| Age | Commit message (Collapse) | Author |
|---|
|
CVE-2022-1586 was originally fixed by OE commit
https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f
through libpcre2 commit
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672
The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672]
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
https://security-tracker.debian.org/tracker/CVE-2022-1586
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport commit mentioned in NVD DB links.
https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Source: https://github.com/PCRE2Project/pcre2
MR: 118031
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933
Description:
CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Source: https://github.com/PCRE2Project/pcre2
MR: 118027
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713
Description:
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Version 10.34 tarball is no longer available at current URL,
use downloads.yoctoproject.org mirror instead
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
http://ftp.pcre.org is down, take sources according to links on
http://www.pcre.org
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81ba0ba3e8d9c08b8dc69c24fb1d91446739229b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
According to my tests this incorrect symbols resolution at runtime no
longer happens. Ubuntu is still carrying the patch but also probably
doesn't need to, they are also on a much older version. It sounds
like there was once a linkage bug somewhere which has likely been
resolved since.
Drop the patch as it doesn't seem needed anymore. If it were a real
issue it should be submitted upstream too, the status is incorrect.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 02f36ed515afed550dfcd986977ce2106dee556a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
License-Update: copyright years
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license of the two libraries are BSD-3-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The tests are run from a makefile so this dependency is needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-update: copyright years
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
PCRE has an optional JIT for performance.
Add a PACKAGECONFIG for this, enabled by default.
Also add a patch so that auto-detection of JIT availablity, which is required to
enable the JIT by default, works with out-of-tree builds.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The following options are the defaults, so remove them:
--enable-newline-is-lf
--with-match-size=2
--with-match-limit=10000000
We don't appear to need to pass -D_REENTRANT anymore (added with no explanation
to oe-classic in 2006).
Explicitly adding -lstdc++ doesn't appear to be required anymore (added for
PowerPC in 2008).
This recipe has always rebuilt the character tables but back in PCRE 4.4 (first
added to OE) a copy of the tables wasn't distributed with the tarball so this
was required. Since 2007 the tarball includes the tables for ASCII and
regeneration is only required if we wish to use EBCDIC, which we do not. Drop
the patch adding CC_FOR_BUILD support and remove --enable-rebuild-chartables
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Licence checksum updated because the copyright dates were changed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LIC_FILES_CHKSUM changed do to typo fixes and tidies for 10.32
see: https://www.pcre.org/changelog.txt
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LICENSE changed do to updating copyrige date
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: The checksum of LIC_FILES_CHKSUM has been changed due to
time update of copyright LICENCE to 2018. The content of LICENCE has no
change.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If a fr_FR locale is found, it is automatically tested. The test
will fail if the locale is UTF-8, as the test blindly assumes
(and expects) a non-UTF fr_FR locale.
The remedy is to skip the test.
[YOCTO #12215]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The packages loosely follow the debian package names. In that way more
projects, e.g. Qt5 for 16-bit, are able use system libraries. This does
not change the existing default package.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LICENSE files changed:
Amend licence to relax its conditions for chains of binary distributions.
removed included patches
includes CVE-2017-8399
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the
library. For who is interested in a detailed description of the bug, will
follow a feedback from upstream:
This was a genuine bug in the 32-bit library. Thanks for finding it. The crash
was caused by trying to find a Unicode property for a code value greater than
0x10ffff, the Unicode maximum, when running in non-UTF mode (where character
values can be up to 0xffffffff).
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly have unspecified other impact
via a crafted regular expression.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is used in NVD as product name for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-8786
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-7246
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1. Upgrade libpcre2 from 10.22 to 10.23
2. Update the checksum of LIC_FILES_CHKSUM
The copyright time of LICENCE is updated to 2017, the content of LICENCE has no change.
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For the same reasons as Debian:
https://www.debian.org/News/2017/20170425
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are two major versions of the PCRE library. The newest version, PCRE2,
was released in 2015 and is at version 10.22.
The original, very widely deployed PCRE library, originally released in 1997,
is at version 8.40, and the API and feature set are stable, future releases
will be for bugfixes only. All new future features will be to PCRE2, not the
original PCRE 8.x series.
The newer vte depends on libpcre2, so add it.
(From OE-Core rev: f7165d379cb67c4d4918a8a3e9509d3d823d61da)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The LIC_FILES_CHKSUM is changed because the date is changed, here is
diff result:
< Copyright (c) 1997-2017 University of Cambridge
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libpcre uses CCLD_FOR_BUILD as the name of the host command to use for
linking. This is not a standard autotools symbol but particular to this
recipe. We need to set it explicitely
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Remove CVE-2016-3191.patch which is already in the source.
* The LIC_FILES_CHKSUM is changed since it has updated the date from
2015 to 2016, the contents are the same.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.
The patch is from libpcre version control at
http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
part removed. Original author is Philip Hazel.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enable Unicode properties by default, as they're useful and for example GLib
needs them. As there is an impact to code size add this as a PACKAGECONFIG so
tightly constrained environments can save space by potentially disabling them.
Also change --enable-utf8 to --enable-utf, as the former is a compatibility
option for the latter.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now the SRC_URI is the canonical FTP server, the update-detection logic works
automatically.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is the latest release in the 8.xx series.
It fixes 46 bugs as listed:
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
Vulnerabilities from CVE-2015-8380 to CVE-2015-8395 have been fixed in 8.38.
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This change allows selecting the 8, 16 or 32 bit version via PACKAGECONFIG.
By default only the 8bit version is built, this corresponds to the old behavior.
Some packages like Qt5 require the 16 bit version of libpcre.
After this change the corresponding layer can easily enable the version
needed via .bbappend.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The LICENSE's md5sum has changed mainly because the new version added
this line:
The data in the testdata directory is not copyrighted and is in the
public domain.
The license is the same, so just update the md5sum.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
I used a for loop to build these packages more than 520 times, these
recipes never failed.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade libpcre to 8.35 version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install libpcre test suite and run it as ptest.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Upgrade libpcre to 8.34.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Setting of the FILESPATH is not needed anymore, so clean it up.
Move files to libprce patch directory
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
These have been deprecated for a long time, convert the remaining
references to the correct modules and prepare for removal of the
compatibility support from bitbake.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license didn't modify, just the license years (2012->2013).
Signed-off-by: Bogdan Marinescu <bogdan.a.marinescu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Shinu Chandran
Peter Marko
Hitendra Prajapati
Steve Sakoman
Alexander Kanavin
Richard Purdie
Christophe PRIOUZEAU
Ross Burton
Armin Kuster
Armin Kuster
Andrej Valek
Juro Bystricky
Stefan Müller-Klieser
Robert Yang
Mikko Rapeli
Fan Xin
Maxin B. John
Jérémy Rosen
Ismo Puustinen
Alexander Kanavin
Pascal Bach
Chong Lu
Saul Wold
Bogdan Marinescu