From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/17] Patch review
Date: Wed, 27 Sep 2023 16:48:29 -1000 [thread overview]
Message-ID: <cover.1695869144.git.steve@sakoman.com> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 29
Passed a-full on autobuilder (other than a known send-qa-email issue):
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5956
The following changes since commit d90e4d5e3cca9cffe8f60841afc63667a9ac39fa:
build-appliance-image: Update to kirkstone head revision (2023-09-24 10:53:54 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ghostscript: fix CVE-2023-43115
gstreamer1.0-plugins-bad: fix CVE-2023-40474
gstreamer1.0-plugins-bad: fix CVE-2023-40475
gstreamer1.0-plugins-bad: fix CVE-2023-40476
Colin McAllister (1):
libwebp: Fix CVE-2023-5129
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Lee Chee Yang (2):
cups: Fix CVE-2023-4504
bind: update to 9.18.19
Meenali Gupta (1):
ruby: fix CVE-2023-36617
Narpat Mali (1):
python3-git: upgrade 3.1.32 -> 3.1.37
Peter Marko (1):
openssl: Upgrade 3.0.10 -> 3.0.11
Ross Burton (2):
linux-yocto: update CVE exclusions
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Siddharth Doshi (1):
go: Fix CVE-2023-39318
Soumya Sambu (1):
shadow: Fix CVE-2023-4641
Yogita Urade (1):
webkitgtk: fix CVE-2023-32439
meta/classes/cml1.bbclass | 2 +-
meta/classes/kernel.bbclass | 4 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.17 => bind}/bind9 | 0
.../bind/{bind-9.18.17 => bind}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.17 => bind}/named.service | 0
.../bind/{bind_9.18.17.bb => bind_9.18.19.bb} | 2 +-
.../{openssl_3.0.10.bb => openssl_3.0.11.bb} | 2 +-
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2023-39318.patch | 238 +
...n3-git_3.1.32.bb => python3-git_3.1.37.bb} | 4 +-
.../ruby/ruby/CVE-2023-36617_1.patch | 52 +
.../ruby/ruby/CVE-2023-36617_2.patch | 47 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 2 +
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-4504.patch | 42 +
.../ghostscript/CVE-2023-43115.patch | 62 +
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../shadow/files/CVE-2023-4641-0001.patch | 36 +
.../shadow/files/CVE-2023-4641-0002.patch | 147 +
meta/recipes-extended/shadow/shadow.inc | 2 +
.../xorg-xserver/xserver-xorg.inc | 2 +
.../linux/cve-exclusion_5.10.inc | 7255 +++++++++++++++++
.../linux/cve-exclusion_5.15.inc | 151 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 1 +
.../CVE-2023-40474.patch | 118 +
.../CVE-2023-40475.patch | 49 +
.../CVE-2023-40476.patch | 44 +
.../gstreamer1.0-plugins-bad_1.20.7.bb | 3 +
.../webp/files/CVE-2023-5129.patch | 364 +
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 +
.../webkit/webkitgtk/CVE-2023-32439.patch | 127 +
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
38 files changed, 8719 insertions(+), 42 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.19.bb} (97%)
rename meta/recipes-connectivity/openssl/{openssl_3.0.10.bb => openssl_3.0.11.bb} (99%)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-39318.patch
rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} (86%)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch
create mode 100644 meta/recipes-kernel/linux/cve-exclusion_5.10.inc
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40474.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40475.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40476.patch
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-32439.patch
--
2.34.1
next reply other threads:[~2023-09-28 2:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-28 2:48 Steve Sakoman [this message]
2023-09-28 2:48 ` [OE-core][kirkstone 01/17] shadow: Fix CVE-2023-4641 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 02/17] ghostscript: fix CVE-2023-43115 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 03/17] gstreamer1.0-plugins-bad: fix CVE-2023-40474 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 04/17] gstreamer1.0-plugins-bad: fix CVE-2023-40475 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 05/17] gstreamer1.0-plugins-bad: fix CVE-2023-40476 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 06/17] go: Fix CVE-2023-39318 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 07/17] linux-yocto: update CVE exclusions Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 08/17] ruby: fix CVE-2023-36617 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 09/17] webkitgtk: fix CVE-2023-32439 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 10/17] xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 11/17] cups: Fix CVE-2023-4504 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 12/17] libwebp: Fix CVE-2023-5129 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 13/17] openssl: Upgrade 3.0.10 -> 3.0.11 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 14/17] python3-git: upgrade 3.1.32 -> 3.1.37 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 15/17] bind: update to 9.18.19 Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 16/17] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Steve Sakoman
2023-09-28 2:48 ` [OE-core][kirkstone 17/17] kernel.bbclass: Add force flag to rm calls Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2026-03-16 9:28 [OE-core][kirkstone 00/17] Patch review Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1695869144.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox