* [OE-core][dunfell 0/6] Patch review
@ 2022-09-27 17:53 Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 1/6] inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd Steve Sakoman
` (5 more replies)
0 siblings, 6 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4272
The following changes since commit ef38f7acee3f0ae400138fa60f4695a86dffc16e:
linux-yocto/5.4: update to v5.4.213 (2022-09-22 04:40:18 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Dmitry Baryshkov (3):
linux-firmware: upgrade 20220708 -> 20220913
linux-firmware: package new Qualcomm firmware
linux-firmware: package new Qualcomm firmware
Minjae Kim (1):
inetutils: CVE-2022-39028 - fix remote DoS vulnerability in
inetutils-telnetd
Richard Purdie (1):
vim: Upgrade 9.0.453 -> 9.0.541
Robert Joslyn (1):
tzdata: Update from 2022b to 2022c
.../inetutils/inetutils/CVE-2022-39028.patch | 54 +++++++++++++++++++
.../inetutils/inetutils_1.9.4.bb | 1 +
meta/recipes-extended/timezone/timezone.inc | 6 +--
...20220708.bb => linux-firmware_20220913.bb} | 39 ++++++++++++--
meta/recipes-support/vim/vim.inc | 4 +-
5 files changed, 95 insertions(+), 9 deletions(-)
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220708.bb => linux-firmware_20220913.bb} (94%)
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 1/6] inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 2/6] vim: Upgrade 9.0.453 -> 9.0.541 Steve Sakoman
` (4 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Minjae Kim <flowergom@gmail.com>
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
CVE: CVE-2022-39028
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../inetutils/inetutils/CVE-2022-39028.patch | 54 +++++++++++++++++++
.../inetutils/inetutils_1.9.4.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
new file mode 100644
index 0000000000..da2da8da8a
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
@@ -0,0 +1,54 @@
+From eaae65aac967f9628787dca4a2501ca860bb6598 Mon Sep 17 00:00:00 2001
+From: Minjae Kim <flowergom@gmail.com>
+Date: Mon, 26 Sep 2022 22:05:07 +0200
+Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
+
+Fix telnetd crash if the first two bytes of a new connection
+are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
+
+The problem was reported in:
+<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
+
+* NEWS: Mention fix.
+* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
+zero slctab[SLC_EL].sptr.
+
+CVE: CVE-2022-39028
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
+Signed-off-by: Minjae Kim<flowergom@gmail.com>
+---
+ telnetd/state.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/telnetd/state.c b/telnetd/state.c
+index 2184bca..7948503 100644
+--- a/telnetd/state.c
++++ b/telnetd/state.c
+@@ -314,15 +314,21 @@ telrcv (void)
+ case EC:
+ case EL:
+ {
+- cc_t ch;
++ cc_t ch = (cc_t) (_POSIX_VDISABLE);
+
+ DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
+ ptyflush (); /* half-hearted */
+ init_termbuf ();
+ if (c == EC)
+- ch = *slctab[SLC_EC].sptr;
++ {
++ if (slctab[SLC_EC].sptr)
++ ch = *slctab[SLC_EC].sptr;
++ }
+ else
+- ch = *slctab[SLC_EL].sptr;
++ {
++ if (slctab[SLC_EL].sptr)
++ ch = *slctab[SLC_EL].sptr;
++ }
+ if (ch != (cc_t) (_POSIX_VDISABLE))
+ pty_output_byte ((unsigned char) ch);
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
index f4450e19f4..fe391b8bce 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
file://0001-rcp-fix-to-work-with-large-files.patch \
file://fix-buffer-fortify-tfpt.patch \
file://CVE-2021-40491.patch \
+ file://CVE-2022-39028.patch \
"
SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 2/6] vim: Upgrade 9.0.453 -> 9.0.541
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 1/6] inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 3/6] tzdata: Update from 2022b to 2022c Steve Sakoman
` (3 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2022-3234.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 94f8ba7cbf..8a914ae524 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0453"
-SRCREV = "83a19c5fda0556330860899bfb484addf9178cd0"
+PV .= ".0541"
+SRCREV = "ee7c8d999beb847457f768757b1bdcd76391c1f4"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 3/6] tzdata: Update from 2022b to 2022c
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 1/6] inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 2/6] vim: Upgrade 9.0.453 -> 9.0.541 Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 4/6] linux-firmware: upgrade 20220708 -> 20220913 Steve Sakoman
` (2 subsequent siblings)
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ecf88d151f265e5efb8e1dde5aba3ee2a8b76d8d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 2b956cf7c0..d032fed356 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022b"
+PV = "2022c"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "bab20d943e59a3218435f48d868a4e552f18d6d7f3dd128660c5660c80b8a05f"
-SRC_URI[tzdata.sha256sum] = "f590eaf04a395245426c2be4fae71c143aea5cebc11088b7a0a5704461df397d"
+SRC_URI[tzcode.sha256sum] = "3e7ce1f3620cc0481907c7e074d69910793285bffe0ca331ef1a6d1ae3ea90cc"
+SRC_URI[tzdata.sha256sum] = "6974f4e348bf2323274b56dff9e7500247e3159eaa4b485dfa0cd66e75c14bfe"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 4/6] linux-firmware: upgrade 20220708 -> 20220913
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-09-27 17:53 ` [OE-core][dunfell 3/6] tzdata: Update from 2022b to 2022c Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 5/6] linux-firmware: package new Qualcomm firmware Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 6/6] " Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
License-Update: additional files
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68ce822b765a7b67f8cc8590688860cc2530cf04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...{linux-firmware_20220708.bb => linux-firmware_20220913.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220708.bb => linux-firmware_20220913.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
index 27146154be..683da1c411 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "def08711eb23ba967fb7e1f8cff66178"
+WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "0abec827a035c82bdcabdf82aa37ded247bc682ef05861bd409ea6f477bab81d"
+SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9"
inherit allarch
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 5/6] linux-firmware: package new Qualcomm firmware
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-09-27 17:53 ` [OE-core][dunfell 4/6] linux-firmware: upgrade 20220708 -> 20220913 Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 6/6] " Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Create separate packages with firmware files for APQ8096 SoC and for
Adreno 2xx/4xx. Include A330 firmware into the 3xx package.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a0cb8f9131d1f238dc150e583a7ff816645765f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux-firmware/linux-firmware_20220913.bb | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
index 683da1c411..52ea8259eb 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
@@ -308,8 +308,9 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-qcom-license \
${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
- ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \
+ ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
+ ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
@@ -962,11 +963,15 @@ FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
FILES_${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
-FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw"
+FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES_${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
+FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
+FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
@@ -978,11 +983,15 @@ RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 6/6] linux-firmware: package new Qualcomm firmware
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-09-27 17:53 ` [OE-core][dunfell 5/6] linux-firmware: package new Qualcomm firmware Steve Sakoman
@ 2022-09-27 17:53 ` Steve Sakoman
5 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-27 17:53 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add packages for the new Qualcomm firmware released for Lenovo X13s
laptop.
The INSANE_SKIP:${PN} has to be provided to silent following warnings:
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
WARNING: File '/lib/firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn' from linux-firmware was already stripped, this will prevent future debugging!
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af9924a3da0569e90c2d3abe030584456e66229b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux-firmware/linux-firmware_20220913.bb | 22 +++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
index 52ea8259eb..2baf4bbe49 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
@@ -311,6 +311,11 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
+ ${PN}-qcom-sc8280xp-lenovo-x13s-compat \
+ ${PN}-qcom-sc8280xp-lenovo-x13s-audio \
+ ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \
+ ${PN}-qcom-sc8280xp-lenovo-x13s-compute \
+ ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \
${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
@@ -972,6 +977,11 @@ FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${n
FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*"
+FILES_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*"
FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
@@ -992,12 +1002,21 @@ RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sm8250-audio = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-sm8250-compute = "${PN}-qcom-license"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+RRECOMMENDS_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-sc8280xp-lenovo-x13s-compat"
+
FILES_${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio"
# For Amlogic VDEC
@@ -1077,3 +1096,6 @@ python populate_packages_prepend () {
# Firmware files are generally not ran on the CPU, so they can be
# allarch despite being architecture specific
INSANE_SKIP = "arch"
+
+# Don't warn about already stripped files
+INSANE_SKIP:${PN} = "already-stripped"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2024-01-18 2:51 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2024-01-18 2:51 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6460
The following changes since commit b3dd6852c0d6b8aa9b36377d7024ac95062e8098:
linux-firmware: upgrade 20230804 -> 20231030 (2024-01-04 07:24:12 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Peter Marko (1):
zlib: ignore CVE-2023-6992
Vijay Anusuri (5):
go: Backport fix for CVE-2023-45287
xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478
libxml2: Fix for CVE-2023-45322
qemu: Backport fix for CVE-2023-2861
libtiff: Fix for CVE-2023-6228
.../libxml/libxml2/CVE-2023-45322-1.patch | 50 +
.../libxml/libxml2/CVE-2023-45322-2.patch | 80 +
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 4 +
.../go/go-1.14/CVE-2023-45287-pre1.patch | 393 ++++
.../go/go-1.14/CVE-2023-45287-pre2.patch | 401 ++++
.../go/go-1.14/CVE-2023-45287-pre3.patch | 86 +
.../go/go-1.14/CVE-2023-45287.patch | 1697 +++++++++++++++++
meta/recipes-devtools/qemu/qemu.inc | 2 +
...x-libcap-header-issue-on-some-distro.patch | 9 +-
...e-O_NOATIME-if-we-don-t-have-permiss.patch | 63 +
.../qemu/qemu/CVE-2023-2861.patch | 178 ++
.../xserver-xorg/CVE-2023-6377.patch | 79 +
.../xserver-xorg/CVE-2023-6478.patch | 63 +
.../xorg-xserver/xserver-xorg_1.20.14.bb | 2 +
.../libtiff/files/CVE-2023-6228.patch | 30 +
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
18 files changed, 3140 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2023-12-27 2:30 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-12-27 2:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday, December 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6376
The following changes since commit 05d9f9c6b27c0216fa4e349109ef42cf91bb4084:
testimage: Exclude wtmp from target-dumper commands (2023-12-21 04:08:46 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Hitendra Prajapati (1):
bluez5: fix CVE-2023-45866
Lee Chee Yang (1):
curl: fix CVE-2023-46218
Steve Sakoman (1):
testimage: drop target_dumper and host_dumper
Vijay Anusuri (2):
flac: Backport fix for CVE-2021-0561
openssh: backport Debian patch for CVE-2023-48795
Virendra Thakur (1):
binutils: fix multiple cve
meta/classes/testimage.bbclass | 21 -
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
.../bluez5/bluez5/CVE-2023-45866.patch | 54 ++
.../openssh/openssh/CVE-2023-48795.patch | 468 ++++++++++++++++++
.../openssh/openssh_8.2p1.bb | 1 +
.../binutils/binutils-2.34.inc | 6 +
.../binutils/binutils/CVE-2022-47007.patch | 32 ++
.../binutils/binutils/CVE-2022-47008.patch | 64 +++
.../binutils/binutils/CVE-2022-47010.patch | 34 ++
.../binutils/binutils/CVE-2022-47011.patch | 31 ++
.../binutils/binutils/CVE-2022-47695.patch | 57 +++
.../binutils/binutils/CVE-2022-48063.patch | 49 ++
.../flac/files/CVE-2021-0561.patch | 34 ++
meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 +
.../curl/curl/CVE-2023-46218.patch | 52 ++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
16 files changed, 885 insertions(+), 21 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2021-0561.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46218.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2023-10-25 2:29 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-10-25 2:29 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday, October 26
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6098
with the exception of a known intermittent reproducibility issue with the
vim-common package.
The following changes since commit 6b4a583169ae40a8d51e7ffa33785409b5111a81:
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT (2023-10-16 05:07:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ashish Sharma (1):
binutils: Backport fix CVE-2023-25588
Meenali Gupta (1):
linux-firmware: upgrade 20230625 -> 20230804
Richard Purdie (1):
resulttool/report: Avoid divide by zero
Siddharth Doshi (1):
vim: Upgrade 9.0.2009 -> 9.0.2048
Steve Sakoman (2):
patch.py: Use shlex instead of deprecated pipe
cve-exclusion_5.4.inc: update for 5.4.257
meta/lib/oe/patch.py | 6 +-
.../binutils/binutils-2.34.inc | 1 +
.../binutils/binutils/CVE-2023-25588.patch | 146 ++++++++++++
...20230625.bb => linux-firmware_20230804.bb} | 4 +-
.../linux/cve-exclusion_5.4.inc | 207 +++++++++++++++---
meta/recipes-support/vim/vim.inc | 4 +-
scripts/lib/resulttool/report.py | 5 +-
7 files changed, 338 insertions(+), 35 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%)
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2023-03-14 15:21 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2023-03-14 15:21 UTC (permalink / raw)
To: openembedded-core
Please review this final set of patches for the dunfell 3.1.24 release.
We hope to do the release build this Thursday, so please have any comments
back as soon as possible.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5043
The following changes since commit 51424b9955374196307aaf73cf4b6c184ce4fb6d:
devshell: Do not add scripts/git-intercept to PATH (2023-03-06 04:54:35 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Richard Purdie (1):
oeqa/selftest/prservice: Improve debug output for failure
Ross Burton (2):
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
Siddharth Doshi (1):
harfbuzz: Security fix for CVE-2023-25193
Vivek Kumbhar (1):
gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key
exchange code
meta/classes/kernel.bbclass | 2 +-
meta/lib/oeqa/selftest/cases/prservice.py | 2 +-
meta/recipes-extended/shadow/shadow_4.8.1.bb | 4 +
.../harfbuzz/CVE-2023-25193-pre0.patch | 335 ++++++++++++++++++
.../harfbuzz/CVE-2023-25193-pre1.patch | 135 +++++++
.../harfbuzz/harfbuzz/CVE-2023-25193.patch | 179 ++++++++++
.../harfbuzz/harfbuzz_2.6.4.bb | 5 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 -
.../gnutls/gnutls/CVE-2023-0361.patch | 85 +++++
meta/recipes-support/gnutls/gnutls_3.6.14.bb | 1 +
meta/recipes-support/vim/vim.inc | 2 +-
11 files changed, 746 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
--
2.34.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2022-09-21 2:37 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-09-21 2:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4245
The following changes since commit 46ba253059738dbd4de4bc7a7ac02a2585c498f5:
vim: Upgrade 9.0.0341 -> 9.0.0453 (2022-09-14 08:08:22 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrei Gherzan (1):
qemu: Define libnfs PACKAGECONFIG
Chee Yang Lee (1):
qemu: fix and ignore several CVEs
Hitendra Prajapati (1):
connman: CVE-2022-32293 man-in-the-middle attack against a WISPR HTTP
Richard Purdie (1):
qemu: Add PACKAGECONFIG for brlapi
Virendra Thakur (2):
sqlite3: Fix CVE-2020-35525
sqlite3: Fix CVE-2020-35527
.../connman/connman/CVE-2022-32293.patch | 266 ++++++++++++++++++
.../connman/connman_1.37.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 17 ++
.../qemu/qemu/CVE-2020-13754-1.patch | 91 ++++++
.../qemu/qemu/CVE-2020-13754-2.patch | 69 +++++
.../qemu/qemu/CVE-2020-13754-3.patch | 65 +++++
.../qemu/qemu/CVE-2020-13754-4.patch | 39 +++
.../qemu/qemu/CVE-2021-3713.patch | 67 +++++
.../qemu/qemu/CVE-2021-3748.patch | 124 ++++++++
.../qemu/qemu/CVE-2021-3930.patch | 53 ++++
.../qemu/qemu/CVE-2021-4206.patch | 89 ++++++
.../qemu/qemu/CVE-2021-4207.patch | 43 +++
.../qemu/qemu/CVE-2022-0216-1.patch | 42 +++
.../qemu/qemu/CVE-2022-0216-2.patch | 52 ++++
.../sqlite/files/CVE-2020-35525.patch | 21 ++
.../sqlite/files/CVE-2020-35527.patch | 22 ++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 +
17 files changed, 1063 insertions(+)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-3.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13754-4.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216-1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216-2.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35525.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35527.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2022-06-21 23:28 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-06-21 23:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3805
The following changes since commit 135adeb82c9303c26193bb6f6bd3bc696793aa62:
archiver: don't use machine variables in shared recipes (2022-06-15 06:40:10 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Chee Yang Lee (1):
dpkg: update to 1.19.8
Dmitry Baryshkov (2):
linux-firmware: add support for building snapshots
linux-firmware: upgrade 20220509 -> 20220610
Hitendra Prajapati (2):
python-pip: CVE-2021-3572 Incorrect handling of unicode separators in
git references
golang: CVE-2021-44717 syscall: don't close fd 0 on ForkExec error
Nick Potenski (1):
systemd: systemd-systemctl: Support instance conf files during enable
.../systemd/systemd-systemctl/systemctl | 14 +++-
.../dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} | 4 +-
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2021-44717.patch | 83 ++++++++++++++++++
.../python/python3-pip/CVE-2021-3572.patch | 48 +++++++++++
.../python/python3-pip_20.0.2.bb | 1 +
...01-Makefile-replace-mkdir-by-install.patch | 84 -------------------
...20220509.bb => linux-firmware_20220610.bb} | 11 ++-
8 files changed, 154 insertions(+), 92 deletions(-)
rename meta/recipes-devtools/dpkg/{dpkg_1.19.7.bb => dpkg_1.19.8.bb} (86%)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-44717.patch
create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch
delete mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220509.bb => linux-firmware_20220610.bb} (99%)
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2022-04-28 21:46 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2022-04-28 21:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end of
day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3587
The following changes since commit 8e81d38048c953d0823abf04d5b2506cd988f0bb:
build-appliance-image: Update to dunfell head revision (2022-04-25 15:58:54 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Dmitry Baryshkov (1):
linux-firmware: correct license for ar3k firmware
Marta Rybczynska (1):
cve-check: add json format
Richard Purdie (1):
perf-build-test/report: Drop phantomjs and html email reports support
Ross Burton (1):
boost: don't specify gcc version
Steve Sakoman (1):
scripts/contrib/oe-build-perf-report-email.py: remove obsolete check
for phantomjs and optipng
sana kazi (1):
tiff: Fix CVE-2022-0891
meta/classes/cve-check.bbclass | 144 +++++++++++-
meta/lib/oe/cve_check.py | 16 ++
.../linux-firmware/linux-firmware_20220411.bb | 4 +-
.../libtiff/files/CVE-2022-0891.patch | 217 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
meta/recipes-support/boost/boost.inc | 2 +-
scripts/contrib/build-perf-test-wrapper.sh | 15 +-
scripts/contrib/oe-build-perf-report-email.py | 167 +-------------
8 files changed, 388 insertions(+), 178 deletions(-)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-0891.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2021-06-16 14:04 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-16 14:04 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dundell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2247
The following changes since commit 2246b0d7a71c69eb2e89c55991d1387069895466:
kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags (2021-06-08 04:32:17 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrea Adami (1):
kernel.bbclass: fix do_sizecheck() comparison
Kai Kang (1):
valgrind: fix a typo
Lee Chee Yang (4):
gstreamer-plugins-good: fix CVE-2021-3497 CVE-2021-3498
bind: 9.11.22 -> 9.11.32
ruby: 2.7.1 -> 2.7.3
python3: fix CVE-2021-23336
meta/classes/kernel.bbclass | 2 +-
.../bind/bind/CVE-2020-8625.patch | 17 -
.../bind/{bind_9.11.22.bb => bind_9.11.32.bb} | 5 +-
.../python/python3/CVE-2021-23336.patch | 530 ++++++++++++++++++
meta/recipes-devtools/python/python3_3.8.2.bb | 1 +
.../ruby/ruby/CVE-2020-25613.patch | 40 --
.../ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} | 5 +-
.../valgrind/valgrind_3.15.0.bb | 2 +-
.../CVE-2021-3497.patch | 207 +++++++
.../CVE-2021-3498.patch | 44 ++
.../gstreamer1.0-plugins-good_1.16.3.bb | 2 +
11 files changed, 790 insertions(+), 65 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
rename meta/recipes-connectivity/bind/{bind_9.11.22.bb => bind_9.11.32.bb} (96%)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-23336.patch
delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
rename meta/recipes-devtools/ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} (94%)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [OE-core][dunfell 0/6] Patch review
@ 2021-06-08 14:42 Steve Sakoman
0 siblings, 0 replies; 16+ messages in thread
From: Steve Sakoman @ 2021-06-08 14:42 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2220
The following changes since commit 090452c5284181f18c32dc33887f4dda20c48004:
Revert "busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog" (2021-06-08 04:32:17 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Bruce Ashfield (2):
linux-yocto/5.4: update to v5.4.120
linux-yocto/5.4: update to v5.4.123
Klaus Heinrich Kiwi (1):
kernel-fitimage: Don't use unit addresses on FIT
Lee Chee Yang (2):
libxml: fix CVE-2021-3517 CVE-2021-3537
gnutls: fix CVE-2021-20231 CVE-2021-20232
Ovidiu Panait (1):
kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
meta/classes/kernel-devicetree.bbclass | 7 ++
meta/classes/kernel-fitimage.bbclass | 32 ++++-----
.../libxml/libxml2/CVE-2021-3517.patch | 53 +++++++++++++++
.../libxml/libxml2/CVE-2021-3537.patch | 50 ++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +--
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++---
.../gnutls/gnutls/CVE-2021-20231.patch | 67 +++++++++++++++++++
.../gnutls/gnutls/CVE-2021-20232.patch | 65 ++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.6.14.bb | 2 +
11 files changed, 280 insertions(+), 34 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3517.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3537.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2024-01-18 2:51 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-27 17:53 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 1/6] inetutils: CVE-2022-39028 - fix remote DoS vulnerability in inetutils-telnetd Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 2/6] vim: Upgrade 9.0.453 -> 9.0.541 Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 3/6] tzdata: Update from 2022b to 2022c Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 4/6] linux-firmware: upgrade 20220708 -> 20220913 Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 5/6] linux-firmware: package new Qualcomm firmware Steve Sakoman
2022-09-27 17:53 ` [OE-core][dunfell 6/6] " Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2024-01-18 2:51 [OE-core][dunfell 0/6] Patch review Steve Sakoman
2023-12-27 2:30 Steve Sakoman
2023-10-25 2:29 Steve Sakoman
2023-03-14 15:21 Steve Sakoman
2022-09-21 2:37 Steve Sakoman
2022-06-21 23:28 Steve Sakoman
2022-04-28 21:46 Steve Sakoman
2021-06-16 14:04 Steve Sakoman
2021-06-08 14:42 Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.