[OE-core][dunfell 00/18] Patch review

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/18] Patch review
Date: Fri,  4 Mar 2022 05:04:08 -1000	[thread overview]
Message-ID: <cover.1646406001.git.steve@sakoman.com> (raw)

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3314

with the exception of a known autobuilder intermittent issue on qemumips64:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14029

which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/74/builds/4787

The following changes since commit 79ce9059f716546a7d6f4562ba194aedd90c22cd:

  grub: add a fix for a crash in scripts (2022-02-23 05:00:42 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Jose Quaresma (1):
  buildhistory.bbclass: create the buildhistory directory when needed

Marek Vasut (1):
  bootchart2: Add missing python3-math dependency

Michael Halstead (1):
  uninative: Upgrade to 3.5

Minjae Kim (2):
  go: fix CVE-2022-23806
  go: fix CVE-2022-23772

Nathan Rossi (1):
  cml1.bbclass: Handle ncurses-native being available via pkg-config

Richard Purdie (2):
  libxml-parser-perl: Add missing RDEPENDS
  uninative: Add version to uninative tarball name

Ross Burton (3):
  coreutils: remove obsolete ignored CVE list
  cve-check: get_cve_info should open the database read-only
  Revert "cve-check: add lockfile to task"

Steve Sakoman (5):
  expat: fix CVE-2022-25235
  expat: fix CVE-2022-25236
  expat: fix CVE-2022-25313
  expat: fix CVE-2022-25314
  expat: fix CVE-2022-25315

Virendra Thakur (1):
  libarchive: Fix for CVE-2021-36976

wangmy (1):
  wireless-regdb: upgrade 2021.08.28 -> 2022.02.18

 meta/classes/buildhistory.bbclass             |   1 +
 meta/classes/cml1.bbclass                     |   8 +
 meta/classes/cve-check.bbclass                |   4 +-
 meta/classes/uninative.bbclass                |   2 +-
 meta/conf/distro/include/yocto-uninative.inc  |  11 +-
 meta/recipes-core/coreutils/coreutils_8.31.bb |   3 -
 .../expat/expat/CVE-2022-25235.patch          | 283 +++++++++++++++
 .../expat/expat/CVE-2022-25236.patch          | 129 +++++++
 .../expat/CVE-2022-25313-regression.patch     | 131 +++++++
 .../expat/expat/CVE-2022-25313.patch          | 230 +++++++++++++
 .../expat/expat/CVE-2022-25314.patch          |  32 ++
 .../expat/expat/CVE-2022-25315.patch          | 145 ++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   6 +
 .../bootchart2/bootchart2_0.14.9.bb           |   2 +-
 meta/recipes-devtools/go/go-1.14.inc          |   2 +
 .../go/go-1.14/CVE-2022-23772.patch           |  50 +++
 .../go/go-1.14/CVE-2022-23806.patch           | 142 ++++++++
 .../perl/libxml-parser-perl_2.46.bb           |   1 +
 .../libarchive/CVE-2021-36976-1.patch         | 321 ++++++++++++++++++
 .../libarchive/CVE-2021-36976-2.patch         | 121 +++++++
 .../libarchive/CVE-2021-36976-3.patch         |  93 +++++
 .../libarchive/libarchive_3.4.2.bb            |   6 +-
 ....08.28.bb => wireless-regdb_2022.02.18.bb} |   2 +-
 23 files changed, 1711 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25235.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25236.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25314.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25315.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2021.08.28.bb => wireless-regdb_2022.02.18.bb} (94%)

-- 
2.25.1

next             reply	other threads:[~2022-03-04 15:04 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-04 15:04 Steve Sakoman [this message]
2022-03-04 15:04 ` [OE-core][dunfell 01/18] libarchive: Fix for CVE-2021-36976 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 02/18] go: fix CVE-2022-23806 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 03/18] go: fix CVE-2022-23772 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 04/18] expat: fix CVE-2022-25235 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 05/18] expat: fix CVE-2022-25236 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 06/18] expat: fix CVE-2022-25313 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 07/18] expat: fix CVE-2022-25314 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 08/18] expat: fix CVE-2022-25315 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 09/18] coreutils: remove obsolete ignored CVE list Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 10/18] cve-check: get_cve_info should open the database read-only Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 11/18] Revert "cve-check: add lockfile to task" Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 12/18] wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 13/18] bootchart2: Add missing python3-math dependency Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 14/18] cml1.bbclass: Handle ncurses-native being available via pkg-config Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 15/18] libxml-parser-perl: Add missing RDEPENDS Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 16/18] buildhistory.bbclass: create the buildhistory directory when needed Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 17/18] uninative: Add version to uninative tarball name Steve Sakoman
2022-03-04 15:04 ` [OE-core][dunfell 18/18] uninative: Upgrade to 3.5 Steve Sakoman
  -- strict thread matches above, loose matches on Subject: below --
2023-01-01 17:42 [OE-core][dunfell 00/18] Patch review Steve Sakoman
2021-12-03 18:18 Steve Sakoman
2020-11-13 14:52 Steve Sakoman
2020-09-07 17:01 Steve Sakoman
2020-07-27 15:09 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1646406001.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox