| Message ID | 20251002125926.2624522-1-skandigraun@gmail.com |
|---|---|
| Headers | show |
| Series | Cherry-picks from Master Batch G | expand |
Overall this looks good to me. On Thu, Oct 2, 2025 at 5:59 AM Gyorgy Sarvari via lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org> wrote: > > This is the last batch I intend to pick for Kirkstone for the time being. > > This batch contains once again mostly CVE fixes and various recipe corrections > (SRC_URI, RDEPENDS...). > > A world build has succeeded with these patches for arm, aarch64, x86 and x86-64 > platforms. > > Please let me know any thoughts you have about this. > > --- > > Alex Yao (1): > lcov: Fix Perl Path > > Bartosz Golaszewski (6): > python3-gsocketpool: add missing run-time dependencies > python3-txws: add missing run-time dependencies > python3-hpack: add missing run-time dependencies > python3-thrift: add missing run-time dependencies > python3-pyparted: add missing run-time dependencies > python3-send2trash: add missing run-time dependencies > > Benjamin Szőke (1): > tree: fix broken links > > Dan McGregor (1): > dash: correct licence > > Fabio Estevam (1): > multipath-tools: Use https for github > > Gyorgy Sarvari (2): > liboop: set correct LICENSE > xfce4-sensors-plugin: correct netcat PACKAGECONFIG > > Julian Haller (1): > openct: Fix typo in SUMMARY variable > > Katariina Lounento (1): > libtar: patch CVEs > > Marcus Flyckt (1): > python3-pyconnman: Add 'future' runtime dependency > > Martin Jansa (1): > ne10: append +git instead of gitr+ > > Ninette Adhikari (1): > procmail: Update status for CVE-1999-0475 > > Peter Kjellerstedt (1): > libjs-jquery-icheck: Correct LIC_FILES_CHKSUM > > Peter Marko (5): > libtinyxml: patch CVE-2021-42260 > libtinyxml: patch CVE-2023-34194 > procmail: patch CVE-2014-3618 > procmail: patch CVE-2017-16844. > synergy: patch CVE-2020-15117 > > Tim Orling (1): > span-lite: do not inherit ptest > > Wang Mingyu (1): > smarty: upgrade 4.1.0 -> 4.1.1 > > Yi Zhao (1): > libcrypt-openssl-guess-perl: fix syntax for PROVIDES > > meta-oe/recipes-shells/dash/dash_0.5.11.5.bb | 2 +- > meta-oe/recipes-support/lcov/lcov_1.14.bb | 2 +- > .../libjs/libjs-jquery-icheck_1.0.3.bb | 2 +- > .../recipes-support/liboop/liboop_1.0.1.bb | 2 +- > ...-missing-prototype-compiler-warnings.patch | 53 ++++++ > ...ix-invalid-memory-de-reference-issue.patch | 44 +++++ > ...escriptor-leaks-reported-by-cppcheck.patch | 101 +++++++++++ > ...0006-fix-memleak-on-tar_open-failure.patch | 26 +++ > ...ix-memleaks-in-libtar-sample-program.patch | 119 +++++++++++++ > ...ng-a-static-buffer-in-th_get_pathnam.patch | 89 ++++++++++ > ...-for-NULL-before-freeing-th_pathname.patch | 30 ++++ > ...-stdlib.h-for-malloc-in-lib-decode.c.patch | 26 +++ > ...amming-mistakes-detected-by-static-a.patch | 100 +++++++++++ > .../libtar/files/CVE-2013-4420.patch | 160 ++++++++++++++++++ > ...-33640-CVE-2021-33645-CVE-2021-33646.patch | 42 +++++ > .../files/CVE-2021-33643-CVE-2021-33644.patch | 52 ++++++ > .../recipes-support/libtar/libtar_1.2.20.bb | 12 ++ > .../libtinyxml/CVE-2021-42260.patch | 27 +++ > .../libtinyxml/CVE-2023-34194.patch | 31 ++++ > .../libtinyxml/libtinyxml_2.6.2.bb | 5 +- > .../multipath-tools/multipath-tools_0.8.4.bb | 2 +- > meta-oe/recipes-support/ne10/ne10_1.2.1.bb | 2 +- > .../recipes-support/openct/openct_0.6.20.bb | 2 +- > .../procmail/procmail/CVE-2014-3618.patch | 29 ++++ > .../procmail/procmail/CVE-2017-16844.patch | 20 +++ > .../recipes-support/procmail/procmail_3.22.bb | 8 +- > .../{smarty_4.1.0.bb => smarty_4.1.1.bb} | 2 +- > .../span-lite/span-lite_0.10.3.bb | 1 - > .../synergy/synergy/CVE-2020-15117.patch | 48 ++++++ > .../recipes-support/synergy/synergy_git.bb | 1 + > meta-oe/recipes-support/tree/tree_2.0.2.bb | 4 +- > .../libcrypt-openssl-guess-perl_0.15.bb | 2 +- > .../python3-gsocketpool_0.1.6.bb | 3 +- > .../python-hpack/python3-hpack_4.0.0.bb | 2 + > .../python3-pyconnman_0.2.0.bb | 2 +- > .../python-thrift/python3-thrift_0.16.0.bb | 1 + > .../python-txws/python3-txws_0.9.1.bb | 5 + > .../python3-pyparted_3.12.0.bb | 5 +- > .../send2trash/python3-send2trash_1.8.0.bb | 2 + > .../sensors/xfce4-sensors-plugin_1.4.3.bb | 2 +- > 40 files changed, 1050 insertions(+), 18 deletions(-) > create mode 100644 meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch > create mode 100644 meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch > create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch > create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch > create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch > create mode 100644 meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2021-42260.patch > create mode 100644 meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch > create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch > create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch > rename meta-oe/recipes-support/smarty/{smarty_4.1.0.bb => smarty_4.1.1.bb} (94%) > create mode 100644 meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#120169): https://lists.openembedded.org/g/openembedded-devel/message/120169 > Mute This Topic: https://lists.openembedded.org/mt/115551526/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
This is the last batch I intend to pick for Kirkstone for the time being. This batch contains once again mostly CVE fixes and various recipe corrections (SRC_URI, RDEPENDS...). A world build has succeeded with these patches for arm, aarch64, x86 and x86-64 platforms. Please let me know any thoughts you have about this. --- Alex Yao (1): lcov: Fix Perl Path Bartosz Golaszewski (6): python3-gsocketpool: add missing run-time dependencies python3-txws: add missing run-time dependencies python3-hpack: add missing run-time dependencies python3-thrift: add missing run-time dependencies python3-pyparted: add missing run-time dependencies python3-send2trash: add missing run-time dependencies Benjamin Szőke (1): tree: fix broken links Dan McGregor (1): dash: correct licence Fabio Estevam (1): multipath-tools: Use https for github Gyorgy Sarvari (2): liboop: set correct LICENSE xfce4-sensors-plugin: correct netcat PACKAGECONFIG Julian Haller (1): openct: Fix typo in SUMMARY variable Katariina Lounento (1): libtar: patch CVEs Marcus Flyckt (1): python3-pyconnman: Add 'future' runtime dependency Martin Jansa (1): ne10: append +git instead of gitr+ Ninette Adhikari (1): procmail: Update status for CVE-1999-0475 Peter Kjellerstedt (1): libjs-jquery-icheck: Correct LIC_FILES_CHKSUM Peter Marko (5): libtinyxml: patch CVE-2021-42260 libtinyxml: patch CVE-2023-34194 procmail: patch CVE-2014-3618 procmail: patch CVE-2017-16844. synergy: patch CVE-2020-15117 Tim Orling (1): span-lite: do not inherit ptest Wang Mingyu (1): smarty: upgrade 4.1.0 -> 4.1.1 Yi Zhao (1): libcrypt-openssl-guess-perl: fix syntax for PROVIDES meta-oe/recipes-shells/dash/dash_0.5.11.5.bb | 2 +- meta-oe/recipes-support/lcov/lcov_1.14.bb | 2 +- .../libjs/libjs-jquery-icheck_1.0.3.bb | 2 +- .../recipes-support/liboop/liboop_1.0.1.bb | 2 +- ...-missing-prototype-compiler-warnings.patch | 53 ++++++ ...ix-invalid-memory-de-reference-issue.patch | 44 +++++ ...escriptor-leaks-reported-by-cppcheck.patch | 101 +++++++++++ ...0006-fix-memleak-on-tar_open-failure.patch | 26 +++ ...ix-memleaks-in-libtar-sample-program.patch | 119 +++++++++++++ ...ng-a-static-buffer-in-th_get_pathnam.patch | 89 ++++++++++ ...-for-NULL-before-freeing-th_pathname.patch | 30 ++++ ...-stdlib.h-for-malloc-in-lib-decode.c.patch | 26 +++ ...amming-mistakes-detected-by-static-a.patch | 100 +++++++++++ .../libtar/files/CVE-2013-4420.patch | 160 ++++++++++++++++++ ...-33640-CVE-2021-33645-CVE-2021-33646.patch | 42 +++++ .../files/CVE-2021-33643-CVE-2021-33644.patch | 52 ++++++ .../recipes-support/libtar/libtar_1.2.20.bb | 12 ++ .../libtinyxml/CVE-2021-42260.patch | 27 +++ .../libtinyxml/CVE-2023-34194.patch | 31 ++++ .../libtinyxml/libtinyxml_2.6.2.bb | 5 +- .../multipath-tools/multipath-tools_0.8.4.bb | 2 +- meta-oe/recipes-support/ne10/ne10_1.2.1.bb | 2 +- .../recipes-support/openct/openct_0.6.20.bb | 2 +- .../procmail/procmail/CVE-2014-3618.patch | 29 ++++ .../procmail/procmail/CVE-2017-16844.patch | 20 +++ .../recipes-support/procmail/procmail_3.22.bb | 8 +- .../{smarty_4.1.0.bb => smarty_4.1.1.bb} | 2 +- .../span-lite/span-lite_0.10.3.bb | 1 - .../synergy/synergy/CVE-2020-15117.patch | 48 ++++++ .../recipes-support/synergy/synergy_git.bb | 1 + meta-oe/recipes-support/tree/tree_2.0.2.bb | 4 +- .../libcrypt-openssl-guess-perl_0.15.bb | 2 +- .../python3-gsocketpool_0.1.6.bb | 3 +- .../python-hpack/python3-hpack_4.0.0.bb | 2 + .../python3-pyconnman_0.2.0.bb | 2 +- .../python-thrift/python3-thrift_0.16.0.bb | 1 + .../python-txws/python3-txws_0.9.1.bb | 5 + .../python3-pyparted_3.12.0.bb | 5 +- .../send2trash/python3-send2trash_1.8.0.bb | 2 + .../sensors/xfce4-sensors-plugin_1.4.3.bb | 2 +- 40 files changed, 1050 insertions(+), 18 deletions(-) create mode 100644 meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch create mode 100644 meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch create mode 100644 meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch create mode 100644 meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch create mode 100644 meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch create mode 100644 meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch create mode 100644 meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch create mode 100644 meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch create mode 100644 meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch create mode 100644 meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2021-42260.patch create mode 100644 meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch rename meta-oe/recipes-support/smarty/{smarty_4.1.0.bb => smarty_4.1.1.bb} (94%) create mode 100644 meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch