* [OE-core][dunfell 0/6] Patch review
@ 2022-06-21 23:28 Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 1/6] python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references Steve Sakoman
` (5 more replies)
0 siblings, 6 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3805
The following changes since commit 135adeb82c9303c26193bb6f6bd3bc696793aa62:
archiver: don't use machine variables in shared recipes (2022-06-15 06:40:10 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Chee Yang Lee (1):
dpkg: update to 1.19.8
Dmitry Baryshkov (2):
linux-firmware: add support for building snapshots
linux-firmware: upgrade 20220509 -> 20220610
Hitendra Prajapati (2):
python-pip: CVE-2021-3572 Incorrect handling of unicode separators in
git references
golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
.../systemd/systemd-systemctl/systemctl | 14 +++-
.../dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} | 4 +-
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2021-44717.patch | 83 ++++++++++++++++++
.../python/python3-pip/CVE-2021-3572.patch | 48 +++++++++++
.../python/python3-pip_20.0.2.bb | 1 +
...01-Makefile-replace-mkdir-by-install.patch | 84 -------------------
...20220509.bb => linux-firmware_20220610.bb} | 11 ++-
8 files changed, 154 insertions(+), 92 deletions(-)
rename meta/recipes-devtools/dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} (86%)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch
create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch
delete mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220509.bb => linux-firmware_20220610.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 1/6] python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
@ 2022-06-21 23:28 ` Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 2/6] golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error Steve Sakoman
` (4 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:28 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/pypa/pip
MR: 113864
Type: Security Fix
Disposition: Backport from https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636
Description:
CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3-pip/CVE-2021-3572.patch | 48 +++++++++++++++++++
.../python/python3-pip_20.0.2.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch
diff --git a/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch b/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch
new file mode 100644
index 0000000000..a38ab57bc6
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch
@@ -0,0 +1,48 @@
+From c4fd13410b9a219f77fc30775d4a0ac9f69725bd Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 16 Jun 2022 09:52:43 +0530
+Subject: [PATCH] CVE-2021-3572
+
+Upstream-Status: Backport [https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b]
+CVE: CVE-2021-3572
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ news/9827.bugfix.rst | 3 +++
+ src/pip/_internal/vcs/git.py | 10 ++++++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+ create mode 100644 news/9827.bugfix.rst
+
+diff --git a/news/9827.bugfix.rst b/news/9827.bugfix.rst
+new file mode 100644
+index 0000000..e0d27c3
+--- /dev/null
++++ b/news/9827.bugfix.rst
+@@ -0,0 +1,3 @@
++**SECURITY**: Stop splitting on unicode separators in git references,
++which could be maliciously used to install a different revision on the
++repository.
+diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py
+index 7483303..1b895f6 100644
+--- a/src/pip/_internal/vcs/git.py
++++ b/src/pip/_internal/vcs/git.py
+@@ -137,9 +137,15 @@ class Git(VersionControl):
+ output = cls.run_command(['show-ref', rev], cwd=dest,
+ show_stdout=False, on_returncode='ignore')
+ refs = {}
+- for line in output.strip().splitlines():
++ # NOTE: We do not use splitlines here since that would split on other
++ # unicode separators, which can be maliciously used to install a
++ # different revision.
++ for line in output.strip().split("\n"):
++ line = line.rstrip("\r")
++ if not line:
++ continue
+ try:
+- sha, ref = line.split()
++ ref_sha, ref_name = line.split(" ", maxsplit=2)
+ except ValueError:
+ # Include the offending line to simplify troubleshooting if
+ # this error ever occurs.
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
index 08738fb2f9..e24c6f4477 100644
--- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb
+++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"
DEPENDS += "python3 python3-setuptools-native"
+SRC_URI = "file://CVE-2021-3572.patch "
SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"
SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 2/6] golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 1/6] python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references Steve Sakoman
@ 2022-06-21 23:28 ` Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 3/6] dpkg: update to 1.19.8 Steve Sakoman
` (3 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:28 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2021-44717.patch | 83 +++++++++++++++++++
2 files changed, 84 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 08d547a837..4827c6adfa 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -22,6 +22,7 @@ SRC_URI += "\
file://CVE-2021-38297.patch \
file://CVE-2022-23806.patch \
file://CVE-2022-23772.patch \
+ file://CVE-2021-44717.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch
new file mode 100644
index 0000000000..17cac7a5ba
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch
@@ -0,0 +1,83 @@
+From 9171c664e7af479aa26bc72f2e7cf4e69d8e0a6f Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 17 Jun 2022 10:22:47 +0530
+Subject: [PATCH] CVE-2021-44717
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/44a3fb49]
+CVE: CVE-2021-44717
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+syscall: fix ForkLock spurious close(0) on pipe failure
+Pipe (and therefore forkLockPipe) does not make any guarantees
+about the state of p after a failed Pipe(p). Avoid that assumption
+and the too-clever goto, so that we don't accidentally Close a real fd
+if the failed pipe leaves p[0] or p[1] set >= 0.
+
+Updates #50057
+Fixes CVE-2021-44717
+
+Change-Id: Iff8e19a6efbba0c73cc8b13ecfae381c87600bb4
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1291270
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/370514
+Trust: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Alex Rakoczy <alex@golang.org>
+---
+ src/syscall/exec_unix.go | 20 ++++++--------------
+ 1 file changed, 6 insertions(+), 14 deletions(-)
+
+diff --git a/src/syscall/exec_unix.go b/src/syscall/exec_unix.go
+index b3798b6..b73782c 100644
+--- a/src/syscall/exec_unix.go
++++ b/src/syscall/exec_unix.go
+@@ -151,9 +151,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
+ sys = &zeroSysProcAttr
+ }
+
+- p[0] = -1
+- p[1] = -1
+-
+ // Convert args to C form.
+ argv0p, err := BytePtrFromString(argv0)
+ if err != nil {
+@@ -194,14 +191,17 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
+
+ // Allocate child status pipe close on exec.
+ if err = forkExecPipe(p[:]); err != nil {
+- goto error
++ ForkLock.Unlock()
++ return 0, err
+ }
+
+ // Kick off child.
+ pid, err1 = forkAndExecInChild(argv0p, argvp, envvp, chroot, dir, attr, sys, p[1])
+ if err1 != 0 {
+- err = Errno(err1)
+- goto error
++ Close(p[0])
++ Close(p[1])
++ ForkLock.Unlock()
++ return 0, Errno(err1)
+ }
+ ForkLock.Unlock()
+
+@@ -228,14 +228,6 @@ func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error)
+
+ // Read got EOF, so pipe closed on exec, so exec succeeded.
+ return pid, nil
+-
+-error:
+- if p[0] >= 0 {
+- Close(p[0])
+- Close(p[1])
+- }
+- ForkLock.Unlock()
+- return 0, err
+ }
+
+ // Combination of fork and exec, careful to be thread safe.
+--
+2.25.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 3/6] dpkg: update to 1.19.8
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 1/6] python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 2/6] golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error Steve Sakoman
@ 2022-06-21 23:29 ` Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 4/6] systemd: systemd-systemctl: Support instance conf files during enable Steve Sakoman
` (2 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:29 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
update include fixes for CVE-2022-1664.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} (86%)
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.19.7.bb b/meta/recipes-devtools/dpkg/dpkg_1.19.8.bb
similarity index 86%
rename from meta/recipes-devtools/dpkg/dpkg_1.19.7.bb
rename to meta/recipes-devtools/dpkg/dpkg_1.19.8.bb
index e9dec337b3..9e6e9f2464 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.19.7.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.19.8.bb
@@ -18,5 +18,5 @@ SRC_URI_append_class-native = " \
file://tweak-options-require-tar-1.27.patch \
"
-SRC_URI[md5sum] = "60f57c5494e6dfa177504d47bfa0e383"
-SRC_URI[sha256sum] = "4c27fededf620c0aa522fff1a48577ba08144445341257502e7730f2b1a296e8"
+SRC_URI[md5sum] = "9d170c8baa1aa36b09698c909f304508"
+SRC_URI[sha256sum] = "2632c00b0cf0ea19ed7bd6700e6ec5faca93f0045af629d356dc03ad74ae6f10"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 4/6] systemd: systemd-systemctl: Support instance conf files during enable
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-06-21 23:29 ` [OE-core][dunfell 3/6] dpkg: update to 1.19.8 Steve Sakoman
@ 2022-06-21 23:29 ` Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 5/6] linux-firmware: add support for building snapshots Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 6/6] linux-firmware: upgrade 20220509 -> 20220610 Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:29 UTC (permalink / raw)
To: openembedded-core
From: Nick Potenski <nick.potenski@garmin.com>
Add ability to parse instance-specific conf files when
enabling an instance of a templated unit during postinstall.
Signed-off-by: Nick Potenski <nick.potenski@garmin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baa0ecf3271008cf60cd830c54a71f191aebb81c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../systemd/systemd-systemctl/systemctl | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 990de1ab39..6aa2e20465 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -11,6 +11,7 @@ import re
import sys
from collections import namedtuple
+from itertools import chain
from pathlib import Path
version = 1.0
@@ -25,12 +26,16 @@ locations = list()
class SystemdFile():
"""Class representing a single systemd configuration file"""
- def __init__(self, root, path):
+ def __init__(self, root, path, instance_unit_name):
self.sections = dict()
self._parse(root, path)
dirname = os.path.basename(path.name) + ".d"
for location in locations:
- for path2 in sorted((root / location / "system" / dirname).glob("*.conf")):
+ files = (root / location / "system" / dirname).glob("*.conf")
+ if instance_unit_name:
+ inst_dirname = instance_unit_name + ".d"
+ files = chain(files, (root / location / "system" / inst_dirname).glob("*.conf"))
+ for path2 in sorted(files):
self._parse(root, path2)
def _parse(self, root, path):
@@ -193,8 +198,11 @@ class SystemdUnit():
# if we're enabling an instance, first extract the actual instance
# then figure out what the template unit is
template = re.match(r"[^@]+@(?P<instance>[^\.]*)\.", self.unit)
+ instance_unit_name = None
if template:
instance = template.group('instance')
+ if instance != "":
+ instance_unit_name = self.unit
unit = re.sub(r"@[^\.]*\.", "@.", self.unit, 1)
else:
instance = None
@@ -206,7 +214,7 @@ class SystemdUnit():
# ignore aliases
return
- config = SystemdFile(self.root, path)
+ config = SystemdFile(self.root, path, instance_unit_name)
if instance == "":
try:
default_instance = config.get('Install', 'DefaultInstance')[0]
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 5/6] linux-firmware: add support for building snapshots
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-06-21 23:29 ` [OE-core][dunfell 4/6] systemd: systemd-systemctl: Support instance conf files during enable Steve Sakoman
@ 2022-06-21 23:29 ` Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 6/6] linux-firmware: upgrade 20220509 -> 20220610 Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:29 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.
To switch to the most recent branch, add the following lines to the
local.conf file:
PREFERRED_VERSION_linux-firmware = "1:20220509+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "4288aad55d189fa225d492526b8406d5"
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b023570ae1d239de14b50a0e827582d0e84ddf81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux-firmware/linux-firmware_20220509.bb | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
index ec92cae2fa..b6b4043002 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
@@ -69,6 +69,7 @@ LICENSE = "\
& WHENCE \
"
+WHENCE_CHKSUM = "d3eb82686904888f8bbbe8d865371404"
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
@@ -132,7 +133,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=d3eb82686904888f8bbbe8d865371404 \
+ file://WHENCE;md5=${WHENCE_CHKSUM} \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -208,6 +209,11 @@ SRC_URI = "\
file://0001-Makefile-replace-mkdir-by-install.patch \
"
+BBCLASSEXTEND = "devupstream:target"
+SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git;protocol=https;branch=main"
+# Pin this to the 20220509 release, override this in local.conf
+SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
+
SRC_URI[sha256sum] = "376e0b3d7b4f8aaa2abf7f5ab74803dcf14b06b94e3d841b1467cd9a2848255e"
inherit allarch
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [OE-core][dunfell 6/6] linux-firmware: upgrade 20220509 -> 20220610
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-06-21 23:29 ` [OE-core][dunfell 5/6] linux-firmware: add support for building snapshots Steve Sakoman
@ 2022-06-21 23:29 ` Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:29 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Drop 0001-Makefile-replace-mkdir-by-install.patch merged upstream.
License-Update: additional files
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91cd99267157e860a108282aee13e162e8c10572)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit bcc5a22cd2b25c777315fe9d677fc0338ae2ab68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...01-Makefile-replace-mkdir-by-install.patch | 84 -------------------
...20220509.bb => linux-firmware_20220610.bb} | 5 +-
2 files changed, 2 insertions(+), 87 deletions(-)
delete mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220509.bb => linux-firmware_20220610.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch b/meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
deleted file mode 100644
index b1ac5a16ab..0000000000
--- a/meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 71514e74f35f2b51ca24062573d6d913525b30db Mon Sep 17 00:00:00 2001
-From: Konrad Weihmann <kweihmann@outlook.com>
-Date: Mon, 9 May 2022 12:57:57 +0200
-Subject: [PATCH] Makefile: replace mkdir by install
-
-mkdir -p creates paths that are bound to user's settings and therefore
-can lead to different file mode bits of the base paths accross different
-machines.
-Use install instead, as this tool is not prone to such behavior.
-
-Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
-Upstream-Status: Submitted [https://lore.kernel.org/linux-firmware/PR2PR09MB310088EA719E6D7CA5C268F1A8C69@PR2PR09MB3100.eurprd09.prod.outlook.com/]
----
- Makefile | 2 +-
- carl9170fw/toolchain/Makefile | 4 ++--
- copy-firmware.sh | 6 +++---
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index e1c362f..83a0ec6 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,5 +9,5 @@ check:
- @./check_whence.py
-
- install:
-- mkdir -p $(DESTDIR)$(FIRMWAREDIR)
-+ install -d $(DESTDIR)$(FIRMWAREDIR)
- ./copy-firmware.sh $(DESTDIR)$(FIRMWAREDIR)
-diff --git a/carl9170fw/toolchain/Makefile b/carl9170fw/toolchain/Makefile
-index 2b25ffe..aaea8e8 100644
---- a/carl9170fw/toolchain/Makefile
-+++ b/carl9170fw/toolchain/Makefile
-@@ -46,14 +46,14 @@ src/gcc-$(GCC_VER): src/$(GCC_TAR) src/newlib-$(NEWLIB_VER)
- ln -s $(BASEDIR)/src/newlib-$(NEWLIB_VER)/libgloss $@
-
- binutils: src/binutils-$(BINUTILS_VER)
-- mkdir -p build/binutils
-+ install -d build/binutils
- cd build/binutils; \
- $(BASEDIR)/$</configure --target=sh-elf --prefix=$(BASEDIR)/inst; \
- $(MAKE) -j3; \
- $(MAKE) install
-
- gcc: src/gcc-$(GCC_VER) binutils
-- mkdir -p build/gcc
-+ install -d build/gcc
- cd build/gcc; \
- $(BASEDIR)/$</configure --target=sh-elf --prefix=$(BASEDIR)/inst -enable-languages=c --without-pkgversion --with-newlib; \
- $(MAKE) -j3; \
-diff --git a/copy-firmware.sh b/copy-firmware.sh
-index 9b46b63..bbacb92 100755
---- a/copy-firmware.sh
-+++ b/copy-firmware.sh
-@@ -34,7 +34,7 @@ done
- grep '^File:' WHENCE | sed -e's/^File: *//g' -e's/"//g' | while read f; do
- test -f "$f" || continue
- $verbose "copying file $f"
-- mkdir -p $destdir/$(dirname "$f")
-+ install -d $destdir/$(dirname "$f")
- cp -d "$f" $destdir/"$f"
- done
-
-@@ -42,7 +42,7 @@ grep -E '^Link:' WHENCE | sed -e's/^Link: *//g' -e's/-> //g' | while read f d; d
- if test -L "$f"; then
- test -f "$destdir/$f" && continue
- $verbose "copying link $f"
-- mkdir -p $destdir/$(dirname "$f")
-+ install -d $destdir/$(dirname "$f")
- cp -d "$f" $destdir/"$f"
-
- if test "x$d" != "x"; then
-@@ -63,7 +63,7 @@ grep -E '^Link:' WHENCE | sed -e's/^Link: *//g' -e's/-> //g' | while read f d; d
- fi
- else
- $verbose "creating link $f -> $d"
-- mkdir -p $destdir/$(dirname "$f")
-+ install -d $destdir/$(dirname "$f")
- ln -sf "$d" "$destdir/$f"
- fi
- done
---
-2.25.1
-
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb
index b6b4043002..0fd9305e3c 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220610.bb
@@ -69,7 +69,7 @@ LICENSE = "\
& WHENCE \
"
-WHENCE_CHKSUM = "d3eb82686904888f8bbbe8d865371404"
+WHENCE_CHKSUM = "385947b278a6646ae4c3d39ba8c9b1bb"
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
@@ -206,7 +206,6 @@ PE = "1"
SRC_URI = "\
${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz \
- file://0001-Makefile-replace-mkdir-by-install.patch \
"
BBCLASSEXTEND = "devupstream:target"
@@ -214,7 +213,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "376e0b3d7b4f8aaa2abf7f5ab74803dcf14b06b94e3d841b1467cd9a2848255e"
+SRC_URI[sha256sum] = "faf3aedf89530e61f4fa1e8c7303dead9127cc24416945647797d079feb12837"
inherit allarch
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2024-01-18 2:51 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2024-01-18 2:51 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6460
The following changes since commit b3dd6852c0d6b8aa9b36377d7024ac95062e8098:
linux-firmware: upgrade 20230804 -> 20231030 (2024-01-04 07:24:12 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Peter Marko (1):
zlib: ignore CVE-2023-6992
Vijay Anusuri (5):
go: Backport fix for CVE-2023-45287
xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478
libxml2: Fix for CVE-2023-45322
qemu: Backport fix for CVE-2023-2861
libtiff: Fix for CVE-2023-6228
.../libxml/libxml2/CVE-2023-45322-1.patch | 50 +
.../libxml/libxml2/CVE-2023-45322-2.patch | 80 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 4 +
.../go/go-1.14/CVE-2023-45287-pre1.patch | 393 ++++
.../go/go-1.14/CVE-2023-45287-pre2.patch | 401 ++++
.../go/go-1.14/CVE-2023-45287-pre3.patch | 86 +
.../go/go-1.14/CVE-2023-45287.patch | 1697 +++++++++++++++++
meta/recipes-devtools/qemu/qemu.inc | 2 +
...x-libcap-header-issue-on-some-distro.patch | 9 +-
...e-O_NOATIME-if-we-don-t-have-permiss.patch | 63 +
.../qemu/qemu/CVE-2023-2861.patch | 178 ++
.../xserver-xorg/CVE-2023-6377.patch | 79 +
.../xserver-xorg/CVE-2023-6478.patch | 63 +
.../xorg-xserver/xserver-xorg_1.20.14.bb | 2 +
.../libtiff/files/CVE-2023-6228.patch | 30 +
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
18 files changed, 3140 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2023-12-27 2:30 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-12-27 2:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday, December 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6376
The following changes since commit 05d9f9c6b27c0216fa4e349109ef42cf91bb4084:
testimage: Exclude wtmp from target-dumper commands (2023-12-21 04:08:46 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (1):
bluez5: fix CVE-2023-45866
Lee Chee Yang (1):
curl: fix CVE-2023-46218
Steve Sakoman (1):
testimage: drop target_dumper and host_dumper
Vijay Anusuri (2):
flac: Backport fix for CVE-2021-0561
openssh: backport Debian patch for CVE-2023-48795
Virendra Thakur (1):
binutils: fix multiple cve
meta/classes/testimage.bbclass | 21 -
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2023-45866.patch | 54 ++
.../openssh/openssh/CVE-2023-48795.patch | 468 ++++++++++++++++++
.../openssh/openssh_8.2p1.bb | 1 +
.../binutils/binutils-2.34.inc | 6 +
.../binutils/binutils/CVE-2022-47007.patch | 32 ++
.../binutils/binutils/CVE-2022-47008.patch | 64 +++
.../binutils/binutils/CVE-2022-47010.patch | 34 ++
.../binutils/binutils/CVE-2022-47011.patch | 31 ++
.../binutils/binutils/CVE-2022-47695.patch | 57 +++
.../binutils/binutils/CVE-2022-48063.patch | 49 ++
.../flac/files/CVE-2021-0561.patch | 34 ++
meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 +
.../curl/curl/CVE-2023-46218.patch | 52 ++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
16 files changed, 885 insertions(+), 21 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2021-0561.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2023-10-25 2:29 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-10-25 2:29 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday, October 26
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6098
with the exception of a known intermittent reproducibility issue with the
vim-common package.
The following changes since commit 6b4a583169ae40a8d51e7ffa33785409b5111a81:
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT (2023-10-16 05:07:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ashish Sharma (1):
binutils: Backport fix CVE-2023-25588
Meenali Gupta (1):
linux-firmware: upgrade 20230625 -> 20230804
Richard Purdie (1):
resulttool/report: Avoid divide by zero
Siddharth Doshi (1):
vim: Upgrade 9.0.2009 -> 9.0.2048
Steve Sakoman (2):
patch.py: Use shlex instead of deprecated pipe
cve-exclusion_5.4.inc: update for 5.4.257
meta/lib/oe/patch.py | 6 +-
.../binutils/binutils-2.34.inc | 1 +
.../binutils/binutils/CVE-2023-25588.patch | 146 ++++++++++++
...20230625.bb => linux-firmware_20230804.bb} | 4 +-
.../linux/cve-exclusion_5.4.inc | 207 +++++++++++++++---
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/resulttool/report.py | 5 +-
7 files changed, 338 insertions(+), 35 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%)
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 0/6] Patch review
@ 2023-03-14 15:21 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-03-14 15:21 UTC (permalink / raw)
To: openembedded-core
Please review this final set of patches for the dunfell 3.1.24 release.
We hope to do the release build this Thursday, so please have any comments
back as soon as possible.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5043
The following changes since commit 51424b9955374196307aaf73cf4b6c184ce4fb6d:
devshell: Do not add scripts/git-intercept to PATH (2023-03-06 04:54:35 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Richard Purdie (1):
oeqa/selftest/prservice: Improve debug output for failure
Ross Burton (2):
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
Siddharth Doshi (1):
harfbuzz: Security fix for CVE-2023-25193
Vivek Kumbhar (1):
gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key
exchange code
meta/classes/kernel.bbclass | 2 +-
meta/lib/oeqa/selftest/cases/prservice.py | 2 +-
meta/recipes-extended/shadow/shadow_4.8.1.bb | 4 +
.../harfbuzz/CVE-2023-25193-pre0.patch | 335 ++++++++++++++++++
.../harfbuzz/CVE-2023-25193-pre1.patch | 135 +++++++
.../harfbuzz/harfbuzz/CVE-2023-25193.patch | 179 ++++++++++
.../harfbuzz/harfbuzz_2.6.4.bb | 5 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 -
.../gnutls/gnutls/CVE-2023-0361.patch | 85 +++++
meta/recipes-support/gnutls/gnutls_3.6.14.bb | 1 +
meta/recipes-support/vim/vim.inc | 2 +-
11 files changed, 746 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 0/6] Patch review
@ 2022-09-27 17:53 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4272
The following changes since commit ef38f7acee3f0ae400138fa60f4695a86dffc16e:
linux-yocto/5.4: update to v5.4.213 (2022-09-22 04:40:18 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Dmitry Baryshkov (3):
linux-firmware: upgrade 20220708 -> 20220913
linux-firmware: package new Qualcomm firmware
linux-firmware: package new Qualcomm firmware
Minjae Kim (1):
inetutils: CVE-2022-39028 - fix remote DoS vulnerability in
inetutils-telnetd
Richard Purdie (1):
vim: Upgrade 9.0.453 -> 9.0.541
Robert Joslyn (1):
tzdata: Update from 2022b to 2022c
.../inetutils/inetutils/CVE-2022-39028.patch | 54 +++++++++++++++++++
.../inetutils/inetutils_1.9.4.bb | 1 +
meta/recipes-extended/timezone/timezone.inc | 6 +--
...20220708.bb => linux-firmware_20220913.bb} | 39 ++++++++++++--
meta/recipes-support/vim/vim.inc | 4 +-
5 files changed, 95 insertions(+), 9 deletions(-)
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220708.bb => linux-firmware_20220913.bb} (94%)
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 0/6] Patch review
@ 2022-09-21 2:37 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-21 2:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4245
The following changes since commit 46ba253059738dbd4de4bc7a7ac02a2585c498f5:
vim: Upgrade 9.0.0341 -> 9.0.0453 (2022-09-14 08:08:22 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrei Gherzan (1):
qemu: Define libnfs PACKAGECONFIG
Chee Yang Lee (1):
qemu: fix and ignore several CVEs
Hitendra Prajapati (1):
connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP
Richard Purdie (1):
qemu: Add PACKAGECONFIG for brlapi
Virendra Thakur (2):
sqlite3: Fix CVE-2020-35525
sqlite3: Fix CVE-2020-35527
.../connman/connman/CVE-2022-32293.patch | 266 ++++++++++++++++++
.../connman/connman_1.37.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 17 ++
.../qemu/qemu/CVE-2020-13754-1.patch | 91 ++++++
.../qemu/qemu/CVE-2020-13754-2.patch | 69 +++++
.../qemu/qemu/CVE-2020-13754-3.patch | 65 +++++
.../qemu/qemu/CVE-2020-13754-4.patch | 39 +++
.../qemu/qemu/CVE-2021-3713.patch | 67 +++++
.../qemu/qemu/CVE-2021-3748.patch | 124 ++++++++
.../qemu/qemu/CVE-2021-3930.patch | 53 ++++
.../qemu/qemu/CVE-2021-4206.patch | 89 ++++++
.../qemu/qemu/CVE-2021-4207.patch | 43 +++
.../qemu/qemu/CVE-2022-0216-1.patch | 42 +++
.../qemu/qemu/CVE-2022-0216-2.patch | 52 ++++
.../sqlite/files/CVE-2020-35525.patch | 21 ++
.../sqlite/files/CVE-2020-35527.patch | 22 ++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 +
17 files changed, 1063 insertions(+)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216-2.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35525.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35527.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2022-04-28 21:46 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-04-28 21:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end of
day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3587
The following changes since commit 8e81d38048c953d0823abf04d5b2506cd988f0bb:
build-appliance-image: Update to dunfell head revision (2022-04-25 15:58:54 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Dmitry Baryshkov (1):
linux-firmware: correct license for ar3k firmware
Marta Rybczynska (1):
cve-check: add json format
Richard Purdie (1):
perf-build-test/report: Drop phantomjs and html email reports support
Ross Burton (1):
boost: don't specify gcc version
Steve Sakoman (1):
scripts/contrib/oe-build-perf-report-email.py: remove obsolete check
for phantomjs and optipng
sana kazi (1):
tiff: Fix CVE-2022-0891
meta/classes/cve-check.bbclass | 144 +++++++++++-
meta/lib/oe/cve_check.py | 16 ++
.../linux-firmware/linux-firmware_20220411.bb | 4 +-
.../libtiff/files/CVE-2022-0891.patch | 217 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
meta/recipes-support/boost/boost.inc | 2 +-
scripts/contrib/build-perf-test-wrapper.sh | 15 +-
scripts/contrib/oe-build-perf-report-email.py | 167 +-------------
8 files changed, 388 insertions(+), 178 deletions(-)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0891.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 0/6] Patch review
@ 2021-06-16 14:04 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-16 14:04 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dundell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2247
The following changes since commit 2246b0d7a71c69eb2e89c55991d1387069895466:
kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags (2021-06-08 04:32:17 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrea Adami (1):
kernel.bbclass: fix do_sizecheck() comparison
Kai Kang (1):
valgrind: fix a typo
Lee Chee Yang (4):
gstreamer-plugins-good: fix CVE-2021-3497 CVE-2021-3498
bind: 9.11.22 -> 9.11.32
ruby: 2.7.1 -> 2.7.3
python3: fix CVE-2021-23336
meta/classes/kernel.bbclass | 2 +-
.../bind/bind/CVE-2020-8625.patch | 17 -
.../bind/{bind_9.11.22.bb => bind_9.11.32.bb} | 5 +-
.../python/python3/CVE-2021-23336.patch | 530 ++++++++++++++++++
meta/recipes-devtools/python/python3_3.8.2.bb | 1 +
.../ruby/ruby/CVE-2020-25613.patch | 40 --
.../ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} | 5 +-
.../valgrind/valgrind_3.15.0.bb | 2 +-
.../CVE-2021-3497.patch | 207 +++++++
.../CVE-2021-3498.patch | 44 ++
.../gstreamer1.0-plugins-good_1.16.3.bb | 2 +
11 files changed, 790 insertions(+), 65 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
rename meta/recipes-connectivity/bind/{bind_9.11.22.bb => bind_9.11.32.bb} (96%)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-23336.patch
delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
rename meta/recipes-devtools/ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} (94%)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread* [OE-core][dunfell 0/6] Patch review
@ 2021-06-08 14:42 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2220
The following changes since commit 090452c5284181f18c32dc33887f4dda20c48004:
Revert "busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog" (2021-06-08 04:32:17 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.120
linux-yocto/5.4: update to v5.4.123
Klaus Heinrich Kiwi (1):
kernel-fitimage: Don't use unit addresses on FIT
Lee Chee Yang (2):
libxml: fix CVE-2021-3517 CVE-2021-3537
gnutls: fix CVE-2021-20231 CVE-2021-20232
Ovidiu Panait (1):
kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
meta/classes/kernel-devicetree.bbclass | 7 ++
meta/classes/kernel-fitimage.bbclass | 32 ++++-----
.../libxml/libxml2/CVE-2021-3517.patch | 53 +++++++++++++++
.../libxml/libxml2/CVE-2021-3537.patch | 50 ++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +--
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++---
.../gnutls/gnutls/CVE-2021-20231.patch | 67 +++++++++++++++++++
.../gnutls/gnutls/CVE-2021-20232.patch | 65 ++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.6.14.bb | 2 +
11 files changed, 280 insertions(+), 34 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2024-01-18 2:51 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-21 23:28 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 1/6] python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references Steve Sakoman
2022-06-21 23:28 ` [OE-core][dunfell 2/6] golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 3/6] dpkg: update to 1.19.8 Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 4/6] systemd: systemd-systemctl: Support instance conf files during enable Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 5/6] linux-firmware: add support for building snapshots Steve Sakoman
2022-06-21 23:29 ` [OE-core][dunfell 6/6] linux-firmware: upgrade 20220509 -> 20220610 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2024-01-18 2:51 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2023-12-27 2:30 Steve Sakoman
2023-10-25 2:29 Steve Sakoman
2023-03-14 15:21 Steve Sakoman
2022-09-27 17:53 Steve Sakoman
2022-09-21 2:37 Steve Sakoman
2022-04-28 21:46 Steve Sakoman
2021-06-16 14:04 Steve Sakoman
2021-06-08 14:42 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox