Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-3.3.5 2022-02-20T15:32:27+00:00 2022-02-20T15:32:27+00:00 Ross Burton ross@burtonini.com 2022-01-31T12:44:07+00:00 urn:sha1:a4b89c0be44b2d94dbfd46b6913cb11dcd5ab085 Upgrade to the latest patch release to fix the following CVEs: - CVE-2022-0261 - CVE-2022-0318 - CVE-2022-0319 (From OE-Core rev: e6fe342dd578ca37beeb9dfc991b67dc72c60d06) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-20T15:32:27+00:00 Ross Burton ross@burtonini.com 2022-01-17T11:20:55+00:00 urn:sha1:dec7b1947235aea4086b4889fdacc4be25f4049d Update the version to 4.2.4118, which incorporates the following CVE fixes: - CVE-2021-4187 - CVE-2022-0128 - CVE-2022-0156 - CVE-2022-0158 Also remove the explicit whitelisting of CVE-2021-3968 as this is now handled with an accurate CPE specifying the fixed version. (From OE-Core rev: 1ef8e3ec21b32d6d3654319561b24b8b1ce63243) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-10T13:25:48+00:00 Alexander Kanavin alex.kanavin@gmail.com 2022-01-27T10:20:04+00:00 urn:sha1:ba91997abebecad4f9a5162d729ed854119f046d (From OE-Core rev: da945043aef07a77be8d6663d419b5c690997688) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> (cherry picked from commit 0fccab0724769a862e31e635ffa1db3ba2f37312) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-01-25T12:07:01+00:00 Robert Joslyn robert.joslyn@redrectangle.org 2022-01-15T04:09:07+00:00 urn:sha1:8400410a4c9fc6abd3156c426ec4b3d5d9a0c60a Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947. * https://curl.se/docs/CVE-2021-22922.html * https://curl.se/docs/CVE-2021-22923.html * https://curl.se/docs/CVE-2021-22945.html * https://curl.se/docs/CVE-2021-22946.html * https://curl.se/docs/CVE-2021-22947.html 22922 and 22923 were fixed by upstream by simply removing metalink support in newer versions. These are mitigated in older versions by disabling metalink support, which was already done by the recipe, so whitelist these CVEs. 22945, 22946, and 22947 are backported with only trivial patch fuzz modifications. (From OE-Core rev: 705718cfe243e05e0975bad3b822666363ef55df) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-01-07T23:21:34+00:00 Ross Burton ross@burtonini.com 2021-12-23T04:14:39+00:00 urn:sha1:28e93e4d6d6e1229ff05332d44851602bde7c7b6 There's a fairly constant flow of CVEs being fixed in Vim, which are getting increasing non-trivial to backport. Instead of trying to backport (and potentially introduce more bugs), or just ignoring them entirely, upgrade vim to the latest patch. (From OE-Core rev: a264cf6b5a16343a66d9e88115ec9f30e832b0c4) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-12-15T07:40:30+00:00 Alexander Kanavin alex.kanavin@gmail.com 2021-11-05T08:48:12+00:00 urn:sha1:7c58687a402a1622921963a089995471ec5c4348 http://ftp.pcre.org is down, take sources according to links on http://www.pcre.org (From OE-Core rev: f6791df317e66b2d3fa88d3a038d888d4512305a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 81ba0ba3e8d9c08b8dc69c24fb1d91446739229b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-12-05T12:35:43+00:00 Ross Burton ross@burtonini.com 2021-11-22T11:40:56+00:00 urn:sha1:a73f78146ed6635d17a014edfdcdf888a1659d04 (From OE-Core rev: ebf1a7c42a9bd5a9d583248af95e0a30fa241465) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fb3b9a7f668a6ffd56a99e1e8b83cdbad2a4bc66) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-24T21:12:46+00:00 Mingli Yu mingli.yu@windriver.com 2021-11-17T09:18:26+00:00 urn:sha1:39ee281be1d3e155caf810123cedbf5833ce7045 Backport patches to fix CVE-2021-3927 and CVE-2021-3928. (From OE-Core rev: 41ba5054fc4d014ab3a2af0cc7673e275aaecee0) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-24T21:12:46+00:00 Mingli Yu mingli.yu@windriver.com 2021-11-17T09:18:24+00:00 urn:sha1:e2480fc60c49c28c32476c8f91478bab68a11724 Backport a patch to fix CVE-2021-3875. (From OE-Core rev: de2493aac4f8ea9d8e4e59efa1359567fa186319) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-11-24T21:12:46+00:00 Mingli Yu mingli.yu@windriver.com 2021-11-17T09:18:23+00:00 urn:sha1:4c5d6076492cebd5d56403e2f74dd51d58555e53 Backport 2 patches to fix below CVEs: - CVE-2021-3872 - CVE-2021-3903 (From OE-Core rev: baa351293ed036e63d0e3253f58ad4f2e448852c) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>