From: Pawan Badganchi <badganchipv@...> Add below patches to fix CVE-2023-23914 [1], CVE-2023-23915 [2] CVE-2023-23914_5-1.patch CVE-2023-23914_5-2.patch CVE-2023-23914_5-3.patch CVE-2023-23914_5-4.pa

Please review this set of patches for kirkstone and have comments back by end of day Monday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5087 The fo

Upgrade libgit2 to v1.6.3. The new version now has git_fs_path_basename_r() which is based on BSD-2-Clause. Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@...> --- .../libgit2/{libgit2_1.5.1.bb => l

The quilt package files are owned by the ptest user, which is provided by the ptest-runner package. The quilt recipe depends on ptest-runner but there have been instances where rebuilds of quilt end u

Signed-off-by: Chen Qi <Qi.Chen@...> --- meta/conf/distro/include/maintainers.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/

This update contains bug, security, and feature updates. For detailed release notes, see https://curl.se/changes.html#8_0_1 Signed-off-by: Robert Joslyn <robert.joslyn@...> --- meta/recipes-support/cu

The commands passed to subprocess are tuples which when passed to a % format are treated as multiple format arguments instead of a single argument to be coerced by "%s". This results in a TypeError be

From: Narpat Mali <narpat.mali@...> Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex

If we try to parse a buildstats directory which was either aborted or is still being built then the top-level build_stats file doesn't contain an elapsed value which causes an exception: UnboundLocalE

This script will write a summary of the buildstats to the terminal, sorted by start time or duration, optionally hiding short tasks, and highlighting long running tasks. Signed-off-by: Ross Burton <ro

From: Peter Marko <peter.marko@...> This include overrides do_deploy_source_date_epoch function and is additionally referencing ${S}. If ${S} does not exist yet, the function will fail because it cann

From: Peter Marko <peter.marko@...> This function is referencing '${S}/..'. It uses ${S} only as good known directory path to start traversing from, and it does not need it to exist or be populated. I

Move the signature file into place only after it is successfully signed. This to avoid race and corrupted .sig files in cases multiple onging builds write to a shared sstate-cache dir. Signed-off-by:

This Unittest tries to rename a package, using an already used name and fails on do_package. Reviewed-by: Yoann CONGAL <yoann.congal@...> Signed-off-by: Fawzi KHABER <fawzi.khaber@...> --- .../package

It is possible to rename packages with the macro PKG:${PN} and result in a package name conflict if the target name exists already. Add a fatal check to prevent this issue to go unnoticed. Fix [Yocto

It is possible to rename packages with the macro PKG:${PN} and result in a package name conflict if the target name exists already. Add a fatal check to prevent this issue to go unnoticed. Fix [Yocto

This recipe provides find-debuginfo which is used by rpm, more specifically rpmbuild. RPM upstream removed find-debuginfo and switched to use debugedit in the following commit. https://github.com/rpm-

sysconfig.py use platlibdir for purelib. Update test_sysconfig.test_user_similar() for the posix_user scheme: "purelib" doesn't use sys.platlibdir. Signed-off-by: Wentao Zhang <wentao.zhang@...> --- .

This recipe provides find-debuginfo which is used by rpm, more specifically rpmbuild. RPM upstream removed find-debuginfo and switched to use debugedit in the following commit. https://github.com/rpm-

Hi Team, We are working on CVE-2023-25193 for kirkstone and dunfell branch as it is causing errors in our applications. There have been previous threads pointing to the issues that backporting is diff