Age | Commit message (Collapse) | Author |
|
License change is a date in the license file only.
This includes a fix for CVE-2022-0943.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0d29988958e48534a0076307bb2393a3c1309e03)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
License file had some grammar fixes.
Includes CVE-2022-0554.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The make_icudata task is set before the configure task then the
dependencies for this task are not populate yet.
Fixed it by adding do_prepare_recipe_sysroot task dependency to the
make_icudata task.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c134f62062a6359d2d5831ba4cb9694035e4f25a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
1.77 is broken on architectures which dont have lockfree atomics e.g.
armv5 [1], backport relevant fixes from upstream to unbreak the build
[1] https://github.com/boostorg/math/issues/673
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 57dc797712abcf83b63694b21d2b3a3f09b1c9bc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8add0bdec7c51c9a7f851b2c63017c79faaa273)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2001631e7a6edb7adc40ee4357466cc54472db71)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fb3b9a7f668a6ffd56a99e1e8b83cdbad2a4bc66)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 222be29051a3543ac63a0eb07019e90d44429b16)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patches from upstream to fix these CVEs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b493eb4f9a6bb75a2f01a53b6c70762845bf79f9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Github has announced there will be no more git:// fetching from their servers:
https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
and they're about to start having brownout periods to encourage people
to update. This runs the conversion script over OE-Core to update our
urls to use https instead of git.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b37b61e9a1e448a34957db9ae39285d21352552e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 73d3efbaeb2f412ab8d3491d2da3f3124fc009f3)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
http://ftp.pcre.org is down, take sources according to links on
http://www.pcre.org
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81ba0ba3e8d9c08b8dc69c24fb1d91446739229b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cff6888f3b2b4bd0a42329b7f7c59b33c9d51265)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
When ptest-runner times out or otherwise fails, it tries to
call ptest-runner-collect-system-data, so install the script.
The script currently calls dmesg, df, free (which are provided
by busybox, etc.) and pstree (which is a sub-package of psmisc).
Add pstree as an RDEPENDS.
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
fix the append with a leading blank, otherwise this messes up
DEPENDS when globally inherited classes add dependecies of their own
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Set a path to where sendmail would exist making the output deterministic
as it no longer depends on the build host and the presense of sendmail
there.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the below ptest failure:
# ./run-ptest
Running tests:
EVPORT
Skipping test
KQUEUE
Skipping test
EPOLL
test-eof: OKAY
test-dumpevents: OKAY (output not checked)
regress:
FAIL ../libevent-2.1.12-stable/test/regress_util.c:1478: assert(diff.tv_sec == 0): 1 vs 0 util/monotonic_prc_fallback:
[monotonic_prc_fallback FAILED]
1/312 TESTS FAILED. (33 skipped)
FAILED
regress_debug:
FAIL ../libevent-2.1.12-stable/test/regress_util.c:1478: assert(diff.tv_sec == 0): 1 vs 0 util/monotonic_prc_fallback:
[monotonic_prc_fallback FAILED]
1/312 TESTS FAILED. (33 skipped)
FAILED
[snip]
(From OE-Core rev: edecbbdacab5227c75e4a199e124389f8036b421)
[YOCTO #14507]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
vim is vulnerable to Heap-based Buffer Overflow
reference:
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f
(From OE-Core rev: 494929c4cec21712884e13172c37efad7c908411)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes,
bcb8280 utils.c: add system data collection when a test gets stuck.
c29240c utils.c: handle test timeouts directly with poll()
d6f509f tests/utils.c: fix a memory corruption in find_word
c10e747 main: Do not return number of failed tests when calling ptest-runner
4958988 utils.c: fix memory leak in run_ptests()
fcfa6a1 clang: clean-ups to avoid -Weverything warnings.
215e52d Makefile: allow using CC env var to pick compiler
fdd233d mem: Simplify memory management
e5e218a mem: Fix memleak for ptest_opts
0dc42eb git: Extend the gitignore
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This hasn't been needed since libsoup 2.65.2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For example we don't need to talk about historic build dependencies.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue is in an experimental extension we don't have/use. Could also
be windows only.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes a fix for CVE-2021-40528.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rngd needs to start after `systemd-udev-settle` in order for the kernel
modules of the random source hardware to be loaded before it is started.
However, since the `rngd.service` does not require or want
`systemd-udev-settle.service` it might not be scheduled for start and
the `After=systemd-udev-settle.service` there has no effect.
Adding `Wants=systemd-udev-settle.service` provides a weak requirement
to it, so that the `rngd` is started after it, if possible.
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
vim uses libcanberra to implement sound, currently its ok for target
since we have captured dependencies in recipe sysroot but things go a
bit out of control when building vim-native, where configure starts to
poke at host system and if it find libcanberra then silently enables it
lets make it consistent
(From OE-Core rev: 7bf11ce14336eff07a4e7216fb485f98757088ed)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The upstream license is BSD-2-Clause or GPLv2, so remove the redundant
and ambiguous BSD license.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit: 953f6d9a71 lz4: remove ptest changes
missed removing the run-ptest file
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://github.com/lz4/lz4
MR: 111604
Type: Security Fix
Disposition: Backport from https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
ChangeID: 58492f950164e75954a97cf084df6f9af3d88244
Description:
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was caused by intermittent reproducibility problems.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|