From patchwork Wed Mar 13 21:48:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40943 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AB4AC54E6E for ; Wed, 13 Mar 2024 21:48:59 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.8402.1710366534489569967 for ; Wed, 13 Mar 2024 14:48:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ZBWRH3Ow; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6e6afb754fcso348536b3a.3 for ; Wed, 13 Mar 2024 14:48:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366534; x=1710971334; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WqpIjeprpKhpJG/Y62qOFYnx7yZY5UXfBqXX+mby7ds=; b=ZBWRH3OwN0ul8MW8FhEpyEb3ywIXtrxJrdURFEM8x+DIHzt4d9gbyzxwYILbqWRsVo Usy6XpTyZ5kkDLQfoprG9LQalKt9Z5cNQnRWvlNxSs/Q1qW4u9xcUMc4Hz+dUoqwNVeN OdgsAnJqYi5KWU9/GWb+y3hZIzLLSbovkUZkoR0IZxhRrrOKXMhkrHpc4Ssir60Nyw47 899JYchZ/qiX7wVlcOC8/l3UByVPcoMIfn6KjkRR7xPh77/74qv8o4wwT63lhZNpHiJ6 Nnys5Jm2xiTcFGfyIT9dxy7rePY2hrRoPLEP5bGGeLT/2JOUUW0I6Wukbv3lLJrVhvzb ROiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366534; x=1710971334; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WqpIjeprpKhpJG/Y62qOFYnx7yZY5UXfBqXX+mby7ds=; b=W3eXBJJ8s09MFkxYhlxA6uW9TabtNe9Y/TcO7//NCAyto25Pt64dq/tpzzjVkVnEsS JOOCeFk/zO+53ay+DuxNzpELnwm4EW52d60v5oKkEDJjQYGNlzrKOd7IDzot7/Q57pMZ otD+uY7nnS5EP1TLGd23pQekBBB4MXW2YE/rD8IeZSdXXI4LKkSjduvPvV85so5J9SVQ 1AtaMwgzmJFiSp7PORRSDdjkdEIgY+QtjbYBH8hK667yK0NH1rdeD2oS33/s8eKzRHy5 VDIWBxGWv8exUfeLiBIIscBvkrBG1Cu36vqj/SlXd0qF9VYMoPuTEc+1JTeh2W5lOh41 Su9g== X-Gm-Message-State: AOJu0YxG4lCnfD93jiQ/sugkr93UYnVZY+Yo1YhD8ggR7V1DEBYCHF83 +qpwB6FdY/cumW873O6mPCdKgTXBYB+fZ4ezLKNtLr9qySvBBRWu4detXnAzAlQxVgEeEiFk5TN c+N0= X-Google-Smtp-Source: AGHT+IHk/F4FxPnFupldT2Ty38IxLRyQgDFJ+EDlHkFh4iPQ7gz2AMjsNWu/5dBw/kifOjhTaxfcfg== X-Received: by 2002:a05:6a21:99a1:b0:1a3:15e8:7e93 with SMTP id ve33-20020a056a2199a100b001a315e87e93mr257827pzb.56.1710366533748; Wed, 13 Mar 2024 14:48:53 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.48.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:48:53 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 1/7] xwayland: upgrade 23.2.3 -> 23.2.4 Date: Wed, 13 Mar 2024 11:48:39 -1000 Message-Id: <91f5e2a55212f3e0c8ce9269a139a7f4519f28a9.1710366394.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:48:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197085 From: Dhairya Nagodra Includes fixes for CVE-2023-6816, CVE-2024-0408, CVE-2024-0409 Signed-off-by: Dhairya Nagodra Signed-off-by: Steve Sakoman --- .../xwayland/{xwayland_23.2.3.bb => xwayland_23.2.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/xwayland/{xwayland_23.2.3.bb => xwayland_23.2.4.bb} (95%) diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.4.bb similarity index 95% rename from meta/recipes-graphics/xwayland/xwayland_23.2.3.bb rename to meta/recipes-graphics/xwayland/xwayland_23.2.4.bb index 9aa7b4dfcd..092359172a 100644 --- a/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb +++ b/meta/recipes-graphics/xwayland/xwayland_23.2.4.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302" +SRC_URI[sha256sum] = "a99e159b6d0d33098b3b6ab22a88bfcece23c8b9d0ca72c535c55dcb0681b46b" UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar" From patchwork Wed Mar 13 21:48:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40944 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 809F9C54E6A for ; Wed, 13 Mar 2024 21:48:59 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.8548.1710366536032234128 for ; Wed, 13 Mar 2024 14:48:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xnOiIamo; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6e6cb0f782bso58234b3a.1 for ; Wed, 13 Mar 2024 14:48:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366535; x=1710971335; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=la7jHsYPD67LaZ5A3I3nqrlPvFubLaMPcduMY2SbGK0=; b=xnOiIamorgi2PMjaNrhe90J70BaGyb0sMFE6zlglzZcj1D4jDsCLtti7q3fSZOzWaU NgMFzCNlAicD/l8Q1ZO+fTK0XICCmBIoX1glBsjcbOVMaI2Q3XK7MlW0kH8PPTNQ/LBb XPzmxde2zBVQtxIA3LuBu/5rat4yV3o8XeG3oIXcp+IsXz/xCpqFYP2vwGMiQ+tRgHjG oPQk1WJGkhQ+o8ZGWdzf8heZQWlrlpkSCBH/jBE1zkdL6vMK6corJBnTbsj7/BbI7ftr 0LW39CA0+Oqtwl2RNKvVn/cYYBZokQQdU2eqp3Rlun/Og9+lrSFP9ef2r7XoYmZQpYfi w3OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366535; x=1710971335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=la7jHsYPD67LaZ5A3I3nqrlPvFubLaMPcduMY2SbGK0=; b=FQVTzy651hjF/zIvnEKB2Vv6+KfDKD2Dx0XbYzKYi+nynOce2syzU66+0/1Pb1j1y+ 91tqYFEzVOlNWDQz1JGDwa6gRafvau00aeGcRstGVlY080jvPU56KqTN4F+UARVVHHyk rqQV4LNe7eaQCOchkki7YNxiqqGkYQkFxn6Xhx7eBxbi1EqxkWkJM2GmJZChRgQmOGqJ fUtYeWY/TcEBYm6Cj2fjUbZ0tN6kVfN8UM0IUjRAf50X3cTaD2f1Qx8o6T+80Nsd1gAE vKdLkajM6C38wgDX6mCzkWdbGCwNTfXYbPz0usCsDgSQkQN0KU8EjgyM+sa4A5sfcdGV uTaQ== X-Gm-Message-State: AOJu0YyNhYK4PxOHMdek7cnqxWc9HpMtScIMpgI1AbwmlCzXPNBe7fpb zwb2eBomqSPW4hfLW/6OcgMD5fAwCmuWr+9qCgKbo27cXwX/SaGeGlxyPYg38InQ+C4aaCMOJHm iDUU= X-Google-Smtp-Source: AGHT+IE9CT5VwYO9x+FSRC93BTd+jTG6LWefNPAdZq8fLw4zoV+auijpgLuxQV8WKwdB/vn2wmh9iw== X-Received: by 2002:a05:6a00:928c:b0:6e6:a8f5:6dc9 with SMTP id jw12-20020a056a00928c00b006e6a8f56dc9mr4470929pfb.2.1710366535223; Wed, 13 Mar 2024 14:48:55 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.48.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:48:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 2/7] libxml2: upgrade to 2.11.7 Date: Wed, 13 Mar 2024 11:48:40 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:48:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197086 From: Lee Chee Yang libxml2 2.11.7 Security [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking libxml2 2.11.6 Regressions threads: Fix --with-thread-alloc xinclude: Fix 'last' pointer in xmlXIncludeCopyNode Bug fixes parser: Fix potential use-after-free in xmlParseCharDataInternal Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../libxml/{libxml2_2.11.5.bb => libxml2_2.11.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/libxml/{libxml2_2.11.5.bb => libxml2_2.11.7.bb} (97%) diff --git a/meta/recipes-core/libxml/libxml2_2.11.5.bb b/meta/recipes-core/libxml/libxml2_2.11.7.bb similarity index 97% rename from meta/recipes-core/libxml/libxml2_2.11.5.bb rename to meta/recipes-core/libxml/libxml2_2.11.7.bb index fc82912df2..482ce9042d 100644 --- a/meta/recipes-core/libxml/libxml2_2.11.5.bb +++ b/meta/recipes-core/libxml/libxml2_2.11.7.bb @@ -18,7 +18,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ " -SRC_URI[archive.sha256sum] = "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6" +SRC_URI[archive.sha256sum] = "fb27720e25eaf457f94fd3d7189bcf2626c6dccf4201553bc8874d50e3560162" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780 From patchwork Wed Mar 13 21:48:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40942 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64C81C54E69 for ; Wed, 13 Mar 2024 21:48:59 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.8403.1710366537511623034 for ; Wed, 13 Mar 2024 14:48:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fHmlUOBN; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6e6ca8c8be2so103401b3a.1 for ; Wed, 13 Mar 2024 14:48:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366537; x=1710971337; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FGSWks4Y6+Z906KQpu3c1m3Gz8kmCpIXHIXvHbhj1aY=; b=fHmlUOBNMo6whCEKFFZ2G6Eor0K2039b8olVjPld7ubjkmtVqFCJLmcehZs4Aci32u q2pU/JylbwUZs147QDaL6EodSpAmvXAvUjPtqjybghvt40czyucr5ZOeEr8/3gR96ZEu LBxDmE3uHomsUQQvBUDGbA6HoEU2f7lB+kk50YW4Kvf8LDNjyNQVbhff74iwTvpQI0r2 YdTagcG7voufnyebuINxy+GiZBHIBbFTsK43ND6hiA4gu1TB5fl9WP856fm4u+E0iCPB iTsHt7nzwqNgwjpC5SjGH4MG9RWg6VhjFQdAOptW+nOnraThAVn+Y0xOggGxQGcQj7g1 Vcmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366537; x=1710971337; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FGSWks4Y6+Z906KQpu3c1m3Gz8kmCpIXHIXvHbhj1aY=; b=gBgM+IH/ZnepXEty7fLaXLVM78AT87NBKtfBq7I2/41/JQNoUVHzBTg/xavc/rJ9+V M8UDUFilQCK5WVSPX9wQnCf9XoLdYJnR7w3F00Ca9xCeK2eGDaPEJbJVFlUy+DbFj5bb sQov2fMW3O9s7w0CeOh6gw7W3sgvgE9wWNlgqNIPof4lIsIc0jbV86bs0G+Y1/VzMZcf 1exSNL0lPGH5bOznCYz50BZ8jGnrpzZtgJEEqEvP9EUcUdZli6Ht21mYLX7RoPoRrgCk Fe3TcDTgm+YIQFkkrvc1qDVXCdJT8GH+xEgPAebWz0emjk6FE0i7ZEcPqQDiah7+n3Ho 1YHQ== X-Gm-Message-State: AOJu0YyJpJXMIqyGc/WFM+LVJanijv1i1m0R+lamJUOeMCf8aFBSOqvj gbvauTxiDXjlDcq9M2E/CL1M+4vIETZuFSRkNB43/UvqSisW7CuEd5T7Qwrs7FgaSX32jgGuJPM cS6k= X-Google-Smtp-Source: AGHT+IFiboiYMFmfEqwDYeNN4vW/ZBKXtU1d+SLSl4n08vE8RdOTZhxaTVXFnB1QrMUz6yAlyZ54rw== X-Received: by 2002:a05:6a00:9388:b0:6e6:9ac4:bc17 with SMTP id ka8-20020a056a00938800b006e69ac4bc17mr4067658pfb.5.1710366536707; Wed, 13 Mar 2024 14:48:56 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.48.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:48:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 3/7] python3-jinja2: upgrade 3.1.2 -> 3.1.3 Date: Wed, 13 Mar 2024 11:48:41 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:48:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197087 From: Wang Mingyu Changelog: ========== -Fix compiler error when checking if required blocks in parent templates are empty. -xmlattr filter does not allow keys with spaces. -Make error messages stemming from invalid nesting of {% trans %} blocks more helpful upgrade include fix for CVE-2024-22195. (cherry-pick from Oe-Core rev 8a0524464583d69df7746253f5020c2c125a8e1f) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-jinja2_3.1.2.bb => python3-jinja2_3.1.3.bb} (92%) diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb similarity index 92% rename from meta/recipes-devtools/python/python3-jinja2_3.1.2.bb rename to meta/recipes-devtools/python/python3-jinja2_3.1.3.bb index fa6d930a9c..18057809c8 100644 --- a/meta/recipes-devtools/python/python3-jinja2_3.1.2.bb +++ b/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/Jinja2/" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852" +SRC_URI[sha256sum] = "ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90" PYPI_PACKAGE = "Jinja2" From patchwork Wed Mar 13 21:48:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40945 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72DABC54E68 for ; Wed, 13 Mar 2024 21:48:59 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.8551.1710366538915977498 for ; Wed, 13 Mar 2024 14:48:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LNR7Yj/y; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6e6afb754fcso348576b3a.3 for ; Wed, 13 Mar 2024 14:48:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366538; x=1710971338; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UTlZdo2HB/rHSd3Ebsb4amwtkRBmvSqGh1nnjnraosQ=; b=LNR7Yj/yciXbiEGPo/Q4C0IFY15zXrQpov+fADKCvj/TFm/ZSgsAHsN+klYB91khb6 43sRcFTMhJN6fdGPRR6z0PHiGRJ6OB62xMY75o42idMvHLHN/PIToWYQFlwldm40hLms lnLrNtIoqq1PHXY8KN1UbFF9gNYtkUyVeMdzB+Ullknwptc+ElCyXhpJL0gvk2c2VhdU RmoD9594RlAXEQ8bsvDgOZwpLgskoTTKf4iy9aB6ZS7AQLLRnGtoYzkFJJPMcTTR8Fih TKeHbwalIsgEQFj9l1ljVgCtYI/SovabKlthgFohSBWjx3vW/q1hU8V2tZkyrIks1mmP JkqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366538; x=1710971338; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UTlZdo2HB/rHSd3Ebsb4amwtkRBmvSqGh1nnjnraosQ=; b=mCJ4paRathIG5qZr1UGkqCP97kkyfJ7JHe5wllActGI4hn2d+q9+4PdsjDFAwGDB2P Y76cUWv72c3+Vzqa2BwKKuOsBTYb3qizJR579ZFQCl2+ThiYvlJagMnwB/uJKRF8W+/4 1v4rsuiYfEYYhgKnnSod2E1m2UKS7OR3w5xJg2xnfIQ7TfOYDsIItX79FQmXjaepFm3C TWc68EO6FIkf40Zjg0ypdLakXxqhuPzJ8YxMVsyC0RygcTovtOrLEQUtdx+girjRblWL nhVbiDy/n1wSkH1hpQDIMXR7g0Ga/RlHqw1EJnj9kd58all7kn/r4WseOrWGmxeQEpP0 8bjA== X-Gm-Message-State: AOJu0YzDP3FDURJESb6u/EoNDVzxbtC2bZWoYc7IS9ycgvThOPG7CAe4 EzRDPR6gnPgsLZxWCoov4A8aEtlMAoGdzFK9Xps8R7yVqaHbudXhphSgJcGKxTBRxDt5vcX5Sc6 deQc= X-Google-Smtp-Source: AGHT+IGrzuHbrjXRvj/+mLaKo4edgdxyWiqG7CJFrPVKjhHEEPuPuyhgYVKBZ9JgaTRzG0IVC9/yTg== X-Received: by 2002:a05:6a00:23d6:b0:6e6:ab7a:7753 with SMTP id g22-20020a056a0023d600b006e6ab7a7753mr4824601pfc.21.1710366538200; Wed, 13 Mar 2024 14:48:58 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.48.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:48:57 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 4/7] bind: upgrade 9.18.20 -> 9.18.21 Date: Wed, 13 Mar 2024 11:48:42 -1000 Message-Id: <6977b7ac4202a1dd4264a6b4e4e6fd5c3dc07d37.1710366394.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:48:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197088 From: Wang Mingyu bind-ensure-searching-for-json-headers-searches-sysr.patch refreshed for 9.18.21 Changelog: ========== -Improve LRU cleaning behaviour. -The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are deprecated; a warning will be logged if they are used. -BIND might sometimes crash after startup or re-configuration when one 'tls' entry is used multiple times to connect to remote servers due to initialisation attempts from contexts of multiple threads. That has been fixed. -Dig +yaml will now report "no servers could be reached" also for UDP setup failure when no other servers or tries are left. -Recognize escapes when reading the public key from file. -Dig +yaml will now report "no servers could be reached" on TCP connection failure as well as for UDP timeouts. -Deprecate AES-based DNS cookies. (cherry-pick from Oe-core rev b750d54622a0fa0a35d83ddc59f07661e903360b) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- ...nd-ensure-searching-for-json-headers-searches-sysr.patch | 6 +++--- .../bind/{bind_9.18.20.bb => bind_9.18.21.bb} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-connectivity/bind/{bind_9.18.20.bb => bind_9.18.21.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..38d07cae39 100644 --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 246087f89e9434b726c7884e4c0964f71084f091 Mon Sep 17 00:00:00 2001 +From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -33,10 +33,10 @@ Signed-off-by: Paul Gortmaker 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 10e8bf6..bf20690 100644 +index 2ab8ddd..92fe983 100644 --- a/configure.ac +++ b/configure.ac -@@ -814,7 +814,7 @@ AS_CASE([$with_lmdb], +@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], [no],[], [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], [ac_lib_lmdb_found=yes], diff --git a/meta/recipes-connectivity/bind/bind_9.18.20.bb b/meta/recipes-connectivity/bind/bind_9.18.21.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.20.bb rename to meta/recipes-connectivity/bind/bind_9.18.21.bb index 187685eef5..f5fb4bd1e5 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.20.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.21.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "4b891ebf58d3f2a7ac3dd2682990f528a3448eaa1c992ddc5c141b8587a98ec5" +SRC_URI[sha256sum] = "a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Wed Mar 13 21:48:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40947 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85A7BC54E58 for ; Wed, 13 Mar 2024 21:49:09 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.8553.1710366540666953448 for ; Wed, 13 Mar 2024 14:49:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=IFTdbCWl; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6e6b75211ceso375555b3a.0 for ; Wed, 13 Mar 2024 14:49:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366540; x=1710971340; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xUXTfFlI5OGYQmFbu4opdr6VwEchpZhbKknQJNqgwnw=; b=IFTdbCWlF7yRwzT12tzNitI6Ynsl5XdmnzQzYRHeQA6LTbETpf2x679PXV4vX/Dm2X 0x8YvHggkp0FmuUeG9EYYM+lZoil/lp2rZ0B0FOuDYrYMwh2EmBN9VpE7g1Hc4sGRtry saMl8bel+hTU3VvzmtmE0OxifpTOQhd16i5fQ56R86N5We7FasxGSIJ6h25kF6rC5HJ/ IOmLBuGM58H7F09DR3eU0shCjdqt+eZbnTGxQcAFKryuC9RwwZzsu2CgcFlmDtV3Qa0g 2jrTovnpq9okBMDy0gFBNXHHxvn0wMT5Y3eT18XTUx+aqOJn+tH1hliixyM2tGAAXKFT AQWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366540; x=1710971340; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xUXTfFlI5OGYQmFbu4opdr6VwEchpZhbKknQJNqgwnw=; b=fqrx9YG4Q98mrbBdWxwGOrERDpDz3KsN9ja0SXGYK6eXAKeKBACmVFS/b9tbBDk3UA dmg3WMEUiBs/OtqfZqpClITxLuGCrgdXwdlvBecne0XNsoI1sjY8ctj1zDTFdZ5jQ1mg uIQfY9JAvUdf1XTA13wPP8ghaiWcS6ES7l4QicSdi8R3uJlHUhCFDR9cQT6PZdqv7Pgq 4UTC2/DtAVZ3bodSE1QZ/RzHDcQ35XWIOHN8Lw+4OyReqDbLz7fSvXMIpXLNUU9+0eEY x8NBVa6h5mSxSTQ6GtCHkmD5nwswonZWp0BQ+6hroILx2Jn+wWuLAuGuGkiMtdiSlhm5 UFNA== X-Gm-Message-State: AOJu0Yx9LRdvK+ZyLGAx09e6g6TeZXYk1sJvsVEZu6xXuAkXNWATd6tg X5lytugcLKh8H0xq1OSnlgK2HB0zQKRMd/NM7V3Vmi1ajrOREoWUKJT1P/++CbFX8F11pGexK42 ApMg= X-Google-Smtp-Source: AGHT+IGXAMCSXh/rmGBROB4U4sshm9Ke9gBtnSAM9YCoLRTaU1BPg0ZJw25OpjpkpPUyG5Xa5oWozw== X-Received: by 2002:a05:6a21:99a1:b0:1a3:15e8:7e93 with SMTP id ve33-20020a056a2199a100b001a315e87e93mr258083pzb.56.1710366539893; Wed, 13 Mar 2024 14:48:59 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.48.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:48:59 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 5/7] bind: Upgrade 9.18.21 -> 9.18.24 Date: Wed, 13 Mar 2024 11:48:43 -1000 Message-Id: <61fa2f52045b7a1553249c33263b5fd32444a305.1710366394.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:49:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197089 From: Soumya Sambu Changelog: ========= 9.18.24: - Fix case insensitive setting for isc_ht hashtable. [GL #4568] 9.18.23: - Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) [GL #4424] - Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234] - Under some circumstances, the DoT code in client mode could process more than one message at a time when that was not expected. That has been fixed. [GL #4487] 9.18.22: - Limit isc_task_send() overhead for RBTDB tree pruning. [GL #4383] - Restore DNS64 state when handling a serve-stale timeout. (CVE-2023-5679) [GL #4334] - Specific queries could trigger an assertion check with nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281] - Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234] - Address race conditions in dns_tsigkey_find(). [GL #4182] - Conversion from NSEC3 signed to NSEC signed could temporarily put the zone into a state where it was treated as unsigned until the NSEC chain was built. Additionally conversion from one set of NSEC3 parameters to another could also temporarily put the zone into a state where it was treated as unsigned until the new NSEC3 chain was built. [GL #1794] [GL #4495] - Memory leak in zone.c:sign_zone. When named signed a zone it could leak dst_keys due to a misplaced 'continue'. [GL #4488] - Log more details about the cause of "not exact" errors. [GL #4500] - The wrong time was being used to determine what RRSIGs where to be generated when dnssec-policy was in use. [GL #4494] - The "trust-anchor-telemetry" statement is no longer marked as experimental. This silences a relevant log message that was emitted even when the feature was explicitly disabled. [GL #4497] - Fix statistics export to use full 64 bit signed numbers instead of truncating values to unsigned 32 bits. [GL #4467] - NetBSD has added 'hmac' to libc which collides with our use of 'hmac'. [GL #4478] (cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3) Signed-off-by: Soumya Sambu Signed-off-by: Richard Purdie Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../bind/{bind_9.18.21.bb => bind_9.18.24.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.21.bb => bind_9.18.24.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.21.bb b/meta/recipes-connectivity/bind/bind_9.18.24.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.21.bb rename to meta/recipes-connectivity/bind/bind_9.18.24.bb index f5fb4bd1e5..2874990320 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.21.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5" +SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Wed Mar 13 21:48:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40948 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 923A3C54E69 for ; Wed, 13 Mar 2024 21:49:09 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.8412.1710366542902588387 for ; Wed, 13 Mar 2024 14:49:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VftEo2Vx; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6e6b54a28d0so331712b3a.2 for ; Wed, 13 Mar 2024 14:49:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366542; x=1710971342; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+B31k29ly0flI5uWUarMsSP9FeJeHefT+R7AHZ87zj4=; b=VftEo2VxXFlRBCkIktjQ2H5vP1mhMdSwhlSQ0msxxw462NePD+7nTKr4mHijEN8LYl KMUUYW/6jb2/wWG/63ZAK3Mfl47PKg/x9N6zi8Wh6xVbkF+e9FqsUR8CNZStbU+CNWHE WzVu1XShoBEC9UHE18N+wa4Sokb/L42Zx1Ba1Iu5fli+LhsIp7VtjKSzm5wf1GvJd/wq iGzoFlYEa0EnyTZ4wFweC/+4BvAEgYw0CbXpJolaO2SNz4iYxdFa8+O6dZt9qRPVJ83w AlSsMfScz9NTMnH1Cz7MjqCVbfpXoclce0ANTnvakORVlaK80ixA55iA1Pueq3JQf+KE oREA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366542; x=1710971342; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+B31k29ly0flI5uWUarMsSP9FeJeHefT+R7AHZ87zj4=; b=dgA03t0S1iTGAKHIhYkzrUiWRzwlTqWaDBXQ8K/d+0SBMr2ZoblE3ZdfV48gkB0ocm 8svXY6mXZLCmU/MbWp+0qjZJUfL6B8yKF7SlfIxD9AXpE5gw38Zqk/uww2IE3sBUQfQ9 It+DE9BNcAgdpn355Yn6M5fpYL2BmeAlo9BTB0ZfFItE2ggmevpG1QwJgHSKNtYl5GmS MNPO0dNKzSCTeE/3sBjr+KItZE7TAqYZP+En89GsD8TXiD37fNxvQ08ycu/HWgms8zjc iAI4x2CbK/5UmIFypLHv5nvcgjaYVuaTOlB5JKATjm7k9gYfrOArwHRQ5VZF0Q4EH42z j1RQ== X-Gm-Message-State: AOJu0Yw7uJo2I+WGJ918Nu9JipQC+9SCEG5fIVVoDFJrVy8gmiNP7T9s o+lLEEJI3rZ6BLFFVKVHQ96KJThaSzIWRFqRaspSo4+wBol37U+WH0hMQzP88ypWhP4BuH/Ut2x blkA= X-Google-Smtp-Source: AGHT+IEudp5sJnSFiXUp1gErWn0hIBRzUDkO+Jd51/fzpQP2fDczvRfxhxEdH8Fr+acSFcMyKtVSJw== X-Received: by 2002:a05:6a00:8cc9:b0:6e6:c38e:e8a6 with SMTP id ij9-20020a056a008cc900b006e6c38ee8a6mr1461482pfb.4.1710366541399; Wed, 13 Mar 2024 14:49:01 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.49.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:49:01 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 6/7] gnutls: upgrade 3.8.1 -> 3.8.2 Date: Wed, 13 Mar 2024 11:48:44 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:49:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197090 From: Wang Mingyu Changelog: ============ ** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. ** libgnutls: Add API functions to perform ECDH and DH key agreement ** libgnutls: Added support for AES-GCM-SIV ciphers ** libgnutls: transparent KTLS support is extended to FreeBSD kernel ** gnutls-cli: New option --starttls-name (cherry-pick from Oe-Core rev 3c01bb0be8ddafa0aa1ad996ec524b51fd28f512) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../recipes-support/gnutls/{gnutls_3.8.1.bb => gnutls_3.8.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/gnutls/{gnutls_3.8.1.bb => gnutls_3.8.2.bb} (97%) diff --git a/meta/recipes-support/gnutls/gnutls_3.8.1.bb b/meta/recipes-support/gnutls/gnutls_3.8.2.bb similarity index 97% rename from meta/recipes-support/gnutls/gnutls_3.8.1.bb rename to meta/recipes-support/gnutls/gnutls_3.8.2.bb index 455031dd47..43fb5c4c4e 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.1.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.2.bb @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://Add-ptest-support.patch \ " -SRC_URI[sha256sum] = "ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c" +SRC_URI[sha256sum] = "e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest From patchwork Wed Mar 13 21:48:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 40946 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85AB4C54E68 for ; Wed, 13 Mar 2024 21:49:09 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.8413.1710366543576025612 for ; Wed, 13 Mar 2024 14:49:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=RrDqzCth; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-6e6b5aa0b52so333470b3a.3 for ; Wed, 13 Mar 2024 14:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710366543; x=1710971343; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lGda8R+JB0CT20aMqoq3pbGuVVwit8KQz1dE5RTyw0U=; b=RrDqzCthUYkc4Ax49Ju9M5oV++Kbji1jxGBgJdGw/FC6cjBrRAwQmHCPzJ/9jrlS+/ hL2IlgdMcF2H0p6Tfu/0G+XRVIdcVTog8xF79knMIN8+NZ+FJP0XMNKCtI0F5ObONhzV TYrM/+j3vISs4x9YgUpKCVJMLXbniQCBjsfq73BY92+E551RHmn62Ov5+MF+gyU8260t Lm4RfL0I8KbvFgRMa50vd7t5Pf2mHFB2LGgOI3xyx8QDmd6gyKLsUvzsIY1lf+YJo6jw vqZPGvZMi1N83QD1c0nryNOLzriYpGm7Y1lbu3XvrM/2jyt5gZIIDMMeVNNk8hxjBx0I Gztg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710366543; x=1710971343; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lGda8R+JB0CT20aMqoq3pbGuVVwit8KQz1dE5RTyw0U=; b=ZKBoYgo5wQjm+NsVoin9LGJejrHBpSupinWBfvsHDMDsztQKdMH16XVJ+fwVT2q//+ B9U/XayHn1hJigZsNoEJdnj1A1svJEr3wFp71W3AanV8kU8PSsiM8xjkvbYvde1/9D1B Ca5shX7O5C2t8uqnttU0JhAOPcOBy+EME+gCHbIzqC2reB210E0MngyRuRYOF8AQdvkB 9t0n2L+nTu63kC/dTI8grFxGkn1xMqSQf42UXdX8ORk+EcRGfMJpf92t26Y+jMBNfNCV 7L/I1+rsZ/2rwLZtZHkfjH+ati+aZVgjh5zrB2NHI21oi/oL4Tek3XMf23A6n3sHuAG5 8HVw== X-Gm-Message-State: AOJu0YyHgTbgomB3JQ/ccJUb7RzJR7WKRJ4wmLROLb5gMicnUdrtWdbe IYTIqzp1Z7JZYAc4u23q+K3JYqYCBL00e7qNkWTJcZlKi7YI6UzJzjOOEIxu1NsxTGAOAOhwqGk rJmM= X-Google-Smtp-Source: AGHT+IGC+J3N+6oxBk9uU1LFSsjKlTwc/hTSRpgIMPTTKhbaJZf2kjsZRJYsZDJFqB8m062fu4ipAQ== X-Received: by 2002:a05:6a20:3c87:b0:1a3:3382:5106 with SMTP id b7-20020a056a203c8700b001a333825106mr256443pzj.15.1710366542911; Wed, 13 Mar 2024 14:49:02 -0700 (PDT) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id it17-20020a056a00459100b006e6b2beb030sm87226pfb.48.2024.03.13.14.49.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:49:02 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 7/7] gnutls: Upgrade 3.8.2 -> 3.8.3 Date: Wed, 13 Mar 2024 11:48:45 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 13 Mar 2024 21:49:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/197091 From: Simone Weiß Upgrade version to adress recent CVE findings. Changelog ========= ** libgnutls: Fix more timing side-channel inside RSA-PSK key exchange [GNUTLS-SA-2024-01-14, CVSS: medium] [CVE-2024-0553] ** libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures [GNUTLS-SA-2024-01-09, CVSS: medium] [CVE-2024-0567] ** libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. (cherry-pick from Oe-Core rev 705d2972b38efc9f331e3635c07ca92f8812b365) Signed-off-by: Simone Weiß Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/gnutls/{gnutls_3.8.2.bb => gnutls_3.8.3.bb} (97%) diff --git a/meta/recipes-support/gnutls/gnutls_3.8.2.bb b/meta/recipes-support/gnutls/gnutls_3.8.3.bb similarity index 97% rename from meta/recipes-support/gnutls/gnutls_3.8.2.bb rename to meta/recipes-support/gnutls/gnutls_3.8.3.bb index 43fb5c4c4e..27d6753be0 100644 --- a/meta/recipes-support/gnutls/gnutls_3.8.2.bb +++ b/meta/recipes-support/gnutls/gnutls_3.8.3.bb @@ -25,7 +25,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://Add-ptest-support.patch \ " -SRC_URI[sha256sum] = "e765e5016ffa9b9dd243e363a0460d577074444ee2491267db2e96c9c2adef77" +SRC_URI[sha256sum] = "f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest