Age | Commit message (Collapse) | Author |
|
CVE's Fixed:
CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: libX11: stack exhaustion from infinite recursion in PutSubImage()
CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap overflow
(From OE-Core rev: 8175d023c203d524d011d8947f90fbd02786c6db)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
(From OE-Core rev: 1475a47239d77a368bcec69f12e5a63f8bebe14f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Remove duplication of license MIT from pixman bbfile.
(From OE-Core rev: 76f928359f76d449de0d884c591a5d9fdba9d19c)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add patch to fix CVE-2023-3138 for kirkstone branch
Link: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c.patch
(From OE-Core rev: 5491531d4681d3df5a34ebc180e29a8bf4e09e67)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
===========
test: skip compressed file tests when --disable-open-zfile is used
itlab CI: build with each of --enable-open-zfile & --disable-open-zfile
configure: correct error message to suggest --disable-open-zfile
Fix a memleak in ParsePixels error code path
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
open-zfile: Make compress & uncompress commands optional
Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
test: Use PACKAGE_BUGREPORT instead of hard-coded URL's
test: Add simple test cases for functions in src/rgb.c
xpmReadRgbNames: constify filename argument
XpmCreateDataFromXpmImage: Fix misleading indentation
parse.c: Wrap FREE_CIDX definition in do { ... } while(0)
parse.c: remove unused function xstrlcpy()
(From OE-Core rev: 22d9e097538f84a12dd262c1ae936fb8107c2768)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 4d9f0958eecdf683434d77a4f65611803cffd247)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upgrade libxpm 3.5.13 to 3.5.15
License-update: additional copyright holders
f0857c0 man pages: Correct Copyright/License notices
The above commit is introduced while upgrading the libxpm 3.5.15.
which is mentioned in below changelog.
Due to this commit LIC_FILES_CHKSUM is changed.
Disable reading compressed files as that requires compress/uncompress executables.
Following the approach in oe-core/master:
7de4084634 libxpm: upgrade 3.5.14 -> 3.5.15
Changelog:
-------------
-------------
ddd8339 libXpm 3.5.15
8178eb0 Use gzip -d instead of gunzip
c5ab17b Prevent a double free in the error code path
515294b Fix CVE-2022-4883: compression commands depend on $PATH
f80fa6a Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
f7fbbb9 test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
a3a7c6d Fix CVE-2022-46285: Infinite loop on unclosed comments
f7a167a test: add test case for CVE-2022-46285 (unclosed comments)
0ff2c6a cxpm: getc/ungetc wrappers should not adjust position when c == EOF
501494c test: Add unit tests using glib framework
4841039 configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
aef0c8d man pages: Apply standard man page style/formatting
5d55a0b man pages: Replace "See Also" entries with more useful ones
392cb8f man pages: Fix typos and other minor editing
08bc174 libXpm 3.5.14
f0857c0 man pages: Correct Copyright/License notices
deb81a9 man pages: Fix typos
2d5fa4c man pages: Add missing word 'function' where needed
2b7357e man pages: Make function synopses more consistent with other pages
fb8590c man pages: Fix shadow man pages
bfaebfd man pages: Make file names consistent with their displayed names
7a138a5 gitlab CI: add a basic build test
3433f43 man: strip trailing whitespace
9612454 Fix spelling/wording issues
fa16fbd Build xz tarballs instead of bzip2
83e5427 update man pages
e48e649 add man pages based on doc/xpm.PS
(From OE-Core rev: a549319e5fdae685f93122627226f9b102307bc3)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream has switched some new releases from bz2 to xz compression. Add
an XORG_EXT variable so recipes can set the file name extension needed
for the compression type.
Following the approach in oe-core/master:
6a8068e036b4b2a40b38896275b936916b4db76e xorg-lib-common: Add variable to set tarball type
use a variable for the tarball suffix/compression format.
(From OE-Core rev: 56ea2b625f81e397e911b3610130d3e838d10938)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef && https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af
(From OE-Core rev: b0e0cf44fb4f6e1cf562860766a2915ee8718f77)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1d2e131d9ba55626354264d454b2808e84751600)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 23df4760ebc153c484d467e51b414910c570a6f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libxkbcommon 1.4.1 - 2022-05-21
==================
- Fix compose sequence overriding (common prefix) not working correctly.
Regressed in 1.2.0.
- Remove various bogus currency sign (particulary Euro and Korean Won) entries
from the keysym <-> Unicode mappings. They prevented the real
keysyms/codepoints for these from mapping correctly.
(From OE-Core rev: 9311e798437c44f64f0256dd894a8173cb8b465d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75655c8b48b425beb42b23d8e596d3c987047792)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license in this code is listed as MIT and whilst it is compatible with and
usable as MIT, it actually looks like HPND. Clarify the license field accordingly.
(From OE-Core rev: 922b645f443c33060a8990d32e6b7b62ea5497c3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 61f90c25c062b78635da407c2efce85da74341ef)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
=========
- Add `enable-tools` option to Meson build (on by default) to allow disabling
the `xkbcli` tools.
- In `xkbcli list`, fix "YAML Norway problem" in output.
- In libxkbregistry, variants now inherit iso639, iso3166 and brief from parent
layout if omitted.
- In libxkbregistry, don't call `xmlCleanupParser()` - it's not supposed to
be called by libraries.
- In libxkbregistry, skip over invalid ISO-639 or ISO-3166 entries.
(From OE-Core rev: b5f516be42c7166eb1ac10b07ce05e95477c73f0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: dcc1c3c0a90696788c740c50a42000fe2395e7da)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped upstreamed patches.
(From OE-Core rev: dc3fcb6f9f6b4f54519265a95d59279fceb5cc97)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable by default, now that libraries are split into separate packages
this won't cause a change to existing setups.
(From OE-Core rev: aced64cbf6408af0d34c1db21a02e0666ac44848)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The sublibraries, such as libxkbcommon-x11, have specific linkage, so to
avoid link creep they can be put into separate packages.
(From OE-Core rev: 1a30af54d335db302393e14a0fa6cac4adbd1bee)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Not everyone wants the CLI, so put it in a separate package to reduce
mandatory dependencies.
(From OE-Core rev: f6777d4bc5a3f04c4fe12c508609ba84fdde67b2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 12aed9f72e610c0a20c7d9fe329edf7b7753740d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a hang-over from the autotools build system.
(From OE-Core rev: 500b63b000674f812e9f11681ff5c30a81107bb4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch has now been merged upstream.
(From OE-Core rev: 175ece3b5722c5bdbbe96bc55de849c62fb7a272)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are no traces of neither the BSD-2-Clause license nor the
BSD-4-Clause license being used in the code. There is one occurrence
of the BSD-1-Clause license. On the other hand, HPND and
HPND-sell-variant are all over the place.
(From OE-Core rev: b0f30792fd0ea41f1d1590dbe0452c956e018c82)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are no traces of neither the BSD-2-Clause license nor the
BSD-4-Clause license being used in the code. There is one occurrence
of the BSD-1-Clause license. On the other hand, HPND and
HPND-sell-variant are all over the place.
(From OE-Core rev: 5cd90092e21ad245df40a60feed3598dd9c6b98b)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This library is a dependancy of xserver-xorg 21.1.0.
(From OE-Core rev: b52bfac18a6b0f9216cd14da60e6fffb3e5669f1)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f238d6e766b05e730613127b503a1de63e3b7de8)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 79fa8c02d584e214dcce2b124c132cf58e2253de)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: e8099731d4cd586ff4525b3a036ea89debe06115)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Note that the actual license text is BSD 4-Clause with clause 3 rescinded:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/blob/master/COPYING#L157
(From OE-Core rev: 1649e9d281938a9183c5620612ed7a24a9b9f1e2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise licenses BSD-2-Clause BSD-4-Clause.
(From OE-Core rev: e55bc3bdb8698ea6673174d33f659518b55f1ff2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 44fd2aa731956fe0a0f74d36959c88b0b87adab5)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: e340bad91f3220a156572bde3c337425f5c36cfc)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1e75e8111e33799169b7a137ef7a9a0902c9b690)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 169fad9174370829a6a06468313675de3b43cac6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Configure with -Dvmx=enabled/disabled based on the Altivec feature.
(From OE-Core rev: f6996bb609beb0fae621dfd88f581c0a1c6e38fa)
Signed-off-by: Anton Blanchard <anton@ozlabs.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit dd9c3d042aa5c2ae0fd80b558ec7e9c793ff36f0 dropped the iwmmxt
disable as part of the meson conversion and said: "we can add this
back again if it fails." It does.
| cc1: warning: switch '-mcpu=arm1176jz-s' conflicts with switch '-march=iwmmxt2'
| FAILED: pixman/libpixman-1.so.0.40.0
| lto1: fatal error: target specific builtin not available
| compilation terminated.
(From OE-Core rev: afa713033a7fc9b7c4ac3d703ea9218b4d775def)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia1278d18543493a3f9eace6c2dd2f84701b9c2b1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The PKG value should only be munged for DEBIAN_NAMES during
populate_packages. Otherwise, native packages can have the wrong value.
(From OE-Core rev: e77dc392a33d93ab2becd438b6b17705c675dcd5)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
New xkeyboard-config writes defines that use _EVDEVK(), which makekeys
can't parse. Take a patch from upstream to also parse these symbols.
[ YOCTO #14489 ]
(From OE-Core rev: b63b6ceda629bd101b5889e61a27a6d99843460e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6ff1ab3fc0f12c2ffc81085b35b0041f435a8f94)
(From OE-Core rev: 89447c92908973813386d947de62e630ceaf0e6f)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 8cdc1767ce15185c99d85dc976f2a316a21cb28f)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With 1.7.2 it is not required any and although they mention glibc explicitly,
_GNU_SOURCE is set in config.h for musl either.
(From OE-Core rev: 976c4bb2b1ab75e3fe600a81adc451b698ea4b65)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Version 1.1.2 - This is a bug fix release, correcting a regression [1] introduced by and
improving the checks from the fix for CVE-2021-31535.
[1] https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/133
Alan Coopersmith (1):
libX11 1.7.2
Matthieu Herrb (2):
include <limits.h> always, not if HAVE_CONFIG_H is set.
Check for NULL strings before getting their lengths
Tobias Stoeckmann (1):
Protect against overly long strings
(From OE-Core rev: 2d98f8d257d31b334e70357093b6d2a355362688)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 129f3b20d68e4711dfc67af5a58341266a9d3969)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 71b53b096e66da4923cc4a79c429f3d5d3469d84)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a41f88496d99251ea88cf93e08f233b10580eaab)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: beb2c79c77f9a5370c633f3f7cd4f7302c0cf49a)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: eb5044711bd74cd37799feb55aa006fcbf5ad155)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
NR_futex is not defined by newer architectures e.g. riscv32 as
they only have 64bit variant of time_t. Glibc defines SYS_futex
interface based on __NR_futex, since this is used in applications,
such applications start to fail to build for these newer architectures.
Define a fallback to alias __NR_futex to __NR_futex_time64 to make
SYS_futex keep working.
Reference: https://git.openembedded.org/openembedded-core/commit/?id=7a218adf9990f5e18d0b6a33eb34091969f979c7
(From OE-Core rev: 81599bf32135187b34726d41e9f619d22ca1bdd1)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|