On Thu, Dec 12, 2024 at 4:09 AM Hongxu Jia wrote:
>
> After commit [spdx 3.0: Rework how SPDX aliases are linked] applied, it set
> license_text_map with alias other than actual spdxId
>
> The property of simplelicensing_customIdToUri is
> ListProp(ObjectProp(DictionaryEntry))),
> and class Dicti
Am Fr., 13. Dez. 2024 um 14:54 Uhr schrieb Bruce Ashfield <
bruce.ashfi...@gmail.com>:
>
>
> On Thu, Dec 12, 2024 at 11:44 AM Adrian Freihofer via
> lists.openembedded.org
> wrote:
>
>> From: Adrian Freihofer
>>
>> Support of images with different network management implementations
>> without ha
Hi Mathieu,
On Fri, Dec 13, 2024 at 04:31:44PM +0100, Mathieu Dubois-Briand wrote:
> On Thu Dec 12, 2024 at 10:24 PM CET, Hiago De Franco via
> lists.openembedded.org wrote:
> > From: Hiago De Franco
> >
> > The kbd package is no longer a hard dependency for weston-init, as
> > weston has replac
Am Fr., 13. Dez. 2024 um 12:18 Uhr schrieb Richard Purdie <
richard.pur...@linuxfoundation.org>:
> On Thu, 2024-12-12 at 16:55 +0100, Adrian Freihofer via
> lists.openembedded.org wrote:
> > v2 fixes the build warning
> >
> > First of all, this patch series fixes a bug in systemd.bbclass that
> >
I would like to understand why this patch series was never merged.
Specifically, the patch that moves CMAKE_NO_SYSTEM_FROM_IMPORTED to
toolchain.cmake seems to fix a common issue when building with OE: By default,
CMake adds the SYSTEM property to all imported libraries, which lets consuming
ta
Unfortunately, there's a large swath of packages in both oe-core (>30) in
meta-python (>70) that do not follow PEP625. I'll send a v3 patchset that
normalizes the URLs and sdist filenames for the future (assuming folks
standardize to follow PEP625 in the future), but we'll still carry a large
numb
Update the UPSTREAM_CHECK_URI to leverage the simple repo API. The
project URLs require javascript which breaks the version checking fetch
and subsequent logic. The simple repo API provides similar
functionality with a well defined spec which is used by tools such as
pip. Also update the UPSTREA
With the upstream check migrated to the simple repo API, a number of the
recipes required updates to:
1. Remove outdated UPSTREAM_CHECK_REGEX checks
2. Add recipe specific UPSTREAM_CHECK_PYPI_PACKAGE definitions for
packages that use '_', CamelCase, or other deviations from PEP625 in
the sour
On 13 Dec 2024, at 18:06, Ross Burton wrote:
> Rationalising this is the source of at least three wip branches I have
> locally, so I’d love to see it sorted.
Hit sent too early.
One of my WIP branches basically made some semantic changes, where PYPI_PACKAGE
is the canonical package name (as i
Hi Ross,
I'll give that normalization another shot. I saw a couple older packages
not following the normalized filenames, but those could be outliers.
Thanks for the pointer.
-Derek
On Fri, Dec 13, 2024 at 12:07 PM Ross Burton wrote:
> On 13 Dec 2024, at 15:14, Alexander Kanavin via lists.ope
On 13 Dec 2024, at 15:14, Alexander Kanavin via lists.openembedded.org
wrote:
>
> On Fri, 13 Dec 2024 at 15:53, Derek Straka wrote:
>> Thanks for your note. I’m working through the remaining downstream recipe
>> changes today which should address the rest of the UNKNOWN_BROKEN recipes.
>>
>>
Agreed. It's painful at times because there isn't a complete
standardization in pypi naming conventions. I' sent a v2 that is intended
to resolve all of the oe-core UNKNOWN_BROKEN python recipes. I'll move to
those in meta-python next.
On Fri, Dec 13, 2024 at 9:15 AM Alexander Kanavin
wrote:
On Thu Dec 12, 2024 at 10:24 PM CET, Hiago De Franco via lists.openembedded.org
wrote:
> From: Hiago De Franco
>
> The kbd package is no longer a hard dependency for weston-init, as
> weston has replaced weston-launch with libseat and logind as its only
> launchers (see [1]). Remove this dependen
On Fri, 13 Dec 2024 at 15:53, Derek Straka wrote:
> Thanks for your note. I’m working through the remaining downstream recipe
> changes today which should address the rest of the UNKNOWN_BROKEN recipes.
>
> While looking at it yesterday, the download packages come primarily in two
> archetypes:
Hi Alex,
Thanks for your note. I’m working through the remaining downstream recipe
changes today which should address the rest of the UNKNOWN_BROKEN recipes.
While looking at it yesterday, the download packages come primarily in two
archetypes:
1. Those that replace ‘_’ with ‘-‘ in the source ar
On Thu, Dec 12, 2024 at 11:44 AM Adrian Freihofer via lists.openembedded.org
wrote:
> From: Adrian Freihofer
>
> Support of images with different network management implementations
> without having to recompile systemd and other components.
>
> Fedora does this as well since systemd version 246.
systemd.inc is used by systemd, systemd-boot and
systemd-tools-native recipes so make sure all
match to "systemd" product in CVE database. The
split between systemd, systemd-boot and
systemd-tools-native is specific to oe-core and
upstream just refers to systemd. Not limiting
to "systemd_project" v
Hi,
On Fri, Dec 13, 2024 at 12:14:54PM +, Marko, Peter wrote:
> For historical reasons, we should not limit the check to systemd_project
> vendor.
>
> sqlite> select vendor, product, count(*) from products where product =
> 'systemd' group by vendor, product;
> linux|systemd|1
> systemd_pro
For historical reasons, we should not limit the check to systemd_project vendor.
sqlite> select vendor, product, count(*) from products where product =
'systemd' group by vendor, product;
linux|systemd|1
systemd_project|systemd|106
sqlite> select * from products where vendor = 'linux' and product
systemd.inc is used by systemd, systemd-boot and
systemd-tools-native recipes so make sure all
match to "systemd_project:systemd" vendor and product
in CVE database. The split between systemd, systemd-boot
and systemd-tools-native is specific to oe-core and
upstream just refers to systemd.
Signed-
On Thu, 2024-12-12 at 16:55 +0100, Adrian Freihofer via lists.openembedded.org
wrote:
> v2 fixes the build warning
>
> First of all, this patch series fixes a bug in systemd.bbclass that
> forces service files with an Also= relationship to be in the same
> package. This may often be the case, but
From: Archana Polampalli
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame
function within libavcodec/rkmppdec.c.
Signed-off-by: Archana Polampalli
---
.../ffmpeg/ffmpeg/CVE-2024-35368.patch| 41 +++
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1
From: Archana Polampalli
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c,
static const vec_s8 h_subpel_filters_outer
Signed-off-by: Archana Polampalli
---
.../ffmpeg/ffmpeg/CVE-2024-35367.patch| 47 +++
.../recipes-multimedia/ffmpeg/ffmpeg_6.
From: Archana Polampalli
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain
options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/scarthgap-1-3-ffmpeg-fix-CVE-2024-35366.patch
FAIL: test Upstream-Status presence: Added patch file is missing
Ups
From: Archana Polampalli
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame
function within libavcodec/rkmppdec.c.
Signed-off-by: Archana Polampalli
---
.../ffmpeg/ffmpeg/CVE-2024-35368.patch| 42 +++
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1
From: Archana Polampalli
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c,
static const vec_s8 h_subpel_filters_outer
Signed-off-by: Archana Polampalli
---
.../ffmpeg/ffmpeg/CVE-2024-35367.patch| 48 +++
.../recipes-multimedia/ffmpeg/ffmpeg_6.
From: Archana Polampalli
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain
options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted
From: Jiaying Song
Insufficient validation of filenames against control characters in
Apache Subversion repositories served via mod_dav_svn allows
authenticated users with commit access to commit a corrupted revision,
leading to disruption for users of the repository. All versions of
Subversion u
On Thu, 12 Dec 2024 at 19:56, Derek Straka via lists.openembedded.org
wrote:
> Update the UPSTREAM_CHECK_URI to leverage the simple repo API. The
> project URLs require javascript which breaks the version checking fetch
> and subsequent logic. The simple repo API provides similar
> functionalit
30 matches
Mail list logo
