From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/10] Patch review
Date: Tue, 17 Oct 2023 08:42:20 -1000 [thread overview]
Message-ID: <cover.1697567211.git.steve@sakoman.com> (raw)
Please review this set of changes for dunfell and have comments back by
end of day Thursday, October 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6058
with the exception of a reproducibility issue for the vim-common package
where we have:
"Content-Type:·text/plain;·charset=CP1251\n"
in the A build and:
"Content-Type:·text/plain;·charset=cp1251\n"
in the B build.
Dunfell autobuilder builds are currently using an older buildtools tarball
which is missing:
https://git.yoctoproject.org/poky/commit/?id=a2f1791f8d0118f44cf752341c4793d656a54a94
I'm sending a patch to the list to update dunfell to the latest buildtools tarball
The following changes since commit 0e167ef0eb7ac62ddb991ce80c27882863d8ee7c:
cpio: Replace fix wrong CRC with ASCII CRC for large files with upstream backport (2023-10-09 07:30:51 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Marek Vasut (2):
libtiff: Add fix for tiffcrop CVE-2023-1916
systemd: Backport systemd-resolved: use hostname for certificate
validation in DoT
Mike Crowe (2):
curl: Backport fix for CVE-2023-38545
curl: Backport fix for CVE-2023-38546
Pawan (1):
libwebp: Update CVE ID CVE-2023-4863
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Siddharth Doshi (4):
glib-2.0: Fix multiple vulnerabilities
vim: Upgrade 9.0.1894 -> 9.0.2009
xorg-lib-common: Add variable to set tarball type
libxpm: upgrade to 3.5.17
meta/classes/kernel.bbclass | 4 +-
.../glib-2.0/glib-2.0/CVE-2023-29499.patch | 290 ++++++++++++
.../glib-2.0/CVE-2023-32611-0001.patch | 89 ++++
.../glib-2.0/CVE-2023-32611-0002.patch | 255 +++++++++++
.../glib-2.0/glib-2.0/CVE-2023-32636.patch | 49 ++
.../glib-2.0/glib-2.0/CVE-2023-32643.patch | 154 +++++++
.../glib-2.0/CVE-2023-32665-0001.patch | 103 +++++
.../glib-2.0/CVE-2023-32665-0002.patch | 210 +++++++++
.../glib-2.0/CVE-2023-32665-0003.patch | 417 ++++++++++++++++++
.../glib-2.0/CVE-2023-32665-0004.patch | 113 +++++
.../glib-2.0/CVE-2023-32665-0005.patch | 80 ++++
.../glib-2.0/CVE-2023-32665-0006.patch | 396 +++++++++++++++++
.../glib-2.0/CVE-2023-32665-0007.patch | 49 ++
.../glib-2.0/CVE-2023-32665-0008.patch | 394 +++++++++++++++++
.../glib-2.0/CVE-2023-32665-0009.patch | 97 ++++
meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 14 +
.../systemd/systemd/CVE-2018-21029.patch | 120 +++++
meta/recipes-core/systemd/systemd_244.5.bb | 1 +
.../xorg-lib/libxpm/CVE-2022-46285.patch | 40 --
.../{libxpm_3.5.13.bb => libxpm_3.5.17.bb} | 9 +-
.../xorg-lib/xorg-lib-common.inc | 3 +-
.../libtiff/files/CVE-2023-1916.patch | 91 ++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
.../webp/files/CVE-2023-5129.patch | 9 +-
.../curl/curl/CVE-2023-38545.patch | 148 +++++++
.../curl/curl/CVE-2023-38546.patch | 132 ++++++
meta/recipes-support/curl/curl_7.69.1.bb | 2 +
meta/recipes-support/vim/vim.inc | 4 +-
28 files changed, 3223 insertions(+), 51 deletions(-)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-29499.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0002.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32636.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32643.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0001.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0002.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0003.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0004.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0005.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0006.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0007.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0008.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2018-21029.patch
delete mode 100644 meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.13.bb => libxpm_3.5.17.bb} (68%)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-1916.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch
--
2.34.1
next reply other threads:[~2023-10-17 18:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-17 18:42 Steve Sakoman [this message]
2023-10-17 18:42 ` [OE-core][dunfell 01/10] libtiff: Add fix for tiffcrop CVE-2023-1916 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 02/10] curl: Backport fix for CVE-2023-38545 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 03/10] curl: Backport fix for CVE-2023-38546 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 04/10] glib-2.0: Fix multiple vulnerabilities Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 05/10] libwebp: Update CVE ID CVE-2023-4863 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 06/10] vim: Upgrade 9.0.1894 -> 9.0.2009 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 07/10] xorg-lib-common: Add variable to set tarball type Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 08/10] libxpm: upgrade to 3.5.17 Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 09/10] kernel.bbclass: Add force flag to rm calls Steve Sakoman
2023-10-17 18:42 ` [OE-core][dunfell 10/10] systemd: Backport systemd-resolved: use hostname for certificate validation in DoT Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2022-03-27 16:40 Steve Sakoman
2021-12-13 15:36 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1697567211.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox