[OE-core][PATCH v10 4/5] dnf: Set SEQUOIA_CRYPTO_POLICY in wrapped tools

Point to the crypto policy file so dnf can work with signed packages. Signed-off-by: Zoltán Böszörményi --- meta/recipes-devtools/dnf/dnf_4.22.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/dnf/dnf_4.22.0.bb b/meta/recipes-devtools/dnf/dnf_4.22.0.bb index f9d6ea1

[OE-core][PATCH v10 2/5] rpm-sequoia: New recipe for version 1.7.0

rpm 4.20 removed the built-in code to handle signed packages and uses rpm-sequoia as a more feature complete library. Runtime-depend on rpm-sequoia-crypto-policy. Signed-off-by: Zoltán Böszörményi --- meta/conf/distro/include/maintainers.inc | 1 + .../rpm-sequoia/rpm-sequoia-crates.inc

[OE-core][PATCH v10 5/5] oeqa/selftest/cases/signing.py: Re-enable self-test

With all the pieces in place, the self test can be re-enabled. Signed-off-by: Zoltán Böszörményi --- meta/lib/oeqa/selftest/cases/signing.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py in

[OE-core][PATCH v10 3/5] rpm: Set SEQUOIA_CRYPTO_POLICY in wrapped tools

Point to the crypto policy file so RPM signing may work. Signed-off-by: Zoltán Böszörményi --- meta/recipes-devtools/rpm/rpm_4.20.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/rpm/rpm_4.20.0.bb b/meta/recipes-devtools/rpm/rpm_4.20.0.bb index 6c995ff50c..d296c20d

[OE-core][PATCH v10 1/5] rpm-sequoia-crypto-policy: New recipe

This ships a crypto policy file for rpm-sequoia. Signed-off-by: Zoltán Böszörményi --- meta/conf/distro/include/maintainers.inc | 1 + .../0001-Don-t-test-crypto-policies.patch | 52 +++ ...1-Make-xsltproc-settable-as-XSLTPROC.patch | 43 +++ ...002-Don-t-us

Re: [OE-core][PATCH v9 1/5] rpm-sequoia-crypto-policy: New recipe

2025. 02. 07. 11:25 keltezéssel, Richard Purdie írta: On Thu, 2025-02-06 at 12:45 +0100, Zoltan Boszormenyi via lists.openembedded.org wrote: This ships a crypto policy file for rpm-sequoia. Signed-off-by: Zoltán Böszörményi ---  meta/conf/distro/include/maintainers.inc  |  1 +  ...1-Ma

[OE-core] [PATCH] liburcu: add missing header file in uatomic/generic.h

We encountered the following error when building multipath-tools on qemuppc64 platform: | In file included from /build/tmp/work/ppc64p9le-wrs-linux/multipath-tools/0.10.0/recipe-sysroot/usr/include/urcu/uatomic/ppc.h:228, | from /build/tmp/work/ppc64p9le-wrs-linux/multipath-tool

[OE-core][styhead 10/12] libxml-parser-perl: correct SRC_URI

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit b3e44bbf9972968076f06ecac027bd7a2f3fe781) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion

[OE-core][styhead 07/12] linux-yocto/6.6: update to v6.6.74

From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 0372f43ab704 Linux 6.6.74 3f51f8c9d289 net: fix data-races around sk->sk_forward_alloc 7d082fb20aa2 x86/xen: fix SLS mitigation in xen_hypercall_iret() 80d39b50b

[OE-core][styhead 09/12] enchant2: correct SRC_URI and other uris

From: Alexander Kanavin https://github.com/AbiWord/enchant confirms the correct locations. Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 7733aae9c4d3fbaa7d4a3c69dcea3da8e54771e3) Signed-off-by: Steve Sakoman --- meta/recipes-support/enchant/enchant

[OE-core][styhead 08/12] resulttool/store: Fix permissions of logarchive

From: Richard Purdie We want the results directory to be visable to other users, tweak the permissions of the created directory to ensure this is the case. Signed-off-by: Richard Purdie (cherry picked from commit ed9d887e8d71a800db19826264de552f7736dc6a) Signed-off-by: Steve Sakoman --- scrip

[OE-core][styhead 12/12] lrzsz: update SRC_URI to avoid redirect

From: Ross Burton This server redirects to https:, so we might as well avoid the redirect. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 244779cc4d5e46cd3611c73862e653d38c8b99dd) Signed-off-by: Steve Sakoman --- meta

[OE-core][styhead 11/12] oeqa/gitarchive: Fix syntax warning

From: Richard Purdie The backslash characters cause syntax warnings, mark the strings are raw to avoid this. Signed-off-by: Richard Purdie Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit f717f61a37ed83618d054fc4017b5f5386fb2e3c) Signed-off-by: Ste

[OE-core][styhead 05/12] linux-yocto/6.6: update to v6.6.71

From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 843e64492a7e Linux 6.6.71 a6923798e471 x86/hyperv: Fix hv tsc page based sched_clock for hibernation b34e805539da Revert "x86, crash: wrap crash dumping code into cr

[OE-core][styhead 06/12] linux-yocto/6.6: update to v6.6.72

From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: c2e420511612 Linux 6.6.72 ac7f5641e988 drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported 08a2117e83e5 riscv: Fix text patching when IPI are used

[OE-core][styhead 02/12] cve-check: restore CVE_CHECK_SHOW_WARNINGS functionality

From: Peter Marko Commit 05ef4f2a7b225c8d230eaca8d333ffb921729d79 removed this functionality by accident. It was implemented in text exporter, while it should have been a global feature independent on exporter type to avoid such accidental deletion. Signed-off-by: Peter Marko Cc: Marta Rybczyns

[OE-core][styhead 03/12] cve-check: fix cvesInRecord

From: Peter Marko Currently flag cvesInRecord is set to false if all CVEs are ignored or patched. This is inconsistent as it shows false if a CVE was fixed via patch and true if this CVE was fixed by upgrade. In both cases the CVE is valid and was fixed. As I understand this flag, it should say

[OE-core][styhead 00/12] Patch review

Please review this set of changes for styhead and have comments back by end of day Tuesday, February 11 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/976 The following changes since commit a5e7ff4424a68335fc768e49a232a58011a5b160: devtool: id

[OE-core][styhead 04/12] systemd: set CVE_PRODUCT

From: Mikko Rapeli systemd.inc is used by systemd, systemd-boot and systemd-tools-native recipes so make sure all match to "systemd" product in CVE database. The split between systemd, systemd-boot and systemd-tools-native is specific to oe-core and upstream just refers to systemd. Not limiting t

[OE-core][styhead 01/12] libnsl2: set CVE_PRODUCT

From: Ross Burton Our libnsl2 recipe is just libnsl version 2.x, so set the CVE vendor and product pair appropriately as per: https://www.cvedetails.com/version/1177013/Libnsl-Project-Libnsl-2.0.0.html Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit d0e77d3

[OE-core][PATCH] curl: upgrade 8.11.1 -> 8.12.0

From: Peter Marko Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725. License-Update: copyright year refreshed Signed-off-by: Peter Marko --- meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/

[OE-core][PATCH] python3-typogrify: upgrade 2.0.7 -> 2.1.0

License-Update: Update copyright year, attribution bounds The project has changed to using a pyproject.toml with hatchling as the build backend, so change the recipe to match. Changelog (https://github.com/justinmayer/typogrify/releases/tag/2.1.0): - Add ability to select which filters are appli

Re: [OE-core] [PATCH] mesa: upgrade 24.0.7 -> 24.3.4

On Mon, Feb 3 2025 at 12:17:26 +01:00:00, Alexander Kanavin wrote: So you or Dmitry or Markus can play with that and report, we'd be all very interested in a confirmation. I tried to build the intel drivers with mesa-25.0.0-rc2 and without libclc. So far without success. For both intel iris a

[OE-core] Patchtest results for [PATCH] go: Fix to work without gold on aarch64

Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/go-Fix-to-work-without-gold-on-aarch64.patch FAIL: test Signed-off-by presence: A patch file has been added without

[OE-core] [PATCH] go: Fix to work without gold on aarch64

If we remove gold from binutils, go-runtime fails to build. There was a workaround in go to use gold as the nfd linker had a bug. The issue was fixed so backport dropping the workaround fmr upstream. Signed-off-by: Richard Purdie --- meta/recipes-devtools/go/go-1.22.11.inc | 1 + ...5b008

Re: [OE-core] [PATCH] recipes: Drop ld-is-gold support

On Fri, 2025-02-07 at 17:08 +0100, Mathieu Dubois-Briand wrote: > On Thu Feb 6, 2025 at 3:49 PM CET, Richard Purdie via > lists.openembedded.org wrote: > > Gold hasn't seen development in some time and is being dropped from > > binutils > > releases. Drop the small number of special cases for it we

Re: [OE-core] [PATCH] recipes: Drop ld-is-gold support

On Thu Feb 6, 2025 at 3:49 PM CET, Richard Purdie via lists.openembedded.org wrote: > Gold hasn't seen development in some time and is being dropped from binutils > releases. Drop the small number of special cases for it we were carrying. > > Signed-off-by: Richard Purdie > --- Hi Richard, We g

