| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
There's a Jenkins plugin for Git.
(From OE-Core rev: f2adf5e4d3e9afc6d45665bbe728c69d195a46ef)
(From OE-Core rev: a28d17187dd4c7ac6aa7e5d28f3cfc0c9060bd94)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a Jenkins plugin for Subversion.
(From OE-Core rev: ac115c3b5f1dcb95fb7d39537693fe0dcd330451)
(From OE-Core rev: 457d52c1a86bad074e174e2004c54ac5be1728bd)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/subversion/subversion_1.12.0.bb
|
|
|
|
|
|
|
|
|
|
|
| |
There's a Boost module for Drupal.
(From OE-Core rev: 30ff8bb6502d45549c698be052a1caf4cb5c611f)
(From OE-Core rev: 44c521f7cb04e0cd308489ae2ba05349ab1d3987)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2c3d689e4f78d8ea00b1bd2239af80c8fe038074)
(From OE-Core rev: 6faf4f340ea8c2b11d609584897a7f5447abc2a0)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/ed/ed_1.15.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rsync includes its own copy of zlib and doesn't recommend linking with
the system version [1].
Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used
by rsync.
[1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync
[2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8
(From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48)
(From OE-Core rev: 1ce0a922853b6136a019763b64e58194bb0df00f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/rsync/rsync_3.1.3.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Differentiate it from openssl gem for Ruby.
(From OE-Core rev: 2ec481b19d6c9c20ce6573de77ae89e576d6b8cb)
(From OE-Core rev: a879a194aae0f1e97f3683f5ce01eaa8b5c0dd15)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssl/openssl_1.1.1c.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng
recipe.
(From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d)
(From OE-Core rev: 581fa36d300fda00ae50c07b038fe847887f7ed3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-multimedia/libpng/libpng_1.6.37.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
(From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8)
(From OE-Core rev: 618a3203d53d33e6403386f1204bcaf327b68f37)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/procps/procps_3.3.15.bb
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1)
(From OE-Core rev: 2395ae4a332928de3f5fcb840ef196e7a7d77386)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/pam/libpam_1.3.1.bb
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 43aaa117386490c822b824974fb095bd0d3ce1a3)
(From OE-Core rev: 76b3996974de8ca8729d7d262b1c90cd2def02d5)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-sato/webkit/webkitgtk_2.24.0.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are many projects called Flex and they have CVEs, so also set the vendor
to remove these false positives.
(From OE-Core rev: 0598ccdcb31e16f1d1227197591b10ba441fcfe2)
(From OE-Core rev: 22544792c5b3bd9be0af7c2b7c6dd7e68aa00f83)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 066fa83eeaaa34e5b901dc4b82ad607d0fa78f0b)
(From OE-Core rev: add14ed1970ff70f4dc71720986e13887da9fffa)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8f03a33f61a94e9b8d8232283204588ce18b45a0)
(From OE-Core rev: 5ebaa9b41501c64e939b671b37dc616e98d2a803)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 721e69aa12dd9ee22618ef13f29fb6d28eeab9af)
(From OE-Core rev: 4f905e245a02b9d8c5fe4a77271aabc41a69ba00)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/ghostscript/ghostscript_9.26.bb
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1f0cca19014fef24a359d400c96d178463b2760f)
(From OE-Core rev: d368ffb08bd3e3de59827e49df9c69643e002e6e)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-graphics/libsdl2/libsdl2_2.0.9.bb
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 3c247a4a166cabf7ddfea403cf272b3fb4e00872)
(From OE-Core rev: 52a716ed45c9b36c893b56c4f71a84769ae67878)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: e61c42ee49029ae8ffec58128dd083031305d9e5)
(From OE-Core rev: 29a898902b52bada1dafdf82a32d1151ed818a06)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/nasm/nasm_2.14.02.bb
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8995f2c7d6f2f6f760811976af77e949d505a5d8)
(From OE-Core rev: 414fd1cd1845d05103cdc1f845acac4953c06f09)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: f6a456fed7286e1304cd776bb2f740c462c9b4b1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVEs that are whitelisted or were not vulnerable when there are version
comparisons were not included in the report, so alter the logic to ensure that
all relevant CVEs are in the report for completeness.
(From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264)
(From OE-Core rev: 301887fc4b726e1040e1ff2045c70562624dc961)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When https_proxy is set, use proxy opener to open CVE metadata and
database URLs, otherwise fallback to the urllib.request.urlopen.
Also fix a minor issue where the json database which has been gzip
decompressed as byte object should be decoded as utf-8 string as
expected by update_db.
(From OE-Core rev: 95438d52b732bec217301fbfc2fb019bbc3707c8)
(From OE-Core rev: 6d3222fb7ecde524c4e033729318fb0fb80a444c)
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the code fetches the compressed JSON, writes it to a temporary file,
uncompresses that with gzip and passes the fake file object to update_db().
Instead, uncompress the gzip'd data in memory and pass the JSON directly to
update_db().
(From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb)
(From OE-Core rev: 1d34aec479156a7dadf7867bbf0d53f12d21ef3e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The metadata parser is fragile: first it coerces a bytes() to a str() (so the
string is b'LastModifiedDate:2019...'), assumes the first line is the date, and
then uses a regex to parse (which then includes the trailing quote as part of
the date).
Clean this up by parsing the bytes as UTF-8 (ASCII is probably fine, but this is
safer), iterate through the lines and split on colons to find the right
key/value pair.
(From OE-Core rev: bb4e53af33d6ca1e9346464adbdc1b39c47530f3)
(From OE-Core rev: c718e073e8e9cd5df9e19dd02fcac2139758b5b7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of calling execute() repeatedly, rewrite the function to be a generator
and use executemany() for performance.
(From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318)
(From OE-Core rev: d248ec9764d0439eb30fdb3605e9d05ee4219348)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe was called -native but didn't inherit native.
(From OE-Core rev: f0d822fad2a163d1ee32ed3b4c0359245140e19b)
(From OE-Core rev: 5eeafcb492daf63602f0e2ed4a12f755701597d7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4b301030cf9cf7a981dcff85a50e915c045e3130)
(From OE-Core rev: 7df7cd765e67535b72cd56eb679c6f5078c08460)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
djb2 hash algorithm was found to do collisions, so the database was
sometime missing data. Remove this hash mechanism, clear and populate
elements from scratch in PRODUCTS table if the current year needs an
update.
(From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19)
(From OE-Core rev: e6541c6add1714938a81cca394886893cf24cdb0)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using expanded list of affected versions that is not
reliable, use the 'cpe_match' node in the 'configurations' json node.
For cve-check to correctly match affected CVE, the sqlite database need to
contain operator_start, operator_end and the corresponding versions fields.
(From OE-Core rev: f7676e9a38d595564922e5f59acbc69c2109a78f)
(From OE-Core rev: 6977d15fbc3b78958768b21f6c501e7d63be9499)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 91770338f76ef35f3c4eeac216eb9d2b3188e575)
(From OE-Core rev: 075683d23018760e8b2fa0b793ceacd9027e55c3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_CHECK_WHITELIST does not contain version anymore, as it was not
used. This variable should be set per recipe.
(From OE-Core rev: 7069302a4ccbb5b72e1902f284cf078516fd7294)
(From OE-Core rev: 8dd899679fc881d02e081d1e0814252d604dd479)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some product names are too vague to be searched without also matching the
vendor, for example Flex could be the parser compiler we ship, or Adobe Flex, or
Apache Flex, or IBM Flex.
If entries in CVE_PRODUCT contain a colon then split it as vendor:product to improve the search.
Also don't use .format() to construct SQL as that can lead to security
issues. Instead, use ? placeholders and lets sqlite3 handle the escaping.
(From OE-Core rev: e6bf90009877d00243417898700d2320fd87b39c)
(From OE-Core rev: 0851d68b4679a7035029d28091d9a6b21d266c99)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes build failure with core-image-minimal:
Exception: UnboundLocalError: local variable 'to_append' referenced before assignment
(From OE-Core rev: 270ac00cb43d0614dfe1c95f960c76e9e5fa20d4)
(From OE-Core rev: 45758c900ff738e58fd37ff809960965867d79f8)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.
Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.
(From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17)
(From OE-Core rev: 2b9f1b654c726e7c7b2fe8710d60ca10212295f5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5388ed6d1378d647a65912dbd537f9ef3cb5760a)
(From OE-Core rev: eb227c8885580fc08dccc005056bb1fdb691ea1d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the
tooling wasn't able to detect this version. As we now ship readline 8 we don't
need to manually whitelist it, and if we did then the whitelisting should be in
the readline recipe.
(From OE-Core rev: 07bb8b25e172aa5c8ae96b6e8eb4ac901b835219)
(From OE-Core rev: c7f23d4e53d039838536f71996ad896c977cf138)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that cve-update-db added CPE information to NVD database. We can
check for unpatched versions with operators '<', '<=', '>', and '>='.
(From OE-Core rev: bc0195be1b15bcffe60127bc5e8b7011a853c2ed)
(From OE-Core rev: 48793a3b74bfaa5ffe6191d21f64aef3720433db)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
do_populate_cve_db is a native task.
(From OE-Core rev: 4078da92b49946848cddebe1735f301af161e162)
(From OE-Core rev: 5d6cbab419770eb556b57445fd5509339d3142b4)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/conf/distro/include/maintainers.inc
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the NVD url is not accessible, print a warning on top of the CVE
report, and continue. The database will not be fully updated, but
cve_check can still run on the previous database.
(From OE-Core rev: 0325dd72714f0b447558084f481b77f0ec850eed)
(From OE-Core rev: ae743789d893e950583014f38f0ad246aa4fe034)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to populate NVD database on a fetchall
(bitbake <image> --run-all=fetch), set the do_populate_cve_db task to be
executed before do_fetch.
Do not get CVE_CHECK_DB_DIR, CVE_CHECK_DB_FILE and CVE_CHECK_TMP_FILE
variable because do_populate_cve_db can be called in a context where
cve-check class is not loaded.
(From OE-Core rev: 975793e3825a2a9ca6dc0e43577f680214cb7993)
(From OE-Core rev: 5d265e84ef47ec6545eaa0fa64b16ccbb9e8a4ea)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If https_proxy environment variable is defined, manage proxy to be able
to download meta and json data feeds from https://nvd.nist.gov
(From OE-Core rev: 09be21f4d1793b1e26e78391f51bfc0a27b76deb)
(From OE-Core rev: 3af4399ea35b5c4b87d656f09dd2afed11791f0a)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of generating a series of indexes via range(len(list)), just iterate the
list.
(From OE-Core rev: 27eb839ee651c2d584db42d23bcf5dd764eb33f1)
(From OE-Core rev: 27ef8c40afc27ce0ae87d2fe9a973edc89133def)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
urllib3 was used in this recipe but it was not set as a
dependency. As it is not specifically needed, rewrite the recipe with
urllib from the standard library.
(From OE-Core rev: c0eabd30d7b9c2517f4ec9229640be421ecc8a5e)
(From OE-Core rev: bfaee04b8a7cb0fc6e149106619a01b848fd8a98)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
flac uses both 'flac' and 'libflac' as cve product.
(From OE-Core rev: 3a043a078f6cc89bcc097823fa37cd1311805ae7)
(From OE-Core rev: c130045aff7f51ddb6c7fbde590a79207dbb4ddf)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the NVD json CVE feed, affected versions can be strictly matched to a
version, but they can also be matched with the operator '<='.
Add a new condition in the sqlite query to match affected versions that
are defined with the operator '<='. Then use LooseVersion to discard all
versions that are not relevant.
(From OE-Core rev: 3bf63bc60848d91e90c23f6d854d22b78832aa2d)
(From OE-Core rev: 70046288894184477dcf6f7eba25b1994b88c8de)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some rare cases (eg. curl recipe) the CVE_PRODUCT contains more than
one name.
(From OE-Core rev: 7f62a20b32a3d42f04ec58786a7d0db68ef1bb05)
(From OE-Core rev: 4f96e9ba1f4f14f312b6024711fe8da0c3041e4c)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Use the new update-cve-db recipe to update database.
(From OE-Core rev: bc144b028f6f51252f4359248f6921028bcb6780)
(From OE-Core rev: 6556bb30998d9d37f2389492eb7c15667ba4a827)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cve-check-tool-native do_populate_cve_db task was using deprecated NVD
xml data feeds, cve-update-db uses NVD json data feeds.
Sqlite database schema was updated to take into account CVSSv3 CVE
scores and operator in affected product versions.
A new META table was added to store the last modification date of the
NVD json data feeds.
(From OE-Core rev: 546d14135c50c6a571dfbf3baf6e9b22ce3d58e0)
(From OE-Core rev: e344a27003cc9e39058b41c0e96463f231ebf245)
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/conf/distro/include/maintainers.inc
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a)
(From OE-Core rev: b6645596f2d2faf8f1fdfbedfe1edd004fbce6bc)
(From OE-Core rev: 151f7fb11bb4c91dd6edaebcc63fa3c1a2cbfe8b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes libstdc++ changes from gcc 9.X.
It also switches uninative from bz2 to xz compression.
(From OE-Core rev: 7ed16ec033366aea175ac4ecf7cd82656c4141bb)
(From OE-Core rev: 0bc5136608f7e3cab31ea57a4c3dd8df7eca9a4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SIGTERM handler
The bitbake-worker child on the SIGTERM signal handling send the SIGTERM to all
processes in it's process group. In cases when the bitbake-worker child got
SIGTERM after registering own SIGTERM handler and before the os.setsid() call
it can send SIGTERM to unwanted processes.
In the worst case during SIGTERM processing the bitbake-worker child can be in
the group of the process that started BitBake itself. As a result it can kill
processes that not related to BitBake at all.
(Bitbake rev: 945719d852da6c787bc9115bd0aa90c429f5de07)
Signed-off-by: Ivan Efimov <i.efimov@inango-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|