mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-02 13:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
411624fa506a74eba7f1b1e159bd1a2286aa6686
poky/meta/recipes-devtools
History
Ross Burton 411624fa50 cve-check: backport rewrite from master 
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019.  As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.

To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:

546d14135c5 cve-update-db: New recipe to update CVE database
bc144b028f6 cve-check: Remove dependency to cve-check-tool-native
7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name
3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator
c0eabd30d7b cve-update-db: Use std library instead of urllib3
27eb839ee65 cve-check: be idiomatic
09be21f4d17 cve-update-db: Manage proxy if needed.
975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch
0325dd72714 cve-update-db: Catch request.urlopen errors.
4078da92b49 cve-check: Depends on cve-update-db-native
f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table
bc0195be1b1 cve-check: Update unpatched CVE matching
c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded.
07bb8b25e17 cve-check: remove redundant readline CVE whitelisting
5388ed6d137 cve-check-tool: remove
270ac00cb43 cve-check.bbclass: initialize to_append
e6bf9000987 cve-check: allow comparison of Vendor as well as Product
91770338f76 cve-update-db-native: use SQL placeholders instead of format strings
7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
78de2cb39d7 cve-update-db-native: Remove hash column from database.
4b301030cf9 cve-update-db-native: use os.path.join instead of +
f0d822fad2a cve-update-db: actually inherit native
b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion
bb4e53af33d cve-update-db-native: improve metadata parsing
94227459792 cve-update-db-native: clean up JSON fetching
95438d52b73 cve-update-db-native: fix https proxy issues
1f9a963b9ff glibc: exclude child recipes from CVE scanning

[1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement

(From OE-Core rev: 8c87e78547c598cada1bce92e7b25d85b994e2eb)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-09-30 16:44:42 +01:00
..
apt
apt: Backport a patch to include std::array definition
2019-01-21 23:44:22 +00:00
autoconf
autoconf: update runtime perl module dependencies
2019-04-09 13:44:39 +01:00
autoconf-archive
autoconf-archive: update to version to 2018.03.13
2018-05-04 13:28:01 +01:00
automake
automake: fix race in parallel builds
2018-07-30 12:44:34 +01:00
binutils
binutils: Fix mips patch which changes default emulation
2019-09-30 16:44:42 +01:00
bison
nativesdk-bison: Add to nativesdk-packagegroup-sdk-host and set BISON_PKGDATADIR
2018-10-04 14:21:41 +01:00
bootchart2
bootchart2: Update to master-tip
2018-08-08 10:51:59 +01:00
btrfs-tools
btrfs-tools: pass V=1 to get verbose builds
2019-03-06 10:39:25 +00:00
build-compare
oe-core: take UPSTREAM_CHECK_COMMITS into use where possible
2017-11-30 10:49:22 +00:00
ccache
ccache: Fix Segmentation fault error when gcc -o /dev/null
2019-01-26 13:39:37 +00:00
cdrtools
cdrtools-native: fix upstream version check
2017-12-02 11:25:33 +00:00
chrpath
chrpath: Alioth is dead, use DEBIAN_MIRROR
2018-06-27 13:55:21 +01:00
cmake
cmake-native: Enable ccmake by default and depend on ncurses
2019-04-09 13:44:39 +01:00
createrepo-c
createrepo-c: upgrade 0.12.0 -> 0.12.1
2019-02-20 11:30:35 +00:00
desktop-file-utils
desktop-file-utils: allow target/nativesdk build, not just native
2018-08-07 12:13:03 +01:00
devel-config
Remove $COREBASE/LICENSE from LIC_FILES_CHKSUM
2016-10-28 16:15:18 +01:00
diffstat
diffstat: 1.61 -> 1.62
2018-08-23 18:02:23 +01:00
distcc
distcc: Handle upstream branch deletion for old releases
2018-11-14 11:14:39 +00:00
dmidecode
dmidecode: fix the Upstream-Status in a custom patch
2018-11-23 23:35:19 +00:00
dnf
dnf: upgrade 4.0.10 -> 4.1.0
2019-02-20 11:30:35 +00:00
docbook-xml
docbook-xsl: use xmlcatalog
2019-04-05 17:32:50 +01:00
dosfstools
meta: start to ignore the largefile distro feature
2017-03-08 11:52:56 +00:00
dpkg
dpkg: Use less as pager
2019-09-30 16:44:42 +01:00
dwarfsrcfiles
dwarfsrcfiles: fix typo: debig -> debug
2018-07-10 17:33:00 +01:00
e2fsprogs
e2fsprogs: Skip slow ptest tests
2019-04-12 09:29:06 +01:00
elfutils
elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries
2019-04-11 21:12:48 +01:00
expect
expect: upgrade 5.45.3 -> 5.45.4
2018-03-06 06:43:10 -08:00
fdisk
gptfdisk: Use PACKAGECONFIG to control ncurses and popt dependencies
2018-10-10 12:47:34 +01:00
file
file: upgrade to 5.36
2019-03-06 10:39:25 +00:00
flex
gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest packages
2019-06-07 13:57:48 +01:00
gcc
gcc: Security fix for CVE-2019-15847
2019-09-30 16:44:42 +01:00
gdb
gdb: Fix aarch64 build with musl
2019-05-20 14:38:16 +01:00
git
git: 2.18.1 -> 2.20.1
2019-02-15 16:05:37 +00:00
glide
glide: disable ptest on mips
2018-11-14 11:14:39 +00:00
gnu-config
gnu-config: upgrade to 20181128 revision
2019-02-25 10:43:07 +00:00
go
go: Minor 1.21.1 patch update
2019-03-18 23:47:43 +00:00
help2man
help2man-native: 1.47.5 -> 1.47.6
2018-07-04 00:02:16 +01:00
i2c-tools
i2c-tools: upgrade 4.0 -> 4.1
2018-12-20 14:53:55 +00:00
icecc-create-env
icecc-create-env: Add extra tools option
2018-04-13 16:58:07 +01:00
icecc-toolchain
icecc-env: don't raise error when icecc not installed
2019-02-16 08:19:34 +00:00
intltool
intltool: refresh patches
2018-03-09 09:17:03 -08:00
json-c
json-c: upgrade to 0.13.1
2018-05-11 07:49:37 +01:00
libcomps
libcomps: upgrade 0.1.9 -> 0.1.10
2019-02-20 11:30:35 +00:00
libdnf
libdnf: upgrade 0.24.1 -> 0.26.0
2019-02-20 11:30:35 +00:00
libmodulemd
libmodulemd: use gobject-introspection.bbclass on/off mechanism
2019-04-11 21:15:56 +01:00
librepo
librepo: upgrade 1.9.3 -> 1.9.4
2019-02-20 11:30:35 +00:00
libtool
libtool: Fix ignoring compiler-rt libs
2019-01-27 13:05:17 +00:00
llvm
llvm: fix link error for powerpc
2019-04-03 14:50:13 +01:00
m4
m4: Workaround gnulib's fseeko.c implementation
2018-08-08 10:51:59 +01:00
make
make: add missing Signed-off-by
2018-01-30 12:53:16 +00:00
makedevs
makedevs: don't restrict device node paths to 40 characters
2016-09-16 15:24:02 +01:00
meson
meson: backport fix for builds with -Werror=return-type
2019-09-30 16:44:42 +01:00
mklibs
mklibs-native: 0.1.43 -> 0.1.44
2019-02-15 16:05:37 +00:00
mmc
mmc-utils: Fix string overflow error
2018-03-31 09:48:42 +01:00
mtd
mtd-utils: add lzo PACKAGECONFIG
2019-03-04 22:57:05 +00:00
mtools
default-distrovars: Drop DISTRO_FEATURES_LIBC
2019-02-28 13:21:54 +00:00
nasm
nasm: add CVE_PRODUCT
2019-04-01 14:48:44 +01:00
ninja
ninja: update to 1.9.0
2019-03-25 23:19:53 +00:00
opkg
opkg: fix ptest packaging when OPKGLIBDIR == libdir
2019-05-20 14:38:16 +01:00
opkg-utils
opkg-utils: do not set mtime on data.tar.X
2019-02-20 11:30:35 +00:00
orc
meta: Fix Deprecated warnings from regexs
2019-01-16 15:35:07 +00:00
packagegroups
packagegroup-core-device-devel: add binutils-symlinks
2016-06-16 11:11:40 +01:00
patch
patch: backport fixes
2019-09-30 16:44:42 +01:00
patchelf
patchelf: fix segfault for binaries linked by gold
2017-07-24 09:13:30 +01:00
perl
perl/modules: Add various missing ptest perl module dependencies
2019-06-07 13:57:48 +01:00
perl-sanity
perl/modules: Add various missing ptest perl module dependencies
2019-06-07 13:57:48 +01:00
pkgconf
pkgconf: upgrade 1.5.3 -> 1.6.0
2019-02-25 10:43:07 +00:00
pkgconfig
pkgconfig: export variables
2018-11-14 11:14:39 +00:00
prelink
prelink: Fix Segmentation fault error when prelink qemu
2018-10-12 16:57:21 +01:00
pseudo
pseudo: Update to gain key bugfixes
2019-04-11 21:12:48 +01:00
python
python3: fix CVE-2019-9740
2019-09-30 16:44:41 +01:00
python-numpy
python-numpy: set CLEANBROKEN
2018-07-06 22:55:02 +01:00
qemu
qemu: fix CVE-2018-20815
2019-09-30 16:44:41 +01:00
quilt
quilt: Merge recipe files into a more coherent form
2019-02-17 10:19:59 +00:00
rpm
meta: remove True option to getVar calls (again)
2019-01-14 11:35:56 +00:00
rsync
rsync: fix CVEs for included zlib
2019-09-30 16:44:42 +01:00
ruby
ruby: add ptest
2019-04-12 09:29:06 +01:00
run-postinsts
run-postinsts: Fix full execution of scripts at first boot
2019-06-07 13:57:48 +01:00
squashfs-tools
squashfs-tools: set CVE_PRODUCT
2019-05-20 14:38:16 +01:00
strace
strace: Tweak ptest disk space management
2019-06-07 13:57:49 +01:00
subversion
subversion: drop lost patch
2019-01-27 13:05:17 +00:00
swig
swig: fix build with musl
2019-03-04 22:57:05 +00:00
syslinux
syslinux: fix upstream version check
2019-03-29 08:28:53 +00:00
systemd-bootchart
systemd-bootchart: upgrade to v233; fix build with musl
2018-01-23 23:43:45 +00:00
tcf-agent
tcf-agent: Disable architecture-specific features for ARC
2018-11-14 11:14:40 +00:00
tcltk
tcl: in run-ptest show output if a test fails
2018-12-15 11:48:07 +00:00
unfs3
unfs3: Fix utime for symlink in attr.c
2018-10-12 16:57:21 +01:00
unifdef
unifdef: add UPSTREAM_CHECK_REGEX to filter out development snapshots
2017-02-23 12:49:51 -08:00
vala
vala: upgrade 0.42.4 -> 0.42.5
2019-02-20 11:30:35 +00:00
valgrind
valgrind: Mark powerpc64 with musl as incompatible
2019-02-25 16:35:33 +00:00
xmlto
xmlto: clean up RDEPENDS
2019-04-05 17:32:50 +01:00