mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-31 20:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
59,680 Commits 38 Branches 622 Tags
f82639b50e3338ebc0a50cbb1a16ca8b197fd33d
Commit Graph

59680 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marta Rybczynska
f82639b50e grub: remove dead code 
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0319465b022e211f2a98ba5cee13a68818f5cf87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4463703292 grub: test for malformed jpeg files 
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d8cdb3a17f6e874d232979307a3f25511172d086)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
eca24c02ea grub: fix a possible integer overflow 
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d15e7cc6fc7de358da2fd1faa8a8ea5bc2fabe98)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
628257a582 grub: fix multiple integer overflows 
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 68b91792ed00f9decc85f300eefe0b7e8f80c98b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
7e7b8e38dc grub: fix an integer overflow 
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: fbf3260bd196a5d252ad5ccf2a5fe719d3bd9c7f)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b5eaa833ba grub: remove unneeded return value 
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: dd8837823a279290aec963be1a2646940719c767)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
acec862ed2 grub: fix a memory leak 
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: de075f9421a16e1728968349ba16b0d68d47efea)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
bd3bda5d03 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: e58e6e646c2efb91dba3ffa6db3a43b7972f0c87)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
4c7bfa8abe grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a9d0155842f0582a0d247c81bf972661f0a2cda8)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b46710743b grub: add a fix for a possible NULL dereference 
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 33aa1a133cf2893a6d3a1f94bd098ee1c16a8abc)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e2f193d252 grub: add a fix for a possible unintended sign extension 
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 69f6ae604b857eea93022d73fad668df07a7a056)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
10d619c8bb grub: add a fix for a memory leak 
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 95d61effb17a6f11abbaec6ba48cb3fa4926efb0)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
1246e75875 grub: fix an error check 
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: ec842684b572e5fe940762e1b5b4339e6ef6a0ba)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
f4c3f4508a grub: add a fix for possible integer overflows 
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a21a1f225090b2f9d4c76e323fa7cc2051587924)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
0dd3f436f4 grub: add a fix for a memory leak 
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: f2a474545b8ba61a43fcbcd3c375c5db9f0303ca)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b461e69025 grub: add a fix for a possible negative shift 
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: d5a93d55b5f3bfd890aa2925869d2a5ba4299801)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
3348511b94 grub: add a fix for a length check 
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 29470a74b944921641cd5d84b88c359acba26ad4)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
e97cfd1660 grub: fix an integer overflow 
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 85405f0d3a4b844f7bbb34717bd5f88b81acb074)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
40d7b77030 grub: fix a memory leak 
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: eb899a83bab5ab12143bd75a96427fa7615f2a6e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
b854e27c58 grub: fix a memory leak 
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 444a690c28fa78147273213f2ae19b1a67027a71)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
da4ba2d04e grub: fix a memory leak 
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 9fa41d5fbd1de899d1242c31d427262cd041d47c)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:37 +00:00
Marta Rybczynska
90b1d407c6 grub: add a missing NULL check 
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: c443bd15c975d05ca7afc44e81bda1e974833e36)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
495bf963be grub: add structure initialization in zstd 
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 370ea660d476bda0d4f45520815396036648d87a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
37f35c4782 grub: add a fix for unnecessary assignements 
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: bb0841ebfe1035af7eb807afd9bd59979b8a5dd1)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
877ea55a5b grub: fix an unitialized re_token in gnulib 
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 0ce9c21b776ef6bfeaef665829324d7a04c22ce9)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ba476f819f grub: add a fix for NULL pointer dereference 
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 133759837a226d70b77f9bc7757c293664c3a018)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ab977b3f49 grub: add a fix a NULL pointer dereference in gnulib 
This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 37900e0b112bfd66ae61c03470fd32f77dee1aac)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
e1122f6dad grub: fix an unitialized token in gnulib 
This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 301e2ff664409011d5650339ef22225cd2028041)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
db637b0555 grub: add a fix for unused variable in gnulib 
This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 30cf1e62b0f139cd6e1e3d5c09b7156acfb276b5)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
c4ca12868c grub: add a fix for a possible NULL pointer dereference 
This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: a49ffdd81e020224ea3e94a266e49d40ebb7198a)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
4a5a4dbcf6 grub: fix memory leak at error in grub_efi_get_filename() 
This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 1b192247fa913c29f5cdf22abe4e71a509b3861e)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
763007dff1 grub: add a fix for malformed device path handling 
This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.

This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 7f08d97fb6a0ff9c779f788df150b54de8af2708)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
ee33ef8242 grub: fix wrong handling of argc == 0 
This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 8e537ef16bc1ef4bc807cc165d3b7eb1301578de)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
058d20254f grub: fix a dangling memory pointer 
This change fixes a dangling memory pointer in the grub TFTP code.
It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 17a06ced4ed9305e0a4064bdaad49e653c18284b)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
6b514d38b7 grub: add a fix for a possible NULL dereference 
This fix removes a possible NULL pointer dereference in grub
networking code. It is a part of a security series [1].

