[thud 00/18] thud pull request

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [thud 00/18] thud pull request
Date: Mon, 16 Dec 2019 07:59:50 -0800	[thread overview]
Message-ID: <cover.1576511913.git.akuster808@gmail.com> (raw)

Here are the next series for thud. Passed A-full


The following changes since commit cd7cf933b3235560ec71576d8f3836dff736a39f:

  build-appliance-image: Update to thud head revision (2019-10-17 16:45:34 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/thud-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/thud-next

Armin Kuster (1):
  linux-yocto/4.14: update to 4.14.154

Dan Tran (2):
  tar: Fix CVE-2018-20482
  sudo: Fix CVE-2019-14287

Jed (1):
  at-spi2: fix dbus-daemon path

Khem Raj (1):
  sdk: Install nativesdk locales for all TCLIBC variants

Ross Burton (12):
  cve-check: backport rewrite from master
  cve-check: ensure all known CVEs are in the report
  cve-check: failure to parse versions should be more visible
  cve-check: we don't actually need to unpack to check
  cve-update-db-native: don't refresh more than once an hour
  cve-update-db-native: don't hardcode the database name
  cve-update-db-native: add an index on the CVE ID column
  cve-update-db-native: clean up proxy handling
  cve-check: rewrite look to fix false negatives
  cve-check: neaten get_cve_info
  cve-check: fetch CVE data once at a time instead of in a single call
  glibc: finish incomplete fix for CVE-2016-10739

Shubham Agrawal (1):
  libgcrypt: CVE-2019-12904

 meta/classes/cve-check.bbclass                     | 181 ++--
 meta/conf/distro/include/maintainers.inc           |   1 +
 meta/lib/oe/sdk.py                                 |   4 -
 meta/recipes-core/glibc/glibc-locale.inc           |   3 +
 meta/recipes-core/glibc/glibc-mtrace.inc           |   3 +
 meta/recipes-core/glibc/glibc-scripts.inc          |   3 +
 meta/recipes-core/glibc/glibc/CVE-2016-10739.patch | 910 ++++++++++++++++++++-
 meta/recipes-core/meta/cve-update-db-native.bb     | 185 +++++
 .../cve-check-tool/cve-check-tool_5.6.4.bb         |  62 --
 ...01-Fix-freeing-memory-allocated-by-sqlite.patch |  50 --
 ...ow-overriding-default-CA-certificate-file.patch | 215 -----
 ...ogress-in-percent-when-downloading-CVE-db.patch | 135 ---
 ...are-computed-vs-expected-sha256-digit-str.patch |  52 --
 .../check-for-malloc_trim-before-using-it.patch    |  51 --
 .../sudo/sudo/CVE-2019-14287_p1.patch              | 170 ++++
 .../sudo/sudo/CVE-2019-14287_p2.patch              |  98 +++
 meta/recipes-extended/sudo/sudo_1.8.23.bb          |   2 +
 meta/recipes-extended/tar/tar/CVE-2018-20482.patch | 405 +++++++++
 meta/recipes-extended/tar/tar_1.30.bb              |   1 +
 meta/recipes-kernel/linux/linux-yocto-rt_4.14.bb   |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.14.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.14.bb      |  20 +-
 meta/recipes-support/atk/at-spi2-core_2.28.0.bb    |   2 +-
 .../libgcrypt/files/CVE-2019-12904_p1.patch        | 176 ++++
 .../libgcrypt/files/CVE-2019-12904_p2.patch        | 330 ++++++++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   2 +
 26 files changed, 2410 insertions(+), 663 deletions(-)
 create mode 100644 meta/recipes-core/meta/cve-update-db-native.bb
 delete mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch
 delete mode 100644 meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2018-20482.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch

-- 
2.7.4

next             reply	other threads:[~2019-12-16 16:00 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-16 15:59 Armin Kuster [this message]
2019-12-16 15:59 ` [thud 01/18] at-spi2: fix dbus-daemon path Armin Kuster
2019-12-16 15:59 ` [thud 02/18] sdk: Install nativesdk locales for all TCLIBC variants Armin Kuster
2019-12-16 15:59 ` [thud 03/18] libgcrypt: CVE-2019-12904 Armin Kuster
2019-12-16 15:59 ` [thud 04/18] tar: Fix CVE-2018-20482 Armin Kuster
2019-12-16 15:59 ` [thud 05/18] sudo: Fix CVE-2019-14287 Armin Kuster
2019-12-16 15:59 ` [thud 06/18] cve-check: backport rewrite from master Armin Kuster
2019-12-16 15:59 ` [thud 07/18] cve-check: ensure all known CVEs are in the report Armin Kuster
2019-12-16 15:59 ` [thud 08/18] cve-check: failure to parse versions should be more visible Armin Kuster
2019-12-16 15:59 ` [thud 09/18] cve-check: we don't actually need to unpack to check Armin Kuster
2019-12-16 16:00 ` [thud 10/18] cve-update-db-native: don't refresh more than once an hour Armin Kuster
2019-12-16 16:00 ` [thud 11/18] cve-update-db-native: don't hardcode the database name Armin Kuster
2019-12-16 16:00 ` [thud 12/18] cve-update-db-native: add an index on the CVE ID column Armin Kuster
2019-12-16 16:00 ` [thud 13/18] cve-update-db-native: clean up proxy handling Armin Kuster
2019-12-16 16:00 ` [thud 14/18] cve-check: rewrite look to fix false negatives Armin Kuster
2019-12-16 16:00 ` [thud 15/18] cve-check: neaten get_cve_info Armin Kuster
2019-12-16 16:00 ` [thud 16/18] cve-check: fetch CVE data once at a time instead of in a single call Armin Kuster
2019-12-16 16:00 ` [thud 17/18] glibc: finish incomplete fix for CVE-2016-10739 Armin Kuster
2019-12-16 16:00 ` [thud 18/18] linux-yocto/4.14: update to 4.14.154 Armin Kuster
2019-12-17  3:51 ` [thud 00/18] thud pull request Adrian Bunk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1576511913.git.akuster808@gmail.com \
    --to=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox