This includes multiple CVE fixes.
The license change is due to changes in maintainership, the license
itself is unchanged.
(From OE-Core rev: 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim 8.3 has been out for a long time, so this comment is obsolete.
However we still need UPSTREAM_VERSION_UNKNOWN, since we ignore
the last digit of the upstream version number.
Test result:
$ devtool check-upgrade-status vim
...
INFO: vim 9.0.1592 UNKNOWN Tom Rini <trini@konsulko.com> c0370529c027abc5b1698d53fcfb8c02a0c515da
(From OE-Core rev: 65f5de85c3f488136d1ec2b1f7fe8d8426d6c5b3)
(From OE-Core rev: 868a19357841470eb55fb7f1c4ab1af09dea99ed)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This incorporates fixes for CVE-2023-1127, CVE-2023-1170, CVE-2023-1175.
Also remove runtime/doc/uganda.txt from the license checksum: the Vim
license is also in the top-level LICENSE file so this is redundant.
(From OE-Core rev: 71111e6b62d37c5e6853d7940dec2993df127a35)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Clause II.3 of the Vim license states that any distribution of Vim that
has been extended or modified must _at least_ indicate in the :version
output that this is the case.
Handily, Vim has a --with-modified-by argument to add a line in that
text, so use MAINTAINER. This is the distribution maintainer contact,
by default it is OE-Core Developers
<openembedded-core@lists.openembedded.org>.
(From OE-Core rev: acc007e23445aa53182e13902dd9509c39dd5645)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.
[ YOCTO #15044 ]
(From OE-Core rev: 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2022-3234.
(From OE-Core rev: d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-3099 and CVE-2022-3134.
(From OE-Core rev: d042923262130b6b96f703b5cd4184f659caeb92)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop crosscompile.patch which was merged as part of:
509695c1c (tag: v9.0.0065) patch 9.0.0065: \
cross-compiling doesn't work because of timer_create check
Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!
(From OE-Core rev: 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.
(From OE-Core rev: d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the below commit introduced, the shebang size of native scripts
is also checked, so rework the patch to fix the gap.
377fe11bc0 insane.bbclass: Make do_qa_staging check shebangs
Fixes:
ERROR: QA Issue: : /work/x86_64-linux/vim-native/9.0.0005-r0/sysroot-destdir/work/x86_64-linux/vim-native/9.0.0005-r0/recipe-sysroot-native/usr/share/vim/vim90/tools/mve.awk maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: QA Issue: : /work/x86_64-linux/vim-native/9.0.0005-r0/sysroot-destdir/work/x86_64-linux/vim-native/9.0.0005-r0/recipe-sysroot-native/usr/share/vim/vim90/tools/efm_perl.pl maximum shebang size exceeded, the maximum size is 128. [shebang-size]
(From OE-Core rev: 79232458b9cdc741a2049d83839af73f58a5554c)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license checksum changed due to a major version change in the referenced file.
(From OE-Core rev: 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The xxd tool can be quite handy by itself, and doesn't have anything
to do with vim per se. Make it possible to include the rather tiny xxd
in a rootfs without pulling in the several MB vim binary and
associated data.
For backwards compatibility, add an RDEPENDS from the main package to
the new vim-xxd package.
(From OE-Core rev: 06ed2aa93fc25a681e3a00ee120d9395b04845da)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-1381, CVE-2022-1420.
(From OE-Core rev: 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file had some grammar fixes.
Includes CVE-2022-0554.
(From OE-Core rev: a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
(From OE-Core rev: d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
(From OE-Core rev: 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
(From OE-Core rev: 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As upstream tags point releases with every commit and
the version check still reports 8.2, it should not be considered
broken (e.g. current version newer than latest version)
until 8.3 is released.
(From OE-Core rev: 11d8ee09b1bdec4824203dc0169093b2ae9d101a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't set an empty default value and them immediately assign to it.
(From OE-Core rev: d7565241437487618a57d8f3f21da6fed69f6b8a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patches from upstream to fix these CVEs.
(From OE-Core rev: b493eb4f9a6bb75a2f01a53b6c70762845bf79f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
(From OE-Core rev: b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim uses libcanberra to implement sound, currently its ok for target
since we have captured dependencies in recipe sysroot but things go a
bit out of control when building vim-native, where configure starts to
poke at host system and if it find libcanberra then silently enables it
lets make it consistent
(From OE-Core rev: 7bf11ce14336eff07a4e7216fb485f98757088ed)
(From OE-Core rev: 70de1dbb660461bdf0613494f53ec4c78738ae2a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
(From OE-Core rev: da630d6d81a396c3e1635fbd7b8103df47ed2732)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tricky of using BPN in a common inc file is rather hard to understand.
Simplfy this by moving it to the base vim recipe and use the standard
variable form.
(From OE-Core rev: cffa5930d86a464aceb4764eec510a2b8f5c44a1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
