|
[meta-security][PATCH 1/2] recipes: Use renamed SKIP_RECIPE varFlag
Christian Eggers <ceggers@...>
Signed-off-by: Christian Eggers <ceggers@...>
--- recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +- recipes-security/libest/libest_3.2.0.bb | 2 +- recipes-security/opendnssec/opendnssec_2.1.10.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb index 93cb4431b286..5bb0e3e209f3 100644 --- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -74,4 +74,4 @@ FILES:${PN}-ptest += "${PTEST_PATH}/tests " RDEPENDS:${PN} += " perl nano msmtp cronie" RDEPENDS:${PN}-ptest = " perl lib-perl perl-modules " -PNBLACKLIST[tripwire] ?= "Upsteram project appears to be abondoned, fails to build with gcc11" +SKIP_RECIPE[tripwire] ?= "Upsteram project appears to be abondoned, fails to build with gcc11" diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb index 41a402560165..b4c61654f1c2 100644 --- a/recipes-security/libest/libest_3.2.0.bb +++ b/recipes-security/libest/libest_3.2.0.bb @@ -27,4 +27,4 @@ PACKAGES = "${PN} ${PN}-dbg ${PN}-dev" FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so" # https://github.com/cisco/libest/issues/104 -PNBLACKLIST[libest] ?= "Needs porting to openssl 3.x" +SKIP_RECIPE[libest] ?= "Needs porting to openssl 3.x" diff --git a/recipes-security/opendnssec/opendnssec_2.1.10.bb b/recipes-security/opendnssec/opendnssec_2.1.10.bb index 6b537112c73f..64bacf1ae5d9 100644 --- a/recipes-security/opendnssec/opendnssec_2.1.10.bb +++ b/recipes-security/opendnssec/opendnssec_2.1.10.bb @@ -33,4 +33,4 @@ do_install:append () { RDEPENDS:${PN} = "softhsm" -PNBLACKLIST[opendnssec] ?= "Needs porting to openssl 3.x" +SKIP_RECIPE[opendnssec] ?= "Needs porting to openssl 3.x" -- 2.34.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH 2/2] recipes: Use new CVE_CHECK_IGNORE variable
Christian Eggers <ceggers@...>
Signed-off-by: Christian Eggers <ceggers@...>
--- recipes-mac/smack/smack_1.3.1.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb index 79a8f5a0cde5..7a8ca7859d29 100644 --- a/recipes-mac/smack/smack_1.3.1.bb +++ b/recipes-mac/smack/smack_1.3.1.bb @@ -14,9 +14,9 @@ SRC_URI = " \ PV = "1.3.1" # CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 is valnerble for other product. -CVE_CHECK_WHITELIST += "CVE-2014-0363" -CVE_CHECK_WHITELIST += "CVE-2014-0364" -CVE_CHECK_WHITELIST += "CVE-2016-10027" +CVE_CHECK_IGNORE += "CVE-2014-0363" +CVE_CHECK_IGNORE += "CVE-2014-0364" +CVE_CHECK_IGNORE += "CVE-2016-10027" inherit autotools update-rc.d pkgconfig ptest inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} -- 2.34.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-rockchip][PATCH] layers: Bump to use kirkstone
its not going to be backward ABI compatible with honister due to variable renaming.
Signed-off-by: Khem Raj <raj.khem@...> --- conf/layer.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index 25b0a99..a2661f9 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -14,7 +14,7 @@ BBFILE_PRIORITY_rockchip = "1" # This should only be incremented on significant changes that will # cause compatibility issues with other layers LAYERVERSION_rockchip = "1" -LAYERSERIES_COMPAT_rockchip = "honister" +LAYERSERIES_COMPAT_rockchip = "kirkstone" LAYERDEPENDS_rockchip = "core meta-arm" BBFILES_DYNAMIC += " \ -- 2.35.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Enhancements/Bugs closed WW08!
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Current high bug count owners for Yocto Project 3.5
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Yocto Project Newcomer & Unassigned Bugs - Help Needed
Stephen Jolley
All,
The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading: https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project. If anyone can help, please take ownership of the bug and send patches! If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.
Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 402 unassigned or newcomer bugs.
We're hoping people may be able to spare some time now and again to help out with these. Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system. There are also roughly four different "priority" classes right now, “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.4" and then “3.5”.
Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account). The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OpenEmbedded Happy Hour February 23 9pm/2100 UTC
Denys Dmytriyenko
All,
You are cordially invited to the next OpenEmbedded Happy Hour on February 23 for Asia/Pacific timezones @ 2100/9pm UTC (4pm ET / 1pm PT): https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+February+23&iso=20220223T21 -- Regards, Denys Dmytriyenko <denis@...> PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH 3/3] smack: Use new CVE_CHECK_IGNORE variable
Signed-off-by: Armin Kuster <akuster808@...>
--- recipes-mac/smack/smack_1.3.1.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb index 79a8f5a..7a8ca78 100644 --- a/recipes-mac/smack/smack_1.3.1.bb +++ b/recipes-mac/smack/smack_1.3.1.bb @@ -14,9 +14,9 @@ SRC_URI = " \ PV = "1.3.1" # CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 is valnerble for other product. -CVE_CHECK_WHITELIST += "CVE-2014-0363" -CVE_CHECK_WHITELIST += "CVE-2014-0364" -CVE_CHECK_WHITELIST += "CVE-2016-10027" +CVE_CHECK_IGNORE += "CVE-2014-0363" +CVE_CHECK_IGNORE += "CVE-2014-0364" +CVE_CHECK_IGNORE += "CVE-2016-10027" inherit autotools update-rc.d pkgconfig ptest inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} -- 2.25.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH 2/3] chipsec: fix WARNING
distutils3.bbclass is deprecated, please use setuptools3.bbclass instead
Signed-off-by: Armin Kuster <akuster808@...> --- recipes-security/chipsec/chipsec_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/chipsec/chipsec_git.bb b/recipes-security/chipsec/chipsec_git.bb index e265a08..156be09 100644 --- a/recipes-security/chipsec/chipsec_git.bb +++ b/recipes-security/chipsec/chipsec_git.bb @@ -20,7 +20,7 @@ EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'" DEPENDS = "virtual/kernel nasm-native python3-setuptools-native" RDEPENDS:${PN} += "python3 python3-modules" -inherit module distutils3 +inherit module setuptools3 do_compile:append() { cd ${S}/drivers/linux -- 2.25.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH 1/3] recipes: Use renamed SKIP_RECIPE varFlag
Signed-off-by: Armin Kuster <akuster808@...>
--- recipes-ids/tripwire/tripwire_2.4.3.7.bb | 2 +- recipes-security/libest/libest_3.2.0.bb | 2 +- recipes-security/opendnssec/opendnssec_2.1.10.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/recipes-ids/tripwire/tripwire_2.4.3.7.bb index 93cb443..5bb0e3e 100644 --- a/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -74,4 +74,4 @@ FILES:${PN}-ptest += "${PTEST_PATH}/tests " RDEPENDS:${PN} += " perl nano msmtp cronie" RDEPENDS:${PN}-ptest = " perl lib-perl perl-modules " -PNBLACKLIST[tripwire] ?= "Upsteram project appears to be abondoned, fails to build with gcc11" +SKIP_RECIPE[tripwire] ?= "Upsteram project appears to be abondoned, fails to build with gcc11" diff --git a/recipes-security/libest/libest_3.2.0.bb b/recipes-security/libest/libest_3.2.0.bb index 41a4025..b4c6165 100644 --- a/recipes-security/libest/libest_3.2.0.bb +++ b/recipes-security/libest/libest_3.2.0.bb @@ -27,4 +27,4 @@ PACKAGES = "${PN} ${PN}-dbg ${PN}-dev" FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so" # https://github.com/cisco/libest/issues/104 -PNBLACKLIST[libest] ?= "Needs porting to openssl 3.x" +SKIP_RECIPE[libest] ?= "Needs porting to openssl 3.x" diff --git a/recipes-security/opendnssec/opendnssec_2.1.10.bb b/recipes-security/opendnssec/opendnssec_2.1.10.bb index 6b53711..64bacf1 100644 --- a/recipes-security/opendnssec/opendnssec_2.1.10.bb +++ b/recipes-security/opendnssec/opendnssec_2.1.10.bb @@ -33,4 +33,4 @@ do_install:append () { RDEPENDS:${PN} = "softhsm" -PNBLACKLIST[opendnssec] ?= "Needs porting to openssl 3.x" +SKIP_RECIPE[opendnssec] ?= "Needs porting to openssl 3.x" -- 2.25.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
extract several source tree with devtool
Julien STEPHAN
Hi all, I am wondering if it is possible to extract both a git repo and a tarball using devtool modify? Example: I am trying to use devtool modify on tensorflow-lite recipe (https://git.yoctoproject.org/meta-tensorflow/tree/recipes-framework/tensorflow/tensorflow_2.6.1.bb). The `tensorflow.inc` file fetches the tensorflow repository using git, then `tensorflow_2.6.1.bb` fetches 2 tarballs. The tarballs are extracted inside WORKDIR then files are installed inside the do_install() function. This is running correctly using `bitbake tensorflow`. When using `devtool modify tensorflow`, the tarballs are not extracted, then I get an error at the do_install stage: files from tarball don't exist. This is a general question not related to tensorflow. Any suggestions on how to handle this? Either on the recipe side or on the devtool side? Best Julien
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: coreutils-native-8.32-r0 do_configure: configure failed
Ross Burton <ross@...>
On Mon, 21 Feb 2022 at 13:14, Sourabh Hegde <hrsourabh011@...> wrote:
configure: error: you should not run configure as root (set FORCE_UNSAFE_CONFIGURE=1 in environment to bypass this check)Are you running bitbake as root? Ross
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
coreutils-native-8.32-r0 do_configure: configure failed
Sourabh Hegde
Hello All,
I am facing an issue while building images for Raspberry Pi CM4. Earlier I was working with Dunfell release and now upgraded to Honister. And now I am getting an error like: . . checking whether mkdir handles trailing slash... yes checking whether mkdir handles trailing dot... yes checking for mkfifo... yes checking whether mkfifo rejects trailing slashes... yes checking whether mknod can create fifo without root privileges... configure: error: in `/home/raspcm4/build-rauc/tmp-glibc/work/x86_64-linux/coreutils-native/8.32-r0/build': configure: error: you should not run configure as root (set FORCE_UNSAFE_CONFIGURE=1 in environment to bypass this check) See `config.log' for more details NOTE: The following config.log files may provide further information. NOTE: /home/raspcm4/build-rauc/tmp-glibc/work/x86_64-linux/coreutils-native/8.32-r0/build/config.log ERROR: configure failed WARNING: exit code 1 from a shell command. . . I have set "export FORCE_UNSAFE_CONFIGURE=1" but still getting same error. I am building from "/home/ dir and not "/root/" dir. Can someone please let me know how to resolve this issue? Your help will be much appreciated. Thanks in advance.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [oe] Inclusive Language Proposal for YP/OE
Marta Rybczynska
On Mon, Jan 24, 2022 at 5:18 PM Jon Mason <jdmason@...> wrote: CVE_CHECK_PN_WHITELIST -> CVE_CHECK_SKIPRECIPE When running master-next I have found one missing rename, cve-check has "CVE STATUS" result which is still Patched, Unpatched, Whitelisted. I propose to rename Whitelisted to Ignored to be in-line with the variable rename. Is there anyone using the states in scripting or other tools today? Marta
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[ANNOUNCEMENT] Yocto Project 3.4.2 (honister) is Released
Lee Chee Yang
Hi We are pleased to announce the Yocto Project 3.4.2 Release is now available for download.
A gpg signed version of these release notes is available at:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/RELEASENOTES
Full Test Report:
http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/testreport.txt
Thank you for everyone's contributions to this release.
Chee Yang Lee Yocto Project Build and Release - -------------------------- yocto-3.4.2 Release Notes - --------------------------
- -------------------------- Repositories/Downloads - --------------------------
Repository Name: poky Repository Location: https://git.yoctoproject.org/git/poky Branch: honister Tag: yocto-3.4.2 Git Revision: e0ab08bb6a32916b457d221021e7f402ffa36b1a Release Artefact: poky-e0ab08bb6a32916b457d221021e7f402ffa36b1a sha: 8580dc5067ee426fe347a0d0f7a74c29ba539120bbe8438332339a9c8bce00fd Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/poky-e0ab08bb6a32916b457d221021e7f402ffa36b1a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.4.2/poky-e0ab08bb6a32916b457d221021e7f402ffa36b1a.tar.bz2
Repository Name: openembedded-core Repository Location: https://git.openembedded.org/openembedded-core Branch: honister Tag: yocto-3.4.2 Git Revision: 418a9c4c31615a9e3e011fc2b21fb7154bc6c93a Release Artefact: oecore-418a9c4c31615a9e3e011fc2b21fb7154bc6c93a sha: f2ca94a5a7ec669d4c208d1729930dfc1b917846dbb2393d01d6d5856fcbc6de Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/oecore-418a9c4c31615a9e3e011fc2b21fb7154bc6c93a.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.4.2/oecore-418a9c4c31615a9e3e011fc2b21fb7154bc6c93a.tar.bz2
Repository Name: meta-mingw Repository Location: https://git.yoctoproject.org/git/meta-mingw Branch: honister Tag: yocto-3.4.2 Git Revision: f5d761cbd5c957e4405c5d40b0c236d263c916a8 Release Artefact: meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8 sha: d4305d638ef80948584526c8ca386a8cf77933dffb8a3b8da98d26a5c40fcc11 Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.4.2/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2
Repository Name: meta-gplv2 Repository Location: https://git.yoctoproject.org/git/meta-gplv2 Branch: honister Tag: yocto-3.4.2 Git Revision: f04e4369bf9dd3385165281b9fa2ed1043b0e400 Release Artefact: meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400 sha: ef8e2b1ec1fb43dbee4ff6990ac736315c7bc2d8c8e79249e1d337558657d3fe Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.4.2/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2
Repository Name: bitbake Repository Location: https://git.openembedded.org/bitbake Branch: honister Tag: yocto-3.4.2 Git Revision: c039182c79e2ccc54fff5d7f4f266340014ca6e0 Release Artefact: bitbake-c039182c79e2ccc54fff5d7f4f266340014ca6e0 sha: bd80297f8d8aa40cbcc8a3d4e23a5223454b305350adf34cd29b5fb65c1b4c52 Download Locations: http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.2/bitbake-c039182c79e2ccc54fff5d7f4f266340014ca6e0.tar.bz2 http://mirrors.kernel.org/yocto/yocto/yocto-3.4.2/bitbake-c039182c79e2ccc54fff5d7f4f266340014ca6e0.tar.bz2
Repository Name: yocto-docs Repository Location: https://git.yoctoproject.org/git/yocto-docs Branch: honister Tag: yocto-3.4.2 Git Revision: 3061d3d62054a5c3b9e16bfce4bcd186fa7a23d2
- --------------- Contributors - --------------- Alexander Kanavin Alexandre Belloni Anton Mikanovich Anuj Mittal Bruce Ashfield Carlos Rafael Giani Chaitanya Vadrevu Changqing Li Dhruva Gole Florian Amstutz Joshua Watt Kai Kang Khairul Rohaizzat Jamaluddin Khem Raj Konrad Weihmann Kory Maincent Li Wang Marek Vasut Markus Volk Martin Jansa Max Krummenacher Michael Opdenacker Mingli Yu Oleksiy Obitotskyy Pavel Zhukov Peter Kjellerstedt Pgowda Quentin Schulz Richard Purdie Robert Yang Ross Burton Rudolf J Streif Sakib Sajal Samuli Piippo Schmidt, Adriaan Stefan Herbrechtsmeier Steve Sakoman Sundeep KOKKONDA Teoh Jay Shen Thomas Perrot Tim Orling Vyacheslav Yurkov Yongxin Liu pgowda wangmy
- --------------- Known Issues - --------------- N/A
- --------------- Security Fixes - --------------- tiff: backport fix for CVE-2022-22844 glibc : Fix CVE-2021-3999 glibc : Fix CVE-2021-3998 glibc : Fix CVE-2022-23219 glibc : Fix CVE-2022-23218 lighttpd: backport a fix for CVE-2022-22707 speex: fix CVE-2020-23903 linux-yocto/5.10: amdgpu: updates for CVE-2021-42327 libsndfile1: fix CVE-2021-4156 xserver-xorg: whitelist two CVEs grub2: fix CVE-2021-3981 xserver-xorg: update CVE_PRODUCT binutils: CVE-2021-42574 gcc: Fix CVE-2021-42574 gcc: Fix CVE-2021-35465 cve-extra-exclusions: add db CVEs to exclusion list gcc: Add CVE-2021-37322 to the list of CVEs to ignore bind: fix CVE-2021-25219 openssh: fix CVE-2021-41617 ncurses: fix CVE-2021-39537 vim: fix CVE-2021-3968 and CVE-2021-3973 vim: fix CVE-2021-3927 and CVE-2021-3928 gmp: fix CVE-2021-43618
- --------------- Fixes - --------------- build-appliance-image: Update to honister head revision poky.conf: bump version for 3.4.2 release libxml2: Backport python3-lxml workaround patch core-image-sato-sdk: allocate more memory when in qemu vim: upgrade to patch 4269 vim: update to include latest CVE fixes expat: upgrade to 2.4.4 libusb1: correct SRC_URI yocto-check-layer: add debug output for the layers that were found linux-firmware: Add CLM blob to linux-firmware-bcm4373 package linux-yocto/5.10: update to v5.10.93 icu: fix make_icudata dependencies sstate: Improve failure to obtain archive message/handling insane.bbclass: Correct package_qa_check_empty_dirs() sstate: A third fix for for touching files inside pseudo kernel: introduce python3-dtschema-wrapper vim: upgrade to 8.2 patch 3752 bootchart2: Add missing python3-math dependency socat: update SRC_URI pigz: fix one failure of command "unpigz -l" linux-yocto/5.14: update genericx86* machines to v5.14.21 linux-yocto/5.10: update genericx86* machines to v5.10.87 go: upgrade 1.16.10 -> 1.16.13 linux-yocto/5.10/cfg: add kcov feature fragment linux-yocto/5.14: fix arm 32bit -rt warnings oeqa/sstate: Fix allarch samesigs test rootfs-postcommands.bbclass: Make two comments use the new variable syntax cve-check: add lockfile to task lib/oe/reproducible: correctly set .git location when recursively looking for git repos epiphany: Update 40.3 -> 40.6 scripts/buildhistory-diff: drop use of distutils scripts: Update to use exec_module() instead of load_module() vulkan-loader: inherit pkgconfig webkitgtk: Add reproducibility fix openssl: Add reproducibility fix rpm: remove tmp folder created during install package_manager: ipk: Fix host manifest generation bitbake: utils: Update to use exec_module() instead of load_module() linux-yocto: add libmpc-native to DEPENDS ref-manual: fix patch documentation bitbake: tests/fetch: Drop gnu urls from wget connectivity test bitbake: fetch: npm: Use temporary file for empty user config bitbake: fetch: npm: Quote destdir in run chmod command bitbake: process: Do not mix stderr with stdout xserver-xorg: upgrade 1.20.13 -> 1.20.14 python3-pyelftools: Depend on debugger, pprint linux-firmware: upgrade 20211027 -> 20211216 oeqa/selftest/bbtests: Use YP sources mirror instead of GNU systemd: Fix systemd-journal-gateway user/groups license.bbclass: implement ast.NodeVisitor.visit_Constant oe/license: implement ast.NodeVisitor.visit_Constant packagedata.py: silence a DeprecationWarning uboot-sign: fix the concatenation when multiple U-BOOT configurations are specified runqemu: check the qemu PID has been set before kill()ing it selftest/devtool: Check branch in git fetch recipetool: Set master branch only as fallback kern-tools: bug fixes and kgit-gconfig linux-yocto-rt/5.10: update to -rt56 linux-yocto/5.14: update to v5.14.21 python3: upgrade 3.9.7 -> 3.9.9 bitbake: lib/pyinotify.py: Remove deprecated module asyncore updates for recent releases libdrm: upgrade 2.4.108 -> 2.4.109 patch.py: Initialize git repo before patching boost: Fix build on arches with no atomics boost: allow searching for python310 recipetool: extend curl detection when creating recipes recipetool: handle GitLab URLs like we do GitHub README.OE-Core.md: update URLs libtool: change the default AR_FLAGS from "cru" to "cr" libtool: Update patchset to match those submitted upstream scripts/checklayer/common.py: Fixed a minor grammatical error oeqa/parselogs: Fix quoting oeqa/utils/dump: Fix typo systemd: update 249.6 -> 249.7 glibc: Fix i586/c3 support wic: support rootdev identified by partition label buildhistory: Fix srcrevs output classes/crate-fetch: Ensure crate fetcher is available rootfs-postcommands: update systemd_create_users classes/meson: Add optional rust definitions rust-cross: Replace TARGET_ARCH with TUNE_PKGARCH maintainers.inc: fix up rust-cross entry rust-cross: Fix directory not deleted for race glibc vs. musl wic: use shutil.which bitbake: data_smart.py: Skip old override syntax checking for anonymous functions documentation: conf.py: fix version of bitbake objects.inv updates for release 3.3.4
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH] layer.conf: Update to use kirkstone
Update the layers to use the kirkstone namespace. No compatibility is made
for honister due to the variable renaming. Signed-off-by: Armin Kuster <akuster808@...> --- conf/layer.conf | 2 +- meta-hardening/conf/layer.conf | 2 +- meta-integrity/conf/layer.conf | 2 +- meta-parsec/conf/layer.conf | 2 +- meta-security-compliance/conf/layer.conf | 2 +- meta-security-isafw/conf/layer.conf | 2 +- meta-tpm/conf/layer.conf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/conf/layer.conf b/conf/layer.conf index ad9da56..1f83593 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "security" BBFILE_PATTERN_security = "^${LAYERDIR}/" BBFILE_PRIORITY_security = "8" -LAYERSERIES_COMPAT_security = "honister" +LAYERSERIES_COMPAT_security = "kirkstone" LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python" diff --git a/meta-hardening/conf/layer.conf b/meta-hardening/conf/layer.conf index 1cd6f4f..bc33d97 100644 --- a/meta-hardening/conf/layer.conf +++ b/meta-hardening/conf/layer.conf @@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer" BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_harden-layer = "10" -LAYERSERIES_COMPAT_harden-layer = "honister" +LAYERSERIES_COMPAT_harden-layer = "kirkstone" LAYERDEPENDS_harden-layer = "core openembedded-layer" diff --git a/meta-integrity/conf/layer.conf b/meta-integrity/conf/layer.conf index e9446e6..3d58be4 100644 --- a/meta-integrity/conf/layer.conf +++ b/meta-integrity/conf/layer.conf @@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}' # interactive shell is enough. OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" -LAYERSERIES_COMPAT_integrity = "honister" +LAYERSERIES_COMPAT_integrity = "kirkstone" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" diff --git a/meta-parsec/conf/layer.conf b/meta-parsec/conf/layer.conf index 2eeb71b..19900bb 100644 --- a/meta-parsec/conf/layer.conf +++ b/meta-parsec/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "parsec-layer" BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_parsec-layer = "5" -LAYERSERIES_COMPAT_parsec-layer = "honister" +LAYERSERIES_COMPAT_parsec-layer = "kirkstone" LAYERDEPENDS_parsec-layer = "core clang-layer tpm-layer" BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec" diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf index ec4fd47..7c07625 100644 --- a/meta-security-compliance/conf/layer.conf +++ b/meta-security-compliance/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer" BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_scanners-layer = "10" -LAYERSERIES_COMPAT_scanners-layer = "honister" +LAYERSERIES_COMPAT_scanners-layer = "kirkstone" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" diff --git a/meta-security-isafw/conf/layer.conf b/meta-security-isafw/conf/layer.conf index 86b0d4b..e8cdc1b 100644 --- a/meta-security-isafw/conf/layer.conf +++ b/meta-security-isafw/conf/layer.conf @@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1" LAYERDEPENDS_security-isafw = "core" -LAYERSERIES_COMPAT_security-isafw = "honister" +LAYERSERIES_COMPAT_security-isafw = "kirkstone" diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf index b00dd3c..52e3ee0 100644 --- a/meta-tpm/conf/layer.conf +++ b/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "honister" +LAYERSERIES_COMPAT_tpm-layer = "kirkstone" LAYERDEPENDS_tpm-layer = " \ core \ -- 2.25.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Question: Derivative SDK using extensible SDK will produce an eSDK?
Miranda Miguel A
Hi everyone, my team is working on generating a derivative SDK just as it is showed in documentation(https://www.yoctoproject.org/docs/2.1/sdk-manual/sdk-manual.html#sdk-creating-a-derivative-sdk-with-...)
but it is a little bit confusing when it use the SDK word to refer to eSDK instead. From build-sdk command commit https://git.yoctoproject.org/poky/commit/scripts/lib/devtool/build_sdk.py?id=25d9c4e02a90b1fd8c6a203... we
can see that build-sdk is intended to produce an extensible SDK(eSDK) instead of a SDK. so my question is, buid-sdk should produce both eSDK and SDK or just eSDK?
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[PATCH] meta-poky: Update BB_DISKMON_DIRS use
Scott Murray
Update the example BB_DISKMON_DIRS definitions in the sample
local.conf files for the rename of the "ABORT" action to "HALT". Signed-off-by: Scott Murray <scott.murray@...> --- meta-poky/conf/local.conf.sample | 10 +++++----- meta-poky/conf/local.conf.sample.extended | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/meta-poky/conf/local.conf.sample b/meta-poky/conf/local.conf.sample index dc78919..55e90e0 100644 --- a/meta-poky/conf/local.conf.sample +++ b/meta-poky/conf/local.conf.sample @@ -184,7 +184,7 @@ PATCHRESOLVE = "noop" # # Monitor the disk space during the build. If there is less that 1GB of space or less # than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully -# shutdown the build. If there is less than 100MB or 1K inodes, perform a hard abort +# shutdown the build. If there is less than 100MB or 1K inodes, perform a hard halt # of the build. The reason for this is that running completely out of space can corrupt # files and damages the build in ways which may not be easily recoverable. # It's necessary to monitor /tmp, if there is no space left the build will fail @@ -194,10 +194,10 @@ BB_DISKMON_DIRS ??= "\ STOPTASKS,${DL_DIR},1G,100K \ STOPTASKS,${SSTATE_DIR},1G,100K \ STOPTASKS,/tmp,100M,100K \ - ABORT,${TMPDIR},100M,1K \ - ABORT,${DL_DIR},100M,1K \ - ABORT,${SSTATE_DIR},100M,1K \ - ABORT,/tmp,10M,1K" + HALT,${TMPDIR},100M,1K \ + HALT,${DL_DIR},100M,1K \ + HALT,${SSTATE_DIR},100M,1K \ + HALT,/tmp,10M,1K" # # Shared-state files from other locations diff --git a/meta-poky/conf/local.conf.sample.extended b/meta-poky/conf/local.conf.sample.extended index 8a38454..1e3699e 100644 --- a/meta-poky/conf/local.conf.sample.extended +++ b/meta-poky/conf/local.conf.sample.extended @@ -195,7 +195,7 @@ DISTRO_FEATURES:remove = "x11" # "action,directory,minimum_space,minimum_free_inode" # # The "action" must be set and should be one of: -# ABORT: Immediately abort +# HALT: Immediately halt # STOPTASKS: The new tasks can't be executed any more, will stop the build # when the running tasks have been done. # WARN: show warnings (see BB_DISKMON_WARNINTERVAL for more information) -- 2.35.1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Minutes: Yocto Project Weekly Triage Meeting 2/17/2022
Trevor Gamblin
Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage Attendees: Alejandro, Alexandre, Bruce, Daiane,
Jan-Simon, Joshua, Michael, Pavel, Randy, Richard, Saul,
Stephen, Steve, Tim, Trevor ARs: N/A Notes:
- ~43% of AB workers have been switched to SSDs. Failure rate appears lower, but still TBD Medium+ 3.5 Unassigned Enhancements/Bugs: 78 (Last week
79) AB Bugs: 73
(Last week 73)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.4.2.rc2)
Teoh, Jay Shen
Hi All,
toggle quoted messageShow quoted text
This is the full report for yocto-3.4.2.rc2: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults ======= Summary ======== No high milestone defects. No new issue found. Thanks, Jay
-----Original Message-----
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|