From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 0/9] Patch review
Date: Sun, 30 Apr 2023 06:25:51 -1000 [thread overview]
Message-ID: <cover.1682871868.git.steve@sakoman.com> (raw)
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5239
The following changes since commit d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c:
go: fix CVE-2023-24537 Infinite loop in parsing (2023-04-21 04:15:45 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Christoph Lauer (1):
populate_sdk_base: add zip options
Nikhil R (1):
openssl: Fix CVE-2023-0464
Omkar Patil (2):
openssl: Fix CVE-2023-0465
openssl: Fix CVE-2023-0466
Shubham Kulkarni (1):
go: Ignore CVE-2022-1705
Vijay Anusuri (2):
sudo: Security fix for CVE-2023-28486 and CVE-2023-28487
curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Vivek Kumbhar (1):
go: fix CVE-2023-24534 denial of service from excessive memory
allocation
meta/classes/populate_sdk_base.bbclass | 4 +-
.../openssl/openssl/CVE-2023-0464.patch | 226 ++++++
.../openssl/openssl/CVE-2023-0465.patch | 60 ++
.../openssl/openssl/CVE-2023-0466.patch | 82 +++
.../openssl/openssl_1.1.1t.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 4 +
.../go/go-1.14/CVE-2023-24534.patch | 200 ++++++
meta/recipes-devtools/qemu/qemu.inc | 5 +
.../CVE-2023-28486_CVE-2023-28487-1.patch | 646 ++++++++++++++++++
.../CVE-2023-28486_CVE-2023-28487-2.patch | 26 +
meta/recipes-extended/sudo/sudo_1.8.32.bb | 2 +
.../curl/curl/CVE-2023-27533.patch | 59 ++
.../curl/curl/CVE-2023-27535-pre1.patch | 236 +++++++
.../curl/curl/CVE-2023-27535.patch | 170 +++++
.../curl/curl/CVE-2023-27536.patch | 55 ++
meta/recipes-support/curl/curl_7.69.1.bb | 4 +
16 files changed, 1781 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24534.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-1.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
next reply other threads:[~2023-04-30 16:26 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-30 16:25 Steve Sakoman [this message]
2023-04-30 16:25 ` [OE-core][dunfell 1/9] sudo: Security fix for CVE-2023-28486 and CVE-2023-28487 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 2/9] go: Ignore CVE-2022-1705 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 3/9] openssl: Fix CVE-2023-0464 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 4/9] openssl: Fix CVE-2023-0465 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 5/9] openssl: Fix CVE-2023-0466 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 6/9] qemu: Whitelist CVE-2023-0664 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 7/9] curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536 Steve Sakoman
2023-04-30 16:25 ` [OE-core][dunfell 8/9] go: fix CVE-2023-24534 denial of service from excessive memory allocation Steve Sakoman
2023-04-30 16:26 ` [OE-core][dunfell 9/9] populate_sdk_base: add zip options Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2024-02-22 14:30 [OE-core][dunfell 0/9] Patch review Steve Sakoman
2022-10-13 16:36 Steve Sakoman
2022-09-14 2:25 Steve Sakoman
2022-05-18 2:30 Steve Sakoman
2022-05-02 23:02 Steve Sakoman
2022-04-20 21:51 Steve Sakoman
2021-09-10 14:07 Steve Sakoman
2020-12-07 14:12 Steve Sakoman
2020-11-17 23:47 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1682871868.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.