CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Signed-off-by: Soumya <soumya.sambu@...> --- .../perl/files/CVE-2023-31484.patch | 29 ++++++++++++++++++

From: Ross Burton <ross.burton@...> These CVEs have all been fixed <6.1.30, which is the default linux-yocto kernel version. Signed-off-by: Ross Burton <ross.burton@...> --- .../distro/include/cve-ext

From: Bruce Ashfield <bruce.ashfield@...> Updating to the latest korg -stable release that comprises the following commits: 76ba310227d2 Linux 6.1.32 cd51ba98aeaa tools headers UAPI: Sync the linux/in

From: Bruce Ashfield <bruce.ashfield@...> Updating to the latest korg -stable release that comprises the following commits: d2869ace6eeb Linux 6.1.31 2f32b89d8120 net: phy: mscc: add VSC8502 to MODULE

From: Ross Burton <ross.burton@...> Backport a patch from upstream to fix CVE-2023-1972. Signed-off-by: Ross Burton <ross.burton@...> --- .../binutils/binutils-2.40.inc | 1 + ...emory-access-when-an-a

Hello, I have found an issue in the rootfs routine. The rootfs-postcommands.bbclass has a funtion systemd_create_users that reads /etc/sysusers.d/*.conf files and parses lines as 'type name id comment

Ignoring the kernel issues: Wrong ninja, sent ignore. Still open. Fixed in our version, CPE update sent. Still open. Fixed in 2.5.0, CPE update sent. Patch still in review on GitLab. Simple fix, build

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devto

From: Ross Burton <ross.burton@...> This minor point release fixes CVE-2023-25652 and CVE-2023-29007. Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-devtools/git/{git_2.39.2.bb =3D> git

Changelog: https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3 The following patch files were removed because they are in v1.5.3: 0001-run-xtests.sh-check-whether-files-exist.patch 0001-pam_mot

From: Ross Burton <ross.burton@...> Drop the merged fix for CVE-2023-28879. Signed-off-by: Ross Burton <ross.burton@...> --- .../ghostscript/cross-compile.patch | 40 ------------- .../ghostscript/cve-

Fixing of improper sanitization of CSS values in html/template Signed-off-by: Ashish Sharma <asharma@...> --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-24539.patch | 60 ++++++

From: Luca Ceresoli <luca.ceresoli@...> Writing a simple recipe that inherits kernel.bbclass and downloads a kernel tarball (e.g. a mainline release from kernel.org) via http or ftp fails with either:

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- .../pkgconf/{pkgconf_1.9.4.bb =3D> pkgconf_1.9.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename me

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-graphics/piglit/piglit_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/r

From: Ross Burton <ross.burton@...> Signed-off-by: Ross Burton <ross.burton@...> --- meta/recipes-gnome/gtk+/{gtk+3_3.24.37.bb =3D> gtk+3_3.24.38.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(

From: Ross Burton <ross.burton@...> Backport a patch from upstream to fix the build on 32-bit platforms, and remove the COMPATIBLE_HOST restriction. Signed-off-by: Ross Burton <ross.burton@...> --- ..

Hi all Recently, I want to build an image of aarch64_be, but it seems go badly. Those recipes that "inherit meson" have the following error: ---------------------------------------- | ../fribidi-1.0.1

This is a new PEP517 compatible build class for python modules that use pyproject.toml and this: [build-system] build-backend = 'mesonpy' The new class uses python3-meson-python-native. Signed-off-by:

From: Narpat Mali <narpat.mali@...> Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint.