Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/Regarding-the-issue-of-adding-a-symbolic-link-from-python-to-python3.patch
FAIL: test shortlog format: Commit short
after rephrasing the commit message to address patchtest issues, the patch
opened this new thread. previous discussion can be found here:
https://lists.openembedded.org/g/openembedded-core/topic/107118664#msg201643
( https://lists.openembedded.org/g/openembedded-core/topic/107118664#msg201643 )
after rephrasing the commit message to address patchtest issues, the patch
opened a new thread under
https://lists.openembedded.org/g/openembedded-core/topic/patch_rootfs_run_postinst/107227142
(
https://lists.openembedded.org/g/openembedded-core/topic/patch_rootfs_run_postinst/107227142
) thi
this patch will ensure that pkg_postinst_ontarget task is executed for read
only rootfs when read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES.
In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py
testing the fix has been implemented.
Signed-off-by: Gassner, Tob
Hello,
To resolve the issue where some shebang use /usr/bin/python, leading to the
interpreter not being recognized, I have added a symbolic link from
/usr/bin/python to /usr/bin/python3. Currently, I have two modification plans
but am unsure if they are appropriate, so I would like to seek you
On 6/18/24 11:30, Changqing Li via lists.openembedded.org wrote:
From: Changqing Li
With --force-overwrite (implied by --force-all), dpkg will not abort
when a package overwrites files from different packages. As this can
also lead to "The following package disappeared from your system as
all f
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/busybox-Add-fix-for-CVE-2023-42366.patch
FAIL: test commit message presence: Please include a commit message on you
Signed-off-by: Khem Raj
---
...1-awk.c-fix-CVE-2023-42366-bug-15874.patch | 37 +++
meta/recipes-core/busybox/busybox_1.36.1.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644
meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch
diff --
backport upstream fix for CVEs and fix the regression that introduced [1]
[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
Signed-off-by: Khem Raj
---
v2: Fix upstream status for patch #2 and typo in recipe
...01-awk-fix-precedence-of-relative-to.patch | 197
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/gcc-14-Mark-CVE-2023-4039-as-fixed-in-GCC14.patch
FAIL: test commit message presence: Please include a commit messa
Signed-off-by: Khem Raj
---
meta/recipes-devtools/gcc/gcc-14.1.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/gcc/gcc-14.1.inc
b/meta/recipes-devtools/gcc/gcc-14.1.inc
index 8b51b2938e8..8e887c84144 100644
--- a/meta/recipes-devtools/gcc/gcc-14.1.inc
+++ b/meta/rec
On Sun, Jul 14, 2024 at 4:19 AM Steve Sakoman via
lists.openembedded.org
wrote:
>
> Branch: master
>
> New this week: 2 CVEs
> CVE-2024-36288 (CVSS3: 5.5 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36288 *
> CVE-2024-39472 (CVSS3: 5.5 MEDIUM): linux-yocto
> h
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/busybox-CVE-2023-42364-and-CVE-2023-42365-fixes.patch
FAIL: test Upstream-Status presence: Upstream-Status is in in
backport upstream fix for CVEs and fix the regression that introduced [1]
[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
Signed-off-by: Khem Raj
---
...01-awk-fix-precedence-of-relative-to.patch | 197 ++
...x-ternary-operator-and-precedence-of.patch | 94 +
We now have 6.9 kernel headers in master which means
busybox builds with CONFIG_TC will fail to build due
to CBQ being dropped in kernel 6.8+
Apply a fix which is reported upstream
Signed-off-by: Khem Raj
---
v2: Rebased on top of master
.../busybox/busybox-1.36.1-no-cbq.patch | 61 +
Branch: scarthgap
New this week: 3 CVEs
CVE-2023-6683 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 *
CVE-2024-39472 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39472 *
CVE-20
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 67f6c3534a18520f3b7c5eed27dc2744c5bf44c2)
Signed-off-by: Steve Sakoman
---
...ption-to-enable-disable-libnfnetlink.patch | 44 +++
From: Changqing Li
Backport 2 patches to fix following compile errors:
webkitgtk-2.44.1/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp:545:37:
error: 'LS_POINT' was not declared in this scope; did you mean
'WebCore::LightType::LS_POINT'?
545 | if (data.
From: Changqing Li
* According to latest comment [1] and the mentioned pull request
[2], build an ENABLE(WEBASSEMBLY) && !ENABLE(JIT) configuration is
supported, so original issue already fixed in current version, the
EXTRA_OECMAKE setting is not needed anymore.
* This EXTRA_OECMAKE setting caus
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 618bb8994d66d7d24cca2fb6885a510d69406437)
Signed-off-by: Steve Sakoman
---
.../libvorbis/libvorbis/0001-configure-Check-for-clang.patch| 2 +-
From: Richard Purdie
Since the CVE repository is no longer being updated, drop the warning
comparision since it is no longer valid.
Signed-off-by: Richard Purdie
Signed-off-by: Alexandre Belloni
Signed-off-by: Steve Sakoman
---
.../recipes-kernel/linux/cve-exclusion_6.6.inc | 18 +---
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit d28861326dd8d23914571dc0be8e70899927deea)
Signed-off-by: Steve Sakoman
---
.../0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch | 2 +-
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 6307adb5b0644845f4062c21ac5717eb62a61dd3)
Signed-off-by: Steve Sakoman
---
.../grub-module-explicitly-keeps-symbole-.module_license.patch | 2 +-
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 5c00500618fa50eeb5e3e956e1fb5f4af562c1a7)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/perl/files/determinism.patch | 6 +++---
1 file
From: Alexander Kanavin
The patch was submitted upstream
https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28895
but further investigation revealed that the problem had been solved properly
in meson.class:
https://git.yoctoproject.org/poky/commit/?id=6bf674374d568b2419a4c6eef00d8930288788
From: Niko Mauno
Mitigate occurrences where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
(From OE-Core rev: 314041fd126a4800a5a5d9fcd84c525319479256)
Signed-off-by: Niko Mauno
Signed-off-by: Richard Purdie
(cherry
From: Peter Marko
github.com/mirror/ncurses is not updated for over a year.
Switch to new mirror from Thomas Dickey (ncurses maintainer).
Sources are identical.
Updated upstream check regex by:
* changed dot to underscore as this repo is tagged like this
* added v prefix to not propose updates
From: Ross Burton
It looks like something related to FTP in curl, be it the protocol itself
or the harness, is unstable under load. We've been seeing random failures
in automated QA, and Debian does too.
Until this issue is resolved, disable all of the FTP tests on the hope
that this is the und
From: Ross Burton
As with a previous change to the class[1], the "pkgconfig" entry is now
deprecated and "pkg-config" should be used instead.
[1] oe-core d64b307891422e290bbe821d4303b3af526bbe17
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 3e441544f1aa72
From: Richard Purdie
Similarly to centos 8, centos 9 doesn't support the render device we need
for this test.
Signed-off-by: Richard Purdie
(cherry picked from commit c2be3afabf84f287c90b61ae2509728a6634fb8f)
Signed-off-by: Steve Sakoman
---
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +-
From: Robert Kovacsics
There were two different interpreter lengths in use, make them match.
Signed-off-by: Richard Purdie
(cherry picked from commit b175f9cdc3d87bef5c89cc337c2a7e2674732b29)
Signed-off-by: Steve Sakoman
---
meta/files/toolchain-shar-extract.sh| 4 +++-
meta/recipes-c
From: Ross Burton
The baseparse:parser_pull_short_read test is known to be unreliable,
according to the list of known bad tests in gst-devtools.
Also clean up an incorrect comment.
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from c
From: Jookia
The variable uninative_checksum is returned without being set, causing a
build error. Set it to None by default instead.
Signed-off-by: Richard Purdie
(cherry picked from commit 69ead1f2d403e6a0e5365ce4e89288f846d3ef33)
Signed-off-by: Steve Sakoman
---
meta/classes-recipe/populat
From: Khem Raj
Its needed to run libteam ptests
Signed-off-by: Khem Raj
Cc: Bruce Ashfield
Signed-off-by: Richard Purdie
(cherry picked from commit 7cd8e04b23b562746665577174799d42ded45d93)
Signed-off-by: Steve Sakoman
---
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 2 ++
1 file changed,
From: Ross Burton
There is a build race where the libportal.vapi is not always generated
before it is needed to build libportal-gtk*.vapi. Backport the fix from
upstream.
[ YOCTO #15479 ]
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked
From: Enrico Jörns
Fixes:
| poky/scripts/lib/wic/engine.py:362: SyntaxWarning: invalid escape sequence
'\/'
Signed-off-by: Enrico Jörns
Signed-off-by: Richard Purdie
(cherry picked from commit e33d7241f6c2897e930aff41e18b154891197ab9)
Signed-off-by: Steve Sakoman
---
scripts/lib/wic/engine
From: Wang Mingyu
Changelog:
==
- Fixes issues where LLVM is either generating the incorrect thunk for a
function with aligned parameters or didn't correctly pass through the
return value when StructRet was used.
- -Xclang -target-feature -Xclang +unaligned-scalar-mem can be used to e
From: Wang Mingyu
Changelog:
=
- main_loop.c (command_s): Fix g/x/s/x/x, which failed to skip the
final newline, printing lines twice.
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit d726710f7b1d707a55777d486bf
From: Ross Burton
* Updated Unicode tables to version 15.1
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit 332276679c9a004158929e03d9263e9ef66816e9)
Signed-off-by: Steve Sakoman
---
.../fribidi/{fribidi_1.0.13.bb => fribid
From: Yi Zhao
Changelog:
https://people.redhat.com/sgrubb/libcap-ng/ChangeLog
- Remove python global exception handler since it's deprecated
- Make the utilities link against just built libraries
- Remove unused macro in cap-ng.h
Signed-off-by: Yi Zhao
Signed-off-by: Richard Purdie
(cherry
From: Yi Zhao
Changelog:
https://people.redhat.com/sgrubb/libcap-ng/ChangeLog
- Remove python global exception handler since it's deprecated
- Make the utilities link against just built libraries
- Remove unused macro in cap-ng.h
Drop backport patch fix-issues-with-swig-4-2.patch.
Backport a
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, July 16
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7136
The following changes since commit d511c41dac048fbdd93a54136e93b0623a18a83d:
xz: Update LI
From: Hitendra Prajapati
References:
https://github.com/ruby/ruby/pull/10316
https://security-tracker.debian.org/tracker/CVE-2024-27281
Upstream-Status: Backport from
https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
Signed-off-by: Hitendra Prajapati
Signed-off-by:
From: Ross Burton
Upstream consider the behaviour described in this CVE as intentional,
and provide an option to stop it.
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 6c99147037ba8ca424ee42520183bd2bd55c7056)
Signed-off-by: Steve Sakoman
---
meta/recipe
Branch: kirkstone
New this week: 8 CVEs
CVE-2020-14409 (CVSS3: 7.8 HIGH): libsdl2:libsdl2-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14409 *
CVE-2020-14410 (CVSS3: 5.4 MEDIUM): libsdl2:libsdl2-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14410 *
CVE-2023
These were used by external layers and were needed before we had better
unpack instrumenation and the recent unpack directory changes. Drop
them as obsolete.
Signed-off-by: Richard Purdie
---
meta/recipes-kernel/perf/perf.bb | 1 -
meta/recipes-support/icu/icu_75-1.bb | 1 -
2 files changed,
Branch: master
New this week: 2 CVEs
CVE-2024-36288 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36288 *
CVE-2024-39472 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39472 *
Removed this week: 2 CVEs
CVE-
From: Peter Marko
These recipes come from rust sources and CVEs are reported for them
under rust-lang:rust vendor:product touple.
Especially libstd-rs needs correct CVE_PRODUCT as is it installed on
target devices (being statically linked to rust compiled binaries).
before:
cargo: CVE_PRODUCT="c
48 matches
Mail list logo
