From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@openembedded.org
Subject: [warrior 00/32] Pull request
Date: Thu, 16 Jan 2020 07:20:09 -0800 [thread overview]
Message-ID: <cover.1579187957.git.akuster808@gmail.com> (raw)
Please consider this series for the next warrior release.
The following changes since commit 0a1b1e88b936177344392e185fbd077622d88b3e:
file: fix CVE-2019-18218 (2019-11-11 20:49:54 -0800)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/warrior-next
http://cgit.openembedded.org//log/?h=stable/warrior-next
Alexander Kanavin (2):
python: update to 2.7.17
sudo: correct SRC_URI
Anuj Mittal (2):
python: fix CVE-2018-20852
openssl: set CVE vendor to openssl
Armin Kuster (1):
stress: update SRC_URI
Chen Qi (3):
python: fix CVE-2019-16935
libxfont2: set CVE_PRODUCT
webkitgtk: set CVE_PRODUCT
Ferry Toth (1):
sudo: Fix fetching sources
Kai Kang (1):
bind: fix CVE-2019-6471 and CVE-2018-5743
Khem Raj (1):
sdk: Install nativesdk locales for all TCLIBC variants
Niko Mauno (1):
cve-check: Switch to NVD CVE JSON feed version 1.1
Oleksandr Kravchuk (1):
popt: fix SRC_URI
Ross Burton (18):
flex: set CVE_PRODUCT to include vendor
git: set CVE vendor to git-scm
subversion: set CVE vendor to Apache
ed: set CVE vendor to avoid false positives
boost: set CVE vendor to Boost
libpam: set CVE_PRODUCT
libsndfile1: whitelist CVE-2018-13419
procps: whitelist CVE-2018-1121
cve-check: ensure all known CVEs are in the report
cve-check: failure to parse versions should be more visible
cve-check: we don't actually need to unpack to check
cve-update-db-native: don't refresh more than once an hour
cve-update-db-native: don't hardcode the database name
cve-update-db-native: add an index on the CVE ID column
cve-update-db-native: clean up proxy handling
cve-check: rewrite look to fix false negatives
cve-check: neaten get_cve_info
cve-check: fetch CVE data once at a time instead of in a single call
Zang Ruochen (1):
libpcap: upgrade 1.9.0 -> 1.9.1
meta/classes/cve-check.bbclass | 105 +-
meta/lib/oe/sdk.py | 4 -
.../bind/0001-bind-fix-CVE-2019-6471.patch | 64 ++
...01-fix-enforcement-of-tcp-clients-v1.patch | 60 ++
...p-clients-could-still-be-exceeded-v2.patch | 670 +++++++++++++
...rence-counter-for-pipeline-groups-v3.patch | 278 ++++++
...accounting-and-client-mortality-chec.patch | 512 ++++++++++
...a-and-pipeline-refs-allow-special-ca.patch | 911 ++++++++++++++++++
...allowance-for-tcp-clients-interfaces.patch | 80 ++
...perations-in-bin-named-client.c-with.patch | 140 +++
.../bind/bind_9.11.5-P4.bb | 8 +
...-add-missing-limits.h-for-musl-syste.patch | 29 -
.../{libpcap_1.9.0.bb => libpcap_1.9.1.bb} | 5 +-
.../openssl/openssl_1.1.1b.bb | 2 +
.../recipes-core/meta/cve-update-db-native.bb | 46 +-
meta/recipes-devtools/flex/flex_2.6.0.bb | 3 +
meta/recipes-devtools/git/git.inc | 2 +
...-fix-one-do_populate_sysroot-warning.patch | 25 +-
...tive_2.7.16.bb => python-native_2.7.17.bb} | 2 +-
meta/recipes-devtools/python/python.inc | 9 +-
...nt-parse-domains-containing-GH-13079.patch | 90 --
...Resolve-intermediate-staging-issues.patch} | 53 +-
.../python/python/CVE-2019-9740.patch | 215 -----
.../python/bpo-35907-cve-2019-9948-fix.patch | 55 --
.../python/bpo-35907-cve-2019-9948.patch | 55 --
.../python/bpo-36216-cve-2019-9636-fix.patch | 28 -
.../python/bpo-36216-cve-2019-9636.patch | 111 ---
.../python/bpo-36742-cve-2019-10160.patch | 81 --
.../{python_2.7.16.bb => python_2.7.17.bb} | 2 -
.../subversion/subversion_1.11.1.bb | 2 +
meta/recipes-extended/ed/ed_1.15.bb | 2 +
meta/recipes-extended/pam/libpam_1.3.0.bb | 2 +
meta/recipes-extended/procps/procps_3.3.15.bb | 3 +
meta/recipes-extended/stress/stress_1.0.4.bb | 2 +-
meta/recipes-extended/sudo/sudo_1.8.27.bb | 2 +-
.../xorg-lib/libxfont2_2.0.3.bb | 2 +
.../libsndfile/libsndfile1_1.0.28.bb | 3 +
meta/recipes-sato/webkit/webkitgtk_2.22.7.bb | 2 +
meta/recipes-support/boost/boost.inc | 2 +
meta/recipes-support/popt/popt_1.16.bb | 2 +-
40 files changed, 2873 insertions(+), 796 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
create mode 100644 meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch
delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
rename meta/recipes-connectivity/libpcap/{libpcap_1.9.0.bb => libpcap_1.9.1.bb} (88%)
rename meta/recipes-devtools/python/{python-native_2.7.16.bb => python-native_2.7.17.bb} (97%)
delete mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
rename meta/recipes-devtools/python/python/{builddir.patch => 0001-python-Resolve-intermediate-staging-issues.patch} (58%)
delete mode 100644 meta/recipes-devtools/python/python/CVE-2019-9740.patch
delete mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
delete mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
delete mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
delete mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
delete mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
rename meta/recipes-devtools/python/{python_2.7.16.bb => python_2.7.17.bb} (98%)
--
2.17.1
next reply other threads:[~2020-01-16 15:20 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 15:20 Armin Kuster [this message]
2020-01-16 15:20 ` [warrior 01/32] bind: fix CVE-2019-6471 and CVE-2018-5743 Armin Kuster
2020-01-16 15:20 ` [warrior 02/32] python: fix CVE-2019-16935 Armin Kuster
2020-01-16 15:20 ` [warrior 03/32] python: fix CVE-2018-20852 Armin Kuster
2020-01-16 15:20 ` [warrior 04/32] python: update to 2.7.17 Armin Kuster
2020-01-16 15:20 ` [warrior 05/32] openssl: set CVE vendor to openssl Armin Kuster
2020-01-16 15:20 ` [warrior 06/32] flex: set CVE_PRODUCT to include vendor Armin Kuster
2020-01-16 15:20 ` [warrior 07/32] git: set CVE vendor to git-scm Armin Kuster
2020-01-16 15:20 ` [warrior 08/32] subversion: set CVE vendor to Apache Armin Kuster
2020-01-16 15:20 ` [warrior 09/32] ed: set CVE vendor to avoid false positives Armin Kuster
2020-01-16 15:20 ` [warrior 10/32] boost: set CVE vendor to Boost Armin Kuster
2020-01-16 15:20 ` [warrior 11/32] libpam: set CVE_PRODUCT Armin Kuster
2020-01-16 15:20 ` [warrior 12/32] libxfont2: " Armin Kuster
2020-01-16 15:20 ` [warrior 13/32] libsndfile1: whitelist CVE-2018-13419 Armin Kuster
2020-01-16 15:20 ` [warrior 14/32] webkitgtk: set CVE_PRODUCT Armin Kuster
2020-01-16 15:20 ` [warrior 15/32] procps: whitelist CVE-2018-1121 Armin Kuster
2020-01-16 15:20 ` [warrior 16/32] libpcap: upgrade 1.9.0 -> 1.9.1 Armin Kuster
2020-01-16 15:20 ` [warrior 17/32] sdk: Install nativesdk locales for all TCLIBC variants Armin Kuster
2020-01-16 15:20 ` [warrior 18/32] cve-check: ensure all known CVEs are in the report Armin Kuster
2020-01-16 15:20 ` [warrior 19/32] cve-check: failure to parse versions should be more visible Armin Kuster
2020-01-16 15:20 ` [warrior 20/32] cve-check: we don't actually need to unpack to check Armin Kuster
2020-01-16 15:20 ` [warrior 21/32] cve-update-db-native: don't refresh more than once an hour Armin Kuster
2020-01-16 15:20 ` [warrior 22/32] cve-update-db-native: don't hardcode the database name Armin Kuster
2020-01-16 15:20 ` [warrior 23/32] cve-update-db-native: add an index on the CVE ID column Armin Kuster
2020-01-16 15:20 ` [warrior 24/32] cve-update-db-native: clean up proxy handling Armin Kuster
2020-01-16 15:20 ` [warrior 25/32] cve-check: rewrite look to fix false negatives Armin Kuster
2020-01-16 15:20 ` [warrior 26/32] cve-check: neaten get_cve_info Armin Kuster
2020-01-16 15:20 ` [warrior 27/32] cve-check: fetch CVE data once at a time instead of in a single call Armin Kuster
2020-01-16 15:20 ` [warrior 28/32] cve-check: Switch to NVD CVE JSON feed version 1.1 Armin Kuster
2020-01-16 15:20 ` [warrior 29/32] popt: fix SRC_URI Armin Kuster
2020-01-16 15:20 ` [warrior 30/32] sudo: correct SRC_URI Armin Kuster
2020-01-16 15:20 ` [warrior 31/32] sudo: Fix fetching sources Armin Kuster
2020-01-16 15:20 ` [warrior 32/32] stress: update SRC_URI Armin Kuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1579187957.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-core@openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.