From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/31] Patch review
Date: Tue, 17 May 2022 08:23:46 -1000 [thread overview]
Message-ID: <cover.1652811454.git.steve@sakoman.com> (raw)
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Once again I've been proactive in cherry-picking security/bug fix version bumps for
select packages. And as last time I've edited the commit messages to include
either the release notes or a commit list to make it easier to review the upgrade.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3673
The following changes since commit cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee:
build-appliance-image: Update to kirkstone head revision (2022-05-15 08:59:03 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
Alexander Kanavin (11):
systemd: upgrade 250.4 -> 250.5
mesa: upgrade 22.0.0 -> 22.0.2
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
libinput: upgrade 1.19.3 -> 1.19.4
sqlite3: upgrade 3.38.2 -> 3.38.3
webkitgtk: upgrade 2.36.0 -> 2.36.1
xwayland: upgrade 22.1.0 -> 22.1.1
Aryaman Gupta (1):
e2fsprogs: update upstream status
Claudius Heine (1):
overlayfs: add docs about skipping QA check & service dependencies
Davide Gardenal (6):
freetype: backport patch for CVE-2022-27404
freetype: backport patch for CVE-2022-27405
freetype: backport patch for CVE-2022-27406
qemu: backport patch for CVE-2021-4206
qemu: backport patch for CVE-2021-4207
base-passwd: Disable shell for default users
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220411 -> 20220509
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders
across partitions
Jiaqing Zhao (3):
libxml2: Upgrade 2.9.13 -> 2.9.14
sed: Specify shell for "nobody" user in run-ptest
strace: Don't run ptest as "nobody"
Khem Raj (1):
systemd: Fix build regression with latest update
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Richard Purdie (3):
vim: Upgrade 8.2.4681 -> 8.2.4912
cairo: Add missing GPLv3 license checksum entry
sanity: Don't warn about make 4.2.1 for mint
meta/classes/image.bbclass | 7 +-
meta/classes/overlayfs.bbclass | 18 +-
meta/classes/pypi.bbclass | 2 +
meta/classes/sanity.bbclass | 2 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.1 => bind-9.18.2}/bind9 | 0
.../{bind-9.18.1 => bind-9.18.2}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.1.bb => bind_9.18.2.bb} | 2 +-
.../base-passwd/disable-shell.patch | 57 ++++
.../base-passwd/base-passwd_3.5.29.bb | 1 +
.../CVE-2022-23308-fix-regression.patch | 99 -------
.../libxml2/libxml-m4-use-pkgconfig.patch | 21 +-
.../{libxml2_2.9.13.bb => libxml2_2.9.14.bb} | 5 +-
...md-boot_250.4.bb => systemd-boot_250.5.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
.../0001-Adjust-for-musl-headers.patch | 98 ++++++-
...ass-correct-parameters-to-getdents64.patch | 10 +-
...e-Use-sockaddr-pointer-type-for-bind.patch | 46 ++++
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 8 +-
...002-don-t-use-glibc-specific-qsort_r.patch | 20 +-
...dd-__compare_fn_t-and-comparison_fn_.patch | 10 +-
...k-parse_printf_format-implementation.patch | 20 +-
...missing.h-check-for-missing-strndupa.patch | 151 +++++++++--
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 12 +-
...008-add-missing-FTW_-macros-for-musl.patch | 17 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 16 +-
...sable-tests-for-missing-typedefs-in-.patch | 4 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 18 +-
...patible-basename-for-non-glibc-syste.patch | 4 +-
...uffering-when-writing-to-oom_score_a.patch | 4 +-
...compliant-strerror_r-from-GNU-specif.patch | 10 +-
...S_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch | 4 +-
...ype.h-add-__compar_d_fn_t-definition.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../systemd/0019-Handle-missing-LOCK_EX.patch | 4 +-
...ible-pointer-type-struct-sockaddr_un.patch | 6 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 239 ++++++++++-------
.../0025-Handle-__cpu_mask-usage.patch | 4 +-
.../systemd/0026-Handle-missing-gshadow.patch | 16 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 11 +-
...eepConfiguration-when-running-on-net.patch | 253 ------------------
.../{systemd_250.4.bb => systemd_250.5.bb} | 2 +-
.../e2fsprogs/e2fsprogs/extents.patch | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +
.../qemu/qemu/CVE-2021-4206.patch | 89 ++++++
.../qemu/qemu/CVE-2021-4207.patch | 43 +++
meta/recipes-devtools/strace/strace/run-ptest | 6 +-
.../{cronie_1.6.0.bb => cronie_1.6.1.bb} | 2 +-
meta/recipes-extended/sed/sed/run-ptest | 2 +-
.../{epiphany_42.0.bb => epiphany_42.2.bb} | 2 +-
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 5 +-
.../freetype/freetype/CVE-2022-27404.patch | 48 ++++
.../freetype/freetype/CVE-2022-27405.patch | 41 +++
.../freetype/freetype/CVE-2022-27406.patch | 32 +++
.../freetype/freetype_2.11.1.bb | 6 +-
.../{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} | 0
...{libinput_1.19.3.bb => libinput_1.19.4.bb} | 2 +-
...{xwayland_22.1.0.bb => xwayland_22.1.1.bb} | 2 +-
...01-Makefile-replace-mkdir-by-install.patch | 84 ++++++
...20220411.bb => linux-firmware_20220509.bb} | 9 +-
.../ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} | 2 +-
.../webkitgtk/add_missing_include.patch | 19 --
...ebkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} | 3 +-
.../{fribidi_1.0.11.bb => fribidi_1.0.12.bb} | 2 +-
.../{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} | 2 +-
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/wic/plugins/source/rootfs.py | 5 +-
77 files changed, 1015 insertions(+), 618 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.1.bb => bind_9.18.2.bb} (98%)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
rename meta/recipes-core/libxml/{libxml2_2.9.13.bb => libxml2_2.9.14.bb} (96%)
rename meta/recipes-core/systemd/{systemd-boot_250.4.bb => systemd-boot_250.5.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-resolve-Use-sockaddr-pointer-type-for-bind.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0029-network-enable-KeepConfiguration-when-running-on-net.patch
rename meta/recipes-core/systemd/{systemd_250.4.bb => systemd_250.5.bb} (99%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
rename meta/recipes-extended/cronie/{cronie_1.6.0.bb => cronie_1.6.1.bb} (97%)
rename meta/recipes-gnome/epiphany/{epiphany_42.0.bb => epiphany_42.2.bb} (94%)
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
rename meta/recipes-graphics/mesa/{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} (100%)
rename meta/recipes-graphics/mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} (100%)
rename meta/recipes-graphics/wayland/{libinput_1.19.3.bb => libinput_1.19.4.bb} (95%)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.0.bb => xwayland_22.1.1.bb} (95%)
create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} (98%)
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/add_missing_include.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} (98%)
rename meta/recipes-support/fribidi/{fribidi_1.0.11.bb => fribidi_1.0.12.bb} (90%)
rename meta/recipes-support/sqlite/{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} (86%)
--
2.25.1
next reply other threads:[~2022-05-17 18:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-17 18:23 Steve Sakoman [this message]
2022-05-17 18:23 ` [OE-core][kirkstone 01/31] freetype: backport patch for CVE-2022-27404 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 02/31] freetype: backport patch for CVE-2022-27405 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 03/31] freetype: backport patch for CVE-2022-27406 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 04/31] qemu: backport patch for CVE-2021-4206 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 05/31] qemu: backport patch for CVE-2021-4207 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 06/31] systemd: upgrade 250.4 -> 250.5 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 07/31] systemd: Fix build regression with latest update Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 08/31] mesa: upgrade 22.0.0 -> 22.0.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 09/31] bind: upgrade 9.18.1 -> 9.18.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 10/31] cronie: upgrade 1.6.0 -> 1.6.1 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 11/31] epiphany: upgrade 42.0 -> 42.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 12/31] ffmpeg: upgrade 5.0 -> 5.0.1 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 13/31] fribidi: upgrade 1.0.11 -> 1.0.12 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 14/31] libinput: upgrade 1.19.3 -> 1.19.4 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 15/31] sqlite3: upgrade 3.38.2 -> 3.38.3 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 16/31] webkitgtk: upgrade 2.36.0 -> 2.36.1 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 17/31] xwayland: upgrade 22.1.0 -> 22.1.1 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 18/31] libxml2: Upgrade 2.9.13 -> 2.9.14 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 19/31] vim: Upgrade 8.2.4681 -> 8.2.4912 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 20/31] linux-firmware: replace mkdir by install Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 21/31] linux-firmware: upgrade 20220411 -> 20220509 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 22/31] cairo: Add missing GPLv3 license checksum entry Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 23/31] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 24/31] wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 25/31] e2fsprogs: update upstream status Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 26/31] overlayfs: add docs about skipping QA check & service dependencies Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 27/31] image.bbclass: allow overriding dependency on virtual/kernel:do_deploy Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 28/31] sanity: Don't warn about make 4.2.1 for mint Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 29/31] sed: Specify shell for "nobody" user in run-ptest Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 30/31] strace: Don't run ptest as "nobody" Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 31/31] base-passwd: Disable shell for default users Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
2022-11-27 13:54 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1652811454.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.