[kirkstone,00/12] Patch review

Message ID	cover.1739912869.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.53, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/12] Patch review Date: Tue, 18 Feb 2025 13:09:53 -0800 Message-ID: <cover.1739912869.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1739912869.git.steve@sakoman.com

State

Not Applicable, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/12] Patch review
Date: Tue, 18 Feb 2025 13:09:53 -0800
Message-ID: <cover.1739912869.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Feb. 18, 2025, 9:09 p.m. UTC

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 20

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1038

The following changes since commit 5a794fd244f7fdeb426bd5e3def6b4effc0e8c62:

  build-appliance-image: Update to kirkstone head revision (2025-02-15 06:06:50 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.24

Archana Polampalli (5):
  gnutls: fix CVE-2024-12243
  ffmpeg: CVE-2025-0518
  ffmpeg: fix CVE-2024-36613
  ffmpeg: fix CVE-2024-36616
  ffmpeg: fix CVE-2024-36617

Divya Chellam (1):
  ruby: fix CVE-2024-41946

Mingli Yu (1):
  procps: replaced one use of fputs(3) with a write(2) call

Peter Marko (2):
  subversion: ignore CVE-2024-45720
  libpcre2: ignore CVE-2022-1586

Richard Purdie (1):
  scritps/runqemu: Ensure we only have two serial ports

Vijay Anusuri (1):
  libxml2: Fix for CVE-2022-49043

 .../libxml/libxml2/CVE-2022-49043.patch       |   38 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |    1 +
 .../ruby/ruby/CVE-2024-41946.patch            |  117 ++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |    1 +
 .../subversion/subversion_1.14.2.bb           |    3 +
 ...x-for-the-bye_bye-function-merge-127.patch |   58 +
 ...e-use-of-fputs-3-with-a-write-2-call.patch |   50 +
 meta/recipes-extended/procps/procps_3.3.17.bb |    2 +
 .../ffmpeg/ffmpeg/CVE-2024-36613.patch        |   38 +
 .../ffmpeg/ffmpeg/CVE-2024-36616.patch        |   37 +
 .../ffmpeg/ffmpeg/CVE-2024-36617.patch        |   38 +
 .../ffmpeg/ffmpeg/CVE-2025-0518.patch         |   34 +
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |    4 +
 .../gnutls/gnutls/CVE-2024-12243.patch        | 1160 +++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |    1 +
 .../recipes-support/libpcre/libpcre2_10.40.bb |    4 +
 scripts/install-buildtools                    |    4 +-
 scripts/runqemu                               |   17 +-
 18 files changed, 1601 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-49043.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41946.patch
 create mode 100644 meta/recipes-extended/procps/procps/0001-top-fix-a-fix-for-the-bye_bye-function-merge-127.patch
 create mode 100644 meta/recipes-extended/procps/procps/0001-top-replaced-one-use-of-fputs-3-with-a-write-2-call.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-12243.patch

[kirkstone,00/12] Patch review

Pull-request

Message