mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-04-30 21:32:13 +02:00

Author	SHA1	Message	Date
Alexander Kanavin	507f16e1bc	apr-util: update 1.6.1 -> 1.6.3 Changes with APR-util 1.6.3 ) Correct a packaging issue in 1.6.2. The contents of the release were correct, but the top level directory was misnamed. Changes with APR-util 1.6.2 ) SECURITY: CVE-2022-25147 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. ) Teach configure how to find and build against MariaDB 10.2. PR 61517 [Kris Karas <bugs-a17 moonlit-rail.com>] ) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that prevented commoncrypto being enabled. [Graham Leggett] ) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] ) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work. apr_dbm_gdbm will now also return error codes starting with APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always returning APR_EGENERAL. [Stefan Fritsch] Drop backport. (From OE-Core rev: 9eb027bebb19bfb0fb136169e865ca269890fa6f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit e24b38a14b3520648ec418783fb74fcf61df7ff2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Richard Purdie	e0059335fb	apr-util: Fix CFLAGS used in build We need to use CFLAGS with the correct WORKDIR in them, replace those in the sysroot file with the ones appropriate to the current recipe. (From OE-Core rev: 92fb7261a1c7ebe6330832a9a71d1bed82c85a6a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Alexander Kanavin	75022804d8	apr: update 1.7.0 -> 1.7.2 Changes for APR 1.7.2 ) Correct a packaging issue in 1.7.1. The contents of the release were correct, but the top level directory was misnamed. Changes for APR 1.7.1 ) SECURITY: CVE-2022-24963 (cve.mitre.org) Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. ) SECURITY: CVE-2022-28331 (cve.mitre.org) On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. ) SECURITY: CVE-2021-35940 (cve.mitre.org) Restore fix for out-of-bounds array dereference in apr_time_exp() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] ) configure: Fix various build issues for compilers enforcing strict C99 compliance. PR 66396, 66408, 66426. [Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>] ) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov] ) configure: Prefer posix name-based shared memory over SysV IPC. [Jim Jagielski] ) configure: Add --disable-sctp argument to forcibly disable SCTP support, or --enable-sctp which fails if SCTP support is not detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton] ) Fix handle leak in the Win32 apr_uid_current implementation. PR 61165. [Ivan Zhakov] ) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] ) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file to avoid a fd and inode leak when/if later passed to apr_file_setaside(). [Yann Ylavic] ) APR's configure script uses AC_TRY_RUN to detect whether the return type of strerror_r is int. When cross-compiling this defaults to no. This commit adds an AC_CACHE_CHECK so users who cross-compile APR may influence the outcome with a configure variable. [Sebastian Kemper <sebastian_ml gmx net>] ) Add a cache check with which users who cross-compile APR can influence the outcome of the /dev/zero test by setting the variable ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>] ) Trick autoconf into printing the correct default prefix in the help. [Stefan Fritsch] ) Don't try to use PROC_PTHREAD by default when cross compiling. [Yann Ylavic] ) Add the ability to cross compile APR. [Graham Leggett] ) While cross-compiling, the tools/gen_test_char could not be executed at build time, use AX_PROG_CC_FOR_BUILD to build native tools/gen_test_char Support explicit libtool by variable assigning before buildcheck.sh, it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool) [Hongxu Jia <hongxu.jia windriver.com>] ) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen <r... hjortskov.dk>] ) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053. [Mike Frysinger <vapier gentoo.org>] ) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov] ) apr_pools: Fix pool debugging output so that creation events are always emitted before allocation events and subpool destruction events are emitted on pool clear/destroy for proper accounting. [Brane Čibej] ) apr_socket_listen: Allow larger listen backlog values on Windows 8+. [Evgeny Kotkov <evgeny.kotkov visualsvn.com>] ) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10 ) Fix attempt to free invalid memory on exit when apr_app is used on Windows. [Ivan Zhakov] ) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov] *) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov] Dropped patches have all been merged, addressed separately or are backports. (From OE-Core rev: 013633b9f4b7dff2616c6d2e59e4d8118e3ce51f) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf) Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit a308e10ef4ad9e097b025f009866eae178259781) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Khem Raj	818ad186ae	apr: Cache configure tests which use AC_TRY_RUN AC_TRY_RUN macro means the test needs to run to find the result and we are cross compiling so this will always get wrong results, this results in miscompiling apache2 on musl because it disables rlimit (ac_cv_struct_rlimit) wrongly. All these variables are determined with AC_TRY_RUN checks (From OE-Core rev: 104c9ddf7a5323e5193c611b98b3e7465157aecd) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Khem Raj	1904daa987	apr: Use correct strerror_r implementation based on libc type musl does not implement GNU extention of strerror_r but XSI compliant version, therefore add it via a packageconfig to set right variables during configure to cache the value. configure detection logic depends on runtime test which will always be wrong on cross compiles therefore backport a patch to make it possible to cache the needed configure variable. (From OE-Core rev: 993cfeaefa73e3b82cf15db78584e5f9b9f86ddf) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ded3d76a844dd1aef9ac610fbe506bf76285369b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Richard Purdie	c86b92df02	apr: Fix to work with autoconf 2.70 Fix an issue with autoconf 2.70 where duplicate macro includes caused configure failures. (From OE-Core rev: 41121149212b3684991a62261c17a45afd50bb83) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@arm.com> (cherry picked from commit 4e5d7c86a8a5e752df451d988861a86236e8c8ff) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Alexander Kanavin	1231009682	vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs (From OE-Core rev: ea88ec38aa0e42b8c45e300e69dae7c2f7a13299) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Hitendra Prajapati	9fa2eba749	curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response Upstream-Status: Backport from `4f20188ac6` (From OE-Core rev: e172a9d7dc92561e26b8ec7ff11d4c598dcaf5c8) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-14 14:59:10 +00:00
Randy MacLeod	c611f71574	vim: upgrade 9.0.0947 -> 9.0.1211 Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 (From OE-Core rev: ac7c32ee2c3624052c2a22aa66758c4ab4d9f5c5) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1c51068c78d12ee02789a6dbecf5e7e91d141af5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-02-13 07:44:09 +00:00
Chee Yang Lee	286af7e044	libksba: fix CVE-2022-47629 (From OE-Core rev: e9f2d3e18db0c7b3e6e4ea385f54fbb8a02ad324) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-13 18:11:19 +00:00
Qiu, Zheng	eae8d7d3a2	vim: upgrade 9.0.0820 -> 9.0.0947 Includes fixes for CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 For a short list of important changes, see: https://www.arp242.net/vimlog/ (From OE-Core rev: 64c323a444f43a7c7b3390720c4d1eafa3b982ac) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 160f459febc7fb36cc0fe85c63eb26780ace3bfd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-23 23:05:44 +00:00
Mathieu Dubois-Briand	b4fc8a65f5	curl: Fix CVE CVE-2022-35260 (From OE-Core rev: fe81ee17a2dc9924178fdd98614ed9e264204492) Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-23 23:05:44 +00:00
Tim Orling	4caa67f395	vim: upgrade 9.0.0614 -> 9.0.0820 Includes fixes for CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 For a short list of important changes, see: https://www.arp242.net/vimlog/ (From OE-Core rev: 3251dc441a31b2d4d7acb690bd6db13f0f99a1d0) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6d917bd0f8810b5ed8d403ad25d59cda2fc9574) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-07 15:06:37 +00:00
Vivek Kumbhar	1ab1a5821e	libtasn1: fix CVE-2021-46848 off-by-one in asn1_encode_simple_der Upstream-Status: Backport [`44a700d205`] (From OE-Core rev: 305f1c56121436da7be39c5980fc11f779188ab7) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-12-07 15:06:36 +00:00
Vivek Kumbhar	213cf8004c	curl: fix CVE-2022-32221 POST following PUT Upstream-Status: Backport from https://github.com/curl/curl/commit/a64e3e59938abd7d6 (From OE-Core rev: 9af175e122acb93a412ad7a099f0eaa793a1c097) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-20 08:19:10 +00:00
Teoh Jay Shen	d143bac2a1	vim: Upgrade 9.0.0598 -> 9.0.0614 Include fixes for CVE-2022-3352. (From OE-Core rev: 30ade05280760253bb1de4f5d757363e1b7e4fc0) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-09 17:42:03 +00:00
Richard Purdie	f50439feb5	vim: Upgrade 9.0.0541 -> 9.0.0598 Includes a fix for CVE-2022-3278. (From OE-Core rev: bc13c16bec7a898ae3246e2a9ab586e8241af28e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 98c40271692147873a622e168e8b2e90a9fcc54c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-30 16:34:52 +01:00
Richard Purdie	483ab0979f	vim: Upgrade 9.0.453 -> 9.0.541 Includes a fix for CVE-2022-3234. (From OE-Core rev: dabda290f3d40a9ef4f2b5720634280f712f554d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d6b54f37aa4db1457296b8981b630a49d251ceb5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-30 16:34:52 +01:00
Sana Kazi	915a752d37	sqlite3: Fix CVE-2021-20223 Fix CVE-2021-20223 for sqlite3 Link: `d1d43efa4f`.patch (From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Virendra Thakur	10c6b704c0	sqlite3: Fix CVE-2020-35527 Add patch file to fix CVE-2020-35527 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Virendra Thakur	8b52687223	sqlite3: Fix CVE-2020-35525 Add patch to fix CVE-2020-35525 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-23 16:22:59 +01:00
Richard Purdie	537de1798b	vim: Upgrade 9.0.0341 -> 9.0.0453 Includes fixes for CVE-2022-3099 and CVE-2022-3134. (From OE-Core rev: 46ba253059738dbd4de4bc7a7ac02a2585c498f5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d042923262130b6b96f703b5cd4184f659caeb92) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 18:41:14 +01:00
Chee Yang Lee	9ca32cf9ab	gnutls: fix CVE-2021-4209 (From OE-Core rev: d08031bffafbd2df7e938d5599af9e818bddba04) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 17:53:28 +01:00
Richard Purdie	0566db5c82	vim: Upgrade 9.0.0242 -> 9.0.0341 Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982. (From OE-Core rev: c9a9d5a1f7fbe88422ccee542a89afbc4c5336e4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:52 +01:00
Robert Joslyn	8f4bbd9359	curl: Backport patch for CVE-2022-35252 https://curl.se/docs/CVE-2022-35252.html (From OE-Core rev: 59344420eb62060c79265a2557d2364c8174e46c) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Hitendra Prajapati	d24759196a	sqlite: CVE-2022-35737 assertion failure Source: https://www.sqlite.org/ MR: 120541 Type: Security Fix Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7 ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda Description: CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4. (From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +01:00
Richard Purdie	1cf135da98	vim: Upgrade 9.0.0115 -> 9.0.0242 Includes fixes for: CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 (From OE-Core rev: 169537045e614aa08052fd0130ea3199523bc8f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3ec2d27d09444213ec1c9b91c6f8c4363f297294) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +01:00
Randy MacLeod	ef2da8f28e	vim: update from 9.0.0063 to 9.0.0115 Drop crosscompile.patch which was merged as part of: 509695c1c (tag: v9.0.0065) patch 9.0.0065: \ cross-compiling doesn't work because of timer_create check Also drop: racefix.patch which may have been fixed upstream and is being tracked by: https://github.com/vim/vim/pull/10776 where upstream is asking if the different approach resolves the race condition. Let's see what's out there! (From OE-Core rev: 083d6de4139859a5eb66f78c2a62a1d59c8aee35) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 6996472cd33d2d4b91821f2dfe24a27a697e4afe) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:48 +01:00
Richard Purdie	5373e681cf	vim: Upgrade 9.0.0021 -> 9.0.0063 Pulls in several CVE fixes. Added a patch to avoid timer_create cross compile issue (and submitted upstream). Also submit the race fix upstream. We disable timer_create in the native case since some systems have it and some don't so this makes us consistent. Change from master commit: we also disable timer_create in the target case since the function isn't available in our glibc. (From OE-Core rev: f99677f79449032a3b0ea79d704fdccbd5be68b7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:48 +01:00
Hitendra Prajapati	ae4acc9f81	gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify Source: https://gitlab.com/gnutls/gnutls MR: 120421 Type: Security Fix Disposition: Backport from `ce37f9eb26` ChangeID: f0c84c6aa8178582ac9838c453dacdf2c7cae0e5 Description: CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify. (From OE-Core rev: 4cac37913d08f433668778e788f01e009dbb94bd) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-22 14:29:48 +01:00
Hitendra Prajapati	d323923047	gnupg: CVE-2022-34903 possible signature forgery via injection into the status line Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git MR: 119424 Type: Security Fix Disposition: Backport from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6 Description: CVE-2022-34903 gnupg: possible signature forgery via injection into the status line. (From OE-Core rev: 2bf155d59e33972bbb1780e34753199b5a9192a0) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-08 16:23:33 +01:00
Robert Joslyn	24fc40faef	curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208 Backport fixes for: * CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html * CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html * CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html (From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-25 15:09:02 +01:00
Ross Burton	61023f9e61	vim: upgrade to 9.0.0021 This fixes the following CVEs: - CVE-2022-2257 - CVE-2022-2264 - CVE-2022-2284 - CVE-2022-2285 - CVE-2022-2286 - CVE-2022-2287 (From OE-Core rev: 3230e5f734f69acfe05219da104e8818445c9eff) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 03c044a81a76b7505b9d5bf0d936dde75b51905e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-16 06:52:48 +01:00
Richard Purdie	60a98feb86	vim: 8.2.5083 -> 9.0.0005 The license checksum changed due to a major version change in the referenced file. (From OE-Core rev: cc245b75ebd8dfc4925a21e3ff08d841fef77635) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 89f34d8aa4f4572d048dbb732ca4c83d443157fb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-15 12:29:17 +01:00
Richard Purdie	8d6f9680e4	vim: Upgrade 8.2.5034 -> 8.2.5083 Includes fixes for CVE-2022-1927, CVE-2022-1942. (From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-22 23:46:32 +01:00
Robert Joslyn	42bb9689a0	curl: Fix CVE_CHECK_WHITELIST typo Fix typo to properly whitelist CVE-2021-22945. (From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-11 10:06:09 +01:00
Robert Joslyn	7da79fcac2	curl: Backport CVE fixes Backport patches to address CVE-2022-27774, CVE-2022-27781, and CVE-2022-27782. (From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-11 10:06:09 +01:00
Richard Purdie	1be2437fd2	libxslt: Mark CVE-2022-29824 as not applying We have libxml2 2.9.10 and we don't link statically against libxml2 anyway so the CVE doesn't apply to libxslt. (From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c) (From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2) Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `ad63694e6d`) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-11 10:06:09 +01:00
omkar patil	d3d92d7852	libxslt: Fix CVE-2021-30560 CVE: CVE-2021-30560 (From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817) Signed-off-by: omkar patil <omkar.patil@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-11 10:06:09 +01:00
Hitendra Prajapati	6be9d793a3	pcre2: CVE-2022-1587 Out-of-bounds read Source: https://github.com/PCRE2Project/pcre2 MR: 118031 Type: Security Fix Disposition: Backport from `03654e751e` ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933 Description: CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c. (From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-11 10:06:09 +01:00
Richard Purdie	34aaa93bfe	vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735 CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 (From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-04 12:16:59 +01:00
Hitendra Prajapati	475b0d3fad	pcre2: CVE-2022-1586 Out-of-bounds read Source: https://github.com/PCRE2Project/pcre2 MR: 118027 Type: Security Fix Disposition: Backport from `50a51cb7e6` ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713 Description: CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c. (From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:38:20 +01:00
Sana Kazi	fec7f76cfc	curl: Fix CVEs for curl Fix below listed CVEs: CVE-2022-22576 Link: `852aa5ad35`.patch CVE-2022-27775 Link: `058f98dc3f`.patch CVE-2022-27776 Link: `6e65999395`.patch (From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a) Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-20 10:08:00 +01:00
Richard Purdie	61c36064c8	vim: Upgrade 8.2.4681 -> 8.2.4912 Includes fixes for CVE-2022-1381, CVE-2022-1420. (From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-20 10:08:00 +01:00
Pawan Badganchi	de24466823	fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 CVE-2022-25308.patch Link: `ad3a19e637` CVE-2022-25309.patch Link: `f22593b82b` CVE-2022-25310.patch Link:`175850b03e` (From OE-Core rev: 1c96b8af59e105724db884967a982bb5a47a7eb1) Signed-off-by: Pawan Badganchi <badganchipv@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-14 20:26:34 +01:00
Ross Burton	49032f1e8d	boost: don't specify gcc version There's no need to specify an ancient GCC version here as Boost will probe it. (From OE-Core rev: 9ef2a0d98d705dacf8909d846993a6d68c80e4aa) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-03 17:50:06 +01:00
Richard Purdie	08a3ac8403	vim: Upgrade 8.2.4524 -> 8.2.4681 License change is a date in the license file only. This includes a fix for CVE-2022-0943. (From OE-Core rev: 1c68d33f4742df9bcec7d1032dab61d676f86371) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-21 21:26:01 +01:00
Martin Jansa	6b6d412f59	boost: fix native build with glibc-2.34 (From OE-Core rev: 64ba0d40a4c77a23778c51511f2d167e2056eea3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-09 08:27:11 +01:00
Davide Gardenal	9d155cbf95	re2c: backport fix for CVE-2018-21232 Backport commits from the following issue: https://github.com/skvadrik/re2c/issues/219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-23 23:16:12 +00:00
Richard Purdie	f3baa35d42	vim: Update to 8.2.4524 for further CVE fixes Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729. (From OE-Core rev: b7fa41cda88bffa5345d5b9768774cdf28f62b7b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d29988958e48534a0076307bb2393a3c1309e03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-11 23:44:42 +00:00

1 2 3 4 5 ...

2575 Commits