* [OE-core][dunfell 0/7] Patch review
@ 2020-08-17 15:11 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch Steve Sakoman
` (6 more replies)
0 siblings, 7 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.
Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt):
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265
The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489:
uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (3):
linux-yocto-rt/5.4: update to rt32
linux-yocto/5.4: update to v5.4.56
linux-yocto/5.4: update to v5.4.57
Khem Raj (4):
glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
gcc-9.3.inc: Mark CVE-2019-15847 as fixed
go: update 1.14.4 -> 1.14.6
go: Upgrade to 1.14.7
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/0016-Add-unused-attribute.patch | 31 ---
.../glibc/glibc/CVE-2020-6096.patch | 112 ----------
.../glibc/glibc/CVE-2020-6096_2.patch | 194 ------------------
meta/recipes-core/glibc/glibc_2.31.bb | 5 +-
meta/recipes-devtools/gcc/gcc-9.3.inc | 2 +
meta/recipes-devtools/go/go-1.14.inc | 5 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
10 files changed, 24 insertions(+), 363 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 2/7] gcc-9.3.inc: Mark CVE-2019-15847 as fixed Steve Sakoman
` (5 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Drop 0016-Add-unused-attribute.patch since its fixed by Rewrite iconv
option parsing [BZ #19519] [1]
Upgrade to latest on 2.31 branch which brings following bug fixes
* 6fdf971c9db (origin/release/2.31/master) Add NEWS entry for CVE-2016-10228 (bug 19519)
* 70d585151c0 Rewrite iconv option parsing [BZ #19519]
* 1c8efe848bf powerpc: Fix incorrect cache line size load in memset (bug 26332)
* 7611339a9b5 nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
* 21b760cc2fa Disable warnings due to deprecated libselinux symbols used by nss and nscd
* 6f3459f9859 Add NEWS entry for CVE-2020-6096 (bug 25620)
* 64246fccafc arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
* 9bbd2b61729 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
* 4e8a33a9590 NEWS: Mention BZ 25933 fix
* fd15ba932d2 Fix avx2 strncmp offset compare condition check [BZ #25933]
* 3a44844c97a nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
* c8391752678 aarch64: fix strcpy and strnlen for big-endian [BZ #25824]
* 10947412240 aarch64: Accept PLT calls to __getauxval within libc.so
* a98b8b221cf NEWS: Mention fixes for BZ 25810/25896/25902/25966
* 4c833bbebe3 x86-64: Use RDX_LP on __x86_shared_non_temporal_threshold [BZ #25966]
* 3b9ceb33204 NEWS: Mention bug 25639 fixed in 2.31 branch
* bb44fe7711a oc_FR locale: Fix spelling of April (bug 25639)
* f2ac7920474 oc_FR locale: Fix spelling of Thursday (bug 25639)
* 18fdba553dd Add a C wrapper for prctl [BZ #25896]
* 7c9e054afdd powerpc: Rename argN to _argN in LOADARGS_N [BZ #25902]
* 9c5ae39a644 Add C wrappers for process_vm_readv/process_vm_writev [BZ #25810]
* 63c3696a4ac Mark unsigned long arguments with U in more syscalls [BZ #25810]
* 5b9d49293b7 Add a syscall test for [BZ #25810]
* 496b5963a75 Add SYSCALL_ULONG_ARG_[12] to pass long to syscall [BZ #25810]
* 04330f85263 x32: Properly pass long to syscall [BZ #25810]
* de371d1581f Fix build with GCC 10 when long double = double.
* ece4e11d55d Add new file missed in previous hppa commit.
* 91b909315c4 Fix data race in setting function descriptors during lazy binding on hppa.
* b999c0098ae nios2: delete sysdeps/unix/sysv/linux/nios2/kernel-features.h
* 54ba2541b3a mips: Fix bracktrace result for signal frames
* 83d3eec6728 stdlib: Move tst-system to tests-container
* ad9b0037ccc support/shell-container.c: Add builtin kill
* 2448ba1d724 support/shell-container.c: Add builtin exit
* 5810e6d75ff support/shell-container.c: Return 127 if execve fails
* d39fb022c26 Add NEWS entry for CVE-2020-1751 (bug 25423)
* 46bbbd46223 posix: Fix system error return value [BZ #25715]
* 3937f6806d9 Add NEWS entry for CVE-2020-1752 (bug 25414)
* ab029a2801d Fix use-after-free in glob when expanding ~user (bug 25414)
* a3189fb15b4 Update syscall lists for Linux 5.5.
* 05c08d5aea9 NEWS: update list of bugs fixed on the 2.31 branch
* 123d48b33a5 Add NEWS entry for CVE-2020-10029 (bug 25487)
* 03f44ce0938 math/test-sinl-pseudo: Use stack protector only if available
* e85a88e00c1 sparc: Move sigreturn stub to assembly
* a9ae2062d57 arm: Fix softp-fp Implies (BZ #25635)
* da6ce60e3cb linux/sysipc: Include linux/posix_types.h for __kernel_mode_t
* 9db2970506c linux: Clear mode_t padding bits (BZ#25623)
* 44f2c26ee4f i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543)
* f2d95cf030f Improve IFUNC check [BZ #25506]
* 9f997ceca28 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487).
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=70d585151c03ede999bd2ad5a724243914cb5f54
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/0016-Add-unused-attribute.patch | 31 ---
.../glibc/glibc/CVE-2020-6096.patch | 112 ----------
.../glibc/glibc/CVE-2020-6096_2.patch | 194 ------------------
meta/recipes-core/glibc/glibc_2.31.bb | 5 +-
5 files changed, 2 insertions(+), 342 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index c2d68979eb..3bcd336de4 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.31/master"
PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"
+SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch b/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
deleted file mode 100644
index 574e7c3503..0000000000
--- a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 18 Mar 2015 00:28:41 +0000
-Subject: [PATCH] Add unused attribute
-
-Helps in avoiding gcc warning when header is is included in
-a source file which does not use both functions
-
- * iconv/gconv_charset.h (strip):
- Add unused attribute.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Upstream-Status: Pending
----
- iconv/gconv_charset.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
-index 348acc089b..fa92465d89 100644
---- a/iconv/gconv_charset.h
-+++ b/iconv/gconv_charset.h
-@@ -21,7 +21,7 @@
- #include <locale.h>
-
-
--static void
-+static void __attribute__ ((unused))
- strip (char *wp, const char *s)
- {
- int slash_count = 0;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
deleted file mode 100644
index 9c26f76432..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
-From: Alexander Anisimov <a.anisimov@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:31 +0200
-Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
- [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy.
-This commit fixes the armv7 version.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-index bf4ac7077f..379bb56fc9 100644
---- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-@@ -268,7 +268,7 @@ ENTRY(memcpy)
-
- mov dst, dstin /* Preserve dstin, we need to return it. */
- cmp count, #64
-- bge .Lcpy_not_short
-+ bhs .Lcpy_not_short
- /* Deal with small copies quickly by dropping straight into the
- exit block. */
-
-@@ -351,10 +351,10 @@ ENTRY(memcpy)
-
- 1:
- subs tmp2, count, #64 /* Use tmp2 for count. */
-- blt .Ltail63aligned
-+ blo .Ltail63aligned
-
- cmp tmp2, #512
-- bge .Lcpy_body_long
-+ bhs .Lcpy_body_long
-
- .Lcpy_body_medium: /* Count in tmp2. */
- #ifdef USE_VFP
-@@ -378,7 +378,7 @@ ENTRY(memcpy)
- add src, src, #64
- vstr d1, [dst, #56]
- add dst, dst, #64
-- bge 1b
-+ bhs 1b
- tst tmp2, #0x3f
- beq .Ldone
-
-@@ -412,7 +412,7 @@ ENTRY(memcpy)
- ldrd A_l, A_h, [src, #64]!
- strd A_l, A_h, [dst, #64]!
- subs tmp2, tmp2, #64
-- bge 1b
-+ bhs 1b
- tst tmp2, #0x3f
- bne 1f
- ldr tmp2,[sp], #FRAME_SIZE
-@@ -482,7 +482,7 @@ ENTRY(memcpy)
- add src, src, #32
-
- subs tmp2, tmp2, #prefetch_lines * 64 * 2
-- blt 2f
-+ blo 2f
- 1:
- cpy_line_vfp d3, 0
- cpy_line_vfp d4, 64
-@@ -494,7 +494,7 @@ ENTRY(memcpy)
- add dst, dst, #2 * 64
- add src, src, #2 * 64
- subs tmp2, tmp2, #prefetch_lines * 64
-- bge 1b
-+ bhs 1b
-
- 2:
- cpy_tail_vfp d3, 0
-@@ -615,8 +615,8 @@ ENTRY(memcpy)
- 1:
- pld [src, #(3 * 64)]
- subs count, count, #64
-- ldrmi tmp2, [sp], #FRAME_SIZE
-- bmi .Ltail63unaligned
-+ ldrlo tmp2, [sp], #FRAME_SIZE
-+ blo .Ltail63unaligned
- pld [src, #(4 * 64)]
-
- #ifdef USE_NEON
-@@ -633,7 +633,7 @@ ENTRY(memcpy)
- neon_load_multi d0-d3, src
- neon_load_multi d4-d7, src
- subs count, count, #64
-- bmi 2f
-+ blo 2f
- 1:
- pld [src, #(4 * 64)]
- neon_store_multi d0-d3, dst
-@@ -641,7 +641,7 @@ ENTRY(memcpy)
- neon_store_multi d4-d7, dst
- neon_load_multi d4-d7, src
- subs count, count, #64
-- bpl 1b
-+ bhs 1b
- 2:
- neon_store_multi d0-d3, dst
- neon_store_multi d4-d7, dst
---
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
deleted file mode 100644
index 905e44c8e3..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
-From: Evgeny Eremin <e.eremin@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:19 +0200
-Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
- length [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy and memmove.
-This commit fixes the generic arm implementation of memcpy amd memmove.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #2
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/memcpy.S | 24 ++++++++++--------------
- sysdeps/arm/memmove.S | 24 ++++++++++--------------
- 2 files changed, 20 insertions(+), 28 deletions(-)
-
-diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
-index 510e8adaf2..bcfbc51d99 100644
---- a/sysdeps/arm/memcpy.S
-+++ b/sysdeps/arm/memcpy.S
-@@ -68,7 +68,7 @@ ENTRY(memcpy)
- cfi_remember_state
-
- subs r2, r2, #4
-- blt 8f
-+ blo 8f
- ands ip, r0, #3
- PLD( pld [r1, #0] )
- bne 9f
-@@ -82,7 +82,7 @@ ENTRY(memcpy)
- cfi_rel_offset (r6, 4)
- cfi_rel_offset (r7, 8)
- cfi_rel_offset (r8, 12)
-- blt 5f
-+ blo 5f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb r3, ip, #32 )
-@@ -98,9 +98,9 @@ ENTRY(memcpy)
- #endif
-
- PLD( pld [r1, #0] )
--2: PLD( subs r2, r2, #96 )
-+2: PLD( cmp r2, #96 )
- PLD( pld [r1, #28] )
-- PLD( blt 4f )
-+ PLD( blo 4f )
- PLD( pld [r1, #60] )
- PLD( pld [r1, #92] )
-
-@@ -108,9 +108,7 @@ ENTRY(memcpy)
- 4: ldmia r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- subs r2, r2, #32
- stmia r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-- bge 3b
-- PLD( cmn r2, #96 )
-- PLD( bge 4b )
-+ bhs 3b
-
- 5: ands ip, r2, #28
- rsb ip, ip, #32
-@@ -222,7 +220,7 @@ ENTRY(memcpy)
- strbge r4, [r0], #1
- subs r2, r2, ip
- strb lr, [r0], #1
-- blt 8b
-+ blo 8b
- ands ip, r1, #3
- beq 1b
-
-@@ -236,7 +234,7 @@ ENTRY(memcpy)
- .macro forward_copy_shift pull push
-
- subs r2, r2, #28
-- blt 14f
-+ blo 14f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb ip, ip, #32 )
-@@ -253,9 +251,9 @@ ENTRY(memcpy)
- cfi_rel_offset (r10, 16)
-
- PLD( pld [r1, #0] )
-- PLD( subs r2, r2, #96 )
-+ PLD( cmp r2, #96 )
- PLD( pld [r1, #28] )
-- PLD( blt 13f )
-+ PLD( blo 13f )
- PLD( pld [r1, #60] )
- PLD( pld [r1, #92] )
-
-@@ -280,9 +278,7 @@ ENTRY(memcpy)
- mov ip, ip, PULL #\pull
- orr ip, ip, lr, PUSH #\push
- stmia r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
-- bge 12b
-- PLD( cmn r2, #96 )
-- PLD( bge 13b )
-+ bhs 12b
-
- pop {r5 - r8, r10}
- cfi_adjust_cfa_offset (-20)
-diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
-index 954037ef3a..0d07b76ee6 100644
---- a/sysdeps/arm/memmove.S
-+++ b/sysdeps/arm/memmove.S
-@@ -85,7 +85,7 @@ ENTRY(memmove)
- add r1, r1, r2
- add r0, r0, r2
- subs r2, r2, #4
-- blt 8f
-+ blo 8f
- ands ip, r0, #3
- PLD( pld [r1, #-4] )
- bne 9f
-@@ -99,7 +99,7 @@ ENTRY(memmove)
- cfi_rel_offset (r6, 4)
- cfi_rel_offset (r7, 8)
- cfi_rel_offset (r8, 12)
-- blt 5f
-+ blo 5f
-
- CALGN( ands ip, r1, #31 )
- CALGN( sbcsne r4, ip, r2 ) @ C is always set here
-@@ -114,9 +114,9 @@ ENTRY(memmove)
- #endif
-
- PLD( pld [r1, #-4] )
--2: PLD( subs r2, r2, #96 )
-+2: PLD( cmp r2, #96 )
- PLD( pld [r1, #-32] )
-- PLD( blt 4f )
-+ PLD( blo 4f )
- PLD( pld [r1, #-64] )
- PLD( pld [r1, #-96] )
-
-@@ -124,9 +124,7 @@ ENTRY(memmove)
- 4: ldmdb r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- subs r2, r2, #32
- stmdb r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-- bge 3b
-- PLD( cmn r2, #96 )
-- PLD( bge 4b )
-+ bhs 3b
-
- 5: ands ip, r2, #28
- rsb ip, ip, #32
-@@ -237,7 +235,7 @@ ENTRY(memmove)
- strbge r4, [r0, #-1]!
- subs r2, r2, ip
- strb lr, [r0, #-1]!
-- blt 8b
-+ blo 8b
- ands ip, r1, #3
- beq 1b
-
-@@ -251,7 +249,7 @@ ENTRY(memmove)
- .macro backward_copy_shift push pull
-
- subs r2, r2, #28
-- blt 14f
-+ blo 14f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb ip, ip, #32 )
-@@ -268,9 +266,9 @@ ENTRY(memmove)
- cfi_rel_offset (r10, 16)
-
- PLD( pld [r1, #-4] )
-- PLD( subs r2, r2, #96 )
-+ PLD( cmp r2, #96 )
- PLD( pld [r1, #-32] )
-- PLD( blt 13f )
-+ PLD( blo 13f )
- PLD( pld [r1, #-64] )
- PLD( pld [r1, #-96] )
-
-@@ -295,9 +293,7 @@ ENTRY(memmove)
- mov r4, r4, PUSH #\push
- orr r4, r4, r3, PULL #\pull
- stmdb r0!, {r4 - r8, r10, ip, lr}
-- bge 12b
-- PLD( cmn r2, #96 )
-- PLD( bge 13b )
-+ bhs 12b
-
- pop {r5 - r8, r10}
- cfi_adjust_cfa_offset (-20)
---
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index e8e11f5438..3d486fbb59 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,7 @@
require glibc.inc
require glibc-version.inc
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
DEPENDS += "gperf-native bison-native make-native"
@@ -28,7 +28,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
- file://0016-Add-unused-attribute.patch \
file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
@@ -42,8 +41,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
file://0028-inject-file-assembly-directives.patch \
file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
- file://CVE-2020-6096.patch \
- file://CVE-2020-6096_2.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 2/7] gcc-9.3.inc: Mark CVE-2019-15847 as fixed
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 3/7] go: update 1.14.4 -> 1.14.6 Steve Sakoman
` (4 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
We do not have explicit patch to mark it and cve checker gets confused,
so help it out
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-9.3.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc
index b0411078d3..38dee001d4 100644
--- a/meta/recipes-devtools/gcc/gcc-9.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.3.inc
@@ -23,6 +23,8 @@ LIC_FILES_CHKSUM = "\
file://COPYING.RUNTIME;md5=fe60d87048567d4fe8c8a0ed2448bcc8 \
"
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.xz"
#RELEASE ?= "5a5ca2d"
#BASEURI ?= "https://repo.or.cz/official-gcc.git/snapshot/${RELEASE}.tar.gz;downloadfilename=gcc-${RELEASE}.tar.gz"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 3/7] go: update 1.14.4 -> 1.14.6
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 2/7] gcc-9.3.inc: Mark CVE-2019-15847 as fixed Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 4/7] go: Upgrade to 1.14.7 Steve Sakoman
` (3 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
(cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
(cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
(cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index c52593db6b..64c2768f7e 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.14"
-GO_MINOR = ".1"
+GO_MINOR = ".6"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -18,5 +18,4 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
+SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 4/7] go: Upgrade to 1.14.7
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (2 preceding siblings ...)
2020-08-17 15:11 ` [OE-core][dunfell 3/7] go: update 1.14.4 -> 1.14.6 Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 5/7] linux-yocto-rt/5.4: update to rt32 Steve Sakoman
` (2 subsequent siblings)
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
CVE_CHECK_WHITELIST += "CVE-2020-16845"
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91580c9d335e0fbee95f94be6f9b34298d3e9a48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 64c2768f7e..8f8ed89de8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.14"
-GO_MINOR = ".6"
+GO_MINOR = ".7"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -18,4 +18,4 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
+SRC_URI[main.sha256sum] = "064392433563660c73186991c0a315787688e7c38a561e26647686f89b6c30e3"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 5/7] linux-yocto-rt/5.4: update to rt32
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (3 preceding siblings ...)
2020-08-17 15:11 ` [OE-core][dunfell 4/7] go: Upgrade to 1.14.7 Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 6/7] linux-yocto/5.4: update to v5.4.56 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 7/7] linux-yocto/5.4: update to v5.4.57 Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/5.4:
2739bdb0bfa0 Linux 5.4.54-rt32
0124e412ea96 Linux 5.4.52-rt31
d85676a72421 Linux 5.4.49-rt30
72bbd8083a44 Linux 5.4.48-rt29
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b21783c173594e5dac3c437e290b26643382c2e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index ec0beeba76..6d3adb5dbd 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,8 +11,8 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "37478f8c6f336b271b26e783c14bcaf7fa8ca9a6"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_machine ?= "2739bdb0bfa0d9b423ffa940150e539c80bc0bfd"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 9881b09a9f..3cc8537973 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine_qemuarm ?= "58d322d637edd20fe24aadfdc0d621f63700c009"
SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 3829748269..7904850317 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -21,7 +21,7 @@ SRCREV_machine_qemux86 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
SRCREV_machine_qemux86-64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
SRCREV_machine_qemumips64 ?= "3a515b583c3efc896cafa4f7f1e784456a360f8f"
SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 6/7] linux-yocto/5.4: update to v5.4.56
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (4 preceding siblings ...)
2020-08-17 15:11 ` [OE-core][dunfell 5/7] linux-yocto-rt/5.4: update to rt32 Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 7/7] linux-yocto/5.4: update to v5.4.57 Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
1b940bbc5c55 Linux 5.4.56
df35e878d0a5 perf bench: Share some global variables to fix build with gcc 10
702d1b287fd2 perf env: Do not return pointers to local variables
73d2d6b421df perf tests bp_account: Make global variable static
39568546706f x86/i8259: Use printk_deferred() to prevent deadlock
01ac46c6baf0 KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
fd412846a6ec KVM: arm64: Don't inherit exec permission across page-table levels
1aff51292ee8 drivers/net/wan: lapb: Corrected the usage of skb_cow
f88c909dc28c RISC-V: Set maximum number of mapped pages correctly
e3043abb5baa xen-netfront: fix potential deadlock in xennet_remove()
a7b488d65d39 cxgb4: add missing release on skb in uld_send()
5f4e6b874b57 x86/stacktrace: Fix reliable check for empty user task stacks
32344d2993b0 x86/unwind/orc: Fix ORC for newly forked tasks
a14d6a9ddf33 Revert "i2c: cadence: Fix the hold bit setting"
df366abb9c8f net: ethernet: ravb: exit if re-initialization fails in tx timeout
ac7c3b8f34ec parisc: add support for cmpxchg on u8 pointers
a0ba41317c89 scsi: core: Run queue in case of I/O resource contention failure
0ac155dcf048 nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
50c5f89637bc selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support
78c7532b80c6 qed: Disable "MFW indication via attention" SPAM every 5 minutes
6e4620df9cbc selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion
5b235c1d9022 usb: hso: Fix debug compile warning on sparc32
cac2b7ad0915 vxlan: fix memleak of fdb
1df0000b30cd perf tools: Fix record failure when mixed with ARM SPE event
568995fb61e7 net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
e68b7b9b03fb net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe()
1158aa743a0b net: nixge: fix potential memory leak in nixge_probe()
9acd96f14a49 Bluetooth: fix kernel oops in store_pending_adv_report
3bb2f52ad9e7 arm64: csum: Fix handling of bad packets
8a90b436a0c9 arm64/alternatives: move length validation inside the subsection
4a50753aacb5 mac80211: mesh: Free pending skb when destroying a mpath
3f15e3e62c80 mac80211: mesh: Free ie data when leaving mesh
fe58e3dd6e11 bpf: Fix map leak in HASH_OF_MAPS map
43c390b751ba ibmvnic: Fix IRQ mapping disposal in error path
ea559138b331 mlxsw: core: Free EMAD transactions using kfree_rcu()
57f498ced731 mlxsw: core: Increase scope of RCU read-side critical section
0f424eda4705 mlx4: disable device on shutdown
c3883876d3f1 rhashtable: Fix unprotected RCU dereference in __rht_ptr
b1d629d32910 net: lan78xx: fix transfer-buffer memory leak
9db3040eb952 net: lan78xx: add missing endpoint sanity check
32ec4441cca1 net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev
475cbcef491a net/mlx5e: Modify uplink state on interface up/down
43608372b84d net/mlx5: Verify Hardware supports requested ptp function on a given pin
8901896f69d4 net/mlx5e: Fix error path of device attach
00bedd730d1f net/mlx5: E-switch, Destroy TSAR when fail to enable the mode
d70f9a3cc32c net: hns3: fix aRFS FD rules leftover after add a user FD rule
475b8d619268 net: hns3: fix a TX timeout issue
5fc02e8d1bfd sh: Fix validation of system call number
2f2674997dfb sh/tlb: Fix PGTABLE_LEVELS > 2
222dbeca05fb selftests/net: so_txtime: fix clang issues for target arch PowerPC
d817b2c8d3cf selftests/net: psock_fanout: fix clang issues for target arch PowerPC
22f84cce9527 selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
831c904a0f68 nvme-tcp: fix possible hang waiting for icresp response
9a1d0084cbe1 ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds
731e013e33b3 xfrm: Fix crash when the hold queue is used.
a4c902887f1d ARM: dts sunxi: Relax a bit the CMA pool allocation range
0307da686660 xfrm: policy: match with both mark and mask on user interfaces
bbb13adb07af net/x25: Fix null-ptr-deref in x25_disconnect
69cd304cfa5c net/x25: Fix x25_neigh refcnt leak when x25 disconnect
c2fd34d43110 libtraceevent: Fix build with binutils 2.35
2ec69499b758 rds: Prevent kernel-infoleak in rds_notify_queue_get()
6a9428427da1 drm: hold gem reference until object is no longer accessed
7eef3b463d88 drm/dbi: Fix SPI Type 1 (9-bit) transfer
8ea180f1c7ec drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
f1b4bdde2bdc drm/amd/display: Clear dm_state for fast updates
22d3202e51a7 Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
cea6633d5382 virtio_balloon: fix up endian-ness for free cmd id
c2f787f904e0 ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect
b9274613114a ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2
c4738c67a569 ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2
3b7e4a5ba95d ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
b8fa0b037047 wireless: Use offsetof instead of custom macro.
d3472f74d229 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
96f105943cff vhost/scsi: fix up req type endian-ness
951117a2079b IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE
dc731d262811 ALSA: hda/hdmi: Fix keep_power assignment for non-component devices
6a67b05c6f30 ALSA: hda/realtek - Fixed HP right speaker no sound
09832a9e0b76 ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256)
e9f147c937a5 ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289
cd76d30f51fb ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289
6d84a8cf8a02 ALSA: usb-audio: Add implicit feedback quirk for SSL2
47e20933814f mm/filemap.c: don't bother dropping mmap_sem for zero size readahead
140210554274 PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
2ff65580d477 ath10k: enable transmit data ack RSSI for QCA9884
98cef10fbcca sunrpc: check that domain table is empty at module unload.
84da97713b91 media: rc: prevent memory leak in cx23888_ir_probe
ecfa7fa198fc crypto: ccp - Release all allocated memory if sha type is invalid
169b93899c7d Linux 5.4.55
909dbf09cd01 Revert "dpaa_eth: fix usage as DSA master, try 3"
4918285a6c7d PM: wakeup: Show statistics for deleted wakeup sources again
59242fa1d2ba regmap: debugfs: check count when read regmap file
df89c1ee034c udp: Improve load balancing for SO_REUSEPORT.
6735c126d272 udp: Copy has_conns in reuseport_grow().
86512c6938a9 sctp: shrink stream outq when fails to do addstream reconf
46e7c7efc30d sctp: shrink stream outq only when new outcnt < old outcnt
bbf6af4a938a AX.25: Prevent integer overflows in connect and sendmsg
182ffc66456b tcp: allow at most one TLP probe per flight
e2f904fd79a0 rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
01c928350641 rtnetlink: Fix memory(net_device) leak when ->newlink fails
b7d3d6df72a8 qrtr: orphan socket in qrtr_release()
2bf797a8691a net: udp: Fix wrong clean up for IS_UDPLITE macro
274b40b6df6c net-sysfs: add a newline when printing 'tx_timeout' by sysfs
8d9f13dd400c ip6_gre: fix null-ptr-deref in ip6gre_init_net()
fbcd85cd11de drivers/net/wan/x25_asy: Fix to make it work
d109acd58052 dev: Defer free of skbs in flush_backlog
52aeeec1a635 AX.25: Prevent out-of-bounds read in ax25_sendmsg()
2f1624faf647 AX.25: Fix out-of-bounds read in ax25_connect()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a9b3ecf377a1c01979311dc7082c401c957ca6ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 6d3adb5dbd..56f6c2462a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "2739bdb0bfa0d9b423ffa940150e539c80bc0bfd"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine ?= "de6b368e4875392d9dc0342a0991f74285e4955d"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 3cc8537973..4aeb560f2a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "58d322d637edd20fe24aadfdc0d621f63700c009"
-SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine_qemuarm ?= "0f2bcc4968dd118d71c06c59f3159b8fd0eafbe9"
+SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 7904850317..8874c40623 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "84e270de836971e9fec8e6acbe06f8a2e1405916"
-SRCREV_machine_qemuarm64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemumips ?= "f418fa62aec041e4c3b5c28df853a8c636fa2f62"
-SRCREV_machine_qemuppc ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemuriscv64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemux86 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemux86-64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemumips64 ?= "3a515b583c3efc896cafa4f7f1e784456a360f8f"
-SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine_qemuarm ?= "078735bf2317d85576c7d144b867c13c02dfc317"
+SRCREV_machine_qemuarm64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemumips ?= "7db7c284d5a9fb3a19d3c0ee1218be340cd48506"
+SRCREV_machine_qemuppc ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemuriscv64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemux86 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemux86-64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemumips64 ?= "dce45211b696761c4cef078eb682f278ea38a72b"
+SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 7/7] linux-yocto/5.4: update to v5.4.57
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
` (5 preceding siblings ...)
2020-08-17 15:11 ` [OE-core][dunfell 6/7] linux-yocto/5.4: update to v5.4.56 Steve Sakoman
@ 2020-08-17 15:11 ` Steve Sakoman
6 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-08-17 15:11 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
d9939285fc81 Linux 5.4.57
ca7ace8fd26d bpf: sockmap: Require attach_bpf_fd when detaching a program
9fe975acb53f selftests: bpf: Fix detach from sockmap tests
c77610435355 ext4: fix direct I/O read error
6330b0cb2ace arm64: Workaround circular dependency in pointer_auth.h
f06d60ff794a random32: move the pseudo-random 32-bit definitions to prandom.h
c131009987f2 random32: remove net_rand_state from the latent entropy gcc plugin
7471f3228e7a random: fix circular include dependency on arm64 after addition of percpu.h
50bf89625bba ARM: percpu.h: fix build error
c15a77bdda2c random32: update the net random state on interrupt and activity
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ea26a7e535c70998a5b9228185403e3f440042)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 56f6c2462a..24cc5353e3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "de6b368e4875392d9dc0342a0991f74285e4955d"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine ?= "9b7e1eef068382c132768964ccac22d35ac05d7b"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 4aeb560f2a..c4bdfd61b1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "0f2bcc4968dd118d71c06c59f3159b8fd0eafbe9"
-SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine_qemuarm ?= "afcbe2154b65d2ab1da70eaf38388b3c64366f8f"
+SRCREV_machine ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 8874c40623..8014d2ec29 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "078735bf2317d85576c7d144b867c13c02dfc317"
-SRCREV_machine_qemuarm64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemumips ?= "7db7c284d5a9fb3a19d3c0ee1218be340cd48506"
-SRCREV_machine_qemuppc ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemuriscv64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemux86 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemux86-64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemumips64 ?= "dce45211b696761c4cef078eb682f278ea38a72b"
-SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine_qemuarm ?= "69c2cb15ed433d0c54548167b771aa86edf731b0"
+SRCREV_machine_qemuarm64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemumips ?= "f0d91ff7f58bb7b6e6676abce3b2e56d8031c7a5"
+SRCREV_machine_qemuppc ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemuriscv64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemux86 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemux86-64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemumips64 ?= "053475d8f61a47f2aa66f2be0ca6c668a73ff784"
+SRCREV_machine ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2020-09-18 16:15 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-09-18 16:15 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Monday.
The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:
cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Christophe GUIBOUT (1):
initramfs-framework: support kernel cmdline with double quotes
Geoff Parker (1):
systemd-serialgetty: Replace sed quoting using ' with " to allow var
expansion
Khem Raj (1):
populate_sdk_ext: Do not assume local.conf will always exist
Michael Gloff (1):
sysvinit: Remove ${B} assignment
Pierre-Jean Texier (1):
libubootenv: upgrade 0.3 -> 0.3.1
Rahul Kumar (1):
systemd-serialgetty: Fix sed expression quoting
Steve Sakoman (1):
Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 5 +++--
.../{libubootenv_0.3.bb => libubootenv_0.3.1.bb} | 2 +-
.../initrdscripts/initramfs-framework/init | 13 +++++++++++++
meta/recipes-core/systemd/systemd-serialgetty.bb | 4 ++--
meta/recipes-core/sysvinit/sysvinit_2.96.bb | 1 -
6 files changed, 20 insertions(+), 7 deletions(-)
rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2021-07-15 14:07 Steve Sakoman
2021-07-15 14:16 ` Andrej Valek
0 siblings, 1 reply; 22+ messages in thread
From: Steve Sakoman @ 2021-07-15 14:07 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350
The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrej Valek (1):
busybox: add tmpdir option into mktemp applet
Richard Purdie (3):
pseudo: Add uninative configuration sanity check
pseudo: Update to latest version including statx fix
sstate: Drop pseudo exclusion
Steve Sakoman (3):
bluez: fix CVE-2021-3588
gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
meta/classes/sstate.bbclass | 2 -
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++
.../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++
meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
meta/recipes-devtools/pseudo/pseudo.inc | 13 +++
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../gstreamer1.0-plugins-base_1.16.3.bb | 4 +
.../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++
9 files changed, 140 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch
create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][dunfell 0/7] Patch review
2021-07-15 14:07 Steve Sakoman
@ 2021-07-15 14:16 ` Andrej Valek
0 siblings, 0 replies; 22+ messages in thread
From: Andrej Valek @ 2021-07-15 14:16 UTC (permalink / raw)
To: steve@sakoman.com; +Cc: openembedded-core@lists.openembedded.org
Hello Steve,
Busybox patch looks fine.
Cheers,
Andrej
> Please review this next set of patches for dunfell and have comments back by end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0
>
> The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
>
> report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0
> Andrej Valek (1):
> busybox: add tmpdir option into mktemp applet
>
> Richard Purdie (3):
> pseudo: Add uninative configuration sanity check
> pseudo: Update to latest version including statx fix
> sstate: Drop pseudo exclusion
>
> Steve Sakoman (3):
> bluez: fix CVE-2021-3588
> gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
> gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
>
> meta/classes/sstate.bbclass | 2 -
> meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
> .../bluez5/bluez5/CVE-2021-3588.patch | 34 ++++++++
> .../0001-mktemp-add-tmpdir-option.patch | 81 +++++++++++++++++++
> meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
> meta/recipes-devtools/pseudo/pseudo.inc | 13 +++
> meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
> .../gstreamer1.0-plugins-base_1.16.3.bb | 4 +
> .../gstreamer1.0-plugins-good_1.16.3.bb | 5 ++
> 9 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch
> create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
>
> --
> 2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-03-30 2:27 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-03-30 2:27 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445
The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:
oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Steve Sakoman (7):
util-linux: fix CVE-2022-0563
xserver-xorg: update to 1.20.9
xserver-xorg: update to 1.20.10
xserver-xorg: update to 1.20.11
xserver-xorg: update to 1.20.12
xserver-xorg: update to 1.20.13
xserver-xorg: update to 1.20.14
.../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
.../util-linux/util-linux_2.35.1.bb | 1 +
.../xorg-xserver/xserver-xorg.inc | 2 +-
.../xserver-xorg/CVE-2020-14345.patch | 182 ------------------
.../xserver-xorg/CVE-2020-14346.patch | 36 ----
.../xserver-xorg/CVE-2020-14347.patch | 38 ----
.../xserver-xorg/CVE-2020-14360.patch | 132 -------------
.../xserver-xorg/CVE-2020-14361.patch | 36 ----
.../xserver-xorg/CVE-2020-14362.patch | 70 -------
.../xserver-xorg/CVE-2020-25712.patch | 102 ----------
...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} | 11 +-
11 files changed, 165 insertions(+), 606 deletions(-)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-07-29 15:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-07-29 15:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993
The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:
build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (5):
gnupg: CVE-2022-34903 possible signature forgery via injection into
the status line
grub2: Fix buffer underflow write in the heap
qemu: CVE-2022-35414 can perform an uninitialized read on the
translate_fail path, leading to an io_readx or io_writex crash
libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
Zero Error
libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config
nodes
Sana.Kazi (1):
libjpeg-turbo: Fix CVE-2021-46822
meta/classes/kernel-fitimage.bbclass | 5 +
.../grub/files/CVE-2021-3695.patch | 178 +++++++++++++++++
.../grub/files/CVE-2021-3696.patch | 46 +++++
.../grub/files/CVE-2021-3697.patch | 82 ++++++++
meta/recipes-bsp/grub/grub2.inc | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-35414.patch | 53 +++++
.../libtirpc/libtirpc/CVE-2021-46828.patch | 155 +++++++++++++++
.../libtirpc/libtirpc_1.2.6.bb | 4 +-
.../jpeg/files/CVE-2021-46822.patch | 133 +++++++++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 1 +
...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
.../gnupg/gnupg/CVE-2022-34903.patch | 44 +++++
meta/recipes-support/gnupg/gnupg_2.2.27.bb | 1 +
15 files changed, 890 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-09-08 2:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-09-08 2:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200
The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:
relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (1):
sqlite: CVE-2022-35737 assertion failure
Joshua Watt (1):
classes: cve-check: Get shared database lock
Ranjitsinh Rathod (2):
libarchive: Fix CVE-2021-23177 issue
libarchive: Fix CVE-2021-31566 issue
Richard Purdie (1):
vim: Upgrade 9.0.0242 -> 9.0.0341
Robert Joslyn (1):
curl: Backport patch for CVE-2022-35252
Ross Burton (1):
cve-check: close cursors as soon as possible
meta/classes/cve-check.bbclass | 36 ++--
.../recipes-core/meta/cve-update-db-native.bb | 51 ++---
.../libarchive/CVE-2021-23177.patch | 183 ++++++++++++++++++
.../libarchive/CVE-2021-31566-01.patch | 23 +++
.../libarchive/CVE-2021-31566-02.patch | 172 ++++++++++++++++
.../libarchive/libarchive_3.4.2.bb | 3 +
.../curl/curl/CVE-2022-35252.patch | 72 +++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
.../sqlite/files/CVE-2022-35737.patch | 29 +++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
11 files changed, 535 insertions(+), 40 deletions(-)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-10-24 14:24 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-10-24 14:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364
The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:
qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.216
linux-yocto/5.4: update to v5.4.219
Omkar (1):
dbus: upgrade 1.12.22 -> 1.12.24
Paul Eggleton (1):
classes/kernel-fitimage: add ability to add additional signing options
Steve Sakoman (2):
devtool: add HostKeyAlgorithms option to ssh and scp commands
selftest: skip virgl test on all Alma Linux
wangmy (1):
dbus: upgrade 1.12.20 -> 1.12.22
meta/classes/kernel-fitimage.bbclass | 6 ++++-
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/runtime_test.py | 4 ++--
...s-test_1.12.20.bb => dbus-test_1.12.24.bb} | 0
meta/recipes-core/dbus/dbus.inc | 3 +--
.../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} | 0
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
scripts/lib/devtool/deploy.py | 8 +++----
10 files changed, 31 insertions(+), 28 deletions(-)
rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2022-12-01 15:25 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-12-01 15:25 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565
The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:
sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
linux-firmware: upgrade 20220913 -> 20221012
Chen Qi (1):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
Dmitry Baryshkov (1):
linux-firmware: upgrade 20221012 -> 20221109
Mike Crowe (1):
kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE
Ross Burton (1):
pixman: backport fix for CVE-2022-44638
Vivek Kumbhar (1):
qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
to guest crash
Wang Mingyu (1):
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
meta/classes/kernel.bbclass | 29 ++++++++-
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-20196.patch | 62 +++++++++++++++++++
.../xorg-lib/pixman/CVE-2022-44638.patch | 34 ++++++++++
.../xorg-lib/pixman_0.38.4.bb | 1 +
...20220913.bb => linux-firmware_20221109.bb} | 6 +-
7 files changed, 129 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-04-04 2:39 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-04-04 2:39 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141
The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f:
classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Geoffrey GIRY (1):
cve-check: Fix false negative version issue
Hitendra Prajapati (2):
curl: CVE-2023-23916 HTTP multi-header compression denial of service
qemu: fix compile error which imported by CVE-2022-4144
Martin Jansa (1):
bmap-tools: switch to main branch
Randy MacLeod (1):
vim: upgrade 9.0.1403 -> 9.0.1429
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41723
Vijay Anusuri (1):
git: Security fix for CVE-2023-22490 and CVE-2023-23946
meta/classes/cve-check.bbclass | 5 +-
meta/lib/oe/cve_check.py | 37 +++
meta/lib/oeqa/selftest/cases/cve_check.py | 19 ++
.../git/files/CVE-2023-22490-1.patch | 179 +++++++++++++
.../git/files/CVE-2023-22490-2.patch | 122 +++++++++
.../git/files/CVE-2023-22490-3.patch | 154 ++++++++++++
.../git/files/CVE-2023-23946.patch | 184 ++++++++++++++
meta/recipes-devtools/git/git.inc | 4 +
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2022-41723.patch | 156 ++++++++++++
meta/recipes-devtools/qemu/qemu.inc | 1 +
...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++
.../bmap-tools/bmap-tools_3.5.bb | 2 +-
.../curl/curl/CVE-2023-23916.patch | 231 +++++++++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
16 files changed, 1332 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-04-22 15:57 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-04-22 15:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210
The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:
curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (2):
curl: CVE-2023-27538 fix SSH connection too eager reuse
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (2):
go-runtime: Security fix for CVE-2022-41722
go: Security fix for CVE-2020-29510
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
rajmohan r (1):
systemd: Fix CVE-2023-26604
.../systemd/systemd/CVE-2023-26604-1.patch | 115 ++++++++
.../systemd/systemd/CVE-2023-26604-2.patch | 264 ++++++++++++++++++
.../systemd/systemd/CVE-2023-26604-3.patch | 182 ++++++++++++
.../systemd/systemd/CVE-2023-26604-4.patch | 32 +++
meta/recipes-core/systemd/systemd_244.5.bb | 4 +
meta/recipes-devtools/go/go-1.14.inc | 7 +
.../go/go-1.14/CVE-2020-29510.patch | 65 +++++
.../go/go-1.14/CVE-2022-41722-1.patch | 53 ++++
.../go/go-1.14/CVE-2022-41722-2.patch | 104 +++++++
.../go/go-1.14/CVE-2023-24537.patch | 76 +++++
.../screen/screen/CVE-2023-24626.patch | 40 +++
meta/recipes-extended/screen/screen_4.8.0.bb | 1 +
.../curl/curl/CVE-2023-27538.patch | 31 ++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
14 files changed, 975 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-05-11 21:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-05-11 21:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294
The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:
build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Ashish Sharma (1):
connman: Fix CVE-2023-28488 DoS in client.c
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Vivek Kumbhar (1):
freetype: fix CVE-2023-2004 integer overflowin in
tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Yoann Congal (1):
linux-yocto: Exclude 294 CVEs already fixed upstream
.../connman/connman/CVE-2023-28488.patch | 54 +
.../connman/connman_1.37.bb | 1 +
.../libxml/libxml2/CVE-2023-28484.patch | 79 +
.../libxml/libxml2/CVE-2023-29469.patch | 42 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023-24538-1.patch | 125 ++
.../go/go-1.14/CVE-2023-24538-2.patch | 196 ++
.../go/go-1.14/CVE-2023-24538-3.patch | 208 ++
.../run-postinsts/run-postinsts.service | 2 +-
.../freetype/freetype/CVE-2023-2004.patch | 40 +
.../freetype/freetype_2.10.1.bb | 1 +
meta/recipes-kernel/linux/cve-exclusion.inc | 1840 +++++++++++++++++
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
meta/recipes-support/libbsd/libbsd_0.10.0.bb | 6 +
15 files changed, 2601 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2023-09-26 14:12 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-09-26 14:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947
The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:
build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Michael Opdenacker (1):
flac: fix CVE-2020-22219
Richard Purdie (1):
vim: Upgrade 9.0.1664 -> 9.0.1894
Ross Burton (1):
gcc: Fix -fstack-protector issue on aarch64
Siddharth Doshi (2):
gdb: Fix CVE-2023-39128
libxml2: Fix CVE-2023-39615
Vijay Anusuri (1):
go: Backport fix for CVE-2022-41725 and CVE-2023-24536
.../libxml/libxml2/CVE-2023-39615-0001.patch | 36 +
.../libxml/libxml2/CVE-2023-39615-0002.patch | 71 +
.../libxml/libxml2/CVE-2023-39615-pre.patch | 44 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 3 +
meta/recipes-devtools/gcc/gcc-9.5.inc | 1 +
.../gcc/gcc-9.5/CVE-2023-4039.patch | 1506 +++++++++++++++++
meta/recipes-devtools/gdb/gdb-9.1.inc | 1 +
.../gdb/gdb/0012-CVE-2023-39128.patch | 75 +
meta/recipes-devtools/go/go-1.14.inc | 7 +
.../go/go-1.14/CVE-2022-41725-pre1.patch | 85 +
.../go/go-1.14/CVE-2022-41725-pre2.patch | 97 ++
.../go/go-1.14/CVE-2022-41725-pre3.patch | 98 ++
.../go/go-1.14/CVE-2022-41725.patch | 660 ++++++++
.../go/go-1.14/CVE-2023-24536_1.patch | 134 ++
.../go/go-1.14/CVE-2023-24536_2.patch | 184 ++
.../go/go-1.14/CVE-2023-24536_3.patch | 349 ++++
.../flac/files/CVE-2020-22219.patch | 197 +++
meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 +
meta/recipes-support/vim/vim.inc | 6 +-
19 files changed, 3552 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2024-02-13 21:43 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-02-13 21:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564
The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:
systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Matthias Schmitz (1):
rsync: Fix rsync hanging when used with --relative
Ming Liu (1):
go: add a complementary fix for CVE-2023-29406
Peter Marko (1):
curl: ignore CVE-2023-42915
Vijay Anusuri (1):
ghostscript: Backport fix for CVE-2020-36773
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
virendra thakur (2):
perl: Whitelist CVE-2023-47039
ncurses: Fix CVE-2023-29491
.../ncurses/files/CVE-2023-29491.patch | 45 +++++++
meta/recipes-core/ncurses/ncurses_6.2.bb | 3 +-
.../cmake/cmake/OEToolchainConfig.cmake | 3 +
meta/recipes-devtools/go/go-1.14.inc | 3 +-
...023-29406.patch => CVE-2023-29406-1.patch} | 0
.../go/go-1.14/CVE-2023-29406-2.patch | 114 ++++++++++++++++++
meta/recipes-devtools/perl/perl_5.30.1.bb | 4 +
...lative-when-copying-an-absolute-path.patch | 31 +++++
meta/recipes-devtools/rsync/rsync_3.1.3.bb | 1 +
.../ghostscript/CVE-2020-36773.patch | 109 +++++++++++++++++
.../ghostscript/ghostscript_9.52.bb | 1 +
meta/recipes-support/curl/curl_7.69.1.bb | 3 +
12 files changed, 315 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 0/7] Patch review
@ 2024-04-03 3:11 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-04-03 3:11 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Thursday, April 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757
The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c:
yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Steve Sakoman (2):
tar: bump PR to deal with sstate corruption on autobuilder
perf: bump PR to deal with sstate corruption on autobuilder
Vijay Anusuri (4):
libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356
go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785
tar: Fix for CVE-2023-39804
curl: backport Debian patch for CVE-2024-2398
virendra thakur (1):
openssl: Fix CVE-2024-0727
.../openssl/openssl/CVE-2024-0727.patch | 122 ++++++++
.../openssl/openssl_1.1.1w.bb | 1 +
meta/recipes-devtools/go/go-1.14.inc | 3 +
.../go/go-1.14/CVE-2023-45289.patch | 121 ++++++++
.../go/go-1.14/CVE-2023-45290.patch | 271 ++++++++++++++++++
.../go/go-1.14/CVE-2024-24785.patch | 197 +++++++++++++
.../tar/tar/CVE-2023-39804.patch | 64 +++++
meta/recipes-extended/tar/tar_1.32.bb | 3 +
meta/recipes-kernel/perf/perf.bb | 2 +-
.../libtiff/files/CVE-2023-52356.patch | 53 ++++
.../libtiff/files/CVE-2023-6277-1.patch | 191 ++++++++++++
.../libtiff/files/CVE-2023-6277-2.patch | 152 ++++++++++
.../libtiff/files/CVE-2023-6277-3.patch | 46 +++
.../libtiff/files/CVE-2023-6277-4.patch | 94 ++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 5 +
.../curl/curl/CVE-2024-2398.patch | 88 ++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
17 files changed, 1413 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2024-04-03 3:12 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-17 15:11 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 2/7] gcc-9.3.inc: Mark CVE-2019-15847 as fixed Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 3/7] go: update 1.14.4 -> 1.14.6 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 4/7] go: Upgrade to 1.14.7 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 5/7] linux-yocto-rt/5.4: update to rt32 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 6/7] linux-yocto/5.4: update to v5.4.56 Steve Sakoman
2020-08-17 15:11 ` [OE-core][dunfell 7/7] linux-yocto/5.4: update to v5.4.57 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2020-09-18 16:15 [OE-core][dunfell 0/7] Patch review Steve Sakoman
2021-07-15 14:07 Steve Sakoman
2021-07-15 14:16 ` Andrej Valek
2022-03-30 2:27 Steve Sakoman
2022-07-29 15:24 Steve Sakoman
2022-09-08 2:28 Steve Sakoman
2022-10-24 14:24 Steve Sakoman
2022-12-01 15:25 Steve Sakoman
2023-04-04 2:39 Steve Sakoman
2023-04-22 15:57 Steve Sakoman
2023-05-11 21:28 Steve Sakoman
2023-09-26 14:12 Steve Sakoman
2024-02-13 21:43 Steve Sakoman
2024-04-03 3:11 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox