Message ID | cover.1674613569.git.steve@sakoman.com |
---|---|
State | Not Applicable, archived |
Headers | show |
This is the final pull request for the kirkstone 4.0.7 release build next week. Steve On Tue, Jan 24, 2023 at 4:30 PM Steve Sakoman <steve@sakoman.com> wrote: > > The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee: > > devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next > > Alex Kiernan (1): > classes: image: Set empty weak default IMAGE_LINGUAS > > Alexander Kanavin (5): > libksba: update 1.6.2 -> 1.6.3 > linux-firmware: upgrade 20221109 -> 20221214 > xwayland: upgrade 22.1.5 -> 22.1.7 > xserver-xorg: upgrade 21.1.4 -> 21.1.6 > selftest/virgl: use pkg-config from the host > > Antonin Godard (2): > busybox: always start do_compile with orig config files > busybox: rm temporary files if do_compile was interrupted > > Benoît Mauduit (1): > lib/oe/reproducible: Use git log without gpg signature > > Bhabu Bindu (1): > qemu: Fix CVE-2022-4144 > > Bruce Ashfield (5): > linux-yocto/5.15: ltp and squashfs fixes > linux-yocto/5.15: fix perf build with clang > linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off > linux-yocto/5.15: update to v5.15.84 > linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user > copy > > Chen Qi (2): > dhcpcd: backport two patches to fix runtime error > libseccomp: fix typo in DESCRIPTION > > Daniel Gomez (1): > gtk-icon-cache: Fix GTKIC_CMD if-else condition > > He Zhe (1): > lttng-modules: update 2.13.7 -> 2.13.8 > > Hitendra Prajapati (1): > go: fix CVE-2022-41717 Excessive memory use in got server > > Jan Kircher (1): > toolchain-scripts: compatibility with unbound variable protection > > Jermain Horsman (1): > cve-check: write the cve manifest to IMGDEPLOYDIR > > KARN JYE LAU (1): > freetype:update mirror site. > > Khem Raj (1): > tiff: Add packageconfig knob for webp > > Marta Rybczynska (1): > cve-update-db-native: avoid incomplete updates > > Martin Jansa (1): > ffmpeg: refresh patches to apply cleanly > > Narpat Mali (4): > python3-setuptools: fix for CVE-2022-40897 > python3-wheel: fix for CVE-2022-40898 > python3-git: fix for CVE-2022-24439 > ffmpeg: fix for CVE-2022-3341 > > Pavel Zhukov (1): > gcc: Refactor linker patches and fix linker on arm with usrmerge > > Petr Kubizňák (1): > harfbuzz: remove bindir only if it exists > > Quentin Schulz (1): > cairo: fix CVE patches assigned wrong CVE number > > Randy MacLeod (1): > vim: upgrade 9.0.0947 -> 9.0.1211 > > Ross Burton (1): > cve-update-db-native: show IP on failure > > Sandeep Gundlupet Raju (2): > kernel-fitimage: Adjust order of dtb/dtbo files > kernel-fitimage: Allow user to select dtb when multiple dtb exists > > Saul Wold (1): > at: Change when files are copied > > Steve Sakoman (1): > Revert "libksba: fix CVE-2022-47629" > > Vivek Kumbhar (1): > openssl: fix CVE-2022-3996 double locking leads to denial of service > > Yash Shinde (1): > glibc: stable 2.35 branch updates. > > Yogita Urade (1): > libksba: fix CVE-2022-47629 > > meta/classes/cve-check.bbclass | 6 +- > meta/classes/gtk-icon-cache.bbclass | 2 +- > meta/classes/image.bbclass | 3 +- > meta/classes/kernel-fitimage.bbclass | 21 +- > meta/classes/toolchain-scripts.bbclass | 2 +- > meta/lib/oe/reproducible.py | 3 +- > meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +- > .../dhcpcd/dhcpcd_9.4.1.bb | 2 + > ...low-getrandom-sysctl-for-newer-glibc.patch | 30 ++ > ...sep-Allow-newfstatat-syscall-as-well.patch | 31 ++ > .../openssl/openssl/CVE-2022-3996.patch | 43 ++ > .../openssl/openssl_3.0.7.bb | 1 + > meta/recipes-core/busybox/busybox.inc | 26 +- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > .../recipes-core/meta/cve-update-db-native.bb | 88 +++- > meta/recipes-devtools/gcc/gcc-11.3.inc | 1 - > ...rm-add-armv9-a-architecture-to-march.patch | 89 ++-- > ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 269 +++++++--- > ...s-fix-v4bx-to-linker-to-support-EABI.patch | 10 +- > ...019-nios2-Define-MUSL_DYNAMIC_LINKER.patch | 25 - > meta/recipes-devtools/go/go-1.17.13.inc | 1 + > .../go/go-1.18/CVE-2022-41717.patch | 89 ++++ > ...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 ++++ > ...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++ > .../python/python3-git_3.1.27.bb | 4 + > ...-of-whitespace-to-search-backtrack.-.patch | 31 ++ > .../python/python3-setuptools_59.5.0.bb | 1 + > ...tential-DoS-attack-via-WHEEL_INFO_RE.patch | 32 ++ > .../python/python3-wheel_0.37.1.bb | 4 +- > meta/recipes-devtools/qemu/qemu.inc | 1 + > .../qemu/qemu/CVE-2022-4144.patch | 99 ++++ > meta/recipes-extended/at/at_3.2.5.bb | 6 +- > .../cairo/cairo/CVE-2019-6461.patch | 46 +- > .../cairo/cairo/CVE-2019-6462.patch | 46 +- > .../freetype/freetype_2.11.1.bb | 2 +- > .../harfbuzz/harfbuzz_4.0.1.bb | 6 +- > ...possible-memleaks-in-XkbGetKbdByName.patch | 63 --- > ...ntedString-against-request-length-at.patch | 38 -- > ...-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} | 4 +- > ...{xwayland_22.1.5.bb => xwayland_22.1.7.bb} | 2 +- > ...20221109.bb => linux-firmware_20221214.bb} | 4 +- > .../linux/linux-yocto-rt_5.15.bb | 6 +- > .../linux/linux-yocto-tiny_5.15.bb | 6 +- > meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- > ...ules_2.13.7.bb => lttng-modules_2.13.8.bb} | 2 +- > ...c-stop-accessing-out-of-bounds-frame.patch | 19 +- > ...c-stop-accessing-out-of-bounds-frame.patch | 7 +- > ...-vp3-Add-missing-check-for-av_malloc.patch | 12 +- > ...ec-Add-check-for-avformat_new_stream.patch | 67 +++ > .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +- > meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + > .../libksba/ksba-add-pkgconfig-support.patch | 6 +- > .../{libksba_1.6.2.bb => libksba_1.6.3.bb} | 2 +- > .../libseccomp/libseccomp_2.5.3.bb | 2 +- > meta/recipes-support/vim/vim.inc | 4 +- > 55 files changed, 1479 insertions(+), 404 deletions(-) > create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch > create mode 100644 meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch > delete mode 100644 meta/recipes-devtools/gcc/gcc/0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch > create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch > create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch > create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch > create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch > create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch > delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch > delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch > rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} (80%) > rename meta/recipes-graphics/xwayland/{xwayland_22.1.5.bb => xwayland_22.1.7.bb} (95%) > rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221109.bb => linux-firmware_20221214.bb} (99%) > rename meta/recipes-kernel/lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} (94%) > create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > rename meta/recipes-support/libksba/{libksba_1.6.2.bb => libksba_1.6.3.bb} (94%) > > -- > 2.25.1 >