summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
...
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+39
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's loader/xnu. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: b53db9013a0f4b3a2a91ec6e5c39d939f388749c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix checking for NULLMarta Rybczynska2022-03-022-0/+48
| | | | | | | | | | | | | This patch adds a fix for checking for NULL in grub's loader/bsd. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d4cc82cfdae5c44702925f901db4e35761b1bb7d) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: remove dead codeMarta Rybczynska2022-03-022-0/+35
| | | | | | | | | | | | | This patch removes dead code from grub's gfxmenu/gui_list. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: test for malformed jpeg filesMarta Rybczynska2022-03-022-0/+39
| | | | | | | | | | | | | This patch adds a fix for handling malformed JPEG files in grub's video/readers/jpeg. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a possible integer overflowMarta Rybczynska2022-03-022-0/+40
| | | | | | | | | | | | | This patch adds a fix for a possible integer overflow in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix multiple integer overflowsMarta Rybczynska2022-03-022-0/+105
| | | | | | | | | | | | | This patch adds a fix for multiple integer overflows in grub's video/fb/video_fb. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an integer overflowMarta Rybczynska2022-03-022-0/+79
| | | | | | | | | | | | | This patch adds a fix for a potential integer overflow in grub's video/fb/fbfill. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: remove unneeded return valueMarta Rybczynska2022-03-022-0/+95
| | | | | | | | | | | | | This patch removes an uneeded return value in grub's (static) grub_video_gop_fill_mode_info(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: dd8837823a279290aec963be1a2646940719c767) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+57
| | | | | | | | | | | | | Add a fix of a memory leak in grub's commands/hashsum. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+53
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's normal/completion. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This patch fixes a memory leak in grub's syslinux parsing. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL dereferenceMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This patch adds a fix for a possible NULL dereference in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible unintended sign extensionMarta Rybczynska2022-03-022-0/+37
| | | | | | | | | | | | | This patch fixes a possible unintended sign extension in grub's libgcrypt/mpi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+83
| | | | | | | | | | | | | This patch fixes a memory leak in grub's affs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an error checkMarta Rybczynska2022-03-022-0/+36
| | | | | | | | | | | | | This patch fixes an error check in grub's zfsinfo. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for possible integer overflowsMarta Rybczynska2022-03-022-0/+57
| | | | | | | | | | | | | This patch adds a fix for a possible integer overflows in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a memory leakMarta Rybczynska2022-03-022-0/+122
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's path construction in zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible negative shiftMarta Rybczynska2022-03-022-0/+43
| | | | | | | | | | | | | This patch adds a fix for a possible negative shift in grub's zfs. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a length checkMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This patch adds a fix for a volume name length check in grub's hfsplus. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an integer overflowMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This patch fixes a potential overflow in grub's disk/cryptodisk. It is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | Add a fix for a memory leak in grub'd disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+29
| | | | | | | | | | | | | This patch adds a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-0/+129
| | | | | | | | | | | | | Add a fix for a memory leak in grub's disk/ldm. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a missing NULL checkMarta Rybczynska2022-03-022-0/+44
| | | | | | | | | | | | | This fix adds a missing check for NULL pointer from an external source in grub's kern/partition. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add structure initialization in zstdMarta Rybczynska2022-03-022-0/+35
| | | | | | | | | | | | | | This patch adds initialization of a structure in grub's zstd, which might be left uninitialized by the compiler. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for unnecessary assignementsMarta Rybczynska2022-03-022-0/+42
| | | | | | | | | | | | | Add a fix for unnecessary assignements grub's io/lzopio. This patch is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an unitialized re_token in gnulibMarta Rybczynska2022-03-022-0/+56
| | | | | | | | | | | | | This patch adds a fix for an unitialized re_token in grub's gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+54
| | | | | | | | | | | | | Add a fix for gnulib's regexec NULL pointer dereference. This patch a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix a NULL pointer dereference in gnulibMarta Rybczynska2022-03-022-0/+53
| | | | | | | | | | | | | This change adds a fix for a NULL pointer dereference of state in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix an unitialized token in gnulibMarta Rybczynska2022-03-022-0/+54
| | | | | | | | | | | | | This change adds a fix for an unitialized token structure in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for unused variable in gnulibMarta Rybczynska2022-03-022-0/+60
| | | | | | | | | | | | | This changes adds a fix for an unused variable issue in gnulib. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 30cf1e62b0f139cd6e1e3d5c09b7156acfb276b5) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+66
| | | | | | | | | | | | | This change fixes a possible NULL pointer dereference in grub's EFI support. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: a49ffdd81e020224ea3e94a266e49d40ebb7198a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix memory leak at error in grub_efi_get_filename()Marta Rybczynska2022-03-022-0/+31
| | | | | | | | | | | | | This change fixes a memory leak on error in grub_efi_get_filename(). It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 1b192247fa913c29f5cdf22abe4e71a509b3861e) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for malformed device path handlingMarta Rybczynska2022-03-022-0/+236
| | | | | | | | | | | | | | | | | This change fixes the malformed device paths in EFI handling. Device paths of length 4 or shorter could cause different kinds of unexpected behaviours. This patch is NOT a part of [1], but is a dependency of one of the patches included in the series. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 7f08d97fb6a0ff9c779f788df150b54de8af2708) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix wrong handling of argc == 0Marta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This change fixes wrong handling of argc == 0 causing a memory leak. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 8e537ef16bc1ef4bc807cc165d3b7eb1301578de) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a dangling memory pointerMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This change fixes a dangling memory pointer in the grub TFTP code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 17a06ced4ed9305e0a4064bdaad49e653c18284b) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a possible NULL dereferenceMarta Rybczynska2022-03-022-0/+40
| | | | | | | | | | | | | This fix removes a possible NULL pointer dereference in grub networking code. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 5e62b476b541d3803e537f2228a264224b72cf81) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix a memory leakMarta Rybczynska2022-03-022-1/+41
| | | | | | | | | | | | | Backport a fix for a memory leak in grub_mmap_iterate(). This patch is a part of a security series [1] [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 330ef99ae58e025b78bf30b9a9d09b32dfa2f605) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* puzzles: Upstream changed to main branch for developmentKartikey Rameshbhai Parmar2022-03-021-1/+1
| | | | | | | | (From OE-Core rev: 930f097ef9e40fd4631a24ce79b99a4eb166319b) Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: 2.7.4 -> 2.7.5Chee Yang Lee2022-03-021-2/+2
| | | | | | | | | | | | | This release includes security fixes. CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse (From OE-Core rev: a7935c9c4a47098f0c1b2eefdf7773bd85891945) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for CVE-2022-22844Purushottam Choudhary2022-03-022-0/+53
| | | | | | | | | | | | Backport patch from: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 (From OE-Core rev: 68b59e37d25ead5aaf68d24c6a55b7d1864203fa) Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add fix for CVE-2021-4160Ranjitsinh Rathod2022-03-022-0/+146
| | | | | | | | | | | | | Add a patch to fix CVE-2021-4160 The issue only affects OpenSSL on MIPS platforms. Link: https://security-tracker.debian.org/tracker/CVE-2021-4160 (From OE-Core rev: 5216986fc6dfd06562efa5937581dc6fa77ad276) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 8.2.4314 -> 8.2.4424Richard Purdie2022-02-231-3/+3
| | | | | | | | | | | | | License file had some grammar fixes. Includes CVE-2022-0554. (From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Upgrade 4269 -> 4134Richard Purdie2022-02-231-3/+4
| | | | | | | | | | | | | | | License text underwent changes on how to submit Uganda donations, switch from http to https urls and an update date change but the license itself is unchanged. Also, add an entry for the top level license file. This is also the vim license so LICENSE is unchanged but we should monitor it too. (From OE-Core rev: f27f15977085dbdf7da28ed8ed60c02ffa009db8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to patch 4269Ross Burton2022-02-231-2/+2
| | | | | | | | | | | | | | | | Upgrade to the latest patch release to fix the following CVEs: - CVE-2022-0261 - CVE-2022-0318 - CVE-2022-0319 (From OE-Core rev: e23cc56c6b8bd9cfb86803a1e1160a0b768cb286) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: update to include latest CVE fixesRoss Burton2022-02-231-5/+2
| | | | | | | | | | | | | | | | | | | | | Update the version to 4.2.4118, which incorporates the following CVE fixes: - CVE-2021-4187 - CVE-2022-0128 - CVE-2022-0156 - CVE-2022-0158 Also remove the explicit whitelisting of CVE-2021-3968 as this is now handled with an accurate CPE specifying the fixed version. (From OE-Core rev: faf83cac9ff82a3c795b2e8d82719bea43830f7f) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: do not report upstream version check as brokenAlexander Kanavin2022-02-231-0/+3
| | | | | | | | | | | | | | | As upstream tags point releases with every commit and the version check still reports 8.2, it should not be considered broken (e.g. current version newer than latest version) until 8.3 is released. (From OE-Core rev: 3db417e002684b4f09c52997017bed139ad95f5f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 11d8ee09b1bdec4824203dc0169093b2ae9d101a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: upgrade to 8.2 patch 3752Ross Burton2022-02-2315-865/+28
| | | | | | | | | | | | | | | | | There's a fairly constant flow of CVEs being fixed in Vim, which are getting increasing non-trivial to backport. Instead of trying to backport (and potentially introduce more bugs), or just ignoring them entirely, upgrade vim to the latest patch in the hope that vim 8.3 will be released before we release Kirkstone. (From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: set PACKAGECONFIG idiomaticallyRoss Burton2022-02-231-3/+1
| | | | | | | | | | | | Don't set an empty default value and them immediately assign to it. (From OE-Core rev: ad373242381feec72d0c257031da7671281c0321) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d7565241437487618a57d8f3f21da6fed69f6b8a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "vim: fix CVE-2021-4069"Steve Sakoman2022-02-232-44/+0
| | | | | | | | | | | Prepare to cherry-pick CVE fixes from master This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f. (From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-11 17:20:08 +0000