There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Prepare to cherry-pick CVE fixes from master
This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f.
(From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use After Free in vim/vim
Upstream-Status: Backport [e031fe90cf]
CVE: CVE-2021-4069
(From OE-Core rev: 9db3b4ac4018bcaedb995bc77a9e675c2bca468f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: ba1ae7dcd2eeb57a6e288449a26a6121c6ccac5c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 53ce5f292fd8d65fd89c977364ea6f7d813c7566.
Reverting in preparation for fixes from master
(From OE-Core rev: bf489893714d1c2d2e4694a5a1e313b661c9fdc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim is vulnerable to Use After Free
Problem: Checking first character of url twice.
reference:
35a9a00afc
(From OE-Core rev: 53ce5f292fd8d65fd89c977364ea6f7d813c7566)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
vim is vulnerable to Heap-based Buffer Overflow
reference:
65b6056659
(From OE-Core rev: 0fb9be3925f258a7e8009c581c1cf93ace2a498b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LINGUAS file can be written by two different Makefile targets
and if they race, the desktop file contents isn't deterministic.
Fix the makfile to avoid this.
(From OE-Core rev: 670efddd8d009828651cd55aa673e68d2268cef3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 416bc7b697764075fbf73683cd8bddf36d839244)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When cross-compiling, do not change scripts to use host
versions of perl and gawk.
Also, use INSANE_SKIP to suppress QA complaints if perl
or gawk are not on the target.
(From OE-Core rev: 9a96733e29daf84cca9212538f3fc5bd7bb144f4)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In order to have a stand-alone editor in oe-core, bring in vim from
meta-openembedded/meta-oe. This imports the recipes as of git commit:
commit 41f3f8165bde3eb4f8bcf6dddbaca0d3b760c70b
Author: Mark Hatle <mark.hatle@windriver.com>
Date: Thu Feb 28 09:39:19 2019 +0800
vim: remove xfce vim bbappend
Changing the behavior of a recipe by including a layer is not allowed
by the yocto-check-layer script.
(From OE-Core rev: cc2022ad369a74ee3f60c345778e4fe206f5df36)
Signed-off-by: Tom Rini <trini@konsulko.com>
--
Changes in v3:
- Catch vim-tiny too (thanks Richard!)
Changes in v2:
- List self as maintainer
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
