<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git, branch dunfell-23.0.20</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell-23.0.20</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell-23.0.20'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2022-10-09T18:34:46+00:00</updated>
<entry>
<title>build-appliance-image: Update to dunfell head revision</title>
<updated>2022-10-09T18:34:46+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2022-10-06T22:23:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7f9b7f912e13451a4cd03b10a8090a5def68dc39'/>
<id>urn:sha1:7f9b7f912e13451a4cd03b10a8090a5def68dc39</id>
<content type='text'>
(From OE-Core rev: dbad46a0079843b380cf3dda6008b12ab9526688)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>poky.conf: bump version for 3.1.20 release</title>
<updated>2022-10-05T07:40:31+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2022-10-03T15:27:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9ae91384970637cd8880c07071fb44b7f5574012'/>
<id>urn:sha1:9ae91384970637cd8880c07071fb44b7f5574012</id>
<content type='text'>
(From meta-yocto rev: 56e2baf3d5d51a0491fb295b8a0bcacacdd1e2f9)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>documentation: update for 3.1.20</title>
<updated>2022-10-05T07:40:31+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2022-10-03T15:29:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8cf3492f4c8dff63b5fba1ce34926d4c737df48d'/>
<id>urn:sha1:8cf3492f4c8dff63b5fba1ce34926d4c737df48d</id>
<content type='text'>
(From yocto-docs rev: d2abea88ce793d2a31836cbffae096190dd54563)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>licenses: Handle newer SPDX license names</title>
<updated>2022-10-05T07:39:19+00:00</updated>
<author>
<name>Paul Barker</name>
<email>paul.barker@sancloud.com</email>
</author>
<published>2022-09-30T10:52:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d7019b183d03f596e5ce31b9dccb44fb90e1a776'/>
<id>urn:sha1:d7019b183d03f596e5ce31b9dccb44fb90e1a776</id>
<content type='text'>
License names were updated in commit 2456f523cfbb (after the dunfell
release) to match the current SPDX license list. We don't want to do any
wholesale renaming on the dunfell stable branch but we should add
mappings for the newer '*-only' names to allow for layers which support
both dunfell and newer releases.

(From OE-Core rev: 2a646cbdaca914e6f2c76ccb75065a811a9f94de)

Signed-off-by: Paul Barker &lt;paul.barker@sancloud.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bind: Fix CVEs 2022-2795, 2022-38177, 2022-38178</title>
<updated>2022-10-05T07:39:19+00:00</updated>
<author>
<name>Mathieu Dubois-Briand</name>
<email>mathieu.dubois-briand@hyprua.org</email>
</author>
<published>2022-10-03T16:17:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4d8f22bc239dbf7f89f5ef5031fced48599f564c'/>
<id>urn:sha1:4d8f22bc239dbf7f89f5ef5031fced48599f564c</id>
<content type='text'>
(From OE-Core rev: 9632481dc14868c0f92572472834a2a0c4f46e2e)

Signed-off-by: Mathieu Dubois-Briand &lt;mbriand@witekio.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>create-pull-request: don't switch the git remote protocol to git://</title>
<updated>2022-09-30T15:34:52+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2022-09-26T20:24:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=028971709f4b35719e4ebfcefb19f92f9dca82aa'/>
<id>urn:sha1:028971709f4b35719e4ebfcefb19f92f9dca82aa</id>
<content type='text'>
Many git repos prefer https:// nowadays and many removed support
for git://.

This breaks the script when using github.com even when selected remote
is ssh (git@github.com:openembedded/...), it will re-write it to git://
before calling git pull-request causing:

openembedded-core $ scripts/create-pull-request -u github -b jansa/artifacts -o pull-kernel
NOTE: Assuming local branch HEAD, use -l to override.
fatal: unable to connect to github.com:
github.com[0: 140.82.121.3]: errno=Connection timed out

warn: No match for commit ea003bd026aa24bb4c8b7562f44ed6512e921259 found at git://github.com/shr-distribution/oe-core
warn: Are you sure you pushed 'jansa/artifacts' there?
ERROR: git request-pull reported an error

(From OE-Core rev: 7a08f2ae1c12e3511b409c4535d2eab83a27b64a)

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 64c466920b808c35d1ac87b47cf438bc79becea7)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>go: Add fix for CVE-2022-32190</title>
<updated>2022-09-30T15:34:52+00:00</updated>
<author>
<name>Shubham Kulkarni</name>
<email>skulkarni@mvista.com</email>
</author>
<published>2022-09-29T14:41:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=aa449287a0d2b8cc83243519cc995571e2b92c09'/>
<id>urn:sha1:aa449287a0d2b8cc83243519cc995571e2b92c09</id>
<content type='text'>
Link: https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec

(From OE-Core rev: 3362bbb1a1ce599418dc8377043f7549f9327315)

Signed-off-by: Shubham Kulkarni &lt;skulkarni@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>golang: CVE-2022-27664 net/http: handle server errors after sending GOAWAY</title>
<updated>2022-09-30T15:34:52+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2022-09-29T12:39:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=95ba88b93546bbea9dd958b3d02c937835c4f9ce'/>
<id>urn:sha1:95ba88b93546bbea9dd958b3d02c937835c4f9ce</id>
<content type='text'>
Source: https://github.com/golang/go
MR: 121912
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479
ChangeID: 0b76a92a774279d7bffc9d6fa05564dfd8371e8c
Description:
	 CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY.

(From OE-Core rev: 4e2f723a4288ad4839fac2769e487612252b1d40)

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>vim: Upgrade 9.0.0541 -&gt; 9.0.0598</title>
<updated>2022-09-30T15:34:52+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2022-09-27T10:13:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f50439feb5bd5bb9ff45048f208be5120855a622'/>
<id>urn:sha1:f50439feb5bd5bb9ff45048f208be5120855a622</id>
<content type='text'>
Includes a fix for CVE-2022-3278.

(From OE-Core rev: bc13c16bec7a898ae3246e2a9ab586e8241af28e)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bluez: CVE-2022-39176 BlueZ allows physically proximate attackers</title>
<updated>2022-09-30T15:34:52+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2022-09-28T06:03:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e9ad2aab5ce2b0ab4b6306d6fadd93bdfcd63ae2'/>
<id>urn:sha1:e9ad2aab5ce2b0ab4b6306d6fadd93bdfcd63ae2</id>
<content type='text'>
Source: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
MR: 122140
Type: Security Fix
Disposition: Backport from https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.6
ChangeID: b989c7670a9b2bd1d11221e981eab0d162f3271c
Description:
	 CVE-2022-39176 bluez: BlueZ allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Affects "bluez &lt; 5.59"

(From OE-Core rev: 3750b576035d87633c69c0a5fc6de4854179f9b0)

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
