* [OE-core][dunfell 00/25] Pull request (cover letter only)
@ 2021-09-28 23:24 Steve Sakoman
0 siblings, 0 replies; 8+ messages in thread
From: Steve Sakoman @ 2021-09-28 23:24 UTC (permalink / raw)
To: openembedded-core
The following changes since commit c7d2281eb6cda9c1637c20b3540b142073bca235:
build-appliance-image: Update to dunfell head revision (2021-09-15 18:34:19 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Alexander Kanavin (2):
wic: keep rootfs_size as integer
testimage: symlink the task log and qemu console log to tmp/log/oeqa
Armin Kuster (9):
libgcrypt: Security fix CVE-2021-33560
apr: Security fix for CVE-2021-35940
libsndfile: Security fix for CVE-2021-3246
qemu: Security fix CVE-2020-12829
qemu: Security fix for CVE-2020-27617
qemu: Security fix for CVE-2020-28916
nettle: Security fix for CVE-2021-3580
nettle: Security fix for CVE-2021-20305
tar: ignore node-tar CVEs
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.143
linux-yocto/5.4: update to v5.4.144
Jon Mason (2):
Update mailing list address
core-image-sato: Fix runqemu error for qemuarmv5
Kai Kang (1):
squashfs-tools: fix CVE-2021-40153
Mike Crowe (1):
curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945
Ranjitsinh Rathod (1):
rpm: Handle proper return value to avoid major issues
Richard Purdie (3):
vim: Backport fix for CVE-2021-3770
useradd: Ensure preinst data is expanded correctly in pkgdata
bash: Ensure deterministic build
Ross Burton (1):
libsoup-2.4: remove obsolete intltool dependency
Sakib Sajal (1):
qemu: fix CVE-2021-3682
Steve Sakoman (1):
connman: add CVE_PRODUCT
Visa Hankala (1):
iputils: Fix regression of arp table update
meta/classes/testimage.bbclass | 12 +-
meta/classes/useradd.bbclass | 4 +
meta/conf/distro/include/maintainers.inc | 2 +-
meta/recipes-connectivity/connman/connman.inc | 2 +
.../ldconfig-native-2.12.1/ldconfig.patch | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 8 +
.../qemu/qemu/CVE-2020-12829_1.patch | 164 ++++++++
.../qemu/qemu/CVE-2020-12829_2.patch | 139 +++++++
.../qemu/qemu/CVE-2020-12829_3.patch | 47 +++
.../qemu/qemu/CVE-2020-12829_4.patch | 100 +++++
.../qemu/qemu/CVE-2020-12829_5.patch | 266 +++++++++++++
.../qemu/qemu/CVE-2020-27617.patch | 49 +++
.../qemu/qemu/CVE-2020-28916.patch | 48 +++
.../qemu/qemu/CVE-2021-3682.patch | 41 ++
...rict-virtual-memory-usage-if-limit-s.patch | 25 +-
.../squashfs-tools/files/CVE-2021-40153.patch | 253 +++++++++++++
.../squashfs-tools/squashfs-tools_git.bb | 1 +
meta/recipes-extended/bash/bash.inc | 5 +
...ng-make-update-neighbours-work-again.patch | 79 ++++
.../iputils/iputils_s20190709.bb | 1 +
meta/recipes-extended/tar/tar_1.32.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../libsndfile1/CVE-2021-3246_1.patch | 36 ++
.../libsndfile1/CVE-2021-3246_2.patch | 44 +++
.../libsndfile/libsndfile1_1.0.28.bb | 2 +
meta/recipes-sato/images/core-image-sato.bb | 1 +
.../apr/apr/CVE-2021-35940.patch | 58 +++
meta/recipes-support/apr/apr_1.7.0.bb | 1 +
.../curl/curl/CVE-2021-22946-pre1.patch | 86 +++++
.../curl/curl/CVE-2021-22946.patch | 328 ++++++++++++++++
.../curl/curl/CVE-2021-22947.patch | 352 ++++++++++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 5 +-
.../libgcrypt/files/CVE-2021-33560.patch | 109 ++++++
.../libgcrypt/libgcrypt_1.8.5.bb | 1 +
.../libsoup/libsoup-2.4_2.68.4.bb | 2 +-
.../nettle-3.5.1/CVE-2021-20305-1.patch | 215 +++++++++++
.../nettle-3.5.1/CVE-2021-20305-2.patch | 53 +++
.../nettle-3.5.1/CVE-2021-20305-3.patch | 122 ++++++
.../nettle-3.5.1/CVE-2021-20305-4.patch | 48 +++
.../nettle-3.5.1/CVE-2021-20305-5.patch | 53 +++
.../nettle/nettle-3.5.1/CVE-2021-3580_1.patch | 277 ++++++++++++++
.../nettle/nettle-3.5.1/CVE-2021-3580_2.patch | 163 ++++++++
meta/recipes-support/nettle/nettle_3.5.1.bb | 7 +
...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 ++++++++++
meta/recipes-support/vim/vim.inc | 2 +
scripts/lib/wic/partition.py | 2 +-
48 files changed, 3423 insertions(+), 36 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_5.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch
create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
create mode 100644 meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch
create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22946.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22947.patch
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-2.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-4.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-5.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch
create mode 100644 meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_2.patch
create mode 100644 meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [OE-core][dunfell 00/25] Pull request (cover letter only)
@ 2021-12-02 15:20 Steve Sakoman
0 siblings, 0 replies; 8+ messages in thread
From: Steve Sakoman @ 2021-12-02 15:20 UTC (permalink / raw)
To: openembedded-core
After some discussion with Richard on #yocto irc we've decided to drop the patch
status updates from this series.
The following changes since commit 44b1970c40e9d73f6e63fb10cdc55837a26f5921:
build-appliance-image: Update to dunfell head revision (2021-11-15 15:00:44 +0000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Alexander Kanavin (2):
linux-firmware: upgrade 20210919 -> 20211027
libpcre/libpcre2: correct SRC_URI
Anuj Mittal (1):
glibc-version.inc: remove branch= from GLIBC_GIT_URI
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.154
linux-yocto/5.4: update to v5.4.155
linux-yocto/5.4: update to v5.4.156
linux-yocto/5.4: update to v5.4.158
Claus Stovgaard (1):
cups: Fix missing installation of cups sysv init scripts
Daniel Gomez (1):
os-release: Add DISTRO_CODENAME as vardeps for do_compile
Denys Dmytriyenko (1):
make-mod-scripts: pass CROSS_COMPILE to configure and build
Jon Mason (1):
scripts/lib/wic/help.py: Update Fedora Kickstart URLs
Khem Raj (1):
lrzsz: Use Cross AR during compile
Marta Rybczynska (1):
python3: upgrade 3.8.11 -> 3.8.12
Minjae Kim (1):
git: fix CVE-2021-40330
Peter Bergin (1):
systemd: add packageconfig for wheel-group
Richard Purdie (2):
scripts/oe-package-browser: Handle no packages being built
reproducible_build/package_XXX: Ensure SDE task is in dependency chain
Ross Burton (5):
vim: fix CVE-2021-3796, CVE-2021-3872, and CVE-2021-3875
vim: add patch number to CVE-2021-3778 patch
vim: fix CVE-2021-3927 and CVE-2021-3928
gmp: fix CVE-2021-43618
openssh: remove redundant BSD license
Steve Sakoman (1):
Revert "vim: fix 2021-3796"
Wang Mingyu (1):
openssh: Improve LICENSE to show BSD license variants.
Yi Zhao (1):
oeqa: fix warnings for append operators combined with +=
meta/classes/package_deb.bbclass | 4 +-
meta/classes/package_ipk.bbclass | 3 +-
meta/classes/package_rpm.bbclass | 3 +-
meta/classes/reproducible_build.bbclass | 2 +
meta/lib/oeqa/runtime/cases/ksample.py | 2 +-
meta/lib/oeqa/selftest/cases/imagefeatures.py | 2 +-
...mpilation-using-autoconf-detected-AR.patch | 36 ++++++
meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb | 1 +
.../openssh/openssh_8.2p1.bb | 2 +-
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/os-release/os-release.bb | 4 +-
meta/recipes-core/systemd/systemd_244.5.bb | 2 +
.../git/files/CVE-2021-40330.patch | 108 ++++++++++++++++++
meta/recipes-devtools/git/git.inc | 4 +-
.../{python3_3.8.11.bb => python3_3.8.12.bb} | 4 +-
meta/recipes-extended/cups/cups.inc | 2 +-
...20210919.bb => linux-firmware_20211027.bb} | 4 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 ++--
.../make-mod-scripts/make-mod-scripts_1.0.bb | 2 +-
.../gmp/gmp/cve-2021-43618.patch | 27 +++++
meta/recipes-support/gmp/gmp_6.2.0.bb | 1 +
.../recipes-support/libpcre/libpcre2_10.34.bb | 2 +-
meta/recipes-support/libpcre/libpcre_8.44.bb | 2 +-
...1-reading-character-past-end-of-line.patch | 62 ++++++++++
...28-using-freed-memory-when-replacing.patch | 83 ++++++++++++++
...eading-uninitialized-memory-when-giv.patch | 63 ++++++++++
...llegal-memory-access-if-buffer-name-.patch | 86 ++++++++++++++
...ml_get-error-after-search-with-range.patch | 72 ++++++++++++
...nvalid-memory-access-when-scrolling-.patch | 97 ++++++++++++++++
.../vim/files/CVE-2021-3778.patch | 24 +++-
.../vim/files/CVE-2021-3796.patch | 50 --------
meta/recipes-support/vim/vim.inc | 10 +-
scripts/lib/wic/help.py | 4 +-
scripts/oe-pkgdata-browser | 2 +
36 files changed, 712 insertions(+), 96 deletions(-)
create mode 100644 meta/recipes-bsp/lrzsz/lrzsz-0.12.20/0001-Fix-cross-compilation-using-autoconf-detected-AR.patch
create mode 100644 meta/recipes-devtools/git/files/CVE-2021-40330.patch
rename meta/recipes-devtools/python/{python3_3.8.11.bb => python3_3.8.12.bb} (99%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210919.bb => linux-firmware_20211027.bb} (99%)
create mode 100644 meta/recipes-support/gmp/gmp/cve-2021-43618.patch
create mode 100644 meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
create mode 100644 meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch
create mode 100644 meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch
create mode 100644 meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
create mode 100644 meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch
create mode 100644 meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch
delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3796.patch
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core][dunfell 00/25] Pull request (cover letter only)
2021-05-13 21:11 ` Richard Purdie
@ 2021-05-14 17:20 ` Steve Sakoman
0 siblings, 0 replies; 8+ messages in thread
From: Steve Sakoman @ 2021-05-14 17:20 UTC (permalink / raw)
To: Richard Purdie; +Cc: Patches and discussions about the oe-core layer
On Thu, May 13, 2021 at 11:11 AM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Wed, 2021-05-12 at 04:47 -1000, Steve Sakoman wrote:
> > The following changes since commit 834a8e357bc999a0163e7c5bafbcc1a8816448d4:
> >
> > license_image.bbclass: Fix symlink to generic license files (2021-05-03 04:56:23 -1000)
> >
> > are available in the Git repository at:
> >
> > git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
> > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
> >
> > Alexander Kanavin (5):
> > diffoscope: add native libraries to LD_LIBRARY_PATH
> > Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
> > ovmf: update to 202002
> > ovmf: update to 202005
> > ovmf: update edk2-stable202005 -> edk2-stable202008
> >
> > Anatol Belski (1):
> > tar: Fix CVE-2021-20193
> >
> > Bruce Ashfield (4):
> > linux-yocto/5.4: update to v5.4.114
> > linux-yocto/5.4: update to v5.4.116
> > perf: fix python-audit RDEPENDS
> > make-mod-scripts: add HOSTCXX definitions and gmp-native dependency
> >
> > Christophe Chapuis (1):
> > rootfs.py: find .ko.gz and .ko.xz kernel modules as well
> >
> > Jose Quaresma (1):
> > ptest-runner: libgcc must be installed for pthread_cancel to work
> >
> > Joshua Watt (1):
> > classes/image: Use xargs to set file timestamps
> >
> > Kai Uwe Broulik (1):
> > gstreamer1.0-plugins-good: on wayland qt5 needs qtwayland
> >
> > Khem Raj (1):
> > cml1.bbclass: Return sorted list of cfg files
> >
> > Lee Chee Yang (1):
> > binutils: fix CVE-2021-3487
> >
> > Mark Hatle (1):
> > kernel.bbclass: Remove do_install[prefunc] no longer needed
> >
> > Michael Opdenacker (1):
> > sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure
> > message
> >
> > Richard Purdie (3):
> > yocto-uninative: Update to 3.1 which includes a patchelf fix
> > pybootchart/draw: Avoid divide by zero error
> > oeqa/qemurunner: Improve logging thread exit handling for qemu
> > shutdown test
>
> I merged this branch apart from this last patch above as the author of the
> patch messed up and you'd need the subsequent fixes too ;-) It can come
> together, later.
No problem! I'll include that patch and the subsequent fixes in my
next review set.
Steve
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core][dunfell 00/25] Pull request (cover letter only)
2021-05-12 14:47 Steve Sakoman
@ 2021-05-13 21:11 ` Richard Purdie
2021-05-14 17:20 ` Steve Sakoman
0 siblings, 1 reply; 8+ messages in thread
From: Richard Purdie @ 2021-05-13 21:11 UTC (permalink / raw)
To: Steve Sakoman, openembedded-core
On Wed, 2021-05-12 at 04:47 -1000, Steve Sakoman wrote:
> The following changes since commit 834a8e357bc999a0163e7c5bafbcc1a8816448d4:
>
> license_image.bbclass: Fix symlink to generic license files (2021-05-03 04:56:23 -1000)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
>
> Alexander Kanavin (5):
> diffoscope: add native libraries to LD_LIBRARY_PATH
> Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
> ovmf: update to 202002
> ovmf: update to 202005
> ovmf: update edk2-stable202005 -> edk2-stable202008
>
> Anatol Belski (1):
> tar: Fix CVE-2021-20193
>
> Bruce Ashfield (4):
> linux-yocto/5.4: update to v5.4.114
> linux-yocto/5.4: update to v5.4.116
> perf: fix python-audit RDEPENDS
> make-mod-scripts: add HOSTCXX definitions and gmp-native dependency
>
> Christophe Chapuis (1):
> rootfs.py: find .ko.gz and .ko.xz kernel modules as well
>
> Jose Quaresma (1):
> ptest-runner: libgcc must be installed for pthread_cancel to work
>
> Joshua Watt (1):
> classes/image: Use xargs to set file timestamps
>
> Kai Uwe Broulik (1):
> gstreamer1.0-plugins-good: on wayland qt5 needs qtwayland
>
> Khem Raj (1):
> cml1.bbclass: Return sorted list of cfg files
>
> Lee Chee Yang (1):
> binutils: fix CVE-2021-3487
>
> Mark Hatle (1):
> kernel.bbclass: Remove do_install[prefunc] no longer needed
>
> Michael Opdenacker (1):
> sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure
> message
>
> Richard Purdie (3):
> yocto-uninative: Update to 3.1 which includes a patchelf fix
> pybootchart/draw: Avoid divide by zero error
> oeqa/qemurunner: Improve logging thread exit handling for qemu
> shutdown test
I merged this branch apart from this last patch above as the author of the
patch messed up and you'd need the subsequent fixes too ;-) It can come
together, later.
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* [OE-core][dunfell 00/25] Pull request (cover letter only)
@ 2021-05-12 14:47 Steve Sakoman
2021-05-13 21:11 ` Richard Purdie
0 siblings, 1 reply; 8+ messages in thread
From: Steve Sakoman @ 2021-05-12 14:47 UTC (permalink / raw)
To: openembedded-core
The following changes since commit 834a8e357bc999a0163e7c5bafbcc1a8816448d4:
license_image.bbclass: Fix symlink to generic license files (2021-05-03 04:56:23 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Alexander Kanavin (5):
diffoscope: add native libraries to LD_LIBRARY_PATH
Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
ovmf: update to 202002
ovmf: update to 202005
ovmf: update edk2-stable202005 -> edk2-stable202008
Anatol Belski (1):
tar: Fix CVE-2021-20193
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.114
linux-yocto/5.4: update to v5.4.116
perf: fix python-audit RDEPENDS
make-mod-scripts: add HOSTCXX definitions and gmp-native dependency
Christophe Chapuis (1):
rootfs.py: find .ko.gz and .ko.xz kernel modules as well
Jose Quaresma (1):
ptest-runner: libgcc must be installed for pthread_cancel to work
Joshua Watt (1):
classes/image: Use xargs to set file timestamps
Kai Uwe Broulik (1):
gstreamer1.0-plugins-good: on wayland qt5 needs qtwayland
Khem Raj (1):
cml1.bbclass: Return sorted list of cfg files
Lee Chee Yang (1):
binutils: fix CVE-2021-3487
Mark Hatle (1):
kernel.bbclass: Remove do_install[prefunc] no longer needed
Michael Opdenacker (1):
sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure
message
Richard Purdie (3):
yocto-uninative: Update to 3.1 which includes a patchelf fix
pybootchart/draw: Avoid divide by zero error
oeqa/qemurunner: Improve logging thread exit handling for qemu
shutdown test
Steve Sakoman (2):
lib/package_manager: Use shutil.copy instead of bb.utils.copyfile for
intercepts
reproducible.py: add quilt-ptest and valgrind-ptest
Yi Fan Yu (1):
libevent: Increase ptest timing tolerance 50 ms -> 100 ms
zhengruoqin (1):
wireless-regdb: upgrade 2020.11.20 -> 2021.04.21
meta/classes/cml1.bbclass | 2 +-
meta/classes/image.bbclass | 2 +-
meta/classes/kernel.bbclass | 1 -
meta/classes/sanity.bbclass | 9 +-
meta/conf/distro/include/yocto-uninative.inc | 8 +-
meta/lib/oe/package_manager.py | 2 +-
meta/lib/oe/rootfs.py | 2 +-
meta/lib/oeqa/selftest/cases/reproducible.py | 2 +
meta/lib/oeqa/selftest/cases/runqemu.py | 9 +-
meta/lib/oeqa/utils/commands.py | 3 -
meta/lib/oeqa/utils/qemurunner.py | 12 +-
...ovmf-update-path-to-native-BaseTools.patch | 6 +-
...ile-adjust-to-build-in-under-bitbake.patch | 32 +++--
.../0003-ovmf-enable-long-path-file.patch | 6 +-
.../ovmf/0004-ovmf-Update-to-latest.patch | 20 +--
meta/recipes-core/ovmf/ovmf_git.bb | 6 +-
.../binutils/binutils-2.34.inc | 1 +
.../binutils/binutils/CVE-2021-3487.patch | 83 +++++++++++
.../tar/tar/CVE-2021-20193.patch | 133 ++++++++++++++++++
meta/recipes-extended/tar/tar_1.32.bb | 1 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +--
.../make-mod-scripts/make-mod-scripts_1.0.bb | 2 +
meta/recipes-kernel/perf/perf.bb | 2 +-
....11.20.bb => wireless-regdb_2021.04.21.bb} | 2 +-
.../gstreamer1.0-plugins-good_1.16.3.bb | 4 +-
.../diffoscope/diffoscope_172.bb | 1 +
...ncrease-default-timeval-tolerance-50.patch | 33 +++++
.../libevent/libevent_2.1.11.bb | 1 +
.../ptest-runner/ptest-runner_2.4.0.bb | 2 +
scripts/pybootchartgui/pybootchartgui/draw.py | 2 +-
32 files changed, 355 insertions(+), 70 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2021-3487.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2021-20193.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2020.11.20.bb => wireless-regdb_2021.04.21.bb} (94%)
create mode 100644 meta/recipes-support/libevent/libevent/0002-test-regress.h-Increase-default-timeval-tolerance-50.patch
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core][dunfell 00/25] Pull request (cover letter only)
2021-01-01 11:57 ` Richard Purdie
@ 2021-01-01 18:01 ` Steve Sakoman
0 siblings, 0 replies; 8+ messages in thread
From: Steve Sakoman @ 2021-01-01 18:01 UTC (permalink / raw)
To: Richard Purdie; +Cc: Patches and discussions about the oe-core layer
On Fri, Jan 1, 2021 at 1:58 AM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Thu, 2020-12-31 at 04:20 -1000, Steve Sakoman wrote:
> > The following changes since commit
> > 02870c7fbaaa1c3869ecb439f5c58fcf40a533be:
> >
> > binutils: fix CVE-2020-16592/16598 (2020-12-14 05:58:27 -1000)
> >
> > are available in the Git repository at:
> >
> > git://git.openembedded.org/openembedded-core-contrib
> > stable/dunfell-next
> >
> > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
>
> I am a bit wary that we're in a holiday period and not many people are
> reviewing things. Most of this is fine but I've deferred the world
> reproducibility patches for now.
OK, not a problem. We can revisit next week.
Steve
> Partly that is due to the holidays and review, its partly as they're
> causing me a lot of pain in master. I note for example you list grub-
> efi but not grub and both are likely affected if one is.
>
> So I've merged without those bits and we can discuss further next week.
>
> Cheers,
>
> Richard
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core][dunfell 00/25] Pull request (cover letter only)
2020-12-31 14:20 Steve Sakoman
@ 2021-01-01 11:57 ` Richard Purdie
2021-01-01 18:01 ` Steve Sakoman
0 siblings, 1 reply; 8+ messages in thread
From: Richard Purdie @ 2021-01-01 11:57 UTC (permalink / raw)
To: Steve Sakoman, openembedded-core
On Thu, 2020-12-31 at 04:20 -1000, Steve Sakoman wrote:
> The following changes since commit
> 02870c7fbaaa1c3869ecb439f5c58fcf40a533be:
>
> binutils: fix CVE-2020-16592/16598 (2020-12-14 05:58:27 -1000)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib
> stable/dunfell-next
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
I am a bit wary that we're in a holiday period and not many people are
reviewing things. Most of this is fine but I've deferred the world
reproducibility patches for now.
Partly that is due to the holidays and review, its partly as they're
causing me a lot of pain in master. I note for example you list grub-
efi but not grub and both are likely affected if one is.
So I've merged without those bits and we can discuss further next week.
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* [OE-core][dunfell 00/25] Pull request (cover letter only)
@ 2020-12-31 14:20 Steve Sakoman
2021-01-01 11:57 ` Richard Purdie
0 siblings, 1 reply; 8+ messages in thread
From: Steve Sakoman @ 2020-12-31 14:20 UTC (permalink / raw)
To: openembedded-core
The following changes since commit 02870c7fbaaa1c3869ecb439f5c58fcf40a533be:
binutils: fix CVE-2020-16592/16598 (2020-12-14 05:58:27 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Alexander Kanavin (2):
selftest/reproducible: enable world reproducibility test
selftest/reproducible: add an exclusion list for items that are not
yet reproducible
Bruce Ashfield (8):
linux-yocto-rt/5.4: update to -rt44
linux-yocto/5.4: update to v5.4.80
linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y'
linux-yocto/5.4: update to v5.4.82
linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT
linux-yocto/5.4: update to v5.4.83
linux-yocto/5.4/cfg: fix -tiny warnings
linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings
Dmitry Baryshkov (2):
linux-firmware: upgrade 20201118 -> 20201218
linux-firmware: package firmware for Lontium lt9611uxc bridge
Richard Purdie (7):
grub: Fix build reproducibility issue
grub: Add second fix for determinism issue
u-boot-tools: Fix reproducibility issue
groff: Fix reproducibility issue
man-db: Avoid reproducibility failures after fixing groff-native
cups: Mark CVE-2009-0032 as a non-issue
cups: Mark CVE-2008-1033 as a non-issue
Robert Joslyn (1):
openssl: Update to 1.1.1i
Ross Burton (1):
kernel: set COMPATIBLE_HOST to *-linux
Steve Sakoman (3):
selftest/reproducible: add packages to exclusion list for dunfell
oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call
cups: whitelist CVE-2018-6553
zangrc (1):
bash: Rename patch name
meta/classes/kernel.bbclass | 2 +
meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
meta/lib/oeqa/selftest/cases/reproducible.py | 96 ++++++++++++++++++-
meta/recipes-bsp/grub/files/determinism.patch | 40 ++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
meta/recipes-bsp/u-boot/u-boot-tools.inc | 15 +++
.../{openssl_1.1.1g.bb => openssl_1.1.1i.bb} | 2 +-
...-2019-18276.patch => CVE-2019-18276.patch} | 0
meta/recipes-extended/bash/bash_5.0.bb | 2 +-
meta/recipes-extended/cups/cups.inc | 7 ++
meta/recipes-extended/groff/groff_1.22.4.bb | 2 +-
meta/recipes-extended/man-db/man-db_2.9.0.bb | 5 +
...20201118.bb => linux-firmware_20201218.bb} | 14 ++-
meta/recipes-kernel/linux/linux-dummy.bb | 2 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 ++---
17 files changed, 197 insertions(+), 29 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/determinism.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1g.bb => openssl_1.1.1i.bb} (98%)
rename meta/recipes-extended/bash/bash/{bash-CVE-2019-18276.patch => CVE-2019-18276.patch} (100%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20201118.bb => linux-firmware_20201218.bb} (98%)
--
2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-12-02 15:20 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 23:24 [OE-core][dunfell 00/25] Pull request (cover letter only) Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2021-12-02 15:20 Steve Sakoman
2021-05-12 14:47 Steve Sakoman
2021-05-13 21:11 ` Richard Purdie
2021-05-14 17:20 ` Steve Sakoman
2020-12-31 14:20 Steve Sakoman
2021-01-01 11:57 ` Richard Purdie
2021-01-01 18:01 ` Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.