From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 0/8] Patch review
Date: Sat, 22 Apr 2023 05:54:32 -1000 [thread overview]
Message-ID: <cover.1682178752.git.steve@sakoman.com> (raw)
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209
The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304:
package.bbclass: correct check for /build in copydebugsources() (2023-04-14 07:19:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
ruby: CVE-2023-28756 ReDoS vulnerability in Time
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41722
Siddharth Doshi (1):
curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Sundeep KOKKONDA (1):
cargo : non vulnerable cve-2022-46176 added to excluded list
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
Xiangyu Chen (1):
shadow: backport patch to fix CVE-2023-29383
.../distro/include/cve-extra-exclusions.inc | 5 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +
.../go/go-1.18/CVE-2022-41722.patch | 103 +++++++++
.../go/go-1.18/CVE-2023-24537.patch | 75 +++++++
.../ruby/ruby/CVE-2023-28756.patch | 73 +++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../screen/screen/CVE-2023-24626.patch | 40 ++++
meta/recipes-extended/screen/screen_4.9.0.bb | 1 +
.../files/0001-Overhaul-valid_field.patch | 65 ++++++
.../shadow/files/CVE-2023-29383.patch | 53 +++++
meta/recipes-extended/shadow/shadow.inc | 2 +
.../curl/curl/CVE-2023-27535-pre1.patch | 196 ++++++++++++++++++
.../CVE-2023-27535_and_CVE-2023-27538.patch | 170 +++++++++++++++
.../curl/curl/CVE-2023-27536.patch | 52 +++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
15 files changed, 844 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
next reply other threads:[~2023-04-22 15:54 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-22 15:54 Steve Sakoman [this message]
2023-04-22 15:54 ` [OE-core][kirkstone 1/8] ruby: CVE-2023-28756 ReDoS vulnerability in Time Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 2/8] curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 3/8] cargo : non vulnerable cve-2022-46176 added to excluded list Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 4/8] go-runtime: Security fix for CVE-2022-41722 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 5/8] shadow: backport patch to fix CVE-2023-29383 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 6/8] go: ignore CVE-2022-41716 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 7/8] screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 8/8] go: fix CVE-2023-24537 Infinite loop in parsing Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-03 20:59 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-10-17 20:43 Steve Sakoman
2025-08-13 21:28 Steve Sakoman
2025-04-01 22:36 Steve Sakoman
2024-08-04 17:08 Steve Sakoman
2024-05-24 12:14 Steve Sakoman
2024-03-12 13:53 Steve Sakoman
2024-02-12 13:54 Steve Sakoman
2023-11-29 23:04 Steve Sakoman
2023-09-13 14:30 Steve Sakoman
2023-08-27 20:52 Steve Sakoman
2023-07-24 2:33 Steve Sakoman
2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
2022-08-09 21:27 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1682178752.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox