[dunfell 00/11] Patch review


Steve Sakoman
 

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3537

with the exception of a known issue with meta-intel due to the zlib CVE fix, see:

https://lists.openembedded.org/g/openembedded-core/message/163793

The intent is to fix meta-intel after this patch set is merged to dunfell.

The following changes since commit aa762b7ca2417b80dd114a4ab263d69074912f82:

tzdata: update to 2022a (2022-04-04 04:22:32 -1000)

are available in the Git repository at:

git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexandre Belloni (1):
pseudo: Fix handling of absolute links

Martin Jansa (1):
license_image.bbclass: close package.manifest file

Peter Kjellerstedt (1):
metadata_scm.bbclass: Use immediate expansion for the METADATA_*
variables

Ralph Siemsen (3):
gzip: fix CVE-2022-1271
xz: fix CVE-2022-1271
apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug

Richard Purdie (4):
vim: Upgrade 8.2.4524 -> 8.2.4681
git: Ignore CVE-2022-24975
pseudo: Add patch to workaround paths with crazy lengths
libxshmfence: Correct LICENSE to HPND

Ross Burton (1):
zlib: backport the fix for CVE-2018-25032

.../recipeutils/recipeutils-test_1.2.bb | 2 +-
meta/classes/license_image.bbclass | 4 +-
meta/classes/metadata_scm.bbclass | 10 +-
.../zlib/zlib/CVE-2018-25032.patch | 347 ++++++++++++++++++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
meta/recipes-devtools/apt/apt.inc | 4 +
meta/recipes-devtools/git/git.inc | 5 +
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../gzip/gzip-1.10/CVE-2022-1271.patch | 45 +++
meta/recipes-extended/gzip/gzip_1.10.bb | 1 +
.../xz/xz/CVE-2022-1271.patch | 96 +++++
meta/recipes-extended/xz/xz_5.2.4.bb | 4 +-
.../xorg-lib/libxshmfence_1.3.bb | 2 +-
meta/recipes-support/vim/vim.inc | 6 +-
14 files changed, 515 insertions(+), 14 deletions(-)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
create mode 100644 meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2022-1271.patch

--
2.25.1

Join openembedded-core@lists.openembedded.org to automatically receive all group messages.