summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* gnutls: fix CVE-2021-4209Chee Yang Lee2022-09-162-0/+38
| | | | | | | | (From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0242 -> 9.0.0341Richard Purdie2022-09-121-2/+2
| | | | | | | | | | | | Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982. (From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport patch for CVE-2022-35252Robert Joslyn2022-09-122-0/+73
| | | | | | | | | | https://curl.se/docs/CVE-2022-35252.html (From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite: CVE-2022-35737 assertion failureHitendra Prajapati2022-09-122-0/+30
| | | | | | | | | | | | | | | | Source: https://www.sqlite.org/ MR: 120541 Type: Security Fix Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7 ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda Description: CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4. (From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0115 -> 9.0.0242Richard Purdie2022-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | Includes fixes for: CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 (From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: update from 9.0.0063 to 9.0.0115Randy MacLeod2022-08-223-92/+2
| | | | | | | | | | | | | | | | | | | | Drop crosscompile.patch which was merged as part of: 509695c1c (tag: v9.0.0065) patch 9.0.0065: \ cross-compiling doesn't work because of timer_create check Also drop: racefix.patch which may have been fixed upstream and is being tracked by: https://github.com/vim/vim/pull/10776 where upstream is asking if the different approach resolves the race condition. Let's see what's out there! (From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0021 -> 9.0.0063Richard Purdie2022-08-223-6/+67
| | | | | | | | | | | | | | | | | | Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Change from master commit: we also disable timer_create in the target case since the function isn't available in our glibc. (From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verifyHitendra Prajapati2022-08-222-0/+283
| | | | | | | | | | | | | | | | Source: https://gitlab.com/gnutls/gnutls MR: 120421 Type: Security Fix Disposition: Backport from https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5 Description: CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify. (From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: CVE-2022-34903 possible signature forgery via injection into the ↵Hitendra Prajapati2022-08-082-0/+45
| | | | | | | | | | | | | | | | | | status line Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git MR: 119424 Type: Security Fix Disposition: Backport from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6 Description: CVE-2022-34903 gnupg: possible signature forgery via injection into the status line. (From OE-Core rev: 2bf155d59e33972bbb1780e34753199b5a9192a0) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208Robert Joslyn2022-07-254-0/+411
| | | | | | | | | | | | | Backport fixes for: * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html (From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to 9.0.0021Ross Burton2022-07-161-2/+2
| | | | | | | | | | | | | | | | | | This fixes the following CVEs: - CVE-2022-2257 - CVE-2022-2264 - CVE-2022-2284 - CVE-2022-2285 - CVE-2022-2286 - CVE-2022-2287 (From OE-Core rev: 3230e5f734f69acfe05219da104e8818445c9eff) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 03c044a81a76b7505b9d5bf0d936dde75b51905e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: 8.2.5083 -> 9.0.0005Richard Purdie2022-07-153-3/+3
| | | | | | | | | | | The license checksum changed due to a major version change in the referenced file. (From OE-Core rev: cc245b75ebd8dfc4925a21e3ff08d841fef77635) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 89f34d8aa4f4572d048dbb732ca4c83d443157fb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.5034 -> 8.2.5083Richard Purdie2022-06-221-2/+2
| | | | | | | | | | | | | Includes fixes for CVE-2022-1927, CVE-2022-1942. (From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE_CHECK_WHITELIST typoRobert Joslyn2022-06-111-1/+1
| | | | | | | | | | Fix typo to properly whitelist CVE-2021-22945. (From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport CVE fixesRobert Joslyn2022-06-118-0/+730
| | | | | | | | | | | Backport patches to address CVE-2022-27774, CVE-2022-27781, and CVE-2022-27782. (From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Mark CVE-2022-29824 as not applyingRichard Purdie2022-06-111-0/+4
| | | | | | | | | | | | | | | We have libxml2 2.9.10 and we don't link statically against libxml2 anyway so the CVE doesn't apply to libxslt. (From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c) (From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2) Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Fix CVE-2021-30560omkar patil2022-06-112-0/+202
| | | | | | | | | | CVE: CVE-2021-30560 (From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817) Signed-off-by: omkar patil <omkar.patil@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1587 Out-of-bounds readHitendra Prajapati2022-06-112-0/+661
| | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118031 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933 Description: CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c. (From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEsRichard Purdie2022-06-041-2/+2
| | | | | | | | | | | | Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735 CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 (From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1586 Out-of-bounds readHitendra Prajapati2022-05-282-0/+60
| | | | | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118027 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713 Description: CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c. (From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVEs for curlSana Kazi2022-05-204-0/+304
| | | | | | | | | | | | | | | | | | | Fix below listed CVEs: CVE-2022-22576 Link: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch CVE-2022-27775 Link: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch CVE-2022-27776 Link: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258.patch (From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a) Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4681 -> 8.2.4912Richard Purdie2022-05-201-2/+2
| | | | | | | | | | | Includes fixes for CVE-2022-1381, CVE-2022-1420. (From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310Pawan Badganchi2022-05-144-0/+114
| | | | | | | | | | | | | | | | | | | Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 CVE-2022-25309.patch Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 CVE-2022-25310.patch Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f (From OE-Core rev: 1c96b8af59e105724db884967a982bb5a47a7eb1) Signed-off-by: Pawan Badganchi <badganchipv@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: don't specify gcc versionRoss Burton2022-05-031-1/+1
| | | | | | | | | | | | | There's no need to specify an ancient GCC version here as Boost will probe it. (From OE-Core rev: 9ef2a0d98d705dacf8909d846993a6d68c80e4aa) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4524 -> 8.2.4681Richard Purdie2022-04-211-3/+3
| | | | | | | | | | | | | | | License change is a date in the license file only. This includes a fix for CVE-2022-0943. (From OE-Core rev: 1c68d33f4742df9bcec7d1032dab61d676f86371) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix native build with glibc-2.34Martin Jansa2022-04-093-0/+58
| | | | | | | | (From OE-Core rev: 64ba0d40a4c77a23778c51511f2d167e2056eea3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* re2c: backport fix for CVE-2018-21232Davide Gardenal2022-03-235-1/+917
| | | | | | | | | | | | | Backport commits from the following issue: https://github.com/skvadrik/re2c/issues/219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Update to 8.2.4524 for further CVE fixesRichard Purdie2022-03-111-2/+2
| | | | | | | | | | | Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729. (From OE-Core rev: b7fa41cda88bffa5345d5b9768774cdf28f62b7b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d29988958e48534a0076307bb2393a3c1309e03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4314 -> 8.2.4424Richard Purdie2022-02-231-3/+3
| | | | | | | | | | | | | License file had some grammar fixes. Includes CVE-2022-0554. (From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 4269 -> 4134Richard Purdie2022-02-231-3/+4
| | | | | | | | | | | | | | | License text underwent changes on how to submit Uganda donations, switch from http to https urls and an update date change but the license itself is unchanged. Also, add an entry for the top level license file. This is also the vim license so LICENSE is unchanged but we should monitor it too. (From OE-Core rev: f27f15977085dbdf7da28ed8ed60c02ffa009db8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to patch 4269Ross Burton2022-02-231-2/+2
| | | | | | | | | | | | | | | | Upgrade to the latest patch release to fix the following CVEs: - CVE-2022-0261 - CVE-2022-0318 - CVE-2022-0319 (From OE-Core rev: e23cc56c6b8bd9cfb86803a1e1160a0b768cb286) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: update to include latest CVE fixesRoss Burton2022-02-231-5/+2
| | | | | | | | | | | | | | | | | | | | | Update the version to 4.2.4118, which incorporates the following CVE fixes: - CVE-2021-4187 - CVE-2022-0128 - CVE-2022-0156 - CVE-2022-0158 Also remove the explicit whitelisting of CVE-2021-3968 as this is now handled with an accurate CPE specifying the fixed version. (From OE-Core rev: faf83cac9ff82a3c795b2e8d82719bea43830f7f) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: do not report upstream version check as brokenAlexander Kanavin2022-02-231-0/+3
| | | | | | | | | | | | | | | As upstream tags point releases with every commit and the version check still reports 8.2, it should not be considered broken (e.g. current version newer than latest version) until 8.3 is released. (From OE-Core rev: 3db417e002684b4f09c52997017bed139ad95f5f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 11d8ee09b1bdec4824203dc0169093b2ae9d101a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to 8.2 patch 3752Ross Burton2022-02-2315-865/+28
| | | | | | | | | | | | | | | | | There's a fairly constant flow of CVEs being fixed in Vim, which are getting increasing non-trivial to backport. Instead of trying to backport (and potentially introduce more bugs), or just ignoring them entirely, upgrade vim to the latest patch in the hope that vim 8.3 will be released before we release Kirkstone. (From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: set PACKAGECONFIG idiomaticallyRoss Burton2022-02-231-3/+1
| | | | | | | | | | | | Don't set an empty default value and them immediately assign to it. (From OE-Core rev: ad373242381feec72d0c257031da7671281c0321) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d7565241437487618a57d8f3f21da6fed69f6b8a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "vim: fix CVE-2021-4069"Steve Sakoman2022-02-232-44/+0
| | | | | | | | | | | Prepare to cherry-pick CVE fixes from master This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f. (From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libusb1: correct SRC_URIAlexander Kanavin2022-02-161-2/+2
| | | | | | | | | | (From OE-Core rev: 88c0290520c9e4982d25c20e783bd91eec016b52) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcap: Use specific BSD license variantJoshua Watt2022-02-161-1/+1
| | | | | | | | | | | | | | | | Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b) (From OE-Core rev: 8f374ea044d5c3d2ea81917b3480149ca036674c) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: update SRC_URISteve Sakoman2022-01-111-1/+1
| | | | | | | | | | Version 10.34 tarball is no longer available at current URL, use downloads.yoctoproject.org mirror instead (From OE-Core rev: b24838b8173c6853cdcbff6512a12557e479df86) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: fix CVE-2021-4069Minjae Kim2021-12-302-0/+44
| | | | | | | | | | | Use After Free in vim/vim Upstream-Status: Backport [https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9] CVE: CVE-2021-4069 (From OE-Core rev: 9db3b4ac4018bcaedb995bc77a9e675c2bca468f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: solve CVE-2021-33560 and CVE-2021-40528Marta Rybczynska2021-12-143-85/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | This change fixes patches for two issues reported in a research paper [1]: a side channel attack (*) and a cross-configuration attack (**). In this commit we add a fix for (*) that wasn't marked as a CVE initially upstream. A fix of (**) previosly available in OE backports is in fact fixing CVE-2021-40528, not CVE-2021-33560 as marked in the commit message. We commit the accual fix for CVE-2021-33560 and rename the existing fix with the correct CVE-2021-40528. For details of the mismatch and the timeline see [2] (fix of the documentation) and [3] (the related ticket upstream). [1] https://eprint.iacr.org/2021/923.pdf [2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13 [3] https://dev.gnupg.org/T5328#149606 (From OE-Core rev: 0ce5c68933b52d2cfe9eea967d24d57ac82250c3) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libunwind: Backport a fix for -fno-common option to compileKhem Raj2021-12-082-0/+421
| | | | | | | | | | | | | | | | | | | | | | [Khem Raj] defaults for gcc is to use -fno-common this ensures that it keeps building with gcc -fno-common Fixes src/arm/Ginit.c:60: multiple definition of `_U_dyn_info_list'; mi/.libs/dyn-info-list.o:/usr/src/debug/libunwind/1.4.0-r0/build/src/../../libunwind-1.4.0/src/mi/dyn-info-list.c:28: first defined here [Philippe Coval] Change and related patch ported to dunfell branch on 1.3.1 version (From OE-Core rev: 0c12a3a3008ec1202dff3b4986029dd1a4e8f9a7) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Origin: https://github.com/openembedded/openembedded-core/commit/6cd2cf6525bcb241b3a2538e559fcef2a2084a7e Signed-off-by: Philippe Coval <philippe.coval@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: fix CVE-2021-3968 and CVE-2021-3973Ross Burton2021-12-082-0/+96
| | | | | | | | | | | | | Backport a fix for -3972, and whitelist -3968: it isn't valid as it fixes a bug which was introduced after 8.2. (From OE-Core rev: ba1ae7dcd2eeb57a6e288449a26a6121c6ccac5c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre/libpcre2: correct SRC_URIAlexander Kanavin2021-12-022-2/+2
| | | | | | | | | | | | | http://ftp.pcre.org is down, take sources according to links on http://www.pcre.org (From OE-Core rev: a1bb6b60bbde7da4496db1a2f7e48bbfb637fa4e) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 81ba0ba3e8d9c08b8dc69c24fb1d91446739229b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gmp: fix CVE-2021-43618Ross Burton2021-12-022-0/+28
| | | | | | | | | | (From OE-Core rev: abf73599c5706a8553a4b1f3553313059c4d9c69) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fb3b9a7f668a6ffd56a99e1e8b83cdbad2a4bc66) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: fix CVE-2021-3927 and CVE-2021-3928Ross Burton2021-12-023-0/+127
| | | | | | | | | | (From OE-Core rev: b3e4ae0b9fa44a6c604a6228f3e1b63a215aae74) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2001631e7a6edb7adc40ee4357466cc54472db71) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: add patch number to CVE-2021-3778 patchRoss Burton2021-12-021-6/+18
| | | | | | | | | | (From OE-Core rev: dc7789ac5277752060c7f5aeede5c4d861951e39) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 222be29051a3543ac63a0eb07019e90d44429b16) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: fix CVE-2021-3796, CVE-2021-3872, and CVE-2021-3875Ross Burton2021-12-025-2/+344
| | | | | | | | | | | | Backport patches from upstream to fix these CVEs. (From OE-Core rev: 5b69e1116a553a38506b75f5d455ff52d57ce70b) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b493eb4f9a6bb75a2f01a53b6c70762845bf79f9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "vim: fix 2021-3796"Steve Sakoman2021-12-021-50/+0
| | | | | | | | | | | This reverts commit 53ce5f292fd8d65fd89c977364ea6f7d813c7566. Reverting in preparation for fixes from master (From OE-Core rev: bf489893714d1c2d2e4694a5a1e313b661c9fdc4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linunistring: Add missing gperf-native dependencyRichard Purdie2021-11-151-0/+1
| | | | | | | | | (From OE-Core rev: fc7dddf939b04dbd5b5d92ecf3a5c422ee5caf15) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 73d3efbaeb2f412ab8d3491d2da3f3124fc009f3) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 20:13:06 +0000