summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* alsa-utils: Trim the text part used for the license file checksumPeter Kjellerstedt2019-12-161-1/+1
| | | | | | | | | | | | | This avoids including irrelevant information when calculating the license checksum. License-Update: Trim the text part used for the license file checksum (From OE-Core rev: cfdda2ab6f986f811fbddd88573b28c239648a15) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-lib: Trim the text part used for the license file checksumPeter Kjellerstedt2019-12-161-1/+1
| | | | | | | | | | | | | This avoids including irrelevant information when calculating the license checksum. License-Update: Trim the text part used for the license file checksum (From OE-Core rev: 17cf76a590474d062180bfd979348ec041d8697f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dosfstools: fix CP437 error from `dosfsck -l`Christopher Larson2019-12-061-0/+3
| | | | | | | | | | | | | | | | Fix this error seen when using dosfsck -l to list fs contents: CP437: Invalid argument (From OE-Core rev: 8a5fdac3c2d207b2cfac64ec2a2626c3ef154d84) (From OE-Core rev: a6bd358a27a9346ab364734ca22f35b30f4eb590) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: fix CVE-2019-19221Anuj Mittal2019-12-062-0/+102
| | | | | | | | | | | | | | | Also see: https://github.com/libarchive/libarchive/issues/1276 (From OE-Core rev: 422bef7a205b9b5d48d5b0e0b2b14ac65484607a) (From OE-Core rev: f3e7298c32c430dfc955a2023474810ae32926ba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: fix CVE-2019-19126Anuj Mittal2019-12-062-0/+33
| | | | | | | | | | | | | | Backport from 2.30 stable branch and drop NEWS section. (From OE-Core rev: b4d4f70380c100d8ab06557237d8d5649a885e30) (From OE-Core rev: 3d790738abd884121372f1e00170f9b42b13b5f1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2019-14248Anuj Mittal2019-12-062-0/+44
| | | | | | | | | | | | | | | See: https://bugzilla.nasm.us/show_bug.cgi?id=3392576 (From OE-Core rev: 5ac52e78775759d2d06514ac2ae4c98e94190875) (From OE-Core rev: f1cc582fe1db4d0d4e87316646a7065c4051c906) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813Anuj Mittal2019-12-061-0/+1
| | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://www.openwall.com/lists/oss-security/2019/08/28/2 (From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944) (From OE-Core rev: 85ae609d789763f9a6400dc603b675cb57bd7654) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup-2.4: upgrade to 2.66.4Ross Burton2019-12-061-3/+3
| | | | | | | | | | | | | | | Fixes CVE-2019-17266. (From OE-Core rev: ffdbcd78955d43d34988991f1d217036f044167d) (From OE-Core rev: d54d6c994850f4c6994dc0974f905148a024e98f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix release: https://gitlab.gnome.org/GNOME/libsoup/compare/2.66.2...2.66.4] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2019-17596Hongxu Jia2019-12-062-0/+43
| | | | | | | | | | https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73 (From OE-Core rev: 581de91fcf73675f638e7b739dd99291baf36f50) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Whitelist CVE-2019-6470Adrian Bunk2019-12-061-0/+4
| | | | | | | | | (From OE-Core rev: 016bb19213832409dd5b914d54f8af08037e9c07) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: Fix CVE-2019-1010180Vinay Kumar2019-12-062-0/+133
| | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=23657 Backported upstream commit 950b74950f6020eda38647f22e9077ac7f68ca49 to gdb-8.3.1 sources. Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49] (From OE-Core rev: 82a227e54e704ef9237c1613b9d3350fa26fe9dd) (From OE-Core rev: 0a20e92a02b3ba1687792b3607c0e30a6247b42b) Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2019-14869Stefan Ghinea2019-12-062-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. References: https://nvd.nist.gov/vuln/detail/CVE-2019-14869 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904 (From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c) (From OE-Core rev: 9827b7df6f008f4384bbe22beeb0fe6adfeb36d6) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionzeus-22.0.1yocto-3.0.1Richard Purdie2019-11-271-1/+1
| | | | | | (From OE-Core rev: 75a4cabf55e13e6714c0fdb229cd51b5184ddbef) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionRichard Purdie2019-11-261-1/+1
| | | | | | (From OE-Core rev: 5a0ccf24fe00728823ee687823f34d843539df68) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance: Use zeus as the branchRichard Purdie2019-11-261-1/+1
| | | | | | (From OE-Core rev: 4a14eb567b51fbdf1f0630b7c63a289bc66f3b80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionRichard Purdie2019-11-261-1/+1
| | | | | | (From OE-Core rev: 378b6de44909a383ac002b00ba6da54de77aa61c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer: Change SRC_URI to use HTTPS access instead of HTTPCarlos Rafael Giani2019-11-259-9/+9
| | | | | | | | | | | | | | Some GStreamer recipes like gstreamer1.0-vaapi already use HTTPS instead of http. Also, access to http:// is simply redirected by the freedesktop server to https://, and using HTTPS is anyway generally recommended over plain HTTP for security reasons. So, normalize the URLs to use HTTPS only. (From OE-Core rev: 7ca54d025168688b1b612c43c9ed4bc0f2ca4d02) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-validate: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 2dc11f32c6ddfbfc39317ed8ef08a0010b612ea3) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-rtsp-server: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 8e80527d545d1e9588e4a3a808a01ccd1f185139) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-python: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 0378bc80633c345452abb7d002873cccf402c3f6) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-omx: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: a11e9d9cbd7fa6eba887bb9094c841b85bccb2c4) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-vaapi: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 95f10a15a87836cb569f81292c89c7bf159e4e6d) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-libav: upgrade to version 1.16.1Carlos Rafael Giani2019-11-252-38/+2
| | | | | | | | | | | Removed gtkdoc-no-tree.patch since its changes are now included in 1.16.1 (From OE-Core rev: b8b52c405a241a6901b291ff7f6f8319bbd68652) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-ugly: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: bed2a8de47534436f811e40bc1b261fa73eb920b) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 48f375103a569838ee345716390dc5595cec1e83) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good: upgrade to version 1.16.1Carlos Rafael Giani2019-11-253-84/+2
| | | | | | | | | | | | | * 0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch * headerfix.patch Removed since these changes are already included in 1.16.1 (From OE-Core rev: f992741666ddc83ccbf3149f1544b95958150620) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | (From OE-Core rev: 91fb2701cb84959eb35da2aaf605ab815eaa95dc) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | | | | | | | (From OE-Core rev: 8946642d425099717d7fc00a01ced9954263517c) Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> [ Bug fix only update per release notes: https://gstreamer.freedesktop.org/releases/1.16/#1.16.1] 1.16.1 The first 1.16 bug-fix release (1.16.1) was released on 23 September 2019 This release only contains bugfixes and it should be safe to update from 1.16.0. ] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2019-6471 and CVE-2018-5743Kai Kang2019-11-259-0/+2723
| | | | | | | | | | | | | | | | Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind. CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the other 6 patches are for CVE-2018-5743. And backport one more patch to fix compile error on arm caused by these 6 commits. (From OE-Core rev: 3c39d4158677b97253df63f23b74c3a9dd5539f6) (From OE-Core rev: 07a8d013383b622eabfcefec9378c857b5265c05) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Refresh patchZheng Ruoqin2019-11-251-45/+26
| | | | | | | | | | Refresh CVE-2019-7663.patch as it can't be applyed when using PATCHTOOL = "patch". (From OE-Core rev: 9c44ecdb9bd6d70f0dfde2a8f0b52015fb6a1d86) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: update to 2.7.17Alexander Kanavin2019-11-2514-904/+49
| | | | | | | | | | | | | | | | | | | | | Drop backports, rebase a couple of patches. This is the second last release of py 2.x; upstream support ends on 1 January 2020, there will be one final 2.x afterwards. Note that the only thing that still needs python 2.x in oe-core is u-boot; when the next u-boot update arrives, we should find out where the py3 migration is for that component before merging the update. (From OE-Core rev: 184b60eb905bb75ecc7a0c29a175e624d8555fac) (From OE-Core rev: d8cd909e7c073eb6365732e5c906f52933fe2e66) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix build for x32Anuj Mittal2019-11-252-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit: d336110b94 boost: update to 1.67.0 dropped the patch that ensured boost doesn't over-ride the architecture flags set by us resulting in errors: | build/tmp/work/x86_64_x32-poky-linux-gnux32/boost/1.69.0-r0/recipe-sysroot/usr/include/bits/long-double.h:44:10: fatal error: bits/long-double-64.h: No such file or directory | #include <bits/long-double-64.h> | ^~~~~~~~~~~~~~~~~~~~~~~ | compilation terminated. Remove the relevant part from gcc.jam again to ensure we are passing them correctly again. Fixes [YOCTO #13598] (From OE-Core rev: aad28f42b1c8aa1335c040630ebff4a69be07e35) (From OE-Core rev: ebbfe23acfbc820ad7b71c95539b5af97a8be49d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: fetch CVE data once at a time instead of in a single callRoss Burton2019-11-251-10/+10
| | | | | | | | | | | | | | | | | | | | | This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 250000. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) (From OE-Core rev: 3ded9a64c95ae02df7562fc69e2af08c150d2452) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: neaten get_cve_infoRoss Burton2019-11-251-13/+5
| | | | | | | | | | | | | Remove obsolete Python 2 code, and use convenience methods for neatness. (From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff) (From OE-Core rev: 98162c04c877925c737674a1635b08cf998b92f5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: rewrite look to fix false negativesRoss Burton2019-11-251-29/+34
| | | | | | | | | | | | | | | | | | | A previous optimisation was premature and resulted in false-negatives in the report. Rewrite the checking algorithm to first get the list of potential CVEs by vendor:product, then iterate through every matching CPE for that CVE to determine if the bounds match or not. By doing this in two stages we can know if we've checked every CPE, instead of accidentally breaking out of the scan too early. (From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69) (From OE-Core rev: 0f42a1d4dbb74ab39e81449cf222302bcc04f7db) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: clean up proxy handlingRoss Burton2019-11-251-26/+5
| | | | | | | | | | | | | | urllib handles adding proxy handlers if the proxies are set in the environment, so call bb.utils.export_proxies() to do that and remove the manual setup. (From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434) (From OE-Core rev: 15f6b4b59805db40df4eff6d5a2809f6f05b66c1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: add an index on the CVE ID columnRoss Burton2019-11-251-0/+3
| | | | | | | | | | | | | | Create an index on the PRODUCTS table which contains a row for each CPE, drastically increasing the performance of lookups for a specific CVE. (From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e) (From OE-Core rev: 1b4a524da1532d15eb34a96c5bda5ff2af25a953) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: don't hardcode the database nameRoss Burton2019-11-251-2/+2
| | | | | | | | | | | | | | Don't hardcode the database filename, there's a variable for this in cve-check.bbclass. (From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab) (From OE-Core rev: 1c10a3189aad5109f04d1fc208d579225bdd1431) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: don't refresh more than once an hourRoss Burton2019-11-251-1/+9
| | | | | | | | | | | | | | | We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) (From OE-Core rev: f9e9107dbe23293eb96e049d7f821d2e33c23f06) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: we don't actually need to unpack to checkRoss Burton2019-11-251-2/+1
| | | | | | | | | | | | | | The patch scanner works with patch files in the layer, not in the workdir, so it doesn't need to unpack. (From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17) (From OE-Core rev: 02e6b727bf62858be7dba061879a6d57bd5a725d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup: set CVE_PRODUCTRoss Burton2019-11-251-0/+2
| | | | | | | | | | (From OE-Core rev: 424ea81c3b9965b5d5e45c1dc922dcc910fadc05) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: Whitelist CVE-2014-4715Adrian Bunk2019-11-251-0/+3
| | | | | | | | | (From OE-Core rev: 4471cd22dbf13feb79171b098b9ec4eeded54ae7) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa: reproducible: Add option to capture bad packagesJoshua Watt2019-11-251-0/+20
| | | | | | | | | | | | | Adds an option that can be used to copy the offending packages to a temp directory for later evaluation. This is useful on the Autobuilder to investigate failures. (From OE-Core rev: 91d657a0c4cbb273e1e74d38bfd6b4b05d9b372e) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: check that 'devtool upgrade' correctly drops backported patchesAlexander Kanavin2019-11-251-3/+22
| | | | | | | | | | | | There was a regression in this functionality that went unnoticed due to lack of tests. (From OE-Core rev: da4c28d5fdc6501a7d3b256cb62cba778e81d16e) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cairo: the component is dual licensedAlexander Kanavin2019-11-251-6/+6
| | | | | | | | | | | | | | Somehow, over the years, no one noticed that cairo does in fact offer a choice between mpl and lgpl, but the COPYING makes it clear: https://gitlab.freedesktop.org/cairo/cairo/blob/1.16/COPYING (From OE-Core rev: fd209dac3f717daa9d2f44ada092ab054ac2ede8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/sstatetests: Ensure we don't use hashequiv for sstatesigs testsRichard Purdie2019-11-251-0/+12
| | | | | | | | (From OE-Core rev: 7f424c32589b94192842f52235c064cb8c19288e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sanity: Add check for tar older than 1.28Richard Purdie2019-11-251-1/+4
| | | | | | | | | | | | Older versions break opkg-build when reproducible builds are enabled. Rather than trying to be selective based on which features are enabled, lets just make this a minimum version. (From OE-Core rev: 96f5c7c2f8dda7d47af5398b3463aa25921f5301) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* core-image-full-cmdline: Add lessRichard Purdie2019-11-251-0/+1
| | | | | | | | | | | | Less was coming from busybox in these images, add the full version. [YOCTO #13630] (From OE-Core rev: 2880164ca74ac1fd7b860c61017efe3d55fb4038) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg-utils: Fix silent empty/broken opkg package creationRichard Purdie2019-11-252-0/+34
| | | | | | | | | | | | | | | opkg-build was failing on hosts where tar < 1.28 and reproducibile builds were enabled but it was doing this silently and generating corrupted (empty) ipk files. Add a fix for this (submitted upstream). The fix requires bash but if you're building ipk files this shoudn't be a problem. (From OE-Core rev: 5d774331226f967a2d00c9594c4811ee378cd572) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: Add upstream fixes for empty packagesRichard Purdie2019-11-253-0/+102
| | | | | | | | | | | An ipk with a zero size data.tar file caused opkg to crash with a double free abort. Add the upstream fixes for this. (From OE-Core rev: ea1ded0b47e85d039dfad2b59580817bfb335739) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 21:24:58 +0000