From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/11] Patch review
Date: Tue, 13 Aug 2024 05:16:37 -0700 [thread overview]
Message-ID: <cover.1723551231.git.steve@sakoman.com> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7236
The following changes since commit 2721f84ba755ceea5780e44feb0713ad8c4d0217:
lttng-modules: Upgrade 2.13.9 -> 2.13.14 (2024-08-02 12:10:02 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ghostscript: fix CVE-2024-29511
ghostscript: fix CVE-2024-29509
ghostscript: fix CVE-2024-29506
go: fix CVE-2024-24791
Hitendra Prajapati (1):
busybox: CVE-2023-42364, CVE-2023-42365, CVE-2023-42366 fixes
Peter Marko (1):
libyaml: Update status of CVE-2024-35328
Richard Purdie (1):
cve_check: Use a local copy of the database during builds
Ross Burton (1):
python3-pycryptodome(x): use python_setuptools_build_meta build class
Soumya Sambu (1):
python3-certifi: Fix CVE-2024-39689
Vijay Anusuri (1):
orc: upgrade 0.4.32 -> 0.4.39
Yogita Urade (1):
ofono: fix CVE-2023-2794
meta/classes/cve-check.bbclass | 7 +-
.../ofono/ofono/CVE-2023-2794-0001.patch | 37 ++
.../ofono/ofono/CVE-2023-2794-0002.patch | 32 ++
.../ofono/ofono/CVE-2023-2794-0003.patch | 44 +++
.../ofono/ofono/CVE-2023-2794-0004.patch | 127 +++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 4 +
.../busybox/CVE-2023-42364_42365-1.patch | 197 ++++++++++
.../busybox/CVE-2023-42364_42365-2.patch | 96 +++++
.../busybox/busybox/CVE-2023-42366.patch | 36 ++
meta/recipes-core/busybox/busybox_1.35.0.bb | 3 +
.../meta/cve-update-nvd2-native.bb | 18 +-
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-24791.patch | 359 ++++++++++++++++++
.../orc/{orc_0.4.32.bb => orc_0.4.39.bb} | 2 +-
.../python3-certifi/CVE-2024-39689.patch | 69 ++++
.../python/python3-certifi_2021.10.8.bb | 1 +
.../python/python3-pycryptodome_3.14.1.bb | 2 +-
.../python/python3-pycryptodomex_3.14.1.bb | 2 +-
.../ghostscript/CVE-2024-29506.patch | 45 +++
.../ghostscript/CVE-2024-29509.patch | 45 +++
.../ghostscript/CVE-2024-29511-0001.patch | 100 +++++
.../ghostscript/CVE-2024-29511-0002.patch | 219 +++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 4 +
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 3 +
24 files changed, 1442 insertions(+), 11 deletions(-)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-1.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42364_42365-2.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42366.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24791.patch
rename meta/recipes-devtools/orc/{orc_0.4.32.bb => orc_0.4.39.bb} (92%)
create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29509.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
--
2.34.1
next reply other threads:[~2024-08-13 12:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-13 12:16 Steve Sakoman [this message]
2024-08-13 12:16 ` [OE-core][kirkstone 01/11] cve_check: Use a local copy of the database during builds Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 02/11] libyaml: Update status of CVE-2024-35328 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 03/11] ghostscript: fix CVE-2024-29511 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 04/11] ofono: fix CVE-2023-2794 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 05/11] ghostscript: fix CVE-2024-29509 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 06/11] ghostscript: fix CVE-2024-29506 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 07/11] go: fix CVE-2024-24791 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 08/11] busybox: CVE-2023-42364, CVE-2023-42365, CVE-2023-42366 fixes Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 09/11] python3-certifi: Fix CVE-2024-39689 Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 10/11] orc: upgrade 0.4.32 -> 0.4.39 Steve Sakoman
2024-09-23 13:33 ` Buzarra, Arturo
2024-09-23 18:40 ` Alexander Kanavin
2024-10-28 1:31 ` Vijay Anusuri
2024-10-28 16:50 ` Steve Sakoman
2024-08-13 12:16 ` [OE-core][kirkstone 11/11] python3-pycryptodome(x): use python_setuptools_build_meta build class Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-07-09 15:19 [OE-core][kirkstone 00/11] Patch review Steve Sakoman
2025-01-15 14:37 Steve Sakoman
2024-03-04 15:23 Steve Sakoman
2023-12-21 2:09 Steve Sakoman
2023-06-11 16:02 Steve Sakoman
2023-01-12 2:33 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1723551231.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.