[OE-core][dunfell 00/22] Patch review
Please review this set of changes for dunfell and have comments back by
end of day Tuesday, August 15.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730
with the exception of qemuppc-alt, which failed due to out of disk space errors
on the debian-11-ty-1 worker:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969
The qemuppc-alt build passed on subsequent re-test on a worker without disk
space issues:
https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972
The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99:
build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08
-1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Abdellatif El Khlifi (1):
kernel: skip installing fitImage when using Initramfs bundles
Bruce Ashfield (3):
linux-yocto/5.4: update to v5.4.249
linux-yocto/5.4: update to v5.4.250
linux-yocto/5.4: update to v5.4.251
Dhairya Nagodra (2):
dmidecode 3.2: Fix CVE-2023-30630
harfbuzz: Resolve backported commit bug.
Emily Vekariya (1):
qemu: CVE-ID correction for CVE-2020-35505
Hitendra Prajapati (3):
ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI
tiff: fix multiple CVEs
tiff: fix multiple CVEs
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Peter Marko (6):
python3: ignore CVE-2023-36632
libjpeg-turbo: patch CVE-2023-2804
libarchive: ignore CVE-2023-30571
libpcre2: patch CVE-2022-41409
procps: patch CVE-2023-4016
openssl: Upgrade 1.1.1t -> 1.1.1v
Vijay Anusuri (1):
ghostscript: backport fix for CVE-2023-38559
Vivek Kumbhar (2):
go: fix CVE-2023-29406 net/http: insufficient sanitization of Host
header
qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
handshake can lead to remote unauthenticated denial of service
Yuta Hayama (2):
cve-update-nvd2-native: always pass str for json.loads()
systemd-systemctl: fix errors in instance name expansion
meta/classes/kernel.bbclass | 20 +-
...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++
.../openssl/openssl/CVE-2023-0464.patch | 226 -
.../openssl/openssl/CVE-2023-0465.patch | 60 -
.../openssl/openssl/CVE-2023-0466.patch | 82 --
.../openssl/openssl/CVE-2023-2650.patch | 122 -
.../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +-
.../meta/cve-update-nvd2-native.bb| 2 +-
.../systemd/systemd-systemctl/systemctl | 2 +-
.../CVE-2023-30630-dependent_p1.patch | 236 ++
.../CVE-2023-30630-dependent_p2.patch | 198 +++
.../dmidecode/dmidecode/CVE-2023-30630.patch | 62 +
.../dmidecode/dmidecode_3.2.bb| 3 +
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29406.patch | 212
.../recipes-devtools/python/python3_3.8.17.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-35505.patch| 11 +-
.../qemu/qemu/CVE-2023-3354.patch | 87 +++
.../ruby/ruby/CVE-2021-33621.patch| 139 +++
meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 +
...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++
.../ghostscript/ghostscript_9.52.bb | 1 +
.../libarchive/libarchive_3.4.2.bb| 3 +
.../procps/procps/CVE-2023-4016.patch | 85 +++
meta/recipes-extended/procps/procps_3.3.16.bb | 1 +
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 16 +-
.../jpeg/files/CVE-2023-2804-1.patch | 97 +++
.../jpeg/files/CVE-2023-2804-2.patch | 75 ++
.../jpeg/libjpeg-turbo_2.0.4.bb | 2 +
.../linux-firmware/linux-firmware_20230515.bb | 2 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../libtiff/files/CVE-2023-25433.patch| 173 +
.../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++
.../libtiff/files/CVE-2023-26965.patch| 90 +++
.../libtiff/files/CVE-2023-26966.patch| 35 +++
.../libtiff/files/CVE-2023-2908.patch | 33 +++
.../libtiff/files/CVE-2023-3316.patch | 59 +
.../libtiff/files/CVE-2023-3618-1.patch | 34 +++
.../libtiff/files/CVE-2023-3618-2.patch | 47
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 +
.../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
45 files changed, 1977 insertions(+), 531 deletions(-)
create mode 100644
meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
[OE-core][dunfell 00/22] Patch review
Please review this next set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2144
The following changes since commit 5b2ad70cd82c3b812652886ee4bf29f88dcac42c:
reproducible.py: add quilt-ptest and valgrind-ptest (2021-05-07 05:21:23
-1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
linux-firmware: upgrade 20210208 -> 20210315
Anuj Mittal (1):
lsb-release: fix reproducibility failure
Bruce Ashfield (1):
linux-yocto/5.4: qemuppc32: reduce serial shutdown issues
Chen Qi (1):
db: update CVE_PRODUCT
Lee Chee Yang (4):
subversion: fix CVE-2020-17525
qemu: fix CVE-2021-3392
tiff: fix CVE-2020-35523 CVE-2020-35524
python3-jinja2: 2.11.2 -> 2.11.3
Richard Purdie (9):
glibc: Document and whitelist CVE-2019-1010022-25
qemu: Exclude CVE-2017-5957 from cve-check
qemu: Exclude CVE-2007-0998 from cve-check
qemu: Exclude CVE-2018-18438 from cve-check
jquery: Exclude CVE-2007-2379 from cve-check
logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check
openssh: Exclude CVE-2007-2768 from cve-check
oeqa/qemurunner: Fix binary vs str issue
oeqa/qemurunner: Improve handling of run_serial for shutdown commands
Romain Naour (1):
dejagnu: needs expect at runtime
Ross Burton (3):
cairo: backport patch for CVE-2020-35492
libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)
builder: whitelist CVE-2008-4178 (a different builder)
Yann Dirson (1):
linux-firmware: include all relevant files in -bcm4356
meta/lib/oeqa/utils/qemurunner.py | 11 +-
.../openssh/openssh_8.2p1.bb | 3 +
meta/recipes-core/glibc/glibc_2.31.bb | 13 ++
.../recipes-devtools/dejagnu/dejagnu_1.6.2.bb | 1 +
meta/recipes-devtools/jquery/jquery_3.5.0.bb | 5 +
...ja2_2.11.2.bb => python3-jinja2_2.11.3.bb} | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 12 ++
.../qemu/qemu/CVE-2021-3392.patch | 92 ++
.../subversion/CVE-2020-17525.patch | 117 ++
.../subversion/subversion_1.13.0.bb | 1 +
.../logrotate/logrotate_3.15.1.bb | 3 +
.../help2man-reproducibility.patch| 27
meta/recipes-extended/lsb/lsb-release_1.4.bb | 1 +
.../libnotify/libnotify_0.7.8.bb | 3 +
meta/recipes-graphics/builder/builder_0.1.bb | 2 +
.../cairo/cairo/CVE-2020-35492.patch | 60 +
meta/recipes-graphics/cairo/cairo_1.16.0.bb | 1 +
...20210208.bb => linux-firmware_20210315.bb} | 8 +-
.../linux/linux-yocto-rt_5.4.bb | 2 +-
.../linux/linux-yocto-tiny_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +-
.../libtiff/files/CVE-2020-35523.patch| 55
.../libtiff/files/CVE-2020-35524-1.patch | 42 +++
.../libtiff/files/CVE-2020-35524-2.patch | 36 ++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 3 +
meta/recipes-support/db/db_5.3.28.bb | 2 +-
26 files changed, 494 insertions(+), 12 deletions(-)
rename meta/recipes-devtools/python/{python3-jinja2_2.11.2.bb =>
python3-jinja2_2.11.3.bb} (92%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch
create mode 100644
meta/recipes-devtools/subversion/subversion/CVE-2020-17525.patch
create mode 100644
meta/recipes-extended/lsb/lsb-release/help2man-reproducibility.patch
create mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210208.bb =>
linux-firmware_20210315.bb} (99%)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35523.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35524-2.patch
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#151641):
https://lists.openembedded.org/g/openembedded-core/message/151641
Mute This Topic: https://lists.openembedded.org/mt/82774212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 00/22] Patch review
Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.
Passed a-full test on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1104
The following changes since commit 1a98936830ba468d63e2e49d766add9e9cb75998:
gstreamer1.0-plugins-bad: add support for vdpau (2020-06-23 04:33:47 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
linux-firmware: upgrade 20200519 -> 20200619
Andrej Valek (1):
oeqa/runtime/cases/ptest: Make output content path absolute
Armin Kuster (2):
curl: Security fixes for CVE-2020-{8169/8177}
wpa-supplicant: Security fix CVE-2020-12695
Changqing Li (1):
mime.bbclass: fix post install scriptlet error
Chen Qi (1):
systemd-serialgetty: do not use BindsTo
Konrad Weihmann (2):
runqemu: add QB_ROOTFS_EXTRA_OPT parameter
testimage: enable ovmf support
Lee Chee Yang (2):
dbus: fix CVE-2020-12049
perl: fix CVE-2020-10543 & CVE-2020-10878
Lili Li (1):
kernel.bbclass: Fix Module.symvers support
Ming Liu (1):
u-boot: introduce UBOOT_INITIAL_ENV
Nicolas Dechesne (1):
checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
Pierre-Jean Texier (1):
ell: upgrade 0.31 -> 0.32
Richard Purdie (7):
pseudo: Fix attr errors due to incorrect library resolution issues
oeqa/selftest/runcmd: Add better debug for thread count mismatch
failures
oeqa/utils/command: Improve stdin handling in runCmd
scripts/install-buildtools: Update to 3.2 M1 buildtools
scripts/install-buildtools: Handle new format checksum files
oeqa/selftest: Clean up separate builddir in success case when
non-threaded
populate_sdk_ext: Fix to use python3, not python
Steve Sakoman (1):
u-boot: move redundant-yyloc-global patch to u-boot-common.inc
meta/classes/kernel.bbclass | 2 +-
meta/classes/mime.bbclass | 13 +-
meta/classes/populate_sdk_ext.bbclass | 2 +-
meta/classes/qemuboot.bbclass | 5 +
meta/classes/testimage.bbclass| 6 +-
meta/lib/oeqa/core/target/qemu.py | 6 +-
meta/lib/oeqa/core/utils/concurrencytest.py | 23 +--
meta/lib/oeqa/runtime/cases/ptest.py | 4 +
meta/lib/oeqa/selftest/cases/runcmd.py| 9 +-
meta/lib/oeqa/selftest/context.py | 36 -
meta/lib/oeqa/utils/commands.py | 4 +-
meta/lib/oeqa/utils/qemurunner.py | 5 +-
.../remove-redundant-yyloc-global.patch | 0
meta/recipes-bsp/u-boot/u-boot-common.inc | 1 +
.../u-boot/u-boot-tools_2020.01.bb| 2 -
meta/recipes-bsp/u-boot/u-boot.inc| 55 ---
...allow-event-subscriptions-with-URLs-.patch | 151 +
...nt-message-generation-using-a-long-U.patch | 62 +++
...HTTP-initiation-failures-for-events-.patch | 50 ++
.../wpa-supplicant/wpa-supplicant_2.9.bb | 5 +-
.../dbus/dbus/CVE-2020-12049.patch| 78 +
meta/recipes-core/dbus/dbus_1.12.16.bb| 1 +
.../ell/{ell_0.31.bb => ell_0.32.bb} | 3 +-
.../systemd-serialgetty/serial-getty@.service | 3 +-
.../perl/files/CVE-2020-10543.patch | 36 +
.../perl/files/CVE-2020-10878_1.patch | 152 ++
.../perl/files/CVE-2020-10878_2.patch | 36 +
meta/recipes-devtools/perl/perl_5.30.1.bb | 3 +
.../pseudo/files/xattr_version.patch | 54 +++
meta/recipes-devtools/pseudo/pseudo_git.bb| 1 +
...20200519.bb => linux-firmware_20200619.bb} | 4 +-
.../curl/curl/CVE-2020-8169.patch | 140
.../curl/curl/CVE-2020-8177.patch | 67
meta/recipes-support/curl/curl_7.69.1.bb | 2 +
scripts/install-buildtools| 10 +-
scripts/lib/checklayer/__init__.py| 7 +-
scripts/runqemu | 11 +-
37 files changed, 979 insertions(+), 70 deletions(-)
rename meta/recipes-bsp/u-boot/{u-boot-tools =>
files}/remove-redundant-yyloc-global.patch (100%)
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
create mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
rename meta/recipes-core/ell/{ell_0.31.bb => ell_0.32.bb} (83%)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10543.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
create mode 100644
