The don't show up in CVE metrics anymore since they were either fixed
upstream or recipe version was upgraded meanwhile.
* bind CVE-2019-6470: cpe got corrected in nvd db
* libxml2 CVE-2023-45322: version is now higher than NVD cpe
* zlib CVE-2023-45853: version is now higher than NVD cpe
* gcc CVE-2021-37322: version is now higher than NVD cpe
* python3
* CVE-2007-4559: version is now higher than NVD cpe
* CVE-2019-18348: version is now higher than NVD cpe
* CVE-2020-15523: version is now higher than NVD cpe
* CVE-2022-26488: version is now higher than NVD cpe
* CVE-2015-20107: version is now higher than NVD cpe
* CVE-2023-36632: version is now higher than NVD cpe
* rust
* CVE-2024-24576: NVD has no cpe, but we have newer version as fix
* CVE-2024-43402: version is now higher than NVD cpe
* cups CVE-2021-25317: version is now higher than NVD cpe
* ghostscript CVE-2023-38559: version is now higher than NVD cpe
* libtirpc CVE-2021-46828: version is now higher than NVD cpe
* unzip CVE-2008-0888: version is now higher than NVD cpe
* ffmpeg CVE-2023-39018: cpe got corrected in nvd db
* libxslt CVE-2022-29824: version is now higher than NVD cpe
* libyaml
* CVE-2024-35325: CVE is now rejected in NVD DB
* CVE-2024-35326: CVE is now rejected in NVD DB
* CVE-2024-35328: CVE is now rejected in NVD DB
Also add comment for iputils regarding reports for FKIE/NVD2.
Also remove some trailing spaces in python recipe.
(From OE-Core rev: 73ee9789183aa95072af2b51ac9e08203f4e33f9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Take a partial patch to disable portion of test_makedev, its also applied
in alpine. NODEV does not exist on musl
Add test_null_dlsym to ignore list on musl, it needs GNU ifunc support
and musl does not implement GNU ifuncs
fixes
Failed ptests:
{'python3': ['test_null_dlsym', 'test_makedev', 'python3']}
(From OE-Core rev: c197de49d6b406be5fc79b6e17c397c834efc1b0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Do not rely on how python detects the platform triplet
We have been lucky to get it cross-compiling since our build hosts
are also using glibc, so the headers and gcc install locations match
and the values it detects are mostly what we will need for glibc
based targets, but when we use musl e.g. the problems show up where
python3 is not able to automitically discover python modules so any
python package having compiled .so modules fail to load.
Example is ptest failures with TCLIBC = "musl"
and running core-image-ptest-python3-rpds-py
This is revamp of patch [1], currently its working for glibc
based cross-compiling because we build on linux systems which are also
glibc based, but python on musl shows the problem.
When python was upgraded to 3.12 [2], this patch was wrongly dropped
and sadly regression went unnoticed, without this patch
Python's automatic module discovery does not work when it is cross-compiled
this is because it tries host tools and compiler installation during configure
to detect it. .so modules e.g. modulename.cpython-*.so are not seen as a result.
This is seen when running python3-rpds-py ptests where it should load
rpds.cpython-313-x86_64-linux-musl.so rpds.so but it does not and the module test
fail.
root@qemux86-64:/usr/lib/python3-rpds-py/ptest# python3 -c "
import sysconfig
import importlib.machinery
print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
print('Soabi:', sysconfig.get_config_var('SOABI'))
print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
print('Module suffix:', sysconfig.get_config_var('SO'))
"
Extension suffixes: ['.cpython-313.so', '.abi3.so', '.so']
Soabi: cpython-313
Ext suffix: .cpython-313.so
Module suffix: None
And after fix it is.
root@qemux86-64:~# python3 -c "
import sysconfig
import importlib.machinery
print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
print('Soabi:', sysconfig.get_config_var('SOABI'))
print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
print('Module suffix:', sysconfig.get_config_var('SO'))
"
Extension suffixes: ['.cpython-313-x86_64-linux-musl.so', '.abi3.so', '.so']
Soabi: cpython-313-x86_64-linux-musl
Ext suffix: .cpython-313-x86_64-linux-musl.so
Module suffix: None
[1] https://git.openembedded.org/openembedded-core/commit/?id=407744b00d702e3133304e1b43064a5634ca02cf
[2] https://git.openembedded.org/openembedded-core/commit/?id=716d82352545d3667a658b69d65d6127678dd150
(From OE-Core rev: 7bb157e48f5e5272db7506c7eb3118209dc3b35f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