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 5e62b476b541d3803e537f2228a264224b72cf81)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Marta Rybczynska
01eb48b7f5 grub: fix a memory leak 
Backport a fix for a memory leak in grub_mmap_iterate(). This patch
is a part of a security series [1]

[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

(From OE-Core rev: 330ef99ae58e025b78bf30b9a9d09b32dfa2f605)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Kartikey Rameshbhai Parmar
ac746716fc puzzles: Upstream changed to main branch for development 
(From OE-Core rev: 930f097ef9e40fd4631a24ce79b99a4eb166319b)

Signed-off-by: Kartikey Rameshbhai Parmar <kartikey.rameshbhai.parmar@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Chee Yang Lee
940fcf35b2 ruby: 2.7.4 -> 2.7.5 
This release includes security fixes.
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
CVE-2021-41816: Buffer Overrun in CGI.escape_html
CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

(From OE-Core rev: a7935c9c4a47098f0c1b2eefdf7773bd85891945)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Purushottam Choudhary
df471272ae tiff: fix for CVE-2022-22844 
Backport patch from:
03047a2695

(From OE-Core rev: 68b59e37d25ead5aaf68d24c6a55b7d1864203fa)

Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Ranjitsinh Rathod
bb6b6f5a55 openssl: Add fix for CVE-2021-4160 
Add a patch to fix CVE-2021-4160
The issue only affects OpenSSL on MIPS platforms.
Link: https://security-tracker.debian.org/tracker/CVE-2021-4160

(From OE-Core rev: 5216986fc6dfd06562efa5937581dc6fa77ad276)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-02 00:21:36 +00:00
Richard Purdie
c8987e7bca vim: Upgrade 8.2.4314 -> 8.2.4424 
License file had some grammar fixes.

Includes CVE-2022-0554.

(From OE-Core rev: 9360b92f98222cb74a93690f53570cd62633c0cf)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Richard Purdie
febd9f6715 vim: Upgrade 4269 -> 4134 
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.

Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.

(From OE-Core rev: f27f15977085dbdf7da28ed8ed60c02ffa009db8)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Ross Burton
acc692cfec vim: upgrade to patch 4269 
Upgrade to the latest patch release to fix the following CVEs:

- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319

(From OE-Core rev: e23cc56c6b8bd9cfb86803a1e1160a0b768cb286)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Ross Burton
3bb6c52e22 vim: update to include latest CVE fixes 
Update the version to 4.2.4118, which incorporates the following CVE
fixes:

- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158

Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.

(From OE-Core rev: faf83cac9ff82a3c795b2e8d82719bea43830f7f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Alexander Kanavin
4359fb29f9 vim: do not report upstream version check as broken 
As upstream tags point releases with every commit and
the version check still reports 8.2, it should not be considered
broken (e.g. current version newer than latest version)
until 8.3 is released.

(From OE-Core rev: 3db417e002684b4f09c52997017bed139ad95f5f)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 11d8ee09b1bdec4824203dc0169093b2ae9d101a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Ross Burton
dffd5c120b vim: upgrade to 8.2 patch 3752 
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.

Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.

(From OE-Core rev: 7b8b096000759357aa251a58a756e770a54590ad)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Ross Burton
7c237d3b2d vim: set PACKAGECONFIG idiomatically 
Don't set an empty default value and them immediately assign to it.

(From OE-Core rev: ad373242381feec72d0c257031da7671281c0321)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7565241437487618a57d8f3f21da6fed69f6b8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Steve Sakoman
c6b1d0eac1 Revert "vim: fix CVE-2021-4069" 
Prepare to cherry-pick CVE fixes from master

This reverts commit 9db3b4ac4018bcaedb995bc77a9e675c2bca468f.

(From OE-Core rev: 519f30e697f14d6a3864a22ec2e12544a9d3a107)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Konrad Weihmann
f58e88f4d8 ruby: fix DEPENDS append 
recent change create a blank scope of DEPENDS for class-target,
basically leaving out all general dependencies, leading to the effect
that ruby will be shipped without the runtime dependencies of zlib,
openssl and libffi, making the corresponding gems unusable at runtime.

As the class-target scope should be appended only the correct override
is append:class-target

(From OE-Core rev: 81fab225daf798792c139f669f5bfd96d9fd25a8)

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8f92444d388d2406be7d317578908975784d3f22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:43 +00:00
Alexander Kanavin
6060b500b9 ruby: correctly set native/target dependencies 
In particular libffi was missing from native, which
led to linking with host libffi instead.

(From OE-Core rev: 61e38b71566183e329d980e26fe8ffe8d331c3a1)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 293c9f879252a814107579542e8fca9af9dde599)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-23 23:43:42 +00:00