| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running CVE checks in CI we're usually not interested in warnings on the
console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS
to allow this to be disabled (it is left enabled by default).
(From OE-Core rev: d009233f36fb866f6bdaa12fb6deedf5e253e9c9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1054d3366ba528f2ad52585cf951e508958c5c68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 8fd6a9f521ea6b1e10c80fe33968943db30991ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this the rootfs manifest and the summary were identical.
We should separate the summary and rootfs manifest more clearly,
now the summary is for all CVEs and the rootfs manifest is only for
things in that image. This is even more useful if you build multiple
images.
(From OE-Core rev: 2bacd7cc67b2f624885ce9c9c9e48950b359387d)
Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b8cc6fc45f0ea5677729ee2b1819bdc7a441ab1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 65498411d73e8008d5550c2d0a1148f990717587)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8a178a728f2318c55d5ecaef0ef9e0fd8ebc333b)
Signed-off-by: Ernst Sjöstrand <ernstp@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5046d54df2c3057be2afa4143a2833183fca0d67)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As product, sdk should do cve check as well as rootfs.
(From OE-Core rev: df09cd71b4cd3f830fced9ce91aa202c1609bfc5)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit cc17753935c5f9e08aaa6c5886f059303147c07b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735
CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796
(From OE-Core rev: cd259a00503af360524f58c9cea51aa142dee250)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fafce97bd440150ac5c586b53b887ee70a5b66bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add patch for CVE issue: CVE-2022-29824
CVE-2022-29824
Link: [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab]
Dependent patch: [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b]
(From OE-Core rev: 096ca5fa8cc4672e5e9b25dffe81b176b252d570)
Signed-off-by: Riyaz <Riyaz.Khan@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and
segmentation violation in convert_strings in tinfo/read_entry.c in the
terminfo library.
Backported from the link below, extracting only the relevant changes.
https://github.com/ThomasDickey/ncurses-snapshots/commit/9d1d651878d4bf0695872a64cc65ba0acb825f36
(From OE-Core rev: 2287d591cf32f5580ea6679805d04c3a5146ecd5)
Signed-off-by: Gustavo Lima Chaves <gustavo.chaves@microsoft.com>
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2022-1475
(From OE-Core rev: 2a97ba89f236b751b333622fbbc14180e9b72245)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2021-33657 issue for libsdl2
Link: https://security-tracker.debian.org/tracker/CVE-2021-33657
(From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per below debian link, CVE-2021-28966 affects Windows only
Link: https://security-tracker.debian.org/tracker/CVE-2021-28966
(From OE-Core rev: df6242b72b0477fb61c7dc18ad52a1f147ec7d07)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade ruby to 2.7.6
Link: https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/
This includes CVE-2022-28739 security fix
(From OE-Core rev: 4514b1b8cacb92b1790b636b111c071190b2e4b2)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a test to verify that the JSON reports are generated correctly for
both single recipe builds and image builds.
More tests are needed, but this is better than nothing.
(From OE-Core rev: add860e1a69f848097bbc511137a62d5746e5019)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df0f35555b09c4bc75470eb45ec9c74e6587d460)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9d5b4fdc7ce0458577af5a16b6d7277e3d812e36)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f14c8094e7a049ac1b04c45b76855d0503559932)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://github.com/PCRE2Project/pcre2
MR: 118027
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713
Description:
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c.
(From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addition of summary output caused two issues: error when building
an image and the fact that JSON output was generated even when
CVE_CHECK_FORMAT_JSON.
When generating an image it caused an error like:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:cve_check_write_rootfs_manifest(d)
0003:
File: '/home/alexk/poky/meta/classes/cve-check.bbclass', lineno: 213, function: cve_check_write_rootfs_manifest
0209:
0210: link_path = os.path.join(deploy_dir, "%s.json" % link_name)
0211: manifest_path = d.getVar("CVE_CHECK_MANIFEST_JSON")
0212: bb.note("Generating JSON CVE manifest")
*** 0213: generate_json_report(json_summary_name, json_summary_link_name)
0214: bb.plain("Image CVE JSON report stored in: %s" % link_path)
0215:}
0216:
0217:ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
Exception: NameError: name 'json_summary_name' is not defined
The fix is to pass the d variable to the pure python function generate_json_report
to get correct values of variables and add conditions for the JSON
output where needed.
In addition clarify the message presenting the summary JSON file,
which isn't related to an image.
Uses partial fixes from Alex Kiernan, Ernst Sjöstrand (ernstp),
and Davide Gardenal.
Fixes: f2987891d315 ("cve-check: add JSON format to summary output")
(From OE-Core rev: 665f981fccbb09d51349c4bd4cfe4ca91001e3bd)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9015dec93233c7d45fd0c9885ff5d4ec23ad377d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 447be1d6b8f770171799c2275edb65cbdc0fee2d)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Quentin Schulz <foss@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This test will fail any time the host has libdrm > 2.4.107
(From OE-Core rev: 48ce924dc82aa959fb897ec36873db7dc3813b71)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: additional files
(From OE-Core rev: 1ec7c6f0f048482ae902fd15beab5cdfc7b50c7b)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85b1fef733683be09a1efdb2d8b8ffe543053ace)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if a setup is using RPM for packaging and there are multiple
recipes that install to ${nonarch_base_libdir}/firmware by using
install -d ${nonarch_base_libdir}/firmware, it will create installation
clashes on image install, as linux-firmware in before this patch
used mkdir -p, which creates different file mode bits (depending
on the current user's settings).
In a particular example
linux-fimware created /lib/firmware with 0600
while other-firmware-package created it with 0644
making the combination not installable by rpm backend
(From OE-Core rev: c89bc0fc7f8afdf8ff0e93c3ebd7538987170a0c)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98bf3f427702687bf81ed759e7cde5d6d15e77eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This security upgrade fixes CVE-2022-1292 as per below link
Link: https://www.openssl.org/news/cl111.txt
(From OE-Core rev: de0cafc01804a8d43b4b97e22fdc9a6b0adb8a48)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch
(From OE-Core rev: 970743af349e21a399da6241587b849b14933bc5)
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply below patches to fix the CVEs for freetype:
CVE-2022-27404.patch
Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db.patch
CVE-2022-27405.patch
Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5.patch
CVE-2022-27406.patch
Link: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2.patch
(From OE-Core rev: 51a92860bdbab28a2b487be3b054f103a54b86ac)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add patches to fix below CVE issues
CVE-2022-0865
CVE-2022-0907
CVE-2022-0908
CVE-2022-0909
CVE-2022-0924
(From OE-Core rev: 7c71434832caf6a15f8fb884d028a8c1bf4090a9)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix below listed CVEs:
CVE-2022-22576
Link: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425.patch
CVE-2022-27775
Link: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705.patch
CVE-2022-27776
Link: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258.patch
(From OE-Core rev: bbbd258a1c56d75ccb7e07ddc3bc1beb11d48a3a)
Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fixes for CVE-2022-1381, CVE-2022-1420.
(From OE-Core rev: c7d43000ce137e1f9302b4b6cec149adb1435f47)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 77d745bd49c979de987c75fd7a3af116e99db82b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is horrible but I'm running out of better ideas. We hit circular reference
issues which we were trying to avoid in the core HOSTTOOLS code. When building
the eSDK, there can be two copies of the script.
Therefore assume git will never be in a directory called scripts. This
fixes eSDK build failures.
(From OE-Core rev: 0f6ae13d76129d96f788b7ede312cfc361ee2bda)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27de610ac30d4c81352efc794df7e9b1060f7a68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous minimially invasive git intercept simply isn't enough. For example,
meson used in the igt-gpu-tools recipe hardcodes the path to git in the configure
step so at install time, changing PATH has no effect.
There are lots of interesting things we could do to try and avoid problems but
making the git intercept and dropping fakeroot privs for git global is probably
the least worst solution at this point. It will add slight overhead to git calls
but we don't make many so the overall impact is likely minimal.
(From OE-Core rev: ce6e606ba8b975a33df2f3dc6104abed9cfa7a36)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af27c81eaf68ee681dcd9456a74cca6a9ab40bf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We'd like to intercept git calls but we don't want circular references
and HOSTTOOLS currently sets them up. Tweak to avoid them.
(From OE-Core rev: 1567b7cec5ccbe198bfd0cca9ee8a2b1cf6dbf42)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52c37e133fa55846aca2248ffcf3a10648dbb8d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating the manifest and the testdata.json links, if the link
name is equal to the output name the link is not created, otherwise
it is. This prevents a link-to-self in the first case.
(From OE-Core rev: e3672b5ccd6e0f130b1657017802db130a859d20)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bed63756c56f296ff3d5a7eef66e978bd19f1008)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.
(From OE-Core rev: 00db62342e67b916213c3b54db23c8090621462f)
Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 9da23a2b912edd043037a8e2e1047f7f3ba6886a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An if statement now checks if the link and output path are
the same, if they are then the link is not created,
otherwise it is.
(From OE-Core rev: 62965ca8ca7077c12d75dac37efe204d7159cddd)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 2f024c0236c4806f0e59e4ce51a42f6b80fdf1b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create generate_json_report including all the code used to generate the JSON
manifest file.
Add to cve_save_summary_handler the ability to create the summary in JSON format.
(From OE-Core rev: d8ef964ffeb92684d01d71c983af9dbb1e1b0c4f)
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f2987891d315466b7ef180ecce81d15320ce8487)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
- a positive value sets an interval (in seconds)
- a zero ("0") forces the database update
(From OE-Core rev: ce79a724dc0f9baac480cbadc05894ffcaf48eb7)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.
As the NVD database changes usually only once a day, we can just
update it less frequently.
(From OE-Core rev: d0a56ad3a278e18e766f833619cf97869bdf6a4c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 88f2fb1581a17b2cf59a694ca9afb89e38ed40b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only part of the cve-check task which needs files is the patch
examination, and typically these patches are local so fetch isn't needed.
(From OE-Core rev: 72e5204bc7272414cc7bcfba18f52a177242ed79)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9b3186d3b7c18cbea239ab9b06e85b7c243b54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 3dc8edd6611e7ad4abcece44ca4701eda7aeff94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the latest korg -stable release that comprises
the following commits:
1d72b776f6dc Linux 5.4.192
aa2a047b5842 mm, hugetlb: allow for "high" userspace addresses
6a79b2433eb1 hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
b69e60f6fc00 tty: n_gsm: fix incorrect UA handling
0f4be29febdc tty: n_gsm: fix wrong command frame length field encoding
21cc640385b4 tty: n_gsm: fix wrong command retry handling
49c40febd45c tty: n_gsm: fix missing explicit ldisc flush
85522dcf0053 tty: n_gsm: fix insufficient txframe size
563bb0f794ca netfilter: nft_socket: only do sk lookups when indev is available
fae209521000 tty: n_gsm: fix malformed counter for out of frame data
cec2d0782a7b tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
a6d9847a4f82 x86/cpu: Load microcode during restore_processor_state()
9e9d12b81df6 net: ethernet: stmmac: fix write to sgmii_adapter_base
10ba1ac9a22a drivers: net: hippi: Fix deadlock in rr_close()
a8275219759e cifs: destage any unwritten data to the server before calling copychunk_write
5335370366a3 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
0ecc5304e80a ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
781571034993 ASoC: wm8731: Disable the regulator when probing fails
a71df406a6a5 tcp: fix F-RTO may not work correctly when receiving DSACK
a4ed61e30e32 ixgbe: ensure IPsec VF<->PF compatibility
406aaef0feae bnx2x: fix napi API usage sequence
c3e7ea58608a tls: Skip tls_append_frag on zero copy size
cd5cec3a0c8f drm/amd/display: Fix memory leak in dcn21_clock_source_create
ffce11a39102 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
3a179538bfd7 net: bcmgenet: hide status block before TX timestamping
8ef6d60aa2f1 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
194f474ad9b4 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
e80054ea0cde tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
685ff7d24487 ip_gre: Make o_seqno start from 0 in native mode
69555bb27b2e net/smc: sync err code when tcp connection was refused
daca23846eb3 net: hns3: add validity check for message data length
