[OE-core][dunfell 00/18] Patch review

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/18] Patch review
Date: Sun,  1 Jan 2023 07:42:16 -1000	[thread overview]
Message-ID: <cover.1672594796.git.steve@sakoman.com> (raw)

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4715

The following changes since commit cc8ec63310f9a936371ea1070cb257c926808755:

  oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() (2022-12-14 16:34:29 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  tzdata: update 2022d -> 2022g

Bruce Ashfield (4):
  linux-yocto/5.4: update to v5.4.221
  linux-yocto/5.4: update to v5.4.224
  linux-yocto/5.4: update to v5.4.225
  linux-yocto/5.4: update to v5.4.228

Chen Qi (1):
  bc: extend to nativesdk

Hitendra Prajapati (1):
  grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be
    loaded

Jagadeesh Krishnanjanappa (1):
  qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel
    image

Joshua Watt (1):
  sudo: Use specific BSD license variant

Minjae Kim (1):
  ppp: fix CVE-2022-4603

Peter Marko (1):
  externalsrc: fix lookup for .gitmodules

Quentin Schulz (1):
  cairo: update patch for CVE-2019-6461 with upstream solution

Robert Andersson (1):
  go-crosssdk: avoid host contamination by GOCACHE

Ross Burton (1):
  lib/buildstats: fix parsing of trees with reduced_proc_pressure
    directories

Vivek Kumbhar (4):
  go: fix CVE-2022-41717 Excessive memory use in got server
  rsync: fix CVE-2022-29154 remote arbitrary files write inside the
    directories of connecting peers
  libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of
    xcb_disp.c
  qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data
    transfers

 meta/classes/externalsrc.bbclass              |   2 +-
 meta/classes/qemuboot.bbclass                 |   3 +-
 .../grub/files/CVE-2022-28735.patch           | 271 ++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 .../ppp/ppp/CVE-2022-4603.patch               |  50 +++
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-41717.patch           |  75 ++++
 meta/recipes-devtools/go/go-crosssdk.inc      |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2021-3507.patch             |  87 +++++
 .../rsync/files/CVE-2022-29154.patch          | 334 ++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   1 +
 meta/recipes-extended/bc/bc_1.07.1.bb         |   2 +-
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 meta/recipes-extended/timezone/timezone.inc   |   7 +-
 .../cairo/cairo/CVE-2019-6461.patch           |  35 +-
 .../xorg-lib/libx11/CVE-2022-3555.patch       |  38 ++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 scripts/lib/buildstats.py                     |   4 +-
 23 files changed, 919 insertions(+), 35 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-28735.patch
 create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3507.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2022-29154.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch

-- 
2.25.1

next             reply	other threads:[~2023-01-01 17:42 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-01 17:42 Steve Sakoman [this message]
2023-01-01 17:42 ` [OE-core][dunfell 01/18] grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be loaded Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 02/18] go: fix CVE-2022-41717 Excessive memory use in got server Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 03/18] rsync: fix CVE-2022-29154 remote arbitrary files write inside the directories of connecting peers Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 04/18] libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of xcb_disp.c Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 05/18] qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data transfers Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 06/18] ppp: fix CVE-2022-4603 Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 07/18] cairo: update patch for CVE-2019-6461 with upstream solution Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 08/18] linux-yocto/5.4: update to v5.4.221 Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 09/18] linux-yocto/5.4: update to v5.4.224 Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 10/18] linux-yocto/5.4: update to v5.4.225 Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 11/18] linux-yocto/5.4: update to v5.4.228 Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 12/18] tzdata: update 2022d -> 2022g Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 13/18] sudo: Use specific BSD license variant Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 14/18] bc: extend to nativesdk Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 15/18] lib/buildstats: fix parsing of trees with reduced_proc_pressure directories Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 16/18] externalsrc: fix lookup for .gitmodules Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 17/18] go-crosssdk: avoid host contamination by GOCACHE Steve Sakoman
2023-01-01 17:42 ` [OE-core][dunfell 18/18] qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image Steve Sakoman
  -- strict thread matches above, loose matches on Subject: below --
2022-03-04 15:04 [OE-core][dunfell 00/18] Patch review Steve Sakoman
2021-12-03 18:18 Steve Sakoman
2020-11-13 14:52 Steve Sakoman
2020-09-07 17:01 Steve Sakoman
2020-07-27 15:09 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1672594796.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.