Includes a fix for CVE-2022-3234.
(From OE-Core rev: d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-3099 and CVE-2022-3134.
(From OE-Core rev: d042923262130b6b96f703b5cd4184f659caeb92)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop crosscompile.patch which was merged as part of:
509695c1c (tag: v9.0.0065) patch 9.0.0065: \
cross-compiling doesn't work because of timer_create check
Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!
(From OE-Core rev: 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.
(From OE-Core rev: d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the below commit introduced, the shebang size of native scripts
is also checked, so rework the patch to fix the gap.
377fe11bc0 insane.bbclass: Make do_qa_staging check shebangs
Fixes:
ERROR: QA Issue: : /work/x86_64-linux/vim-native/9.0.0005-r0/sysroot-destdir/work/x86_64-linux/vim-native/9.0.0005-r0/recipe-sysroot-native/usr/share/vim/vim90/tools/mve.awk maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: QA Issue: : /work/x86_64-linux/vim-native/9.0.0005-r0/sysroot-destdir/work/x86_64-linux/vim-native/9.0.0005-r0/recipe-sysroot-native/usr/share/vim/vim90/tools/efm_perl.pl maximum shebang size exceeded, the maximum size is 128. [shebang-size]
(From OE-Core rev: 79232458b9cdc741a2049d83839af73f58a5554c)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license checksum changed due to a major version change in the referenced file.
(From OE-Core rev: 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The xxd tool can be quite handy by itself, and doesn't have anything
to do with vim per se. Make it possible to include the rather tiny xxd
in a rootfs without pulling in the several MB vim binary and
associated data.
For backwards compatibility, add an RDEPENDS from the main package to
the new vim-xxd package.
(From OE-Core rev: 06ed2aa93fc25a681e3a00ee120d9395b04845da)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-1381, CVE-2022-1420.
(From OE-Core rev: 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file had some grammar fixes.
Includes CVE-2022-0554.
(From OE-Core rev: a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
(From OE-Core rev: d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
(From OE-Core rev: 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
(From OE-Core rev: 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As upstream tags point releases with every commit and
the version check still reports 8.2, it should not be considered
broken (e.g. current version newer than latest version)
until 8.3 is released.
(From OE-Core rev: 11d8ee09b1bdec4824203dc0169093b2ae9d101a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't set an empty default value and them immediately assign to it.
(From OE-Core rev: d7565241437487618a57d8f3f21da6fed69f6b8a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patches from upstream to fix these CVEs.
(From OE-Core rev: b493eb4f9a6bb75a2f01a53b6c70762845bf79f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
(From OE-Core rev: b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim uses libcanberra to implement sound, currently its ok for target
since we have captured dependencies in recipe sysroot but things go a
bit out of control when building vim-native, where configure starts to
poke at host system and if it find libcanberra then silently enables it
lets make it consistent
(From OE-Core rev: 7bf11ce14336eff07a4e7216fb485f98757088ed)
(From OE-Core rev: 70de1dbb660461bdf0613494f53ec4c78738ae2a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
(From OE-Core rev: da630d6d81a396c3e1635fbd7b8103df47ed2732)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tricky of using BPN in a common inc file is rather hard to understand.
Simplfy this by moving it to the base vim recipe and use the standard
variable form.
(From OE-Core rev: cffa5930d86a464aceb4764eec510a2b8f5c44a1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LINGUAS file can be written by two different Makefile targets
and if they race, the desktop file contents isn't deterministic.
Fix the makfile to avoid this.
(From OE-Core rev: 416bc7b697764075fbf73683cd8bddf36d839244)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a couple of configure options to avoid determism issues in the vim build.
This can happen due to the addition of glib-2.0 to the native sysroot through
later task additions to the sysroot through indirect dependencies.
(From OE-Core rev: 914f86054f5ea0a115767c1b3d9cdb4c4ef9545b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enable nativesdk build support in order to be able to include vim in
nativesdk targets (e.g. buildtools-tarball/sdk). It is useful to be able
to provide an editor in a relocatable form for when hosts do not provide
an editor. Additionally the vim recipe provides the xxd tool.
(From OE-Core rev: 72399c0c2eca21d2c27c3ba668d456375453b809)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These workarounds are removed because a previous patch
solve the host path reference for gawk and perl, and it skips
the do_package_qa issue by setting the INSANE_SKIP. But it
introduces regression for do_rootfs. The dependencies are
calculated and will require packages like python, perl, gawk
and csh. The error is like below.
Error:
Problem: conflicting requests
- nothing provides /bin/csh needed by vim-tools-8.2-r0.corei7_64
- nothing provides /usr/bin/nawk needed by vim-tools-8.2-r0.corei7_64
- nothing provides /usr/bin/python needed by vim-tools-8.2-r0.corei7_64
So we keep the previous patch which solve the host path reference
problem and restore the long-used 'chmod -x' workaround here.
(From OE-Core rev: bf3e799e32b4de300887b844b0b7bce3d60ca379)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim will abort in many places with this setting. Replace
it with the benign _FORTIFY_SOURCE=1.
(From OE-Core rev: 18129cbaeddb3278efe9963718556e3765f06c1e)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When cross-compiling, do not change scripts to use host
versions of perl and gawk.
Also, use INSANE_SKIP to suppress QA complaints if perl
or gawk are not on the target.
(From OE-Core rev: 8972fe5581b9fe8ef14d539001758bb13bca6737)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Resolves:
WARNING: vim-8.2-r0 do_package_qa: QA Issue: package contains desktop
file with key 'MimeType' but does not inhert mime-xdg: vim path
'/work/core2-32-poky-linux/vim/8.2-r0/packages-split/vim/usr/share/applications/vim.desktop'
(From OE-Core rev: 9464b19205c9f88998db7820274c9c0364c79bd9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim-tiny: update from 8.1.1518 to 8.2
The date in the license was updated to 2020 and
a trailing space was removed from one line.
(From OE-Core rev: 07d23c2d255f74cf9fbb0e917dfd1fe3bd6a65d2)
Signed-off-by: Oleg Polyakov <Oleg.Polyakov@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Only new x.y versions will be reported, as upstream creates a new
x.y.z tag for every commit.
(From OE-Core rev: 99558e667e4e04934943476472bd9919b5d07855)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
