summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
...
* libksba: fix CVE-2022-47629Chee Yang Lee2023-01-132-1/+72
| | | | | | | | (From OE-Core rev: e9f2d3e18db0c7b3e6e4ea385f54fbb8a02ad324) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade 9.0.0820 -> 9.0.0947Qiu, Zheng2022-12-231-2/+2
| | | | | | | | | | | | | | | | Includes fixes for CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 For a short list of important changes, see: https://www.arp242.net/vimlog/ (From OE-Core rev: 64c323a444f43a7c7b3390720c4d1eafa3b982ac) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 160f459febc7fb36cc0fe85c63eb26780ace3bfd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE CVE-2022-35260Mathieu Dubois-Briand2022-12-232-0/+69
| | | | | | | | (From OE-Core rev: fe81ee17a2dc9924178fdd98614ed9e264204492) Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade 9.0.0614 -> 9.0.0820Tim Orling2022-12-071-2/+2
| | | | | | | | | | | | | | | | | Includes fixes for CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 For a short list of important changes, see: https://www.arp242.net/vimlog/ (From OE-Core rev: 3251dc441a31b2d4d7acb690bd6db13f0f99a1d0) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_derVivek Kumbhar2022-12-072-0/+46
| | | | | | | | | | Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5] (From OE-Core rev: 305f1c56121436da7be39c5980fc11f779188ab7) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix CVE-2022-32221 POST following PUTVivek Kumbhar2022-11-202-0/+30
| | | | | | | | | | Upstream-Status: Backport from https://github.com/curl/curl/commit/a64e3e59938abd7d6 (From OE-Core rev: 9af175e122acb93a412ad7a099f0eaa793a1c097) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0598 -> 9.0.0614Teoh Jay Shen2022-11-091-2/+2
| | | | | | | | | | | | Include fixes for CVE-2022-3352. (From OE-Core rev: 30ade05280760253bb1de4f5d757363e1b7e4fc0) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0541 -> 9.0.0598Richard Purdie2022-09-301-2/+2
| | | | | | | | | | | | | Includes a fix for CVE-2022-3278. (From OE-Core rev: bc13c16bec7a898ae3246e2a9ab586e8241af28e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.453 -> 9.0.541Richard Purdie2022-09-301-2/+2
| | | | | | | | | | | Includes a fix for CVE-2022-3234. (From OE-Core rev: dabda290f3d40a9ef4f2b5720634280f712f554d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: Fix CVE-2021-20223Sana Kazi2022-09-232-0/+24
| | | | | | | | | | | Fix CVE-2021-20223 for sqlite3 Link: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch (From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: Fix CVE-2020-35527Virendra Thakur2022-09-232-0/+23
| | | | | | | | | | | | | Add patch file to fix CVE-2020-35527 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: Fix CVE-2020-35525Virendra Thakur2022-09-232-0/+22
| | | | | | | | | | | | | Add patch to fix CVE-2020-35525 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0341 -> 9.0.0453Richard Purdie2022-09-161-2/+2
| | | | | | | | | | | Includes fixes for CVE-2022-3099 and CVE-2022-3134. (From OE-Core rev: 46ba253059738dbd4de4bc7a7ac02a2585c498f5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d042923262130b6b96f703b5cd4184f659caeb92) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: fix CVE-2021-4209Chee Yang Lee2022-09-162-0/+38
| | | | | | | | (From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0242 -> 9.0.0341Richard Purdie2022-09-121-2/+2
| | | | | | | | | | | | Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982. (From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport patch for CVE-2022-35252Robert Joslyn2022-09-122-0/+73
| | | | | | | | | | https://curl.se/docs/CVE-2022-35252.html (From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite: CVE-2022-35737 assertion failureHitendra Prajapati2022-09-122-0/+30
| | | | | | | | | | | | | | | | Source: https://www.sqlite.org/ MR: 120541 Type: Security Fix Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7 ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda Description: CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4. (From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0115 -> 9.0.0242Richard Purdie2022-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | Includes fixes for: CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 (From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: update from 9.0.0063 to 9.0.0115Randy MacLeod2022-08-223-92/+2
| | | | | | | | | | | | | | | | | | | | Drop crosscompile.patch which was merged as part of: 509695c1c (tag: v9.0.0065) patch 9.0.0065: \ cross-compiling doesn't work because of timer_create check Also drop: racefix.patch which may have been fixed upstream and is being tracked by: https://github.com/vim/vim/pull/10776 where upstream is asking if the different approach resolves the race condition. Let's see what's out there! (From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 9.0.0021 -> 9.0.0063Richard Purdie2022-08-223-6/+67
| | | | | | | | | | | | | | | | | | Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Change from master commit: we also disable timer_create in the target case since the function isn't available in our glibc. (From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verifyHitendra Prajapati2022-08-222-0/+283
| | | | | | | | | | | | | | | | Source: https://gitlab.com/gnutls/gnutls MR: 120421 Type: Security Fix Disposition: Backport from https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5 Description: CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify. (From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: CVE-2022-34903 possible signature forgery via injection into the ↵Hitendra Prajapati2022-08-082-0/+45
| | | | | | | | | | | | | | | | | | status line Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git MR: 119424 Type: Security Fix Disposition: Backport from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6 Description: CVE-2022-34903 gnupg: possible signature forgery via injection into the status line. (From OE-Core rev: 2bf155d59e33972bbb1780e34753199b5a9192a0) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208Robert Joslyn2022-07-254-0/+411
| | | | | | | | | | | | | Backport fixes for: * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html (From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to 9.0.0021Ross Burton2022-07-161-2/+2
| | | | | | | | | | | | | | | | | | This fixes the following CVEs: - CVE-2022-2257 - CVE-2022-2264 - CVE-2022-2284 - CVE-2022-2285 - CVE-2022-2286 - CVE-2022-2287 (From OE-Core rev: 3230e5f734f69acfe05219da104e8818445c9eff) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 03c044a81a76b7505b9d5bf0d936dde75b51905e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: 8.2.5083 -> 9.0.0005Richard Purdie2022-07-153-3/+3
| | | | | | | | | | | The license checksum changed due to a major version change in the referenced file. (From OE-Core rev: cc245b75ebd8dfc4925a21e3ff08d841fef77635) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 89f34d8aa4f4572d048dbb732ca4c83d443157fb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.5034 -> 8.2.5083Richard Purdie2022-06-221-2/+2
| | | | | | | | | | | | | Includes fixes for CVE-2022-1927, CVE-2022-1942. (From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVE_CHECK_WHITELIST typoRobert Joslyn2022-06-111-1/+1
| | | | | | | | | | Fix typo to properly whitelist CVE-2021-22945. (From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport CVE fixesRobert Joslyn2022-06-118-0/+730
| | | | | | | | | | | Backport patches to address CVE-2022-27774, CVE-2022-27781, and CVE-2022-27782. (From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Mark CVE-2022-29824 as not applyingRichard Purdie2022-06-111-0/+4
| | | | | | | | | | | | | | | We have libxml2 2.9.10 and we don't link statically against libxml2 anyway so the CVE doesn't apply to libxslt. (From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c) (From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2) Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Fix CVE-2021-30560omkar patil2022-06-112-0/+202
| | | | | | | | | | CVE: CVE-2021-30560 (From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817) Signed-off-by: omkar patil <omkar.patil@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1587 Out-of-bounds readHitendra Prajapati2022-06-112-0/+661
| | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118031 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933 Description: CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c. (From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEsRichard Purdie2022-06-041-2/+2
| | | | | | | | | | | | Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735 CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 (From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1586 Out-of-bounds readHitendra Prajapati2022-05-282-0/+60
| | | | | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118027 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713 Description: CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c. (From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix CVEs for curlSana Kazi2022-05-204-0/+304
| | | | | | | | | | | | | | | | | | | Fix below listed CVEs: CVE-2022-22576 Link: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch CVE-2022-27775 Link: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch CVE-2022-27776 Link: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258.patch (From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a) Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4681 -> 8.2.4912Richard Purdie2022-05-201-2/+2
| | | | | | | | | | | Includes fixes for CVE-2022-1381, CVE-2022-1420. (From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310Pawan Badganchi2022-05-144-0/+114
| | | | | | | | | | | | | | | | | | | Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 CVE-2022-25309.patch Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 CVE-2022-25310.patch Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f (From OE-Core rev: 1c96b8af59e105724db884967a982bb5a47a7eb1) Signed-off-by: Pawan Badganchi <badganchipv@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: don't specify gcc versionRoss Burton2022-05-031-1/+1
| | | | | | | | | | | | | There's no need to specify an ancient GCC version here as Boost will probe it. (From OE-Core rev: 9ef2a0d98d705dacf8909d846993a6d68c80e4aa) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4524 -> 8.2.4681Richard Purdie2022-04-211-3/+3
| | | | | | | | | | | | | | | License change is a date in the license file only. This includes a fix for CVE-2022-0943. (From OE-Core rev: 1c68d33f4742df9bcec7d1032dab61d676f86371) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix native build with glibc-2.34Martin Jansa2022-04-093-0/+58
| | | | | | | | (From OE-Core rev: 64ba0d40a4c77a23778c51511f2d167e2056eea3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* re2c: backport fix for CVE-2018-21232Davide Gardenal2022-03-235-1/+917
| | | | | | | | | | | | | Backport commits from the following issue: https://github.com/skvadrik/re2c/issues/219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Update to 8.2.4524 for further CVE fixesRichard Purdie2022-03-111-2/+2
| | | | | | | | | | | Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729. (From OE-Core rev: b7fa41cda88bffa5345d5b9768774cdf28f62b7b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d29988958e48534a0076307bb2393a3c1309e03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4314 -> 8.2.4424Richard Purdie2022-02-231-3/+3
| | | | | | | | | | | | | License file had some grammar fixes. Includes CVE-2022-0554. (From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 4269 -> 4134Richard Purdie2022-02-231-3/+4
| | | | | | | | | | | | | | | License text underwent changes on how to submit Uganda donations, switch from http to https urls and an update date change but the license itself is unchanged. Also, add an entry for the top level license file. This is also the vim license so LICENSE is unchanged but we should monitor it too. (From OE-Core rev: f27f15977085dbdf7da28ed8ed60c02ffa009db8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to patch 4269Ross Burton2022-02-231-2/+2
| | | | | | | | | | | | | | | | Upgrade to the latest patch release to fix the following CVEs: - CVE-2022-0261 - CVE-2022-0318 - CVE-2022-0319 (From OE-Core rev: e23cc56c6b8bd9cfb86803a1e1160a0b768cb286) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: update to include latest CVE fixesRoss Burton2022-02-231-5/+2
| | | | | | | | | | | | | | | | | | | | | Update the version to 4.2.4118, which incorporates the following CVE fixes: - CVE-2021-4187 - CVE-2022-0128 - CVE-2022-0156 - CVE-2022-0158 Also remove the explicit whitelisting of CVE-2021-3968 as this is now handled with an accurate CPE specifying the fixed version. (From OE-Core rev: faf83cac9ff82a3c795b2e8d82719bea43830f7f) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: do not report upstream version check as brokenAlexander Kanavin2022-02-231-0/+3
| | | | | | | | | | | | | | | As upstream tags point releases with every commit and the version check still reports 8.2, it should not be considered broken (e.g. current version newer than latest version) until 8.3 is released. (From OE-Core rev: 3db417e002684b4f09c52997017bed139ad95f5f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 11d8ee09b1bdec4824203dc0169093b2ae9d101a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to 8.2 patch 3752Ross Burton2022-02-2315-865/+28
| | | | | | | | | | | | | | | | | There's a fairly constant flow of CVEs being fixed in Vim, which are getting increasing non-trivial to backport. Instead of trying to backport (and potentially introduce more bugs), or just ignoring them entirely, upgrade vim to the latest patch in the hope that vim 8.3 will be released before we release Kirkstone. (From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: set PACKAGECONFIG idiomaticallyRoss Burton2022-02-231-3/+1
| | | | | | | | | | | | Don't set an empty default value and them immediately assign to it. (From OE-Core rev: ad373242381feec72d0c257031da7671281c0321) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d7565241437487618a57d8f3f21da6fed69f6b8a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "vim: fix CVE-2021-4069"Steve Sakoman2022-02-232-44/+0
| | | | | | | | | | | Prepare to cherry-pick CVE fixes from master This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f. (From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libusb1: correct SRC_URIAlexander Kanavin2022-02-161-2/+2
| | | | | | | | | | (From OE-Core rev: 88c0290520c9e4982d25c20e783bd91eec016b52) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-08 09:26:12 +0000