poky/recipes-devtools at e60099368b5698ea666a5f0de3fdbe35cbcdfeda - poky

mirror of https://git.yoctoproject.org/poky synced 2026-02-11 03:03:02 +01:00

Files

Ross Burton 593fe7e352 cve-check: backport rewrite from master

As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019.  As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.

To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:

546d14135c5 cve-update-db: New recipe to update CVE database
bc144b028f6 cve-check: Remove dependency to cve-check-tool-native
7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name
3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator
c0eabd30d7b cve-update-db: Use std library instead of urllib3
27eb839ee65 cve-check: be idiomatic
09be21f4d17 cve-update-db: Manage proxy if needed.
975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch
0325dd72714 cve-update-db: Catch request.urlopen errors.
4078da92b49 cve-check: Depends on cve-update-db-native
f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table
bc0195be1b1 cve-check: Update unpatched CVE matching
c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded.
07bb8b25e17 cve-check: remove redundant readline CVE whitelisting
5388ed6d137 cve-check-tool: remove
270ac00cb43 cve-check.bbclass: initialize to_append
e6bf9000987 cve-check: allow comparison of Vendor as well as Product
91770338f76 cve-update-db-native: use SQL placeholders instead of format strings
7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
78de2cb39d7 cve-update-db-native: Remove hash column from database.
4b301030cf9 cve-update-db-native: use os.path.join instead of +
f0d822fad2a cve-update-db: actually inherit native
b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion
bb4e53af33d cve-update-db-native: improve metadata parsing
94227459792 cve-update-db-native: clean up JSON fetching
95438d52b73 cve-update-db-native: fix https proxy issues
1f9a963b9ff glibc: exclude child recipes from CVE scanning

[1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement

(From OE-Core rev: 8c87e78547c598cada1bce92e7b25d85b994e2eb)

(From OE-Core rev: beeed02f9831e75c3f773e44d7efc726f1ff859c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2019-12-16 23:11:10 +00:00

apt

apt: update SRC_URI

2018-11-07 23:08:55 +00:00

autoconf

autoconf: update runtime perl module dependencies

2018-08-21 14:49:42 +01:00

autoconf-archive

autoconf-archive: update to version to 2018.03.13

2018-05-04 13:28:01 +01:00

automake

automake: fix race in parallel builds

2018-07-30 12:44:34 +01:00

binutils

binutils: Fix 4 CVEs

2019-10-08 22:52:28 +01:00

bison

nativesdk-bison: Add to nativesdk-packagegroup-sdk-host and set BISON_PKGDATADIR

2018-10-04 14:21:41 +01:00

bootchart2

bootchart2: Update to master-tip

2018-08-08 10:51:59 +01:00

btrfs-tools

btrfs-tools: update to 4.17.1

2018-09-10 12:13:06 +01:00

build-compare

oe-core: take UPSTREAM_CHECK_COMMITS into use where possible

2017-11-30 10:49:22 +00:00

ccache

ccache: 3.3.5 -> 3.4.2

2018-07-05 00:22:08 +01:00

cdrtools

cdrtools-native: fix upstream version check

2017-12-02 11:25:33 +00:00

chrpath

chrpath: Alioth is dead, use DEBIAN_MIRROR

2018-06-27 13:55:21 +01:00

cmake

cmake: Upgrade 3.12.1 -> 3.12.2

2018-09-21 18:45:46 -07:00

createrepo-c

createrepo-c: Fix setup of logging (log domains)

2019-01-08 20:14:44 +00:00

desktop-file-utils

desktop-file-utils: allow target/nativesdk build, not just native

2018-08-07 12:13:03 +01:00

devel-config

Remove $COREBASE/LICENSE from LIC_FILES_CHKSUM

2016-10-28 16:15:18 +01:00

diffstat

diffstat: 1.61 -> 1.62

2018-08-23 18:02:23 +01:00

distcc

distcc: 3.3 -> 3.3.2

2018-08-23 18:02:23 +01:00

dmidecode

dmidecode: correct docdir

2018-06-27 13:55:21 +01:00

dnf

dnf: default to disable systemd units

2018-06-18 11:07:57 +01:00

docbook-xml

docbook-xml: correct typo "do_configre"

2017-02-23 12:49:50 -08:00

dosfstools

meta: start to ignore the largefile distro feature

2017-03-08 11:52:56 +00:00

dpkg

dpkg: Backport riscv support

2018-03-20 09:59:32 +00:00

dwarfsrcfiles

dwarfsrcfiles: fix typo: debig -> debug

2018-07-10 17:33:00 +01:00

e2fsprogs

e2fsprogs: Skip slow ptest tests

2019-05-22 00:31:48 +01:00

elfutils

elfutils: CVE fix for elfutils

2019-10-10 16:52:30 +01:00

expect

expect: upgrade 5.45.3 -> 5.45.4

2018-03-06 06:43:10 -08:00

fdisk

gptfdisk: Use PACKAGECONFIG to control ncurses and popt dependencies

2018-10-10 12:47:34 +01:00

file

file: Multiple Secruity fixes

2019-07-27 18:05:18 +01:00

flex

flex: create separate package for libfl

2018-03-08 10:39:32 -08:00

gcc

gcc: Security fix for CVE-2019-14250

2019-10-08 22:52:28 +01:00

gdb

gdb: Remove long ago upstreamed patch

2019-01-08 20:14:44 +00:00

git

git: upgrade 2.18.0 -> 2.18.1

2018-10-29 17:26:47 +00:00

glide

glide: Minor update to 0.13.2

2018-10-25 14:53:44 +01:00

gnu-config

gnu-config: update to 2018-07-13

2018-07-26 13:16:40 +01:00

go: update to 1.11.13, minor updates

2019-10-08 22:52:28 +01:00

help2man

help2man-native: 1.47.5 -> 1.47.6

2018-07-04 00:02:16 +01:00

i2c-tools

i2c-tools: upgrade 4.0 -> 4.1

2019-02-06 16:38:30 +00:00

icecc-create-env

icecc-create-env: Add extra tools option

2018-04-13 16:58:07 +01:00

icecc-toolchain

icecc-env: don't raise error when icecc not installed

2019-02-25 22:27:38 +00:00

intltool

intltool: refresh patches

2018-03-09 09:17:03 -08:00

json-c

json-c: Don't --enable-rdrand

2019-10-10 16:52:30 +01:00

libcomps

libcomps: fix CVE-2019-3817

2019-10-08 22:52:28 +01:00

libdnf

libdnf: update to 0.11.1

2018-01-02 17:24:37 +00:00

librepo

librepo: disable building of tests and docs

2018-03-25 09:40:42 +01:00

libtool

libtool-cross: Handle ccache sstate 'infection' issues

2018-08-14 11:36:31 +01:00

llvm

llvm: Enable AMDGPU backend for native/native-sdk builds too

2018-08-21 14:49:42 +01:00

m4: Workaround gnulib's fseeko.c implementation

2018-08-08 10:51:59 +01:00

make

make: add missing Signed-off-by

2018-01-30 12:53:16 +00:00

makedevs

makedevs: don't restrict device node paths to 40 characters

2016-09-16 15:24:02 +01:00

meson

meson: Correct use of the _append operator

2019-01-08 20:14:42 +00:00

mklibs

mklibs-native: refresh patches

2018-03-11 06:27:01 -07:00

mmc

mmc-utils: Fix string overflow error

2018-03-31 09:48:42 +01:00

mtd

mtd-utils: Revert "Return correct error number in ubi_get_vol_in"

2018-07-31 22:47:35 +01:00

mtools

mtools: Fix build with clang

2018-09-20 05:41:32 -07:00

nasm

nasm: fix CVE-2018-1000667

2018-11-07 23:08:54 +00:00

ninja

ninja: Upgrade from 1.7.2 to major release 1.8.2

2018-02-06 11:06:29 +00:00

opkg

opkg: add --ignore-recommends flag

2019-07-29 23:50:43 +01:00

opkg-utils

opkg-utils: backport a patch to fix a sstate timestamp issue

2019-05-22 00:31:48 +01:00

orc

orc: upgrade to 0.4.28

2017-12-18 18:03:56 +00:00

packagegroups

packagegroup-core-device-devel: add binutils-symlinks

2016-06-16 11:11:40 +01:00

patch

patch: backport fixes

2019-10-08 22:52:28 +01:00

patchelf

patchelf: fix segfault for binaries linked by gold

2017-07-24 09:13:30 +01:00

perl

perl: Fix CVE-2018-18311 to 18314

2019-10-10 16:52:30 +01:00

pkgconf

pkgconf: don't use alternatives

2018-09-11 10:46:17 +01:00

pkgconfig

pkgconfig: allow kernel to be build with esdk

2017-07-21 22:51:37 +01:00

prelink

prelink: Fix Segmentation fault error when prelink qemu

2018-10-12 16:57:21 +01:00

pseudo

pseudo: Update to gain key bugfixes

2019-05-22 00:31:48 +01:00

python

python3: Fix CVEs

2019-10-08 22:52:28 +01:00

python-numpy

python-numpy: set CLEANBROKEN

2018-07-06 22:55:02 +01:00

qemu

qemu: fix build issue on new hosts with glibc 2.30

2019-10-10 16:52:30 +01:00

quilt

quilt.inc: minor recipe formatting tweaks

2018-07-06 22:55:02 +01:00

rpm

meta: remove True option to getVar calls (again)

2019-02-06 16:38:31 +00:00

rsync

rsync: merge rsync.inc into the rsync recipe

2018-06-18 11:07:57 +01:00

ruby

ruby: add ptest

2019-05-22 00:31:48 +01:00

run-postinsts

run-postinsts: for dpkg/opkg, do not rely on /etc/*-postinsts

2018-06-18 11:07:58 +01:00

squashfs-tools

squashfs-tools: patch for CVE-2015-4645(4646)

2018-08-29 10:42:48 +01:00

strace

strace: fix ptests

2018-10-09 19:04:02 +01:00

subversion

subversion: Update HOMEPAGE

2018-06-21 09:34:40 +01:00

swig

swig: Remove superfluous python dependency

2018-08-24 07:53:14 +01:00

syslinux

syslinux: refresh patches

2018-03-09 09:17:03 -08:00

systemd-bootchart

systemd-bootchart: upgrade to v233; fix build with musl

2018-01-23 23:43:45 +00:00

tcf-agent

tcf-agent: Disable non-building features on riscv64

2018-09-04 11:03:55 +01:00

tcltk

tcl: update to 8.6.8

2018-02-06 11:06:29 +00:00

unfs3

unfs3: Fix utime for symlink in attr.c

2018-10-12 16:57:21 +01:00

unifdef

unifdef: add UPSTREAM_CHECK_REGEX to filter out development snapshots

2017-02-23 12:49:51 -08:00

vala

vala: update vapigen-wrapper

2018-10-12 16:57:21 +01:00

valgrind

valgrind: Skip vgpreload_memcheck shared object from stripping

2019-01-08 20:14:44 +00:00

xmlto

xmlto: replace fedorahosted.org SRC_URI with pagure.io source

2017-04-05 23:22:12 +01:00