* [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912
@ 2022-05-08 12:34 Richard Purdie
2022-05-08 12:34 ` [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 Richard Purdie
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
0 siblings, 2 replies; 7+ messages in thread
From: Richard Purdie @ 2022-05-08 12:34 UTC (permalink / raw)
To: openembedded-core
Includes fixes for CVE-2022-1381, CVE-2022-1420.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 21ff036cf4cf..c5922b7fcd71 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -21,8 +21,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://racefix.patch \
"
-PV .= ".4681"
-SRCREV = "15f74fab653a784548d5d966644926b47ba2cfa7"
+PV .= ".4912"
+SRCREV = "a7583c42cd6b64fd276a5d7bb0db5ce7bfafa730"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
2022-05-08 12:34 [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912 Richard Purdie
@ 2022-05-08 12:34 ` Richard Purdie
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
1 sibling, 0 replies; 7+ messages in thread
From: Richard Purdie @ 2022-05-08 12:34 UTC (permalink / raw)
To: openembedded-core
Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../freetype/{freetype_2.12.0.bb => freetype_2.12.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/freetype/{freetype_2.12.0.bb => freetype_2.12.1.bb} (95%)
diff --git a/meta/recipes-graphics/freetype/freetype_2.12.0.bb b/meta/recipes-graphics/freetype/freetype_2.12.1.bb
similarity index 95%
rename from meta/recipes-graphics/freetype/freetype_2.12.0.bb
rename to meta/recipes-graphics/freetype/freetype_2.12.1.bb
index 3034977cd47c..46c6182630a1 100644
--- a/meta/recipes-graphics/freetype/freetype_2.12.0.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.12.1.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \
file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "ef5c336aacc1a079ff9262d6308d6c2a066dd4d2a905301c4adda9b354399033"
+SRC_URI[sha256sum] = "4766f20157cc4cf0cd292f80bf917f92d1c439b243ac3018debf6b9140c41a7f"
UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
@ 2022-05-08 16:45 ` richard.purdie
2022-05-09 10:40 ` Marta Rybczynska
0 siblings, 1 reply; 7+ messages in thread
From: richard.purdie @ 2022-05-08 16:45 UTC (permalink / raw)
To: openembedded-core; +Cc: Ross Burton, Steve Sakoman
On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
lists.openembedded.org wrote:
> Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>
>
I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
27405 and CVE-2022-27406 were already in 2.12.0.
I don't think the CVE checker is going to like these as they're using
dates for these for reasons I don't understand.
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
2022-05-08 16:45 ` [OE-core] " richard.purdie
@ 2022-05-09 10:40 ` Marta Rybczynska
2022-05-09 14:41 ` Marta Rybczynska
[not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org>
0 siblings, 2 replies; 7+ messages in thread
From: Marta Rybczynska @ 2022-05-09 10:40 UTC (permalink / raw)
To: Richard Purdie; +Cc: OE-core, Ross Burton, Steve Sakoman
[-- Attachment #1: Type: text/plain, Size: 730 bytes --]
On Sun, May 8, 2022 at 6:45 PM Richard Purdie <
richard.purdie@linuxfoundation.org> wrote:
> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
> lists.openembedded.org wrote:
> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
> >
> >
>
> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
> 27405 and CVE-2022-27406 were already in 2.12.0.
>
> I don't think the CVE checker is going to like these as they're using
> dates for these for reasons I don't understand.
>
>
They also include versions in the NVD, but there is no version "non-afected"
as of today for CVE-2022-27404. I'll figure out the exact versions for those
CVEs and update the NVD in the next hours.
Kind regards,
Marta
[-- Attachment #2: Type: text/html, Size: 1388 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
2022-05-09 10:40 ` Marta Rybczynska
@ 2022-05-09 14:41 ` Marta Rybczynska
[not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org>
1 sibling, 0 replies; 7+ messages in thread
From: Marta Rybczynska @ 2022-05-09 14:41 UTC (permalink / raw)
To: Richard Purdie; +Cc: OE-core, Ross Burton, Steve Sakoman
[-- Attachment #1: Type: text/plain, Size: 976 bytes --]
On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska <rybczynska@gmail.com>
wrote:
>
>
> On Sun, May 8, 2022 at 6:45 PM Richard Purdie <
> richard.purdie@linuxfoundation.org> wrote:
>
>> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
>> lists.openembedded.org wrote:
>> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>> >
>> >
>>
>> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
>> 27405 and CVE-2022-27406 were already in 2.12.0.
>>
>> I don't think the CVE checker is going to like these as they're using
>> dates for these for reasons I don't understand.
>>
>>
> They also include versions in the NVD, but there is no version "
> non-afected"
> as of today for CVE-2022-27404. I'll figure out the exact versions for
> those
> CVEs and update the NVD in the next hours.
>
> Kind regards,
> Marta
>
Update: the message to NVD has been sent. According to my analysis all three
CVEs have been fixed in 2.12.0.
Regards,
Marta
[-- Attachment #2: Type: text/html, Size: 1966 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
[not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org>
@ 2022-05-10 15:02 ` Marta Rybczynska
2022-05-10 15:42 ` richard.purdie
0 siblings, 1 reply; 7+ messages in thread
From: Marta Rybczynska @ 2022-05-10 15:02 UTC (permalink / raw)
To: Marta Rybczynska; +Cc: Richard Purdie, OE-core, Ross Burton, Steve Sakoman
[-- Attachment #1: Type: text/plain, Size: 1221 bytes --]
On Mon, May 9, 2022 at 4:42 PM Marta Rybczynska via lists.openembedded.org
<rybczynska=gmail.com@lists.openembedded.org> wrote:
>
>
> On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska <rybczynska@gmail.com>
> wrote:
>
>>
>>
>> On Sun, May 8, 2022 at 6:45 PM Richard Purdie <
>> richard.purdie@linuxfoundation.org> wrote:
>>
>>> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
>>> lists.openembedded.org wrote:
>>> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>>> >
>>> >
>>>
>>> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
>>> 27405 and CVE-2022-27406 were already in 2.12.0.
>>>
>>> I don't think the CVE checker is going to like these as they're using
>>> dates for these for reasons I don't understand.
>>>
>>>
>> They also include versions in the NVD, but there is no version "
>> non-afected"
>> as of today for CVE-2022-27404. I'll figure out the exact versions for
>> those
>> CVEs and update the NVD in the next hours.
>>
>> Kind regards,
>> Marta
>>
>
> Update: the message to NVD has been sent. According to my analysis all
> three
> CVEs have been fixed in 2.12.0.
>
The change is up in NVD. The next run of the cve-check should see it.
Regards,
Marta
[-- Attachment #2: Type: text/html, Size: 2567 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1
2022-05-10 15:02 ` Marta Rybczynska
@ 2022-05-10 15:42 ` richard.purdie
0 siblings, 0 replies; 7+ messages in thread
From: richard.purdie @ 2022-05-10 15:42 UTC (permalink / raw)
To: Marta Rybczynska; +Cc: OE-core, Ross Burton, Steve Sakoman
On Tue, 2022-05-10 at 17:02 +0200, Marta Rybczynska wrote:
> On Mon, May 9, 2022 at 4:42 PM Marta Rybczynska via
> lists.openembedded.org <rybczynska=gmail.com@lists.openembedded.org>
> wrote:
> > On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska
> > <rybczynska@gmail.com> wrote:
> > > On Sun, May 8, 2022 at 6:45 PM Richard Purdie
> > > <richard.purdie@linuxfoundation.org> wrote:
> > > > On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
> > > > lists.openembedded.org wrote:
> > > > > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-
> > > > > 27406.
> > > > >
> > > > >
> > > >
> > > > I'm amending this to "Include fix for CVE-2022-27404" since
> > > > CVE-2022-
> > > > 27405 and CVE-2022-27406 were already in 2.12.0.
> > > >
> > > > I don't think the CVE checker is going to like these as they're
> > > > using
> > > > dates for these for reasons I don't understand.
> > > >
> > > >
> > >
> > >
> > > They also include versions in the NVD, but there is no version
> > > "non-afected"
> > > as of today for CVE-2022-27404. I'll figure out the exact
> > > versions for those
> > > CVEs and update the NVD in the next hours.
> > >
> > > Kind regards,
> > > Marta
> > >
> >
> >
> > Update: the message to NVD has been sent. According to my analysis
> > all three
> > CVEs have been fixed in 2.12.0.
> >
>
>
> The change is up in NVD. The next run of the cve-check should see it.
Great, thanks for sorting that one out, the reports will be much better
for it!
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-05-10 15:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-08 12:34 [PATCH 1/2] vim: Upgrade 8.2.4681 -> 8.2.4912 Richard Purdie
2022-05-08 12:34 ` [PATCH 2/2] freetype: Upgrade 2.12.0 -> 2.12.1 Richard Purdie
[not found] ` <16ED214F51D113CA.5869@lists.openembedded.org>
2022-05-08 16:45 ` [OE-core] " richard.purdie
2022-05-09 10:40 ` Marta Rybczynska
2022-05-09 14:41 ` Marta Rybczynska
[not found] ` <16ED76DCD3B51CA1.18911@lists.openembedded.org>
2022-05-10 15:02 ` Marta Rybczynska
2022-05-10 15:42 ` richard.purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.