* [OE-core][kirkstone 00/31] Pull request (cover letter only)
@ 2022-11-30 14:42 Steve Sakoman
0 siblings, 0 replies; 2+ messages in thread
From: Steve Sakoman @ 2022-11-30 14:42 UTC (permalink / raw)
To: openembedded-core
The following changes since commit da2c64b3158c58eb0a484d3acbdf0419df2d34e8:
wic: make ext2/3/4 images reproducible (2022-11-17 07:23:06 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
Alexander Kanavin (11):
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only
that
gnomebase.bbclass: return the whole version for tarball directory if
it is a number
Jose Quaresma (3):
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Joshua Watt (2):
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Martin Jansa (1):
libsndfile1: Backport fix for CVE-2021-4156
Narpat Mali (2):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
Peter Marko (2):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
Richard Purdie (1):
sanity: Drop data finalize call
Ross Burton (1):
linux-firmware: don't put the firmware into the sysroot
Sakib Sajal (1):
go: fix CVE-2022-2880
Vivek Kumbhar (1):
python3: fix CVE-2022-42919 local privilege escalation via the
multiprocessing forkserver start method
Wang Mingyu (4):
xwayland: upgrade 22.1.4 -> 22.1.5
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
Xiangyu Chen (1):
bash: backport patch to fix CVE-2022-3715
meta-selftest/files/static-group | 1 +
meta/classes/create-spdx.bbclass | 5 +-
meta/classes/gnomebase.bbclass | 2 +-
meta/classes/rm_work.bbclass | 2 +
meta/classes/sanity.bbclass | 11 +-
meta/classes/sstate.bbclass | 2 +-
meta/lib/oe/sstatesig.py | 6 +
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-core/systemd/systemd_250.5.bb | 2 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
...util-avoid-query-parameter-smuggling.patch | 178 ++++++++++++++++++
meta/recipes-devtools/mtd/mtd-utils_git.bb | 4 +-
.../python/python3/CVE-2022-42919.patch | 70 +++++++
.../recipes-devtools/python/python3_3.10.7.bb | 1 +
.../qemu/qemu-helper-native_1.0.bb | 6 +-
.../qemu/qemu-helper/qemu-oe-bridge-helper | 25 ---
.../qemu/qemu-helper/qemu-oe-bridge-helper.c | 34 ++++
meta/recipes-devtools/vala/vala.inc | 10 +-
.../bash/bash/CVE-2022-3715.patch | 33 ++++
meta/recipes-extended/bash/bash_5.1.16.bb | 1 +
...pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} | 2 +-
.../{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} | 5 +-
...{xwayland_22.1.3.bb => xwayland_22.1.5.bb} | 2 +-
...20220913.bb => linux-firmware_20221012.bb} | 9 +-
...beltrace_1.5.8.bb => babeltrace_1.5.11.bb} | 2 +-
...c-stop-accessing-out-of-bounds-frame.patch | 89 +++++++++
...c-stop-accessing-out-of-bounds-frame.patch | 108 +++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +
...tools_1.20.3.bb => gst-devtools_1.20.4.bb} | 2 +-
...r-APNG-encoder-property-registration.patch | 86 ---------
...1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} | 6 +-
...x_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} | 2 +-
....bb => gstreamer1.0-plugins-bad_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.20.4.bb} | 2 +-
....20.3.bb => gstreamer1.0-python_1.20.4.bb} | 2 +-
....bb => gstreamer1.0-rtsp-server_1.20.4.bb} | 2 +-
...1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} | 2 +-
...er1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} | 2 +-
...flac-Fix-improper-buffer-reusing-732.patch | 29 +++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
...so-codes_4.11.0.bb => iso-codes_4.12.0.bb} | 2 +-
...m-sysv-reverted-clang-VFP-mitigation.patch | 6 +-
.../libffi/libffi/not-win32.patch | 8 +-
.../{libffi_3.4.2.bb => libffi_3.4.4.bb} | 4 +-
.../{libical_3.0.15.bb => libical_3.0.16.bb} | 2 +-
47 files changed, 612 insertions(+), 170 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
delete mode 100755 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
create mode 100644 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
create mode 100644 meta/recipes-extended/bash/bash/CVE-2022-3715.patch
rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} (98%)
rename meta/recipes-graphics/libepoxy/{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} (86%)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.3.bb => xwayland_22.1.5.bb} (95%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221012.bb} (99%)
