Please review this set of changes for dunfell and have comments back by end of day Tuesday, August 15.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730 with the exception of qemuppc-alt, which failed due to out of disk space errors on the debian-11-ty-1 worker: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969 The qemuppc-alt build passed on subsequent re-test on a worker without disk space issues: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972 The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99: build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Abdellatif El Khlifi (1): kernel: skip installing fitImage when using Initramfs bundles Bruce Ashfield (3): linux-yocto/5.4: update to v5.4.249 linux-yocto/5.4: update to v5.4.250 linux-yocto/5.4: update to v5.4.251 Dhairya Nagodra (2): dmidecode 3.2: Fix CVE-2023-30630 harfbuzz: Resolve backported commit bug. Emily Vekariya (1): qemu: CVE-ID correction for CVE-2020-35505 Hitendra Prajapati (3): ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI tiff: fix multiple CVEs tiff: fix multiple CVEs Marek Vasut (1): linux-firmware: Fix mediatek mt7601u firmware path Peter Marko (6): python3: ignore CVE-2023-36632 libjpeg-turbo: patch CVE-2023-2804 libarchive: ignore CVE-2023-30571 libpcre2: patch CVE-2022-41409 procps: patch CVE-2023-4016 openssl: Upgrade 1.1.1t -> 1.1.1v Vijay Anusuri (1): ghostscript: backport fix for CVE-2023-38559 Vivek Kumbhar (2): go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Yuta Hayama (2): cve-update-nvd2-native: always pass str for json.loads() systemd-systemctl: fix errors in instance name expansion meta/classes/kernel.bbclass | 20 +- ...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++ .../openssl/openssl/CVE-2023-0464.patch | 226 ----------------- .../openssl/openssl/CVE-2023-0465.patch | 60 ----- .../openssl/openssl/CVE-2023-0466.patch | 82 ------ .../openssl/openssl/CVE-2023-2650.patch | 122 --------- .../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +- .../meta/cve-update-nvd2-native.bb | 2 +- .../systemd/systemd-systemctl/systemctl | 2 +- .../CVE-2023-30630-dependent_p1.patch | 236 ++++++++++++++++++ .../CVE-2023-30630-dependent_p2.patch | 198 +++++++++++++++ .../dmidecode/dmidecode/CVE-2023-30630.patch | 62 +++++ .../dmidecode/dmidecode_3.2.bb | 3 + meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-29406.patch | 212 ++++++++++++++++ .../recipes-devtools/python/python3_3.8.17.bb | 2 + meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-35505.patch | 11 +- .../qemu/qemu/CVE-2023-3354.patch | 87 +++++++ .../ruby/ruby/CVE-2021-33621.patch | 139 +++++++++++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + ...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++ .../ghostscript/ghostscript_9.52.bb | 1 + .../libarchive/libarchive_3.4.2.bb | 3 + .../procps/procps/CVE-2023-4016.patch | 85 +++++++ meta/recipes-extended/procps/procps_3.3.16.bb | 1 + .../harfbuzz/harfbuzz/CVE-2023-25193.patch | 16 +- .../jpeg/files/CVE-2023-2804-1.patch | 97 +++++++ .../jpeg/files/CVE-2023-2804-2.patch | 75 ++++++ .../jpeg/libjpeg-turbo_2.0.4.bb | 2 + .../linux-firmware/linux-firmware_20230515.bb | 2 +- .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../libtiff/files/CVE-2023-25433.patch | 173 +++++++++++++ .../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++++++ .../libtiff/files/CVE-2023-26965.patch | 90 +++++++ .../libtiff/files/CVE-2023-26966.patch | 35 +++ .../libtiff/files/CVE-2023-2908.patch | 33 +++ .../libtiff/files/CVE-2023-3316.patch | 59 +++++ .../libtiff/files/CVE-2023-3618-1.patch | 34 +++ .../libtiff/files/CVE-2023-3618-2.patch | 47 ++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 + .../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++++++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + 45 files changed, 1977 insertions(+), 531 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch rename meta/recipes-connectivity/openssl/{openssl_1.1.1t.bb => openssl_1.1.1v.bb} (96%) create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434-CVE-2023-25435.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185891): https://lists.openembedded.org/g/openembedded-core/message/185891 Mute This Topic: https://lists.openembedded.org/mt/100725522/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-