linux/poky.git/meta/classes, branch yocto-3.0.3Mirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=yocto-3.0.32020-04-29T15:11:56+00:00cve-check: CPE version '-' as all version2020-04-29T15:11:56+00:00Lee Chee Yangchee.yang.lee@intel.com2020-03-31T07:26:03+00:00urn:sha1:73738879a282e3a39c5753024ed363b27e704416
CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.
Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.
Non-valid CVE to be whitelisted separately.
[YOCTO #13617]
(From OE-Core rev: 1e8e188514584f9f972c0eb733c10a61853ec3d0)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c69ee3594079589d27c10db32bc288566ebde9ef)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kernelsrc.bbclass: Fix externalsrc support2020-04-17T07:29:02+00:00Paul Barkerpbarker@konsulko.com2020-03-09T14:21:37+00:00urn:sha1:74f229160c7f4037107c1dad8f0d02128c080a7e
When the externalsrc class is used the tasks listed in
SRCTREECOVEREDTASKS are deleted to prevent them being executed. If
externalsrc is used for the kernel then this will include
virtual/kernel:do_patch.
We can depend on do_shared_workdir instead as this will survive when
externalsrc is used.
(From OE-Core rev: 5ac98c776f9b77804a0ee812f47f3ecf593e432f)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c17d35cc7b9c5e01fd5829858d2f0234e7ac8d6)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kernel-yocto.bbclass: Support config fragments with externalsrc2020-04-17T07:29:02+00:00Paul Barkerpbarker@konsulko.com2020-03-09T14:21:39+00:00urn:sha1:5b38b8af6afd2765fefb4ca4f3a4b6bcf61a6306
The merging of config fragments is performend in the do_kernel_configme
task and so config fragments will not be supported when this task is
removed from the dependency tree.
kernel-yocto adds additional tasks which may modify the source directory
to SRCTREECOVEREDTASKS so that they are removed when using externalsrc.
However, do_kernel_configme should be safe to use, the only modification
to the source tree is the potential creation of the '.kernel-meta'
directory and the '.metadir' file.
(From OE-Core rev: b7ae0fa668be008e46982190553d0738a5465efe)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44f04c039a4d61dd18666e42b9b9865cbc3ada9e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sanity: check for more bits of Python2020-03-30T16:41:56+00:00Ross Burtonross.burton@intel.com2020-03-19T19:19:13+00:00urn:sha1:4ccd0345c82f396921b21df491d0ade2ad36089f
MJ: icu in master doesn't need distutils anymore, because icu 65.1 currently in
dunfell/master doesn't depend on python3-distutils anymore since:
https://github.com/unicode-org/icu/commit/b4d41b0561b6e8de38b99850ce0e4be8ef536bb1
but the icu-64.2 in zeus and openembedded-core/meta/recipes-core/ovmf/ovmf_git.bb
still need python3-distutils as described in:
http://lists.openembedded.org/pipermail/openembedded-core/2020-March/293984.html
(From OE-Core rev: da2df0251098c46a1476983db379cf33010e3035)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check: fix ValueError2020-03-16T16:44:54+00:00Chee Yang Leechee.yang.lee@intel.com2020-03-09T04:57:03+00:00urn:sha1:c6f99b055ef6f47bedea0c1cf040e5fb69523eb9
fix below error for whitelisted recipe and recipe skip cve check.
Error:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_cve_check(d)
0003:
File: '/poky-master/meta/classes/cve-check.bbclass', lineno: 59, function: do_cve_check
0055: try:
0056: patched_cves = get_patches_cves(d)
0057: except FileNotFoundError:
0058: bb.fatal("Failure in searching patches")
*** 0059: whitelisted, patched, unpatched = check_cves(d, patched_cves)
0060: if patched or unpatched:
0061: cve_data = get_cve_info(d, patched + unpatched)
0062: cve_write_data(d, patched, unpatched, whitelisted, cve_data)
0063: else:
Exception: ValueError: not enough values to unpack (expected 3, got 2)
(From OE-Core rev: d8cfc309f9dd0dc8904ab18e5898770502ee2540)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64a362bd2dd0b4f3165d5162adbc600826af66f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check: show whitelisted status2020-03-16T16:44:54+00:00Chee Yang Leechee.yang.lee@intel.com2020-03-06T02:27:26+00:00urn:sha1:8b1eccc311640190a590510e338f6631ecc59392
change whitelisted CVE status from "Patched" to "Whitelisted".
[Yocto #13687]
(From OE-Core rev: 707b3a41b3cacfb7f1d1ed75f9a298ff4721735e)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 181bdd670492525f9488d52c3ebb9a1b142e35ea)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve-check: fail gracefully when file not found2020-03-16T16:44:53+00:00Armin Kusterakuster808@gmail.com2019-12-11T16:16:04+00:00urn:sha1:7d8d93cfb915cb4c9b855019dfc2bddc3918ebff
With out these changes, a traceback displayed when a file
is listed in the SRC_URI but the file does not exist.
raise FileNotFoundError and print the patch then mark the task as failed.
(From OE-Core rev: d313a5912d2ecbf7796e75ee7e7cd1d442b4fa40)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit d4926c11a4ab9148bdb640a9367c9e1891491a5b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch: Extend to native/nativesdk and depend upon2020-02-11T23:05:12+00:00Richard Purdierichard.purdie@linuxfoundation.org2020-02-04T22:20:35+00:00urn:sha1:5602cc200b73678490902fd71faf66c02b2ee077
There is a bug in patch 2.7.3 and earlier where index lines
in patches can change file modes when they shouldn't:
http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4
This leaks into debug sources in particular (e.g. tcp-wrappers where
source files are read-only). Add the dependency to target recipes
to avoid this problem until we can rely on 2.7.4 or later.
We could try and remove all index lines from patch files but it will be a
losing battle. We could try and identify all the recipes which change
modes on files in patches but again, its a losing battle.
Instead, compromise and have patch-native as a dependency
for target recipes. We use patch-replacement-native since patch-native
is in ASSUME_PROVIDED.
Also add nativesdk-patch to buildtools-tarball.
[YOCTO #13777]
(From OE-Core rev: 5ed0840c93804488cd1c1aba6cb382b2434714a5)
(From OE-Core rev: fd3bd61a6fe5190c575dc968f3a0be9c1cbf21ed)
(From OE-Core rev: 148f1f8caf5d9a262c1f55e437326ce6139a743e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
classes/reproducible_build: Read SDE file later2020-02-11T23:05:12+00:00Joshua Wattjpewhacker@gmail.com2020-01-31T19:04:16+00:00urn:sha1:632bbf4bd78690d787a188ca1185f46c5dca1d98
Defers the resolution of the SOURCE_DATE_EPOCH until the variable needs
to be actually realized with a value. The previous method of loading the
value in anonymous python had issues because it could occur before other
anonymous python functions that affect the location of the epoch file,
such as when a recipe uses AUTOINC/AUTOREV or allarch.bbclass.
Also adds more logging to help diagnose issues in the future.
[YOCTO #13763]
(From OE-Core rev: b3313a10a3eb93f0a3710a35de0404fb49cd6202)
(From OE-Core rev: 10515e5f7e38edbc4430e2599062a9ce6fdb42a8)
(From OE-Core rev: 81d3832728aeae0e02e775bab9fc13e159fb61d3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
linuxloader: Correct loader for glibc on armhf2020-01-28T11:51:03+00:00Alex Kiernanalex.kiernan@gmail.com2019-12-29T16:26:55+00:00urn:sha1:8fdf082c11131524d803e61f9272aec319811a3d
Fix the naming of the loader on armhf to match what glibc expects:
#define GLIBC_DYNAMIC_LINKER_SOFT_FLOAT SYSTEMLIBS_DIR "ld-linux.so.3"
#define GLIBC_DYNAMIC_LINKER_HARD_FLOAT SYSTEMLIBS_DIR "ld-linux-armhf.so.3"
(From OE-Core rev: 70efe880589df1dfe7d71451d62d9d8e4afd7981)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ad531093d620f18c04d487d79e9dad9f5a96232)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>