* [OE-core][dunfell 0/4] Patch review
@ 2022-05-25 14:36 Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 1/4] pcre2: CVE-2022-1586 Out-of-bounds read Steve Sakoman
` (3 more replies)
0 siblings, 4 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3702
The following changes since commit 665f981fccbb09d51349c4bd4cfe4ca91001e3bd:
cve-check: Fix report generation (2022-05-18 05:41:41 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
mobile-broadband-provider-info: upgrade 20220315 -> 20220511
Hitendra Prajapati (1):
pcre2: CVE-2022-1586 Out-of-bounds read
Minjae Kim (1):
libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES
Ross Burton (1):
oeqa/selftest/cve_check: add tests for recipe and image reports
meta/lib/oeqa/selftest/cases/cve_check.py | 77 ++++++++++++++++++-
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-graphics/drm/libdrm_2.4.101.bb | 6 ++
.../libpcre/libpcre2/CVE-2022-1586.patch | 59 ++++++++++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
5 files changed, 144 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
--
2.25.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 1/4] pcre2: CVE-2022-1586 Out-of-bounds read
2022-05-25 14:36 [OE-core][dunfell 0/4] Patch review Steve Sakoman
@ 2022-05-25 14:36 ` Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 2/4] mobile-broadband-provider-info: upgrade 20220315 -> 20220511 Steve Sakoman
` (2 subsequent siblings)
3 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:36 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://github.com/PCRE2Project/pcre2
MR: 118027
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713
Description:
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libpcre/libpcre2/CVE-2022-1586.patch | 59 +++++++++++++++++++
.../recipes-support/libpcre/libpcre2_10.34.bb | 1 +
2 files changed, 60 insertions(+)
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
new file mode 100644
index 0000000000..fbbbc9ca77
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
@@ -0,0 +1,59 @@
+From 233c4248550d0c1d9bfee42198d5ee0855b7d413 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 23 May 2022 13:52:39 +0530
+Subject: [PATCH] CVE-2022-1586
+
+Upstream-Status: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ ChangeLog | 3 +++
+ src/pcre2_jit_compile.c | 2 +-
+ src/pcre2_jit_test.c | 4 ++++
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 0926c29..b5d72dc 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ Change Log for PCRE2
+ --------------------
+
++23. Fixed a unicode properrty matching issue in JIT. The character was not
++fully read in caseless matching.
++
+
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index f564127..5d43865 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7119,7 +7119,7 @@ while (*cc != XCL_END)
+ {
+ SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
+ cc++;
+- if (*cc == PT_CLIST)
++ if (*cc == PT_CLIST && *cc == XCL_PROP)
+ {
+ other_cases = PRIV(ucd_caseless_sets) + cc[1];
+ while (*other_cases != NOTACHAR)
+diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c
+index a9b3880..9df87fd 100644
+--- a/src/pcre2_jit_test.c
++++ b/src/pcre2_jit_test.c
+@@ -408,6 +408,10 @@ static struct regression_test_case regression_test_cases[] = {
+ { MUP, A, 0, 0 | F_PROPERTY, "[\xc3\xa2-\xc3\xa6\xc3\x81-\xc3\x84\xe2\x80\xa8-\xe2\x80\xa9\xe6\x92\xad\\p{Zs}]{2,}", "\xe2\x80\xa7\xe2\x80\xa9\xe6\x92\xad \xe6\x92\xae" },
+ { MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" },
+ { PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB baaa" },
++ { MUP, 0, 0, 0 | F_NOMATCH, "[^\\p{Hangul}\\p{Z}]", " " },
++ { MUP, 0, 0, 0, "[\\p{Lu}\\P{Latin}]+", "c\xEA\xA4\xAE,A,b" },
++ { MUP, 0, 0, 0, "[\\x{a92e}\\p{Lu}\\P{Latin}]+", "c\xEA\xA4\xAE,A,b" },
++ { CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" },
+
+ /* Possible empty brackets. */
+ { MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" },
+--
+2.25.1
+
diff --git a/meta/recipes-support/libpcre/libpcre2_10.34.bb b/meta/recipes-support/libpcre/libpcre2_10.34.bb
index f2c36944d8..213b946a54 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.34.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.34.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
+ file://CVE-2022-1586.patch \
"
SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366"
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 2/4] mobile-broadband-provider-info: upgrade 20220315 -> 20220511
2022-05-25 14:36 [OE-core][dunfell 0/4] Patch review Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 1/4] pcre2: CVE-2022-1586 Out-of-bounds read Steve Sakoman
@ 2022-05-25 14:36 ` Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 3/4] oeqa/selftest/cve_check: add tests for recipe and image reports Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES Steve Sakoman
3 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:36 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f14c8094e7a049ac1b04c45b76855d0503559932)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../mobile-broadband-provider-info_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 781b9216c5..e6f216e5cb 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,8 +5,8 @@ SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "4cbb44a9fe26aa6f0b28beb79f9488b37c097b5e"
-PV = "20220315"
+SRCREV = "3d5c8d0f7e0264768a2c000d0fd4b4d4a991e041"
+PV = "20220511"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 3/4] oeqa/selftest/cve_check: add tests for recipe and image reports
2022-05-25 14:36 [OE-core][dunfell 0/4] Patch review Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 1/4] pcre2: CVE-2022-1586 Out-of-bounds read Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 2/4] mobile-broadband-provider-info: upgrade 20220315 -> 20220511 Steve Sakoman
@ 2022-05-25 14:36 ` Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES Steve Sakoman
3 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:36 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Add a test to verify that the JSON reports are generated correctly for
both single recipe builds and image builds.
More tests are needed, but this is better than nothing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df0f35555b09c4bc75470eb45ec9c74e6587d460)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/cve_check.py | 77 ++++++++++++++++++++++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index d1947baffc..2f26f606d7 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -1,9 +1,13 @@
-from oe.cve_check import Version
+import json
+import os
from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake, get_bb_vars
class CVECheck(OESelftestTestCase):
def test_version_compare(self):
+ from oe.cve_check import Version
+
result = Version("100") > Version("99")
self.assertTrue( result, msg="Failed to compare version '100' > '99'")
result = Version("2.3.1") > Version("2.2.3")
@@ -42,3 +46,74 @@ class CVECheck(OESelftestTestCase):
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0p2' > '1.0p1'")
result = Version("1.0_patch2","patch") < Version("1.0_patch3","patch")
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+
+
+ def test_recipe_report_json(self):
+ config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+ self.write_config(config)
+
+ vars = get_bb_vars(["CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+ summary_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+ recipe_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], "m4-native_cve.json")
+
+ try:
+ os.remove(summary_json)
+ os.remove(recipe_json)
+ except FileNotFoundError:
+ pass
+
+ bitbake("m4-native -c cve_check")
+
+ def check_m4_json(filename):
+ with open(filename) as f:
+ report = json.load(f)
+ self.assertEqual(report["version"], "1")
+ self.assertEqual(len(report["package"]), 1)
+ package = report["package"][0]
+ self.assertEqual(package["name"], "m4-native")
+ found_cves = { issue["id"]: issue["status"] for issue in package["issue"]}
+ self.assertIn("CVE-2008-1687", found_cves)
+ self.assertEqual(found_cves["CVE-2008-1687"], "Patched")
+
+ self.assertExists(summary_json)
+ check_m4_json(summary_json)
+ self.assertExists(recipe_json)
+ check_m4_json(recipe_json)
+
+
+ def test_image_json(self):
+ config = """
+INHERIT += "cve-check"
+CVE_CHECK_FORMAT_JSON = "1"
+"""
+ self.write_config(config)
+
+ vars = get_bb_vars(["CVE_CHECK_DIR", "CVE_CHECK_SUMMARY_DIR", "CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+ report_json = os.path.join(vars["CVE_CHECK_SUMMARY_DIR"], vars["CVE_CHECK_SUMMARY_FILE_NAME_JSON"])
+ print(report_json)
+ try:
+ os.remove(report_json)
+ except FileNotFoundError:
+ pass
+
+ bitbake("core-image-minimal-initramfs")
+ self.assertExists(report_json)
+
+ # Check that the summary report lists at least one package
+ with open(report_json) as f:
+ report = json.load(f)
+ self.assertEqual(report["version"], "1")
+ self.assertGreater(len(report["package"]), 1)
+
+ # Check that a random recipe wrote a recipe report to deploy/cve/
+ recipename = report["package"][0]["name"]
+ recipe_report = os.path.join(vars["CVE_CHECK_DIR"], recipename + "_cve.json")
+ self.assertExists(recipe_report)
+ with open(recipe_report) as f:
+ report = json.load(f)
+ self.assertEqual(report["version"], "1")
+ self.assertEqual(len(report["package"]), 1)
+ self.assertEqual(report["package"][0]["name"], recipename)
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES
2022-05-25 14:36 [OE-core][dunfell 0/4] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-05-25 14:36 ` [OE-core][dunfell 3/4] oeqa/selftest/cve_check: add tests for recipe and image reports Steve Sakoman
@ 2022-05-25 14:36 ` Steve Sakoman
2022-05-25 14:41 ` Martin Jansa
2022-05-26 9:38 ` [dunfell " Minjae Kim
3 siblings, 2 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:36 UTC (permalink / raw)
To: openembedded-core
From: Minjae Kim <flowergom@gmail.com>
The libdrm-{nouveau,radeon,intel} are generated by libdrm recipe.
To use these libraries as a dependency in another component,
It should be explicitly added as RPROVIDES.
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/drm/libdrm_2.4.101.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-graphics/drm/libdrm_2.4.101.bb b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
index 8ec566faa9..4f3e767af0 100644
--- a/meta/recipes-graphics/drm/libdrm_2.4.101.bb
+++ b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
@@ -57,3 +57,9 @@ FILES_${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids"
FILES_${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*"
BBCLASSEXTEND = "native nativesdk"
+
+RPROVIDES_${PN} += " \
+ libdrm-nouveau \
+ libdrm-radeon \
+ libdrm-intel \
+"
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES
2022-05-25 14:36 ` [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES Steve Sakoman
@ 2022-05-25 14:41 ` Martin Jansa
2022-05-25 14:52 ` Steve Sakoman
2022-05-26 9:38 ` [dunfell " Minjae Kim
1 sibling, 1 reply; 11+ messages in thread
From: Martin Jansa @ 2022-05-25 14:41 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1628 bytes --]
Why should ${PN} rprovide these when they are packaged in separate packages
as ${PN}-nouveau ${PN}-intel ${PN}-radeon?
On Wed, May 25, 2022 at 4:36 PM Steve Sakoman <steve@sakoman.com> wrote:
> From: Minjae Kim <flowergom@gmail.com>
>
> The libdrm-{nouveau,radeon,intel} are generated by libdrm recipe.
> To use these libraries as a dependency in another component,
> It should be explicitly added as RPROVIDES.
>
> Signed-off-by:Minjae Kim <flowergom@gmail.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/recipes-graphics/drm/libdrm_2.4.101.bb | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/meta/recipes-graphics/drm/libdrm_2.4.101.bb
> b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
> index 8ec566faa9..4f3e767af0 100644
> --- a/meta/recipes-graphics/drm/libdrm_2.4.101.bb
> +++ b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
> @@ -57,3 +57,9 @@ FILES_${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.*
> ${datadir}/${PN}/amdgpu.ids"
> FILES_${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*"
>
> BBCLASSEXTEND = "native nativesdk"
> +
> +RPROVIDES_${PN} += " \
> + libdrm-nouveau \
> + libdrm-radeon \
> + libdrm-intel \
> +"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166150):
> https://lists.openembedded.org/g/openembedded-core/message/166150
> Mute This Topic: https://lists.openembedded.org/mt/91334283/3617156
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 3076 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES
2022-05-25 14:41 ` Martin Jansa
@ 2022-05-25 14:52 ` Steve Sakoman
0 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-05-25 14:52 UTC (permalink / raw)
To: Martin Jansa; +Cc: openembedded-core
On Wed, May 25, 2022 at 4:41 AM Martin Jansa <martin.jansa@gmail.com> wrote:
>
> Why should ${PN} rprovide these when they are packaged in separate packages as ${PN}-nouveau ${PN}-intel ${PN}-radeon?
Good question! Sorry I didn't catch this earlier. I'll drop this
patch from the pull request. Thanks for reviewing.
Steve
> On Wed, May 25, 2022 at 4:36 PM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> From: Minjae Kim <flowergom@gmail.com>
>>
>> The libdrm-{nouveau,radeon,intel} are generated by libdrm recipe.
>> To use these libraries as a dependency in another component,
>> It should be explicitly added as RPROVIDES.
>>
>> Signed-off-by:Minjae Kim <flowergom@gmail.com>
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>> meta/recipes-graphics/drm/libdrm_2.4.101.bb | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/meta/recipes-graphics/drm/libdrm_2.4.101.bb b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
>> index 8ec566faa9..4f3e767af0 100644
>> --- a/meta/recipes-graphics/drm/libdrm_2.4.101.bb
>> +++ b/meta/recipes-graphics/drm/libdrm_2.4.101.bb
>> @@ -57,3 +57,9 @@ FILES_${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids"
>> FILES_${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*"
>>
>> BBCLASSEXTEND = "native nativesdk"
>> +
>> +RPROVIDES_${PN} += " \
>> + libdrm-nouveau \
>> + libdrm-radeon \
>> + libdrm-intel \
>> +"
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#166150): https://lists.openembedded.org/g/openembedded-core/message/166150
>> Mute This Topic: https://lists.openembedded.org/mt/91334283/3617156
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Martin.Jansa@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES
2022-05-25 14:36 ` [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES Steve Sakoman
2022-05-25 14:41 ` Martin Jansa
@ 2022-05-26 9:38 ` Minjae Kim
1 sibling, 0 replies; 11+ messages in thread
From: Minjae Kim @ 2022-05-26 9:38 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 369 bytes --]
To these packages( ${PN}-nouveau ${PN}-intel ${PN}-radeon) use as rdepends, these packages will not be installed when just libdrm add.
So I would like to use these packages directly, I added it as RPROVIDES.
In case of installing packages using DNF from binary feed on the target image,
this change can install packages specified by RDEPENDS at the same time.
[-- Attachment #2: Type: text/html, Size: 410 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 0/4] Patch review
@ 2023-04-15 15:33 Steve Sakoman
0 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-04-15 15:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5184
The following changes since commit 4045bf02bbc6e87a05ba689a63c675e49c940772:
bmap-tools: switch to main branch (2023-04-03 07:16:26 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bhabu Bindu (1):
ffmpeg: fix for CVE-2022-3341
Gaurav Gupta (1):
qemu: fix build error introduced by CVE-2021-3929 fix
Hitendra Prajapati (2):
ruby: CVE-2023-28756 ReDoS vulnerability in Time
curl: CVE-2023-27534 SFTP path ~ resolving discrepancy
meta/recipes-devtools/qemu/qemu.inc | 2 +
.../qemu/qemu/CVE-2021-3929.patch | 33 ++--
.../hw-block-nvme-handle-dma-errors.patch | 146 ++++++++++++++++++
...w-block-nvme-refactor-nvme_addr_read.patch | 55 +++++++
.../ruby/ruby/CVE-2023-28756.patch | 61 ++++++++
meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 +
.../ffmpeg/ffmpeg/CVE-2022-3341.patch | 67 ++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
.../curl/curl/CVE-2023-27534.patch | 123 +++++++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
10 files changed, 475 insertions(+), 15 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/hw-block-nvme-handle-dma-errors.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/hw-block-nvme-refactor-nvme_addr_read.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534.patch
--
2.34.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 0/4] Patch review
@ 2022-07-21 21:38 Steve Sakoman
0 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2022-07-21 21:38 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Friday. This should be the final set of patches for the 3.1.8 build.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3944
The following changes since commit bba069463ca3813666d084643b0239b9af0199e1:
classes/cve-check: Move get_patches_cves to library (2022-07-13 05:25:10 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.205
linux-yocto-rt/5.4: fixup -rt build breakage
Ranjitsinh Rathod (1):
cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST
Robert Joslyn (1):
curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208
.../distro/include/cve-extra-exclusions.inc | 6 +-
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../curl/curl/CVE-2022-32206.patch | 52 ++++
.../curl/curl/CVE-2022-32207.patch | 284 ++++++++++++++++++
.../curl/curl/CVE-2022-32208.patch | 72 +++++
meta/recipes-support/curl/curl_7.69.1.bb | 3 +
8 files changed, 432 insertions(+), 21 deletions(-)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32206.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32207.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32208.patch
--
2.25.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 0/4] Patch review
@ 2021-10-25 23:31 Steve Sakoman
0 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-10-25 23:31 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2804
The following changes since commit 62cdc20a2186ecd54d3a7131ec8f6937aa0229ed:
uninative: Upgrade to 3.4 (2021-10-25 10:23:54 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Joshua Watt (1):
classes/reproducible_build: Use atomic rename for SDE file
Richard Purdie (2):
rpm: Deterministically set vendor macro entry
reproducible_build: Work around caching issues
Steve Sakoman (1):
selftest/reproducible: adjust exclusion list for dunfell
meta/classes/reproducible_build.bbclass | 24 +++++++++++---------
meta/lib/oeqa/selftest/cases/reproducible.py | 5 ----
meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 3 ++-
3 files changed, 15 insertions(+), 17 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-04-15 15:33 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-25 14:36 [OE-core][dunfell 0/4] Patch review Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 1/4] pcre2: CVE-2022-1586 Out-of-bounds read Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 2/4] mobile-broadband-provider-info: upgrade 20220315 -> 20220511 Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 3/4] oeqa/selftest/cve_check: add tests for recipe and image reports Steve Sakoman
2022-05-25 14:36 ` [OE-core][dunfell 4/4] libdrm: add libdrm-{nouveau,radeon,intel} to RPROVIDES Steve Sakoman
2022-05-25 14:41 ` Martin Jansa
2022-05-25 14:52 ` Steve Sakoman
2022-05-26 9:38 ` [dunfell " Minjae Kim
-- strict thread matches above, loose matches on Subject: below --
2023-04-15 15:33 [OE-core][dunfell 0/4] Patch review Steve Sakoman
2022-07-21 21:38 Steve Sakoman
2021-10-25 23:31 Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.