License file had some grammar fixes.
Includes CVE-2022-0554.
(From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
(From OE-Core rev: f27f15977085dbdf7da28ed8ed60c02ffa009db8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
(From OE-Core rev: e23cc56c6b8bd9cfb86803a1e1160a0b768cb286)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
(From OE-Core rev: faf83cac9ff82a3c795b2e8d82719bea43830f7f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As upstream tags point releases with every commit and
the version check still reports 8.2, it should not be considered
broken (e.g. current version newer than latest version)
until 8.3 is released.
(From OE-Core rev: 3db417e002684b4f09c52997017bed139ad95f5f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 11d8ee09b1bdec4824203dc0169093b2ae9d101a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't set an empty default value and them immediately assign to it.
(From OE-Core rev: ad373242381feec72d0c257031da7671281c0321)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7565241437487618a57d8f3f21da6fed69f6b8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Prepare to cherry-pick CVE fixes from master
This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f.
(From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use After Free in vim/vim
Upstream-Status: Backport [e031fe90cf]
CVE: CVE-2021-4069
(From OE-Core rev: 9db3b4ac4018bcaedb995bc77a9e675c2bca468f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: ba1ae7dcd2eeb57a6e288449a26a6121c6ccac5c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 53ce5f292fd8d65fd89c977364ea6f7d813c7566.
Reverting in preparation for fixes from master
(From OE-Core rev: bf489893714d1c2d2e4694a5a1e313b661c9fdc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This update was made with the convert-scruri.py script in scripts/contrib
This script handles two emerging issues:
1. There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
2. Github are dropping support for git:// protocol fetching, so remap github
urls as needed. For more details see:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
(From OE-Core rev: 827a805349f9732b2a5fa9184dc7922af36de327)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim is vulnerable to Use After Free
Problem: Checking first character of url twice.
reference:
35a9a00afc
(From OE-Core rev: 53ce5f292fd8d65fd89c977364ea6f7d813c7566)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim is vulnerable to Heap-based Buffer Overflow
reference:
65b6056659
(From OE-Core rev: 0fb9be3925f258a7e8009c581c1cf93ace2a498b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Some distributions with UTF-8 locale have problem when National Language
Support is enabled. Add there an option to disable it.
(From OE-Core rev: 9224b01eaa46986b1c363a541e88f20387d8c30b)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da630d6d81a396c3e1635fbd7b8103df47ed2732)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LINGUAS file can be written by two different Makefile targets
and if they race, the desktop file contents isn't deterministic.
Fix the makfile to avoid this.
(From OE-Core rev: 670efddd8d009828651cd55aa673e68d2268cef3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 416bc7b697764075fbf73683cd8bddf36d839244)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a couple of configure options to avoid determism issues in the vim build.
This can happen due to the addition of glib-2.0 to the native sysroot through
later task additions to the sysroot through indirect dependencies.
(From OE-Core rev: a7e6887d73e36be47a7b1b187cc6dc8d3e0dd9f4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 914f86054f5ea0a115767c1b3d9cdb4c4ef9545b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These workarounds are removed because a previous patch
solve the host path reference for gawk and perl, and it skips
the do_package_qa issue by setting the INSANE_SKIP. But it
introduces regression for do_rootfs. The dependencies are
calculated and will require packages like python, perl, gawk
and csh. The error is like below.
Error:
Problem: conflicting requests
- nothing provides /bin/csh needed by vim-tools-8.2-r0.corei7_64
- nothing provides /usr/bin/nawk needed by vim-tools-8.2-r0.corei7_64
- nothing provides /usr/bin/python needed by vim-tools-8.2-r0.corei7_64
So we keep the previous patch which solve the host path reference
problem and restore the long-used 'chmod -x' workaround here.
(From OE-Core rev: 68b2dc03e55b4977b8647e8d36c40c851414c13b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf3e799e32b4de300887b844b0b7bce3d60ca379)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim will abort in many places with this setting. Replace
it with the benign _FORTIFY_SOURCE=1.
(From OE-Core rev: d9de155f6452f916edd3131addd0c2eebaf4d639)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18129cbaeddb3278efe9963718556e3765f06c1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When cross-compiling, do not change scripts to use host
versions of perl and gawk.
Also, use INSANE_SKIP to suppress QA complaints if perl
or gawk are not on the target.
(From OE-Core rev: 9a96733e29daf84cca9212538f3fc5bd7bb144f4)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Resolves:
WARNING: vim-8.2-r0 do_package_qa: QA Issue: package contains desktop
file with key 'MimeType' but does not inhert mime-xdg: vim path
'/work/core2-32-poky-linux/vim/8.2-r0/packages-split/vim/usr/share/applications/vim.desktop'
(From OE-Core rev: 9464b19205c9f88998db7820274c9c0364c79bd9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim-tiny: update from 8.1.1518 to 8.2
The date in the license was updated to 2020 and
a trailing space was removed from one line.
(From OE-Core rev: 07d23c2d255f74cf9fbb0e917dfd1fe3bd6a65d2)
Signed-off-by: Oleg Polyakov <Oleg.Polyakov@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Only new x.y versions will be reported, as upstream creates a new
x.y.z tag for every commit.
(From OE-Core rev: 99558e667e4e04934943476472bd9919b5d07855)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now that we have a common inc file for both vim and vim-tiny move a few
bits of logic out of vim.inc and in to vim_$VER.bb so that vim adds
things rather than vim-tiny removes them.
Suggested-by: Martin Jansa <martin.jansa@gmail.com>
(From OE-Core rev: a9f62ea2c380375c749a28405708bfdb7754f51f)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously vim-tiny would include the vim recipe wholesale;
this meant that they had to be upgraded in a single transaction
which devtool cannot cope with. This thwarted the latest AUH
run in particular.
(From OE-Core rev: 55cc8c6dbef8de240f63e7274a2beaf421124b58)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This brings us to the current version of vim. As part of this we need
to work-around a locale issue that upstream has exposed. We do not
support fully / correctly the certain locales. Attempting to use these
with msgfmt in order to update the ".desktop" files exposes this problem
and leads to the compile failing.
(From OE-Core rev: ffa4b0abcab2ed4e4f642b4b3140aa6095938422)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The vim recipe has all of the code inside the "src" subdirectory but
other things we rely on, such as the license file in a subdirectory
relative to the src. However, as there is a top-level "configure"
script that moves us down to the src directory, we can rework the recipe
to be overall more simple and regularly laid out if we use that.
(From OE-Core rev: 2eb66c1ff55a3fe9785967f45f1cb6a27df44f93)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In order to have a stand-alone editor in oe-core, bring in vim from
meta-openembedded/meta-oe. This imports the recipes as of git commit:
commit 41f3f8165bde3eb4f8bcf6dddbaca0d3b760c70b
Author: Mark Hatle <mark.hatle@windriver.com>
Date: Thu Feb 28 09:39:19 2019 +0800
vim: remove xfce vim bbappend
Changing the behavior of a recipe by including a layer is not allowed
by the yocto-check-layer script.
(From OE-Core rev: cc2022ad369a74ee3f60c345778e4fe206f5df36)
Signed-off-by: Tom Rini <trini@konsulko.com>
--
Changes in v3:
- Catch vim-tiny too (thanks Richard!)
Changes in v2:
- List self as maintainer
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
