[dunfell,00/17] Pull request (cover letter only)

Message ID	cover.1648772768.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.47, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 00/17] Pull request (cover letter only) Date: Thu, 31 Mar 2022 14:32:07 -1000 Message-Id: <cover.1648772768.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1648772768.git.steve@sakoman.com

State

Not Applicable, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 00/17] Pull request (cover letter only)
Date: Thu, 31 Mar 2022 14:32:07 -1000
Message-Id: <cover.1648772768.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman April 1, 2022, 12:32 a.m. UTC

Note: this also includes the patches from my previous pull request on Tuesday

The following changes since commit 71015408c60ddf2e9af00cc8574815971e1b689d:

  oeqa/selftest/tinfoil: Improve tinfoil event test debugging (2022-03-21 04:17:02 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next

Davide Gardenal (3):
  qemu: backport patch fix for CVE-2020-13791
  apt: backport patch fix for CVE-2020-3810
  ghostscript: backport patch fix for CVE-2021-3781

Minjae Kim (2):
  gnu-config: update SRC_URI
  virglrenderer: update SRC_URI

Ralph Siemsen (1):
  libxml2: fix CVE-2022-23308 regression

Richard Purdie (1):
  oeqa/selftest/tinfoil: Fix intermittent event loss issue in test

Ross Burton (1):
  python3: ignore CVE-2022-26488

Steve Sakoman (9):
  libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77
  ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native
  util-linux: fix CVE-2022-0563
  xserver-xorg: update to 1.20.9
  xserver-xorg: update to 1.20.10
  xserver-xorg: update to 1.20.11
  xserver-xorg: update to 1.20.12
  xserver-xorg: update to 1.20.13
  xserver-xorg: update to 1.20.14

 meta/lib/oeqa/selftest/cases/tinfoil.py       |   2 +-
 .../CVE-2022-23308-fix-regression.patch       |  98 ++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   1 +
 .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 meta/recipes-devtools/apt/apt.inc             |   1 +
 .../apt/apt/CVE-2020-3810.patch               | 174 +++++++++++++
 .../gnu-config/gnu-config_git.bb              |   2 +-
 .../recipes-devtools/python/python3_3.8.13.bb |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2020-13791.patch            |  44 ++++
 .../ghostscript/CVE-2021-3781_1.patch         | 121 +++++++++
 .../ghostscript/CVE-2021-3781_2.patch         |  37 +++
 .../ghostscript/CVE-2021-3781_3.patch         | 238 ++++++++++++++++++
 .../ghostscript/ghostscript_9.52.bb           |   9 +-
 .../libsolv/files/CVE-2021-3200.patch         |  10 +
 .../virglrenderer/virglrenderer_0.8.2.bb      |   2 +-
 .../xorg-xserver/xserver-xorg.inc             |   2 +-
 .../xserver-xorg/CVE-2020-14345.patch         | 182 --------------
 .../xserver-xorg/CVE-2020-14346.patch         |  36 ---
 .../xserver-xorg/CVE-2020-14347.patch         |  38 ---
 .../xserver-xorg/CVE-2020-14360.patch         | 132 ----------
 .../xserver-xorg/CVE-2020-14361.patch         |  36 ---
 .../xserver-xorg/CVE-2020-14362.patch         |  70 ------
 .../xserver-xorg/CVE-2020-25712.patch         | 102 --------
 ...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} |  11 +-
 26 files changed, 900 insertions(+), 613 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
 create mode 100644 meta/recipes-devtools/apt/apt/CVE-2020-3810.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_1.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_2.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781_3.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)

[dunfell,00/17] Pull request (cover letter only)

Pull-request

Message