On Thu, 7 Nov 2019 at 09:34, Adrian Bunk wrote:
>
> On Wed, Nov 06, 2019 at 10:18:18AM -0800, Alistair Francis wrote:
> >...
> > +TUNE_CCARGS_riscv64 .= "${@bb.utils.contains('TUNE_FEATURES', 'riscv64-f',
> > ' -mabi=lp64d', ' -mabi=lp64', d)}"
> > +TUNE_CCARGS_riscv32 .= "${@bb.utils.contains('T
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementations, such as TIRPC or rpcsvc-proto, to be used.
So we create the symbol link for rpc header files for tirpc to
be more compatible with the glibc version and the appli
Sorry, I will send the V3 to use the relative link.
Thanks.
On 2019年11月07日 05:43, Richard Purdie wrote:
On Wed, 2019-11-06 at 02:32 -0800, Zhixiong Chi wrote:
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementation
Signed-off-by: Maxime Roussin-Bélanger
---
meta/recipes-graphics/clutter/clutter-1.0.inc| 3 +++
meta/recipes-graphics/cogl/cogl-1.0.inc | 4
meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb | 4
meta/recipes-graphics/libmatchbox/libmatch
From: Denys Dmytriyenko
Fix parentheses placement in the message from:
Package version for package X went backwards which would break package feeds
from (Y to Z)
to this one:
Package version for package X went backwards which would break package feeds
(from Y to Z)
Signed-off-by: Denys Dmytriy
Signed-off-by: Alistair Francis
---
meta/conf/machine/include/riscv/arch-riscv.inc | 3 ++-
meta/conf/machine/include/riscv/tune-riscv.inc | 16 +++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/meta/conf/machine/include/riscv/arch-riscv.inc
b/meta/conf/machine/in
On Wed, Nov 6, 2019 at 4:48 PM Alistair Francis
wrote:
> On Thu, 2019-11-07 at 00:12 +0200, Adrian Bunk wrote:
> > On Wed, Nov 06, 2019 at 10:18:18AM -0800, Alistair Francis wrote:
> > > ...
> > > +TUNE_CCARGS_riscv64 .= "${@bb.utils.contains('TUNE_FEATURES',
> > > 'riscv64-f', ' -mabi=lp64d', '
From announcement:
What's new in the WebKitGTK 2.26.2 release?
===
- Improve performance of querying system fallback fonts.
- Don't use prgname in dbus-proxy socket path.
- Fix thread-safety issues in image decoders.
- Fix the build with WebDriver d
On Thu, 2019-11-07 at 00:12 +0200, Adrian Bunk wrote:
> On Wed, Nov 06, 2019 at 10:18:18AM -0800, Alistair Francis wrote:
> > ...
> > +TUNE_CCARGS_riscv64 .= "${@bb.utils.contains('TUNE_FEATURES',
> > 'riscv64-f', ' -mabi=lp64d', ' -mabi=lp64', d)}"
> > +TUNE_CCARGS_riscv32 .= "${@bb.utils.contains
On Wed, 2019-11-06 at 14:18 -0800, Khem Raj wrote:
> On Wed, Nov 6, 2019 at 1:52 PM Alistair Francis
> wrote:
> > On Wed, 2019-11-06 at 13:49 -0800, Khem Raj wrote:
> > > On Wed, Nov 6, 2019 at 1:34 PM Alistair Francis
> > > wrote:
> > > > On Wed, 2019-11-06 at 12:54 -0800, Khem Raj wrote:
> > >
On Wed, Nov 06, 2019 at 10:18:18AM -0800, Alistair Francis wrote:
>...
> +TUNE_CCARGS_riscv64 .= "${@bb.utils.contains('TUNE_FEATURES', 'riscv64-f', '
> -mabi=lp64d', ' -mabi=lp64', d)}"
> +TUNE_CCARGS_riscv32 .= "${@bb.utils.contains('TUNE_FEATURES', 'riscv32-f', '
> -mabi=ilp32f', ' -mabi=ilp32
On Wed, Nov 6, 2019 at 1:52 PM Alistair Francis
wrote:
>
> On Wed, 2019-11-06 at 13:49 -0800, Khem Raj wrote:
> > On Wed, Nov 6, 2019 at 1:34 PM Alistair Francis
> > wrote:
> > > On Wed, 2019-11-06 at 12:54 -0800, Khem Raj wrote:
> > > > On Wed, Nov 6, 2019 at 12:37 PM Alistair Francis
> > > > w
On Wed, Nov 6, 2019 at 1:34 PM Alistair Francis
wrote:
>
> On Wed, 2019-11-06 at 12:54 -0800, Khem Raj wrote:
> > On Wed, Nov 6, 2019 at 12:37 PM Alistair Francis
> > wrote:
> > > Signed-off-by: Alistair Francis
> > > ---
> > > meta/conf/machine/include/riscv/arch-riscv.inc | 3 ++-
> > > meta
On Wed, 2019-11-06 at 13:49 -0800, Khem Raj wrote:
> On Wed, Nov 6, 2019 at 1:34 PM Alistair Francis
> wrote:
> > On Wed, 2019-11-06 at 12:54 -0800, Khem Raj wrote:
> > > On Wed, Nov 6, 2019 at 12:37 PM Alistair Francis
> > > wrote:
> > > > Signed-off-by: Alistair Francis
> > > > ---
> > > > me
Hello Mikko;
On 11/6/19 7:37 AM, Mikko Rapeli wrote:
> Hi,
>
> Request for comments, call for help, LTS too?
>
> Yocto 2.5 sumo isn't actively maintained by the Yocto Project
> anymore. But that does not mean that support for it
> needs to stop.
>
> I use sumo and due to various reasons like BSP l
On Wed, 2019-11-06 at 12:54 -0800, Khem Raj wrote:
> On Wed, Nov 6, 2019 at 12:37 PM Alistair Francis
> wrote:
> > Signed-off-by: Alistair Francis
> > ---
> > meta/conf/machine/include/riscv/arch-riscv.inc | 3 ++-
> > meta/conf/machine/include/riscv/tune-riscv.inc | 17
> > +++--
>
On Wed, 2019-11-06 at 02:32 -0800, Zhixiong Chi wrote:
> Since the Sun RPC is deprecated in glibc, the rpc header files
> are not provided any more, but it allows alternative RPC
> implementations, such as TIRPC or rpcsvc-proto, to be used.
>
> So we create the symbol link for rpc header files for
On Wed, Nov 6, 2019 at 12:37 PM Alistair Francis
wrote:
>
> Signed-off-by: Alistair Francis
> ---
> meta/conf/machine/include/riscv/arch-riscv.inc | 3 ++-
> meta/conf/machine/include/riscv/tune-riscv.inc | 17 +++--
> 2 files changed, 17 insertions(+), 3 deletions(-)
>
> diff --git
Apply unmodified patch from upstream.
Signed-off-by: Joe Slater
Signed-off-by: Ross Burton
---
.../libtiff/tiff/CVE-2019-17546.patch | 103 +
meta/recipes-multimedia/libtiff/tiff_4.0.10.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644 meta/
Use patch from upstream after 1.1.33 release.
Signed-off-by: Joe Slater
Signed-off-by: Ross Burton
---
.../libxslt/files/CVE-2019-18197.patch | 33 ++
meta/recipes-support/libxslt/libxslt_1.1.33.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644
Signed-off-by: Alistair Francis
---
meta/conf/machine/include/riscv/arch-riscv.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/conf/machine/include/riscv/arch-riscv.inc
b/meta/conf/machine/include/riscv/arch-riscv.inc
index 6737545e00..8d72e6d79e 100644
--- a/meta/co
Signed-off-by: Alistair Francis
---
meta/conf/machine/include/riscv/arch-riscv.inc | 3 ++-
meta/conf/machine/include/riscv/tune-riscv.inc | 17 +++--
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/meta/conf/machine/include/riscv/arch-riscv.inc
b/meta/conf/machine/i
On Wed, 2019-11-06 at 16:06 +, mikko.rap...@bmw.de wrote:
> Hi,
>
> On Wed, Nov 06, 2019 at 02:59:16PM +, Ryan Harkin wrote:
> > Hi Ross/Richard,
> >
> > I'd like this applied to Sumo also. Should I create a new patch and
> > send it
> > to the list, or is there a process for requesting t
== Series Details ==
Series: CVE check backport
Revision: 1
URL : https://patchwork.openembedded.org/series/20979/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
ser
Hi,
On Wed, Nov 06, 2019 at 02:59:16PM +, Ryan Harkin wrote:
> Hi Ross/Richard,
>
> I'd like this applied to Sumo also. Should I create a new patch and send it
> to the list, or is there a process for requesting this is cherry-picked
> across?
I just posted the port of this and all other CVE
From: Ross Burton
(From OE-Core rev: 91770338f76ef35f3c4eeac216eb9d2b3188e575)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-core/meta/cve-update-db-native.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-db-n
From: Pierre Le Magourou
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.
(From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003
From: Pierre Le Magourou
Instead of using expanded list of affected versions that is not
reliable, use the 'cpe_match' node in the 'configurations' json node.
For cve-check to correctly match affected CVE, the sqlite database need to
contain operator_start, operator_end and the corresponding ver
From: Ross Burton
Instead of calling execute() repeatedly, rewrite the function to be a generator
and use executemany() for performance.
(From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-core/meta/cve-update
From: Chen Qi
(From OE-Core rev: 3c247a4a166cabf7ddfea403cf272b3fb4e00872)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
---
meta/recipes-core/dropbear/dropbear.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/dropbear/dropbear.inc
b/meta/recipes-core/dropbe
From: Chen Qi
(From OE-Core rev: 1f0cca19014fef24a359d400c96d178463b2760f)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-graphics/libsdl2/libsdl2_2.0.9.bb
---
meta/recipes-graphics/libsdl/libsdl_1.2.15.bb | 2 ++
meta/recipes-graphics/libsdl2/libsdl2_2
From: Chin Huat Ang
When https_proxy is set, use proxy opener to open CVE metadata and
database URLs, otherwise fallback to the urllib.request.urlopen.
Also fix a minor issue where the json database which has been gzip
decompressed as byte object should be decoded as utf-8 string as
expected by
From: Ross Burton
(From OE-Core rev: 4b301030cf9cf7a981dcff85a50e915c045e3130)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-core/meta/cve-update-db-native.bb | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-core/meta/cve-upd
From: Chen Qi
(From OE-Core rev: e61c42ee49029ae8ffec58128dd083031305d9e5)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-devtools/nasm/nasm_2.14.02.bb
---
meta/recipes-devtools/nasm/nasm_2.13.03.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/m
From: Ross Burton
The recipe was called -native but didn't inherit native.
(From OE-Core rev: f0d822fad2a163d1ee32ed3b4c0359245140e19b)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-core/meta/cve-update-db-native.bb | 3 +--
1 file changed, 1 insertion(+), 2 delet
From: Ross Burton
The metadata parser is fragile: first it coerces a bytes() to a str() (so the
string is b'LastModifiedDate:2019...'), assumes the first line is the date, and
then uses a regex to parse (which then includes the trailing quote as part of
the date).
Clean this up by parsing the by
From: Ross Burton
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c
From: Ross Burton
CVEs that are whitelisted or were not vulnerable when there are version
comparisons were not included in the report, so alter the logic to ensure that
all relevant CVEs are in the report for completeness.
(From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264)
Signed-off-
From: Chen Qi
(From OE-Core rev: 8995f2c7d6f2f6f760811976af77e949d505a5d8)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
b/
From: Ross Burton
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index f87bcc9..1c8b222 100644
--- a/meta/classes/cve-check.bbclass
+++ b/met
From: Chen Qi
(From OE-Core rev: 721e69aa12dd9ee22618ef13f29fb6d28eeab9af)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-extended/ghostscript/ghostscript_9.26.bb
---
meta/recipes-extended/ghostscript/ghostscript_9.21.bb | 3 +++
1 file changed, 3 insert
From: Chen Qi
(From OE-Core rev: 066fa83eeaaa34e5b901dc4b82ad607d0fa78f0b)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
---
meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
b/meta
From: Chen Qi
(From OE-Core rev: 8f03a33f61a94e9b8d8232283204588ce18b45a0)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-to
From: Chen Qi
(From OE-Core rev: 43aaa117386490c822b824974fb095bd0d3ce1a3)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-sato/webkit/webkitgtk_2.24.0.bb
---
meta/recipes-sato/webkit/webkitgtk_2.18.6.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git
From: Chen Qi
flac uses both 'flac' and 'libflac' as cve product.
(From OE-Core rev: 3a043a078f6cc89bcc097823fa37cd1311805ae7)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
---
meta/recipes-multimedia/flac/flac_1.3.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Ross Burton
There are many projects called Flex and they have CVEs, so also set the vendor
to remove these false positives.
(From OE-Core rev: 0598ccdcb31e16f1d1227197591b10ba441fcfe2)
Signed-off-by: Ross Burton
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipe
From: Ross Burton
(From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-extended/pam/libpam_1.3.1.bb
---
meta/recipes-extended/pam/libpam_1.3.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --g
From: Anuj Mittal
rsync includes its own copy of zlib and doesn't recommend linking with
the system version [1].
Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used
by rsync.
[1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync
[2]
https://nvd.nist
From: Pierre Le Magourou
cve-check-tool-native do_populate_cve_db task was using deprecated NVD
xml data feeds, cve-update-db uses NVD json data feeds.
Sqlite database schema was updated to take into account CVSSv3 CVE
scores and operator in affected product versions.
A new META table was added
From: Pierre Le Magourou
If https_proxy environment variable is defined, manage proxy to be able
to download meta and json data feeds from https://nvd.nist.gov
(From OE-Core rev: 09be21f4d1793b1e26e78391f51bfc0a27b76deb)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
---
met
From: Ross Burton
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
(From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8)
Signed-off-by:
From: Ross Burton
(From OE-Core rev: 2c3d689e4f78d8ea00b1bd2239af80c8fe038074)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-extended/ed/ed_1.15.bb
---
meta/recipes-extended/ed/ed_1.14.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/
From: Anuj Mittal
Differentiate it from openssl gem for Ruby.
(From OE-Core rev: 2ec481b19d6c9c20ce6573de77ae89e576d6b8cb)
Signed-off-by: Anuj Mittal
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-connectivity/openssl/openssl_1.1.1c.bb
---
meta/recipes-connectivity/openssl/op
From: Ross Burton
There's a Jenkins plugin for Subversion.
(From OE-Core rev: ac115c3b5f1dcb95fb7d39537693fe0dcd330451)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-devtools/subversion/subversion_1.12.0.bb
---
meta/recipes-devtools/subversion/subv
From: Ross Burton
There's a Jenkins plugin for Git.
(From OE-Core rev: f2adf5e4d3e9afc6d45665bbe728c69d195a46ef)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/git/git.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/git/git.
From: Ross Burton
This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng
recipe.
(From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
Conflicts:
meta/recipes-multimedia/libpng/libpng_1.6.37.bb
---
From: Ross Burton
There's a Boost module for Drupal.
(From OE-Core rev: 30ff8bb6502d45549c698be052a1caf4cb5c611f)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/recipes-support/boost/boost.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/boost
From: Pierre Le Magourou
urllib3 was used in this recipe but it was not set as a
dependency. As it is not specifically needed, rewrite the recipe with
urllib from the standard library.
(From OE-Core rev: c0eabd30d7b9c2517f4ec9229640be421ecc8a5e)
Signed-off-by: Pierre Le Magourou
Signed-off-by:
From: Pierre Le Magourou
Use the new update-cve-db recipe to update database.
(From OE-Core rev: bc144b028f6f51252f4359248f6921028bcb6780)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.bbclass | 71 --
1 fil
From: Ross Burton
Instead of generating a series of indexes via range(len(list)), just iterate the
list.
(From OE-Core rev: 27eb839ee651c2d584db42d23bcf5dd764eb33f1)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.bbclass | 17 +
1 file cha
From: Pierre Le Magourou
In some rare cases (eg. curl recipe) the CVE_PRODUCT contains more than
one name.
(From OE-Core rev: 7f62a20b32a3d42f04ec58786a7d0db68ef1bb05)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.bbclass | 25 ++--
From: Pierre Le Magourou
In the NVD json CVE feed, affected versions can be strictly matched to a
version, but they can also be matched with the operator '<='.
Add a new condition in the sqlite query to match affected versions that
are defined with the operator '<='. Then use LooseVersion to dis
From: Ross Burton
(From OE-Core rev: 5388ed6d1378d647a65912dbd537f9ef3cb5760a)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
---
.../cve-check-tool/cve-check-tool_5.6.4.bb | 62 --
...01-Fix-freeing-memory-allocated-by-sqlite.patch | 50 -
...ow-overriding-default
From: Ross Burton
Some product names are too vague to be searched without also matching the
vendor, for example Flex could be the parser compiler we ship, or Adobe Flex, or
Apache Flex, or IBM Flex.
