Patch also doesn't apply against master as I think the version may have been upgraded. Cheers, Richard

Submitted [where] please. If it's to a mailing list, link to the message on some web archive. Alex

A change in behaviour in make between 4.2.1 and 4.3 on how whitespace and appends are handled[1] causes changes in lib/libpci.pc and leads to non-reproducible builds. Add a dependency on make-native

if a setup is using RPM for packaging and there are multiple recipes that install to ${nonarch_base_libdir}/firmware by using install -d ${nonarch_base_libdir}/firmware, it will create

They also include versions in the NVD, but there is no version "non-afected" as of today for CVE-2022-27404. I'll figure out the exact versions for those CVEs and update the NVD in the next

As pointed out in https://lists.openembedded.org/g/openembedded-core/message/165058 https://lists.openembedded.org/g/openembedded-core/message/165216 this patch sets KERNELDEPLOYDEPEND but then uses

All, The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on

<leimaohui@...> wrote: You can issue this in poky/meta and plenty of examples will come up: [ak@fedora meta]$ grep -ir PACKAGECONFIG *|grep class-native Alex

Hello Richard, On 05/05/22 19:02, Richard Purdie wrote: The below dependencies are added and then the sigdata is changed. +do_rust_gen_targets[vardeps] +=

From: Pawan Badganchi <badganchipv@...> Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link:

From: Pawan Badganchi <badganchipv@...> Add below patch to fix CVE-2022-1215 CVE-2022-1215.patch Link:

Hi Claudius, Thanks a lot for the patch Could you please also extend the header of overlayfs.bbclass to describe the use case? I will update the documentation accordingly after

Hello, I am puzzled by the following final do_package errors for dbus, glib-2.0-dev etc in the kirkstone branch, that error messages were never seen in honister and other branches. dbus glib etc are

Hi, Since 4.0 is Released recently,  maybe it is proper time to make changes in this area. Any suggestion about this issue is welcome. Thanks. Regards Changqing > > >

Hi, Alex I'm sorry that this way doesn’t work, because PACKAGECONFIG[fips-native] means PACKAGECONFIG is set for fips-native not for fips. And I don't find any existing recipes that config

lists.openembedded.org wrote: I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- 27405 and CVE-2022-27406 were already in 2.12.0. I don't think the CVE checker is going to like

Yes, this will be the last one. Steve

Should we stop tracking numbers for hardknott since it's no longer maintained? Thanks, Anuj

Branch: kirkstone New this week: 3 CVEs CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7.5

Branch: honister New this week: 4 CVEs CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 * CVE-2022-27405 (CVSS3: 7.5