Please review this set of changes for styhead and have comments back by end of day Monday, December 16
Passed a-full on autobuilder: https://valkyrie.yoctoproject.org/#/builders/29/builds/628 The following changes since commit 8717a2e2161378bab4e27d515a71396b2a6bcf00: resulttool: Improve repo layout for oeselftest results (2024-12-04 07:21:02 -0800) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/styhead-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/styhead-nut Guðni Már Gilbert (4): systemd: drop intltool-native from DEPENDS systemd-boot: drop intltool-native from DEPENDS python3-poetry-core: drop python3-six from RDEPENDS dnf: drop python3-iniparse from DEPENDS and RDEPENDS Hitendra Prajapati (2): libarchive: fix CVE-2024-48957 & CVE-2024-48958 ghostscript: upgrade 10.03.1 -> 10.04.0 Peter Marko (4): builder: set CVE_PRODUCT qemu: patch CVE-2024-6505 rust: ignore CVE-2024-43402 curl: patch CVE-2024-9681 Ross Burton (1): libsndfile1: backport the fix for CVE-2024-50612 Sid-Ali (1): shadow: use update-alternatives to handle su.1 and nologin.8 .../systemd/systemd-boot_256.5.bb | 2 +- meta/recipes-core/systemd/systemd_256.5.bb | 2 +- meta/recipes-devtools/dnf/dnf_4.21.1.bb | 3 +- .../python/python3-poetry-core_1.9.0.bb | 1 - meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2024-6505.patch | 40 ++ meta/recipes-devtools/rust/rust-source.inc | 1 + .../avoid-host-contamination.patch | 6 +- ...ript_10.03.1.bb => ghostscript_10.04.0.bb} | 2 +- .../libarchive/CVE-2024-48957.patch | 36 ++ .../libarchive/CVE-2024-48958.patch | 40 ++ .../libarchive/libarchive_3.7.4.bb | 5 +- meta/recipes-extended/shadow/shadow.inc | 4 +- meta/recipes-graphics/builder/builder_0.1.bb | 3 +- .../libsndfile1/CVE-2024-50612.patch | 409 ++++++++++++++++++ .../libsndfile/libsndfile1_1.2.2.bb | 1 + .../curl/curl/CVE-2024-9681.patch | 85 ++++ meta/recipes-support/curl/curl_8.9.1.bb | 1 + 18 files changed, 630 insertions(+), 12 deletions(-) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch rename meta/recipes-extended/ghostscript/{ghostscript_10.03.1.bb => ghostscript_10.04.0.bb} (97%) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#208634): https://lists.openembedded.org/g/openembedded-core/message/208634 Mute This Topic: https://lists.openembedded.org/mt/110079942/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
