License file had some grammar fixes.
Includes CVE-2022-0554.
(From OE-Core rev: 66fa8e1716a1b66ee6f5a905f41ac20c6ae9a040)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
(From OE-Core rev: d5207a762648a3b12d16b6f79a751dec90180354)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
(From OE-Core rev: 61dcaeda02fe1136610f1cf4d4ec271f16dacfcf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The make_icudata task is set before the configure task then the
dependencies for this task are not populate yet.
Fixed it by adding do_prepare_recipe_sysroot task dependency to the
make_icudata task.
(From OE-Core rev: 18a43fe970b691250fbf48f39ed5f4f7ad121b75)
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c134f62062a6359d2d5831ba4cb9694035e4f25a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
(From OE-Core rev: 10e6043aa5a11675127760097580b78a8cac4515)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: c987c75ca06c67b6055c50a9fb29e4fd24aceffc)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: 4d2cdd3971b4cd3e42c47ec10ec105adfbc78e6e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
(From OE-Core rev: 37b4f66fa23979cbfe82679a74ce21b11fc61557)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When ptest-runner times out or otherwise fails, it tries to
call ptest-runner-collect-system-data, so install the script.
The script currently calls dmesg, df, free (which are provided
by busybox, etc.) and pstree (which is a sub-package of psmisc).
Add pstree as an RDEPENDS.
(From OE-Core rev: 4e6be3fb521b23cfc175d0c09725bcc3ebbc73b2)
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fix the append with a leading blank, otherwise this messes up
DEPENDS when globally inherited classes add dependecies of their own
(From OE-Core rev: 65aa0e61d613bf395c08636bac0b1a3d080778b8)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set a path to where sendmail would exist making the output deterministic
as it no longer depends on the build host and the presense of sendmail
there.
(From OE-Core rev: 32e03a430f13960fe07f08c04eaa58017d977f6c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes,
bcb8280 utils.c: add system data collection when a test gets stuck.
c29240c utils.c: handle test timeouts directly with poll()
d6f509f tests/utils.c: fix a memory corruption in find_word
c10e747 main: Do not return number of failed tests when calling ptest-runner
4958988 utils.c: fix memory leak in run_ptests()
fcfa6a1 clang: clean-ups to avoid -Weverything warnings.
215e52d Makefile: allow using CC env var to pick compiler
fdd233d mem: Simplify memory management
e5e218a mem: Fix memleak for ptest_opts
0dc42eb git: Extend the gitignore
(From OE-Core rev: 710fa373375beb977af704e17a925ed41c9a858d)
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This hasn't been needed since libsoup 2.65.2.
(From OE-Core rev: 250a3f9a804917c8a9427d0209365d27b1b8fa4a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For example we don't need to talk about historic build dependencies.
(From OE-Core rev: b67ae98ef803b889fceb5713c539504d48f1a926)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Issue is in an experimental extension we don't have/use. Could also
be windows only.
(From OE-Core rev: 6f5770b49f06168e3d6914bd92f0594bd05f1f8f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2021-40528.
(From OE-Core rev: 24664297abd3844902fa40c21e4e975d89f40383)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rngd needs to start after `systemd-udev-settle` in order for the kernel
modules of the random source hardware to be loaded before it is started.
However, since the `rngd.service` does not require or want
`systemd-udev-settle.service` it might not be scheduled for start and
the `After=systemd-udev-settle.service` there has no effect.
Adding `Wants=systemd-udev-settle.service` provides a weak requirement
to it, so that the `rngd` is started after it, if possible.
(From OE-Core rev: e9715d4234eb7b45dee8b323799014646f0a1b07)
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
(From OE-Core rev: d52b78c75323fb254b5d0216f9183573b353abd3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim uses libcanberra to implement sound, currently its ok for target
since we have captured dependencies in recipe sysroot but things go a
bit out of control when building vim-native, where configure starts to
poke at host system and if it find libcanberra then silently enables it
lets make it consistent
(From OE-Core rev: 7bf11ce14336eff07a4e7216fb485f98757088ed)
(From OE-Core rev: 70de1dbb660461bdf0613494f53ec4c78738ae2a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"BSD" is ambiguous, use the precise license BSD-3-Clause.
(From OE-Core rev: 924d1d9ca51f2a45cdf0094c50434e25c0437c6a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream license is BSD-2-Clause or GPLv2, so remove the redundant
and ambiguous BSD license.
(From OE-Core rev: 53cf640e72118d0a7916b165d78c68090aa06381)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: a352473138dd2396bc33eff3d738c41ff24f52fe)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
(From OE-Core rev: da630d6d81a396c3e1635fbd7b8103df47ed2732)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was caused by intermittent reproducibility problems.
(From OE-Core rev: dd7c61ecd79f1439ae20d66cda32c2beb5daf0de)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607) were
not reported.
(From OE-Core rev: 366cf8201e36df1ac836e49de04ccda1f763ca9e)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
