Ignoring the kernel issues: Wrong ninja, sent ignore. Still open. Fixed in our version, CPE update sent. Still open. Fixed in 2.5.0, CPE update sent. Patch still in review on GitLab. Simple fix, build

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devto

From: Ross Burton <ross.burton@...> This minor point release fixes CVE-2023-25652 and CVE-2023-29007. Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-devtools/git/{git_2.39.2.bb =3D> git

From: Ross Burton <ross.burton@...> Drop the merged fix for CVE-2023-28879. Signed-off-by: Ross Burton <ross.burton@...> --- .../ghostscript/cross-compile.patch | 40 ------------- .../ghostscript/cve-

Fixing of improper sanitization of CSS values in html/template Signed-off-by: Ashish Sharma <asharma@...> --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-24539.patch | 60 ++++++

From: Luca Ceresoli <luca.ceresoli@...> Writing a simple recipe that inherits kernel.bbclass and downloads a kernel tarball (e.g. a mainline release from kernel.org) via http or ftp fails with either:

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- .../pkgconf/{pkgconf_1.9.4.bb =3D> pkgconf_1.9.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename me

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-graphics/piglit/piglit_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/r

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-gnome/gtk+/{gtk+3_3.24.37.bb =3D> gtk+3_3.24.38.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(

From: Ross Burton <ross.burton@...> Backport a patch from upstream to fix the build on 32-bit platforms, and remove the COMPATIBLE_HOST restriction. Signed-off-by: Ross Burton <ross.burton@...> --- ..

This is a new PEP517 compatible build class for python modules that use pyproject.toml and this: [build-system] build-backend = 'mesonpy' The new class uses python3-meson-python-native. Signed-off-by:

From: Narpat Mali <narpat.mali@...> Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint.

From: Chen Qi <Qi.Chen@...> The error message is a little misleading as the qmp module is a directory with __init__.py file, not qmp.py file. Also, put the path where we try to import it from in the e

Signed-off-by: Stefano Babic <sbabic@...> --- Changes since V1: - added missing dependency to libyaml .../u-boot/{libubootenv_0.3.3.bb =3D> libubootenv_0.3.4.bb} | 4 ++-- 1 file changed, 2 insertions(

Signed-off-by: Stefano Babic <sbabic@...> --- .../u-boot/{libubootenv_0.3.3.bb =3D> libubootenv_0.3.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-bsp/u-boot/{libuboote

From: duep <duep.fnst@...> Add a ptest for xz - It is taking around 1s to execute with kvm, so added it to PTESTS_FAST - It contains 11 test files: test_bcj_exact_size test_block_header test_check tes

crypt.h is otherwise taken from the host machine Signed-off-by: Markus Volk <f_l_k@...> --- meta/recipes-devtools/python/python3_3.11.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --g

Branch: mickledore New this week: 9 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-0459 (CVSS3: 5.5 MEDIUM): lin

Branch: kirkstone New this week: 3 CVEs CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libj

If defined, this variable value overrides the size of f2fs partition file created by mkfs. Otherwise previous logic based on ROOTFS_SIZE variable is used. It should be set when the final file size wou