This release is primarily to fix two CVEs: - CVE-2021-28544 - CVE-2022-24070 It also rewrites the macOS autoconf macros to be cross-compile friendly, so we don't need to delete them

Backport a submitted patch to fix CVE-2022-1304. Signed-off-by: Ross Burton <ross.burton@...> --- .../e2fsprogs/e2fsprogs/extents.patch | 56 +++++++++++++++++++

Patches to update it very welcome! Cheers, Richard

Hello everyone, This is the full report for yocto-3.3.6.rc1: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults ======= Summary ======== No high

Backport a submitted patch to fix CVE-2022-1304. Signed-off-by: Ross Burton <ross.burton@...> --- .../e2fsprogs/e2fsprogs/extents.patch | 56 +++++++++++++++++++

Rust has been upgraded to rust-1.60.0 that uses LLVM 14. Please refer the following link for more detailed

Hi Richard, should I update your patch or only the Upstream-Status or will you prefer to do it yourself? Regards Stefan Am 14.04.2022 um 22:52 schrieb Richard Purdie via lists.openembedded.org:

From: Mingli Yu <mingli.yu@...> Backport patch [1] to fix CVE-2022-0204. [1]

From: Mingli Yu <mingli.yu@...> * The 9.16 branch will be limited to bug fixes [1] now and upgrade to the latest 9.16.x release to fix some security fixes. - CVE-2021-25219 -

Recently GIT got updated with a security fix: https://github.blog/2022-04-12-git-security-vulnerability-announced/ The problem is that this causes all "git" tasks that run within pseudo (most

Hi Steve, Can you please cherry-pick this on the dunfell branch as well for this Lua CVE? or should I send a patch for this? Ranjitsinh Rathod

This symlink is not valid when using usrmerge and ptest packaging would fail Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' ->

Branch: honister New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: hardknott New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: dunfell New this week: 3 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: master New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3 MEDIUM):

Some recipes are marked machine specific which need qemu usermode during build eg. if they use meson build system, which means they wont get right -cpu settings to run qemu-ppc/qemu-ppc64 and build

From: Changqing Li <changqing.li@...> Signed-off-by: Changqing Li <changqing.li@...> --- .../libsdl2/libsdl2/CVE-2021-33657.patch | 39 +++++++++++++++++++

Brings in below changes * 499a601796 Default to --with-default-link=no (bug 25812) * 70f1eecdc1 scripts: Add glibcelf.py module * d3feff2232 m68k: Handle fewer relocations for RTLD_BOOTSTRAP

The following changes since commit 8fd5133fc7f6bc84193ec6fcbc1746c59bfc8caf: libxshmfence: Correct LICENSE to HPND (2022-04-18 12:13:17 -1000) are available in the Git repository at: