Please review this set of changes for kirkstone and have comments back by end of day Friday, September 29
Passed a-full on autobuilder (other than a known send-qa-email issue): https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5956 The following changes since commit d90e4d5e3cca9cffe8f60841afc63667a9ac39fa: build-appliance-image: Update to kirkstone head revision (2023-09-24 10:53:54 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Archana Polampalli (4): ghostscript: fix CVE-2023-43115 gstreamer1.0-plugins-bad: fix CVE-2023-40474 gstreamer1.0-plugins-bad: fix CVE-2023-40475 gstreamer1.0-plugins-bad: fix CVE-2023-40476 Colin McAllister (1): libwebp: Fix CVE-2023-5129 Jaeyoon Jung (1): cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Lee Chee Yang (2): cups: Fix CVE-2023-4504 bind: update to 9.18.19 Meenali Gupta (1): ruby: fix CVE-2023-36617 Narpat Mali (1): python3-git: upgrade 3.1.32 -> 3.1.37 Peter Marko (1): openssl: Upgrade 3.0.10 -> 3.0.11 Ross Burton (2): linux-yocto: update CVE exclusions xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific Ryan Eatmon (1): kernel.bbclass: Add force flag to rm calls Siddharth Doshi (1): go: Fix CVE-2023-39318 Soumya Sambu (1): shadow: Fix CVE-2023-4641 Yogita Urade (1): webkitgtk: fix CVE-2023-32439 meta/classes/cml1.bbclass | 2 +- meta/classes/kernel.bbclass | 4 +- ...1-avoid-start-failure-with-bind-user.patch | 0 ...d-V-and-start-log-hide-build-options.patch | 0 ...ching-for-json-headers-searches-sysr.patch | 0 .../bind/{bind-9.18.17 => bind}/bind9 | 0 .../bind/{bind-9.18.17 => bind}/conf.patch | 0 .../generate-rndc-key.sh | 0 ...t.d-add-support-for-read-only-rootfs.patch | 0 .../make-etc-initd-bind-stop-work.patch | 0 .../bind/{bind-9.18.17 => bind}/named.service | 0 .../bind/{bind_9.18.17.bb => bind_9.18.19.bb} | 2 +- .../{openssl_3.0.10.bb => openssl_3.0.11.bb} | 2 +- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.21/CVE-2023-39318.patch | 238 + ...n3-git_3.1.32.bb => python3-git_3.1.37.bb} | 4 +- .../ruby/ruby/CVE-2023-36617_1.patch | 52 + .../ruby/ruby/CVE-2023-36617_2.patch | 47 + meta/recipes-devtools/ruby/ruby_3.1.3.bb | 2 + meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2023-4504.patch | 42 + .../ghostscript/CVE-2023-43115.patch | 62 + .../ghostscript/ghostscript_9.55.0.bb | 1 + .../shadow/files/CVE-2023-4641-0001.patch | 36 + .../shadow/files/CVE-2023-4641-0002.patch | 147 + meta/recipes-extended/shadow/shadow.inc | 2 + .../xorg-xserver/xserver-xorg.inc | 2 + .../linux/cve-exclusion_5.10.inc | 7255 +++++++++++++++++ .../linux/cve-exclusion_5.15.inc | 151 +- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 1 + .../CVE-2023-40474.patch | 118 + .../CVE-2023-40475.patch | 49 + .../CVE-2023-40476.patch | 44 + .../gstreamer1.0-plugins-bad_1.20.7.bb | 3 + .../webp/files/CVE-2023-5129.patch | 364 + meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 + .../webkit/webkitgtk/CVE-2023-32439.patch | 127 + meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 + 38 files changed, 8719 insertions(+), 42 deletions(-) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-avoid-start-failure-with-bind-user.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/bind9 (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/conf.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/generate-rndc-key.sh (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/init.d-add-support-for-read-only-rootfs.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/make-etc-initd-bind-stop-work.patch (100%) rename meta/recipes-connectivity/bind/{bind-9.18.17 => bind}/named.service (100%) rename meta/recipes-connectivity/bind/{bind_9.18.17.bb => bind_9.18.19.bb} (97%) rename meta/recipes-connectivity/openssl/{openssl_3.0.10.bb => openssl_3.0.11.bb} (99%) create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-39318.patch rename meta/recipes-devtools/python/{python3-git_3.1.32.bb => python3-git_3.1.37.bb} (86%) create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641-0002.patch create mode 100644 meta/recipes-kernel/linux/cve-exclusion_5.10.inc create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40474.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40475.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-40476.patch create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-32439.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188350): https://lists.openembedded.org/g/openembedded-core/message/188350 Mute This Topic: https://lists.openembedded.org/mt/101631313/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
