From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/11] Patch review
Date: Wed, 20 Dec 2023 16:09:00 -1000 [thread overview]
Message-ID: <cover.1703124430.git.steve@sakoman.com> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6355
The following changes since commit eea685e1caafd8e8121006d3f8b5d0b8a4f2a933:
build-appliance-image: Update to kirkstone head revision (2023-12-15 04:01:10 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Poonam Jadhav (1):
curl: Fix CVE-2023-46218
Richard Purdie (1):
testimage: Exclude wtmp from target-dumper commands
Soumya Sambu (2):
go: Fix CVE-2023-39326
perl: update 5.34.1 -> 5.34.3
Sourav Pramanik (1):
qemu: Fix CVE-2023-5088
Trevor Gamblin (1):
python3-ptest: skip test_storlines
Vijay Anusuri (2):
ghostscript: Backport fix for CVE-2023-46751
openssh: backport Debian patch for CVE-2023-48795
Yoann Congal (1):
externalsrc: Ensure SRCREV is processed before accessing SRC_URI
mark.yang (2):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
meta/classes/externalsrc.bbclass | 4 +
meta/classes/testimage.bbclass | 2 +-
.../openssh/openssh/CVE-2023-48795.patch | 476 ++++++++++++++++++
.../fix-authorized-principals-command.patch | 30 ++
.../openssh/openssh_8.9p1.bb | 2 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.20/CVE-2023-39326.patch | 182 +++++++
...ile-check-the-file-if-patched-or-not.patch | 4 +-
...{perlcross_1.3.7.bb => perlcross_1.5.2.bb} | 2 +-
.../perl/{perl_5.34.1.bb => perl_5.34.3.bb} | 2 +-
...orlines-skip-due-to-load-variability.patch | 32 ++
.../python/python3_3.10.13.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-5088.patch | 112 +++++
.../ghostscript/CVE-2023-46751.patch | 41 ++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
...c-stop-accessing-out-of-bounds-frame.patch | 2 +-
...c-stop-accessing-out-of-bounds-frame.patch | 1 +
.../curl/curl/CVE-2023-46218.patch | 52 ++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
20 files changed, 943 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/fix-authorized-principals-command.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-39326.patch
rename meta/recipes-devtools/perl-cross/{perlcross_1.3.7.bb => perlcross_1.5.2.bb} (92%)
rename meta/recipes-devtools/perl/{perl_5.34.1.bb => perl_5.34.3.bb} (99%)
create mode 100644 meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-5088.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
--
2.34.1
next reply other threads:[~2023-12-21 2:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 2:09 Steve Sakoman [this message]
2023-12-21 2:09 ` [OE-core][kirkstone 01/11] ghostscript: Backport fix for CVE-2023-46751 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 02/11] curl: Fix CVE-2023-46218 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 03/11] qemu: Fix CVE-2023-5088 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 04/11] ffmpeg: fix for CVE-2022-3964 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 05/11] ffmpeg: fix for CVE-2022-3965 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 06/11] go: Fix CVE-2023-39326 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 07/11] openssh: backport Debian patch for CVE-2023-48795 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 08/11] perl: update 5.34.1 -> 5.34.3 Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 09/11] externalsrc: Ensure SRCREV is processed before accessing SRC_URI Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 10/11] python3-ptest: skip test_storlines Steve Sakoman
2023-12-21 2:09 ` [OE-core][kirkstone 11/11] testimage: Exclude wtmp from target-dumper commands Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-07-09 15:19 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
2025-01-15 14:37 Steve Sakoman
2024-08-13 12:16 Steve Sakoman
2024-03-04 15:23 Steve Sakoman
2023-06-11 16:02 Steve Sakoman
2023-01-12 2:33 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1703124430.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.