* [OE-core][dunfell 00/35] Pull request (cover letter only)
@ 2021-05-19 22:13 Steve Sakoman
0 siblings, 0 replies; only message in thread
From: Steve Sakoman @ 2021-05-19 22:13 UTC (permalink / raw)
To: openembedded-core
The following changes since commit 55dc503f4ab33e2aa51a3a6e4003131e0b9355ff:
reproducible.py: add quilt-ptest and valgrind-ptest (2021-05-13 22:10:01 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Alexander Kanavin (1):
linux-firmware: upgrade 20210208 -> 20210315
Anuj Mittal (1):
lsb-release: fix reproducibility failure
Bruce Ashfield (1):
linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
Chen Qi (1):
db: update CVE_PRODUCT
Lee Chee Yang (4):
subversion: fix CVE-2020-17525
qemu: fix CVE-2021-3392
tiff: fix CVE-2020-35523 CVE-2020-35524
python3-jinja2: 2.11.2 -> 2.11.3
Richard Purdie (19):
glibc: Document and whitelist CVE-2019-1010022-25
qemu: Exclude CVE-2017-5957 from cve-check
qemu: Exclude CVE-2007-0998 from cve-check
qemu: Exclude CVE-2018-18438 from cve-check
jquery: Exclude CVE-2007-2379 from cve-check
logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
openssh: Exclude CVE-2007-2768 from cve-check
openssh: Exclude CVE-2008-3844 from cve-check
unzip: Exclude CVE-2008-0888 from cve-check
cpio: Exclude CVE-2010-4226 from cve-check
ghostscript: Exclude CVE-2013-6629 from cve-check
bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check
tiff: Exclude CVE-2015-7313 from cve-check
coreutils: Exclude CVE-2016-2781 from cve-check
librsvg: Exclude CVE-2018-1000041 from cve-check
avahi: Exclude CVE-2021-26720 from cve-check
oeqa/qemurunner: Improve logging thread exit handling for qemu
shutdown test
oeqa/qemurunner: Fix binary vs str issue
oeqa/qemurunner: Improve handling of run_serial for shutdown commands
Robert P. J. Day (2):
image.bbclass: fix comment "pacackages" -> "packages"
meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring"
Romain Naour (1):
dejagnu: needs expect at runtime
Ross Burton (3):
cairo: backport patch for CVE-2020-35492
libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
builder: whitelist CVE-2008-4178 (a different builder)
Ulrich Ölmann (1):
local.conf.sample: fix typo
Yann Dirson (1):
linux-firmware: include all relevant files in -bcm4356
meta/classes/image.bbclass | 2 +-
meta/conf/local.conf.sample | 2 +-
meta/lib/oe/rootfs.py | 2 +-
meta/lib/oeqa/selftest/cases/runqemu.py | 9 +-
meta/lib/oeqa/utils/qemurunner.py | 21 +++-
meta/recipes-connectivity/avahi/avahi_0.7.bb | 3 +
.../bluez5/bluez5_5.55.bb | 3 +
.../openssh/openssh_8.2p1.bb | 6 +
meta/recipes-core/coreutils/coreutils_8.31.bb | 4 +
meta/recipes-core/glibc/glibc_2.31.bb | 13 ++
.../recipes-devtools/dejagnu/dejagnu_1.6.2.bb | 1 +
meta/recipes-devtools/jquery/jquery_3.5.0.bb | 5 +
...ja2_2.11.2.bb => python3-jinja2_2.11.3.bb} | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 12 ++
.../qemu/qemu/CVE-2021-3392.patch | 92 ++++++++++++++
.../subversion/CVE-2020-17525.patch | 117 ++++++++++++++++++
.../subversion/subversion_1.13.0.bb | 1 +
meta/recipes-extended/cpio/cpio_2.13.bb | 3 +
.../ghostscript/ghostscript_9.52.bb | 4 +
.../logrotate/logrotate_3.15.1.bb | 3 +
.../help2man-reproducibility.patch | 27 ++++
meta/recipes-extended/lsb/lsb-release_1.4.bb | 1 +
meta/recipes-extended/unzip/unzip_6.0.bb | 3 +
.../libnotify/libnotify_0.7.8.bb | 3 +
meta/recipes-gnome/librsvg/librsvg_2.40.21.bb | 3 +
meta/recipes-graphics/builder/builder_0.1.bb | 2 +
.../cairo/cairo/CVE-2020-35492.patch | 60 +++++++++
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 1 +
...20210208.bb => linux-firmware_20210315.bb} | 8 +-
.../linux/linux-yocto-rt_5.4.bb | 2 +-
.../linux/linux-yocto-tiny_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +-
.../libtiff/files/CVE-2020-35523.patch | 55 ++++++++
.../libtiff/files/CVE-2020-35524-1.patch | 42 +++++++
.../libtiff/files/CVE-2020-35524-2.patch | 36 ++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 7 ++
meta/recipes-support/db/db_5.3.28.bb | 2 +-
37 files changed, 541 insertions(+), 20 deletions(-)
rename meta/recipes-devtools/python/{python3-jinja2_2.11.2.bb => python3-jinja2_2.11.3.bb} (92%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch
create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch
create mode 100644 meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch
create mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210208.bb => linux-firmware_20210315.bb} (99%)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch
--
2.25.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-19 22:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-19 22:13 [OE-core][dunfell 00/35] Pull request (cover letter only) Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox