[OE-core][kirkstone 00/17] Patch review

[Steve Sakoman <steve@sakoman.com>]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 29

Passed a-full on autobuilder (other than a known send-qa-email issue):

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5956
 
The following changes since commit d90e4d5e3cca9cffe8f60841afc63667a9ac39fa:

  build-appliance-image: Update to kirkstone head revision (2023-09-24 10:53:54 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (4):
  ghostscript: fix CVE-2023-43115
  gstreamer1.0-plugins-bad: fix CVE-2023-40474
  gstreamer1.0-plugins-bad: fix CVE-2023-40475
  gstreamer1.0-plugins-bad: fix CVE-2023-40476

Colin McAllister (1):
  libwebp: Fix CVE-2023-5129

Jaeyoon Jung (1):
  cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig

Lee Chee Yang (2):
  cups: Fix CVE-2023-4504
  bind: update to 9.18.19

Meenali Gupta (1):
  ruby: fix CVE-2023-36617

Narpat Mali (1):
  python3-git: upgrade 3.1.32 -> 3.1.37

Peter Marko (1):
  openssl: Upgrade 3.0.10 -> 3.0.11

Ross Burton (2):
  linux-yocto: update CVE exclusions
  xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific

Ryan Eatmon (1):
  kernel.bbclass: Add force flag to rm calls

Siddharth Doshi (1):
  go: Fix CVE-2023-39318

Soumya Sambu (1):
  shadow: Fix CVE-2023-4641

Yogita Urade (1):
  webkitgtk: fix CVE-2023-32439

 meta/classes/cml1.bbclass                     |    2 +-
 meta/classes/kernel.bbclass                   |    4 +-
 ...1-avoid-start-failure-with-bind-user.patch |    0
 ...d-V-and-start-log-hide-build-options.patch |    0
 ...ching-for-json-headers-searches-sysr.patch |    0
 .../bind/{bind-9.18.17 => bind}/bind9         |    0
 .../bind/{bind-9.18.17 => bind}/conf.patch    |    0
 .../generate-rndc-key.sh                      |    0
 ...t.d-add-support-for-read-only-rootfs.patch |    0
 .../make-etc-initd-bind-stop-work.patch       |    0
 .../bind/{bind-9.18.17 => bind}/named.service |    0
 .../bind/{bind_9.18.17.bb => bind_9.18.19.bb} |    2 +-
 .../{openssl_3.0.10.bb => openssl_3.0.11.bb}  |    2 +-
 meta/recipes-devtools/go/go-1.17.13.inc       |    1 +
 .../go/go-1.21/CVE-2023-39318.patch           |  238 +
 ...n3-git_3.1.32.bb => python3-git_3.1.37.bb} |    4 +-
 .../ruby/ruby/CVE-2023-36617_1.patch          |   52 +
 .../ruby/ruby/CVE-2023-36617_2.patch          |   47 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |    2 +
 meta/recipes-extended/cups/cups.inc           |    1 +
 .../cups/cups/CVE-2023-4504.patch             |   42 +
 .../ghostscript/CVE-2023-43115.patch          |   62 +
 .../ghostscript/ghostscript_9.55.0.bb         |    1 +
 .../shadow/files/CVE-2023-4641-0001.patch     |   36 +
 .../shadow/files/CVE-2023-4641-0002.patch     |  147 +
 meta/recipes-extended/shadow/shadow.inc       |    2 +
 .../xorg-xserver/xserver-xorg.inc             |    2 +
 .../linux/cve-exclusion_5.10.inc              | 7255 +++++++++++++++++
 .../linux/cve-exclusion_5.15.inc              |  151 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |    1 +
 .../CVE-2023-40474.patch                      |  118 +
 .../CVE-2023-40475.patch                      |   49 +
 .../CVE-2023-40476.patch                      |   44 +
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |    3 +
 .../webp/files/CVE-2023-5129.patch            |  364 +
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |    1 +
 .../webkit/webkitgtk/CVE-2023-32439.patch     |  127 +
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |    1 +
 38 files changed, 8719 insertions(+), 42 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.19.bb} (97%)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.10.bb => openssl_3.0.11.bb} (99%)
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-39318.patch
 rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} (86%)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
 create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch
 create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion_5.10.inc
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40474.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40475.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40476.patch
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-32439.patch

-- 
2.34.1