From: Vijay Anusuri
Includes security fix
* CVE-2025-26594
* CVE-2025-26595
* CVE-2025-26596
* CVE-2025-26597
* CVE-2025-26598
* CVE-2025-26599
* CVE-2025-26600
* CVE-2025-26601
Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
https://lists.x.org/ar
On Tue, 2025-01-21 at 09:12 +0100, Jan Strater-Büddefeld via
lists.openembedded.org wrote:
Fixes [YOCTO #15579]
This commit removes the LD_LIBRARY_PATH wrapper around `cargo`.
Setting the LD_LIBRARY_PATH causes many problems.
Some build scripts will not run because the build scripts execute
bin
gentle ping for styhead...
> -Original Message-
> From: Marko, Peter (FT D EU SK BFS1)
> Sent: Wednesday, February 12, 2025 18:39
> To: openembedded-core@lists.openembedded.org
> Cc: Marko, Peter (FT D EU SK BFS1)
> Subject: [OE-core][scarthgap][styhead][PATCH] subversion: ignore CVE-202
From: Vijay Anusuri
Includes security fix
* CVE-2025-26594
* CVE-2025-26595
* CVE-2025-26596
* CVE-2025-26597
* CVE-2025-26598
* CVE-2025-26599
* CVE-2025-26600
* CVE-2025-26601
Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
https://lists.x.org/ar
Fixes [YOCTO #15579]
Fixes [YOCTO #15735]
This commit removes the LD_LIBRARY_PATH wrapper around 'cargo'.
Setting the LD_LIBRARY_PATH causes many problems.
Some build scripts will not run because the build scripts execute
binaries from the host system that are not compatible with the target
librar
On Wed, Feb 26, 2025 at 8:07 AM Colin McAllister via
lists.openembedded.org
wrote:
>
> Adds tag for downstream users of Poky to accept risk for CVEs.
>
> Signed-off-by: Colin Pinnell McAllister
> ---
> Upcoming cybersecurity regulations allow for CVEs to be accepted on a
> risk basis. This tag wi
roman-numerals-py is a module providing utilities for working with
well-formed Roman numerals. python3-sphinx relies on this now, so add it
as a recipe.
Signed-off-by: Trevor Gamblin
---
meta/conf/distro/include/maintainers.inc | 1 +
.../python/python3-roman-numerals-py_3.1.0.bb
This update is required for latest versions of packages such as sphinx
to build with flit, otherwise you encounter errors like:
| File
"/home/tgamblin/workspace/yocto/poky/build/tmp/work/core2-64-poky-linux/python3-sphinx/8.2.1/recipe-sysroot-native/usr/lib/python3.13/site-packages/flit_core/co
Changelog: https://www.sphinx-doc.org/en/master/changes/8.2.html
License-Update: Update copyright year
Add roman-numerals-py to RDEPENDS to avoid the following error:
| sphinx.errors.ExtensionError: Could not import extension
sphinx.builders.latex (exception: No module named 'roman_numerals
Patch '0001-respect-GIT_CEILING_DIRECTORIES.patch' is no longer required
as it's upstream in 979d79301da6.
Changelog (https://github.com/pypa/setuptools-scm/blob/main/CHANGELOG.md):
Added
- fix #960: add a --force-write-version-files flag for the cli
Changed
- fix #950: ensure to pass en
On Wed, Feb 26, 2025 at 4:20 AM Zoltan Boszormenyi via
lists.openembedded.org wrote:
> Rely on host-provided coreutils and make.
>
What is the reason to do so ?
> openssl-native is not needed either, as the build scripts
> use crypto functionality via python.
>
> Python 3.11+ is needed by the
On 26 Feb 2025, at 17:41, Khem Raj wrote:
> On Wed, Feb 26, 2025 at 4:20 AM Zoltan Boszormenyi via lists.openembedded.org
> wrote:
> Rely on host-provided coreutils and make.
>
> What is the reason to do so ?
I think you misunderstood: this is making the recipe use make and coreutils
from hos
From: Vijay Anusuri
Upstream-Status: Backport
https://github.com/curl/curl/commit/9bee39bfed2c413b4cc4eb306a57ac92a1854907
& https://github.com/curl/curl/commit/e9b9bbac22c26cf6731 &
https://github.com/curl/curl/commit/9fce2c55d4b0273ac99
Reference:
https://curl.se/docs/CVE-2024-11053.html
http
Due to some musl build issues with 2025.01.0, we skip this version and
move forward to 2025.02.0 directly.
Changes in 2025.01.0
* Added LLVM/Clang support for the sandbox architecture.
* Enabled command execution from the sandbox command line.
* Improved TFTP with dentry cach
The patch was removed from SRC_URI but not deleted from the directory
tree.
Fixes: 3291a8fa ("barebox: upgrade 2024.10.0 -> 2024.12.0")
Signed-off-by: Enrico Jörns
---
...0001-lib-lz4-use-lz4-instead-of-lz4c.patch | 35 ---
1 file changed, 35 deletions(-)
delete mode 100644
met
Am Montag, dem 27.01.2025 um 21:01 +0100 schrieb Ahmad Fatoum:
> On 27.01.25 20:06, Khem Raj wrote:
> > On Mon, Jan 27, 2025 at 7:40 AM Enrico Jörns via
> > lists.openembedded.org
> > wrote:
> > >
> > > Changes:
> > >
> > > * Added LLVM/Clang support for the sandbox architecture.
> > > * Enabled
Adds tag for downstream users of Poky to accept risk for CVEs.
