From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/31] Patch review
Date: Tue, 17 May 2022 08:23:46 -1000 [thread overview]
Message-ID: <cover.1652811454.git.steve@sakoman.com> (raw)
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Once again I've been proactive in cherry-picking security/bug fix version bumps for
select packages. And as last time I've edited the commit messages to include
either the release notes or a commit list to make it easier to review the upgrade.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3673
The following changes since commit cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee:
build-appliance-image: Update to kirkstone head revision (2022-05-15 08:59:03 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
Alexander Kanavin (11):
systemd: upgrade 250.4 -> 250.5
mesa: upgrade 22.0.0 -> 22.0.2
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
libinput: upgrade 1.19.3 -> 1.19.4
sqlite3: upgrade 3.38.2 -> 3.38.3
webkitgtk: upgrade 2.36.0 -> 2.36.1
xwayland: upgrade 22.1.0 -> 22.1.1
Aryaman Gupta (1):
e2fsprogs: update upstream status
Claudius Heine (1):
overlayfs: add docs about skipping QA check & service dependencies
Davide Gardenal (6):
freetype: backport patch for CVE-2022-27404
freetype: backport patch for CVE-2022-27405
freetype: backport patch for CVE-2022-27406
qemu: backport patch for CVE-2021-4206
qemu: backport patch for CVE-2021-4207
base-passwd: Disable shell for default users
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220411 -> 20220509
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders
across partitions
Jiaqing Zhao (3):
libxml2: Upgrade 2.9.13 -> 2.9.14
sed: Specify shell for "nobody" user in run-ptest
strace: Don't run ptest as "nobody"
Khem Raj (1):
systemd: Fix build regression with latest update
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Richard Purdie (3):
vim: Upgrade 8.2.4681 -> 8.2.4912
cairo: Add missing GPLv3 license checksum entry
sanity: Don't warn about make 4.2.1 for mint
meta/classes/image.bbclass | 7 +-
meta/classes/overlayfs.bbclass | 18 +-
meta/classes/pypi.bbclass | 2 +
meta/classes/sanity.bbclass | 2 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.1 => bind-9.18.2}/bind9 | 0
.../{bind-9.18.1 => bind-9.18.2}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.1.bb => bind_9.18.2.bb} | 2 +-
.../base-passwd/disable-shell.patch | 57 ++++
.../base-passwd/base-passwd_3.5.29.bb | 1 +
.../CVE-2022-23308-fix-regression.patch | 99 -------
.../libxml2/libxml-m4-use-pkgconfig.patch | 21 +-
.../{libxml2_2.9.13.bb => libxml2_2.9.14.bb} | 5 +-
...md-boot_250.4.bb => systemd-boot_250.5.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
.../0001-Adjust-for-musl-headers.patch | 98 ++++++-
...ass-correct-parameters-to-getdents64.patch | 10 +-
...e-Use-sockaddr-pointer-type-for-bind.patch | 46 ++++
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 8 +-
...002-don-t-use-glibc-specific-qsort_r.patch | 20 +-
...dd-__compare_fn_t-and-comparison_fn_.patch | 10 +-
...k-parse_printf_format-implementation.patch | 20 +-
...missing.h-check-for-missing-strndupa.patch | 151 +++++++++--
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 12 +-
...008-add-missing-FTW_-macros-for-musl.patch | 17 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 16 +-
...sable-tests-for-missing-typedefs-in-.patch | 4 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 18 +-
...patible-basename-for-non-glibc-syste.patch | 4 +-
...uffering-when-writing-to-oom_score_a.patch | 4 +-
...compliant-strerror_r-from-GNU-specif.patch | 10 +-
...S_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch | 4 +-
...ype.h-add-__compar_d_fn_t-definition.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../systemd/0019-Handle-missing-LOCK_EX.patch | 4 +-
...ible-pointer-type-struct-sockaddr_un.patch | 6 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 239 ++++++++++-------
.../0025-Handle-__cpu_mask-usage.patch | 4 +-
.../systemd/0026-Handle-missing-gshadow.patch | 16 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 11 +-
...eepConfiguration-when-running-on-net.patch | 253 ------------------
.../{systemd_250.4.bb => systemd_250.5.bb} | 2 +-
.../e2fsprogs/e2fsprogs/extents.patch | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +
.../qemu/qemu/CVE-2021-4206.patch | 89 ++++++
.../qemu/qemu/CVE-2021-4207.patch | 43 +++
meta/recipes-devtools/strace/strace/run-ptest | 6 +-
.../{cronie_1.6.0.bb => cronie_1.6.1.bb} | 2 +-
meta/recipes-extended/sed/sed/run-ptest | 2 +-
.../{epiphany_42.0.bb => epiphany_42.2.bb} | 2 +-
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 5 +-
.../freetype/freetype/CVE-2022-27404.patch | 48 ++++
.../freetype/freetype/CVE-2022-27405.patch | 41 +++
.../freetype/freetype/CVE-2022-27406.patch | 32 +++
.../freetype/freetype_2.11.1.bb | 6 +-
.../{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} | 0
...{libinput_1.19.3.bb => libinput_1.19.4.bb} | 2 +-
...{xwayland_22.1.0.bb => xwayland_22.1.1.bb} | 2 +-
...01-Makefile-replace-mkdir-by-install.patch | 84 ++++++
...20220411.bb => linux-firmware_20220509.bb} | 9 +-
.../ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} | 2 +-
.../webkitgtk/add_missing_include.patch | 19 --
...ebkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} | 3 +-
.../{fribidi_1.0.11.bb => fribidi_1.0.12.bb} | 2 +-
.../{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} | 2 +-
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/wic/plugins/source/rootfs.py | 5 +-
77 files changed, 1015 insertions(+), 618 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.1.bb => bind_9.18.2.bb} (98%)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
rename meta/recipes-core/libxml/{libxml2_2.9.13.bb => libxml2_2.9.14.bb} (96%)
rename meta/recipes-core/systemd/{systemd-boot_250.4.bb => systemd-boot_250.5.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-resolve-Use-sockaddr-pointer-type-for-bind.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0029-network-enable-KeepConfiguration-when-running-on-net.patch
rename meta/recipes-core/systemd/{systemd_250.4.bb => systemd_250.5.bb} (99%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
rename meta/recipes-extended/cronie/{cronie_1.6.0.bb => cronie_1.6.1.bb} (97%)
rename meta/recipes-gnome/epiphany/{epiphany_42.0.bb => epiphany_42.2.bb} (94%)
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
rename meta/recipes-graphics/mesa/{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} (100%)
rename meta/recipes-graphics/mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} (100%)
rename meta/recipes-graphics/wayland/{libinput_1.19.3.bb => libinput_1.19.4.bb} (95%)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.0.bb => xwayland_22.1.1.bb} (95%)
create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} (98%)
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/add_missing_include.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} (98%)
rename meta/recipes-support/fribidi/{fribidi_1.0.11.bb => fribidi_1.0.12.bb} (90%)
rename meta/recipes-support/sqlite/{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} (86%)
--
2.25.1
next reply other threads:[~2022-05-17 18:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-17 18:23 Steve Sakoman [this message]
2022-05-17 18:23 ` [OE-core][kirkstone 01/31] freetype: backport patch for CVE-2022-27404 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 02/31] freetype: backport patch for CVE-2022-27405 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 03/31] freetype: backport patch for CVE-2022-27406 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 04/31] qemu: backport patch for CVE-2021-4206 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 05/31] qemu: backport patch for CVE-2021-4207 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 06/31] systemd: upgrade 250.4 -> 250.5 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 07/31] systemd: Fix build regression with latest update Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 08/31] mesa: upgrade 22.0.0 -> 22.0.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 09/31] bind: upgrade 9.18.1 -> 9.18.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 10/31] cronie: upgrade 1.6.0 -> 1.6.1 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 11/31] epiphany: upgrade 42.0 -> 42.2 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 12/31] ffmpeg: upgrade 5.0 -> 5.0.1 Steve Sakoman
2022-05-17 18:23 ` [OE-core][kirkstone 13/31] fribidi: upgrade 1.0.11 -> 1.0.12 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 14/31] libinput: upgrade 1.19.3 -> 1.19.4 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 15/31] sqlite3: upgrade 3.38.2 -> 3.38.3 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 16/31] webkitgtk: upgrade 2.36.0 -> 2.36.1 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 17/31] xwayland: upgrade 22.1.0 -> 22.1.1 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 18/31] libxml2: Upgrade 2.9.13 -> 2.9.14 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 19/31] vim: Upgrade 8.2.4681 -> 8.2.4912 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 20/31] linux-firmware: replace mkdir by install Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 21/31] linux-firmware: upgrade 20220411 -> 20220509 Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 22/31] cairo: Add missing GPLv3 license checksum entry Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 23/31] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 24/31] wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 25/31] e2fsprogs: update upstream status Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 26/31] overlayfs: add docs about skipping QA check & service dependencies Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 27/31] image.bbclass: allow overriding dependency on virtual/kernel:do_deploy Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 28/31] sanity: Don't warn about make 4.2.1 for mint Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 29/31] sed: Specify shell for "nobody" user in run-ptest Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 30/31] strace: Don't run ptest as "nobody" Steve Sakoman
2022-05-17 18:24 ` [OE-core][kirkstone 31/31] base-passwd: Disable shell for default users Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-11-04 3:00 [OE-core][kirkstone 00/31] Patch review Steve Sakoman
2022-11-27 13:54 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1652811454.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox