[thud 00/18] thud pull request

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [thud 00/18] thud pull request
Date: Mon, 16 Dec 2019 07:59:50 -0800	[thread overview]
Message-ID: <cover.1576511913.git.akuster808@gmail.com> (raw)

Here are the next series for thud. Passed A-full


The following changes since commit cd7cf933b3235560ec71576d8f3836dff736a39f:

  build-appliance-image: Update to thud head revision (2019-10-17 16:45:34 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/thud-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/thud-next

Armin Kuster (1):
  linux-yocto/4.14: update to 4.14.154

Dan Tran (2):
  tar: Fix CVE-2018-20482
  sudo: Fix CVE-2019-14287

Jed (1):
  at-spi2: fix dbus-daemon path

Khem Raj (1):
  sdk: Install nativesdk locales for all TCLIBC variants

Ross Burton (12):
  cve-check: backport rewrite from master
  cve-check: ensure all known CVEs are in the report
  cve-check: failure to parse versions should be more visible
  cve-check: we don't actually need to unpack to check
  cve-update-db-native: don't refresh more than once an hour
  cve-update-db-native: don't hardcode the database name
  cve-update-db-native: add an index on the CVE ID column
  cve-update-db-native: clean up proxy handling
  cve-check: rewrite look to fix false negatives
  cve-check: neaten get_cve_info
  cve-check: fetch CVE data once at a time instead of in a single call
  glibc: finish incomplete fix for CVE-2016-10739

Shubham Agrawal (1):
  libgcrypt: CVE-2019-12904

 meta/classes/cve-check.bbclass                     | 181 ++--
 meta/conf/distro/include/maintainers.inc           |   1 +
 meta/lib/oe/sdk.py                                 |   4 -
 meta/recipes-core/glibc/glibc-locale.inc           |   3 +
 meta/recipes-core/glibc/glibc-mtrace.inc           |   3 +
 meta/recipes-core/glibc/glibc-scripts.inc          |   3 +
 meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 910 ++++++++++++++++++++-
 meta/recipes-core/meta/cve-update-db-native.bb     | 185 +++++
 .../cve-check-tool/cve-check-tool_5.6.4.bb         |  62 --
 ...01-Fix-freeing-memory-allocated-by-sqlite.patch |  50 --
 ...ow-overriding-default-CA-certificate-file.patch | 215 -----
 ...ogress-in-percent-when-downloading-CVE-db.patch | 135 ---
 ...are-computed-vs-expected-sha256-digit-str.patch |  52 --
 .../check-for-malloc_trim-before-using-it.patch    |  51 --
 .../sudo/sudo/CVE-2019-14287_p1.patch              | 170 ++++
 .../sudo/sudo/CVE-2019-14287_p2.patch              |  98 +++
 meta/recipes-extended/sudo/sudo_1.8.23.bb          |   2 +
 meta/recipes-extended/tar/tar/CVE-2018-20482.patch | 405 +++++++++
 meta/recipes-extended/tar/tar_1.30.bb              |   1 +
 meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb   |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.14.bb      |  20 +-
 meta/recipes-support/atk/at-spi2-core_2.28.0.bb    |   2 +-
 .../libgcrypt/files/CVE-2019-12904_p1.patch        | 176 ++++
 .../libgcrypt/files/CVE-2019-12904_p2.patch        | 330 ++++++++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   2 +
 26 files changed, 2410 insertions(+), 663 deletions(-)
 create mode 100644 meta/recipes-core/meta/cve-update-db-native.bb
 delete mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2018-20482.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch

-- 
2.7.4

next             reply	other threads:[~2019-12-16 16:00 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-16 15:59 Armin Kuster [this message]
2019-12-16 15:59 ` [thud 01/18] at-spi2: fix dbus-daemon path Armin Kuster
2019-12-16 15:59 ` [thud 02/18] sdk: Install nativesdk locales for all TCLIBC variants Armin Kuster
2019-12-16 15:59 ` [thud 03/18] libgcrypt: CVE-2019-12904 Armin Kuster
2019-12-16 15:59 ` [thud 04/18] tar: Fix CVE-2018-20482 Armin Kuster
2019-12-16 15:59 ` [thud 05/18] sudo: Fix CVE-2019-14287 Armin Kuster
2019-12-16 15:59 ` [thud 06/18] cve-check: backport rewrite from master Armin Kuster
2019-12-16 15:59 ` [thud 07/18] cve-check: ensure all known CVEs are in the report Armin Kuster
2019-12-16 15:59 ` [thud 08/18] cve-check: failure to parse versions should be more visible Armin Kuster
2019-12-16 15:59 ` [thud 09/18] cve-check: we don't actually need to unpack to check Armin Kuster
2019-12-16 16:00 ` [thud 10/18] cve-update-db-native: don't refresh more than once an hour Armin Kuster
2019-12-16 16:00 ` [thud 11/18] cve-update-db-native: don't hardcode the database name Armin Kuster
2019-12-16 16:00 ` [thud 12/18] cve-update-db-native: add an index on the CVE ID column Armin Kuster
2019-12-16 16:00 ` [thud 13/18] cve-update-db-native: clean up proxy handling Armin Kuster
2019-12-16 16:00 ` [thud 14/18] cve-check: rewrite look to fix false negatives Armin Kuster
2019-12-16 16:00 ` [thud 15/18] cve-check: neaten get_cve_info Armin Kuster
2019-12-16 16:00 ` [thud 16/18] cve-check: fetch CVE data once at a time instead of in a single call Armin Kuster
2019-12-16 16:00 ` [thud 17/18] glibc: finish incomplete fix for CVE-2016-10739 Armin Kuster
2019-12-16 16:00 ` [thud 18/18] linux-yocto/4.14: update to 4.14.154 Armin Kuster
2019-12-17  3:51 ` [thud 00/18] thud pull request Adrian Bunk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1576511913.git.akuster808@gmail.com \
    --to=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.