If entries in CVE_PRODUCT contain a colon then split it as vendor:product to
improve the search.
Hi,
Request for comments, call for help, LTS too?
Yocto 2.5 sumo isn't actively maintained by the Yocto Project
anymore. But that does not mean that support for it
needs to stop.
I use sumo and due to various reasons like BSP layers, binary
compatibility, contracts etc can't update to newer rele
From: Ross Burton
As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.
Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.
(From OE-Core rev: 1f9a
From: Ross Burton
CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the
tooling wasn't able to detect this version. As we now ship readline 8 we don't
need to manually whitelist it, and if we did then the whitelisting should be in
the readline recipe.
(From OE-Core rev: 0
From: Pierre Le Magourou
do_populate_cve_db is a native task.
(From OE-Core rev: 4078da92b49946848cddebe1735f301af161e162)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
Conflicts:
meta/conf/distro/include/maintainers.inc
---
meta/classes/cve-check.bbclass
Fixes build failure with core-image-minimal:
Exception: UnboundLocalError: local variable 'to_append' referenced before
assignment
(From OE-Core rev: 270ac00cb43d0614dfe1c95f960c76e9e5fa20d4)
Signed-off-by: Mikko Rapeli
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.bbclass | 1 +
From: Pierre Le Magourou
If the NVD url is not accessible, print a warning on top of the CVE
report, and continue. The database will not be fully updated, but
cve_check can still run on the previous database.
(From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed)
Signed-off-by: Pierre Le
From: Pierre Le Magourou
To be able to populate NVD database on a fetchall
(bitbake --run-all=fetch), set the do_populate_cve_db task to be
executed before do_fetch.
Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE
variable because do_populate_cve_db can be called in a cont
From: Pierre Le Magourou
CVE_CHECK_WHITELIST does not contain version anymore, as it was not
used. This variable should be set per recipe.
(From OE-Core rev: 7069302a4ccbb5b72e1902f284cf078516fd7294)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
---
meta/classes/cve-check.b
From: Pierre Le Magourou
Now that cve-update-db added CPE information to NVD database. We can
check for unpatched versions with operators '<', '<=', '>', and '>='.
(From OE-Core rev: bc0195be1b15bcffe60127bc5e8b7011a853c2ed)
Signed-off-by: Pierre Le Magourou
Signed-off-by: Richard Purdie
---
Hi Ross/Richard,
I'd like this applied to Sumo also. Should I create a new patch and send it
to the list, or is there a process for requesting this is cherry-picked
across?
Thanks,
Ryan.
On Wed, 25 Sep 2019 at 13:24, Ross Burton wrote:
> As detailed at [1] the XML feeds provided by NIST are be
From: Stefan Agner
Add Zstandard (or just Zstd) compression support. This allows to
create Zstd compressed tarballs by using tar.zst as IMAGE_FSTYPES.
Signed-off-by: Stefan Agner
---
meta/classes/image_types.bbclass | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/me
Hi Andre,
On 2019-11-06 02:25, Andre McCurdy wrote:
> On Tue, Nov 5, 2019 at 3:13 PM Stefan Agner wrote:
>>
>> From: Stefan Agner
>>
>> Add Zstandard (or just Zstd) compression support. This allows to
>> create Zstd compressed tarballs by using tar.zst as IMAGE_FSTYPES.
>>
>> Signed-off-by: Stef
[ YOCTO #13212 ]
Suggested-by: Romuald Jeanne
Signed-off-by: Jacob Kroon
---
meta/classes/rm_work.bbclass | 9 +
1 file changed, 9 insertions(+)
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index a6bd3f719f..0bbc450100 100644
--- a/meta/classes/rm_work.bbcla
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementations, such as TIRPC or rpcsvc-proto, to be used.
So we create the symbol link for rpc header files for tirpc to
be more compatible with the glibc version and the appli
version and the application usage.
(LOCAL REV: NOT UPSTREAM) -- Send to oe-core on 20191106
Signed-off-by: Zhixiong Chi
---
meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb | 14 ++
1 file changed, 14 insertions(+)
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
b
Add new package for bcm4366c and include available NVRAM config files
into the corrent bcm* packages.
Signed-off-by: Samuli Piippo
---
.../linux-firmware/linux-firmware_20190815.bb | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-kernel/linux-
80 matches
Mail list logo
