[OE-core][dunfell 00/10] Patch review

Steve Sakoman Tue, 17 Oct 2023 11:42:43 -0700

Please review this set of changes for dunfell and have comments back by
end of day Thursday, October 19


Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6058

with the exception of a reproducibility issue for the vim-common package
where we have:

"Content-Type:·text/plain;·charset=CP1251\n"

in the A build and:

"Content-Type:·text/plain;·charset=cp1251\n"

in the B build.

Dunfell autobuilder builds are currently using an older buildtools tarball
which is missing:

https://git.yoctoproject.org/poky/commit/?id=a2f1791f8d0118f44cf752341c4793d656a54a94

I'm sending a patch to the list to update dunfell to the latest buildtools 
tarball

The following changes since commit 0e167ef0eb7ac62ddb991ce80c27882863d8ee7c:

  cpio: Replace fix wrong CRC with ASCII CRC for large files with upstream 
backport (2023-10-09 07:30:51 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Marek Vasut (2):
  libtiff: Add fix for tiffcrop CVE-2023-1916
  systemd: Backport systemd-resolved: use hostname for certificate
    validation in DoT

Mike Crowe (2):
  curl: Backport fix for CVE-2023-38545
  curl: Backport fix for CVE-2023-38546

Pawan (1):
  libwebp: Update CVE ID CVE-2023-4863

Ryan Eatmon (1):
  kernel.bbclass: Add force flag to rm calls

Siddharth Doshi (4):
  glib-2.0: Fix multiple vulnerabilities
  vim: Upgrade 9.0.1894 -> 9.0.2009
  xorg-lib-common: Add variable to set tarball type
  libxpm: upgrade to 3.5.17

 meta/classes/kernel.bbclass                   |   4 +-
 .../glib-2.0/glib-2.0/CVE-2023-29499.patch    | 290 ++++++++++++
 .../glib-2.0/CVE-2023-32611-0001.patch        |  89 ++++
 .../glib-2.0/CVE-2023-32611-0002.patch        | 255 +++++++++++
 .../glib-2.0/glib-2.0/CVE-2023-32636.patch    |  49 ++
 .../glib-2.0/glib-2.0/CVE-2023-32643.patch    | 154 +++++++
 .../glib-2.0/CVE-2023-32665-0001.patch        | 103 +++++
 .../glib-2.0/CVE-2023-32665-0002.patch        | 210 +++++++++
 .../glib-2.0/CVE-2023-32665-0003.patch        | 417 ++++++++++++++++++
 .../glib-2.0/CVE-2023-32665-0004.patch        | 113 +++++
 .../glib-2.0/CVE-2023-32665-0005.patch        |  80 ++++
 .../glib-2.0/CVE-2023-32665-0006.patch        | 396 +++++++++++++++++
 .../glib-2.0/CVE-2023-32665-0007.patch        |  49 ++
 .../glib-2.0/CVE-2023-32665-0008.patch        | 394 +++++++++++++++++
 .../glib-2.0/CVE-2023-32665-0009.patch        |  97 ++++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |  14 +
 .../systemd/systemd/CVE-2018-21029.patch      | 120 +++++
 meta/recipes-core/systemd/systemd_244.5.bb    |   1 +
 .../xorg-lib/libxpm/CVE-2022-46285.patch      |  40 --
 .../{libxpm_3.5.13.bb => libxpm_3.5.17.bb}    |   9 +-
 .../xorg-lib/xorg-lib-common.inc              |   3 +-
 .../libtiff/files/CVE-2023-1916.patch         |  91 ++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 .../webp/files/CVE-2023-5129.patch            |   9 +-
 .../curl/curl/CVE-2023-38545.patch            | 148 +++++++
 .../curl/curl/CVE-2023-38546.patch            | 132 ++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   2 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 28 files changed, 3223 insertions(+), 51 deletions(-)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-29499.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0002.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32636.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32643.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0001.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0002.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0003.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0004.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0005.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0006.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0007.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0008.patch
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32665-0009.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2018-21029.patch
 delete mode 100644 meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch
 rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.13.bb => libxpm_3.5.17.bb} 
(68%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-1916.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch

-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189351): 
https://lists.openembedded.org/g/openembedded-core/message/189351
Mute This Topic: https://lists.openembedded.org/mt/102024328/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 00/10] Patch review

Reply via email to