From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/25] Patch review
Date: Sat, 4 Jan 2025 05:41:24 -0800 [thread overview]
Message-ID: <cover.1735997984.git.steve@sakoman.com> (raw)
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, January 7
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/737
The following changes since commit 01423828248b75e1f5afe2e5959ccd971df875cd:
rust: add reproducibility patch to eliminate host leakage (2024-12-19 05:36:59 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Changqing Li (1):
sanity.bbclass: skip check_userns for non-local uid
Divya Chellam (1):
libxml2: Upgrade 2.12.8 -> 2.12.9
Guðni Már Gilbert (2):
python3: upgrade 3.12.6 -> 3.12.7
python3: upgrade 3.12.7 -> 3.12.8
Mark Hatle (1):
populate_sdk_ext: write_local_conf add shutil import
Mikko Rapeli (1):
ovmf-native: remove .pyc files from install
Peter Marko (16):
gstreamer1.0-plugins-good: fix several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47538
gstreamer1.0-plugins-base: patch CVE-2024-47607
gstreamer1.0-plugins-base: patch CVE-2024-47615
gstreamer1.0-plugins-good: patch CVE-2024-47613
gstreamer1.0-plugins-good: patch several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47541
gstreamer1.0-plugins-base: patch CVE-2024-47542
gstreamer1.0-plugins-good: patch CVE-2024-47599
gstreamer1.0-plugins-base: patch CVE-2024-47600
gstreamer1.0-plugins-good: patch CVE-2024-47606
gstreamer1.0-plugins-good: patch CVE-2024-47606
gstreamer1.0-plugins-good: patch CVE-2024-47774
gstreamer1.0-plugins-good: patch several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47835
gstreamer1.0: ignore CVEs fixed in plugins recipes
Soumya Sambu (1):
python3-requests: upgrade 2.32.0 -> 2.32.3
Xiangyu Chen (1):
lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66
aszh07 (1):
libarchive: Fix CVE-2024-20696
meta/classes-global/sanity.bbclass | 2 +
meta/classes-recipe/populate_sdk_ext.bbclass | 2 +
.../{libxml2_2.12.8.bb => libxml2_2.12.9.bb} | 2 +-
meta/recipes-core/ovmf/ovmf_git.bb | 1 +
...s_2.32.0.bb => python3-requests_2.32.3.bb} | 4 +-
...shebang-overflow-on-python-config.py.patch | 6 +-
...e-stdin-I-O-errors-same-way-as-maste.patch | 3 +-
...-use-prefix-value-from-build-configu.patch | 5 +-
...-qemu-wrapper-when-gathering-profile.patch | 6 +-
...sts-due-to-load-variability-on-YP-AB.patch | 16 +-
...est_sysconfig-for-posix_user-purelib.patch | 7 +-
...e-treat-overflow-in-UID-GID-as-failu.patch | 9 +-
...asename-to-replace-CC-for-checking-c.patch | 20 +-
..._fileno-test-due-to-load-variability.patch | 6 +-
...g.py-use-platlibdir-also-for-purelib.patch | 5 +-
...ctive_children-skip-problematic-test.patch | 9 +-
...pes.test_find-skip-without-tools-sdk.patch | 5 +-
...-test_deadlock-skip-problematic-test.patch | 9 +-
...le.py-correct-the-test-output-format.patch | 7 +-
...t_readline-skip-limited-history-test.patch | 14 +-
...-test_shutdown-skip-problematic-test.patch | 11 +-
...orlines-skip-due-to-load-variability.patch | 5 +-
...up.py-do-not-add-a-curses-include-pa.patch | 6 +-
.../python/python3/cgi_py.patch | 3 +-
.../python/python3/crosspythonpath.patch | 5 +-
.../python3/deterministic_imports.patch | 5 +-
.../python/python3/makerace.patch | 6 +-
.../{python3_3.12.6.bb => python3_3.12.8.bb} | 2 +-
.../libarchive/CVE-2024-20696.patch | 115 +++++
.../libarchive/libarchive_3.7.4.bb | 3 +-
...stat_runtime-changed-in-Linux-6.6.66.patch | 51 ++
.../lttng/lttng-modules_2.13.12.bb | 1 +
...at-most-64-channels-to-NONE-position.patch | 35 ++
...at-most-64-channels-to-NONE-position.patch | 41 ++
...ck-writes-to-GstOggStream.vorbis_mod.patch | 80 ++++
...w-and-fix-per-format-min_packet_size.patch | 168 +++++++
...for-closing-brace-after-opening-brac.patch | 38 ++
...se-strstr-on-strings-that-are-potent.patch | 99 ++++
...parsing-extended-header-if-not-enoug.patch | 64 +++
...-print-channel-layout-for-more-than-.patch | 38 ++
...or-NULL-return-of-strchr-when-parsin.patch | 39 ++
.../gstreamer1.0-plugins-base_1.22.12.bb | 9 +
...o-sized-boxes-instead-of-stopping-to.patch | 124 +++++
...ger-overflow-when-allocating-the-sam.patch | 63 +++
...Fix-debug-output-during-trun-parsing.patch | 72 +++
...erate-over-all-trun-entries-if-none-.patch | 35 ++
...zes-of-stsc-stco-stts-before-trying-.patch | 63 +++
...e-only-an-even-number-of-bytes-is-pr.patch | 44 ++
...e-enough-data-is-available-before-re.patch | 120 +++++
...th-checks-and-offsets-in-stsd-entry-.patch | 450 ++++++++++++++++++
...r-handling-when-parsing-cenc-sample-.patch | 56 +++
...e-there-are-enough-offsets-to-read-w.patch | 49 ++
...-handle-errors-returns-from-various-.patch | 97 ++++
...r-invalid-atom-length-when-extractin.patch | 36 ++
...size-check-for-parsing-SMI-SEQH-atom.patch | 37 ++
...ck-if-initializing-the-video-info-ac.patch | 53 +++
...ly-unmap-GstMapInfo-in-WavPack-heade.patch | 60 +++
...x-off-by-one-when-parsing-multi-chan.patch | 35 ++
...eck-for-big-enough-WavPack-codec-pri.patch | 43 ++
...n-t-take-data-out-of-an-empty-adapte.patch | 51 ++
...ip-over-laces-directly-when-postproc.patch | 52 ++
...ip-over-zero-sized-Xiph-stream-heade.patch | 43 ++
...t-a-copy-of-the-codec-data-into-the-.patch | 44 ++
...ly-error-out-on-negotiation-failures.patch | 99 ++++
...teger-overflow-when-parsing-Theora-e.patch | 44 ++
...size-checks-and-avoid-overflows-when.patch | 46 ++
...or-short-reads-when-parsing-headers-.patch | 174 +++++++
...re-enough-data-for-the-tag-list-tag-.patch | 41 ++
...7-wavparse-Fix-parsing-of-acid-chunk.patch | 65 +++
...hat-at-least-4-bytes-are-available-b.patch | 37 ++
...hat-at-least-32-bytes-are-available-.patch | 40 ++
...ix-clipping-of-size-to-the-file-size.patch | 47 ++
...Check-size-before-reading-ds64-chunk.patch | 41 ++
.../gstreamer1.0-plugins-good_1.22.12.bb | 34 +-
...integer-overflow-when-allocating-sys.patch | 56 +++
.../gstreamer/gstreamer1.0_1.22.12.bb | 14 +
76 files changed, 3226 insertions(+), 101 deletions(-)
rename meta/recipes-core/libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} (97%)
rename meta/recipes-devtools/python/{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} (78%)
rename meta/recipes-devtools/python/{python3_3.12.6.bb => python3_3.12.8.bb} (99%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
--
2.43.0
next reply other threads:[~2025-01-04 13:42 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-04 13:41 Steve Sakoman [this message]
2025-01-04 13:41 ` [OE-core][scarthgap 01/25] gstreamer1.0-plugins-good: fix several CVEs Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 02/25] gstreamer1.0-plugins-base: patch CVE-2024-47538 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 03/25] gstreamer1.0-plugins-base: patch CVE-2024-47607 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 04/25] gstreamer1.0-plugins-base: patch CVE-2024-47615 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 05/25] gstreamer1.0-plugins-good: patch CVE-2024-47613 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 06/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 07/25] gstreamer1.0-plugins-base: patch CVE-2024-47541 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 08/25] gstreamer1.0-plugins-base: patch CVE-2024-47542 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 09/25] gstreamer1.0-plugins-good: patch CVE-2024-47599 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 10/25] gstreamer1.0-plugins-base: patch CVE-2024-47600 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 11/25] gstreamer1.0-plugins-good: patch CVE-2024-47606 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 12/25] " Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 13/25] gstreamer1.0-plugins-good: patch CVE-2024-47774 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 14/25] gstreamer1.0-plugins-good: patch several CVEs Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 15/25] gstreamer1.0-plugins-base: patch CVE-2024-47835 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 16/25] gstreamer1.0: ignore CVEs fixed in plugins recipes Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 17/25] libarchive: Fix CVE-2024-20696 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 18/25] python3: upgrade 3.12.6 -> 3.12.7 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 19/25] python3: upgrade 3.12.7 -> 3.12.8 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 20/25] libxml2: Upgrade 2.12.8 -> 2.12.9 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 21/25] python3-requests: upgrade 2.32.0 -> 2.32.3 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 22/25] populate_sdk_ext: write_local_conf add shutil import Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 23/25] lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66 Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 24/25] ovmf-native: remove .pyc files from install Steve Sakoman
2025-01-04 13:41 ` [OE-core][scarthgap 25/25] sanity.bbclass: skip check_userns for non-local uid Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2026-02-09 9:28 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-06-05 22:33 Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1735997984.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.