Hello Steve,
The license is already corrected in master branch during libpciaccess upgrade.
Link given below, I guess it doesn't need a patch for master as issue is
resolved.
Link:
https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib?id=00013601aad7826df6524b15356ce935234af3e
From: Soumya Sambu
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in
tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Signed-off-by: Soumya Sambu
---
.../ncurses/files/CVE-2023-45918.patch| 180 ++
.../ncurses/ncurses_6.
From: Soumya Sambu
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in
tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Signed-off-by: Soumya Sambu
---
.../ncurses/files/CVE-2023-45918.patch| 180 ++
meta/recipes-core/ncur
From: Archana Polampalli
Signed-off-by: Archana Polampalli
---
.../CVE-2023-6.patch | 329 ++
.../gstreamer1.0-plugins-bad_1.20.7.bb| 1 +
2 files changed, 330 insertions(+)
create mode 100644
meta/recipes-multimedia/gstreamer/gstreamer1.0-pl
From: Bhabu Bindu
Remove duplicated MIT license entry for libpciaccess
Duplication was done as part of below commit:
Link:
https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb?h=kirkstone&id=b0130fcf91daee0d905af755302fabe608da141c
Signed-off-by: Bhabu
Remove file entries which no longer exist in the source.
I spotted this when I added a custom QA error locally which
raised a warning when a file in FILES list of a package isn't
found in the source.
Signed-off-by: Guðni Már Gilbert
---
.../python/python3/python3-manifest.json | 23 ---
From: Bhabu Bindu
Remove duplicated MIT license entry for libpciaccess
Duplication was done as part of below commit:
Link:
https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb?h=kirkstone&id=b0130fcf91daee0d905af755302fabe608da141c
Signed-off-by: Bhabu
Signed-off-by: Antonin Godard
---
scripts/lib/devtool/ide_sdk.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 7807b322b3..65873b088d 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/i
On Sun, May 5, 2024 at 1:43 PM Marko, Peter wrote:
>
> From: Khem Raj
> Sent: Sunday, May 5, 2024 21:22
> To: Marko, Peter (ADV D EU SK BFS1)
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][PATCH] glibc: correct license
>
> > On Sun, May 5, 2024 at 2:18 AM Peter Marko via
From: Khem Raj
Sent: Sunday, May 5, 2024 21:22
To: Marko, Peter (ADV D EU SK BFS1)
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] glibc: correct license
> On Sun, May 5, 2024 at 2:18 AM Peter Marko via http://lists.openembedded.org
> mailto:siemens@lists.openemb
On Sun, May 5, 2024 at 2:18 AM Peter Marko via lists.openembedded.org
wrote:
> From: Peter Marko
>
> The license per https://www.gnu.org/software/libc/ is LGPL-2.1-or-later.
>
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=273a835fe7c685cc54266bb8b502787bad5e9bae
> converted last LGPL-
Branch: nanbield
New this week: 20 CVEs
CVE-2023-52455 (CVSS3: 7.8 HIGH): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52455 *
CVE-2023-52456 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52456 *
CVE-2023-52457 (CVSS3: 7.8 HIG
Branch: kirkstone
New this week: 0 CVEs
Removed this week: 0 CVEs
Full list: Found 33 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native
https://web.nvd.nist.gov
Branch: dunfell
New this week: 0 CVEs
Removed this week: 0 CVEs
Full list: Found 105 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-
Python 2.7 support was dropped in version 22.0.0
python3-six was dropped as a dependency in 22.0.0
Signed-off-by: Guðni Már Gilbert
---
meta/recipes-devtools/python/python3-pyopenssl_24.1.0.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3-pyopenssl_24.1.
Python 2.7 support was dropped in version 3.2.0 and
python3-six dependency was subsequently dropped in version 3.2.1
Signed-off-by: Guðni Már Gilbert
---
meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3-b
Hi again Tim, update from me regarding the scripts. TLDR: The manifest is out
of date, and the python scripts are working as they should.
I've convinced myself the python scripts used to generate the manifest *are
correct*. However, for anyone reading this, I can confirm the manifest is ou
Branch: master
New this week: 2 CVEs
CVE-2024-26900 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26900 *
CVE-2024-26913 (CVSS3: 7.8 HIGH): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26913 *
Removed this week: 7 CVEs
CVE-20
From: Peter Marko
The license per https://www.gnu.org/software/libc/ is LGPL-2.1-or-later.
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=273a835fe7c685cc54266bb8b502787bad5e9bae
converted last LGPL-2.1-only references.
License-Update: correction
Signed-off-by: Peter Marko
---
meta/re
19 matches
Mail list logo
