[OE-core][kirkstone 00/16] Patch review

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/16] Patch review
Date: Wed, 16 Aug 2023 16:49:32 -1000	[thread overview]
Message-ID: <cover.1692239433.git.steve@sakoman.com> (raw)

Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 18.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5748

The following changes since commit e1a604db8d2cf8782038b4016cc2e2052467333b:

  build-appliance-image: Update to kirkstone head revision (2023-08-07 04:41:22 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Adrian Freihofer (1):
  dmidecode: fixup for CVE-2023-30630

Alberto Planas (1):
  rpm2cpio.sh: update to the last 4.x version

Alexander Kanavin (1):
  libxcrypt: update PV to match SRCREV

Archana Polampalli (2):
  ghostscript: fix CVE-2023-38559
  qemu: fix CVE-2023-3180

Ashish Sharma (1):
  curl: Backport fix CVE-2023-32001

Bruce Ashfield (3):
  linux-yocto/5.10: update to v5.10.186
  linux-yocto/5.10: update to v5.10.187
  linux-yocto/5.10: update to v5.10.188

Marek Vasut (1):
  linux-firmware: Fix mediatek mt7601u firmware path

Martin Jansa (1):
  npm.bbclass: avoid DeprecationWarning with new python

Narpat Mali (1):
  python3-certifi: fix CVE-2023-37920

Pavel Zhukov (1):
  scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2

Peter Marko (1):
  procps: patch CVE-2023-4016

Vivek Kumbhar (1):
  qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
    handshake can lead to remote unauthenticated denial of service

Yogita Urade (1):
  qemu: fix CVE-2020-14394

 meta/classes/npm.bbclass                      |   2 +-
 ...ibxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} |   0
 .../dmidecode/CVE-2023-30630_1a.patch         | 236 ++++++++++++++
 ...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 +++-----
 .../dmidecode/CVE-2023-30630_2.patch          |  11 +-
 .../dmidecode/CVE-2023-30630_3.patch          |  60 ++--
 .../dmidecode/CVE-2023-30630_4.patch          | 149 ++++-----
 .../dmidecode/dmidecode_3.3.bb                |   3 +-
 .../python3-certifi/CVE-2023-37920.patch      | 301 ++++++++++++++++++
 .../python/python3-certifi_2021.10.8.bb       |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   3 +
 .../qemu/qemu/CVE-2020-14394.patch            |  79 +++++
 .../qemu/qemu/CVE-2023-3180.patch             |  50 +++
 .../qemu/qemu/CVE-2023-3354.patch             |  87 +++++
 .../ghostscript/CVE-2023-38559.patch          |  32 ++
 .../ghostscript/ghostscript_9.55.0.bb         |   1 +
 .../procps/procps/CVE-2023-4016.patch         |  85 +++++
 meta/recipes-extended/procps/procps_3.3.17.bb |   1 +
 .../linux-firmware/linux-firmware_20230515.bb |   2 +-
 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 .../curl/curl/CVE-2023-32001.patch            |  39 +++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 scripts/rpm2cpio.sh                           |  30 +-
 25 files changed, 1117 insertions(+), 223 deletions(-)
 rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%)
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
 rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%)
 create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
 create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

-- 
2.34.1

next             reply	other threads:[~2023-08-17  2:49 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-17  2:49 Steve Sakoman [this message]
2023-08-17  2:49 ` [OE-core][kirkstone 01/16] python3-certifi: fix CVE-2023-37920 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 02/16] qemu: fix CVE-2020-14394 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 03/16] qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 04/16] ghostscript: fix CVE-2023-38559 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 05/16] procps: patch CVE-2023-4016 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 06/16] qemu: fix CVE-2023-3180 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 07/16] curl: Backport fix CVE-2023-32001 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 08/16] dmidecode: fixup for CVE-2023-30630 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 09/16] linux-yocto/5.10: update to v5.10.186 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 10/16] linux-yocto/5.10: update to v5.10.187 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 11/16] linux-yocto/5.10: update to v5.10.188 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 12/16] linux-firmware: Fix mediatek mt7601u firmware path Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 13/16] npm.bbclass: avoid DeprecationWarning with new python Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 14/16] scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2 Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 15/16] rpm2cpio.sh: update to the last 4.x version Steve Sakoman
2023-08-17  2:49 ` [OE-core][kirkstone 16/16] libxcrypt: update PV to match SRCREV Steve Sakoman
  -- strict thread matches above, loose matches on Subject: below --
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-03-05 15:58 Steve Sakoman
2025-01-20 17:50 Steve Sakoman
2024-10-02 13:12 Steve Sakoman
2024-02-27 21:56 Steve Sakoman
2023-11-22  2:30 Steve Sakoman
2022-09-13 14:17 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1692239433.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox