Please review this set of patches for dunfell and have comments back by end of day Wednesday.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3253 The following changes since commit 88c0290520c9e4982d25c20e783bd91eec016b52: libusb1: correct SRC_URI (2022-02-07 04:40:13 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Alexander Kanavin (1): ruby: correctly set native/target dependencies Bruce Ashfield (3): linux-yocto/5.4: update to v5.4.173 linux-yocto/5.4: update to v5.4.176 linux-yocto/5.4: update to v5.4.178 Christian Eggers (1): sdk: fix search for dynamic loader Florian Amstutz (1): devtool: deploy-target: Remove stripped binaries in pseudo context Martin Beeger (1): cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file Purushottam Choudhary (1): freetype: add missing CVE tag CVE-2020-15999 Richard Purdie (1): default-distrovars.inc: Switch connectivity check to a yoctoproject.org page Ross Burton (1): lighttpd: backport a fix for CVE-2022-22707 Saul Wold (1): recipetool: Fix circular reference in SRC_URI Stefan Herbrechtsmeier (1): cve-check: create directory of CVE_CHECK_MANIFEST before copy Steve Sakoman (5): expat: fix CVE-2022-23990 connman: fix CVE-2022-23096-7 connman: fix CVE-2022-23098 connman: fix CVE-2021-33833 wpa-supplicant: fix CVE-2022-23303-4 Sundeep KOKKONDA (1): binutils: Fix CVE-2021-45078 bkyleruss...@gmail.com (1): rpm: fix intermittent compression failure in do_package_write_rpm wangmy (1): linux-firmware: upgrade 20211216 -> 20220209 meta/classes/cve-check.bbclass | 1 + meta/classes/sanity.bbclass | 2 +- .../distro/include/default-distrovars.inc | 2 +- meta/files/toolchain-shar-relocate.sh | 2 +- .../connman/connman/CVE-2021-33833.patch | 72 +++ .../connman/connman/CVE-2022-23096-7.patch | 121 ++++ .../connman/connman/CVE-2022-23098.patch | 50 ++ .../connman/connman_1.37.bb | 3 + .../wpa-supplicant/CVE-2022-23303-4.patch | 609 ++++++++++++++++++ .../wpa-supplicant/wpa-supplicant_2.9.bb | 1 + .../expat/expat/CVE-2022-23990.patch | 49 ++ meta/recipes-core/expat/expat_2.2.9.bb | 1 + .../binutils/binutils-2.34.inc | 1 + .../binutils/0001-CVE-2021-45078.patch | 257 ++++++++ .../cmake/cmake/OEToolchainConfig.cmake | 1 - ..._internal-mode-parsing-when-Tn-is-us.patch | 34 + meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 1 + meta/recipes-devtools/ruby/ruby.inc | 4 +- ...ix-out-of-bounds-OOB-write-fixes-313.patch | 100 +++ .../lighttpd/lighttpd_1.4.55.bb | 1 + ...-sfnt-Fix-heap-buffer-overflow-59308.patch | 3 + ...20211216.bb => linux-firmware_20220209.bb} | 4 +- .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- scripts/lib/devtool/deploy.py | 2 +- scripts/lib/recipetool/create.py | 2 +- 27 files changed, 1331 insertions(+), 28 deletions(-) create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23990.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch create mode 100644 meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211216.bb => linux-firmware_20220209.bb} (99%) -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162028): https://lists.openembedded.org/g/openembedded-core/message/162028 Mute This Topic: https://lists.openembedded.org/mt/89294063/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
