[OE-core][dunfell 00/22] Patch review
Please review this set of changes for dunfell and have comments back by end of day Tuesday, August 15. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730 with the exception of qemuppc-alt, which failed due to out of disk space errors on the debian-11-ty-1 worker: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969 The qemuppc-alt build passed on subsequent re-test on a worker without disk space issues: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972 The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99: build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Abdellatif El Khlifi (1): kernel: skip installing fitImage when using Initramfs bundles Bruce Ashfield (3): linux-yocto/5.4: update to v5.4.249 linux-yocto/5.4: update to v5.4.250 linux-yocto/5.4: update to v5.4.251 Dhairya Nagodra (2): dmidecode 3.2: Fix CVE-2023-30630 harfbuzz: Resolve backported commit bug. Emily Vekariya (1): qemu: CVE-ID correction for CVE-2020-35505 Hitendra Prajapati (3): ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI tiff: fix multiple CVEs tiff: fix multiple CVEs Marek Vasut (1): linux-firmware: Fix mediatek mt7601u firmware path Peter Marko (6): python3: ignore CVE-2023-36632 libjpeg-turbo: patch CVE-2023-2804 libarchive: ignore CVE-2023-30571 libpcre2: patch CVE-2022-41409 procps: patch CVE-2023-4016 openssl: Upgrade 1.1.1t -> 1.1.1v Vijay Anusuri (1): ghostscript: backport fix for CVE-2023-38559 Vivek Kumbhar (2): go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Yuta Hayama (2): cve-update-nvd2-native: always pass str for json.loads() systemd-systemctl: fix errors in instance name expansion meta/classes/kernel.bbclass | 20 +- ...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++ .../openssl/openssl/CVE-2023-0464.patch | 226 - .../openssl/openssl/CVE-2023-0465.patch | 60 - .../openssl/openssl/CVE-2023-0466.patch | 82 -- .../openssl/openssl/CVE-2023-2650.patch | 122 - .../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +- .../meta/cve-update-nvd2-native.bb| 2 +- .../systemd/systemd-systemctl/systemctl | 2 +- .../CVE-2023-30630-dependent_p1.patch | 236 ++ .../CVE-2023-30630-dependent_p2.patch | 198 +++ .../dmidecode/dmidecode/CVE-2023-30630.patch | 62 + .../dmidecode/dmidecode_3.2.bb| 3 + meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-29406.patch | 212 .../recipes-devtools/python/python3_3.8.17.bb | 2 + meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-35505.patch| 11 +- .../qemu/qemu/CVE-2023-3354.patch | 87 +++ .../ruby/ruby/CVE-2021-33621.patch| 139 +++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + ...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++ .../ghostscript/ghostscript_9.52.bb | 1 + .../libarchive/libarchive_3.4.2.bb| 3 + .../procps/procps/CVE-2023-4016.patch | 85 +++ meta/recipes-extended/procps/procps_3.3.16.bb | 1 + .../harfbuzz/harfbuzz/CVE-2023-25193.patch| 16 +- .../jpeg/files/CVE-2023-2804-1.patch | 97 +++ .../jpeg/files/CVE-2023-2804-2.patch | 75 ++ .../jpeg/libjpeg-turbo_2.0.4.bb | 2 + .../linux-firmware/linux-firmware_20230515.bb | 2 +- .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../libtiff/files/CVE-2023-25433.patch| 173 + .../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++ .../libtiff/files/CVE-2023-26965.patch| 90 +++ .../libtiff/files/CVE-2023-26966.patch| 35 +++ .../libtiff/files/CVE-2023-2908.patch | 33 +++ .../libtiff/files/CVE-2023-3316.patch | 59 + .../libtiff/files/CVE-2023-3618-1.patch | 34 +++ .../libtiff/files/CVE-2023-3618-2.patch | 47 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 + .../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + 45 files changed, 1977 insertions(+), 531 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
[OE-core][dunfell 00/22] Patch review
Please review this next set of patches for dunfell and have comments back by end of day Friday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2144 The following changes since commit 5b2ad70cd82c3b812652886ee4bf29f88dcac42c: reproducible.py: add quilt-ptest and valgrind-ptest (2021-05-07 05:21:23 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Alexander Kanavin (1): linux-firmware: upgrade 20210208 -> 20210315 Anuj Mittal (1): lsb-release: fix reproducibility failure Bruce Ashfield (1): linux-yocto/5.4: qemuppc32: reduce serial shutdown issues Chen Qi (1): db: update CVE_PRODUCT Lee Chee Yang (4): subversion: fix CVE-2020-17525 qemu: fix CVE-2021-3392 tiff: fix CVE-2020-35523 CVE-2020-35524 python3-jinja2: 2.11.2 -> 2.11.3 Richard Purdie (9): glibc: Document and whitelist CVE-2019-1010022-25 qemu: Exclude CVE-2017-5957 from cve-check qemu: Exclude CVE-2007-0998 from cve-check qemu: Exclude CVE-2018-18438 from cve-check jquery: Exclude CVE-2007-2379 from cve-check logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check openssh: Exclude CVE-2007-2768 from cve-check oeqa/qemurunner: Fix binary vs str issue oeqa/qemurunner: Improve handling of run_serial for shutdown commands Romain Naour (1): dejagnu: needs expect at runtime Ross Burton (3): cairo: backport patch for CVE-2020-35492 libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings) builder: whitelist CVE-2008-4178 (a different builder) Yann Dirson (1): linux-firmware: include all relevant files in -bcm4356 meta/lib/oeqa/utils/qemurunner.py | 11 +- .../openssh/openssh_8.2p1.bb | 3 + meta/recipes-core/glibc/glibc_2.31.bb | 13 ++ .../recipes-devtools/dejagnu/dejagnu_1.6.2.bb | 1 + meta/recipes-devtools/jquery/jquery_3.5.0.bb | 5 + ...ja2_2.11.2.bb => python3-jinja2_2.11.3.bb} | 2 +- meta/recipes-devtools/qemu/qemu.inc | 12 ++ .../qemu/qemu/CVE-2021-3392.patch | 92 ++ .../subversion/CVE-2020-17525.patch | 117 ++ .../subversion/subversion_1.13.0.bb | 1 + .../logrotate/logrotate_3.15.1.bb | 3 + .../help2man-reproducibility.patch| 27 meta/recipes-extended/lsb/lsb-release_1.4.bb | 1 + .../libnotify/libnotify_0.7.8.bb | 3 + meta/recipes-graphics/builder/builder_0.1.bb | 2 + .../cairo/cairo/CVE-2020-35492.patch | 60 + meta/recipes-graphics/cairo/cairo_1.16.0.bb | 1 + ...20210208.bb => linux-firmware_20210315.bb} | 8 +- .../linux/linux-yocto-rt_5.4.bb | 2 +- .../linux/linux-yocto-tiny_5.4.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +- .../libtiff/files/CVE-2020-35523.patch| 55 .../libtiff/files/CVE-2020-35524-1.patch | 42 +++ .../libtiff/files/CVE-2020-35524-2.patch | 36 ++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 3 + meta/recipes-support/db/db_5.3.28.bb | 2 +- 26 files changed, 494 insertions(+), 12 deletions(-) rename meta/recipes-devtools/python/{python3-jinja2_2.11.2.bb => python3-jinja2_2.11.3.bb} (92%) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch create mode 100644 meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch create mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210208.bb => linux-firmware_20210315.bb} (99%) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151641): https://lists.openembedded.org/g/openembedded-core/message/151641 Mute This Topic: https://lists.openembedded.org/mt/82774212/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 00/22] Patch review
Please review this next set of patches for dunfell and have comments back by end of day Wednesday. Passed a-full test on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1104 The following changes since commit 1a98936830ba468d63e2e49d766add9e9cb75998: gstreamer1.0-plugins-bad: add support for vdpau (2020-06-23 04:33:47 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Alexander Kanavin (1): linux-firmware: upgrade 20200519 -> 20200619 Andrej Valek (1): oeqa/runtime/cases/ptest: Make output content path absolute Armin Kuster (2): curl: Security fixes for CVE-2020-{8169/8177} wpa-supplicant: Security fix CVE-2020-12695 Changqing Li (1): mime.bbclass: fix post install scriptlet error Chen Qi (1): systemd-serialgetty: do not use BindsTo Konrad Weihmann (2): runqemu: add QB_ROOTFS_EXTRA_OPT parameter testimage: enable ovmf support Lee Chee Yang (2): dbus: fix CVE-2020-12049 perl: fix CVE-2020-10543 & CVE-2020-10878 Lili Li (1): kernel.bbclass: Fix Module.symvers support Ming Liu (1): u-boot: introduce UBOOT_INITIAL_ENV Nicolas Dechesne (1): checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2() Pierre-Jean Texier (1): ell: upgrade 0.31 -> 0.32 Richard Purdie (7): pseudo: Fix attr errors due to incorrect library resolution issues oeqa/selftest/runcmd: Add better debug for thread count mismatch failures oeqa/utils/command: Improve stdin handling in runCmd scripts/install-buildtools: Update to 3.2 M1 buildtools scripts/install-buildtools: Handle new format checksum files oeqa/selftest: Clean up separate builddir in success case when non-threaded populate_sdk_ext: Fix to use python3, not python Steve Sakoman (1): u-boot: move redundant-yyloc-global patch to u-boot-common.inc meta/classes/kernel.bbclass | 2 +- meta/classes/mime.bbclass | 13 +- meta/classes/populate_sdk_ext.bbclass | 2 +- meta/classes/qemuboot.bbclass | 5 + meta/classes/testimage.bbclass| 6 +- meta/lib/oeqa/core/target/qemu.py | 6 +- meta/lib/oeqa/core/utils/concurrencytest.py | 23 +-- meta/lib/oeqa/runtime/cases/ptest.py | 4 + meta/lib/oeqa/selftest/cases/runcmd.py| 9 +- meta/lib/oeqa/selftest/context.py | 36 - meta/lib/oeqa/utils/commands.py | 4 +- meta/lib/oeqa/utils/qemurunner.py | 5 +- .../remove-redundant-yyloc-global.patch | 0 meta/recipes-bsp/u-boot/u-boot-common.inc | 1 + .../u-boot/u-boot-tools_2020.01.bb| 2 - meta/recipes-bsp/u-boot/u-boot.inc| 55 --- ...allow-event-subscriptions-with-URLs-.patch | 151 + ...nt-message-generation-using-a-long-U.patch | 62 +++ ...HTTP-initiation-failures-for-events-.patch | 50 ++ .../wpa-supplicant/wpa-supplicant_2.9.bb | 5 +- .../dbus/dbus/CVE-2020-12049.patch| 78 + meta/recipes-core/dbus/dbus_1.12.16.bb| 1 + .../ell/{ell_0.31.bb => ell_0.32.bb} | 3 +- .../systemd-serialgetty/serial-getty@.service | 3 +- .../perl/files/CVE-2020-10543.patch | 36 + .../perl/files/CVE-2020-10878_1.patch | 152 ++ .../perl/files/CVE-2020-10878_2.patch | 36 + meta/recipes-devtools/perl/perl_5.30.1.bb | 3 + .../pseudo/files/xattr_version.patch | 54 +++ meta/recipes-devtools/pseudo/pseudo_git.bb| 1 + ...20200519.bb => linux-firmware_20200619.bb} | 4 +- .../curl/curl/CVE-2020-8169.patch | 140 .../curl/curl/CVE-2020-8177.patch | 67 meta/recipes-support/curl/curl_7.69.1.bb | 2 + scripts/install-buildtools| 10 +- scripts/lib/checklayer/__init__.py| 7 +- scripts/runqemu | 11 +- 37 files changed, 979 insertions(+), 70 deletions(-) rename meta/recipes-bsp/u-boot/{u-boot-tools => files}/remove-redundant-yyloc-global.patch (100%) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch create mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch rename meta/recipes-core/ell/{ell_0.31.bb => ell_0.32.bb} (83%) create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10543.patch create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch create mode 100644