* [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912
@ 2022-05-08 12:34 Richard Purdie
2022-05-08 12:34 ` [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 Richard Purdie
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
0 siblings, 2 replies; 7+ messages in thread
From: Richard Purdie @ 2022-05-08 12:34 UTC (permalink / raw)
To: openembedded-core
Includes fixes for CVE-2022-1381, CVE-2022-1420.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 21ff036cf4cf..c5922b7fcd71 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -21,8 +21,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://racefix.patch \
"
-PV .= ".4681"
-SRCREV = "15f74fab653a784548d5d966644926b47ba2cfa7"
+PV .= ".4912"
+SRCREV = "a7583c42cd6b64fd276a5d7bb0db5ce7bfafa730"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 2022-05-08 12:34 [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912 Richard Purdie @ 2022-05-08 12:34 ` Richard Purdie [not found] ` <16ED214F51D113CA.5869@lists.openembedded.org> 1 sibling, 0 replies; 7+ messages in thread From: Richard Purdie @ 2022-05-08 12:34 UTC (permalink / raw) To: openembedded-core Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- .../freetype/{freetype_2.12.0.bb => freetype_2.12.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/freetype/{freetype_2.12.0.bb => freetype_2.12.1.bb} (95%) diff --git a/meta/recipes-graphics/freetype/freetype_2.12.0.bb b/meta/recipes-graphics/freetype/freetype_2.12.1.bb similarity index 95% rename from meta/recipes-graphics/freetype/freetype_2.12.0.bb rename to meta/recipes-graphics/freetype/freetype_2.12.1.bb index 3034977cd47c..46c6182630a1 100644 --- a/meta/recipes-graphics/freetype/freetype_2.12.0.bb +++ b/meta/recipes-graphics/freetype/freetype_2.12.1.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \ file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "ef5c336aacc1a079ff9262d6308d6c2a066dd4d2a905301c4adda9b354399033" +SRC_URI[sha256sum] = "4766f20157cc4cf0cd292f80bf917f92d1c439b243ac3018debf6b9140c41a7f" UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" -- 2.34.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <16ED214F51D113CA.5869@lists.openembedded.org>]
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 [not found] ` <16ED214F51D113CA.5869@lists.openembedded.org> @ 2022-05-08 16:45 ` richard.purdie 2022-05-09 10:40 ` Marta Rybczynska 0 siblings, 1 reply; 7+ messages in thread From: richard.purdie @ 2022-05-08 16:45 UTC (permalink / raw) To: openembedded-core; +Cc: Ross Burton, Steve Sakoman On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via lists.openembedded.org wrote: > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. > > I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- 27405 and CVE-2022-27406 were already in 2.12.0. I don't think the CVE checker is going to like these as they're using dates for these for reasons I don't understand. Cheers, Richard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 2022-05-08 16:45 ` [OE-core] " richard.purdie @ 2022-05-09 10:40 ` Marta Rybczynska 2022-05-09 14:41 ` Marta Rybczynska [not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org> 0 siblings, 2 replies; 7+ messages in thread From: Marta Rybczynska @ 2022-05-09 10:40 UTC (permalink / raw) To: Richard Purdie; +Cc: OE-core, Ross Burton, Steve Sakoman [-- Attachment #1: Type: text/plain, Size: 730 bytes --] On Sun, May 8, 2022 at 6:45 PM Richard Purdie < richard.purdie@linuxfoundation.org> wrote: > On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via > lists.openembedded.org wrote: > > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. > > > > > > I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- > 27405 and CVE-2022-27406 were already in 2.12.0. > > I don't think the CVE checker is going to like these as they're using > dates for these for reasons I don't understand. > > They also include versions in the NVD, but there is no version "non-afected" as of today for CVE-2022-27404. I'll figure out the exact versions for those CVEs and update the NVD in the next hours. Kind regards, Marta [-- Attachment #2: Type: text/html, Size: 1388 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 2022-05-09 10:40 ` Marta Rybczynska @ 2022-05-09 14:41 ` Marta Rybczynska [not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org> 1 sibling, 0 replies; 7+ messages in thread From: Marta Rybczynska @ 2022-05-09 14:41 UTC (permalink / raw) To: Richard Purdie; +Cc: OE-core, Ross Burton, Steve Sakoman [-- Attachment #1: Type: text/plain, Size: 976 bytes --] On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska <rybczynska@gmail.com> wrote: > > > On Sun, May 8, 2022 at 6:45 PM Richard Purdie < > richard.purdie@linuxfoundation.org> wrote: > >> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via >> lists.openembedded.org wrote: >> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. >> > >> > >> >> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- >> 27405 and CVE-2022-27406 were already in 2.12.0. >> >> I don't think the CVE checker is going to like these as they're using >> dates for these for reasons I don't understand. >> >> > They also include versions in the NVD, but there is no version " > non-afected" > as of today for CVE-2022-27404. I'll figure out the exact versions for > those > CVEs and update the NVD in the next hours. > > Kind regards, > Marta > Update: the message to NVD has been sent. According to my analysis all three CVEs have been fixed in 2.12.0. Regards, Marta [-- Attachment #2: Type: text/html, Size: 1966 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <16ED76DCD3B51CA1.18911@lists.openembedded.org>]
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 [not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org> @ 2022-05-10 15:02 ` Marta Rybczynska 2022-05-10 15:42 ` richard.purdie 0 siblings, 1 reply; 7+ messages in thread From: Marta Rybczynska @ 2022-05-10 15:02 UTC (permalink / raw) To: Marta Rybczynska; +Cc: Richard Purdie, OE-core, Ross Burton, Steve Sakoman [-- Attachment #1: Type: text/plain, Size: 1221 bytes --] On Mon, May 9, 2022 at 4:42 PM Marta Rybczynska via lists.openembedded.org <rybczynska=gmail.com@lists.openembedded.org> wrote: > > > On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska <rybczynska@gmail.com> > wrote: > >> >> >> On Sun, May 8, 2022 at 6:45 PM Richard Purdie < >> richard.purdie@linuxfoundation.org> wrote: >> >>> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via >>> lists.openembedded.org wrote: >>> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. >>> > >>> > >>> >>> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022- >>> 27405 and CVE-2022-27406 were already in 2.12.0. >>> >>> I don't think the CVE checker is going to like these as they're using >>> dates for these for reasons I don't understand. >>> >>> >> They also include versions in the NVD, but there is no version " >> non-afected" >> as of today for CVE-2022-27404. I'll figure out the exact versions for >> those >> CVEs and update the NVD in the next hours. >> >> Kind regards, >> Marta >> > > Update: the message to NVD has been sent. According to my analysis all > three > CVEs have been fixed in 2.12.0. > The change is up in NVD. The next run of the cve-check should see it. Regards, Marta [-- Attachment #2: Type: text/html, Size: 2567 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 2022-05-10 15:02 ` Marta Rybczynska @ 2022-05-10 15:42 ` richard.purdie 0 siblings, 0 replies; 7+ messages in thread From: richard.purdie @ 2022-05-10 15:42 UTC (permalink / raw) To: Marta Rybczynska; +Cc: OE-core, Ross Burton, Steve Sakoman On Tue, 2022-05-10 at 17:02 +0200, Marta Rybczynska wrote: > On Mon, May 9, 2022 at 4:42 PM Marta Rybczynska via > lists.openembedded.org <rybczynska=gmail.com@lists.openembedded.org> > wrote: > > On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska > > <rybczynska@gmail.com> wrote: > > > On Sun, May 8, 2022 at 6:45 PM Richard Purdie > > > <richard.purdie@linuxfoundation.org> wrote: > > > > On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via > > > > lists.openembedded.org wrote: > > > > > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022- > > > > > 27406. > > > > > > > > > > > > > > > > > > I'm amending this to "Include fix for CVE-2022-27404" since > > > > CVE-2022- > > > > 27405 and CVE-2022-27406 were already in 2.12.0. > > > > > > > > I don't think the CVE checker is going to like these as they're > > > > using > > > > dates for these for reasons I don't understand. > > > > > > > > > > > > > > > > > They also include versions in the NVD, but there is no version > > > "non-afected" > > > as of today for CVE-2022-27404. I'll figure out the exact > > > versions for those > > > CVEs and update the NVD in the next hours. > > > > > > Kind regards, > > > Marta > > > > > > > > > Update: the message to NVD has been sent. According to my analysis > > all three > > CVEs have been fixed in 2.12.0. > > > > > The change is up in NVD. The next run of the cve-check should see it. Great, thanks for sorting that one out, the reports will be much better for it! Cheers, Richard ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-05-10 15:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-08 12:34 [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912 Richard Purdie
2022-05-08 12:34 ` [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 Richard Purdie
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
2022-05-08 16:45 ` [OE-core] " richard.purdie
2022-05-09 10:40 ` Marta Rybczynska
2022-05-09 14:41 ` Marta Rybczynska
[not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org>
2022-05-10 15:02 ` Marta Rybczynska
2022-05-10 15:42 ` richard.purdie
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.