Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=honister 2021-09-07T20:54:11+00:00 2021-09-07T20:54:11+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-09-06T12:49:26+00:00 urn:sha1:8632de2d7a77042c1f1b7454d4bc3b10968bb9e4 CVE is effectively disputed - yes there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address and there is no security issue. https://github.com/westes/flex/issues/414 (From OE-Core rev: 0cae5d7a24bedf6784781b62cbb3795a44bab4d1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-02T14:44:10+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2021-07-28T22:28:15+00:00 urn:sha1:bb6ddc3691ab04162ec5fd69a2d5e7876713fd15 This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-28T05:41:03+00:00 Nikolay Papenkov n.papenkov@inango-systems.com 2021-05-25T11:23:26+00:00 urn:sha1:40d3366bea8d2417e89a37c6f2d38e1542160342 License-Update: Corrected license information flex package is under two licenses: - "BSD-3-Clause" is provided in top-level COPYING file; the license actually include third obligation (without the actual "3" numbering) - "LGPL-2.0+" is explained by src/gettext.h (From OE-Core rev: 7beaae812f55a43797a459f3ad25f1be121bdbe1) Signed-off-by: Dmitry Kisil <d.kisil@inango-systems.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-01-20T22:46:18+00:00 Oleksiy Obitotskyy oobitots@cisco.com 2021-01-19T12:49:38+00:00 urn:sha1:d610e691d09faeff25573276dfe480feb6839c15 Option --noline or -L does not handled properly. So generated code contains #line directives with file absolute path and prevents to create reproducible builds. (From OE-Core rev: 0bf2cb7dc2123f220accf1542c2ae4c4b4b8275a) Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-01T18:57:49+00:00 zangrc zangrc.fnst@cn.fujitsu.com 2020-07-29T01:31:22+00:00 urn:sha1:4c573284789c8cb68ecc715a63f6b0cf3e4d92c8 The patch changes the same file twice which causes issues with some patch tools (not used in YP by default). Refresh the patch to clean this up anyway. RP: Tweak commit message (From OE-Core rev: cb6e65f8196fd6587c75c3ab2cf060c00a074ec6) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-07-18T10:06:32+00:00 Ross Burton ross.burton@intel.com 2020-07-16T11:55:45+00:00 urn:sha1:bd17c6bade219eac2af3bc6ca18c58d1946cffba autoconf 2.70 is coming soon which has some small behavioural fixes, so backport a patch from upstream to fix the build with that release. (From OE-Core rev: 946610f2cc8cd42265ee3fab6c73ad4831aaeb4e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-09T12:00:43+00:00 Joshua Watt jpewhacker@gmail.com 2019-12-08T20:18:48+00:00 urn:sha1:bbd9f784fbee8ab1cac94a3bfd6749fc0d142691 The Makefile used for flex-ptest can pick up the path to the uninative loader through BUILD_LDFLAGS. This includes the full path to the uninative loader, which is not reproducible. Replace it with /bin/false. It doesn't appear as if these native programs are used in the test suites and if there are likely to be other problems related to building them using the BUILD_* flags. (From OE-Core rev: 3cce2d1c36b0859186139d650fd50d2a56e91abd) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-04T12:30:58+00:00 Alexander Kanavin alex.kanavin@gmail.com 2019-11-29T13:11:48+00:00 urn:sha1:e8543db1c6e4a3ae6d6ed4481114090fdd43fa8f Add a backport patch that addresses segfaults on newer glibc versions. Remove: CVE-2016-6354.patch (backport) 0002-avoid-c-comments-in-c-code-fails-with-gcc-6.patch (issue fixed upstream) do_not_create_pdf_doc.patch (issue fixed upstream) ptest pass rate is 100%. (From OE-Core rev: a0fe05f3ffd67dc42e053c20bd019bb9d463d0ad) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-10-15T13:16:11+00:00 Christophe PRIOUZEAU christophe.priouzeau@st.com 2019-10-07T13:08:37+00:00 urn:sha1:fb8613fc4ed361c953087207b34b97ca23a8d4e4 The license of flex is BSD-2-Clause. (From OE-Core rev: e8118c5cf205e8bbb005486d7b3e1f7be1e27aac) Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-18T11:16:19+00:00 Ross Burton ross.burton@intel.com 2019-07-17T10:45:37+00:00 urn:sha1:7f5f884e555e9fc8afbbb1dd666026241f64789b There are many projects called Flex and they have CVEs, so also set the vendor to remove these false positives. (From OE-Core rev: 0598ccdcb31e16f1d1227197591b10ba441fcfe2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>