[OE-core] [gatesgarth][PATCH 00/25] pull request (cover letter only)
Please merge these changes in gatesgarth. Thanks, Anuj The following changes since commit 6311cb4930bd0add7aec61e5e0df6bb7ae0c4481: libsdl2: fix CVE-2020-14409 CVE-2020-14410 (2021-03-10 00:24:18 +) are available in the Git repository at: git://push.openembedded.org/openembedded-core-contrib stable/gatesgarth-next Alejandro Hernandez Samaniego (1): devtool: Fix do_kernel_configme task Anatol Belski (1): glib-2.0: Fix CVE-2021-27219 Anuj Mittal (1): Revert "sstatesig.py: show an error instead of warning when sstate manifest isn't found" Bruce Ashfield (3): linux-yocto/5.4: update to v5.4.99 linux-yocto/5.4: update to v5.4.101 linux-yocto/5.4: update to v5.4.103 Chen Qi (2): python3-jinja2: set CVE_PRODUCT populate_sdk_ext: record METADATA_REVISION Jon Mason (1): runqemu: use "raw" instead of "bin" for ovmf Martin Jansa (1): iso-codes: fix protocol in SRC_URI Mike Crowe (1): gcc-sanitizers: Move content from gcclibdir into libdir Minjae Kim (1): qemu: fix CVE-2021-20203 Purushottam Choudhary (1): shadow: whitelist CVE-2013-4235 Richard Leitner (1): xcb-proto: update to 1.14.1 Richard Purdie (6): libsecret: Improve determimism igt-gpu-tools: Fix reproducibility issue apr-util: Fix CFLAGS used in build selftest/reproducible: Don't call sync between each file compare gstreamer1.0-python: Set internal python library path correcty build-appliance-image: Drop kernel module handling Ross Burton (2): libinput: less parallism to increase chances the test suite works ptest-packagelists: remove libinput-ptest Stefan Ghinea (1): wpa-supplicant: fix CVE-2021-27803 Stefan Schmidt (1): systemd-conf: do not ask for DHCP if configured on kernel command line Ulrich Ölmann (1): local.conf.sample: fix typo meta/classes/populate_sdk_ext.bbclass |3 + .../distro/include/ptest-packagelists.inc |2 +- meta/conf/local.conf.sample |2 +- meta/lib/oe/sstatesig.py |2 +- meta/lib/oeqa/selftest/cases/reproducible.py |2 +- .../wpa-supplicant/CVE-2021-27803.patch | 58 + .../wpa-supplicant/wpa-supplicant_2.9.bb |1 + .../glib-2.0/glib-2.0/CVE-2021-27219.patch| 1444 + meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb |1 + .../images/build-appliance-image_15.0.0.bb|8 +- .../systemd/systemd-conf/wired.network|1 + .../systemd/systemd-conf_246.9.bb |3 - meta/recipes-devtools/gcc/gcc-sanitizers.inc |7 +- .../python/python3-jinja2_2.11.2.bb |2 + meta/recipes-devtools/qemu/qemu.inc |1 + .../qemu/qemu/CVE-2021-20203.patch| 74 + meta/recipes-extended/shadow/shadow_4.8.1.bb |5 +- .../libsecret/libsecret/determinism.patch | 37 + .../libsecret/libsecret_0.20.3.bb |3 +- .../igt-gpu-tools/reproducibility.patch | 38 + .../igt-gpu-tools/igt-gpu-tools_git.bb|5 +- .../wayland/libinput/run-ptest|2 +- ...{xcb-proto_1.14.bb => xcb-proto_1.14.1.bb} |4 +- .../linux/linux-yocto-rt_5.4.bb |6 +- .../linux/linux-yocto-tiny_5.4.bb |8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../gstreamer/gstreamer1.0-python_1.16.3.bb |2 + meta/recipes-support/apr/apr-util_1.6.1.bb|2 + .../iso-codes/iso-codes_4.5.0.bb |2 +- scripts/lib/devtool/standard.py |7 +- scripts/runqemu |2 + 31 files changed, 1713 insertions(+), 43 deletions(-) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch create mode 100644 meta/recipes-gnome/libsecret/libsecret/determinism.patch create mode 100644 meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools/reproducibility.patch rename meta/recipes-graphics/xorg-proto/{xcb-proto_1.14.bb => xcb-proto_1.14.1.bb} (84%) -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#149915): https://lists.openembedded.org/g/openembedded-core/message/149915 Mute This Topic: https://lists.openembedded.org/mt/81591564/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [gatesgarth][PATCH 00/25] pull request
On Fri, 2021-02-05 at 09:33 +0800, Anuj Mittal wrote: > Richard Purdie (3): > gobject-introspection: Fix variable override order > pseudo: Update to include passwd and file renaming fixes > image_types: Ensure tar archives are reproducible I merged this apart from the image_types one from me above since there is a fix for it in master which probably needs to go with it. Could you include the fix along with it in the next pull request please? Thanks, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147712): https://lists.openembedded.org/g/openembedded-core/message/147712 Mute This Topic: https://lists.openembedded.org/mt/80396504/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [gatesgarth][PATCH 00/25] pull request
Please merge these changes in gatesgarth. Thanks, Anuj The following changes since commit 4e8022635fc8543d135fed3091a9f555899d1b3c: linuxloader: Avoid confusing string concat errors (2021-01-27 09:32:36 +) are available in the Git repository at: git://push.openembedded.org/openembedded-core-contrib stable/gatesgarth-next Anuj Mittal (3): python3: fix CVE-2021-3177 sudo: fix CVE-2021-23239 gstreamer1.0: fix failing ptest Dorinda (2): sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS sanity.bbclass: sanity check for if bitbake is present in PATH Lee Chee Yang (4): gdk-pixbuf: fix CVE-2020-29385 p11-kit: upgrade 0.23.21 -> 0.23.22 cve-check: replace Looseversion with custom version class cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning Oleksiy Obitotskyy (1): dtc: improve reproducibility Ovidiu Panait (1): timezone: upgrade to 2021a Peter Bergin (1): buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable Richard Purdie (3): gobject-introspection: Fix variable override order pseudo: Update to include passwd and file renaming fixes image_types: Ensure tar archives are reproducible Ross Burton (2): core-image-sato-sdk-ptest: these images need ptest ovmf-shell-image: image is only buildable on x86-64 Tomasz Dziendzielski (5): externalsrc: Fix parsing error with devtool non-git sources devtool: Fix file:// fetcher symlink directory structure externalsrc: Detect code changes in submodules lib/oe/patch.py: Don't return command stderr from runcmd function python3: Use addtask statement instead of task dependencies Yi Fan Yu (2): oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event strace: increase ptest timeout duration 120->240s zhengruoqin (1): ca-certificates: upgrade 20200601 -> 20210119 meta/classes/buildhistory.bbclass | 2 +- meta/classes/cve-check.bbclass| 14 +- meta/classes/externalsrc.bbclass | 16 +- meta/classes/image_types.bbclass | 2 +- meta/classes/sanity.bbclass | 12 ++ meta/lib/oe/cve_check.py | 60 ++ meta/lib/oe/patch.py | 14 +- meta/lib/oeqa/selftest/cases/cve_check.py | 36 meta/lib/oeqa/selftest/cases/tinfoil.py | 6 +- meta/recipes-core/ovmf/ovmf-shell-image.bb| 1 + meta/recipes-devtools/pseudo/pseudo_git.bb| 2 +- .../python/python3/CVE-2021-3177.patch| 191 ++ meta/recipes-devtools/python/python3_3.8.5.bb | 6 +- meta/recipes-devtools/strace/strace/run-ptest | 2 +- .../sudo/files/CVE-2021-23239.patch | 62 ++ meta/recipes-extended/sudo/sudo_1.9.3.bb | 1 + meta/recipes-extended/timezone/timezone.inc | 6 +- .../gdk-pixbuf/CVE-2020-29385.patch | 55 + .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 + .../gobject-introspection_1.64.1.bb | 4 +- meta/recipes-kernel/dtc/dtc.inc | 2 + ...-Makefile-to-add-CFLAGS-not-override.patch | 36 ...-use-too-strict-timeout-for-validati.patch | 32 +++ .../gstreamer/gstreamer1.0_1.16.3.bb | 1 + .../images/core-image-sato-ptest-fast.bb | 3 + .../images/core-image-sato-sdk-ptest.bb | 3 + .../0001-certdata2pem.py-use-python3.patch| 37 ...0200601.bb => ca-certificates_20210119.bb} | 3 +- ...{p11-kit_0.23.21.bb => p11-kit_0.23.22.bb} | 7 +- scripts/lib/devtool/standard.py | 6 +- 30 files changed, 554 insertions(+), 69 deletions(-) create mode 100644 meta/lib/oe/cve_check.py create mode 100644 meta/lib/oeqa/selftest/cases/cve_check.py create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch create mode 100644 meta/recipes-extended/sudo/files/CVE-2021-23239.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2020-29385.patch create mode 100644 meta/recipes-kernel/dtc/dtc/0001-dtc-Fix-Makefile-to-add-CFLAGS-not-override.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0001-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch rename meta/recipes-support/ca-certificates/{ca-certificates_20200601.bb => ca-certificates_20210119.bb} (96%) rename meta/recipes-support/p11-kit/{p11-kit_0.23.21.bb => p11-kit_0.23.22.bb} (75%) -- 2.29.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147671): https://lists.openembedded.org/g/openembedded-core/message/147671 Mute This Topic: https://lists.openembedded.org/mt/80396504/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-