Please review this set of changes for dunfell and have comments back by end of day Tuesday, November 14
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6174 The following changes since commit 0dbf3a15321b8033ff8ed86c6aa261fdb9c3d5bb: build-appliance-image: Update to dunfell head revision (2023-10-27 04:22:17 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Ashish Sharma (1): zlib: Backport fix for CVE-2023-45853 Hitendra Prajapati (1): tiff: Security fix for CVE-2023-40745 Lee Chee Yang (1): kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269 Mikko Rapeli (1): lz4: use CFLAGS from bitbake Naveen Saini (2): assimp: Explicitly use nobranch=1 in SRC_URI resolvconf: Fix fetch error Peter Marko (1): glibc: ignore CVE-2023-4527 Ross Burton (3): cve-check: sort the package list in the JSON report cve-check: slightly more verbose warning when adding the same package twice cve-check: don't warn if a patch is remote Soumya Sambu (1): libwebp: Fix CVE-2023-4863 Steve Sakoman (2): Revert "qemu: Backport fix for CVE-2023-0330" lz4: specify gnu17 in CFLAGS to fix reproducibility issues Vijay Anusuri (2): tiff: CVE patch correction for CVE-2023-3576 xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380 meta/classes/cve-check.bbclass | 2 + meta/lib/oe/cve_check.py | 13 +- .../resolvconf/resolvconf_1.82.bb | 2 +- meta/recipes-core/glibc/glibc_2.31.bb | 7 + .../zlib/zlib/CVE-2023-45853.patch | 40 ++++++ meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 3 +- ...-2023-0330_1.patch => CVE-2023-0330.patch} | 0 .../qemu/qemu/CVE-2023-0330_2.patch | 135 ------------------ meta/recipes-graphics/vulkan/assimp_5.0.1.bb | 2 +- .../xserver-xorg/CVE-2023-5367.patch | 84 +++++++++++ .../xserver-xorg/CVE-2023-5380.patch | 102 +++++++++++++ .../xorg-xserver/xserver-xorg_1.20.14.bb | 2 + .../kexec/kexec-tools_2.0.20.bb | 3 + ...-2023-3618-1.patch => CVE-2023-3576.patch} | 3 +- ...-2023-3618-2.patch => CVE-2023-3618.patch} | 0 .../libtiff/files/CVE-2023-40745.patch | 34 +++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 5 +- ...23-5129.patch => CVE-2023-4863-0001.patch} | 27 ++-- .../webp/files/CVE-2023-4863-0002.patch | 53 +++++++ meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 3 +- meta/recipes-support/lz4/lz4_1.9.2.bb | 3 +- 22 files changed, 358 insertions(+), 166 deletions(-) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => CVE-2023-0330.patch} (100%) delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} (93%) rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} (100%) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (95%) create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190415): https://lists.openembedded.org/g/openembedded-core/message/190415 Mute This Topic: https://lists.openembedded.org/mt/102526861/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
