From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/22] Patch review
Date: Sun, 13 Aug 2023 11:18:06 -1000 [thread overview]
Message-ID: <cover.1691961051.git.steve@sakoman.com> (raw)
Please review this set of changes for dunfell and have comments back by
end of day Tuesday, August 15.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730
with the exception of qemuppc-alt, which failed due to out of disk space errors
on the debian-11-ty-1 worker:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969
The qemuppc-alt build passed on subsequent re-test on a worker without disk space issues:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972
The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99:
build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Abdellatif El Khlifi (1):
kernel: skip installing fitImage when using Initramfs bundles
Bruce Ashfield (3):
linux-yocto/5.4: update to v5.4.249
linux-yocto/5.4: update to v5.4.250
linux-yocto/5.4: update to v5.4.251
Dhairya Nagodra (2):
dmidecode 3.2: Fix CVE-2023-30630
harfbuzz: Resolve backported commit bug.
Emily Vekariya (1):
qemu: CVE-ID correction for CVE-2020-35505
Hitendra Prajapati (3):
ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI
tiff: fix multiple CVEs
tiff: fix multiple CVEs
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Peter Marko (6):
python3: ignore CVE-2023-36632
libjpeg-turbo: patch CVE-2023-2804
libarchive: ignore CVE-2023-30571
libpcre2: patch CVE-2022-41409
procps: patch CVE-2023-4016
openssl: Upgrade 1.1.1t -> 1.1.1v
Vijay Anusuri (1):
ghostscript: backport fix for CVE-2023-38559
Vivek Kumbhar (2):
go: fix CVE-2023-29406 net/http: insufficient sanitization of Host
header
qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
handshake can lead to remote unauthenticated denial of service
Yuta Hayama (2):
cve-update-nvd2-native: always pass str for json.loads()
systemd-systemctl: fix errors in instance name expansion
meta/classes/kernel.bbclass | 20 +-
...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++
.../openssl/openssl/CVE-2023-0464.patch | 226 -----------------
.../openssl/openssl/CVE-2023-0465.patch | 60 -----
.../openssl/openssl/CVE-2023-0466.patch | 82 ------
.../openssl/openssl/CVE-2023-2650.patch | 122 ---------
.../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +-
.../meta/cve-update-nvd2-native.bb | 2 +-
.../systemd/systemd-systemctl/systemctl | 2 +-
.../CVE-2023-30630-dependent_p1.patch | 236 ++++++++++++++++++
.../CVE-2023-30630-dependent_p2.patch | 198 +++++++++++++++
.../dmidecode/dmidecode/CVE-2023-30630.patch | 62 +++++
.../dmidecode/dmidecode_3.2.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29406.patch | 212 ++++++++++++++++
.../recipes-devtools/python/python3_3.8.17.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-35505.patch | 11 +-
.../qemu/qemu/CVE-2023-3354.patch | 87 +++++++
.../ruby/ruby/CVE-2021-33621.patch | 139 +++++++++++
meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 +
...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++
.../ghostscript/ghostscript_9.52.bb | 1 +
.../libarchive/libarchive_3.4.2.bb | 3 +
.../procps/procps/CVE-2023-4016.patch | 85 +++++++
meta/recipes-extended/procps/procps_3.3.16.bb | 1 +
.../harfbuzz/harfbuzz/CVE-2023-25193.patch | 16 +-
.../jpeg/files/CVE-2023-2804-1.patch | 97 +++++++
.../jpeg/files/CVE-2023-2804-2.patch | 75 ++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 2 +
.../linux-firmware/linux-firmware_20230515.bb | 2 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../libtiff/files/CVE-2023-25433.patch | 173 +++++++++++++
.../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++++++
.../libtiff/files/CVE-2023-26965.patch | 90 +++++++
.../libtiff/files/CVE-2023-26966.patch | 35 +++
.../libtiff/files/CVE-2023-2908.patch | 33 +++
.../libtiff/files/CVE-2023-3316.patch | 59 +++++
.../libtiff/files/CVE-2023-3618-1.patch | 34 +++
.../libtiff/files/CVE-2023-3618-2.patch | 47 ++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 +
.../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
45 files changed, 1977 insertions(+), 531 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1t.bb => openssl_1.1.1v.bb} (96%)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434-CVE-2023-25435.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
--
2.34.1
next reply other threads:[~2023-08-13 21:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-13 21:18 Steve Sakoman [this message]
2023-08-13 21:18 ` [OE-core][dunfell 01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 02/22] python3: ignore CVE-2023-36632 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 03/22] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 04/22] go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 05/22] libarchive: ignore CVE-2023-30571 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 06/22] libpcre2: patch CVE-2022-41409 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 07/22] tiff: fix multiple CVEs Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 08/22] " Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 09/22] dmidecode 3.2: Fix CVE-2023-30630 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 10/22] qemu: CVE-ID correction for CVE-2020-35505 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 11/22] qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 12/22] ghostscript: backport fix for CVE-2023-38559 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 13/22] procps: patch CVE-2023-4016 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 14/22] cve-update-nvd2-native: always pass str for json.loads() Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 15/22] harfbuzz: Resolve backported commit bug Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 16/22] linux-yocto/5.4: update to v5.4.249 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 17/22] linux-yocto/5.4: update to v5.4.250 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 18/22] linux-yocto/5.4: update to v5.4.251 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 19/22] openssl: Upgrade 1.1.1t -> 1.1.1v Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 20/22] linux-firmware: Fix mediatek mt7601u firmware path Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 21/22] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 22/22] kernel: skip installing fitImage when using Initramfs bundles Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2021-05-12 14:56 [OE-core][dunfell 00/22] Patch review Steve Sakoman
2020-06-30 3:02 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1691961051.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.