[OE-core][dunfell 00/17] Patch review

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/17] Patch review
Date: Tue, 14 Nov 2023 17:17:17 -1000	[thread overview]
Message-ID: <cover.1700018112.git.steve@sakoman.com> (raw)

Please review this set of changes for dunfell and have comments back by
end of day Thursday, November 16

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6194

The following changes since commit 0dbf3a15321b8033ff8ed86c6aa261fdb9c3d5bb:

  build-appliance-image: Update to dunfell head revision (2023-10-27 04:22:17 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  zlib: Backport fix for CVE-2023-45853

Hitendra Prajapati (1):
  tiff: Security fix for CVE-2023-40745

Lee Chee Yang (1):
  kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269

Mikko Rapeli (1):
  lz4: use CFLAGS from bitbake

Naveen Saini (2):
  assimp: Explicitly use nobranch=1 in SRC_URI
  resolvconf: Fix fetch error

Peter Marko (1):
  glibc: ignore CVE-2023-4527

Ross Burton (3):
  cve-check: sort the package list in the JSON report
  cve-check: slightly more verbose warning when adding the same package
    twice
  cve-check: don't warn if a patch is remote

Soumya Sambu (1):
  libwebp: Fix CVE-2023-4863

Steve Sakoman (3):
  Revert "qemu: Backport fix for CVE-2023-0330"
  lz4: Update sstate/equiv versions to clean cache
  selftest: skip virgl test on all fedora

Vijay Anusuri (3):
  tiff: CVE patch correction for CVE-2023-3576
  tiff: backport Debian patch to fix CVE-2023-41175
  xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

 meta/classes/cve-check.bbclass                |   2 +
 meta/lib/oe/cve_check.py                      |  13 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |  10 +-
 .../resolvconf/resolvconf_1.82.bb             |   2 +-
 meta/recipes-core/glibc/glibc_2.31.bb         |   7 +
 .../zlib/zlib/CVE-2023-45853.patch            |  40 ++++++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +-
 ...-2023-0330_1.patch => CVE-2023-0330.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch           | 135 ------------------
 meta/recipes-graphics/vulkan/assimp_5.0.1.bb  |   2 +-
 .../xserver-xorg/CVE-2023-5367.patch          |  84 +++++++++++
 .../xserver-xorg/CVE-2023-5380.patch          | 102 +++++++++++++
 .../xorg-xserver/xserver-xorg_1.20.14.bb      |   2 +
 .../kexec/kexec-tools_2.0.20.bb               |   3 +
 ...-2023-3618-1.patch => CVE-2023-3576.patch} |   3 +-
 ...-2023-3618-2.patch => CVE-2023-3618.patch} |   0
 .../libtiff/files/CVE-2023-40745.patch        |  34 +++++
 .../libtiff/files/CVE-2023-41175.patch        |  67 +++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   6 +-
 ...23-5129.patch => CVE-2023-4863-0001.patch} |  27 ++--
 .../webp/files/CVE-2023-4863-0002.patch       |  53 +++++++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |   3 +-
 meta/recipes-support/lz4/lz4_1.9.2.bb         |   6 +-
 24 files changed, 431 insertions(+), 174 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => CVE-2023-0330.patch} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} (93%)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} (100%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (95%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

-- 
2.34.1

next             reply	other threads:[~2023-11-15  3:17 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-15  3:17 Steve Sakoman [this message]
2023-11-15  3:17 ` [OE-core][dunfell 01/17] kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 02/17] tiff: CVE patch correction for CVE-2023-3576 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 03/17] tiff: Security fix for CVE-2023-40745 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 04/17] tiff: backport Debian patch to fix CVE-2023-41175 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 05/17] glibc: ignore CVE-2023-4527 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 06/17] libwebp: Fix CVE-2023-4863 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 07/17] zlib: Backport fix for CVE-2023-45853 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 08/17] Revert "qemu: Backport fix for CVE-2023-0330" Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 09/17] xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380 Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 10/17] cve-check: sort the package list in the JSON report Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 11/17] cve-check: slightly more verbose warning when adding the same package twice Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 12/17] cve-check: don't warn if a patch is remote Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 13/17] assimp: Explicitly use nobranch=1 in SRC_URI Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 14/17] resolvconf: Fix fetch error Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 15/17] lz4: use CFLAGS from bitbake Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 16/17] lz4: Update sstate/equiv versions to clean cache Steve Sakoman
2023-11-15  3:17 ` [OE-core][dunfell 17/17] selftest: skip virgl test on all fedora Steve Sakoman
  -- strict thread matches above, loose matches on Subject: below --
2023-07-08 15:55 [OE-core][dunfell 00/17] Patch review Steve Sakoman
2021-08-13 14:29 Steve Sakoman
2021-02-15 14:37 Steve Sakoman
2020-12-28 22:15 Steve Sakoman
2020-05-25 22:36 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1700018112.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.