7763a7956632 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
f5bb5940d754 pinctrl: pistachio: fix use of irq_of_parse_and_map()
d22fc603694b arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
68f5200a1f60 ARM: dts: imx6ull-colibri: fix vqmmc regulator
c45180375afd sctp: check asoc strreset_chunk in sctp_generate_reconf_event
2cba635570d8 tcp: ensure to use the most recently sent skb when filling the rate sample
3ea6190be92f tcp: md5: incorrect tcp_header_len for incoming connections
2b9a13d98dfc bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
2e7f70d324ef mtd: rawnand: Fix return value check of wait_for_completion_timeout
2a36ba067b36 ipvs: correctly print the memory size of ip_vs_conn_tab
abe86a10dc5c ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
54212850e38f ARM: dts: am3517-evm: Fix misc pinmuxing
bba67fe6b022 ARM: dts: Fix mmc order for omap3-gta04
416e0f890732 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
6ff7c1b827c8 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
59bdaed5dd73 ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
dbce8fc16a08 phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
b7fc45354be6 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
dd99939b70c4 phy: samsung: exynos5250-sata: fix missing device put in probe error paths
6331b77fdc17 phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
fccbc3168e5e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
b8f0c19d4864 USB: Fix xhci event ring dequeue pointer ERDP update issue
1f47c2625773 mtd: rawnand: fix ecc parameters for mt7622
0405bd7f1888 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
5f80b5c5f406 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
f6db63819db6 video: fbdev: udlfb: properly check endpoint type
c00f3892f4f0 hex2bin: fix access beyond string end
15b78a8e38e8 hex2bin: make the function hex_to_bin constant-time
73f4668ee875 arch_topology: Do not set llc_sibling if llc_id is invalid
a3cdd33ca163 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
89a5728b053c serial: 8250: Also set sticky MCR bits in console restoration
42f749f2232a serial: imx: fix overrun interrupts in DMA mode
d29c197df7fa usb: dwc3: gadget: Return proper request status
0f3d081315c5 usb: dwc3: core: Fix tx/rx threshold settings
e2ec7b1f6a06 usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
debb276670b0 usb: gadget: uvc: Fix crash when encoding data for usb request
324e67c3b2fc usb: typec: ucsi: Fix role swapping
0366beb40239 usb: misc: fix improper handling of refcount in uss720_probe()
2c97a2b5ef84 iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
e82c726c94ec iio: dac: ad5446: Fix read_raw not returning set value
1aea30f87c65 iio: dac: ad5592r: Fix the missing return value.
1e8716a5c087 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
b8d3a4681f28 xhci: stop polling roothubs after shutdown
c8fbc2f875b6 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
68088dec9b3c USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
56cbdb9d958a USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
6b10dd966c12 USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
890fc65448ea USB: quirks: add STRING quirk for VCOM device
c4b31d41f5f2 USB: quirks: add a Realtek card reader
5666334ce3bf usb: mtu3: fix USB 3.0 dual-role-switch from device to host
b2589647008f lightnvm: disable the subsystem
c9af90f0c6b8 hamradio: remove needs_free_netdev to avoid UAF
7361a35bf330 hamradio: defer 6pack kfree after unregister_netdev
7dea5913000c floppy: disable FDRAWCMD by default
4426e6017f73 Linux 5.4.191
3c946909a3ed Revert "net: micrel: fix KS8851_MLL Kconfig"
c028b81d062e block/compat_ioctl: fix range check in BLKGETSIZE
27da8d16e4f0 staging: ion: Prevent incorrect reference counting behavour
cb158b152ea6 spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
1b6ad2421084 jbd2: fix a potential race while discarding reserved buffers after an abort
0b1ba14ab263 ext4: force overhead calculation if the s_overhead_cluster makes no sense
425301ef608a ext4: fix overhead calculation to account for the reserved gdt blocks
ea9c206111ea ext4, doc: fix incorrect h_reserved size
259dc49deaa2 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
faadbf7ac4f2 ext4: fix use-after-free in ext4_search_dir
0309665eb244 ext4: fix symlink file size not match to file content
ddfe3babc546 arm_pmu: Validate single/group leader events
852b02d1f808 ARC: entry: fix syscall_trace_exit argument
016ba7cbed57 e1000e: Fix possible overflow in LTR decoding
1217cf141b24 ASoC: soc-dapm: fix two incorrect uses of list iterator
aa7070556087 openvswitch: fix OOB access in reserve_sfa_size()
d24e0d9d691b xtensa: fix a7 clobbering in coprocessor context load/store
4c26a96d0c29 xtensa: patch_text: Fixup last cpu should be master
8d6937c1e093 powerpc/perf: Fix power9 event alternatives
0dafb826ed70 drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
013231f75fce KVM: PPC: Fix TCE handling for VFIO
9cf05812cb10 drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
4f08e85ca0fc drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
23f0ba5585a5 dma: at_xdmac: fix a missing check on list iterator
a22f3c99268c ata: pata_marvell: Check the 'bmdma_addr' beforing reading
0441d3e95bca oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
530d32ac52f7 EDAC/synopsys: Read the error count from the correct register
91367af460da stat: fix inconsistency between struct stat and struct compat_stat
837e319ebe62 scsi: qedi: Fix failed disconnect handling
4b813ce289ed net: macb: Restart tx only if queue pointer is lagging
a1419bee4dde drm/msm/mdp5: check the return of kzalloc()
80b188da30aa dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
46f9fa0a6632 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
12a753edd963 mt76: Fix undefined behavior due to shift overflowing the constant
7c48a6e62ddb cifs: Check the IOCB_DIRECT flag, not O_DIRECT
435142fbdcc0 vxlan: fix error return code in vxlan_fdb_append
99c2d9a52f37 ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
3e28d157e5f2 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
54be94d33660 reset: tegra-bpmp: Restore Handle errors in BPMP response
0cb2c00dd1ab ARM: vexpress/spc: Avoid negative array index when !SMP
3a5ad1b8db9f selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
d37295129efa netlink: reset network and mac headers in netlink_dump()
4c4f2a019ff9 l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
8c5ca6492a86 net/sched: cls_u32: fix possible leak in u32_init_knode()
f883def54654 net/packet: fix packet_sock xmit return value checking
e1bc684c81f1 net/smc: Fix sock leak when release after smc_shutdown()
f10e5c9f226c rxrpc: Restore removed timer deletion
9a9c48159365 igc: Fix BUG: scheduling while atomic
f9d5d17d234f igc: Fix infinite loop in release_swfw_sync
6d6271dbbbe5 dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
65c36555bd7d dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ccf554d148eb ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
6a20bf46c625 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
6a54979c7830 ALSA: usb-audio: Clear MIDI port active flag after draining
9c99aacfb4c6 tcp: Fix potential use-after-free due to double kfree()
5a4f3eba211a net/sched: cls_u32: fix netns refcount changes in u32_change()
b01b700e0c5a tcp: fix race condition when creating child sockets from syncookies
ebb3b84596bd gfs2: assign rgrp glock before compute_bitstructs
660784e7194a can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
2da11442a1e3 tracing: Dump stacktrace trigger to the corresponding instance
bad7ed55756f mm: page_alloc: fix building error on -Werror=array-compare
ac94e87675b2 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
(From OE-Core rev: 9784b5a0629cd223865a21a9b72641116d332cf0)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4.
2nd patch adjusted to apply on 1.31.1.
(From OE-Core rev: 0b9cbcc4ceac3938afd1dd6010ce6d9a3da21598)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add below patch to fix CVE-2022-1215
CVE-2022-1215.patch
Link: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28
(From OE-Core rev: 3f899844b383bfd13f176d86181d9219b3dbe345)
Signed-off-by: Pawan Badganchi<badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
CVE-2022-25308.patch
Link: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1
CVE-2022-25309.patch
Link: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
CVE-2022-25310.patch
Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f
(From OE-Core rev: 1c96b8af59e105724db884967a982bb5a47a7eb1)
Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are reports of issues with the new libstdc++ from gcc 12. This upgrades
to a gcc 12 version of uninative to allow builds on those systems. Gcc 12 isn't
finalised so we may need to add a new version of this if/as appropriate when it
is.
(From OE-Core rev: 7c0345ab1058a7e29d37f110923ecd368e102ed7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e3da4da7e5da5bb9e1d360e2be2fdd5132e69320)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tarball (neard-0.16.tar.xz) fetched by the recipe is incomplete.
Few plugins (e.g. tizen) and tests scripts (e.g. Test-channel, test-see,
neard-ui.py, ndef-agent etc) are missing.
Since neard did not release latest tarballs, so as per community
recommendation switching the recipe SRC_URI to git repo.
Community Discussion:
https://lists.openembedded.org/g/openembedded-core/topic/90058043#163681
(From OE-Core rev: d836d47f6a8659f84f2e8e755035392b994fd1fb)
Signed-off-by: Rahul Kumar <rahul.kumar_3@philips.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from b563f40ebf4461d9c35df72bd7599ea11e97da9c)
Signed-off-by: Rahul Kumar <rahul.kumar_3@philips.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
We're going to use the environment approach for solving this issue.
(From OE-Core rev: a58a94e451bb62df70c60b5d7d27c0074b849e0e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0982977dc052ad4e65608f6853f930121d08837a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a devshell, recent versions of git will complain if the repo is owned
by someone other than the current UID - consider this example:
------
bitbake -c devshell linux-yocto
[...]
kernel-source#git branch
fatal: unsafe repository ('/home/paul/poky/build-qemuarm64/tmp/work-shared/qemuarm64/kernel-source' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /home/paul/poky/build-qemuarm64/tmp/work-shared/qemuarm64/kernel-source
kernel-source#
------
Of course the devshell has UID zero and the "real" UID is for "paul" in
this case. And so recent git versions complain.
As the whole purpose of the devshell is to invoke a shell where development
can take place, having a non-functional git is clearly unacceptable.
Richard suggested we could use PSEUDO_UNLOAD=1 to evade this issue, and I
suggested we probably will see other similar instances like this and should
make use of PATH to intercept via devshell wrappers - conveniently we already
have examples of this.
Here, we copy the existing "ar" example and tune it to the needs of git to
combine Richard's suggestion and mine.
As such we now also can store commit logs and use send-email with our user
specific settings, instead of "root", so in additon to fixing basic
commands like "git branch" it should also increase general usefulness.
RP: Tweaked the patch so the PATH change only applies to the devshell task
and is a generic git intercept rather than devshell specific.
RP: Also apply the PATH change to do_install tasks since that also runs under
fakeroot and several software projects inject "git describe" output into
their binaries (systemd, iputils, llvm, ipt-gpu-tools at least) causing
reproducibility issues from systems with different git versions.
(From OE-Core rev: 0ff2cff2c1eac3fe6304644db0fc27ba3130c237)
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3266c327dfa186791e0f1e2ad63c6f5d39714814)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: af5bcfdc0b21607122fbbda6c35fac5d0cb0f829)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3a9b6e71d1e7e8e2ebc0ed047841e36f09300387)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
(From OE-Core rev: e40f202d5f3228934c0e4b49218767864580d003)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.
Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.
(From OE-Core rev: 1ed7bb74d35f08af3babf73c68ee01af5f28a50b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
phantomjs and optipng
Use of those tools was removed in b5c131006e3fad0a15e6cdf81f71dc1e96647028
perf-build-test/report: Drop phantomjs and html email reports support
(From OE-Core rev: bb3fc61f0d7f7bcd77ef194b76f4fdd8a7ff6aa5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
phantomjs isn't reliable and we've moved to sharing the reports via a webserver.
Update the scripts to more match those being used in the autobuilder helper
where the html email support was removed.
(From OE-Core rev: ce6d41812a70a1586aaabb8de5d748a81f6d7cae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c131006e3fad0a15e6cdf81f71dc1e96647028)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport to dunfell from master df567de36ae5964bee433ebb97e8bf702034994a
Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.
Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. The text format is enabled by default
to maintain compatibility, while the JSON format is disabled
by default.
The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.
(From OE-Core rev: 92b6011ab25fd36e2f8900a4db6883cdebc3cd3d)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the WHENCE file, some a3k firmware files are licensed
under the special ar3k license, while others are licensed under the more
generic Atheros license. Document this by adding extending the
LICENSE_${PN}-ar3k and depending on both of them.
(From OE-Core rev: 8c0aa16d76e5492f774fcfe08c829c877991afbd)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8e651814af706285d64b532095fcd6f5f02629ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|