[OE-core][dunfell 00/11] Patch review

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Steve Sakoman" <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/11] Patch review
Date: Wed,  1 Jun 2022 16:30:40 -1000	[thread overview]
Message-ID: <cover.1654136888.git.steve@sakoman.com> (raw)

Please review this set of patches for dunfell and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3738

The following changes since commit add860e1a69f848097bbc511137a62d5746e5019:

  oeqa/selftest/cve_check: add tests for recipe and image reports (2022-05-24 04:31:18 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Dan Tran (1):
  ncurses: Fix CVE-2022-29458

Ernst Sjöstrand (2):
  cve-check: Add helper for symlink handling
  cve-check: Only include installed packages for rootfs manifest

Ranjitsinh Rathod (3):
  ruby: Upgrade ruby to 2.7.6 for security fix
  ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
  libsdl2: Add fix for CVE-2021-33657

Richard Purdie (2):
  vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
  cve-check: Allow warnings to be disabled

Riyaz (1):
  libxml2: Fix CVE-2022-29824 for libxml2

Virendra Thakur (1):
  ffmpeg: Fix for CVE-2022-1475

leimaohui (1):
  cve-check.bbclass: Added do_populate_sdk[recrdeptask].

 meta/classes/cve-check.bbclass                | 109 ++++--
 .../libxml2/CVE-2022-29824-dependent.patch    |  53 +++
 .../libxml/libxml2/CVE-2022-29824.patch       | 348 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   2 +
 .../ncurses/files/CVE-2022-29458.patch        | 135 +++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   1 +
 .../ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb}     |   8 +-
 .../libsdl2/libsdl2/CVE-2021-33657.patch      |  38 ++
 .../libsdl2/libsdl2_2.0.12.bb                 |   1 +
 .../ffmpeg/ffmpeg/CVE-2022-1475.patch         |  36 ++
 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 12 files changed, 694 insertions(+), 42 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-29824.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2022-29458.patch
 rename meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} (90%)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch

-- 
2.25.1

next             reply	other threads:[~2022-06-02  2:30 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-02  2:30 Steve Sakoman [this message]
2022-06-02  2:30 ` [OE-core][dunfell 01/11] ruby: Upgrade ruby to 2.7.6 for security fix Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 02/11] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 03/11] libsdl2: Add fix for CVE-2021-33657 Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 04/11] ffmpeg: Fix for CVE-2022-1475 Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 05/11] ncurses: Fix CVE-2022-29458 Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 06/11] libxml2: Fix CVE-2022-29824 for libxml2 Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 07/11] vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 08/11] cve-check.bbclass: Added do_populate_sdk[recrdeptask] Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 09/11] cve-check: Add helper for symlink handling Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 10/11] cve-check: Only include installed packages for rootfs manifest Steve Sakoman
2022-06-02  2:30 ` [OE-core][dunfell 11/11] cve-check: Allow warnings to be disabled Steve Sakoman
  -- strict thread matches above, loose matches on Subject: below --
2023-12-06 13:55 [OE-core][dunfell 00/11] Patch review Steve Sakoman
2023-10-10 14:14 Steve Sakoman
2023-06-08  2:35 Steve Sakoman
2023-05-20 16:04 Steve Sakoman
2022-11-12 14:09 Steve Sakoman
2022-08-18 16:56 Steve Sakoman
2022-08-10 22:31 Steve Sakoman
2022-04-16 19:14 Steve Sakoman
2022-01-20 21:23 Steve Sakoman
2022-01-13 14:37 Steve Sakoman
2021-04-08 16:31 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1654136888.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.