Signed-off-by: Colin Pinnell McAllister
---
Upcoming cybersecurity regulations allow for CVEs to be accepted on a
risk basis. This tag will allow consumers of Poky to mark CVEs as
ignored with this tag, which will help when feeding cv
> On 19 Feb 2025, at 18:51, Fabio Estevam via lists.openembedded.org
> wrote:
> +Subject: [PATCH v4 mtd-utils 3/4] configure.ac: Add a check for execinfo and
> backtrace
> +
> +musl relies on an external execinfo library to provide backtrace
> +functionality. If musl cannot link to libexecinfo
Adds tag for end users to accept risk for CVEs.
Signed-off-by: Colin Pinnell McAllister
---
Upcoming cybersecurity regulations allow for CVEs to be accepted on a
risk basis. This tag will allow end users to mark CVEs as ignored with
this tag, which will help when feeding cve-check output into com
All,
Please join us for our monthly OpenEmbedded Happy Hour today, Wednesday
February 26 at 2100/9pm UTC (4pm ET/1pm PT).
https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+Feb
0001-automake-Add-default-libtool_tag-to-cppasm.patch was upstreamed in
1.16[1].
0003-build-fix-race-in-parallel-builds.patch wasn't directly applied,
but a fix for the same problem was merged in 1.17[2].
[1] automake dc67b18d "automake: Add default libtool_tag to cppasm"
[2] automake 5d022858 "b
From: Guocai He
Update SRC_URI for tzcode.
Update the http to https in SRC_URI to fix the do_fetch issue.
Signed-off-by: Guocai He
---
meta/recipes-extended/timezone/timezone.inc | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone
From: Guocai He
Update SRC_URI for xz.
The the tarball of xz-.tar.gz has been changed from
https://tukaani.org/xz/xz-.tar.gz to
https://sourceforge.net/projects/lzmautils/files/xz-.tar.gz
Signed-off-by: Guocai He
---
meta/recipes-extended/xz/xz_5.2.6.bb | 2 +-
1 file changed, 1 insertion(+),
call and callee have mismatched types, this patch fixes it
Signed-off-by: Khem Raj
Cc: Randy MacLeod
---
.../0001-NFC-fix-build-failure-100993.patch | 30 +++
.../recipes-devtools/rust/rust-llvm_1.82.0.bb | 4 ++-
2 files changed, 33 insertions(+), 1 deletion(-)
create mode
After the removal of BSD-4-Clause from LICENSE in commit 362435b0aec
(libbsd: Drop licenses that were removed upstream), the licenses for all
packages match the licenses for the recipe. Thus there is no longer any
reason to explicitly specify the package licenses.
Signed-off-by: Peter Kjellerstedt
On 25.02.2025 15:48, Ross Burton wrote:
On 20 Feb 2025, at 15:33, Vyacheslav Yurkov wrote:
Isn't is supposed to be created on first boot?
Yes, ish, but our rootfs is read only at this point:
[7.639766] systemd[1]: System cannot boot: Missing /etc/machine-id and /etc
is mounted read-only
I've sent a new patch with the correct subject line
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#211949):
https://lists.openembedded.org/g/openembedded-core/message/211949
Mute This Topic: https://lists.openembedded.org/mt/43606/21656
Group O
hi
I will make the changes, test it and submit v2 next days!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#211950):
https://lists.openembedded.org/g/openembedded-core/message/211950
Mute This Topic: https://lists.openembedded.org/mt/111381998/216
systemd's sysusers.d/systemd-remote.conf contains the user
"systemd-journal-remote" [1]. This file is currently not part of any
specific package.
To make this match the corresponding USERADD_PARAM:${PN}-journal-remote
for the same user, move the file to the correct package.
This prevents warnings
Remove incorrectly escaped exit value, which causes error handling logic not to
run.
This resolves [YOCTO #15731].
Signed-off-by: Sven Kalmbach
---
meta/classes-recipe/cml1.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/cml1.bbclass b/meta/classes
Hi,
As anyone who attends the weekly engineering sync calls[1] will know, we’re
planning a twice-weekly meeting on zoom to discuss the current patches that are
queued for oe-core master. The process is mostly to step through the patches
that are queued up in master-next, review them, and if fu
From: Jiaying Song
Change the SRC_URI to the correct value due to the following error:
WARNING: boost-native-1.86.0-r0 do_fetch: Checksum failure encountered with
download of
https://boostorg.jfrog.io/artifactory/main/release/1.86.0/source/boost_1_86_0.tar.bz2
- will attempt other sources if a
From: Libo Chen
Update SRC_URI to fix the following error:
WARNING: virglrenderer-native-0.9.1-r0 do_fetch: Failed to fetch URL
git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1,
attempting MIRRORS if available
Signed-off-by: Libo Chen
---
meta/recipes-graphics/virglrenderer/
Rely on host-provided coreutils and make.
openssl-native is not needed either, as the build scripts
use crypto functionality via python.
Python 3.11+ is needed by the python build scripts, which is
ensured by "inherit python3native".
Signed-off-by: Zoltán Böszörményi
---
.../rpm-sequoia/rpm-se
On Wed Feb 26, 2025 at 3:54 AM CET, Trevor Gamblin wrote:
> Changelog: https://www.sphinx-doc.org/en/master/changes/8.2.html
>
> License-Update: Update copyright year
>
> Signed-off-by: Trevor Gamblin
> ---
Hi Trevor,
Thanks for your patch.
I believe this is breaking the btrfs build, we get the
35 matches
Mail list logo