[oe-core][scarthgap][PATCH 2/8] ffmpeg: fix CVE-2024-36613

From: Archana Polampalli FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-

[oe-core][scarthgap][PATCH 6/8] ffmpeg: fix CVE-2024-36619

From: Archana Polampalli FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-36

[oe-core][scarthgap][PATCH 4/8] ffmpeg: fix CVE-2024-36617

From: Archana Polampalli FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-36617.patch| 36 +++ .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | 1 + 2 files changed, 37 insert

[oe-core][scarthgap][PATCH 8/8] gstreamer1.0-rtsp-server: fix CVE-2024-44331

From: Archana Polampalli Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. Signed-off-by: Archana Polampalli --- .../CVE-2024-44331.patch

[oe-core][scarthgap][PATCH 7/8] ffmpeg: fix CVE-2024-35369

From: Archana Polampalli In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, po

[oe-core][scarthgap][PATCH 3/8] ffmpeg: fix CVE-2024-36616

From: Archana Polampalli An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-36616.patch| 35 +++

[oe-core][scarthgap][PATCH 5/8] ffmpeg: fix CVE-2024-36618

From: Archana Polampalli FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-36618.patch| 36

[oe-core][scarthgap][PATCH 1/8] ffmpeg: fix CVE-2024-35365

From: Archana Polampalli FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-35365.patch| 62 +++

[OE-core] [PATCH] dbus: explictly set the path to systemctl

The dbus.socket user unit file calls systemctl, and the meson.build uses find_program() to find the path, falling back to a hardcoded value if it cannot be found. On the initial build the sysroot doesn't contain systemctl (as it is not in the target systemd sysroot), however after the do_package_w

Re: [OE-core] [PATCH] systemd-netlogd: new recipe

On 7 Feb 2025, at 12:06, Rasmus Villemoes via lists.openembedded.org wrote: > > From: Rasmus Villemoes > > In some deployments, the log aggregator collects log messages in the > syslog format, so systemd-journal-upload and friends can not be > used. > > systemd-netlogd is a daemon for filling

[OE-core] [PATCH] systemd-netlogd: new recipe

From: Rasmus Villemoes In some deployments, the log aggregator collects log messages in the syslog format, so systemd-journal-upload and friends can not be used. systemd-netlogd is a daemon for filling that gap. Signed-off-by: Rasmus Villemoes --- .../systemd/systemd-netlogd_1.4.4.bb

[OE-core] [PATCH] b4-wrapper-poky.py: send changes to .b4-config to the poky mailing list

r poky's and not OE-Core's as only poky's is +# stored in poky git repo. +".b4-config", ], } --- base-commit: 136f0edb75d9601a0ae56e025419d3cddfb90219 change-id: 20250207-b4-config-poky-eb9267fb2b09 Best regards

Re: [OE-core][PATCH v9 1/5] rpm-sequoia-crypto-policy: New recipe

On Thu, 2025-02-06 at 12:45 +0100, Zoltan Boszormenyi via lists.openembedded.org wrote: > This ships a crypto policy file for rpm-sequoia. > > Signed-off-by: Zoltán Böszörményi > --- >  meta/conf/distro/include/maintainers.inc  |  1 + >  ...1-Make-xsltproc-settable-as-XSLTPROC.patch | 43 +++

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-5.0.7.rc2)

Hi All, QA for yocto-5.0.7.rc2 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary No high milestone defects. No new issue found. Thanks, Jing Hui > -Or

Re: [OE-core] proposal/plan for taking bitbake-setup into use - official configurations (with guaranteed sstate)

On Thu, 6 Feb 2025 at 16:56, Alexander Kanavin wrote: > 4. How is sstate availability guaranteed? > > There would be an autobuilder job, part of a-full, that would use > bitbake-setup to set up a build matching the branch being tested, and > use that setup to run builds that populate sstate. > > T

[OE-core] [PATCH] Revert "selftest/sstatetests: run CDN mirror check only once"

This reverts commit 0d3901b768272abc2e27ba2ab807dad24917e0cf. We've still having CDN issues so go back to the double attempt to see if this improves things. Signed-off-by: Richard Purdie --- meta/lib/oeqa/selftest/cases/sstatetests.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/l

Re: [PATCH] [OE-core] [PATCH v3] ncurses: Fix install conflict when enable multilib.

On Fri, 7 Feb 2025 at 03:03, Mingyu Wang (Fujitsu) wrote: > I discussed this issue directly with the maintainer through email, so he only > mentioned it in the changelog and did not leave a record of the discussion on > the web. That's ok; generally it's preferred to hold such discussions throu