mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-04-01 14:02:23 +02:00

Author	SHA1	Message	Date
Christopher Larson	a34a5fb3eb	dosfstools: fix CP437 error from `dosfsck -l` Fix this error seen when using dosfsck -l to list fs contents: CP437: Invalid argument (From OE-Core rev: 8a5fdac3c2d207b2cfac64ec2a2626c3ef154d84) (From OE-Core rev: a6bd358a27a9346ab364734ca22f35b30f4eb590) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Anuj Mittal	6945f565c9	libarchive: fix CVE-2019-19221 Also see: https://github.com/libarchive/libarchive/issues/1276 (From OE-Core rev: 422bef7a205b9b5d48d5b0e0b2b14ac65484607a) (From OE-Core rev: f3e7298c32c430dfc955a2023474810ae32926ba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Anuj Mittal	5d1aeb4163	glibc: fix CVE-2019-19126 Backport from 2.30 stable branch and drop NEWS section. (From OE-Core rev: b4d4f70380c100d8ab06557237d8d5649a885e30) (From OE-Core rev: 3d790738abd884121372f1e00170f9b42b13b5f1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Anuj Mittal	e9e96e6e61	nasm: fix CVE-2019-14248 See: https://bugzilla.nasm.us/show_bug.cgi?id=3392576 (From OE-Core rev: 5ac52e78775759d2d06514ac2ae4c98e94190875) (From OE-Core rev: f1cc582fe1db4d0d4e87316646a7065c4051c906) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Anuj Mittal	f5d638a93e	ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://www.openwall.com/lists/oss-security/2019/08/28/2 (From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944) (From OE-Core rev: 85ae609d789763f9a6400dc603b675cb57bd7654) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Ross Burton	4c72d90822	libsoup-2.4: upgrade to 2.66.4 Fixes CVE-2019-17266. (From OE-Core rev: ffdbcd78955d43d34988991f1d217036f044167d) (From OE-Core rev: d54d6c994850f4c6994dc0974f905148a024e98f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix release: https://gitlab.gnome.org/GNOME/libsoup/compare/2.66.2...2.66.4] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Hongxu Jia	198870249e	go: fix CVE-2019-17596 `2017d88dbc` (From OE-Core rev: 581de91fcf73675f638e7b739dd99291baf36f50) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Adrian Bunk	ccca64c80a	bind: Whitelist CVE-2019-6470 (From OE-Core rev: 016bb19213832409dd5b914d54f8af08037e9c07) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Vinay Kumar	473cb322c9	gdb: Fix CVE-2019-1010180 Source: git://sourceware.org/git/binutils-gdb.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=23657 Backported upstream commit 950b74950f6020eda38647f22e9077ac7f68ca49 to gdb-8.3.1 sources. Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49] (From OE-Core rev: 82a227e54e704ef9237c1613b9d3350fa26fe9dd) (From OE-Core rev: 0a20e92a02b3ba1687792b3607c0e30a6247b42b) Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Stefan Ghinea	bb702471b5	ghostscript: CVE-2019-14869 A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. References: https://nvd.nist.gov/vuln/detail/CVE-2019-14869 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904 (From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c) (From OE-Core rev: 9827b7df6f008f4384bbe22beeb0fe6adfeb36d6) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-06 14:49:33 +00:00
Kai Kang	5d50b0549e	bitbake: runqueue.py: not show warning for deferred multiconfig task When follow the instructions of multiconfig from Yocto dev manual that set in core-image-sato recipe: do_image[mcdepends] = "multiconfig:x86:arm:core-image-minimal:do_rootfs" it show too many annoying warnings look like: \| WARNING: Deferring mc:x86:virtual:native:/buildarea6/kkang/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb:do_populate_sysroot \| after mc:arm: virtual:native:/buildarea6/kkang/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb:do_populate_sysroot Treat them as infomations rather than warnings. (Bitbake rev: cfa307aabf710d79c404a8571b4158b864a94727) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-29 11:26:18 +00:00
Richard Purdie	12a4c177bb	build-appliance-image: Update to zeus head revision (From OE-Core rev: 75a4cabf55e13e6714c0fdb229cd51b5184ddbef) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> yocto-3.0.1 zeus-22.0.1	2019-11-27 13:07:39 +00:00
Richard Purdie	cf0cefd53c	bitbake: tests/runqueue: Fix to match recent task migration fixes (Bitbake rev: 8569ccb5e9fbdeaaf96b78bd02a263b26de54059) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-27 11:03:38 +00:00
Richard Purdie	06c6dc9301	build-appliance-image: Update to zeus head revision (From OE-Core rev: 5a0ccf24fe00728823ee687823f34d843539df68) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-26 22:27:51 +00:00
Richard Purdie	7719a7af93	build-appliance: Use zeus as the branch (From OE-Core rev: 4a14eb567b51fbdf1f0630b7c63a289bc66f3b80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-26 22:27:41 +00:00
Richard Purdie	a972597652	build-appliance-image: Update to zeus head revision (From OE-Core rev: 378b6de44909a383ac002b00ba6da54de77aa61c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-26 21:47:56 +00:00
Richard Purdie	43710d4805	poky.conf: Bump version for 3.0.1 zeus release (From meta-yocto rev: 1fd5a106ed22e1c932ec25b5bbd977440cdb2232) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-26 21:47:01 +00:00
Carlos Rafael Giani	823a79d873	gstreamer: Change SRC_URI to use HTTPS access instead of HTTP Some GStreamer recipes like gstreamer1.0-vaapi already use HTTPS instead of http. Also, access to http:// is simply redirected by the freedesktop server to https://, and using HTTPS is anyway generally recommended over plain HTTP for security reasons. So, normalize the URLs to use HTTPS only. (From OE-Core rev: 7ca54d025168688b1b612c43c9ed4bc0f2ca4d02) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	6c5493908c	gst-validate: upgrade to version 1.16.1 (From OE-Core rev: 2dc11f32c6ddfbfc39317ed8ef08a0010b612ea3) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	8222c38b52	gstreamer1.0-rtsp-server: upgrade to version 1.16.1 (From OE-Core rev: 8e80527d545d1e9588e4a3a808a01ccd1f185139) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	9dc42a094a	gstreamer1.0-python: upgrade to version 1.16.1 (From OE-Core rev: 0378bc80633c345452abb7d002873cccf402c3f6) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	3277ee2c16	gstreamer1.0-omx: upgrade to version 1.16.1 (From OE-Core rev: a11e9d9cbd7fa6eba887bb9094c841b85bccb2c4) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	adde04efac	gstreamer1.0-vaapi: upgrade to version 1.16.1 (From OE-Core rev: 95f10a15a87836cb569f81292c89c7bf159e4e6d) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	d482c10335	gstreamer1.0-libav: upgrade to version 1.16.1 Removed gtkdoc-no-tree.patch since its changes are now included in 1.16.1 (From OE-Core rev: b8b52c405a241a6901b291ff7f6f8319bbd68652) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	3a4712e834	gstreamer1.0-plugins-ugly: upgrade to version 1.16.1 (From OE-Core rev: bed2a8de47534436f811e40bc1b261fa73eb920b) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	8e363fb137	gstreamer1.0-plugins-bad: upgrade to version 1.16.1 (From OE-Core rev: 48f375103a569838ee345716390dc5595cec1e83) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	baf9b40fb2	gstreamer1.0-plugins-good: upgrade to version 1.16.1 * 0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch * headerfix.patch Removed since these changes are already included in 1.16.1 (From OE-Core rev: f992741666ddc83ccbf3149f1544b95958150620) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	69da36a0a6	gstreamer1.0-plugins-base: upgrade to version 1.16.1 (From OE-Core rev: 91fb2701cb84959eb35da2aaf605ab815eaa95dc) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:41 +00:00
Carlos Rafael Giani	e571c88c44	gstreamer1.0: upgrade to version 1.16.1 (From OE-Core rev: 8946642d425099717d7fc00a01ced9954263517c) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> [ Bug fix only update per release notes: https://gstreamer.freedesktop.org/releases/1.16/#1.16.1] 1.16.1 The first 1.16 bug-fix release (1.16.1) was released on 23 September 2019 This release only contains bugfixes and it should be safe to update from 1.16.0. ] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Kai Kang	a8f6e31beb	bind: fix CVE-2019-6471 and CVE-2018-5743 Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind. CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the other 6 patches are for CVE-2018-5743. And backport one more patch to fix compile error on arm caused by these 6 commits. (From OE-Core rev: 3c39d4158677b97253df63f23b74c3a9dd5539f6) (From OE-Core rev: 07a8d013383b622eabfcefec9378c857b5265c05) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Zheng Ruoqin	5655adda72	tiff: Refresh patch Refresh CVE-2019-7663.patch as it can't be applyed when using PATCHTOOL = "patch". (From OE-Core rev: 9c44ecdb9bd6d70f0dfde2a8f0b52015fb6a1d86) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Alexander Kanavin	a629b6ca52	python: update to 2.7.17 Drop backports, rebase a couple of patches. This is the second last release of py 2.x; upstream support ends on 1 January 2020, there will be one final 2.x afterwards. Note that the only thing that still needs python 2.x in oe-core is u-boot; when the next u-boot update arrives, we should find out where the py3 migration is for that component before merging the update. (From OE-Core rev: 184b60eb905bb75ecc7a0c29a175e624d8555fac) (From OE-Core rev: d8cd909e7c073eb6365732e5c906f52933fe2e66) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Alexander Kanavin	e8e3b2ce49	Revert "devtool/standard.py: Not filtering devtool workspace for devtool finish" This reverts commit `41d225f4a3`. Unfortunately this change broke 'devtool upgrade' functionality, causing 'devtool finish' to write out an upgraded recipe that no longer includes the original upstream source in SRC_URI. (From OE-Core rev: 2d6e55192dba0bf7f6e23e5ab5b3dbc68835bb28) (From OE-Core rev: 2bb221ee5689f13d44b7452738f5a97baa1815a1) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Anuj Mittal	4c8a760115	boost: fix build for x32 Commit: `d336110b94` boost: update to 1.67.0 dropped the patch that ensured boost doesn't over-ride the architecture flags set by us resulting in errors: \| build/tmp/work/x86_64_x32-poky-linux-gnux32/boost/1.69.0-r0/recipe-sysroot/usr/include/bits/long-double.h:44:10: fatal error: bits/long-double-64.h: No such file or directory \| #include <bits/long-double-64.h> \| ^~~~~~~~~~~~~~~~~~~~~~~ \| compilation terminated. Remove the relevant part from gcc.jam again to ensure we are passing them correctly again. Fixes [YOCTO #13598] (From OE-Core rev: aad28f42b1c8aa1335c040630ebff4a69be07e35) (From OE-Core rev: ebbfe23acfbc820ad7b71c95539b5af97a8be49d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	c1cbb6fd15	cve-check: fetch CVE data once at a time instead of in a single call This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 250000. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) (From OE-Core rev: 3ded9a64c95ae02df7562fc69e2af08c150d2452) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	1f4750c47f	cve-check: neaten get_cve_info Remove obsolete Python 2 code, and use convenience methods for neatness. (From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff) (From OE-Core rev: 98162c04c877925c737674a1635b08cf998b92f5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	728f969be0	cve-check: rewrite look to fix false negatives A previous optimisation was premature and resulted in false-negatives in the report. Rewrite the checking algorithm to first get the list of potential CVEs by vendor:product, then iterate through every matching CPE for that CVE to determine if the bounds match or not. By doing this in two stages we can know if we've checked every CPE, instead of accidentally breaking out of the scan too early. (From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69) (From OE-Core rev: 0f42a1d4dbb74ab39e81449cf222302bcc04f7db) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	7eaa8b0c36	cve-update-db-native: clean up proxy handling urllib handles adding proxy handlers if the proxies are set in the environment, so call bb.utils.export_proxies() to do that and remove the manual setup. (From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434) (From OE-Core rev: 15f6b4b59805db40df4eff6d5a2809f6f05b66c1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	f307a225ad	cve-update-db-native: add an index on the CVE ID column Create an index on the PRODUCTS table which contains a row for each CPE, drastically increasing the performance of lookups for a specific CVE. (From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e) (From OE-Core rev: 1b4a524da1532d15eb34a96c5bda5ff2af25a953) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	1dbea71db4	cve-update-db-native: don't hardcode the database name Don't hardcode the database filename, there's a variable for this in cve-check.bbclass. (From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab) (From OE-Core rev: 1c10a3189aad5109f04d1fc208d579225bdd1431) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	5dd9ef97d3	cve-update-db-native: don't refresh more than once an hour We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) (From OE-Core rev: f9e9107dbe23293eb96e049d7f821d2e33c23f06) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	9971e87cad	cve-check: we don't actually need to unpack to check The patch scanner works with patch files in the layer, not in the workdir, so it doesn't need to unpack. (From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17) (From OE-Core rev: 02e6b727bf62858be7dba061879a6d57bd5a725d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Ross Burton	7d43cbd293	libsoup: set CVE_PRODUCT (From OE-Core rev: 424ea81c3b9965b5d5e45c1dc922dcc910fadc05) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Adrian Bunk	1f29596ca7	lz4: Whitelist CVE-2014-4715 (From OE-Core rev: 4471cd22dbf13feb79171b098b9ec4eeded54ae7) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:37:40 +00:00
Joshua Watt	f1098122e1	oeqa: reproducible: Add option to capture bad packages Adds an option that can be used to copy the offending packages to a temp directory for later evaluation. This is useful on the Autobuilder to investigate failures. (From OE-Core rev: 91d657a0c4cbb273e1e74d38bfd6b4b05d9b372e) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00
Alexander Kanavin	c84b0dbcd8	selftest: check that 'devtool upgrade' correctly drops backported patches There was a regression in this functionality that went unnoticed due to lack of tests. (From OE-Core rev: da4c28d5fdc6501a7d3b256cb62cba778e81d16e) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00
Alexander Kanavin	67e155c209	cairo: the component is dual licensed Somehow, over the years, no one noticed that cairo does in fact offer a choice between mpl and lgpl, but the COPYING makes it clear: https://gitlab.freedesktop.org/cairo/cairo/blob/1.16/COPYING (From OE-Core rev: fd209dac3f717daa9d2f44ada092ab054ac2ede8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00
Richard Purdie	605f4d4c32	oeqa/selftest/sstatetests: Ensure we don't use hashequiv for sstatesigs tests (From OE-Core rev: 7f424c32589b94192842f52235c064cb8c19288e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00
Richard Purdie	aa72758866	sanity: Add check for tar older than 1.28 Older versions break opkg-build when reproducible builds are enabled. Rather than trying to be selective based on which features are enabled, lets just make this a minimum version. (From OE-Core rev: 96f5c7c2f8dda7d47af5398b3463aa25921f5301) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00
Richard Purdie	fbd00df78b	core-image-full-cmdline: Add less Less was coming from busybox in these images, add the full version. [YOCTO #13630] (From OE-Core rev: 2880164ca74ac1fd7b860c61017efe3d55fb4038) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-25 21:34:50 +00:00

1 2 3 4 5 ...

56054 Commits