From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/13] Patch review
Date: Sat, 30 Sep 2023 09:39:57 -1000 [thread overview]
Message-ID: <cover.1696102675.git.steve@sakoman.com> (raw)
Please review this set of changes for dunfell and have comments back by
end of day Tuesday, October 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5966
The following changes since commit a9d194f21a3bdebca8aaff204804a5fdc67c76d1:
vim: Upgrade 9.0.1664 -> 9.0.1894 (2023-09-25 07:03:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
nasm: update 2.15.03 -> 2.15.05
Archana Polampalli (1):
nasm: fix CVE-2022-44370
Ashish Sharma (1):
mdadm: Backport fix for CVE-2023-28736
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.252
linux-yocto/5.4: update to v5.4.254
linux-yocto/5.4: update to v5.4.256
linux-yocto/5.4: update to v5.4.257
Colin McAllister (1):
libwebp: Fix CVE-2023-5129
Lee Chee Yang (3):
libxpm: fix CVE-2022-46285
qemu: fix CVE-2020-24165
python3: update to 3.8.18
Siddharth Doshi (1):
go: Fix CVE-2023-39318 and CVE-2023-39319
Vijay Anusuri (1):
ghostscript: fix CVE-2023-36664
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2023-39318.patch | 238 ++++++++++++
.../go/go-1.14/CVE-2023-39319.patch | 230 +++++++++++
.../0002-Add-debug-prefix-map-option.patch | 42 +-
.../nasm/nasm/CVE-2022-44370.patch | 104 +++++
.../nasm/{nasm_2.15.03.bb => nasm_2.15.05.bb} | 5 +-
.../{python3_3.8.17.bb => python3_3.8.18.bb} | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-24165.patch | 94 +++++
.../ghostscript/CVE-2023-36664-1.patch | 145 +++++++
.../ghostscript/CVE-2023-36664-2.patch | 60 +++
.../ghostscript/CVE-2023-36664-pre1.patch | 62 +++
.../ghostscript/ghostscript_9.52.bb | 3 +
.../mdadm/files/CVE-2023-28736.patch | 77 ++++
meta/recipes-extended/mdadm/mdadm_4.1.bb | 1 +
.../xorg-lib/libxpm/CVE-2022-46285.patch | 40 ++
.../xorg-lib/libxpm_3.5.13.bb | 2 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../webp/files/CVE-2023-5129.patch | 364 ++++++++++++++++++
meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 1 +
22 files changed, 1467 insertions(+), 44 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-39318.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-39319.patch
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
rename meta/recipes-devtools/nasm/{nasm_2.15.03.bb => nasm_2.15.05.bb} (80%)
rename meta/recipes-devtools/python/{python3_3.8.17.bb => python3_3.8.18.bb} (99%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24165.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-1.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-2.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-pre1.patch
create mode 100644 meta/recipes-extended/mdadm/files/CVE-2023-28736.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
--
2.34.1
next reply other threads:[~2023-09-30 19:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-30 19:39 Steve Sakoman [this message]
2023-09-30 19:39 ` [OE-core][dunfell 01/13] mdadm: Backport fix for CVE-2023-28736 Steve Sakoman
2023-09-30 19:39 ` [OE-core][dunfell 02/13] libwebp: Fix CVE-2023-5129 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 03/13] libxpm: fix CVE-2022-46285 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 04/13] nasm: fix CVE-2022-44370 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 05/13] ghostscript: fix CVE-2023-36664 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 06/13] qemu: fix CVE-2020-24165 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 07/13] go: Fix CVE-2023-39318 and CVE-2023-39319 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 08/13] python3: update to 3.8.18 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 09/13] nasm: update 2.15.03 -> 2.15.05 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 10/13] linux-yocto/5.4: update to v5.4.252 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 11/13] linux-yocto/5.4: update to v5.4.254 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 12/13] linux-yocto/5.4: update to v5.4.256 Steve Sakoman
2023-09-30 19:40 ` [OE-core][dunfell 13/13] linux-yocto/5.4: update to v5.4.257 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-11-28 22:52 [OE-core][dunfell 00/13] Patch review Steve Sakoman
2023-07-18 16:00 Steve Sakoman
2022-12-16 14:57 Steve Sakoman
2022-03-21 22:29 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1696102675.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.