Please review this set of patches for dunfell and have comments back by end of day Friday.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3760 The following changes since commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939: openssl: Backport fix for ptest cert expiry (2022-06-07 11:33:46 +0100) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Bruce Ashfield (1): linux-yocto/5.4: update to v5.4.196 Hitendra Prajapati (2): e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted filesystem pcre2: CVE-2022-1587 Out-of-bounds read Marta Rybczynska (4): cve-check: move update_symlinks to a library cve-check: write empty fragment files in the text mode cve-check: add coverage statistics on recipes with/without CVEs cve-update-db-native: make it possible to disable database updates Richard Purdie (1): libxslt: Mark CVE-2022-29824 as not applying Robert Joslyn (2): curl: Backport CVE fixes curl: Fix CVE_CHECK_WHITELIST typo Steve Sakoman (3): Revert "openssl: Backport fix for ptest cert expiry" openssl: backport fix for ptest certificate expiration openssl: update the epoch time for ct_test ptest omkar patil (1): libxslt: Fix CVE-2021-30560 meta/classes/cve-check.bbclass | 86 ++- meta/lib/oe/cve_check.py | 10 + ...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 +++++ ...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 -- ...611887cfac633aacc052b2e71a7f195418b8.patch | 29 + .../openssl/openssl_1.1.1o.bb | 3 +- .../recipes-core/meta/cve-update-db-native.bb | 6 +- .../e2fsprogs/e2fsprogs/CVE-2022-1304.patch | 42 ++ .../e2fsprogs/e2fsprogs_1.45.7.bb | 1 + .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../curl/curl/CVE-2022-27774-1.patch | 45 ++ .../curl/curl/CVE-2022-27774-2.patch | 80 +++ .../curl/curl/CVE-2022-27774-3.patch | 83 +++ .../curl/curl/CVE-2022-27774-4.patch | 35 + .../curl/curl/CVE-2022-27781.patch | 46 ++ .../curl/curl/CVE-2022-27782-1.patch | 363 ++++++++++ .../curl/curl/CVE-2022-27782-2.patch | 71 ++ meta/recipes-support/curl/curl_7.69.1.bb | 9 +- .../libpcre/libpcre2/CVE-2022-1587.patch | 660 ++++++++++++++++++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + .../libxslt/libxslt/CVE-2021-30560.patch | 201 ++++++ .../recipes-support/libxslt/libxslt_1.1.34.bb | 5 + 24 files changed, 1949 insertions(+), 110 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166735): https://lists.openembedded.org/g/openembedded-core/message/166735 Mute This Topic: https://lists.openembedded.org/mt/91624649/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
