Re: [OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

On Sun, Mar 31, 2024 at 3:50 PM Vijay Anusuri wrote: > > Sure Randy. > > Issue introduced last year in util-linux v2.39. > > The offending commits are: > > * https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7c >("write: correctly handle wide characters") > * https://github.com/uti

[OE-core] [kirkstone][PATCH v2] tiff: fix CVE-2023-52356 CVE-2023-6277

From: Lee Chee Yang import patch from ubuntu to fix CVE-2023-52356 CVE-2023-6277 import from http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz Signed-off-by: Lee Chee Yang --- v2: fix Upstream-Status format .../libtiff/tiff/CVE-2023-52356.patch | 5

Re: [OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

Sure Randy. Issue introduced last year in util-linux v2.39. The offending commits are: * https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7c ("write: correctly handle wide characters") * https://github.com/util-linux/util-linux/commit/aa13246a1bf1be9e ("wall: use fputs_careful

Re: [OE-core] [PATCH v5 1/3] nfs-utils: clean up startup

This still fails on the AB: https://autobuilder.yoctoproject.org/typhoon/#/builders/23/builds/9115/steps/14/logs/stdio On 28/03/2024 19:24:10-0600, Dan McGregor wrote: > From: Daniel McGregor > > Change the sysvinit script to start at the S runlevel, this matches > Debian, and prevents systemd

[oe-core][PATCH] epiphany: update 45.3 -> 46.0

46.0 - March 15, 2024 = * Improve keyboard navigation of address bar dropdown (#1726, Markus Göllnitz) * Add "Send Link by Email..." to context menu for links (#2037, Leon Marz) * Use selected text when middle clicking on New Tab button (#2159) 46.rc - February 29, 2024 ===

[oe-core][PATCH] webkitgtk: update 2.42.5 -> 2.44.0

- add a PACKAGECONFIG for libbacktrace to avoid: | -- Could NOT find LibBacktrace (missing: LIBBACKTRACE_INCLUDE_DIR LIBBACKTRACE_LIBRARY) | CMake Error at Source/cmake/OptionsGTK.cmake:425 (message): | libbacktrace is required for USE_LIBBACKTRACE - while at it also add a PACKAGECONFIG f

[oe-core][PATCH] vte: update 0.74.2 -> 0.76.0

- add missing lz4 dependency - add PACKAGECONFIG for gtk+3 - if wayland and opengl are available, gtk4 will be used - for plain x11 it can be built with or without opengl depending on DISTRO_FEATURE Signed-off-by: Markus Volk --- meta/recipes-support/vte/{vte_0.74.2.bb => vte_0.76.0.bb} | 7 +++

[oe-core][PATCHv2] gtk+3: disable wayland without opengl

Wayland backend requires epoxy so it will pull in a requirement for opengl While doing some tests in building old stuff like matchbox-terminal with vte 0.76, I encountered an issue with building matchbox-terminal without opengl in DISTRO_FEATURES. Explicitly stating that the Wayland backend requir

[OE-core] OE-core CVE metrics for nanbield on Sun 31 Mar 2024 04:00:01 AM HST

Branch: nanbield New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 128 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vul

Patchtest results for [oe-core][PATCH] gtk+3: disable wayland without opengl

Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/gtk-3-disable-wayland-without-opengl.patch FAIL: test Signed-off-by presence: Mbox is missing Signed-off-by. Add it

[oe-core][PATCH] gtk+3: disable wayland without opengl

Wayland backend requires epoxy so it will pull in a requirement for opengl While doing some tests in building old stuff like matchbox-terminal with vte 0.76, I encountered an issue with building matchbox-terminal without opengl in DISTRO_FEATURES. Explicitly stating that the Wayland backend requir

[OE-core] OE-core CVE metrics for kirkstone on Sun 31 Mar 2024 03:00:01 AM HST

Branch: kirkstone New this week: 0 CVEs Removed this week: 1 CVEs CVE-2023-52426 (CVSS3: 5.5 MEDIUM): expat:expat-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52426 * Full list: Found 43 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist

[OE-core] OE-core CVE metrics for dunfell on Sun 31 Mar 2024 02:00:01 AM HST

Branch: dunfell New this week: 0 CVEs Removed this week: 1 CVEs CVE-2024-25062 (CVSS3: 7.5 HIGH): libxml2:libxml2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25062 * Full list: Found 109 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native http

[OE-core] OE-core CVE metrics for master on Sun 31 Mar 2024 01:00:01 AM HST

Branch: master New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 37 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/d

Re: [OE-core] [PATCH 2/3] valgrind: Re-enable fixed test cases

yeah drop it for now. I need to check x86 results with gcc On Sun, Mar 31, 2024 at 1:24 AM Alexandre Belloni wrote: > > On 30/03/2024 08:31:10+, Richard Purdie wrote: > > On Thu, 2024-03-28 at 22:50 -0700, Khem Raj wrote: > > > These tests have been fixed in prior to 3.22 release > > > > > >

Re: [OE-core] [PATCH 2/3] valgrind: Re-enable fixed test cases

On 30/03/2024 08:31:10+, Richard Purdie wrote: > On Thu, 2024-03-28 at 22:50 -0700, Khem Raj wrote: > > These tests have been fixed in prior to 3.22 release > > > > Signed-off-by: Khem Raj > > --- > >  meta/recipes-devtools/valgrind/valgrind_3.22.0.bb | 6 -- > >  1 file changed, 6 deletio