| Age | Commit message (Collapse) | Author |
|---|
|
https://www.vim.org/vim-9.1-released.php
Vim 9.1 is available
The Vim project is happy to announce that Vim 9.1 has finally been released.
This release is dedicated to Bram Moolenaar, Vim's lead developer for more
than 30 years, who passed away half a year ago. The Vim project wouldn't
exist without his work!
Vim 9.1 is mainly a bug fix release, it contains hundreds of bug fixes, a
few new features and there are many minor improvements.
Changes:
https://github.com/vim/vim/compare/v9.0.2130...v9.1.0114
CVE: CVE-2024-22667
(includes commit https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47)
(From OE-Core rev: 9f7e9c0f4360469b9775372272e0a442c7cc06c8)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
https://github.com/vim/vim/compare/v9.0.2068...v9.0.2130
CVE: CVE-2023-48231
CVE: CVE-2023-48232
CVE: CVE-2023-48233
CVE: CVE-2023-48234
CVE: CVE-2023-48235
CVE: CVE-2023-48236
CVE: CVE-2023-48237
(From OE-Core rev: 5978d565a9e700485fc563dfe2e3c0045dd74b59)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes CVE fix for CVE-2023-46246.
9198c1f2b (tag: v9.0.2068) patch 9.0.2068: [security] overflow in :history
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46246
(From OE-Core rev: 63bc72ccb63d2f8eb591d7cc481657a538f0fd42)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A previous commit attempted to fix reproducibility errors by forcing
regeneration of .po files. Unfortunately this triggered a different
type of reproducibility issue.
Work around this by adjusting the timestamps of the troublesome .po
files so they are not regenerated and we use the shipped upstream
versions of the files.
The shipped version of ru.cp1251.po doesn't seem to have been created
with the vim tooling and specifies CP1251 instead of cp1251, fix that.
(From OE-Core rev: 13d9551ba626f001c71bf908df16caf1d739cf13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When making checkouts from git, the timestamps can vary and occasionally two files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po from
ru.po for example. If it isn't regenerated, the output isn't quite the same leading
to reproducibility issues (CP1251 vs cp1251).
Since we added all locales to buildtools tarball now, we can drop the locale
restrictions too. We need to generate a native binary for the sjis conversion
tool so also tweak that.
(From OE-Core rev: 042c1a501b1dae5ddb31307b461be02c3591c589)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes CVE fix for CVE-2023-5535.
(From OE-Core rev: 9292eb70a2a0871cf235e4df0257d7028f43a278)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes CVE fix for CVE-2023-5441.
(From OE-Core rev: 539b0c8938b7ac4338b087e04d8b8624b7546237)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes multiple CVE fixes.
The license change is due to changes in maintainership, the license
itself is unchanged.
(From OE-Core rev: 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-3896
8154e642a (tag: v9.0.1664) patch 9.0.1664: divide by zero when scrolling with 'smoothscroll' set
(From OE-Core rev: 4a1ab744142c9229f03a359b45e5e89a1fbae0d3)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
vim 8.3 has been out for a long time, so this comment is obsolete.
However we still need UPSTREAM_VERSION_UNKNOWN, since we ignore
the last digit of the upstream version number.
Test result:
$ devtool check-upgrade-status vim
...
INFO: vim 9.0.1592 UNKNOWN Tom Rini <trini@konsulko.com> c0370529c027abc5b1698d53fcfb8c02a0c515da
(From OE-Core rev: 65f5de85c3f488136d1ec2b1f7fe8d8426d6c5b3)
(From OE-Core rev: 868a19357841470eb55fb7f1c4ab1af09dea99ed)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-2609
d1ae836 patch 9.0.1531: crash when register contents ends up being invalid
https://nvd.nist.gov/vuln/detail/CVE-2023-2610
ab9a2d8 patch 9.0.1532: crash when expanding "~" in substitute causes very long text
(From OE-Core rev: 1e4b4dfb4145bc00eb6937b5f54a41170e9a5b4c)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-2426
caf642c25 patch 9.0.1499: using uninitialized memory with fuzzy matching
(From OE-Core rev: 4f9a8df5aca99d0a5c2d2346b27ce7be08e7896c)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: CVE-2023-1127, CVE-2023-1170, CVE-2023-1175,
CVE-2023-1264, CVE-2023-1355
(From OE-Core rev: 2415072c3800feb164dd4d1fa0b56bd141a5cbd8)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This incorporates fixes for CVE-2023-1127, CVE-2023-1170, CVE-2023-1175.
Also remove runtime/doc/uganda.txt from the license checksum: the Vim
license is also in the top-level LICENSE file so this is redundant.
(From OE-Core rev: 71111e6b62d37c5e6853d7940dec2993df127a35)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clause II.3 of the Vim license states that any distribution of Vim that
has been extended or modified must _at least_ indicate in the :version
output that this is the case.
Handily, Vim has a --with-modified-by argument to add a line in that
text, so use MAINTAINER. This is the distribution maintainer contact,
by default it is OE-Core Developers
<openembedded-core@lists.openembedded.org>.
(From OE-Core rev: acc007e23445aa53182e13902dd9509c39dd5645)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.
[ YOCTO #15044 ]
(From OE-Core rev: 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6d77dbe499ee362b6e28902f1efcf52b961037a5)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for:
https://nvd.nist.gov/vuln/detail/CVE-2023-0049
https://nvd.nist.gov/vuln/detail/CVE-2023-0051
https://nvd.nist.gov/vuln/detail/CVE-2023-0054
https://nvd.nist.gov/vuln/detail/CVE-2023-0288
(From OE-Core rev: 1c51068c78d12ee02789a6dbecf5e7e91d141af5)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-4141
https://nvd.nist.gov/vuln/detail/CVE-2022-4141
For a short list of important changes, see:
https://www.arp242.net/vimlog/
(From OE-Core rev: 160f459febc7fb36cc0fe85c63eb26780ace3bfd)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-3705
https://nvd.nist.gov/vuln/detail/CVE-2022-3705
For a short list of important changes, see:
https://www.arp242.net/vimlog/
(From OE-Core rev: f6d917bd0f8810b5ed8d403ad25d59cda2fc9574)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Include fixes for CVE-2022-3352.
(From OE-Core rev: 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes a fix for CVE-2022-3278.
(From OE-Core rev: 98c40271692147873a622e168e8b2e90a9fcc54c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes a fix for CVE-2022-3234.
(From OE-Core rev: d6b54f37aa4db1457296b8981b630a49d251ceb5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-3099 and CVE-2022-3134.
(From OE-Core rev: d042923262130b6b96f703b5cd4184f659caeb92)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.
(From OE-Core rev: 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for:
CVE-2022-2816
CVE-2022-2817
CVE-2022-2819
CVE-2022-2845
CVE-2022-2849
CVE-2022-2862
CVE-2022-2874
CVE-2022-2889
(From OE-Core rev: 3ec2d27d09444213ec1c9b91c6f8c4363f297294)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop crosscompile.patch which was merged as part of:
509695c1c (tag: v9.0.0065) patch 9.0.0065: \
cross-compiling doesn't work because of timer_create check
Also drop: racefix.patch which may have been fixed upstream
and is being tracked by:
https://github.com/vim/vim/pull/10776
where upstream is asking if the different approach resolves the
race condition. Let's see what's out there!
(From OE-Core rev: 6996472cd33d2d4b91821f2dfe24a27a697e4afe)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.
(From OE-Core rev: d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes the following CVEs:
- CVE-2022-2257
- CVE-2022-2264
- CVE-2022-2284
- CVE-2022-2285
- CVE-2022-2286
- CVE-2022-2287
(From OE-Core rev: 03c044a81a76b7505b9d5bf0d936dde75b51905e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license checksum changed due to a major version change in the referenced file.
(From OE-Core rev: 89f34d8aa4f4572d048dbb732ca4c83d443157fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-1927, CVE-2022-1942.
(From OE-Core rev: 1e740b5c2227c0040621ae63436d06db4873670f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735
CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796
(From OE-Core rev: fafce97bd440150ac5c586b53b887ee70a5b66bd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-1381, CVE-2022-1420.
(From OE-Core rev: 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License change is a date in the license file only.
This includes a fix for CVE-2022-0943.
(From OE-Core rev: 69bc2f37d6ca7fa4823237b45dd698b8debca0a9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729.
(From OE-Core rev: 0d29988958e48534a0076307bb2393a3c1309e03)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License file had some grammar fixes.
Includes CVE-2022-0554.
(From OE-Core rev: a8d0a4026359c2c8a445dba9456f8a05470293c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License text underwent changes on how to submit Uganda donations, switch from http
to https urls and an update date change but the license itself is unchanged.
Also, add an entry for the top level license file. This is also the vim license
so LICENSE is unchanged but we should monitor it too.
(From OE-Core rev: d195005e415b0b2d7c8b0b65c0aef888d4d6fc8e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade to the latest patch release to fix the following CVEs:
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
(From OE-Core rev: 96442e681c3acd82b09e3becd78e902709945f1f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the version to 4.2.4118, which incorporates the following CVE
fixes:
- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.
(From OE-Core rev: 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As upstream tags point releases with every commit and
the version check still reports 8.2, it should not be considered
broken (e.g. current version newer than latest version)
until 8.3 is released.
(From OE-Core rev: 11d8ee09b1bdec4824203dc0169093b2ae9d101a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.
Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.
(From OE-Core rev: 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Don't set an empty default value and them immediately assign to it.
(From OE-Core rev: d7565241437487618a57d8f3f21da6fed69f6b8a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a fix for -3972, and whitelist -3968: it isn't valid as it
fixes a bug which was introduced after 8.2.
(From OE-Core rev: bec5caadfb53638748d8c41ce7230c2bf7808d27)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2001631e7a6edb7adc40ee4357466cc54472db71)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from upstream to fix these CVEs.
(From OE-Core rev: b493eb4f9a6bb75a2f01a53b6c70762845bf79f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Github has announced there will be no more git:// fetching from their servers:
https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
and they're about to start having brownout periods to encourage people
to update. This runs the conversion script over OE-Core to update our
urls to use https instead of git.
(From OE-Core rev: b37b61e9a1e448a34957db9ae39285d21352552e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
(From OE-Core rev: b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
vim is vulnerable to Heap-based Buffer Overflow
reference:
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f
(From OE-Core rev: 494929c4cec21712884e13172c37efad7c908411)
(From OE-Core rev: d7fac573f1e1c9cd93181bce60df5666f5b5b03f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 54d3d023ce55ba4a7160ed25a283f0918e7d8e2e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Tim Orling
Archana Polampalli
Steve Sakoman
Richard Purdie
Siddharth Doshi
Etienne Cordonnier
Trevor Gamblin
Randy MacLeod
Ross Burton
Alexander Kanavin
Qiu, Zheng
Teoh Jay Shen
Ross Burton
Minjae Kim