* [OE-core][kirkstone 0/6] Patch review
@ 2025-03-10 13:36 Steve Sakoman
2025-03-10 13:36 ` [OE-core][kirkstone 1/6] openssh: Fix CVE-2025-26465 Steve Sakoman
` (5 more replies)
0 siblings, 6 replies; 17+ messages in thread
From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, March 12
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1152
The following changes since commit 0d9f2fcc2058407eb138297d9f8f12595851b963:
mesa: Fix missing GLES3 headers in SDK sysroot (2025-03-04 08:43:39 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alessio Cascone (1):
tzcode-native: Fix compiler setting from 2023d version
Deepesh Varatharajan (1):
binutils: Fix CVE-2025-0840
Hitendra Prajapati (1):
ruby: Fix CVE-2025-27220
Priyal Doshi (1):
tzdata/tzcode-native: upgrade 2024b -> 2025a
Vijay Anusuri (2):
openssh: Fix CVE-2025-26465
libtasn1: upgrade 4.19.0 -> 4.20.0
.../openssh/openssh/CVE-2025-26465.patch | 140 ++++++++++++++++++
.../openssh/openssh_8.9p1.bb | 1 +
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0038-CVE-2025-0840.patch | 53 +++++++
.../ruby/ruby/CVE-2025-27220.patch | 76 ++++++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../timezone/tzcode-native.bb | 2 +-
...{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} | 7 +-
9 files changed, 279 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
rename meta/recipes-support/gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} (63%)
--
2.43.0
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 1/6] openssh: Fix CVE-2025-26465 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 2/6] binutils: Fix CVE-2025-0840 Steve Sakoman ` (4 subsequent siblings) 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Vijay Anusuri <vanusuri@mvista.com> Upstream-Status: Backport from https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../openssh/openssh/CVE-2025-26465.patch | 140 ++++++++++++++++++ .../openssh/openssh_8.9p1.bb | 1 + 2 files changed, 141 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch new file mode 100644 index 0000000000..ffc798a158 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch @@ -0,0 +1,140 @@ +From 0832aac79517611dd4de93ad0a83577994d9c907 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Tue, 18 Feb 2025 08:02:48 +0000 +Subject: [PATCH] upstream: Fix cases where error codes were not correctly set + +Reported by the Qualys Security Advisory team. ok markus@ + +OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907] +CVE: CVE-2025-26465 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + krl.c | 2 ++ + ssh-agent.c | 3 +++ + ssh-sk-client.c | 2 ++ + sshconnect2.c | 5 ++++- + sshsig.c | 1 + + 5 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/krl.c b/krl.c +index 17b88ed..aef2001 100644 +--- a/krl.c ++++ b/krl.c +@@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) + break; + case KRL_SECTION_CERT_SERIAL_BITMAP: + if (rs->lo - bitmap_start > INT_MAX) { ++ r = SSH_ERR_INVALID_FORMAT; + error_f("insane bitmap gap"); + goto out; + } +@@ -1008,6 +1009,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, + goto out; + + if ((krl = ssh_krl_init()) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; + error_f("alloc failed"); + goto out; + } +diff --git a/ssh-agent.c b/ssh-agent.c +index 4dbb4f3..6382ef4 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -1198,6 +1198,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, + "restrict-destination-v00@openssh.com") == 0) { + if (*dcsp != NULL) { + error_f("%s already set", ext_name); ++ r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if ((r = sshbuf_froms(m, &b)) != 0) { +@@ -1207,6 +1208,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, + while (sshbuf_len(b) != 0) { + if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { + error_f("too many %s constraints", ext_name); ++ r = SSH_ERR_INVALID_FORMAT; + goto out; + } + *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, +@@ -1663,6 +1665,7 @@ process_ext_session_bind(SocketEntry *e) + /* record new key/sid */ + if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { + error_f("too many session IDs recorded"); ++ r = -1; + goto out; + } + e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, +diff --git a/ssh-sk-client.c b/ssh-sk-client.c +index 321fe53..750accb 100644 +--- a/ssh-sk-client.c ++++ b/ssh-sk-client.c +@@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, + } + if ((srk = calloc(1, sizeof(*srk))) == NULL) { + error_f("calloc failed"); ++ r = SSH_ERR_ALLOC_FAIL; + goto out; + } + srk->key = key; +@@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, + if ((tmp = recallocarray(srks, nsrks, nsrks + 1, + sizeof(*srks))) == NULL) { + error_f("recallocarray keys failed"); ++ r = SSH_ERR_ALLOC_FAIL; + goto out; + } + debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, +diff --git a/sshconnect2.c b/sshconnect2.c +index 83ae4a4..6cfae2a 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -97,7 +97,7 @@ static int + verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) + { + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, +- xxx_conn_info) == -1) ++ xxx_conn_info) != 0) + fatal("Host key verification failed."); + return 0; + } +@@ -713,6 +713,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) + + if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { + debug_f("server sent unknown pkalg %s", pkalg); ++ r = SSH_ERR_INVALID_FORMAT; + goto done; + } + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { +@@ -723,6 +724,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) + error("input_userauth_pk_ok: type mismatch " + "for decoded key (received %d, expected %d)", + key->type, pktype); ++ r = SSH_ERR_INVALID_FORMAT; + goto done; + } + +@@ -742,6 +744,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) + SSH_FP_DEFAULT); + error_f("server replied with unknown key: %s %s", + sshkey_type(key), fp == NULL ? "<ERROR>" : fp); ++ r = SSH_ERR_INVALID_FORMAT; + goto done; + } + ident = format_identity(id); +diff --git a/sshsig.c b/sshsig.c +index 7736134..76d7c21 100644 +--- a/sshsig.c ++++ b/sshsig.c +@@ -857,6 +857,7 @@ cert_filter_principals(const char *path, u_long linenum, + } + if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { + error_f("buffer error"); ++ r = SSH_ERR_ALLOC_FAIL; + goto out; + } + /* success */ +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index d2c477a062..54b4d238eb 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -37,6 +37,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2023-51384.patch \ file://CVE-2023-51385.patch \ file://CVE-2024-6387.patch \ + file://CVE-2025-26465.patch \ " SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 2/6] binutils: Fix CVE-2025-0840 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 1/6] openssh: Fix CVE-2025-26465 Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 3/6] ruby: Fix CVE-2025-27220 Steve Sakoman ` (3 subsequent siblings) 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> PR32560 stack-buffer-overflow at objdump disassemble_bytes Backport a patch from upstream to fix CVE-2025-0840 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893] Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0038-CVE-2025-0840.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index e577a10cb8..26d0b570f3 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -72,5 +72,6 @@ SRC_URI = "\ file://0035-CVE-2023-39129.patch \ file://0036-CVE-2023-39130.patch \ file://0037-CVE-2024-53589.patch \ + file://0038-CVE-2025-0840.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch b/meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch new file mode 100644 index 0000000000..b04e750690 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch @@ -0,0 +1,53 @@ +Author: Alan Modra <amodra@gmail.com> +Date: Wed, 15 Jan 2025 19:13:43 +1030 + +PR32560 stack-buffer-overflow at objdump disassemble_bytes + +There's always someone pushing the boundaries. + + PR 32560 + * objdump.c (MAX_INSN_WIDTH): Define. + (insn_width): Make it an unsigned long. + (disassemble_bytes): Use MAX_INSN_WIDTH to size buffer. + (main <OPTION_INSN_WIDTH>): Restrict size of insn_width. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893] +CVE: CVE-2025-0840 + +Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> + +diff --git a/binutils/objdump.c b/binutils/objdump.c +index 59f454b0..bd6180be 100644 +--- a/binutils/objdump.c ++++ b/binutils/objdump.c +@@ -110,7 +110,8 @@ static bool disassemble_all; /* -D */ + static int disassemble_zeroes; /* --disassemble-zeroes */ + static bool formats_info; /* -i */ + static int wide_output; /* -w */ +-static int insn_width; /* --insn-width */ ++#define MAX_INSN_WIDTH 49 ++static unsigned long insn_width; /* --insn-width */ + static bfd_vma start_address = (bfd_vma) -1; /* --start-address */ + static bfd_vma stop_address = (bfd_vma) -1; /* --stop-address */ + static int dump_debugging; /* --debugging */ +@@ -2897,7 +2898,7 @@ disassemble_bytes (struct disassemble_info *inf, + } + else + { +- char buf[50]; ++ char buf[MAX_INSN_WIDTH + 1]; + unsigned int bpc = 0; + unsigned int pb = 0; + +@@ -5457,8 +5458,9 @@ main (int argc, char **argv) + break; + case OPTION_INSN_WIDTH: + insn_width = strtoul (optarg, NULL, 0); +- if (insn_width <= 0) +- fatal (_("error: instruction width must be positive")); ++ if (insn_width - 1 >= MAX_INSN_WIDTH) ++ fatal (_("error: instruction width must be in the range 1 to " ++ XSTRING (MAX_INSN_WIDTH))); + break; + case OPTION_INLINES: + unwind_inlines = true; -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 3/6] ruby: Fix CVE-2025-27220 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 1/6] openssh: Fix CVE-2025-26465 Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 2/6] binutils: Fix CVE-2025-0840 Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 4/6] libtasn1: upgrade 4.19.0 -> 4.20.0 Steve Sakoman ` (2 subsequent siblings) 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Hitendra Prajapati <hprajapati@mvista.com> Upstream-Status: Backport from https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../ruby/ruby/CVE-2025-27220.patch | 76 +++++++++++++++++++ meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 + 2 files changed, 77 insertions(+) create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch b/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch new file mode 100644 index 0000000000..4fc71f7ff9 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch @@ -0,0 +1,76 @@ +From cd1eb08076c8b8e310d4d553d427763f2577a1b6 Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA <hsbt@ruby-lang.org> +Date: Fri, 21 Feb 2025 15:53:31 +0900 +Subject: [PATCH] Escape/unescape unclosed tags as well + +Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> + +Upstream-Status: Backport [https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6] +CVE: CVE-2025-27220 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + lib/cgi/util.rb | 4 ++-- + test/cgi/test_cgi_util.rb | 18 ++++++++++++++++++ + 2 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb +index 5a5c77a..ce77a0c 100644 +--- a/lib/cgi/util.rb ++++ b/lib/cgi/util.rb +@@ -178,7 +178,7 @@ module CGI::Util + def escapeElement(string, *elements) + elements = elements[0] if elements[0].kind_of?(Array) + unless elements.empty? +- string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do ++ string.gsub(/<\/?(?:#{elements.join("|")})\b[^<>]*+>?/im) do + CGI.escapeHTML($&) + end + else +@@ -198,7 +198,7 @@ module CGI::Util + def unescapeElement(string, *elements) + elements = elements[0] if elements[0].kind_of?(Array) + unless elements.empty? +- string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do ++ string.gsub(/<\/?(?:#{elements.join("|")})\b(?>[^&]+|&(?![gl]t;)\w+;)*(?:>)?/im) do + unescapeHTML($&) + end + else +diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb +index a3be193..d058ccc 100644 +--- a/test/cgi/test_cgi_util.rb ++++ b/test/cgi/test_cgi_util.rb +@@ -244,6 +244,14 @@ class CGIUtilTest < Test::Unit::TestCase + assert_equal("<BR><A HREF="url"></A>", escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])) + assert_equal("<BR><A HREF="url"></A>", escape_element('<BR><A HREF="url"></A>', "A", "IMG")) + assert_equal("<BR><A HREF="url"></A>", escape_element('<BR><A HREF="url"></A>', ["A", "IMG"])) ++ ++ assert_equal("<A <A HREF="url"></A>", escapeElement('<A <A HREF="url"></A>', "A", "IMG")) ++ assert_equal("<A <A HREF="url"></A>", escapeElement('<A <A HREF="url"></A>', ["A", "IMG"])) ++ assert_equal("<A <A HREF="url"></A>", escape_element('<A <A HREF="url"></A>', "A", "IMG")) ++ assert_equal("<A <A HREF="url"></A>", escape_element('<A <A HREF="url"></A>', ["A", "IMG"])) ++ ++ assert_equal("<A <A ", escapeElement('<A <A ', "A", "IMG")) ++ assert_equal("<A <A ", escapeElement('<A <A ', ["A", "IMG"])) + end + + +@@ -252,6 +260,16 @@ class CGIUtilTest < Test::Unit::TestCase + assert_equal('<BR><A HREF="url"></A>', unescapeElement(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])) + assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")) + assert_equal('<BR><A HREF="url"></A>', unescape_element(escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])) ++ ++ assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG")) ++ assert_equal('<A <A HREF="url"></A>', unescapeElement(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"])) ++ assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), "A", "IMG")) ++ assert_equal('<A <A HREF="url"></A>', unescape_element(escapeHTML('<A <A HREF="url"></A>'), ["A", "IMG"])) ++ ++ assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), "A", "IMG")) ++ assert_equal('<A <A ', unescapeElement(escapeHTML('<A <A '), ["A", "IMG"])) ++ assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), "A", "IMG")) ++ assert_equal('<A <A ', unescape_element(escapeHTML('<A <A '), ["A", "IMG"])) + end + end + +-- +2.25.1 + diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 96873fd7fa..ac9dec3514 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -46,6 +46,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://CVE-2024-49761-0008.patch \ file://CVE-2024-49761-0009.patch \ file://CVE-2024-41946.patch \ + file://CVE-2025-27220.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 4/6] libtasn1: upgrade 4.19.0 -> 4.20.0 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman ` (2 preceding siblings ...) 2025-03-10 13:36 ` [OE-core][kirkstone 3/6] ruby: Fix CVE-2025-27220 Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 5/6] tzdata/tzcode-native: upgrade 2024b -> 2025a Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 6/6] tzcode-native: Fix compiler setting from 2023d version Steve Sakoman 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Vijay Anusuri <vanusuri@mvista.com> * Noteworthy changes in release 4.20.0 (2025-02-01) [stable] - The release tarball is now reproducible. - We publish a minimal source-only tarball generated by 'git archive'. - Update gnulib files and various build/maintenance fixes. - Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET OF elements License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) rename meta/recipes-support/gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} (63%) diff --git a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb similarity index 63% rename from meta/recipes-support/gnutls/libtasn1_4.19.0.bb rename to meta/recipes-support/gnutls/libtasn1_4.20.0.bb index 5fb8b54c06..8127ba5b1d 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.19.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb @@ -6,9 +6,8 @@ HOMEPAGE = "http://www.gnu.org/software/libtasn1/" LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" LICENSE:${PN}-bin = "GPL-3.0-or-later" LICENSE:${PN} = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ - file://COPYING;md5=75ac100ec923f959898182307970c360" +LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ + file://COPYING.LESSERv2;md5=4bf661c1e3793e55c8d1051bc5e0ae21" SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ @@ -16,7 +15,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ DEPENDS = "bison-native" -SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" +SRC_URI[sha256sum] = "92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c" inherit autotools texinfo lib_package gtk-doc -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 5/6] tzdata/tzcode-native: upgrade 2024b -> 2025a 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman ` (3 preceding siblings ...) 2025-03-10 13:36 ` [OE-core][kirkstone 4/6] libtasn1: upgrade 4.19.0 -> 4.20.0 Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 6/6] tzcode-native: Fix compiler setting from 2023d version Steve Sakoman 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a15c4e6793c55c8084a61298ef3695e1db2f60cd) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 8935d1cd8c..3fe6c3142b 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2024b" +PV = "2025a" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672" -SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550" +SRC_URI[tzcode.sha256sum] = "119679d59f76481eb5e03d3d2a47d7870d592f3999549af189dbd31f2ebf5061" +SRC_URI[tzdata.sha256sum] = "4d5fcbc72c7c450ebfe0b659bd0f1c02fbf52fd7f517a9ea13fe71c21eb5f0d0" -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 6/6] tzcode-native: Fix compiler setting from 2023d version 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman ` (4 preceding siblings ...) 2025-03-10 13:36 ` [OE-core][kirkstone 5/6] tzdata/tzcode-native: upgrade 2024b -> 2025a Steve Sakoman @ 2025-03-10 13:36 ` Steve Sakoman 5 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-10 13:36 UTC (permalink / raw) To: openembedded-core From: Alessio Cascone <alessio.cascone@vimar.com> Starting from 2023d version, tzcode makefile does not use anymore "cc" variable for C compiler, due to Makefile refactoring. Replacing "cc" with "CC" fixes the issue. Signed-off-by: Alessio Cascone <alessio.cascone@vimar.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b3cdfca5ef84ed2054faef9abddef3aeed930e17) Signed-off-by: Steve Sakoman <steve@sakoman.com> --- meta/recipes-extended/timezone/tzcode-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/timezone/tzcode-native.bb b/meta/recipes-extended/timezone/tzcode-native.bb index d0b23a9d80..dc9f076377 100644 --- a/meta/recipes-extended/timezone/tzcode-native.bb +++ b/meta/recipes-extended/timezone/tzcode-native.bb @@ -4,7 +4,7 @@ SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" inherit native -EXTRA_OEMAKE += "cc='${CC}'" +EXTRA_OEMAKE += "CC='${CC}'" do_install () { install -d ${D}${bindir}/ -- 2.43.0 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 0/6] Patch review @ 2025-05-09 16:16 Steve Sakoman 0 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-05-09 16:16 UTC (permalink / raw) To: openembedded-core Please review this set of changes for kirkstone and have comments back by end of day Tuesday, May 13 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1554 The following changes since commit 25ba9895b98715adb66a06e50f644aea2e2c9eb6: Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR" (2025-04-29 07:45:33 -0700) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Haixiao Yan (1): glibc: Add single-threaded fast path to rand() Hitendra Prajapati (1): busybox: fix CVE-2023-39810 Peter Marko (3): ghostscript: ignore CVE-2025-27837 ghostscript: ignore CVE-2024-29507 qemu: ignore CVE-2023-1386 Praveen Kumar (1): connman :fix CVE-2025-32743 .../connman/connman/CVE-2025-32743.patch | 43 ++++++ .../connman/connman_1.41.bb | 1 + .../busybox/busybox/CVE-2023-39810.patch | 131 ++++++++++++++++++ meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + ...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++ meta/recipes-core/glibc/glibc_2.35.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 3 + .../ghostscript/ghostscript_9.55.0.bb | 4 +- 8 files changed, 230 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch -- 2.43.0 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 0/6] Patch review @ 2025-03-24 19:36 Steve Sakoman 0 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2025-03-24 19:36 UTC (permalink / raw) To: openembedded-core Please review this set of changes for kirkstone and have comments back by end of day Wednesday, March 26 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1242 The following changes since commit acb88b244e89bc1300a24f60d0a44c21e0ab1af6: vim: Upgrade 9.1.1043 -> 9.1.1115 (2025-03-13 09:19:58 -0700) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Peter Marko (1): tiff: mark CVE-2023-30774 as patched Robert Yang (1): libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt Vijay Anusuri (2): libxslt: Fix for CVE-2024-55549 libxslt: Fix for CVE-2025-24855 Yogita Urade (2): xserver-xorg: fix CVE-2022-49737 xwayland: fix CVE-2022-49737 .../libxcrypt/libxcrypt-compat_4.4.33.bb | 2 +- .../xserver-xorg/CVE-2022-49737.patch | 90 ++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + .../xwayland/xwayland/CVE-2022-49737.patch | 90 ++++++++++++ .../xwayland/xwayland_22.1.8.bb | 1 + ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 4 +- .../libxslt/libxslt/CVE-2024-55549.patch | 49 +++++++ .../libxslt/libxslt/CVE-2025-24855.patch | 134 ++++++++++++++++++ .../recipes-support/libxslt/libxslt_1.1.35.bb | 5 +- 9 files changed, 373 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-49737.patch create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2022-49737.patch create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2024-55549.patch create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-24855.patch -- 2.43.0 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 0/6] Patch review
@ 2024-09-05 12:40 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2024-09-05 12:40 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 6
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7310
The following changes since commit 6992437d725f9cc88da4261814b69aaadc5ef0f2:
grub: fs/fat: Don't error when mtime is 0 (2024-08-29 06:13:56 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
qemu: fix CVE-2024-7409
Rohini Sangam (1):
python3: Security fix for CVE-2024-8088
Vijay Anusuri (1):
apr: upgrade 1.7.2 -> 1.7.5
Vrushti Dabhi (2):
sqlite3: CVE-ID correction for CVE-2023-7104
sqlite3: Rename patch for CVE-2022-35737
Wang Mingyu (1):
wireless-regdb: upgrade 2024.05.08 -> 2024.07.04
.../python/python3/CVE-2024-8088.patch | 124 +++++++++++++
.../python/python3_3.10.14.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 4 +
.../qemu/qemu/CVE-2024-7409-0001.patch | 162 ++++++++++++++++
.../qemu/qemu/CVE-2024-7409-0002.patch | 174 ++++++++++++++++++
.../qemu/qemu/CVE-2024-7409-0003.patch | 122 ++++++++++++
.../qemu/qemu/CVE-2024-7409-0004.patch | 163 ++++++++++++++++
....05.08.bb => wireless-regdb_2024.07.04.bb} | 2 +-
...-runtime-test-for-mmap-that-can-map-.patch | 2 +-
.../apr/{apr_1.7.2.bb => apr_1.7.5.bb} | 2 +-
...lementation.patch => CVE-2022-35737.patch} | 0
.../sqlite/files/CVE-2023-7104.patch | 10 +-
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 4 +-
13 files changed, 761 insertions(+), 9 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.05.08.bb => wireless-regdb_2024.07.04.bb} (94%)
rename meta/recipes-support/apr/{apr_1.7.2.bb => apr_1.7.5.bb} (98%)
rename meta/recipes-support/sqlite/files/{0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch => CVE-2022-35737.patch} (100%)
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 0/6] Patch review @ 2024-08-25 18:49 Steve Sakoman 0 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2024-08-25 18:49 UTC (permalink / raw) To: openembedded-core Please review this set of changes for kirkstone and have comments back by end of day Tuesday, August 27 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7272 The following changes since commit 6c1000a2bbfe5e618e42bc5be2058332337d4177: python3-pycryptodome(x): use python_setuptools_build_meta build class (2024-08-15 05:58:11 -0700) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Guocai He (1): libsoup: fix compile error on centos7 Leon Anavi (1): python3: add PACKAGECONFIG[editline] Niko Mauno (1): image_types.bbclass: Use --force also with lz4,lzop Peter Marko (1): libyaml: ignore CVE-2024-35326 Siddharth Doshi (2): Tiff: Security fix for CVE-2024-7006 curl: Security fix for CVE-2024-7264 meta/classes/image_types.bbclass | 4 +- .../python/python3_3.10.14.bb | 5 +- .../libtiff/tiff/CVE-2024-7006.patch | 64 ++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + .../curl/curl/CVE-2024-7264_1.patch | 66 ++++ .../curl/curl/CVE-2024-7264_2.patch | 320 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + .../0001-meson.build-set-c_std-to-gnu99.patch | 44 +++ .../libsoup/libsoup-2.4_2.74.2.bb | 4 +- meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 +- 10 files changed, 506 insertions(+), 6 deletions(-) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264_1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264_2.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/0001-meson.build-set-c_std-to-gnu99.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 0/6] Patch review
@ 2024-07-20 12:42 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2024-07-20 12:42 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 23
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7158
The following changes since commit 5d97b0576e98a2cf402abab1a1edcab223545d87:
build-appliance-image: Update to kirkstone head revision (2024-07-15 10:31:11 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ashish Sharma (1):
ruby: backport fix for CVE-2024-27282
Florian Amstutz (1):
uboot-sign: Fix index error in concat_dtb_helper() with multiple
configs
Hitendra Prajapati (1):
busybox: Fix CVE-2023-42363
Peter Marko (2):
busybox: Patch CVE-2021-42380
libarchive: ignore CVE-2024-37407
Vijay Anusuri (1):
python3-jinja2: Upgrade 3.1.3 -> 3.1.4
meta/classes/uboot-sign.bbclass | 6 +-
.../busybox/busybox/CVE-2021-42380.patch | 151 ++++++++++++++++++
.../busybox/busybox/CVE-2023-42363.patch | 68 ++++++++
meta/recipes-core/busybox/busybox_1.35.0.bb | 2 +
...inja2_3.1.3.bb => python3-jinja2_3.1.4.bb} | 8 +-
.../ruby/ruby/CVE-2024-27282.patch | 29 ++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../libarchive/libarchive_3.6.2.bb | 2 +
8 files changed, 261 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (82%)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 0/6] Patch review @ 2024-05-13 12:18 Steve Sakoman 0 siblings, 0 replies; 17+ messages in thread From: Steve Sakoman @ 2024-05-13 12:18 UTC (permalink / raw) To: openembedded-core Please review this set of changes for kirkstone and have comments back by end of day Wednesday, May 17 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6895 The following changes since commit 24fd9b6756728a0337100f53a1c6e92aba092f9d: ppp: Add RSA-MD in LICENSE (2024-05-08 05:19:26 -0700) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Archana Polampalli (2): xserver-xorg: fix CVE-2024-31082 xserver-xorg: fix CVE-2024-31083 Bhabu Bindu (1): libpciaccess: Remove duplicated license entry Peter Marko (1): glibc: Update to latest on stable 2.35 branch Vijay Anusuri (2): bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230 gstreamer1.0-plugins-bad: fix CVE-2023-50186 meta/recipes-connectivity/bluez5/bluez5.inc | 2 + .../bluez5/bluez5/CVE-2023-27349.patch | 48 +++++++ .../CVE-2023-50229_CVE-2023-50230.patch | 67 ++++++++++ meta/recipes-core/glibc/glibc-version.inc | 2 +- ...y-the-header-between-arm-and-aarch64.patch | 64 +++++----- meta/recipes-core/glibc/glibc_2.35.bb | 5 +- .../xorg-lib/libpciaccess_0.16.bb | 2 +- .../xserver-xorg/CVE-2024-31082.patch | 52 ++++++++ .../xserver-xorg/CVE-2024-31083-0001.patch | 117 ++++++++++++++++++ .../xserver-xorg/CVE-2024-31083-0002.patch | 76 ++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 3 + .../CVE-2023-50186.patch | 70 +++++++++++ .../gstreamer1.0-plugins-bad_1.20.7.bb | 1 + 13 files changed, 478 insertions(+), 31 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch -- 2.34.1 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [OE-core][kirkstone 0/6] Patch review
@ 2024-01-21 18:57 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2024-01-21 18:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, January 23
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6471
The following changes since commit ebd61290a644a6d9f2b3701e0e7ea050636da76c:
pybootchartgui: fix 2 SyntaxWarnings (2024-01-16 04:10:03 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA
public keys
pam: fix CVE-2024-22365 pam_namespace misses
Peter Marko (1):
dropbear: backport patch for CVE-2023-48795
Vijay Anusuri (2):
gnutls: Fix for CVE-2024-0553 and CVE-2024-0567
xserver-xorg: Multiple CVE fixes
Yogita Urade (1):
tiff: fix CVE-2023-6228
.../openssl/openssl/CVE-2023-6237.patch | 127 ++++++++++
.../openssl/openssl_3.0.12.bb | 1 +
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2023-48795.patch | 234 ++++++++++++++++++
.../pam/libpam/CVE-2024-22365.patch | 62 +++++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
.../xserver-xorg/CVE-2023-6816.patch | 55 ++++
.../xserver-xorg/CVE-2024-0229-1.patch | 87 +++++++
.../xserver-xorg/CVE-2024-0229-2.patch | 221 +++++++++++++++++
.../xserver-xorg/CVE-2024-0229-3.patch | 41 +++
.../xserver-xorg/CVE-2024-0229-4.patch | 45 ++++
.../xserver-xorg/CVE-2024-0408.patch | 64 +++++
.../xserver-xorg/CVE-2024-0409.patch | 46 ++++
.../xserver-xorg/CVE-2024-21885.patch | 113 +++++++++
.../xserver-xorg/CVE-2024-21886-1.patch | 74 ++++++
.../xserver-xorg/CVE-2024-21886-2.patch | 57 +++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 10 +
.../libtiff/tiff/CVE-2023-6228.patch | 31 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
.../gnutls/gnutls/CVE-2024-0553.patch | 125 ++++++++++
.../gnutls/gnutls/CVE-2024-0567.patch | 184 ++++++++++++++
meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +
22 files changed, 1582 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-22365.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6816.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-3.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-4.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0408.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21885.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 0/6] Patch review
@ 2024-01-08 16:14 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2024-01-08 16:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 10
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6425
The following changes since commit 227b3d4edad31b0d0045f41133271693265240b0:
tzdata: Upgrade to 2023d (2024-01-02 03:46:18 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request
failures
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230804 -> 20231030
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Vijay Anusuri (1):
xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478
.../meta/cve-update-nvd2-native.bb | 27 +++++--
.../xserver-xorg/CVE-2023-6377.patch | 79 +++++++++++++++++++
.../xserver-xorg/CVE-2023-6478.patch | 63 +++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
...20230804.bb => linux-firmware_20231030.bb} | 4 +-
5 files changed, 165 insertions(+), 10 deletions(-)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230804.bb => linux-firmware_20231030.bb} (99%)
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 0/6] Patch review
@ 2023-10-21 15:28 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2023-10-21 15:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6084
The following changes since commit 5570e49791b770271f176a4deeb5f6f1a028cb4a:
uboot-extlinux-config.bbclass: fix missed override syntax migration (2023-10-17 12:19:37 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Lee Chee Yang (1):
qemu: ignore RHEL specific CVE-2023-2680
Meenali Gupta (1):
linux-firmware: upgrade 20230625 -> 20230804
Peter Marko (1):
zlib: patch CVE-2023-45853
Siddharth Doshi (2):
libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and
CVE-2023-43787
vim: Upgrade 9.0.2009 -> 9.0.2048
Vijay Anusuri (1):
gawk: backport Debian patch to fix CVE-2023-4156
.../zlib/zlib/CVE-2023-45853.patch | 42 +++++++++++++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 4 ++
.../gawk/gawk/CVE-2023-4156.patch | 28 +++++++++
meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 +
.../xorg-lib/libx11/CVE-2023-43785.patch | 62 ++++++++++++++++++
.../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41 ++++++++++++
.../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 +++++++++++++
.../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++++++++++++++
.../xorg-lib/libx11/CVE-2023-43787.patch | 63 +++++++++++++++++++
.../xorg-lib/libx11_1.7.3.1.bb | 5 ++
...20230625.bb => linux-firmware_20230804.bb} | 4 +-
meta/recipes-support/vim/vim.inc | 4 +-
13 files changed, 347 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%)
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [OE-core][kirkstone 0/6] Patch review
@ 2023-04-05 2:29 Steve Sakoman
0 siblings, 0 replies; 17+ messages in thread
From: Steve Sakoman @ 2023-04-05 2:29 UTC (permalink / raw)
To: openembedded-core
Please review this final set of patches for the kirkstone 4.0.9 release and
have comments back by end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5147
The following changes since commit 3eeab90fd45a1e8de6d9d16dfdec79c72639614b:
rsync: Turn on -pedantic-errors at the end of 'configure' (2023-03-30 08:29:50 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
patchelf: replace a rejected patch with an equivalent
uninative.bbclass tweak
Michael Halstead (2):
uninative: Upgrade to 3.8.1 to include libgcc
uninative: Upgrade to 3.9 to include glibc 2.37
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41723
Simone Weiss (1):
json-c: Add ptest for json-c
pawan (1):
curl: Add fix for CVE-2023-23916
meta/classes/uninative.bbclass | 2 +
.../distro/include/ptest-packagelists.inc | 1 +
meta/conf/distro/include/yocto-uninative.inc | 10 +-
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2022-41723.patch | 156 +++++++++++++
meta/recipes-devtools/json-c/json-c/run-ptest | 20 ++
meta/recipes-devtools/json-c/json-c_0.15.bb | 16 +-
.../patchelf/handle-read-only-files.patch | 65 ------
.../patchelf/patchelf_0.14.5.bb | 1 -
.../curl/curl/CVE-2023-23916.patch | 219 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
11 files changed, 419 insertions(+), 73 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch
create mode 100644 meta/recipes-devtools/json-c/json-c/run-ptest
delete mode 100644 meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
--
2.34.1
^ permalink raw reply [flat|nested] 17+ messages in threadend of thread, other threads:[~2025-05-09 16:17 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-03-10 13:36 [OE-core][kirkstone 0/6] Patch review Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 1/6] openssh: Fix CVE-2025-26465 Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 2/6] binutils: Fix CVE-2025-0840 Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 3/6] ruby: Fix CVE-2025-27220 Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 4/6] libtasn1: upgrade 4.19.0 -> 4.20.0 Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 5/6] tzdata/tzcode-native: upgrade 2024b -> 2025a Steve Sakoman 2025-03-10 13:36 ` [OE-core][kirkstone 6/6] tzcode-native: Fix compiler setting from 2023d version Steve Sakoman -- strict thread matches above, loose matches on Subject: below -- 2025-05-09 16:16 [OE-core][kirkstone 0/6] Patch review Steve Sakoman 2025-03-24 19:36 Steve Sakoman 2024-09-05 12:40 Steve Sakoman 2024-08-25 18:49 Steve Sakoman 2024-07-20 12:42 Steve Sakoman 2024-05-13 12:18 Steve Sakoman 2024-01-21 18:57 Steve Sakoman 2024-01-08 16:14 Steve Sakoman 2023-10-21 15:28 Steve Sakoman 2023-04-05 2:29 Steve Sakoman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox