Please review this set of patches for kirkstone and have comments back by end of day Tuesday.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209 The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304: package.bbclass: correct check for /build in copydebugsources() (2023-04-14 07:19:08 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Hitendra Prajapati (2): ruby: CVE-2023-28756 ReDoS vulnerability in Time screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Peter Marko (1): go: ignore CVE-2022-41716 Shubham Kulkarni (1): go-runtime: Security fix for CVE-2022-41722 Siddharth Doshi (1): curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 Sundeep KOKKONDA (1): cargo : non vulnerable cve-2022-46176 added to excluded list Vivek Kumbhar (1): go: fix CVE-2023-24537 Infinite loop in parsing Xiangyu Chen (1): shadow: backport patch to fix CVE-2023-29383 .../distro/include/cve-extra-exclusions.inc | 5 + meta/recipes-devtools/go/go-1.17.13.inc | 5 + .../go/go-1.18/CVE-2022-41722.patch | 103 +++++++++ .../go/go-1.18/CVE-2023-24537.patch | 75 +++++++ .../ruby/ruby/CVE-2023-28756.patch | 73 +++++++ meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 + .../screen/screen/CVE-2023-24626.patch | 40 ++++ meta/recipes-extended/screen/screen_4.9.0.bb | 1 + .../files/0001-Overhaul-valid_field.patch | 65 ++++++ .../shadow/files/CVE-2023-29383.patch | 53 +++++ meta/recipes-extended/shadow/shadow.inc | 2 + .../curl/curl/CVE-2023-27535-pre1.patch | 196 ++++++++++++++++++ .../CVE-2023-27535_and_CVE-2023-27538.patch | 170 +++++++++++++++ .../curl/curl/CVE-2023-27536.patch | 52 +++++ meta/recipes-support/curl/curl_7.82.0.bb | 3 + 15 files changed, 844 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch create mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180302): https://lists.openembedded.org/g/openembedded-core/message/180302 Mute This Topic: https://lists.openembedded.org/mt/98435929/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