rename meta/recipes-kernel/lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb} (98%)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.3.bb => gst-devtools_1.20.4.bb} (95%)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} (82%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.3.bb => gstreamer1.0-plugins-bad_1.20.4.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.3.bb => gstreamer1.0-plugins-base_1.20.4.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.3.bb => gstreamer1.0-plugins-good_1.20.4.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.3.bb => gstreamer1.0-plugins-ugly_1.20.4.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.3.bb => gstreamer1.0-python_1.20.4.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.3.bb => gstreamer1.0-rtsp-server_1.20.4.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} (97%)
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
rename meta/recipes-support/iso-codes/{iso-codes_4.11.0.bb => iso-codes_4.12.0.bb} (94%)
rename meta/recipes-support/libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb} (90%)
rename meta/recipes-support/libical/{libical_3.0.15.bb => libical_3.0.16.bb} (96%)
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread* [OE-core][kirkstone 00/31] Pull request (cover letter only)
@ 2022-05-19 23:53 Steve Sakoman
0 siblings, 0 replies; 2+ messages in thread
From: Steve Sakoman @ 2022-05-19 23:53 UTC (permalink / raw)
To: openembedded-core
The following changes since commit cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee:
build-appliance-image: Update to kirkstone head revision (2022-05-15 08:59:03 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
Alex Kiernan (1):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
Alexander Kanavin (11):
systemd: upgrade 250.4 -> 250.5
mesa: upgrade 22.0.0 -> 22.0.2
bind: upgrade 9.18.1 -> 9.18.2
cronie: upgrade 1.6.0 -> 1.6.1
epiphany: upgrade 42.0 -> 42.2
ffmpeg: upgrade 5.0 -> 5.0.1
fribidi: upgrade 1.0.11 -> 1.0.12
libinput: upgrade 1.19.3 -> 1.19.4
sqlite3: upgrade 3.38.2 -> 3.38.3
webkitgtk: upgrade 2.36.0 -> 2.36.1
xwayland: upgrade 22.1.0 -> 22.1.1
Aryaman Gupta (1):
e2fsprogs: update upstream status
Claudius Heine (1):
overlayfs: add docs about skipping QA check & service dependencies
Davide Gardenal (6):
freetype: backport patch for CVE-2022-27404
freetype: backport patch for CVE-2022-27405
freetype: backport patch for CVE-2022-27406
qemu: backport patch for CVE-2021-4206
qemu: backport patch for CVE-2021-4207
base-passwd: Disable shell for default users
Dmitry Baryshkov (2):
linux-firmware: upgrade 20220411 -> 20220509
image.bbclass: allow overriding dependency on virtual/kernel:do_deploy
Felix Moessbauer (1):
wic/plugins/rootfs: Fix permissions when splitting rootfs folders
across partitions
Jiaqing Zhao (3):
libxml2: Upgrade 2.9.13 -> 2.9.14
sed: Specify shell for "nobody" user in run-ptest
strace: Don't run ptest as "nobody"
Khem Raj (1):
systemd: Fix build regression with latest update
Konrad Weihmann (1):
linux-firmware: replace mkdir by install
Richard Purdie (3):
vim: Upgrade 8.2.4681 -> 8.2.4912
cairo: Add missing GPLv3 license checksum entry
sanity: Don't warn about make 4.2.1 for mint
meta/classes/image.bbclass | 7 +-
meta/classes/overlayfs.bbclass | 18 +-
meta/classes/pypi.bbclass | 2 +
meta/classes/sanity.bbclass | 2 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.1 => bind-9.18.2}/bind9 | 0
.../{bind-9.18.1 => bind-9.18.2}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.1.bb => bind_9.18.2.bb} | 2 +-
.../base-passwd/disable-shell.patch | 57 ++++
.../base-passwd/base-passwd_3.5.29.bb | 1 +
.../CVE-2022-23308-fix-regression.patch | 99 -------
.../libxml2/libxml-m4-use-pkgconfig.patch | 21 +-
.../{libxml2_2.9.13.bb => libxml2_2.9.14.bb} | 5 +-
...md-boot_250.4.bb => systemd-boot_250.5.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
.../0001-Adjust-for-musl-headers.patch | 98 ++++++-
...ass-correct-parameters-to-getdents64.patch | 10 +-
...e-Use-sockaddr-pointer-type-for-bind.patch | 46 ++++
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 8 +-
...002-don-t-use-glibc-specific-qsort_r.patch | 20 +-
...dd-__compare_fn_t-and-comparison_fn_.patch | 10 +-
...k-parse_printf_format-implementation.patch | 20 +-
...missing.h-check-for-missing-strndupa.patch | 151 +++++++++--
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 12 +-
...008-add-missing-FTW_-macros-for-musl.patch | 17 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 16 +-
...sable-tests-for-missing-typedefs-in-.patch | 4 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 18 +-
...patible-basename-for-non-glibc-syste.patch | 4 +-
...uffering-when-writing-to-oom_score_a.patch | 4 +-
...compliant-strerror_r-from-GNU-specif.patch | 10 +-
...S_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch | 4 +-
...ype.h-add-__compar_d_fn_t-definition.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../systemd/0019-Handle-missing-LOCK_EX.patch | 4 +-
...ible-pointer-type-struct-sockaddr_un.patch | 6 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 239 ++++++++++-------
.../0025-Handle-__cpu_mask-usage.patch | 4 +-
.../systemd/0026-Handle-missing-gshadow.patch | 16 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 11 +-
...eepConfiguration-when-running-on-net.patch | 253 ------------------
.../{systemd_250.4.bb => systemd_250.5.bb} | 2 +-
.../e2fsprogs/e2fsprogs/extents.patch | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +
.../qemu/qemu/CVE-2021-4206.patch | 89 ++++++
.../qemu/qemu/CVE-2021-4207.patch | 43 +++
meta/recipes-devtools/strace/strace/run-ptest | 6 +-
.../{cronie_1.6.0.bb => cronie_1.6.1.bb} | 2 +-
meta/recipes-extended/sed/sed/run-ptest | 2 +-
.../{epiphany_42.0.bb => epiphany_42.2.bb} | 2 +-
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 5 +-
.../freetype/freetype/CVE-2022-27404.patch | 48 ++++
.../freetype/freetype/CVE-2022-27405.patch | 41 +++
.../freetype/freetype/CVE-2022-27406.patch | 32 +++
.../freetype/freetype_2.11.1.bb | 6 +-
.../{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} | 0
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} | 0
...{libinput_1.19.3.bb => libinput_1.19.4.bb} | 2 +-
...{xwayland_22.1.0.bb => xwayland_22.1.1.bb} | 2 +-
...01-Makefile-replace-mkdir-by-install.patch | 84 ++++++
...20220411.bb => linux-firmware_20220509.bb} | 9 +-
.../ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} | 2 +-
.../webkitgtk/add_missing_include.patch | 19 --
...ebkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} | 3 +-
.../{fribidi_1.0.11.bb => fribidi_1.0.12.bb} | 2 +-
.../{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} | 2 +-
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/wic/plugins/source/rootfs.py | 5 +-
77 files changed, 1015 insertions(+), 618 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.1.bb => bind_9.18.2.bb} (98%)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
rename meta/recipes-core/libxml/{libxml2_2.9.13.bb => libxml2_2.9.14.bb} (96%)
rename meta/recipes-core/systemd/{systemd-boot_250.4.bb => systemd-boot_250.5.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-resolve-Use-sockaddr-pointer-type-for-bind.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0029-network-enable-KeepConfiguration-when-running-on-net.patch
rename meta/recipes-core/systemd/{systemd_250.4.bb => systemd_250.5.bb} (99%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
rename meta/recipes-extended/cronie/{cronie_1.6.0.bb => cronie_1.6.1.bb} (97%)
rename meta/recipes-gnome/epiphany/{epiphany_42.0.bb => epiphany_42.2.bb} (94%)
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
rename meta/recipes-graphics/mesa/{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} (100%)
rename meta/recipes-graphics/mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} (100%)
rename meta/recipes-graphics/wayland/{libinput_1.19.3.bb => libinput_1.19.4.bb} (95%)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.0.bb => xwayland_22.1.1.bb} (95%)
create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} (98%)
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/add_missing_include.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} (98%)
rename meta/recipes-support/fribidi/{fribidi_1.0.11.bb => fribidi_1.0.12.bb} (90%)
rename meta/recipes-support/sqlite/{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} (86%)
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-30 14:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-30 14:42 [OE-core][kirkstone 00/31] Pull request (cover letter only) Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-05-19 23:53 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox