case of the bug (i.e. where override branches are not involved). Signed-off-by: Chris Laplante --- meta/lib/oeqa/selftest/cases/devtool.py | 1 + 1 file change

[OE-core] [PATCH 1/3] kernel-yocto, devtool-source.bbclass: fix 'devtool modify' for kernels

From: Chris Laplante Fixes a couple of different issues that all conspired to break 'devtool modify' for many use cases with kernel-yocto recipes. To explain, we need to consider the basic flow of how 'devtool modify' works for a recipe using kernel-yocto.bbclass: ┌──┐

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

On Thu, 12 Oct 2023 at 11:10, Jörg Sommer via lists.openembedded.org wrote: > > This is only a minor change, because oelint-adv had warned about the space > after " of PACKAGECONFIG. > > > From: openembedded-core@lists.openembedded.org > on behalf of Jörg Sommer

Re: [OE-core] [dunfell][PATCH 2/2] curl: Backport fix for CVE-2023-38546

On Wed, Oct 11, 2023 at 7:55 PM Mike Crowe via lists.openembedded.org wrote: > > From: Mike Crowe > > Take patch from Debian 7.64.0-4+deb10u7. > > Signed-off-by: Mike Crowe > --- > .../curl/curl/CVE-2023-38546.patch| 131 ++ > meta/recipes-support/curl/curl_7.69.1.bb

Re: [OE-core] [dunfell][PATCH 1/2] curl: Backport fix for CVE-2023-38545

On Wed, Oct 11, 2023 at 7:55 PM Mike Crowe via lists.openembedded.org wrote: > > From: Mike Crowe > > Backporting this change required tweaking the error value since the > two-level CURLE_PROXY error reporting was introduced after curl > 7.69.1. The test required some tweaks to not rely on more-r

[OE-core] [PATCH 7/7] linux-yocto/6.1: update to v6.1.57

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 082280fe94a0 Linux 6.1.57 a4cc925e2e12 xen/events: replace evtchn_rwlock with RCU a4fcf8a242c6 ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() 6e4c40aa270

[OE-core] [PATCH 6/7] linux-yocto/6.5: update to v6.5.7

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 121c6addffd7 Linux 6.5.7 76b33722e2d2 xen/events: replace evtchn_rwlock with RCU 2c5d952fd638 RDMA/mlx5: Remove not-used cache disable flag 4e2d581535c3 ksmbd: fix race conditi

[OE-core] [PATCH 4/7] linux-yocto/6.5: tiny: fix arm 32 boot

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: b8c36f31e96 qemuarma15: add ARM_PATCH_PHYS_VIRT Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb | 2 +- meta/recipes-ker

[OE-core] [PATCH 2/7] linux-yocto/6.5: update to v6.5.6

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 0c3f363d1c15 Linux 6.5.6 5e286056667a ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL 44befc89397e mm, memcg: reconsider kmem.limit_in_bytes deprecation 471ce44a1f30 mem

[OE-core] [PATCH 0/7] linux-yocto: pull request

From: Bruce Ashfield Richard, Here are the latest 6.1 and 6.5 -stable bumps. They aren't particularly large -stable bumps and I didn't find any issues in my testing. I've also got a configuration fix for -tinty on ARM that Ross has been waiting for to enable some additional testing. And finall

[OE-core] [PATCH 3/7] linux-yocto/6.1: tiny: fix arm 32 boot

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 0816d0a6984 qemuarma15: add ARM_PATCH_PHYS_VIRT Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb | 2 +- meta/recipes-ker

[OE-core] [PATCH 1/7] linux-yocto/6.1: update to v6.1.56

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: ecda77b46871 Linux 6.1.56 8c515d4f2d66 ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL a3c1da448353 mm, memcg: reconsider kmem.limit_in_bytes deprecation b8901b6c2e9b me

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

On Thu, Oct 12, 2023 at 10:10 AM Jörg Sommer via lists.openembedded.org wrote: > > This is only a minor change, because oelint-adv had warned about the space > after " of PACKAGECONFIG. > > > From: openembedded-core@lists.openembedded.org > on behalf of Jörg Som

Re: [OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

This is only a minor change, because oelint-adv had warned about the space after " of PACKAGECONFIG. From: openembedded-core@lists.openembedded.org on behalf of Jörg Sommer via lists.openembedded.org Sent: Thursday, 12 October 2023 18:34 To: openembedded-core@

[OE-core] [PATCH v3] libtirpc: Support ipv6 in DISTRO_FEATURES

If the ipv6 feature for the distribution is not set, the package should not contain settings for ipv6. This makes rpcbind doesn't try to bind to a IPv6 socket, and complain that this fails. Signed-off-by: Jörg Sommer --- .../libtirpc/libtirpc/ipv6.patch | 52 +++ ...

[OE-core] [PATCH] qemu: drop unreferenced patch

OE Commit a7176c3b2a7e2041b9be5dabb6b0f1e62f235f76 removed the reference to this patch but did not remove the patch Signed-off-by: Jon Mason --- ...w-nvme-fix-null-pointer-access-in-di.patch | 39 --- 1 file changed, 39 deletions(-) delete mode 100644 meta/recipes-devtools/qemu

Re: [OE-core] [PATCH v2] libtirpc: Support ipv6 in DISTRO_FEATURES

Thanks! Alex On Thu 12. Oct 2023 at 16.56, Jörg Sommer via lists.openembedded.org wrote: > If the ipv6 feature for the distribution is not set, the package should not > contain settings for ipv6. This makes rpcbind doesn't try to bind to a IPv6 > socket, and complain that this fails. > > Signed

[OE-core] [PATCH v2] libtirpc: Support ipv6 in DISTRO_FEATURES

If the ipv6 feature for the distribution is not set, the package should not contain settings for ipv6. This makes rpcbind doesn't try to bind to a IPv6 socket, and complain that this fails. Signed-off-by: Jörg Sommer --- .../libtirpc/libtirpc/ipv6.patch | 52 +++ ...

[OE-core] [PATCH] linux-yocto: Update dtb path for qemuarmv5

In Linux kernel versions 6.5 and later, device tree files have been moved under a vendor directory. The qemuarmv5 one is now located in "arm". Add this to get it working again (which was already done for the dev kernel in commit 42d5e8ef12934db65c35c1c5f0cabb5c21dbea43). Once all kernels --- m

Re: [OE-core] [mickledore] glibc: stable 2.37 branch updates.

On Thu, Oct 12, 2023 at 4:08 AM Steve Sakoman via lists.openembedded.org wrote: > > On Wed, Oct 11, 2023 at 8:25 PM Sundeep KOKKONDA via > lists.openembedded.org > wrote: > > > > Yocto bug https://bugzilla.yoctoproject.org/show_bug.cgi?id=15231 raised > > for failures cases analysis. > > I assum

Re: [OE-core] [mickledore] glibc: stable 2.37 branch updates.

On Thu, Oct 12, 2023 at 5:14 AM Sanjana V wrote: > Hi Khem, > > Thanks very much for checking the results and your comments. > > >> How much memory does the device under test have? > > We are using the default memory assigned in qemu x86-64. > cat /proc/meminfo > MemTotal:228876 kB > For tests c

Re: [OE-core] [mickledore] glibc: stable 2.37 branch updates.

On Wed, Oct 11, 2023 at 8:25 PM Sundeep KOKKONDA via lists.openembedded.org wrote: > > Yocto bug https://bugzilla.yoctoproject.org/show_bug.cgi?id=15231 raised for > failures cases analysis. I assume that I should wait to take this patch until the analysis is done? Steve > > -=-=-=-=-=-=-=-=

[oe-core][mickledore][PATCH 2/2] curl: fix CVE-2023-38546

From: Archana Polampalli A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. Signed-off-by: Archana Polampalli --- .../curl/curl/CVE-2023-38546.patch| 125 ++

[oe-core][mickledore][PATCH 1/2] curl: fix CVE-2023-38545

From: Archana Polampalli This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Signed-off-by: Archana Polampalli --- .../curl/curl/CVE-2023-38545.patch| 133 ++ meta/recipes-support/curl/curl_8.0.1.bb | 1 + 2 files changed, 134 in

[OE-core][PATCH 2/2] patchtest: clean up test suite

Various tweaks to make the test suite cleaner and more efficient: - Replace use of "re" module with "pyparsing" in tests (but not base.py) - Make test_mbox_cve only check for CVE tags in the commit if the added patch has them - Make test_mbox_cve SKIP instead of PASS if there's no CVE tag - Simp

[OE-core][PATCH 1/2] patchtest: improve test issue messages

The patchtest tests provide vague feedback to the user, and many of them also provide redundant 'fix' strings that could easily be incorporated into the issue messages themselves. Simplify them so that it is more clear what the errors are and how they can be addressed. No recommendation is given wh

Re: [OE-core][PATCH v6 03/12] devtool: new ide plugin

Finally looking at the code… On 10 Sep 2023, at 16:52, Adrian Freihofer via lists.openembedded.org wrote: > > The new devtool ide plugin configures an IDE to work with the eSDK. > > With this initial implementation VSCode is the default IDE. > The plugin works for recipes inheriting the cmake

Re: [OE-core] [PATCH] libtirpc: Support ipv6 in DISTRO_FEATURES

If netconfig file comes from the upstream source, then it should be correctly patched or dynamically formed at that point, and not after the fact at installation. Why aren’t the ipv6 enable/disable options taking care of it? Alex On Thu 12. Oct 2023 at 14.17, Jörg Sommer via lists.openembedded.or

[OE-core] [PATCH] libtirpc: Support ipv6 in DISTRO_FEATURES

If the ipv6 feature for the distribution is not set, the package should not contain settings for ipv6. This makes rpcbind doesn't try to bind to a IPv6 socket, and complain that this fails. Signed-off-by: Jörg Sommer --- meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb | 14 +- 1 fil

Re: [OE-core] [mickledore] glibc: stable 2.37 branch updates.

Hi Khem, Thanks very much for checking the results and your comments. >> How much memory does the device under test have? We are using the default memory assigned in qemu x86-64. cat /proc/meminfo MemTotal:228876 kB Can you please let us know if we should increase the memory in the image while

Re: [OE-core] [PATCH] rust: reproducibility issue fix

On Thu, 12 Oct 2023 at 08:37, Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Tue, 2023-10-10 at 21:05 -0700, Sundeep KOKKONDA via > lists.openembedded.org wrote: > > [Yocto#14875] > > The '--remap-path-prefix' option removes all references to build > directory structure in the de

Re: [OE-core] [PATCH] cve-check: Classify patched CVEs into 3 statuses

Sorry for the late reply. We want to use "Patched" to make it easy to find the package where the patch file exists and use "Out of range" to make it easy to find the package where not affected by the vulnerability. For that, we consider we need to classify vulnerabilities to "Undecidable" that

Re: [OE-core] [PATCH v3 1/4] dummy-sdk-package.inc: Filter packages which are marked for installation

Hello Pavel, On Mon, 9 Oct 2023 16:39:58 +0200 "Pavel Zhukov" wrote: > if packages is provided by dummysdk and in the same time marked for > installation with IMAGE_INSTALL it causes conflict in apt because virtual > providers are > not taken into account if package is asked to be installed ex