There is also gnu:zlib in CVE reports for zlib...
sqlite3 nvdcve_2-1.db
sqlite> select vendor, count(*) from products where product='zlib' group by
vendor;
cloudflare|1
gnu|1
zlib|13
sqlite> select * from products where product='zlib' and vendor = 'gnu';
CVE-2016-9842|gnu|zlib|1.2.3.4|>=|1.2.9|<
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendor that has been used.
Signed-off-by: Het Patel
---
meta/recipes-core/zlib/zlib_1.2.13.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/zlib/zlib_1.2.13.bb
b/meta/
From: Changqing Li
Refer [1], people.redhat.com has certificate issue, so update SRC_URI
to github tag archives to fix do_fetch warning
[1] https://github.com/stevegrubb/libcap-ng/issues/56
Signed-off-by: Changqing Li
---
meta/recipes-support/libcap-ng/libcap-ng.inc | 6 +++---
meta/reci
From: Changqing Li
Refer [1], people.redhat.com has certificate issue, so update SRC_URI
to github tag archives to fix do_fetch warning
[1] https://github.com/stevegrubb/libcap-ng/issues/56
Signed-off-by: Changqing Li
---
meta/recipes-support/libcap-ng/libcap-ng.inc | 6 +++---
meta/reci
From: Yogita Urade
A flaw was found in ofono, an Open Source Telephony on Linux.
A stack overflow bug is triggered within the decode_deliver()
function during the SMS decoding. It is assumed that the attack
scenario is accessible from a compromised modem, a malicious
base station, or just SMS. Th
backport upstream fix for CVEs and fix the regression that introduced [1]
[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
Signed-off-by: Hitendra Prajapati
---
.../busybox/CVE-2023-42364_42365-1.patch | 197 ++
.../busybox/CVE-2023-42364_42365-2.patch
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/v2-curl-Update-to-8.9.1.patch
FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch
file. Co
From: Robert Joslyn
This update contains minor features, bugfixes, and addresses several CVEs:
* https://curl.se/docs/CVE-2024-6197.html
* https://curl.se/docs/CVE-2024-6874.html
* https://curl.se/docs/CVE-2024-7264.html
Full relese notes available at https://curl.se/ch/8.9.1.html
Backport a pa
From: Peter Marko
libmnl autoconf autodetects doxygen to generate manpages.
If doxygen is provided via hosttools, the build fails.
Also until now manpages were not needed.
So explicitly disable doxygen in configure step.
(From OE-Core rev: 8d7bbf4d6936d831e341e9443a6b3711be09c7ab)
Signed-off-by
From: Changqing Li
Since commit 148de08220 [ curl: Update from 8.2.1 to 8.3.0 ],
--enable-crypto-auth option was removed and split into separate options
for basic-auth, bearer-auth, digest-auth, kerberos-auth negotiate-auth,
and aws. In this commit, --enable-crypto-auth is removed from
EXTRA_OECO
From: Changqing Li
update SRC_URI to fix do_fetch warning:
WARNING: libpng-1.6.42-r0 do_fetch: Failed to fetch URL
https://downloads.sourceforge.net/project/libpng/libpng16/libpng-1.6.42.tar.xz,
attempting MIRRORS if available
Signed-off-by: Changqing Li
Signed-off-by: Steve Sakoman
---
met
From: Wang Mingyu
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit bcbaaa9f7d88686915c354fb66682cbe9b1d0536)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} | 2 +-
1 file changed,
From: Richard Purdie
Removes CVE-2022-46456 from reports.
(From OE-Core rev: 4a5b6e8dd315b2281afb232410db585d431be00f)
Signed-off-by: Richard Purdie
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/nasm/{nasm_2.16.01.bb => nasm_2.16.03.bb} | 2 +-
1 file cha
From: Ashish Sharma
Includes security fixes for:
CVE-2024-1975
CVE-2024-1737
CVE-2024-0760
CVE-2024-4076
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES
Signed-
From: Peter Marko
This CVE is fixed in v8.2.2 with v8.2.1-55-g480a6adc83
https://github.com/qemu/qemu/commit/480a6adc83a7bbc84bfe67229e084603dc061824
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/qemu/qemu.inc | 2 ++
1 file changed, 2 insertions(+)
diff
From: Archana Polampalli
Signed-off-by: Archana Polampalli
Signed-off-by: Steve Sakoman
---
.../ffmpeg/ffmpeg/CVE-2024-31582.patch| 34 +++
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-multimedi
From: Peter Marko
This CVE status should have been removed on version update.
CPE says >=2.34 and <2.39 while our version is already 2.39.
(From OE-Core rev: b568a8f428e76f75bb8c374983f62822325ebe8a)
Signed-off-by: Peter Marko
Signed-off-by: Richard Purdie
Signed-off-by: Steve Sakoman
---
m
Please review this set of changes for scarthgap and have comments back by
end of day Friday, August 9
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7220
with the exception of a load related parsing failure on qemuarm64-armhost
which passed on sub
From: Peter Marko
Picked commit per https://curl.se/docs/CVE-2024-6197.html
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
.../curl/curl/CVE-2024-6197.patch | 24 +++
meta/recipes-support/curl/curl_8.7.1.bb | 1 +
2 files changed, 25 insertions(
On 8/5/24 4:11 AM, Ross Burton wrote:
There’s a known regression in this release, can you also backport this commit:
https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970
(as per https://curl.se/mail/distros-2024-08/0002.html)
Ross
Ah, sure thing. I'll send a v2.
Than
From: Peter Marko
This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
Signed-off-by: Peter Marko
---
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 +-
1 file changed, 1 insertion(+
From: Peter Marko
This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
Signed-off-by: Peter Marko
---
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 1 +
1 file changed, 1 insertion(+)
From: Peter Marko
This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
Signed-off-by: Peter Marko
---
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 1 +
1 file changed, 1 insertion(+)
In message: Re: [PATCH 0/8][v2] linux-yocto: introduce v6.10
on 07/08/2024 Richard Purdie wrote:
> On Tue, 2024-08-06 at 14:55 -0400, bruce.ashfi...@gmail.com wrote:
> > Here's v2 of the patch series.
> >
> > In a similar manner to v1, I've got yocto/yocto-bsp patches along
> > side the
> > oe-co
Add a command to bitbake-layers to list the machines available in the
current configuration.
Signed-off-by: Ross Burton
---
meta/lib/bblayers/machines.py | 37 +++
1 file changed, 37 insertions(+)
create mode 100644 meta/lib/bblayers/machines.py
diff --git a/met
On Wed, Aug 7, 2024 at 12:21 AM Hitendra Prajapati via
lists.openembedded.org
wrote:
>
> backport upstream fix for CVEs and fix the regression that introduced [1]
>
> [1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
>
> Signed-off-by: Hitendra Prajapati
> ---
> ...01-awk-fix-p
On Wed, 2024-08-07 at 17:55 +0200, Alexandre Belloni via
lists.openembedded.org wrote:
> Hello,
>
> Because of DMARC, you really need to add your From: here
>
> Also, the patch is still mangled and doesn't apply.
I manually fixed it up when I tested it and I did merge it earlier as
the initial t
The looping logic for handling (and not handling) UBOOT_CONFIG has led
to the various do_* functions to be large and unwieldy. In order to
modify one of the functional blocks inside of a loop (or in the else
condition) means you either have to replace the function entirely, or
append the function
The install function already removes the executable bit on these tools
so that perl, python, awk and csh don't become dependencies. The INSANE_SKIP
therefore isn't needed.
Signed-off-by: Richard Purdie
---
meta/recipes-support/vim/vim.inc | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/r
Hello,
Because of DMARC, you really need to add your From: here
Also, the patch is still mangled and doesn't apply.
On 06/08/2024 13:59:54+0100, Pedro Ferreira via lists.openembedded.org wrote:
> This fix garantees that output package folder exists on
> buildhistory folder to avoid missing files
Changelog: https://github.com/sphinx-doc/sphinx/releases
Signed-off-by: Trevor Gamblin
---
.../python/{python3-sphinx_7.4.7.bb => python3-sphinx_8.0.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-sphinx_7.4.7.bb =>
python3-sphinx_8.0.2.
License-Update: Rename LICENSE to LICENCE.rst
Changelog
(https://github.com/sphinx-doc/sphinxcontrib-qthelp/blob/master/CHANGES.rst):
Release 2.0.0 (2024-07-28)
- Adopt Ruff
- Tighten MyPy settings
- Update GitHub actions versions
Signed-off-by: Trevor Gamblin
---
...-qthelp_1.0.8.bb => pyth
Patch 'libassuan-add-pkgconfig-support.patch' had to be adjusted to
apply on top of 3.0.1. While doing so, the format was updated so that
it'll work more easily with git.
Changelog (git log --oneline libassuan-2.5.7..libassuan-3.0.1):
c9e9027 (tag: libassuan-3.0.1) Release 3.0.1
9e90c79 Post rele
License-Update: Rename LICENSE to LICENCE.rst
Changelog
(https://github.com/sphinx-doc/sphinxcontrib-serializinghtml/blob/master/CHANGES.rst):
Release 2.0.0 (2024-07-28)
- Adopt Ruff
- Tighten MyPy settings
- Update GitHub actions versions
Signed-off-by: Trevor Gamblin
---
...1.10.bb => pyth
License-Update: Rename LICENSE to LICENCE.rst
Changelog
(https://github.com/sphinx-doc/sphinxcontrib-htmlhelp/blob/master/CHANGES.rst):
Release 2.1.0 (2024-07-28)
- Adopt Ruff
- Tighten MyPy settings
- Update GitHub actions versions
- Escape HTML entities
Signed-off-by: Trevor Gamblin
---
..
License-Update: Rename LICENSE to LICENCE.rst
Changelog
(https://github.com/sphinx-doc/sphinxcontrib-devhelp/blob/master/CHANGES.rst):
Release 2.0.0 (2024-07-28)
- Adopt Ruff
- Tighten MyPy settings
- Update GitHub actions versions
- Avoid storing build time in gzip headers
Signed-off-by: Trev
License-Update: Renamed LICENSE to LICENCE.rst
Changelog
(https://github.com/sphinx-doc/sphinxcontrib-applehelp/blob/master/CHANGES.rst):
Release 2.0.0 (2024-07-28)
- Adopt Ruff
- Tighten MyPy settings
- Update GitHub actions versions
Signed-off-by: Trevor Gamblin
---
...help_1.0.8.bb => pyt
Changelog
(https://docs.pytest.org/en/stable/changelog.html#pytest-8-3-2-2024-07-24):
Bug fixes
- #12652: Resolve regression conda environments where no longer being
automatically detected.
- by @RonnyPfannschmidt
Signed-off-by: Trevor Gamblin
---
.../python/{python3-pytest_8.3.1.bb => pyth
Changelog: https://hypothesis.readthedocs.io/en/latest/changes.html
Signed-off-by: Trevor Gamblin
---
...on3-hypothesis_6.108.4.bb => python3-hypothesis_6.108.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3-hypothesis_6.108.4.bb =>
pyth
Since this is a bootstrap recipe with PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't do anything anyway.
This fixes errors from buildhistory changes where packages-split would be empty.
Signed-off-by: Richard Purdie
---
meta/recipes-core/glib-
From: Bruce Ashfield
While we wait for a new lttng-release, we backport 6
patches to fix the build against the 6.11 kernel.
Signed-off-by: Bruce Ashfield
---
...01-Fix-kfree_skb-changed-in-6.11-rc1.patch | 65 ++
...da_reserve_space-changed-in-6.11-rc1.patch | 58 +
...emoved-from-bt
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/master-scarthgap-u-boot.inc-Refactor-do_-steps-into-functions-that-can-be-overridden.patch
FAIL: test shortlog leng
The looping logic for handling (and not handling) UBOOT_CONFIG has led
to the various do_* functions to be large and unwieldy. In order to
modify one of the functional blocks inside of a loop (or in the else
condition) means you either have to replace the function entirely, or
append the function
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/meta-multimeida-libcamera-Add-support-for-pycamera.patch
FAIL: test target mailing list: Series sent to the wrong m
Supply a libcamera-pycamera package to allow installing the libcamera
python bindings.
Signed-off-by: Kieran Bingham
---
.../recipes-multimedia/libcamera/libcamera_0.3.0.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta-multimedia/recipes-multimedia/libcame
Refresh patch 'fix_pid_keactrl.patch' to apply on new version.
Add an extra sed call to do_install:append() to remove a reference to
TMPDIR from ${D}/usr/sbin/kea-admin.
License-Update: Update copyright year
Signed-off-by: Trevor Gamblin
---
v4 uses ${sbindir} in the added sed call so that it i
On 2024-08-07 8:06 a.m., Ross Burton wrote:
On 6 Aug 2024, at 20:12, Trevor Gamblin via lists.openembedded.org
wrote:
+sed -i "s:${B}/../${BPN}-${PV}:@abs_top_builddir_placeholder@:g"
${D}/usr/sbin/kea-admin
Is /usr/sbin hardcoded into the makefiles, or should that be ${D}${sbindir}?
Create the separate dbg package and then drop and the INSANE_SKIP values
as none of them appear to be needed once debug splitting is fixed.
Signed-off-by: Richard Purdie
---
meta/recipes-core/glibc/glibc-y2038-tests_2.40.bb | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git
How debugging is laid out is for the distro to decide, not the recipe. If the
user
wants this, they can set this. This recipe isn't special.
Signed-off-by: Richard Purdie
---
meta/recipes-core/glibc/glibc-y2038-tests_2.40.bb | 6 --
1 file changed, 6 deletions(-)
diff --git a/meta/recipes-
In my local testing there are now no QA issues from this recipe so we can drop
the ptest INSANE_SKIPs.
Signed-off-by: Richard Purdie
---
meta/recipes-core/gettext/gettext_0.22.5.bb | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta/recipes-core/gettext/gettext_0.22.5.bb
b/meta/recipes-c
In my local testing there are now no QA issues from this recipe so we can drop
the ptest INSANE_SKIPs.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/m4/m4-1.4.19.inc | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta/recipes-devtools/m4/m4-1.4.19.inc
b/meta/recipes-devtools/m4
According to my tests, enabling perl in PACKAGECONFIG and building doesn't
show any buildpaths QA issue. Therefore drop this INSANE_SKIP as obsolete.
Signed-off-by: Richard Purdie
---
meta/recipes-kernel/perf/perf-perl.inc | 4
1 file changed, 4 deletions(-)
diff --git a/meta/recipes-kerne
> On 6 Aug 2024, at 20:12, Trevor Gamblin via lists.openembedded.org
> wrote:
> +sed -i "s:${B}/../${BPN}-${PV}:@abs_top_builddir_placeholder@:g"
> ${D}/usr/sbin/kea-admin
Is /usr/sbin hardcoded into the makefiles, or should that be ${D}${sbindir}?
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: Y
Loading a load of json files into a memory structure and stashing in a bitbake
variable is relatively anti-social making bitbake -e output hard to read for
example as well as other potential performance issues.
Defer loading of that data until it is actually needed/used in a funciton
where it is n
> -Original Message-
> From: Dhairya Nagodra -X (dnagodra - E INFOCHIPS LIMITED at Cisco)
>
> Sent: Wednesday, August 7, 2024 12:17
> To: Marko, Peter (ADV D EU SK BFS1) ; Richard
> Purdie ; Marta Rybczynska
> ; openembedded-core@lists.openembedded.org
> Cc: xe-linux-external(mailer list
>-Original Message-
>From: Marko, Peter
>Sent: Wednesday, July 24, 2024 12:04 PM
>To: Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC at Cisco)
>; openembedded-core@lists.openembedded.org
>Cc: xe-linux-external(mailer list)
>Subject: RE: [OE-core] [PATCH] cve-check-map: Move 'upstream-w
From: Changqing Li
update SRC_URI to fix do_fetch warning:
WARNING: libpng-1.6.42-r0 do_fetch: Failed to fetch URL
https://downloads.sourceforge.net/project/libpng/libpng16/libpng-1.6.42.tar.xz,
attempting MIRRORS if available
Signed-off-by: Changqing Li
---
meta/recipes-multimedia/libpng/li
On Tue, 2024-08-06 at 14:55 -0400, bruce.ashfi...@gmail.com wrote:
> Here's v2 of the patch series.
>
> In a similar manner to v1, I've got yocto/yocto-bsp patches along
> side the
> oe-core ones .. just to save us both some synchronization and
> juggling.
>
> - the 6.10.3 update contains kconfi
backport upstream fix for CVEs and fix the regression that introduced [1]
[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
Signed-off-by: Hitendra Prajapati
---
...01-awk-fix-precedence-of-relative-to.patch | 197 ++
...1-awk.c-fix-CVE-2023-42366-bug-15874.pat
59 matches
Mail list logo
