From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/22] Patch review
Date: Sun, 13 Aug 2023 11:18:06 -1000 [thread overview]
Message-ID: <cover.1691961051.git.steve@sakoman.com> (raw)
Please review this set of changes for dunfell and have comments back by
end of day Tuesday, August 15.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730
with the exception of qemuppc-alt, which failed due to out of disk space errors
on the debian-11-ty-1 worker:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969
The qemuppc-alt build passed on subsequent re-test on a worker without disk space issues:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972
The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99:
build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Abdellatif El Khlifi (1):
kernel: skip installing fitImage when using Initramfs bundles
Bruce Ashfield (3):
linux-yocto/5.4: update to v5.4.249
linux-yocto/5.4: update to v5.4.250
linux-yocto/5.4: update to v5.4.251
Dhairya Nagodra (2):
dmidecode 3.2: Fix CVE-2023-30630
harfbuzz: Resolve backported commit bug.
Emily Vekariya (1):
qemu: CVE-ID correction for CVE-2020-35505
Hitendra Prajapati (3):
ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI
tiff: fix multiple CVEs
tiff: fix multiple CVEs
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Peter Marko (6):
python3: ignore CVE-2023-36632
libjpeg-turbo: patch CVE-2023-2804
libarchive: ignore CVE-2023-30571
libpcre2: patch CVE-2022-41409
procps: patch CVE-2023-4016
openssl: Upgrade 1.1.1t -> 1.1.1v
Vijay Anusuri (1):
ghostscript: backport fix for CVE-2023-38559
Vivek Kumbhar (2):
go: fix CVE-2023-29406 net/http: insufficient sanitization of Host
header
qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
handshake can lead to remote unauthenticated denial of service
Yuta Hayama (2):
cve-update-nvd2-native: always pass str for json.loads()
systemd-systemctl: fix errors in instance name expansion
meta/classes/kernel.bbclass | 20 +-
...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++
.../openssl/openssl/CVE-2023-0464.patch | 226 -----------------
.../openssl/openssl/CVE-2023-0465.patch | 60 -----
.../openssl/openssl/CVE-2023-0466.patch | 82 ------
.../openssl/openssl/CVE-2023-2650.patch | 122 ---------
.../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +-
.../meta/cve-update-nvd2-native.bb | 2 +-
.../systemd/systemd-systemctl/systemctl | 2 +-
.../CVE-2023-30630-dependent_p1.patch | 236 ++++++++++++++++++
.../CVE-2023-30630-dependent_p2.patch | 198 +++++++++++++++
.../dmidecode/dmidecode/CVE-2023-30630.patch | 62 +++++
.../dmidecode/dmidecode_3.2.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29406.patch | 212 ++++++++++++++++
.../recipes-devtools/python/python3_3.8.17.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-35505.patch | 11 +-
.../qemu/qemu/CVE-2023-3354.patch | 87 +++++++
.../ruby/ruby/CVE-2021-33621.patch | 139 +++++++++++
meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 +
...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++
.../ghostscript/ghostscript_9.52.bb | 1 +
.../libarchive/libarchive_3.4.2.bb | 3 +
.../procps/procps/CVE-2023-4016.patch | 85 +++++++
meta/recipes-extended/procps/procps_3.3.16.bb | 1 +
.../harfbuzz/harfbuzz/CVE-2023-25193.patch | 16 +-
.../jpeg/files/CVE-2023-2804-1.patch | 97 +++++++
.../jpeg/files/CVE-2023-2804-2.patch | 75 ++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 2 +
.../linux-firmware/linux-firmware_20230515.bb | 2 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../libtiff/files/CVE-2023-25433.patch | 173 +++++++++++++
.../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++++++
.../libtiff/files/CVE-2023-26965.patch | 90 +++++++
.../libtiff/files/CVE-2023-26966.patch | 35 +++
.../libtiff/files/CVE-2023-2908.patch | 33 +++
.../libtiff/files/CVE-2023-3316.patch | 59 +++++
.../libtiff/files/CVE-2023-3618-1.patch | 34 +++
.../libtiff/files/CVE-2023-3618-2.patch | 47 ++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 +
.../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
45 files changed, 1977 insertions(+), 531 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1t.bb => openssl_1.1.1v.bb} (96%)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434-CVE-2023-25435.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
--
2.34.1
next reply other threads:[~2023-08-13 21:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-13 21:18 Steve Sakoman [this message]
2023-08-13 21:18 ` [OE-core][dunfell 01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 02/22] python3: ignore CVE-2023-36632 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 03/22] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 04/22] go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 05/22] libarchive: ignore CVE-2023-30571 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 06/22] libpcre2: patch CVE-2022-41409 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 07/22] tiff: fix multiple CVEs Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 08/22] " Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 09/22] dmidecode 3.2: Fix CVE-2023-30630 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 10/22] qemu: CVE-ID correction for CVE-2020-35505 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 11/22] qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 12/22] ghostscript: backport fix for CVE-2023-38559 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 13/22] procps: patch CVE-2023-4016 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 14/22] cve-update-nvd2-native: always pass str for json.loads() Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 15/22] harfbuzz: Resolve backported commit bug Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 16/22] linux-yocto/5.4: update to v5.4.249 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 17/22] linux-yocto/5.4: update to v5.4.250 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 18/22] linux-yocto/5.4: update to v5.4.251 Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 19/22] openssl: Upgrade 1.1.1t -> 1.1.1v Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 20/22] linux-firmware: Fix mediatek mt7601u firmware path Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 21/22] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
2023-08-13 21:18 ` [OE-core][dunfell 22/22] kernel: skip installing fitImage when using Initramfs bundles Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2021-05-12 14:56 [OE-core][dunfell 00/22] Patch review Steve Sakoman
2020-06-30 3:02 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1691961051.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox