Thank you all for your answers BR Den fre 4 feb. 2022 kl 16:29 skrev Mikko Rapeli <mikko.rapeli@...>:

merged to hardknott. Bruce In message: [meta-virtualization] [hardknott][PATCH] libvirt: fix CVE-2021-3975 on 29/01/2022 Changqing Li wrote:

merged to master. Bruce In message: [meta-virtualization][PATCH v2] openvswitch: uprev from v2.15.1 to v2.15.3 on 28/01/2022 He Zhe wrote:

merged. Bruce In message: [meta-virtualization] [PATCH] libibverbs: update LICENSE on 04/02/2022 Ross Burton wrote:

merged to hardknott. Bruce In message: [meta-virtualization][hardknott][PATCH v2] openvswitch: uprev from v2.15.0 to v2.15.3 on 28/01/2022 He Zhe wrote:

Hi, While this would work, I can't recommend using meta-gplv2 as it contains unmaintained SW versions. Just configure the build to avoid GPLv3 via distro config, e.g. INCOMPATIBLE_LICENSE_append +=

I think this is a situation where https://layers.openembedded.org/layerindex/branch/master/layer/meta-gplv2/ might come in handy, together with something like PREFERRED_VERSION_bash ?= "3.2.%" in

ermmm no... my understanding is if a device is bootlocked.. grub or secure-boot, then the vendor only needs to provide a way a client having ownership of the device can make, rebuild, duplicate,

Hi, Thanks for your reply. The customer is currently using Thud. You confirm our current findings so thanks. We are looking into removing lxc and will then see what else is needed to see if we can

Hi, Well, does GPLv3 not require that a customer should be able to build the GPLv3 like bash and deploy it to the target? It is not directly secure-boot but the customer has a boot up sequence that

Okay, wait, why does enabling secure-boot prevent including GPLv3 packages?? Ive never heard this before.

Those shouldn't be coming directly from the docker dependencies, but of course packages that it depends on, may pull other dependencies, etc. What branch are you using ? If you look at docker.inc in

As per COPYING, this is BSD-2-Clause or GPLv2. Signed-off-by: Ross Burton <ross.burton@...> --- recipes-extended/libibverbs/libibverbs_1.2.1.bb | 2 +- 1 file changed, 1 insertion(+), 1

Hi, A client of mine wants to have docker on it's product and they are having secure boot enabled which prevents us from having any GPLv3 licensed code on the target. We have successfully managed to

Thanks for the update, the series is now applied. Bruce In message: [meta-virtualization][meta-cloud-services][PATCH 6/8] python3-termcolor: inherit setuptools3 not distutils on 19/01/2022 wangmy

From: Changqing Li <changqing.li@...> Signed-off-by: Changqing Li <changqing.li@...> --- .../libvirt/libvirt/CVE-2021-3975.patch | 43 +++++++++++++++++++

commits short logs: e4d2df62e (tag: v2.15.3) Set release date for 2.15.3. b8baa1141 python: Add cooperative_yield() API method to Idl. 7834abc66 ofproto-dpif-xlate: Snoop ingress packets and update

Drop the following backported patch. 0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch commits short logs: e4d2df62e (tag: v2.15.3) Set release date for 2.15.3. b8baa1141 python: Add

Just a heads up that a full round of updates are pending for a lot of packages. I've been stuck working with the latest go, and the fact that more projects have dropped their vendor'd dependencies. So

OVS is one of the upgrades that has traditionally caused us issues. Can we capture the shortlogs of the commits that are part of the update ? And a log of the basic tests ? (if you search the