scarthgap merge request: Aug 25

Message ID	38e13100-d14c-4b90-87a9-e181e7d3690c@gmail.com
State	New
Headers	show Return-Path: <akuster808@gmail.com> ip: 209.85.128.180, mailfrom: akuster808@gmail.com) Message-ID: <38e13100-d14c-4b90-87a9-e181e7d3690c@gmail.com> Date: Sun, 25 Aug 2024 16:52:10 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Khem Raj <raj.khem@gmail.com>, OpenEmbedded Devel List <openembedded-devel@lists.openembedded.org> From: akuster808 <akuster808@gmail.com> Subject: scarthgap merge request: Aug 25 Autocrypt: addr=akuster808@gmail.com; keydata= xsDNBGNNaZMBDAC6/Mhpw3EGOOTPtIpcUHT4lI974zN/QqccMPxH4oyBPRJbjVImYs9avXwV Ae9xoWKMM/vocEZWm6SOESZSGf+7l05Eo6MxU50cIQh0/bcOcdDAtFRDk4pZIL6X7vGzvFe6 17tfNwKrTPgDFSSvq6XLUOqukInaVMHPeZum5GNnfuJswSDEQdxGTgudLWhCYwwoJ1AsVhg1 nJXjQLOGUHFAZPYMhTak5jFXwG+CFzJ1OPpoAfcjQGYEYY5k5Yr1dESl/zgZSwwRLAAXo6JZ lm1rdd0c54XG4ah6fvZkd8r05uBVvbvmrdw5OohqqWzMq7RB9DAsszLvOaxN1epwUYnpkQ6x yYRBQxt766hLxtW6+bIXUZdinUsc0cD+MlLfynTzpT3eJPhvU9EtpTkA7hlFtHrhENRlT5rE F1ZCGykIhg5J/BL/JO3AISgliu0pPLg9r6tgZKu8r2LBf05LJ1vT2P1wVwlzpAdgHKAmTDF8 MFEASfeJ4o9TrVFGbt8+cA0AEQEAAc0hYWt1c3RlcjgwOCA8YWt1c3RlcjgwOEBnbWFpbC5j b20+wsEHBBMBCAAxFiEEztCAddKAZuvtYngBeSnycbzrke8FAmNNaZQCGwMECwkIBwUVCAkK CwUWAgMBAAAKCRB5KfJxvOuR703oDAC4coUucV3gE+pNQAJcNWqIQwZHiwxbMy2fBgvTP0bx TQj6ZFl4tkiXGydUy9c2lcOj4XfaJuG85Z24IIJE0d8hWZMOZkSv5bmyB/NxbM5xRnPkHb6M n58wMSRCfNj/fsOoJE9nj5s41ktg1CA9QFBl9Dt0/8J/Mq+TxOKqYvzL4L8KEIw9nsi/yHQX ukXDwI2V01hTPZ6P7a4cZsjuvzCVN/WK2N3LzoVhQZHOOHGgx3h8XmsXMZ2ZxKjIdFTO2gFS 48zXa4+LW/ZyJIUlnBIUdSnpS826wSq6Zn3TyvLJrFD3KSviX0N48htIfiYFJmTcGdDU+Zqr wKnPQWdZXgWLsv+3deGZ8z0UCdt3n/OSwRML3gFfYd7QBLazXIkFyplFmgOLwXkf+YifwSbu P3KTOpYN9bcl1Og2zU1dPTEg7RndDAvRUUA+XWrp7VM5gZgc0UFRNkrf4CZhxuMwATCJQVPj aII+TOxThBkx6NJqXD3tvlNozjLy4fLNZd8sAsrOwM0EY01plAEMAJ5IoQo1AbOAoMYUytqx zi1uOQa+ak48yVg4llEs55D9h9ANFEY8C5CyEYyXYKjHCgepUUHDRKIMIMxxzYLKDkd8bgvt +cmi1Jj36Wrzrf9qGFq5SvGL66IoUBCTsN64UexxbnNWMDF8qO2aXLvJZtfFJfYGc1ATDw8i 96pv+FpjE3N76RdYRSFv5UGRqSKhT6jGlVMHb+Z/h1BOIsEBmbtgCozzJ45zhOY9635B4D7w i6CB2Aau3/FycPrKk/ZvkSq28tGYWwuhr/fvfvowg+IeClP1oCdKbaWsEwkGTN/PsRM8dPPe n07jesJUgpiHCUTF9oY3wJ1a86otszmWbvtJieM7vOxP3YnzF/VVFgDhTzRS0VqAjNRNOMoF E7ENS8o7uj7jrrGPuuM9cOhuDqqHwla3Rh0VX+W0//8qGZJ61oGV9paoGUb4PoRqC8ZpLrMB Z+f1VQ4iH7rzSQTOLEqGMZ+A34266TtKZKgmBxyqgNFd1HEeO4PD46ycLpnZAQARAQABwsD2 BBgBCAAgFiEEztCAddKAZuvtYngBeSnycbzrke8FAmNNaZUCGwwACgkQeSnycbzrke+SWgv/ QvvX84fAHEl7dkhla/oPdqY2bULh+hOxpo3WZmFhHi+41z2GhOJ78S3mY3yD+O7rdXkQIgIu bZDOIBMJc0lY/qKfXGpFOg5b8/hW3pYdjmUP1NQmdFK4XRLRL4OhLttgxVgO2yqDtlt9x1o3 RLgTSJNsy/gQzUJw4m1zYs9qPRz7xglHwrn0OdDwgk6UofiS31cTZgz7txdNJ5pMNEOcjsaD KE+3jd6mAOz/VTG7mH3/5z0t+g9onQmfxBFpgxSM8HVtmjT4KWkqqUJzyXLtawbxhdv+fcUv 5qUSr9ktwA8NJHmIHHcXBqiZLtLWFMJrdsgTFvjCXmTpm3ncsHS9L+JLVwIVCmUQUUCN1LhG itDSpYIEGrZObj82rX1wvxf/ZQ8VXS+owIR2F4yeeqPH/CyrPA1ASdtt+Am28/dJ2krr72at J++uLxA0cein1kjcosFDpQscnDcPzohnGyyjgEd6VwelZboIS1jt4lIa1badtV+cWMGMgM8W ApZ86eOP Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit
Series	scarthgap merge request: Aug 25 \| expand scarthgap merge request: Aug 25

Message ID

38e13100-d14c-4b90-87a9-e181e7d3690c@gmail.com

State

New

Headers

Message-ID: <38e13100-d14c-4b90-87a9-e181e7d3690c@gmail.com>
Date: Sun, 25 Aug 2024 16:52:10 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Khem Raj <raj.khem@gmail.com>,
 OpenEmbedded Devel List <openembedded-devel@lists.openembedded.org>
From: akuster808 <akuster808@gmail.com>
Subject: scarthgap merge request: Aug 25
Autocrypt: addr=akuster808@gmail.com; keydata=
 xsDNBGNNaZMBDAC6/Mhpw3EGOOTPtIpcUHT4lI974zN/QqccMPxH4oyBPRJbjVImYs9avXwV
 Ae9xoWKMM/vocEZWm6SOESZSGf+7l05Eo6MxU50cIQh0/bcOcdDAtFRDk4pZIL6X7vGzvFe6
 17tfNwKrTPgDFSSvq6XLUOqukInaVMHPeZum5GNnfuJswSDEQdxGTgudLWhCYwwoJ1AsVhg1
 nJXjQLOGUHFAZPYMhTak5jFXwG+CFzJ1OPpoAfcjQGYEYY5k5Yr1dESl/zgZSwwRLAAXo6JZ
 lm1rdd0c54XG4ah6fvZkd8r05uBVvbvmrdw5OohqqWzMq7RB9DAsszLvOaxN1epwUYnpkQ6x
 yYRBQxt766hLxtW6+bIXUZdinUsc0cD+MlLfynTzpT3eJPhvU9EtpTkA7hlFtHrhENRlT5rE
 F1ZCGykIhg5J/BL/JO3AISgliu0pPLg9r6tgZKu8r2LBf05LJ1vT2P1wVwlzpAdgHKAmTDF8
 MFEASfeJ4o9TrVFGbt8+cA0AEQEAAc0hYWt1c3RlcjgwOCA8YWt1c3RlcjgwOEBnbWFpbC5j
 b20+wsEHBBMBCAAxFiEEztCAddKAZuvtYngBeSnycbzrke8FAmNNaZQCGwMECwkIBwUVCAkK
 CwUWAgMBAAAKCRB5KfJxvOuR703oDAC4coUucV3gE+pNQAJcNWqIQwZHiwxbMy2fBgvTP0bx
 TQj6ZFl4tkiXGydUy9c2lcOj4XfaJuG85Z24IIJE0d8hWZMOZkSv5bmyB/NxbM5xRnPkHb6M
 n58wMSRCfNj/fsOoJE9nj5s41ktg1CA9QFBl9Dt0/8J/Mq+TxOKqYvzL4L8KEIw9nsi/yHQX
 ukXDwI2V01hTPZ6P7a4cZsjuvzCVN/WK2N3LzoVhQZHOOHGgx3h8XmsXMZ2ZxKjIdFTO2gFS
 48zXa4+LW/ZyJIUlnBIUdSnpS826wSq6Zn3TyvLJrFD3KSviX0N48htIfiYFJmTcGdDU+Zqr
 wKnPQWdZXgWLsv+3deGZ8z0UCdt3n/OSwRML3gFfYd7QBLazXIkFyplFmgOLwXkf+YifwSbu
 P3KTOpYN9bcl1Og2zU1dPTEg7RndDAvRUUA+XWrp7VM5gZgc0UFRNkrf4CZhxuMwATCJQVPj
 aII+TOxThBkx6NJqXD3tvlNozjLy4fLNZd8sAsrOwM0EY01plAEMAJ5IoQo1AbOAoMYUytqx
 zi1uOQa+ak48yVg4llEs55D9h9ANFEY8C5CyEYyXYKjHCgepUUHDRKIMIMxxzYLKDkd8bgvt
 +cmi1Jj36Wrzrf9qGFq5SvGL66IoUBCTsN64UexxbnNWMDF8qO2aXLvJZtfFJfYGc1ATDw8i
 96pv+FpjE3N76RdYRSFv5UGRqSKhT6jGlVMHb+Z/h1BOIsEBmbtgCozzJ45zhOY9635B4D7w
 i6CB2Aau3/FycPrKk/ZvkSq28tGYWwuhr/fvfvowg+IeClP1oCdKbaWsEwkGTN/PsRM8dPPe
 n07jesJUgpiHCUTF9oY3wJ1a86otszmWbvtJieM7vOxP3YnzF/VVFgDhTzRS0VqAjNRNOMoF
 E7ENS8o7uj7jrrGPuuM9cOhuDqqHwla3Rh0VX+W0//8qGZJ61oGV9paoGUb4PoRqC8ZpLrMB
 Z+f1VQ4iH7rzSQTOLEqGMZ+A34266TtKZKgmBxyqgNFd1HEeO4PD46ycLpnZAQARAQABwsD2
 BBgBCAAgFiEEztCAddKAZuvtYngBeSnycbzrke8FAmNNaZUCGwwACgkQeSnycbzrke+SWgv/
 QvvX84fAHEl7dkhla/oPdqY2bULh+hOxpo3WZmFhHi+41z2GhOJ78S3mY3yD+O7rdXkQIgIu
 bZDOIBMJc0lY/qKfXGpFOg5b8/hW3pYdjmUP1NQmdFK4XRLRL4OhLttgxVgO2yqDtlt9x1o3
 RLgTSJNsy/gQzUJw4m1zYs9qPRz7xglHwrn0OdDwgk6UofiS31cTZgz7txdNJ5pMNEOcjsaD
 KE+3jd6mAOz/VTG7mH3/5z0t+g9onQmfxBFpgxSM8HVtmjT4KWkqqUJzyXLtawbxhdv+fcUv
 5qUSr9ktwA8NJHmIHHcXBqiZLtLWFMJrdsgTFvjCXmTpm3ncsHS9L+JLVwIVCmUQUUCN1LhG
 itDSpYIEGrZObj82rX1wvxf/ZQ8VXS+owIR2F4yeeqPH/CyrPA1ASdtt+Am28/dJ2krr72at
 J++uLxA0cein1kjcosFDpQscnDcPzohnGyyjgEd6VwelZboIS1jt4lIa1badtV+cWMGMgM8W
 ApZ86eOP
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Series

scarthgap merge request: Aug 25 | expand

Message

Armin Kuster Aug. 25, 2024, 8:52 p.m. UTC

The following changes since commit 64c481d017c1b5b5eae619a367a5e8fa00f1b156:

   libjs-jquery-icheck: Correct LIC_FILES_CHKSUM (2024-08-14 10:19:55 -0400)

are available in the Git repository at:

   https://git.openembedded.org/meta-openembedded scarthgap-next

for you to fetch changes up to 1235dd4ed4a57e67683c045ad76b6a0f9e896b45:

   python3-twisted: Fix CVE-2024-41671 (2024-08-25 15:15:10 -0400)

----------------------------------------------------------------
Adrian Freihofer (1):
       networkmanager: remove modemmanager rdepends

Ashish Sharma (1):
       nginx: Backport fix for CVE-2024-7347

Esben Haabendal (1):
       netplan: add missing runtime dependencies

Peter Marko (2):
       libndp: Patch CVE-2024-5564
       squid: patch CVE-2024-37894

Soumya Sambu (2):
       gtk+: Fix CVE-2024-6655
       python3-twisted: Fix CVE-2024-41671

Wang Mingyu (1):
       cjson: upgrade 1.7.17 -> 1.7.18

Yogita Urade (2):
       poppler: CVE-2024-6239
       krb5: fix CVE-2024-26458 and CVE-2024-26461

  .../networkmanager/networkmanager_1.46.0.bb |    2 +-
  .../recipes-daemons/squid/files/CVE-2024-37894.patch            | 36 +
  meta-networking/recipes-daemons/squid/squid_6.9.bb |    1 +
  .../meta-python/recipes-connectivity/netplan/netplan_1.0.bb |    1 +
  .../krb5/krb5/CVE-2024-26458_CVE-2024-26461.patch               | 207 
+++++
  meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb |    1 +
  meta-oe/recipes-connectivity/libndp/libndp/CVE-2024-5564.patch  | 48 +
  meta-oe/recipes-connectivity/libndp/libndp_1.8.bb |    1 +
  .../recipes-devtools/cjson/{cjson_1.7.17.bb => cjson_1.7.18.bb} |    2 +-
  meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch             | 40 +
  meta-oe/recipes-gnome/gtk+/gtk+_2.24.33.bb |    1 +
  .../recipes-support/poppler/poppler/CVE-2024-6239-0001.patch    | 1275 
+++++++++++++++++++++++++++
  .../recipes-support/poppler/poppler/CVE-2024-6239-0002.patch    | 111 +++
  meta-oe/recipes-support/poppler/poppler_23.04.0.bb |    2 +
  .../python/python3-twisted/CVE-2024-41671-0001.patch            | 89 ++
  .../python/python3-twisted/CVE-2024-41671-0002.patch            | 251 
++++++
  meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb |    5 +
  meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch  | 34 +
  meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch  | 52 ++
  meta-webserver/recipes-httpd/nginx/nginx.inc |    2 +
  20 files changed, 2159 insertions(+), 2 deletions(-)
  create mode 100644 
meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch
  create mode 100644 
meta-oe/recipes-connectivity/krb5/krb5/CVE-2024-26458_CVE-2024-26461.patch
  create mode 100644 
meta-oe/recipes-connectivity/libndp/libndp/CVE-2024-5564.patch
  rename meta-oe/recipes-devtools/cjson/{cjson_1.7.17.bb => 
cjson_1.7.18.bb} (97%)
  create mode 100644 meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch
  create mode 100644 
meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0001.patch
  create mode 100644 
meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0002.patch
  create mode 100644 
meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch
  create mode 100644 
meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0002.patch
  create mode 100644 
meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch
  create mode 100644 
meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch

Comments

Khem Raj Aug. 26, 2024, 6:20 p.m. UTC | #1

This is merged, Thanks Armin

On Sun, Aug 25, 2024 at 1:52 PM akuster808 <akuster808@gmail.com> wrote:
>
> The following changes since commit 64c481d017c1b5b5eae619a367a5e8fa00f1b156:
>
>    libjs-jquery-icheck: Correct LIC_FILES_CHKSUM (2024-08-14 10:19:55 -0400)
>
> are available in the Git repository at:
>
>    https://git.openembedded.org/meta-openembedded scarthgap-next
>
> for you to fetch changes up to 1235dd4ed4a57e67683c045ad76b6a0f9e896b45:
>
>    python3-twisted: Fix CVE-2024-41671 (2024-08-25 15:15:10 -0400)
>
> ----------------------------------------------------------------
> Adrian Freihofer (1):
>        networkmanager: remove modemmanager rdepends
>
> Ashish Sharma (1):
>        nginx: Backport fix for CVE-2024-7347
>
> Esben Haabendal (1):
>        netplan: add missing runtime dependencies
>
> Peter Marko (2):
>        libndp: Patch CVE-2024-5564
>        squid: patch CVE-2024-37894
>
> Soumya Sambu (2):
>        gtk+: Fix CVE-2024-6655
>        python3-twisted: Fix CVE-2024-41671
>
> Wang Mingyu (1):
>        cjson: upgrade 1.7.17 -> 1.7.18
>
> Yogita Urade (2):
>        poppler: CVE-2024-6239
>        krb5: fix CVE-2024-26458 and CVE-2024-26461
>
>   .../networkmanager/networkmanager_1.46.0.bb |    2 +-
>   .../recipes-daemons/squid/files/CVE-2024-37894.patch            | 36 +
>   meta-networking/recipes-daemons/squid/squid_6.9.bb |    1 +
>   .../meta-python/recipes-connectivity/netplan/netplan_1.0.bb |    1 +
>   .../krb5/krb5/CVE-2024-26458_CVE-2024-26461.patch               | 207
> +++++
>   meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb |    1 +
>   meta-oe/recipes-connectivity/libndp/libndp/CVE-2024-5564.patch  | 48 +
>   meta-oe/recipes-connectivity/libndp/libndp_1.8.bb |    1 +
>   .../recipes-devtools/cjson/{cjson_1.7.17.bb => cjson_1.7.18.bb} |    2 +-
>   meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch             | 40 +
>   meta-oe/recipes-gnome/gtk+/gtk+_2.24.33.bb |    1 +
>   .../recipes-support/poppler/poppler/CVE-2024-6239-0001.patch    | 1275
> +++++++++++++++++++++++++++
>   .../recipes-support/poppler/poppler/CVE-2024-6239-0002.patch    | 111 +++
>   meta-oe/recipes-support/poppler/poppler_23.04.0.bb |    2 +
>   .../python/python3-twisted/CVE-2024-41671-0001.patch            | 89 ++
>   .../python/python3-twisted/CVE-2024-41671-0002.patch            | 251
> ++++++
>   meta-python/recipes-devtools/python/python3-twisted_24.3.0.bb |    5 +
>   meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch  | 34 +
>   meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch  | 52 ++
>   meta-webserver/recipes-httpd/nginx/nginx.inc |    2 +
>   20 files changed, 2159 insertions(+), 2 deletions(-)
>   create mode 100644
> meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch
>   create mode 100644
> meta-oe/recipes-connectivity/krb5/krb5/CVE-2024-26458_CVE-2024-26461.patch
>   create mode 100644
> meta-oe/recipes-connectivity/libndp/libndp/CVE-2024-5564.patch
>   rename meta-oe/recipes-devtools/cjson/{cjson_1.7.17.bb =>
> cjson_1.7.18.bb} (97%)
>   create mode 100644 meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch
>   create mode 100644
> meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0001.patch
>   create mode 100644
> meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0002.patch
>   create mode 100644
> meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch
>   create mode 100644
> meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0002.patch
>   create mode 100644
> meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-1.patch
>   create mode 100644
> meta-webserver/recipes-httpd/nginx/files/CVE-2024-7347-2.patch
>

scarthgap merge request: Aug 25

Pull-request

Message

Comments