* [OE-core][kirkstone 0/7] Patch review
@ 2022-08-04 14:06 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2022-08-04 14:06 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back
by end of day Sunday.
This should be the almost final set of patches for the 4.0.3 release -
there remains an intermittent linux-yocto reproducibility issue that
needs to get fixed.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4015
The following changes since commit 3564ce3d9b2030dd420362c66147bd327090915c:
initscripts: run umountnfs as a KILL script (2022-07-28 05:32:25 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
openssh: Add openssh-sftp-server to openssh RDEPENDS
Dmitry Baryshkov (1):
linux-firwmare: restore WHENCE_CHKSUM variable
Khem Raj (1):
libgcc: Fix standalone target builds with usrmerge distro feature
Martin Jansa (1):
kernel.bbclass: pass LD also in savedefconfig
Mingli Yu (1):
strace: set COMPATIBLE_HOST for riscv32
Shruthi Ravichandran (1):
package_manager/ipk: do not pipe stderr to stdout
Sundeep KOKKONDA (1):
binutils: stable 2.38 branch updates
meta/classes/kernel.bbclass | 2 +-
meta/lib/oe/package_manager/ipk/__init__.py | 23 +++++++++++--------
.../openssh/openssh_8.9p1.bb | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
meta/recipes-devtools/gcc/libgcc-common.inc | 8 +++++--
meta/recipes-devtools/strace/strace_5.16.bb | 3 +++
.../linux-firmware/linux-firmware_20220708.bb | 5 +++-
7 files changed, 29 insertions(+), 16 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-04-15 15:26 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-04-15 15:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5185
The following changes since commit ff4b57ffff903a93b710284c7c7f916ddd74712f:
uninative: Upgrade to 3.9 to include glibc 2.37 (2023-04-04 05:32:01 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
curl: CVE-2023-27533 TELNET option IAC injection
curl: CVE-2023-27534 SFTP path resolving discrepancy
Joe Slater (1):
go: fix CVE-2022-41724, 41725
Mark Hatle (1):
openssl: Move microblaze to linux-latomic config
Pawan Badganchi (1):
tiff: Add fix for CVE-2022-4645
Peter Marko (1):
package.bbclass: correct check for /build in copydebugsources()
Yash Shinde (1):
binutils : Fix CVE-2023-1579
meta/classes/package.bbclass | 2 +-
.../openssl/openssl_3.0.8.bb | 4 +-
.../binutils/binutils-2.38.inc | 4 +
.../binutils/0021-CVE-2023-1579-1.patch | 459 ++++
.../binutils/0021-CVE-2023-1579-2.patch | 2127 +++++++++++++++
.../binutils/0021-CVE-2023-1579-3.patch | 156 ++
.../binutils/0021-CVE-2023-1579-4.patch | 37 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +-
.../go/go-1.19/add_godebug.patch | 84 +
.../go/go-1.19/cve-2022-41724.patch | 2391 +++++++++++++++++
.../go/go-1.19/cve-2022-41725.patch | 652 +++++
...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 5 +-
.../curl/curl/CVE-2023-27533.patch | 208 ++
.../curl/curl/CVE-2023-27534.patch | 122 +
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
15 files changed, 6252 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/add_godebug.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-10-30 2:20 Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 1/7] cve-exclusion_5.10.inc: update for 5.10.197 Steve Sakoman
` (6 more replies)
0 siblings, 7 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6115
The following changes since commit 7681436190354b5c5b6c3a82b3094badd81113de:
vim: Upgrade 9.0.2009 -> 9.0.2048 (2023-10-20 06:38:00 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
curl: fix CVE-2023-38545
curl: fix CVE-2023-38546
Fahad Arslan (2):
linux-firmware: create separate package for cirrus and cnm firmwares
linux-firmware: create separate packages
Niko Mauno (1):
package_rpm: Allow compression mode override
Peter Marko (1):
openssl: Upgrade 3.0.11 -> 3.0.12
Steve Sakoman (1):
cve-exclusion_5.10.inc: update for 5.10.197
meta/classes/package_rpm.bbclass | 6 +-
.../{openssl_3.0.11.bb => openssl_3.0.12.bb} | 2 +-
.../linux-firmware/linux-firmware_20230804.bb | 260 +++++++++++++++++-
.../linux/cve-exclusion_5.10.inc | 123 +++++++--
.../curl/curl/CVE-2023-38545.patch | 133 +++++++++
.../curl/curl/CVE-2023-38546.patch | 137 +++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
7 files changed, 633 insertions(+), 30 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 1/7] cve-exclusion_5.10.inc: update for 5.10.197
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 2/7] curl: fix CVE-2023-38545 Steve Sakoman
` (5 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_5.10.inc | 123 ++++++++++++++----
1 file changed, 100 insertions(+), 23 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.10.inc b/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
index 2f58117d6f..7b4f68c428 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-23 10:42:09.595192 for version 5.10.188
+# Generated at 2023-10-24 06:17:08.900468 for version 5.10.197
python check_kernel_cve_status_version() {
- this_version = "5.10.188"
+ this_version = "5.10.197"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4834,7 +4834,8 @@ CVE_CHECK_IGNORE += "CVE-2020-27194"
# fixed-version: Fixed after version 5.6rc4
CVE_CHECK_IGNORE += "CVE-2020-2732"
-# CVE-2020-27418 has no known resolution
+# fixed-version: Fixed after version 5.6rc5
+CVE_CHECK_IGNORE += "CVE-2020-27418"
# fixed-version: Fixed after version 5.10rc1
CVE_CHECK_IGNORE += "CVE-2020-27673"
@@ -4976,6 +4977,9 @@ CVE_CHECK_IGNORE += "CVE-2020-36691"
# fixed-version: Fixed after version 5.10
CVE_CHECK_IGNORE += "CVE-2020-36694"
+# fixed-version: Fixed after version 5.9rc1
+CVE_CHECK_IGNORE += "CVE-2020-36766"
+
# cpe-stable-backport: Backported in 5.10.61
CVE_CHECK_IGNORE += "CVE-2020-3702"
@@ -6424,7 +6428,8 @@ CVE_CHECK_IGNORE += "CVE-2022-40768"
# cpe-stable-backport: Backported in 5.10.142
CVE_CHECK_IGNORE += "CVE-2022-4095"
-# CVE-2022-40982 needs backporting (fixed from 5.10.189)
+# cpe-stable-backport: Backported in 5.10.189
+CVE_CHECK_IGNORE += "CVE-2022-40982"
# cpe-stable-backport: Backported in 5.10.163
CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6683,12 +6688,14 @@ CVE_CHECK_IGNORE += "CVE-2023-1192"
# CVE-2023-1193 has no known resolution
-# CVE-2023-1194 has no known resolution
+# fixed-version: only affects 5.15rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-1194"
# fixed-version: only affects 5.16rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-1195"
-# CVE-2023-1206 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-1206"
# cpe-stable-backport: Backported in 5.10.110
CVE_CHECK_IGNORE += "CVE-2023-1249"
@@ -6768,9 +6775,11 @@ CVE_CHECK_IGNORE += "CVE-2023-2008"
# fixed-version: only affects 5.12rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-2019"
-# CVE-2023-20569 needs backporting (fixed from 5.10.189)
+# cpe-stable-backport: Backported in 5.10.189
+CVE_CHECK_IGNORE += "CVE-2023-20569"
-# CVE-2023-20588 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-20588"
# cpe-stable-backport: Backported in 5.10.187
CVE_CHECK_IGNORE += "CVE-2023-20593"
@@ -6973,7 +6982,7 @@ CVE_CHECK_IGNORE += "CVE-2023-3106"
# CVE-2023-31084 needs backporting (fixed from 6.4rc3)
-# CVE-2023-31085 has no known resolution
+# CVE-2023-31085 needs backporting (fixed from 5.10.198)
# cpe-stable-backport: Backported in 5.10.184
CVE_CHECK_IGNORE += "CVE-2023-3111"
@@ -7089,6 +7098,8 @@ CVE_CHECK_IGNORE += "CVE-2023-34256"
# fixed-version: only affects 6.1 onwards
CVE_CHECK_IGNORE += "CVE-2023-34319"
+# CVE-2023-34324 needs backporting (fixed from 5.10.198)
+
# fixed-version: only affects 5.15rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-3439"
@@ -7136,7 +7147,8 @@ CVE_CHECK_IGNORE += "CVE-2023-37453"
# CVE-2023-37454 has no known resolution
-# CVE-2023-3772 needs backporting (fixed from 5.10.192)
+# cpe-stable-backport: Backported in 5.10.192
+CVE_CHECK_IGNORE += "CVE-2023-3772"
# fixed-version: only affects 5.17rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-3773"
@@ -7186,16 +7198,35 @@ CVE_CHECK_IGNORE += "CVE-2023-3866"
# fixed-version: only affects 5.15rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-3867"
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-39189"
+
+# CVE-2023-39191 needs backporting (fixed from 6.3rc1)
+
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-39192"
+
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-39193"
+
+# cpe-stable-backport: Backported in 5.10.192
+CVE_CHECK_IGNORE += "CVE-2023-39194"
+
# cpe-stable-backport: Backported in 5.10.188
CVE_CHECK_IGNORE += "CVE-2023-4004"
# CVE-2023-4010 has no known resolution
-# CVE-2023-4015 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4015"
-# CVE-2023-40283 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-40283"
-# CVE-2023-4128 needs backporting (fixed from 5.10.190)
+# CVE-2023-40791 needs backporting (fixed from 6.5rc6)
+
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4128"
# cpe-stable-backport: Backported in 5.10.188
CVE_CHECK_IGNORE += "CVE-2023-4132"
@@ -7204,7 +7235,8 @@ CVE_CHECK_IGNORE += "CVE-2023-4132"
# CVE-2023-4134 needs backporting (fixed from 6.5rc1)
-# CVE-2023-4147 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4147"
# fixed-version: only affects 5.11rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-4155"
@@ -7212,15 +7244,33 @@ CVE_CHECK_IGNORE += "CVE-2023-4155"
# fixed-version: only affects 6.3rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-4194"
-# CVE-2023-4206 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4206"
+
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4207"
+
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4208"
+
+# CVE-2023-4244 needs backporting (fixed from 5.10.198)
+
+# cpe-stable-backport: Backported in 5.10.190
+CVE_CHECK_IGNORE += "CVE-2023-4273"
-# CVE-2023-4207 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-42752"
-# CVE-2023-4208 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-42753"
-# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+# CVE-2023-42754 needs backporting (fixed from 5.10.198)
-# CVE-2023-4273 needs backporting (fixed from 5.10.190)
+# cpe-stable-backport: Backported in 5.10.197
+CVE_CHECK_IGNORE += "CVE-2023-42755"
+
+# fixed-version: only affects 6.4rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-42756"
# cpe-stable-backport: Backported in 5.10.121
CVE_CHECK_IGNORE += "CVE-2023-4385"
@@ -7234,22 +7284,49 @@ CVE_CHECK_IGNORE += "CVE-2023-4389"
# fixed-version: only affects 5.16rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-4394"
+# fixed-version: only affects 5.11rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-44466"
+
# cpe-stable-backport: Backported in 5.10.118
CVE_CHECK_IGNORE += "CVE-2023-4459"
-# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+# CVE-2023-4563 needs backporting (fixed from 5.10.198)
# fixed-version: only affects 5.13rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-4569"
+# cpe-stable-backport: Backported in 5.10.173
+CVE_CHECK_IGNORE += "CVE-2023-45862"
+
+# CVE-2023-45863 needs backporting (fixed from 6.3rc1)
+
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-45871"
+
+# CVE-2023-45898 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4610 has no known resolution
+
# fixed-version: only affects 6.4rc1 onwards
CVE_CHECK_IGNORE += "CVE-2023-4611"
# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
-# CVE-2023-4623 needs backporting (fixed from 6.6rc1)
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-4623"
+
+# cpe-stable-backport: Backported in 5.10.53
+CVE_CHECK_IGNORE += "CVE-2023-4732"
+
+# CVE-2023-4881 needs backporting (fixed from 5.10.198)
-# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
+# cpe-stable-backport: Backported in 5.10.195
+CVE_CHECK_IGNORE += "CVE-2023-4921"
-# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
+# CVE-2023-5158 has no known resolution
+
+# CVE-2023-5197 needs backporting (fixed from 5.10.198)
+
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-5345"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 2/7] curl: fix CVE-2023-38545
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 1/7] cve-exclusion_5.10.inc: update for 5.10.197 Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 3/7] curl: fix CVE-2023-38546 Steve Sakoman
` (4 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2023-38545.patch | 133 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 134 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-38545.patch b/meta/recipes-support/curl/curl/CVE-2023-38545.patch
new file mode 100644
index 0000000000..c198d29c04
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-38545.patch
@@ -0,0 +1,133 @@
+From fb4415d8aee6c1045be932a34fe6107c2f5ed147 Mon Sep 17 00:00:00 2001
+From: Jay Satiro <raysatiro@yahoo.com>
+Date: Wed, 11 Oct 2023 07:34:19 +0200
+Subject: [PATCH] socks: return error if hostname too long for remote resolve
+
+Prior to this change the state machine attempted to change the remote
+resolve to a local resolve if the hostname was longer than 255
+characters. Unfortunately that did not work as intended and caused a
+security issue.
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147]
+
+CVE: CVE-2023-38545
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/socks.c | 8 +++---
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test722 | 64 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 69 insertions(+), 5 deletions(-)
+ create mode 100644 tests/data/test722
+
+diff --git a/lib/socks.c b/lib/socks.c
+index a014aa6..2215c02 100644
+--- a/lib/socks.c
++++ b/lib/socks.c
+@@ -536,9 +536,9 @@ CURLproxycode Curl_SOCKS5(const char *proxy_user,
+
+ /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
+ if(!socks5_resolve_local && hostname_len > 255) {
+- infof(data, "SOCKS5: server resolving disabled for hostnames of "
+- "length > 255 [actual len=%zu]", hostname_len);
+- socks5_resolve_local = TRUE;
++ failf(data, "SOCKS5: the destination hostname is too long to be "
++ "resolved remotely by the proxy.");
++ return CURLPX_LONG_HOSTNAME;
+ }
+
+ if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+@@ -879,7 +879,7 @@ CURLproxycode Curl_SOCKS5(const char *proxy_user,
+ }
+ else {
+ socksreq[len++] = 3;
+- socksreq[len++] = (char) hostname_len; /* one byte address length */
++ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
+ memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
+ len += hostname_len;
+ }
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 3064b39..47117b6 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -99,7 +99,7 @@ test670 test671 test672 test673 test674 test675 test676 test677 test678 \
+ \
+ test700 test701 test702 test703 test704 test705 test706 test707 test708 \
+ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
+-test718 test719 test720 test721 \
++test718 test719 test720 test721 test722 \
+ \
+ test800 test801 test802 test803 test804 test805 test806 test807 test808 \
+ test809 test810 test811 test812 test813 test814 test815 test816 test817 \
+diff --git a/tests/data/test722 b/tests/data/test722
+new file mode 100644
+index 0000000..05bcf28
+--- /dev/null
++++ b/tests/data/test722
+@@ -0,0 +1,64 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++SOCKS5
++SOCKS5h
++followlocation
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++# The hostname in this redirect is 256 characters and too long (> 255) for
++# SOCKS5 remote resolve. curl must return error CURLE_PROXY in this case.
++<data>
++HTTP/1.1 301 Moved Permanently
++Location: http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
++Content-Length: 0
++Connection: close
++
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++proxy
++</features>
++<server>
++http
++socks5
++</server>
++ <name>
++SOCKS5h with HTTP redirect to hostname too long
++ </name>
++ <command>
++--no-progress-meter --location --proxy socks5h://%HOSTIP:%SOCKSPORT http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++<errorcode>
++97
++</errorcode>
++# the error message is verified because error code CURLE_PROXY (97) may be
++# returned for any number of reasons and we need to make sure it is
++# specifically for the reason below so that we know the check is working.
++<stderr mode="text">
++curl: (97) SOCKS5: the destination hostname is too long to be resolved remotely by the proxy.
++</stderr>
++</verify>
++</testcase>
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index af52ecad13..86a3a84332 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-28322-1.patch \
file://CVE-2023-28322-2.patch \
file://CVE-2023-32001.patch \
+ file://CVE-2023-38545.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 3/7] curl: fix CVE-2023-38546
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 1/7] cve-exclusion_5.10.inc: update for 5.10.197 Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 2/7] curl: fix CVE-2023-38545 Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12 Steve Sakoman
` (3 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in the Curl package. This flaw allows an attacker to insert
cookies into a running program using libcurl if the specific series of conditions are met.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2023-38546.patch | 137 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 138 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-38546.patch b/meta/recipes-support/curl/curl/CVE-2023-38546.patch
new file mode 100644
index 0000000000..1b2f1e7a7d
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-38546.patch
@@ -0,0 +1,137 @@
+From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 14 Sep 2023 23:28:32 +0200
+Subject: [PATCH] cookie: remove unnecessary struct fields
+
+Plus: reduce the hash table size from 256 to 63. It seems unlikely to
+make much of a speed difference for most use cases but saves 1.5KB of
+data per instance.
+
+Closes #11862
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/61275672b46d9abb32857404]
+
+CVE: CVE-2023-38546
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ lib/cookie.c | 13 +------------
+ lib/cookie.h | 13 ++++---------
+ lib/easy.c | 4 +---
+ 3 files changed, 6 insertions(+), 24 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index e0470a1..38d8d6c 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -115,7 +115,6 @@ static void freecookie(struct Cookie *co)
+ free(co->name);
+ free(co->value);
+ free(co->maxage);
+- free(co->version);
+ free(co);
+ }
+
+@@ -707,11 +706,7 @@ Curl_cookie_add(struct Curl_easy *data,
+ }
+ }
+ else if(strcasecompare("version", name)) {
+- strstore(&co->version, whatptr);
+- if(!co->version) {
+- badcookie = TRUE;
+- break;
+- }
++ /* just ignore */
+ }
+ else if(strcasecompare("max-age", name)) {
+ /*
+@@ -1132,7 +1127,6 @@ Curl_cookie_add(struct Curl_easy *data,
+ free(clist->path);
+ free(clist->spath);
+ free(clist->expirestr);
+- free(clist->version);
+ free(clist->maxage);
+
+ *clist = *co; /* then store all the new data */
+@@ -1210,9 +1204,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+ c = calloc(1, sizeof(struct CookieInfo));
+ if(!c)
+ return NULL; /* failed to get memory */
+- c->filename = strdup(file?file:"none"); /* copy the name just in case */
+- if(!c->filename)
+- goto fail; /* failed to get memory */
+ /*
+ * Initialize the next_expiration time to signal that we don't have enough
+ * information yet.
+@@ -1363,7 +1354,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
+ CLONE(name);
+ CLONE(value);
+ CLONE(maxage);
+- CLONE(version);
+ d->expires = src->expires;
+ d->tailmatch = src->tailmatch;
+ d->secure = src->secure;
+@@ -1579,7 +1569,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
+ {
+ if(c) {
+ unsigned int i;
+- free(c->filename);
+ for(i = 0; i < COOKIE_HASH_SIZE; i++)
+ Curl_cookie_freelist(c->cookies[i]);
+ free(c); /* free the base struct as well */
+diff --git a/lib/cookie.h b/lib/cookie.h
+index 7411980..645600a 100644
+--- a/lib/cookie.h
++++ b/lib/cookie.h
+@@ -34,11 +34,7 @@ struct Cookie {
+ char *domain; /* domain = <this> */
+ curl_off_t expires; /* expires = <this> */
+ char *expirestr; /* the plain text version */
+-
+- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
+- char *version; /* Version = <value> */
+ char *maxage; /* Max-Age = <value> */
+-
+ bool tailmatch; /* whether we do tail-matching of the domain name */
+ bool secure; /* whether the 'secure' keyword was used */
+ bool livecookie; /* updated from a server, not a stored file */
+@@ -54,18 +50,17 @@ struct Cookie {
+ #define COOKIE_PREFIX__SECURE (1<<0)
+ #define COOKIE_PREFIX__HOST (1<<1)
+
+-#define COOKIE_HASH_SIZE 256
++#define COOKIE_HASH_SIZE 63
+
+ struct CookieInfo {
+ /* linked list of cookies we know of */
+ struct Cookie *cookies[COOKIE_HASH_SIZE];
+
+- char *filename; /* file we read from/write to */
+- long numcookies; /* number of cookies in the "jar" */
++ curl_off_t next_expiration; /* the next time at which expiration happens */
++ int numcookies; /* number of cookies in the "jar" */
++ int lastct; /* last creation-time used in the jar */
+ bool running; /* state info, for cookie adding information */
+ bool newsession; /* new session, discard session cookies on load */
+- int lastct; /* last creation-time used in the jar */
+- curl_off_t next_expiration; /* the next time at which expiration happens */
+ };
+
+ /* This is the maximum line length we accept for a cookie line. RFC 2109
+diff --git a/lib/easy.c b/lib/easy.c
+index 0e23561..31abf9e 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -841,9 +841,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+ if(data->cookies) {
+ /* If cookies are enabled in the parent handle, we enable them
+ in the clone as well! */
+- outcurl->cookies = Curl_cookie_init(data,
+- data->cookies->filename,
+- outcurl->cookies,
++ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
+ data->set.cookiesession);
+ if(!outcurl->cookies)
+ goto fail;
+--
+2.40.0
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 86a3a84332..471bc47f34 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -53,6 +53,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-28322-2.patch \
file://CVE-2023-32001.patch \
file://CVE-2023-38545.patch \
+ file://CVE-2023-38546.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-10-30 2:20 ` [OE-core][kirkstone 3/7] curl: fix CVE-2023-38546 Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-11-15 17:20 ` Andrey Zhizhikin
2023-10-30 2:20 ` [OE-core][kirkstone 5/7] package_rpm: Allow compression mode override Steve Sakoman
` (2 subsequent siblings)
6 siblings, 1 reply; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.11.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.12.bb
index 22eaa3af33..d8c9b073a2 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55"
+SRC_URI[sha256sum] = "f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 5/7] package_rpm: Allow compression mode override
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-10-30 2:20 ` [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12 Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 6/7] linux-firmware: create separate package for cirrus and cnm firmwares Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 7/7] linux-firmware: create separate packages Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Niko Mauno <niko.mauno@vaisala.com>
Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd
instead of xz") changed the rpm package compressor from 'xz' to 'zstd'
which results in decompression failure with BusyBox-provided 'rpm2cpio'
applet and 'rpm' applet when given the '-i' (Install package) option:
rpm2cpio: no gzip/bzip2/xz magic
Introduce a variable which makes it possible to use a different
compression mode, making it possible to override the default value for
example like
RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}"
to enable rpm decompression without including the full rpm package in
the resulting root filesystem.
(From OE-Core rev: a40d9258148e28cbee2168c93179cd4c1232fb62)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/package_rpm.bbclass | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index bbbef3793f..f403af5343 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -4,6 +4,7 @@ IMAGE_PKGTYPE ?= "rpm"
RPM="rpm"
RPMBUILD="rpmbuild"
+RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms"
@@ -652,6 +653,7 @@ python do_package_rpm () {
# Setup the rpmbuild arguments...
rpmbuild = d.getVar('RPMBUILD')
+ rpmbuild_compmode = d.getVar('RPMBUILD_COMPMODE')
targetsys = d.getVar('TARGET_SYS')
targetvendor = d.getVar('HOST_VENDOR')
@@ -678,8 +680,8 @@ python do_package_rpm () {
cmd = cmd + " --define '_use_internal_dependency_generator 0'"
cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
cmd = cmd + " --define '_build_id_links none'"
- cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS"))
- cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS"))
+ cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode
+ cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode
cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'"
cmd = cmd + " --define '_buildhost reproducible'"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 6/7] linux-firmware: create separate package for cirrus and cnm firmwares
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-10-30 2:20 ` [OE-core][kirkstone 5/7] package_rpm: Allow compression mode override Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 7/7] linux-firmware: create separate packages Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Fahad Arslan <fahad.arslan@siemens.com>
This is cherry-pick of commit 3ddddfc14f805fe7572bba129605869fb848fed4 from
poky master.
Some licenses only allow usage of corresponding firmwares when a specific
hardware is present. This requires split of such firmwares from linux-firmware
package to firmware specific sub package. As this split is based off of
licensing, it makes sense to group firmware blobs having the same license in the
same package. This commit is a first step in this direction, and creates
separate packages for cirrus and cnm firmware.
(From OE-Core rev: 53d9d8789efc701609a5a1e985287344c2209d62)
Signed-off-by: Fahad Arslan <fahad.arslan@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux-firmware/linux-firmware_20230804.bb | 28 +++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
index 4defab434d..d87f30b8d9 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
@@ -18,6 +18,8 @@ LICENSE = "\
& Firmware-ca0132 \
& Firmware-cavium \
& Firmware-chelsio_firmware \
+ & Firmware-cirrus \
+ & Firmware-cnm \
& Firmware-cw1200 \
& Firmware-cypress \
& Firmware-dib0700 \
@@ -81,6 +83,8 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
+ file://LICENSE.cirrus;md5=bb18d943382abf8e8232a9407bfdafe0 \
+ file://LICENCE.cnm;md5=93b67e6bac7f8fec22b96b8ad0a1a9d0 \
file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
@@ -151,6 +155,8 @@ NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132"
NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence"
NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium"
NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware"
+NO_GENERIC_LICENSE[Firmware-cirrus] = "LICENSE.cirrus"
+NO_GENERIC_LICENSE[Firmware-cnm] = "LICENCE.cnm"
NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200"
NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress"
NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700"
@@ -277,6 +283,8 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-bcm4373 \
${PN}-bcm43xx \
${PN}-bcm43xx-hdr \
+ ${PN}-cirrus-license ${PN}-cirrus \
+ ${PN}-cnm-license ${PN}-cnm \
${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \
${PN}-gplv2-license ${PN}-carl9170 \
${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \
@@ -826,6 +834,24 @@ FILES:${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE"
RDEPENDS:${PN}-bnx2-mips += "${PN}-whence-license"
+# For cirrus
+LICENSE:${PN}-cirrus = "Firmware-cirrus"
+LICENSE:${PN}-cirrus-license = "Firmware-cirrus"
+
+FILES:${PN}-cirrus = "${nonarch_base_libdir}/firmware/cirrus/*"
+FILES:${PN}-cirrus-license = "${nonarch_base_libdir}/firmware/LICENSE.cirrus"
+
+RDEPENDS:${PN}-cirrus += "${PN}-cirrus-license"
+
+# For cnm
+LICENSE:${PN}-cnm = "Firmware-cnm"
+LICENSE:${PN}-cnm-license = "Firmware-cnm"
+
+FILES:${PN}-cnm = "${nonarch_base_libdir}/firmware/cnm/wave521c_k3_codec_fw.bin"
+FILES:${PN}-cnm-license = "${nonarch_base_libdir}/firmware/LICENCE.cnm"
+
+RDEPENDS:${PN}-cnm += "${PN}-cnm-license"
+
# For imx-sdma
LICENSE:${PN}-imx-sdma-imx6q = "Firmware-imx-sdma_firmware"
LICENSE:${PN}-imx-sdma-imx7d = "Firmware-imx-sdma_firmware"
@@ -1111,6 +1137,8 @@ LICENSE:${PN} = "\
& Firmware-ca0132 \
& Firmware-cavium \
& Firmware-chelsio_firmware \
+ & Firmware-cirrus \
+ & Firmware-cnm \
& Firmware-cw1200 \
& Firmware-dib0700 \
& Firmware-e100 \
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 7/7] linux-firmware: create separate packages
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-10-30 2:20 ` [OE-core][kirkstone 6/7] linux-firmware: create separate package for cirrus and cnm firmwares Steve Sakoman
@ 2023-10-30 2:20 ` Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
From: Fahad Arslan <fahad.arslan@gmail.com>
This is backport of commit dfb7d2c426b46502784bc9e199a468e6c1 from poky master.
This is in continuation of earlier commit:
3ddddfc14f805fe7572bba129605869fb848fed4
linux-firmware: create separate package for cirrus and cnm firmwares
And creates separate sub packages for firmwares corresponding to following list of
licenses:
LICENSE.amphion_vpu
LICENCE.cw1200
LICENSE.ice_enhanced
LICENCE.mediatek
LICENCE.microchip
LICENCE.moxa
LICENSE.nxp_mc_firmware
LICENCE.OLPC
LICENCE.phanfw
LICENCE.qla2xxx
LICENCE.ti-keystone
LICENCE.wl1251
LICENCE.xc4000
LICENCE.xc5000
LICENCE.xc5000c
(From OE-Core rev: c110e5708465a6becc611acf97f166302a17ebdf)
Signed-off-by: Fahad Arslan <fahad.arslan@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux-firmware/linux-firmware_20230804.bb | 232 +++++++++++++++++-
1 file changed, 228 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
index d87f30b8d9..506182c9c1 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
@@ -12,6 +12,7 @@ LICENSE = "\
& Firmware-amdgpu \
& Firmware-amd-ucode \
& Firmware-amlogic_vdec \
+ & Firmware-amphion_vpu \
& Firmware-atheros_firmware \
& Firmware-atmel \
& Firmware-broadcom_bcm43xx \
@@ -32,16 +33,20 @@ LICENSE = "\
& Firmware-i915 \
& Firmware-ibt_firmware \
& Firmware-ice \
+ & Firmware-ice_enhanced \
& Firmware-it913x \
& Firmware-iwlwifi_firmware \
& Firmware-IntcSST2 \
& Firmware-kaweth \
& Firmware-Lontium \
& Firmware-Marvell \
+ & Firmware-mediatek \
+ & Firmware-microchip \
& Firmware-moxa \
& Firmware-myri10ge_firmware \
& Firmware-netronome \
& Firmware-nvidia \
+ & Firmware-nxp_mc_firmware \
& Firmware-OLPC \
& Firmware-ath9k-htc \
& Firmware-phanfw \
@@ -76,6 +81,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
+ file://LICENSE.amphion_vpu;md5=2bcdc00527b2d0542bd92b52aaec2b60 \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
@@ -97,6 +103,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \
file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \
file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \
+ file://LICENSE.ice_enhanced;md5=f305cfc31b64f95f774f9edd9df0224d \
file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \
@@ -104,11 +111,13 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \
file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \
file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
+ file://LICENCE.microchip;md5=db753b00305675dfbf120e3f24a47277 \
file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \
+ file://LICENSE.nxp_mc_firmware;md5=9dc97e4b279b3858cae8879ae2fe5dd7 \
file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
@@ -148,6 +157,7 @@ NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere"
NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu"
NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode"
NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec"
+NO_GENERIC_LICENSE[Firmware-amphion_vpu] = "LICENSE.amphion_vpu"
NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware"
NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel"
NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx"
@@ -169,6 +179,7 @@ NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware"
NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915"
NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware"
NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice"
+NO_GENERIC_LICENSE[Firmware-ice_enhanced] = "LICENSE.ice_enhanced"
NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2"
NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x"
NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware"
@@ -176,10 +187,12 @@ NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth"
NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium"
NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell"
NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek"
+NO_GENERIC_LICENSE[Firmware-microchip] = "LICENCE.microchip"
NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa"
NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware"
NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome"
NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia"
+NO_GENERIC_LICENSE[Firmware-nxp_mc_firmware] = "LICENSE.nxp_mc_firmware"
NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC"
NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware"
NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
@@ -234,14 +247,22 @@ do_install() {
}
-PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
+PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \
+ ${PN}-cw1200-license ${PN}-cw1200 \
+ ${PN}-ralink-license ${PN}-ralink \
${PN}-mt7601u-license ${PN}-mt7601u \
+ ${PN}-mt7650-license ${PN}-mt7650 \
+ ${PN}-mt76x2-license ${PN}-mt76x2 \
${PN}-radeon-license ${PN}-radeon \
${PN}-amdgpu-license ${PN}-amdgpu \
${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
+ ${PN}-mediatek-license ${PN}-mediatek \
+ ${PN}-microchip-license ${PN}-microchip \
+ ${PN}-moxa-license ${PN}-moxa \
${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \
+ ${PN}-ti-keystone-license ${PN}-ti-keystone \
${PN}-vt6656-license ${PN}-vt6656 \
${PN}-rs9113 ${PN}-rs9116 \
${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
@@ -285,7 +306,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-bcm43xx-hdr \
${PN}-cirrus-license ${PN}-cirrus \
${PN}-cnm-license ${PN}-cnm \
- ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \
+ ${PN}-atheros-license ${PN}-ar5523 ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \
${PN}-gplv2-license ${PN}-carl9170 \
${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \
\
@@ -311,13 +332,17 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-ibt-misc \
${PN}-i915-license ${PN}-i915 \
${PN}-ice-license ${PN}-ice \
+ ${PN}-ice-enhanced-license ${PN}-ice-enhanced \
${PN}-adsp-sst-license ${PN}-adsp-sst \
${PN}-bnx2-mips \
${PN}-liquidio \
${PN}-nvidia-license \
${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \
${PN}-nvidia-gpu \
+ ${PN}-nxp-mc-license ${PN}-nxp-mc \
${PN}-netronome-license ${PN}-netronome \
+ ${PN}-olpc-license ${PN}-olpc \
+ ${PN}-phanfw-license ${PN}-phanfw \
${PN}-qat ${PN}-qat-license \
${PN}-qcom-license ${PN}-qcom-yamato-license \
${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
@@ -333,13 +358,38 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-qcom-sc8280xp-lenovo-x13s-sensors \
${PN}-qcom-sdm845-adreno ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
${PN}-qcom-sm8250-adreno ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
+ ${PN}-qla2xxx ${PN}-qla2xxx-license \
${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
${PN}-lt9611uxc ${PN}-lontium-license \
${PN}-whence-license \
+ ${PN}-wl1251-license ${PN}-wl1251 \
+ ${PN}-xc4000-license ${PN}-xc4000 \
+ ${PN}-xc5000-license ${PN}-xc5000 \
+ ${PN}-xc5000c-license ${PN}-xc5000c \
${PN}-license \
"
+# For Amphion VPU
+LICENSE:${PN}-amphion-vpu = "Firmware-amphion_vpu"
+LICENSE:${PN}-amphion-vpu-license = "Firmware-amphion_vpu"
+
+FILES:${PN}-amphion-vpu = "${nonarch_base_libdir}/firmware/amphion/*"
+FILES:${PN}-amphion-vpu-license = " \
+ ${nonarch_base_libdir}/firmware/LICENSE.amphion_vpu \
+"
+RDEPENDS:${PN}-amphion-vpu += "${PN}-amphion-vpu-license"
+
+# For cw1200
+LICENSE:${PN}-cw1200 = "Firmware-cw1200"
+LICENSE:${PN}-cw1200-license = "Firmware-cw1200"
+
+FILES:${PN}-cw1200 = "${nonarch_base_libdir}/firmware/wsm_22.bin"
+FILES:${PN}-cw1200-license = "${nonarch_base_libdir}/firmware/LICENCE.cw1200"
+
+RDEPENDS:${PN}-cw1200 += "${PN}-cw1200-license"
+
# For atheros
+LICENSE:${PN}-ar5523 = "Firmware-atheros_firmware"
LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware"
LICENSE:${PN}-ath3k = "Firmware-atheros_firmware"
LICENSE:${PN}-ath6k = "Firmware-atheros_firmware"
@@ -347,6 +397,9 @@ LICENSE:${PN}-ath9k = "Firmware-atheros_firmware"
LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware"
FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware"
+FILES:${PN}-ar5523 = " \
+ ${nonarch_base_libdir}/firmware/ar5523.bin \
+"
FILES:${PN}-ar9170 = " \
${nonarch_base_libdir}/firmware/ar9170*.fw \
"
@@ -365,6 +418,7 @@ FILES:${PN}-ath9k = " \
${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \
"
+RDEPENDS:${PN}-ar5523 += "${PN}-atheros-license"
RDEPENDS:${PN}-ar9170 += "${PN}-atheros-license"
RDEPENDS:${PN}-ath6k += "${PN}-atheros-license"
RDEPENDS:${PN}-ath9k += "${PN}-atheros-license"
@@ -428,11 +482,73 @@ LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware"
FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
FILES:${PN}-mt7601u = " \
${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \
+ ${nonarch_base_libdir}/firmware/mt7601u.bin \
"
-
RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license"
+# For MediaTek Bluetooth USB driver 7650
+LICENSE:${PN}-mt7650 = "Firmware-ralink_a_mediatek_company_firmware"
+LICENSE:${PN}-mt7650-license = "Firmware-ralink_a_mediatek_company_firmware"
+
+FILES:${PN}-mt7650-license = " \
+ ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \
+"
+FILES:${PN}-mt7650 = " \
+ ${nonarch_base_libdir}/firmware/mediatek/mt7650.bin \
+ ${nonarch_base_libdir}/firmware/mt7650.bin \
+"
+RDEPENDS:${PN}-mt7650 += "${PN}-mt7650-license"
+
+# For MediaTek MT76x2 Wireless MACs
+LICENSE:${PN}-mt76x2 = "Firmware-ralink_a_mediatek_company_firmware"
+LICENSE:${PN}-mt76x2-license = "Firmware-ralink_a_mediatek_company_firmware"
+
+FILES:${PN}-mt76x2-license = " \
+ ${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware \
+"
+FILES:${PN}-mt76x2 = " \
+ ${nonarch_base_libdir}/firmware/mediatek/mt7662.bin \
+ ${nonarch_base_libdir}/firmware/mt7662.bin \
+ ${nonarch_base_libdir}/firmware/mediatek/mt7662_rom_patch.bin \
+ ${nonarch_base_libdir}/firmware/mt7662_rom_patch.bin \
+"
+RDEPENDS:${PN}-mt76x2 += "${PN}-mt76x2-license"
+
+# For MediaTek
+LICENSE:${PN}-mediatek = "Firmware-mediatek"
+LICENSE:${PN}-mediatek-license = "Firmware-mediatek"
+
+FILES:${PN}-mediatek = " \
+ ${nonarch_base_libdir}/firmware/mediatek/* \
+ ${nonarch_base_libdir}/firmware/vpu_d.bin \
+ ${nonarch_base_libdir}/firmware/vpu_p.bin \
+"
+FILES:${PN}-mediatek-license = " \
+ ${nonarch_base_libdir}/firmware/LICENCE.mediatek \
+"
+RDEPENDS:${PN}-mediatek += "${PN}-mediatek-license"
+
+# For Microchip
+LICENSE:${PN}-microchip = "Firmware-microchip"
+LICENSE:${PN}-microchip-license = "Firmware-microchip"
+
+FILES:${PN}-microchip = "${nonarch_base_libdir}/firmware/microchip/*"
+FILES:${PN}-microchip-license = " \
+ ${nonarch_base_libdir}/firmware/LICENCE.microchip \
+"
+RDEPENDS:${PN}-microchip += "${PN}-microchip-license"
+
+# For MOXA
+LICENSE:${PN}-moxa = "Firmware-moxa"
+LICENSE:${PN}-moxa-license = "Firmware-moxa"
+
+FILES:${PN}-moxa = "${nonarch_base_libdir}/firmware/moxa"
+FILES:${PN}-moxa-license = "${nonarch_base_libdir}/firmware/LICENCE.moxa"
+
+RDEPENDS:${PN}-moxa += "${PN}-moxa-license"
+
# For radeon
+
LICENSE:${PN}-radeon = "Firmware-radeon"
LICENSE:${PN}-radeon-license = "Firmware-radeon"
@@ -551,6 +667,16 @@ FILES:${PN}-netronome = " \
RDEPENDS:${PN}-netronome += "${PN}-netronome-license"
+# For nxp-mc
+LICENSE:${PN}-nxp-mc = "Firmware-nxp_mc_firmware"
+LICENSE:${PN}-nxp-mc-license = "Firmware-nxp_mc_firmware"
+
+FILES:${PN}-nxp-mc= "${nonarch_base_libdir}/firmware/dpaa2/mc/*"
+FILES:${PN}-nxp-mc-license = " \
+ ${nonarch_base_libdir}/firmware/LICENSE.nxp_mc_firmware \
+"
+RDEPENDS:${PN}-nxp-mc += "${PN}-nxp-mc-license"
+
# For Nvidia
LICENSE:${PN}-nvidia-gpu = "Firmware-nvidia"
LICENSE:${PN}-nvidia-tegra = "Firmware-nvidia"
@@ -573,6 +699,37 @@ RDEPENDS:${PN}-nvidia-gpu += "${PN}-nvidia-license"
RDEPENDS:${PN}-nvidia-tegra += "${PN}-nvidia-license"
RDEPENDS:${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license"
+# For OLPC
+LICENSE:${PN}-olpc = "Firmware-OLPC"
+LICENSE:${PN}-olpc-license = "Firmware-OLPC"
+
+FILES:${PN}-olpc = " \
+ ${nonarch_base_libdir}/firmware/libertas/lbtf_sdio.bin \
+ ${nonarch_base_libdir}/firmware/lbtf_usb.bin \
+ ${nonarch_base_libdir}/firmware/libertas/usb8388_olpc.bin \
+"
+FILES:${PN}-olpc-license = "${nonarch_base_libdir}/firmware/LICENCE.OLPC"
+
+RDEPENDS:${PN}-olpc += "${PN}-olpc-license"
+
+# For phanfw
+LICENSE:${PN}-phanfw = "Firmware-phanfw"
+LICENSE:${PN}-phanfw-license = "Firmware-phanfw"
+
+FILES:${PN}-phanfw = "${nonarch_base_libdir}/firmware/phanfw.bin"
+FILES:${PN}-phanfw-license = "${nonarch_base_libdir}/firmware/LICENCE.phanfw"
+
+RDEPENDS:${PN}-phanfw += "${PN}-phanfw-license"
+
+# For qla2xxx
+LICENSE:${PN}-qla2xxx = "Firmware-qla2xxx"
+LICENSE:${PN}-qla2xxx-license = "Firmware-qla2xxx"
+
+FILES:${PN}-qla2xxx = "${nonarch_base_libdir}/firmware/ql2*"
+FILES:${PN}-qla2xxx-license = "${nonarch_base_libdir}/firmware/LICENCE.qla2xxx"
+
+RDEPENDS:${PN}-qla2xxx += "${PN}-qla2xxx-license"
+
# For RSI RS911x WiFi
LICENSE:${PN}-rs9113 = "WHENCE"
LICENSE:${PN}-rs9116 = "WHENCE"
@@ -638,6 +795,18 @@ RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8822 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license"
+# For TI wl1251
+LICENSE:${PN}-wl1251 = "Firmware-wl1251"
+LICENSE:${PN}-wl1251-license = "Firmware-wl1251"
+
+FILES:${PN}-wl1251 = " \
+ ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-fw.bin \
+ ${nonarch_base_libdir}/firmware/ti-connectivity/wl1251-nvs.bin \
+"
+FILES:${PN}-wl1251-license = "${nonarch_base_libdir}/firmware/LICENCE.wl1251"
+
+RDEPENDS:${PN}-wl1251 += "${PN}-wl1251-license"
+
# For ti-connectivity
LICENSE:${PN}-wlcommon = "Firmware-ti-connectivity"
LICENSE:${PN}-wl12xx = "Firmware-ti-connectivity"
@@ -667,6 +836,16 @@ FILES:${PN}-wl18xx = " \
RDEPENDS:${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
RDEPENDS:${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon"
+# For ti-keystone
+LICENSE:${PN}-ti-keystone = "Firmware-ti-keystone"
+LICENSE:${PN}-ti-keystone-license = "Firmware-ti-keystone"
+
+FILES:${PN}-ti-keystone = "${nonarch_base_libdir}/firmware/ti-keystone/*"
+FILES:${PN}-ti-keystone-license = " \
+ ${nonarch_base_libdir}/firmware/LICENCE.ti-keystone \
+"
+RDEPENDS:${PN}-ti-keystone += "${PN}-ti-keystone-license"
+
# For vt6656
LICENSE:${PN}-vt6656 = "Firmware-via_vt6656"
LICENSE:${PN}-vt6656-license = "Firmware-via_vt6656"
@@ -678,6 +857,35 @@ FILES:${PN}-vt6656 = " \
RDEPENDS:${PN}-vt6656 = "${PN}-vt6656-license"
+# For xc4000
+LICENSE:${PN}-xc4000 = "Firmware-xc4000"
+LICENSE:${PN}-xc4000-license = "Firmware-xc4000"
+
+FILES:${PN}-xc4000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc4000-1.4.1.fw"
+FILES:${PN}-xc4000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc4000"
+
+RDEPENDS:${PN}-xc4000 += "${PN}-xc4000-license"
+
+# For xc5000
+LICENSE:${PN}-xc5000 = "Firmware-xc5000"
+LICENSE:${PN}-xc5000-license = "Firmware-xc5000"
+
+FILES:${PN}-xc5000 = "${nonarch_base_libdir}/firmware/dvb-fe-xc5000-1.6.114.fw"
+FILES:${PN}-xc5000-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000"
+
+RDEPENDS:${PN}-xc5000 += "${PN}-xc5000-license"
+
+# For xc5000c
+LICENSE:${PN}-xc5000c = "Firmware-xc5000c"
+LICENSE:${PN}-xc5000c-license = "Firmware-xc5000c"
+
+FILES:${PN}-xc5000c = " \
+ ${nonarch_base_libdir}/firmware/dvb-fe-xc5000c-4.1.30.7.fw \
+"
+FILES:${PN}-xc5000c-license = "${nonarch_base_libdir}/firmware/LICENCE.xc5000c"
+
+RDEPENDS:${PN}-xc5000c += "${PN}-xc5000c-license"
+
# For broadcom
# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u
@@ -1000,10 +1208,26 @@ FILES:${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915"
FILES:${PN}-i915 = "${nonarch_base_libdir}/firmware/i915"
RDEPENDS:${PN}-i915 = "${PN}-i915-license"
+# For ice-enhanced
+LICENSE:${PN}-ice-enhanced = "Firmware-ice_enhanced"
+LICENSE:${PN}-ice-enhanced-license = "Firmware-ice_enhanced"
+
+FILES:${PN}-ice-enhanced = " \
+ ${nonarch_base_libdir}/firmware/intel/ice/ddp-comms/* \
+ ${nonarch_base_libdir}/firmware/intel/ice/ddp-wireless_edge/* \
+"
+FILES:${PN}-ice-enhanced-license = " \
+ ${nonarch_base_libdir}/firmware/LICENSE.ice_enhanced \
+"
+RDEPENDS:${PN}-ice-enhanced = "${PN}-ice-enhanced-license"
+
LICENSE:${PN}-ice = "Firmware-ice"
LICENSE:${PN}-ice-license = "Firmware-ice"
FILES:${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice"
-FILES:${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice"
+FILES:${PN}-ice = " \
+ ${nonarch_base_libdir}/firmware/intel/ice/ddp/* \
+ ${nonarch_base_libdir}/firmware/intel/ice/ddp-lag/* \
+"
RDEPENDS:${PN}-ice = "${PN}-ice-license"
FILES:${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-11-08 22:52 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-11-08 22:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 10
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6158
The following changes since commit 0eb8e67aa6833df0cde29833568a70e65c21d7e5:
build-appliance-image: Update to kirkstone head revision (2023-11-03 04:27:49 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Narpat Mali (1):
python3-jinja2: Fixed ptest result output as per the standard
Ross Burton (3):
cve-check: sort the package list in the JSON report
cve-check: slightly more verbose warning when adding the same package
twice
cve-check: don't warn if a patch is remote
Sanjana (1):
binutils: Fix CVE-2022-47010
Soumya Sambu (1):
libwebp: Fix CVE-2023-4863
Vijay Anusuri (1):
xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380
meta/classes/cve-check.bbclass | 2 +
meta/lib/oe/cve_check.py | 13 +--
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0032-CVE-2022-47010.patch | 38 +++++++
.../python/python3-jinja2/run-ptest | 2 +-
.../xserver-xorg/CVE-2023-5367.patch | 84 +++++++++++++++
.../xserver-xorg/CVE-2023-5380.patch | 102 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
...23-5129.patch => CVE-2023-4863-0001.patch} | 20 ++--
.../webp/files/CVE-2023-4863-0002.patch | 53 +++++++++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 3 +-
11 files changed, 303 insertions(+), 17 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (97%)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12
2023-10-30 2:20 ` [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12 Steve Sakoman
@ 2023-11-15 17:20 ` Andrey Zhizhikin
0 siblings, 0 replies; 23+ messages in thread
From: Andrey Zhizhikin @ 2023-11-15 17:20 UTC (permalink / raw)
To: Steve Sakoman, openembedded-core; +Cc: peter.marko
Hello Steve,
I've just stumbled upon the fact that this upgrade causes softhsm
package to throw SIGSEGV when PKCS#11 engine is used.
There is an ongoing discussion on both OpenSSL [1] and SoftHSM [2]
repositories on how to address this issue, but there is no definitive
solution presented at the moment.
Please note, that master openssl version 3.1.4 is also affected in the
same way, as it looks like that patch(es) applied in openssl were
back-ported onto both 'openssl-3.0' and 'openssl-3.1' branches.
Since softhsm is used in quite few scenarios to serve as PKCS#11
provider, I guess this upgrade would break those for quite some people
that are using LTS release. Therefore, I would suggest to rather revert
it and wait for appropriate solution to be developed in either of those
packages, at the costs of having CVE-2023-5363 un-patched.
I would leave it up to you to decide on how to proceed with this further.
On 10/30/2023 3:20 AM, Steve Sakoman wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023
>
> Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
> * Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> .../openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
> similarity index 99%
> rename from meta/recipes-connectivity/openssl/openssl_3.0.11.bb
> rename to meta/recipes-connectivity/openssl/openssl_3.0.12.bb
> index 22eaa3af33..d8c9b073a2 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
> @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] = "b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55"
> +SRC_URI[sha256sum] = "f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61"
>
> inherit lib_package multilib_header multilib_script ptest perlnative
> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
Regards,
Andrey
Link: [1]: https://github.com/openssl/openssl/issues/22508
Link: [2]: https://github.com/opendnssec/SoftHSMv2/issues/729
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-01-17 15:58 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-01-17 15:58 UTC (permalink / raw)
To: openembedded-core
Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458
The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:
linux-firmware: upgrade 20230804 -> 20231030 (2024-01-09 05:50:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
systemd: fix CVE-2023-7008
Martin Jansa (1):
pybootchartgui: fix 2 SyntaxWarnings
Peter Marko (2):
sqlite3: backport patch for CVE-2023-7104
zlib: ignore CVE-2023-6992
Poonam Jadhav (1):
Revert "curl: Backport fix CVE-2023-32001"
Soumya Sambu (1):
cpio: upgrade to 2.14
Vivek Kumbhar (1):
openssl: Backport fix for CVE-2023-6129
.../openssl/openssl/CVE-2023-6129.patch | 113 ++++
.../openssl/openssl_3.0.12.bb | 1 +
.../systemd/systemd/CVE-2023-7008.patch | 40 ++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +
...charset_alias-when-building-for-musl.patch | 30 -
...ove-superfluous-declaration-of-progr.patch | 28 -
...-calculation-of-CRC-in-copy-out-mode.patch | 58 --
...appending-to-archives-bigger-than-2G.patch | 312 ----------
.../cpio/cpio-2.13/CVE-2021-38185.patch | 581 ------------------
.../cpio/{cpio_2.13.bb => cpio_2.14.bb} | 9 +-
...e-needed-header-for-major-minor-macr.patch | 47 ++
.../curl/curl/CVE-2023-32001.patch | 39 --
meta/recipes-support/curl/curl_7.82.0.bb | 1 -
.../sqlite/files/CVE-2023-7104.patch | 44 ++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
scripts/pybootchartgui/pybootchartgui/draw.py | 4 +-
17 files changed, 254 insertions(+), 1058 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
create mode 100644 meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-02-06 15:45 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-02-06 15:45 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6539
The following changes since commit 60d88989698968c13f8e641f0ba1a82fcf700fb7:
image-live.bbclass: LIVE_ROOTFS_TYPE support compression (2024-01-30 07:10:42 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepthi Hemraj (4):
binutils: internal gdb: Fix CVE-2023-39129
binutils: internal gdb: Fix CVE-2023-39130
gdb: Fix CVE-2023-39129
gdb: Fix CVE-2023-39130
Peter Marko (3):
curl: ignore CVE-2023-42915
gcc-shared-source: ignore CVE-2023-4039
openssl: Upgrade 3.0.12 -> 3.0.13
.../openssl/openssl/CVE-2023-5678.patch | 180 ----------
.../openssl/openssl/CVE-2023-6129.patch | 113 ------
.../openssl/openssl/CVE-2023-6237.patch | 127 -------
.../{openssl_3.0.12.bb => openssl_3.0.13.bb} | 6 +-
.../binutils/binutils-2.38.inc | 2 +
.../binutils/0035-CVE-2023-39129.patch | 50 +++
.../binutils/0036-CVE-2023-39130.patch | 326 ++++++++++++++++++
.../gcc/gcc-shared-source.inc | 3 +
meta/recipes-devtools/gdb/gdb.inc | 2 +
.../gdb/gdb/0012-CVE-2023-39129.patch | 50 +++
.../gdb/gdb/0013-CVE-2023-39130.patch | 326 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
12 files changed, 764 insertions(+), 424 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.12.bb => openssl_3.0.13.bb} (97%)
create mode 100644 meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39129.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-04-17 20:35 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-04-17 20:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, April 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6817
The following changes since commit f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7:
tcl: skip async and event tests in run-ptest (2024-04-16 05:00:24 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Harish Sadineni (1):
rust: add CVE_CHECK_IGNORE for CVE-2024-24576
Meenali Gupta (1):
libssh2: fix CVE-2023-48795
Poonam Jadhav (1):
ppp: Add RSA-MD in LICENSE
Sana Kazi (1):
systemd: Fix vlan qos mapping
Soumya Sambu (1):
nghttp2: Fix CVE-2024-28182
Steve Sakoman (1):
valgrind: skip intermittently failing ptest
Yogita Urade (1):
ruby: fix CVE-2024-27281
meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 2 +-
.../systemd/fix-vlan-qos-mapping.patch | 140 ++++++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
.../ruby/ruby/CVE-2024-27281.patch | 97 ++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
meta/recipes-devtools/rust/rust-source.inc | 3 +
.../valgrind/valgrind/remove-for-all | 2 +
.../libssh2/libssh2/CVE-2023-48795.patch | 459 ++++++++++++++++++
.../recipes-support/libssh2/libssh2_1.10.0.bb | 1 +
.../nghttp2/nghttp2/CVE-2024-28182-0001.patch | 110 +++++
.../nghttp2/nghttp2/CVE-2024-28182-0002.patch | 105 ++++
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 2 +
12 files changed, 922 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/systemd/systemd/fix-vlan-qos-mapping.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0001.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-05-30 18:37 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-05-30 18:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirktsone and have comments back by
end of day Saturday, June 1
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6984
The following changes since commit e0a1ed7aa1f2b12d985414db9a75d6e151ae8d21:
initscripts: Add custom mount args for /var/lib (2024-05-22 05:07:30 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (5):
ghostscript: fix CVE-2024-33870
ghostscript: fix CVE-2024-33869
ghostscript: fix CVE-2024-33871
ghostscript: fix CVE-2024-29510
ghostscript: fix CVE-2023-52722
Soumya Sambu (2):
util-linux: Fix CVE-2024-28085
git: Fix multiple CVEs
meta/recipes-core/util-linux/util-linux.inc | 5 +
.../util-linux/CVE-2024-28085-0001.patch | 202 +
.../util-linux/CVE-2024-28085-0002.patch | 172 +
.../util-linux/CVE-2024-28085-0003.patch | 223 +
.../util-linux/CVE-2024-28085-0004.patch | 36 +
.../util-linux/CVE-2024-28085-0005.patch | 34 +
.../git/git/CVE-2024-32002-0001.patch | 69 +
.../git/git/CVE-2024-32002-0002.patch | 213 +
.../git/git/CVE-2024-32002-0003.patch | 141 +
.../git/git/CVE-2024-32002-0004.patch | 150 +
.../git/git/CVE-2024-32004-0001.patch | 95 +
.../git/git/CVE-2024-32004-0002.patch | 187 +
.../git/git/CVE-2024-32004-0003.patch | 158 +
.../git/git/CVE-2024-32020.patch | 114 +
.../git/git/CVE-2024-32021-0001.patch | 89 +
.../git/git/CVE-2024-32021-0002.patch | 65 +
.../git/git/CVE-2024-32465.patch | 206 +
meta/recipes-devtools/git/git_2.35.7.bb | 11 +
.../ghostscript/CVE-2023-52722.patch | 43 +
.../ghostscript/CVE-2024-29510.patch | 84 +
.../ghostscript/CVE-2024-33869-0001.patch | 39 +
.../ghostscript/CVE-2024-33869-0002.patch | 52 +
.../ghostscript/CVE-2024-33870.patch | 92 +
.../ghostscript/CVE-2024-33871-0001.patch | 4863 +++++++++++++++++
.../ghostscript/CVE-2024-33871-0002.patch | 43 +
.../ghostscript/ghostscript_9.55.0.bb | 7 +
26 files changed, 7393 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0003.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0004.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0005.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0003.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0004.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0003.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32020.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32465.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-52722.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-07-04 12:32 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:32 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, July 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7103
The following changes since commit fbc8f5381e8e1da0d06f7f8e5b8c63a49b1858c2:
man-pages: remove conflict pages (2024-06-21 12:37:32 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
gstreamer1.0-plugins-base: fix CVE-2024-4453
Jonas Gorski (1):
linuxloader: add -armhf on arm only for TARGET_FPU 'hard'
Jose Quaresma (1):
openssh: fix CVE-2024-6387
Poonam Jadhav (2):
glibc-tests: correctly pull in the actual tests when installing -ptest
package
glibc-tests: Add missing bash ptest dependency
Siddharth Doshi (1):
OpenSSL: Security fix for CVE-2024-5535
Vijay Anusuri (1):
wget: Fix for CVE-2024-38428
meta/classes/linuxloader.bbclass | 2 +-
.../openssh/openssh/CVE-2024-6387.patch | 27 +
.../openssh/openssh_8.9p1.bb | 1 +
.../openssl/openssl/CVE-2024-5535_1.patch | 115 ++
.../openssl/openssl/CVE-2024-5535_2.patch | 44 +
.../openssl/openssl/CVE-2024-5535_3.patch | 84 ++
.../openssl/openssl/CVE-2024-5535_4.patch | 178 +++
.../openssl/openssl/CVE-2024-5535_5.patch | 1175 +++++++++++++++++
.../openssl/openssl/CVE-2024-5535_6.patch | 45 +
.../openssl/openssl/CVE-2024-5535_7.patch | 68 +
.../openssl/openssl/CVE-2024-5535_8.patch | 273 ++++
.../openssl/openssl/CVE-2024-5535_9.patch | 205 +++
.../openssl/openssl_3.0.14.bb | 9 +
meta/recipes-core/glibc/glibc-tests_2.35.bb | 4 +-
meta/recipes-core/glibc/glibc/run-ptest | 2 +-
.../wget/wget/CVE-2024-38428.patch | 79 ++
meta/recipes-extended/wget/wget_1.21.4.bb | 1 +
.../CVE-2024-4453.patch | 65 +
.../gstreamer1.0-plugins-base_1.20.7.bb | 1 +
19 files changed, 2374 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-38428.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-4453.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-08-30 12:52 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-08-30 12:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7295
The following changes since commit 963085afced737863cf4ff8515a1cf08365d5d87:
libsoup: fix compile error on centos7 (2024-08-23 14:34:03 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (1):
bind: Upgrade 9.18.24 -> 9.18.28
Hitendra Prajapati (1):
vim: upgrade from 9.0.2190 -> 9.1.0114
Hugo SIMELIERE (1):
cryptodev-module: Fix build for linux 5.10.220
Ming Liu (1):
grub: fs/fat: Don't error when mtime is 0
Peter Marko (2):
libyaml: Ignore CVE-2024-35325
curl: Ignore CVE-2024-32928
Siddharth Doshi (1):
vim: Upgrade 9.1.0114 -> 9.1.0682
...1-fs-fat-Don-t-error-when-mtime-is-0.patch | 70 +++++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../bind/{bind_9.18.24.bb => bind_9.18.28.bb} | 2 +-
.../cryptodev/cryptodev-module_1.12.bb | 1 +
.../0001-Fix-build-for-linux-5.10.220.patch | 32 +++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 +
...m-add-knob-whether-elf.h-are-checked.patch | 39 -----------
.../vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} | 0
meta/recipes-support/vim/vim.inc | 5 +-
.../vim/{vim_9.0.bb => vim_9.1.bb} | 0
11 files changed, 111 insertions(+), 43 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
rename meta/recipes-connectivity/bind/{bind_9.18.24.bb => bind_9.18.28.bb} (97%)
create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-linux-5.10.220.patch
delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
rename meta/recipes-support/vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} (100%)
rename meta/recipes-support/vim/{vim_9.0.bb => vim_9.1.bb} (100%)
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-12-11 14:47 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-11 14:47 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 13
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/615
The following changes since commit e42b6a40a3a01e328966bb5ee1bb3e0993975b15:
resulttool: Improve repo layout for oeselftest results (2024-12-04 05:50:49 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
dbus: disable assertions and enable only modular tests
Divya Chellam (1):
libpam: fix CVE-2024-10041
Jiaying Song (1):
python3-requests: fix CVE-2024-35195
Khem Raj (1):
unzip: Fix configure tests to use modern C
Peter Marko (2):
libsdl2: ignore CVE-2020-14409 and CVE-2020-14410
rootfs-postcommands.bbclass: make opkg status reproducible
Ross Burton (1):
sanity: check for working user namespaces
meta/classes/rootfs-postcommands.bbclass | 4 +
meta/classes/sanity.bbclass | 24 ++++
meta/recipes-core/dbus/dbus_1.14.8.bb | 3 +-
.../python3-requests/CVE-2024-35195.patch | 121 ++++++++++++++++++
.../python/python3-requests_2.27.1.bb | 4 +-
.../pam/libpam/CVE-2024-10041.patch | 98 ++++++++++++++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
...rrect-system-headers-and-prototypes-.patch | 112 ++++++++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
.../libsdl2/libsdl2_2.0.20.bb | 3 +
10 files changed, 368 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-35195.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
create mode 100644 meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-02-12 14:21 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, February 14
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1001
The following changes since commit a397c152abf4f3da1323594e79ebac844a2c9f45:
glibc: stable 2.35 branch updates (2025-01-30 08:17:32 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.176
linux-yocto/5.15: update to v5.15.178
Khem Raj (1):
python3: Treat UID/GID overflow as failure
Nikhil R (1):
glibc: Suppress GCC -Os warning on user2netname for sunrpc
Pedro Ferreira (1):
rust-common.bbclass: soft assignment for RUSTLIB path
Peter Marko (1):
cmake: apply parallel build settings to ptest tasks
Praveen Kumar (1):
go: Fix CVE-2024-45336
meta/classes/cmake.bbclass | 2 +
meta/classes/rust-common.bbclass | 2 +-
...press-gcc-os-warning-on-user2netname.patch | 61 +++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-45336.patch | 394 ++++++++++++++++++
...e-treat-overflow-in-UID-GID-as-failu.patch | 40 ++
.../python/python3_3.10.16.bb | 1 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
11 files changed, 520 insertions(+), 20 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
create mode 100644 meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-03-14 14:10 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-03-14 14:10 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, March 18
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1187
The following changes since commit 0216c229d5c60d0023b0a7d6e8ee41bdfa16f8ef:
tzcode-native: Fix compiler setting from 2023d version (2025-03-07 07:00:55 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ashish Sharma (1):
ruby: Fix CVE-2025-27219
Divya Chellam (1):
vim: Upgrade 9.1.1043 -> 9.1.1115
Hitendra Prajapati (2):
grub: Fix multiple CVEs
grub: Fix multiple CVEs
Peter Marko (2):
puzzles: ignore three new CVEs for a different puzzles
libarchive: patch CVE-2025-25724
Zhang Peng (1):
mpg123: fix CVE-2024-10573
.../0001-misc-Implement-grub_strlcpy.patch | 68 ++
.../grub/files/CVE-2024-45774.patch | 40 +
.../grub/files/CVE-2024-45775.patch | 41 +
.../grub/files/CVE-2024-45776.patch | 42 +
.../grub/files/CVE-2024-45777.patch | 60 ++
.../files/CVE-2024-45778_CVE-2024-45779.patch | 58 ++
.../grub/files/CVE-2024-45780.patch | 96 ++
.../grub/files/CVE-2024-45781.patch | 38 +
.../files/CVE-2024-45782_CVE-2024-56737.patch | 39 +
.../grub/files/CVE-2024-45783.patch | 42 +
.../grub/files/CVE-2025-0622-01.patch | 39 +
.../grub/files/CVE-2025-0622-02.patch | 44 +
.../grub/files/CVE-2025-0622-03.patch | 41 +
.../grub/files/CVE-2025-0624.patch | 87 ++
...025-0685_CVE-2025-0686_CVE-2025-0689.patch | 380 +++++++
.../files/CVE-2025-0678_CVE-2025-1125.patch | 90 ++
.../grub/files/CVE-2025-0690.patch | 75 ++
.../grub/files/CVE-2025-1118.patch | 40 +
meta/recipes-bsp/grub/grub2.inc | 18 +
.../ruby/ruby/CVE-2025-27219.patch | 31 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../libarchive/CVE-2025-25724.patch | 40 +
.../libarchive/libarchive_3.6.2.bb | 1 +
.../mpg123/mpg123/CVE-2024-10573.patch | 978 ++++++++++++++++++
.../mpg123/mpg123_1.29.3.bb | 4 +-
meta/recipes-sato/puzzles/puzzles_git.bb | 2 +
meta/recipes-support/vim/vim.inc | 4 +-
27 files changed, 2396 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45774.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45775.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45776.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45777.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45780.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45781.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45783.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0624.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0690.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-1118.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-25724.patch
create mode 100644 meta/recipes-multimedia/mpg123/mpg123/CVE-2024-10573.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-09-30 19:50 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-09-30 19:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone ande have comments back by
end of day Thursday, October 2
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2467
The following changes since commit d381eeb5e70bd0ce9e78032c909e4a23564f4dd7:
build-appliance-image: Update to kirkstone head revision (2025-09-19 07:04:23 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (1):
vim: upgrade 9.1.1652 -> 9.1.1683
Gyorgy Sarvari (1):
libhandy: update git branch name
Praveen Kumar (1):
go: fix CVE-2025-47907
Soumya Sambu (1):
python3-jinja2: upgrade 3.1.4 -> 3.1.6
Yogita Urade (3):
grub2: fix CVE-2024-56738
curl: fix CVE-2025-9086
tiff: fix CVE-2025-9900
.../grub/files/CVE-2024-56738.patch | 75 ++++
meta/recipes-bsp/grub/grub2.inc | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 125 ++++---
.../go/go-1.21/CVE-2025-47907-pre-0001.patch | 354 ++++++++++++++++++
.../go/go-1.21/CVE-2025-47907-pre-0002.patch | 232 ++++++++++++
.../go/go-1.21/CVE-2025-47907.patch | 327 ++++++++++++++++
...inja2_3.1.4.bb => python3-jinja2_3.1.6.bb} | 5 +-
meta/recipes-gnome/libhandy/libhandy_1.5.0.bb | 2 +-
.../libtiff/tiff/CVE-2025-9900.patch | 57 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
.../curl/curl/CVE-2025-9086.patch | 55 +++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
13 files changed, 1174 insertions(+), 65 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0001.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0002.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907.patch
rename meta/recipes-devtools/python/{python3-jinja2_3.1.4.bb => python3-jinja2_3.1.6.bb} (82%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-9086.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-11-19 20:42 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-11-19 20:42 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2748
The following changes since commit 8aad87c12a809d790175b9848f5802d0a28eecac:
goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures (2025-11-13 08:39:38 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Gyorgy Sarvari (1):
musl: patch CVE-2025-26519
Richard Purdie (1):
oe-build-perf-report: relax metadata matching rules
Soumya Sambu (2):
elfutils: Fix CVE-2025-1376
elfutils: Fix CVE-2025-1377
Vijay Anusuri (3):
xwayland: Fix for CVE-2025-62229
xwayland: Fix for CVE-2025-62230
xwayland: Fix for CVE-2025-62231
.../musl/musl/CVE-2025-26519-1.patch | 39 ++++++++
.../musl/musl/CVE-2025-26519-2.patch | 38 ++++++++
meta/recipes-core/musl/musl_git.bb | 4 +-
.../elfutils/elfutils_0.186.bb | 2 +
.../elfutils/files/CVE-2025-1376.patch | 58 ++++++++++++
.../elfutils/files/CVE-2025-1377.patch | 68 ++++++++++++++
.../xwayland/xwayland/CVE-2025-62229.patch | 89 ++++++++++++++++++
.../xwayland/xwayland/CVE-2025-62230-1.patch | 63 +++++++++++++
.../xwayland/xwayland/CVE-2025-62230-2.patch | 92 +++++++++++++++++++
.../xwayland/xwayland/CVE-2025-62231.patch | 53 +++++++++++
.../xwayland/xwayland_22.1.8.bb | 4 +
scripts/lib/build_perf/report.py | 9 +-
12 files changed, 515 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2025-11-19 20:42 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-30 2:20 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 1/7] cve-exclusion_5.10.inc: update for 5.10.197 Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 2/7] curl: fix CVE-2023-38545 Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 3/7] curl: fix CVE-2023-38546 Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 4/7] openssl: Upgrade 3.0.11 -> 3.0.12 Steve Sakoman
2023-11-15 17:20 ` Andrey Zhizhikin
2023-10-30 2:20 ` [OE-core][kirkstone 5/7] package_rpm: Allow compression mode override Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 6/7] linux-firmware: create separate package for cirrus and cnm firmwares Steve Sakoman
2023-10-30 2:20 ` [OE-core][kirkstone 7/7] linux-firmware: create separate packages Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-19 20:42 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2025-09-30 19:50 Steve Sakoman
2025-03-14 14:10 Steve Sakoman
2025-02-12 14:21 Steve Sakoman
2024-12-11 14:47 Steve Sakoman
2024-08-30 12:52 Steve Sakoman
2024-07-04 12:32 Steve Sakoman
2024-05-30 18:37 Steve Sakoman
2024-04-17 20:35 Steve Sakoman
2024-02-06 15:45 Steve Sakoman
2024-01-17 15:58 Steve Sakoman
2023-11-08 22:52 Steve Sakoman
2023-04-15 15:26 Steve Sakoman
2022-08-04 14:06 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox