Please review this set of patches for dunfell and have comments back by end of day Tuesday.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5239 The following changes since commit d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c: go: fix CVE-2023-24537 Infinite loop in parsing (2023-04-21 04:15:45 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Christoph Lauer (1): populate_sdk_base: add zip options Nikhil R (1): openssl: Fix CVE-2023-0464 Omkar Patil (2): openssl: Fix CVE-2023-0465 openssl: Fix CVE-2023-0466 Shubham Kulkarni (1): go: Ignore CVE-2022-1705 Vijay Anusuri (2): sudo: Security fix for CVE-2023-28486 and CVE-2023-28487 curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536 Virendra Thakur (1): qemu: Whitelist CVE-2023-0664 Vivek Kumbhar (1): go: fix CVE-2023-24534 denial of service from excessive memory allocation meta/classes/populate_sdk_base.bbclass | 4 +- .../openssl/openssl/CVE-2023-0464.patch | 226 ++++++ .../openssl/openssl/CVE-2023-0465.patch | 60 ++ .../openssl/openssl/CVE-2023-0466.patch | 82 +++ .../openssl/openssl_1.1.1t.bb | 3 + meta/recipes-devtools/go/go-1.14.inc | 4 + .../go/go-1.14/CVE-2023-24534.patch | 200 ++++++ meta/recipes-devtools/qemu/qemu.inc | 5 + .../CVE-2023-28486_CVE-2023-28487-1.patch | 646 ++++++++++++++++++ .../CVE-2023-28486_CVE-2023-28487-2.patch | 26 + meta/recipes-extended/sudo/sudo_1.8.32.bb | 2 + .../curl/curl/CVE-2023-27533.patch | 59 ++ .../curl/curl/CVE-2023-27535-pre1.patch | 236 +++++++ .../curl/curl/CVE-2023-27535.patch | 170 +++++ .../curl/curl/CVE-2023-27536.patch | 55 ++ meta/recipes-support/curl/curl_7.69.1.bb | 4 + 16 files changed, 1781 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24534.patch create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-1.patch create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180572): https://lists.openembedded.org/g/openembedded-core/message/180572 Mute This Topic: https://lists.openembedded.org/mt/98596884/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
