summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
...
* apt: add a missing perl runtime dependencyAlexander Kanavin2019-08-081-0/+1
| | | | | | | | | /usr/lib/dpkg/methods/apt/setup is a perl script. (From OE-Core rev: a96de885e122bd31e3382d6ecf6f665680e9db71) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: use PRIVATE_LIBS for the ptest packageAlexander Kanavin2019-08-081-1/+1
| | | | | | | | | | | | EXCLUDE_PACKAGES_FROM_SHLIBS is too broad: it suppresses both generation of required and provided shlibs. We need to suppress only the provided shlibs (to avoid clashes with the main package providing the same shlibs), and run the required shlib dependencies generator as usual. (From OE-Core rev: 7d342fd04266bedc12706c111c5b83d952566bca) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-scons:upgrade 3.0.5 -> 3.1.0Zang Ruochen2019-08-082-2/+2
| | | | | | | (From OE-Core rev: 322ff31d811bd8142af93574b10c91c611df93bd) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pbr:upgrade 5.4.1 -> 5.4.2Yuan Chao2019-08-082-5/+5
| | | | | | | (From OE-Core rev: 83ffc20637abd275bc3037935d629f5a716b4614) Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mesa,llvm,meson: Update llvm to 8.0.1 plus define and use LLVM version globallyKhem Raj2019-08-084-134/+59
| | | | | | | | | | | | | | | - Add missing dependency on libedit - Define LLVMVERSION on the same lines as GCCVERSION and other tools - Use LLVMVERSION in mesa and meson.bbclass to get llvm version instead of hardcoding it - Use llvm patches unmodified from meta-clang, helps in keeping them in sync - Define PREFERRED_VERSION for llvm, llvm-native, nativesdk-llvm (From OE-Core rev: 3c08b638348abd543fc92baf56c28ca16ae6aac6) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Fix openat() with a symlink pointing to a directoryJason Wessel2019-08-072-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While working with ostree disk generation in conjunction with wic, I found a problem with pseudo where it tried to resolve a symlink when it shouldn't, based on openat() flags. A C program has been constructed to test pseudo to show that it is working properly with the correct behavior around openat(). #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> #include <dirent.h> #include <unistd.h> #include <fcntl.h> int main() { /* * Tested with: gcc -Wall -o app app.c ; echo "no pseudo" ; * ./app ; echo "pseudo"; pseudo ./app */ system("rm -rf tdir tlink"); system("mkdir tdir"); system("ln -s tdir tlink"); DIR *dir = opendir("."); int dfd = dirfd(dir); int target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); if (target_dfd == -1) { printf("Test 1 good\n"); } else { printf("Test 1 failed\n"); close(target_dfd); } target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC); if (target_dfd == -1) { printf("Test 2 failed\n"); } else { printf("Test 2 good\n"); close(target_dfd); } /* Test 3 make sure the owner of the link is root */ struct stat sbuf; if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0) { printf("Test 3 good\n"); } else { printf("Test 3 failed\n"); } /* Test 4 tests open with the "rb" flag, owner should not change */ int ofd = openat(dfd,"./tlink", O_RDONLY|O_CLOEXEC); if (ofd >= 0) { if (fstat(ofd, &sbuf) != 0) printf("ERROR in fstat test 4\n"); else if (sbuf.st_uid == 0) printf("Test 4 good\n"); close(ofd); } else { printf("Test 4 failed with openat()\n"); } /* Test pseudo db to see the fstat() above did not delete the DB entry */ if (!lstat("tlink", &sbuf) && sbuf.st_uid == 0) printf("Test 5 good\n"); else printf("Test 5 failed... tlink is owned by %i and not 0\n", sbuf.st_uid); return 0; } int main() { /* Tested with: gcc -Wall -o app app.c ; echo "no pseudo" ; ./app ; echo "pseudo"; pseudo ./app */ system("rm -rf tdir tlink"); system("mkdir tdir"); system("ln -s tdir tlink"); DIR *dir = opendir("."); int dfd = dirfd(dir); int target_dfd = openat (dfd, "tlink", O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); if (target_dfd == -1) { printf("This is right\n"); } else { printf("This is broken\n"); } return 0; } Many thanks to Peter Seebach for fixing the problem in the pseudo code to use the same logic which was already there for the AT_SYMLINK_NOFOLLOW. Also updated is the license MD5 checksum since the master branch of pseudo has had the SPDX data updated. (From OE-Core rev: a98ea4be5ce19ff380ca500ba1ef3da490ec4556) Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* syslinux: Override hardcoded toolnames in MakefileKhem Raj2019-08-071-2/+17
| | | | | | | | | | | | makefile assumes native toolnames e.g. ar, as, nm etc. which causes build fails on non-x86 build hosts objcopy: Unable to recognise the format of the input file `libcom32.elf' (From OE-Core rev: ee9afb34fb95409148734fda1eea1fe8f81983fd) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix patch Upstream-StatusRoss Burton2019-08-061-1/+1
| | | | | | | (From OE-Core rev: ee31907d25bc89dcb6566368aae651920564980c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libedit: fix upstream verison checkAlexander Kanavin2019-08-061-2/+0
| | | | | | | | | The default works fine; not sure why the line was added. (From OE-Core rev: 66bb9fd36128bb5ce12c7a5e224cfcd69dc2cd06) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub/libmpc/gdb: Use GNU_MIRROR in more recipesAdrian Bunk2019-08-031-1/+1
| | | | | | | (From OE-Core rev: 2f13b063f64c500f144a70d23a343223b5c70907) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-git: update to 2.1.13Oleksandr Kravchuk2019-08-031-2/+2
| | | | | | | (From OE-Core rev: 4669839edbac8e1d3a8267d32ebf259a44938ec7) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libedit: Move from meta-oeKhem Raj2019-08-032-0/+41
| | | | | | | | | | | | libedit is needed by llvm on linux and this makes it useful for both oe-core and clang layer among other users Thanks to various contributors in maintaing it in meta-oe (From OE-Core rev: cbbfac2a330ad5577a56b5d0fe74300acff287f8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: split out the Windows distutils installer stubsRoss Burton2019-08-031-0/+13
| | | | | | | | | | | | | Needing the Windows distutils installer stubs is quite a niche requirement, so put them into a separate package and just recommend it. This can save both space and legal pain, as the installers embed an old zlib that has known CVEs. (From OE-Core rev: 617331a42fc5bde0c2d8d0f4dd8df652daa28778) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: support recommends in manifestRoss Burton2019-08-031-2/+8
| | | | | | | | | Add support for runtime recommends along with runtime depends to the manifest. (From OE-Core rev: 16cc9a2ca559d978c6d0e648c18c297255b69dcc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: remove empty python3-distutils-staticdevRoss Burton2019-08-031-12/+0
| | | | | | | | | | distutils doesn't ship any static libraries, and the files this should pick up do not exist. Copy/paste gone wrong maybe? (From OE-Core rev: afbca8da4ddd6c3dd01bb44af43aee9e80cae512) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: add a backported patch to address vala cross-compilation errorsAlexander Kanavin2019-08-032-0/+51
| | | | | | | (From OE-Core rev: c8ac42f5110c9b8e4f2c275332651df152013c0a) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: update 0.50.1 -> 0.51.1Alexander Kanavin2019-08-0311-287/+49
| | | | | | | | | | | Drop backports. Rebase other patches. (From OE-Core rev: 3251ce439ea164fcf230dcede06da1a05b5c6775) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mtd-utils: Upgrade to 2.1.1Adrian Bunk2019-07-311-2/+3
| | | | | | | | | | Add zstd PACKAGECONFIG to disable the zstd support that upstream enables by default, zstd is not in oe-core. (From OE-Core rev: a87cf6a1693bbeac0f03290c1cb0ddf0ad1cf9bd) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: CVE-2019-9947 is same as CVE-2019-9740Anuj Mittal2019-07-311-0/+1
| | | | | | | | | | See: https://bugs.python.org/issue30458 (From OE-Core rev: fa434cf1ae621f106d823c92f7e3a16172e7479f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: fix CVE-2018-20852Anuj Mittal2019-07-312-0/+124
| | | | | | | (From OE-Core rev: 04fc80b2c77a177601584500f0f3048d80095ad7) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: add PACKAGECONFIG for dbRoss Burton2019-07-311-4/+10
| | | | | | | | | | | | | | | perl-cross makes it easy to cleanly disable the use of Berkeley DB if desired, so add a PACKAGECONFIG for this. More of the dependencies (such as gdbm) can be controlled in the same way, but Berkeley DB is a prime contender: it's a large library which we have to ship an old release for due to licensing issues, so there are users who may want to strip it out of builds entirely. (From OE-Core rev: e3860098dadd0b1db97fb0414aae6abfc234b245) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix whitespaceRoss Burton2019-07-311-2/+2
| | | | | | | | | There was some tabs embedded in spaces, fix those. (From OE-Core rev: 96cf9a881405faec5fb6f3f305fd29c5f14fd52f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* createrepo-c: upgrade 0.14.2 -> 0.14.3Alexander Kanavin2019-07-311-1/+1
| | | | | | | (From OE-Core rev: f9ef3abfdfc5df19619328117813561e408d2147) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libmodulemd: update to 2.6.0Alexander Kanavin2019-07-312-13/+17
| | | | | | | (From OE-Core rev: 93e52d2d8985f7bba6a03a7a56fdc22087a62469) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* btrfs-tools: update 5.1.1 -> 5.2.1Alexander Kanavin2019-07-311-1/+1
| | | | | | | (From OE-Core rev: 53dc41128d7f976a3a0f0730b5a2dff61f8c1bdf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2019-13636Anuj Mittal2019-07-312-0/+114
| | | | | | | (From OE-Core rev: f201b9db5d148cb9fe03b78ca085493a27f7e24c) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: add a patch fixing the native build on newer kernelsBartosz Golaszewski2019-07-312-0/+340
| | | | | | | | | | | The build fails on qemu-native if we're using kernels after commit 0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream patch that fixes the issue. (From OE-Core rev: ef3af3a43d137d1e09e3fe4dbe462197fe7af4bc) Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: add packageconfig boostKai Kang2019-07-271-0/+1
| | | | | | | | | | | | | | | | | subversion checks whether build with boost during do_configure. If boost exists on build machine, it causes configure-unsafe QA issue: | ERROR: subversion-1.12.0-r0 do_configure: QA Issue: This autoconf log | indicates errors, it looked at host include and/or library paths | while determining system capabilities. | Rerun configure task after fixing this. [configure-unsafe] Add a PACKAGECONFIG 'boost' to fix the issue. (From OE-Core rev: 237478724be75a4efeebafe07b46a353894ee4ca) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-git: update to 2.1.12Oleksandr Kravchuk2019-07-262-6/+5
| | | | | | | | | Got rid of python-git since there is no python2 version of the package. (From OE-Core rev: dd9d95e8394a7a318538c7cabd27c82e4bc9e029) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pip: update to 19.2.1Oleksandr Kravchuk2019-07-261-2/+2
| | | | | | | (From OE-Core rev: dded7fc1bc7caf22837d13dabbc66b84b15b872b) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* strace: Upgrade to 5.2Khem Raj2019-07-264-114/+10
| | | | | | | | | | | | | License-Updtate: Copyright years changed https://github.com/strace/strace/commit/4b4a0e5a6e74e16dc2bb9b38d81415d9f57425d2#diff-7116ef0705885343c9e1b2171a06be0e Drop backport patch for mips o32 build fix Refresh patches to apply on 5.2 (From OE-Core rev: abeb32772b8b3a144e468e5a27b1a31f646317e4) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-mako: update to 1.0.14Oleksandr Kravchuk2019-07-232-6/+3
| | | | | | | | | Got rid of python-git since there is no python2 version of the package. (From OE-Core rev: cbdb000632b6320fe9741b750a7cf3fe5b3ec640) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-docutils: update to 0.15Oleksandr Kravchuk2019-07-231-3/+2
| | | | | | | (From OE-Core rev: 74b5d8df4e26fcfa8f1bbb91c5184331185973fc) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-scons: update to 3.1.0Oleksandr Kravchuk2019-07-232-2/+2
| | | | | | | (From OE-Core rev: 03a04b197dd0d7af7050a132b4f0ad376b81821d) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: Fix eu-* utils builds for muslKhem Raj2019-07-237-295/+359
| | | | | | | | | | | | | | | Re-organize the musl patches in three different areas namely libs, utils and tests, this will help maintain them in future version bumps Add obstack dependency on musl targets which is needed for eu-* PN and PN-binutils is not empty anymore on musl (From OE-Core rev: a747239978e63f22d4107e6e12c75b5f78043cce) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pbr: update to 5.4.1Oleksandr Kravchuk2019-07-232-5/+5
| | | | | | | (From OE-Core rev: e59c6720271be8e3f1e93c301078a580ffdaafe0) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtool: remove host information from libtoolJoe Slater2019-07-222-1/+22
| | | | | | | | | Import patch from Debian. (From OE-Core rev: b2e0b383a17a3cd450adb3d86f7f818729438375) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unfs3: set upstream tag regex to avoid false-positivesRoss Burton2019-07-221-0/+1
| | | | | | | (From OE-Core rev: 4663d06a79c6608127413488676a6e7dfbefb3e1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: fix CVE-2017-9778Anuj Mittal2019-07-192-0/+99
| | | | | | | (From OE-Core rev: 4fa03fa14f8facb134ecd772a99c25184d8a4cbd) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: include CVE patches for python-native as wellAnuj Mittal2019-07-192-5/+5
| | | | | | | | | Also avoids maintaining a different set of patches for both. (From OE-Core rev: b3b1c00cc46b33ddbf7e008267032220e1e298af) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: fix CVEs for included zlibAnuj Mittal2019-07-195-0/+393
| | | | | | | | | | | | | | | | rsync includes its own copy of zlib and doesn't recommend linking with the system version [1]. Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used by rsync. [1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync [2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8 (From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* squashfs-tools: upgrade to commit f95864afe883Ulrich Ölmann2019-07-195-224/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The master branch's current tip commit as of this writing is [1], see the squashfs-tool's repo at [0]. Because of commits [2]-[4] which are included in the master branch three corresponding patches are dropped as they are not needed anymore. The single remaining patch was rebased on top of [1] to apply cleanly. Commits [5] & [6] introduced interesting features, namely zstd support and reproducibility of created SquashFS images. They are reflected in two new PACKAGECONFIG options now, but only the latter ("reproducible") is appended to the default options as OE-core does not contain a recipe to build zstd at the moment (a working zstd recipe can be found e.g. in meta-rauc, see [7]). [0] https://github.com/plougher/squashfs-tools.git [1] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6") [2] 46bdc1726e5a ("mksquashfs: Make a load of functions static") [3] b0ca8a5c98ff ("pseudo.c: add explicit <sys/stat.h> include") [4] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6") [5] 6113361316d5 ("squashfs-tools: Add zstd support") [6] e0d74d07bb35 ("Add configuration and Mksquashfs build options for reproducible builds") [7] https://layers.openembedded.org/layerindex/recipe/79049/ (From OE-Core rev: 92f34fbe321040db3dc0431dd464747324058e2e) Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2019-12155Anuj Mittal2019-07-192-0/+36
| | | | | | | (From OE-Core rev: a0236a8f682ab0e897cd99555b9225bae4fb04ab) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: CVE-2019-9070 is same as CVE-2019-9071Anuj Mittal2019-07-191-0/+1
| | | | | | | | | | | See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 (From OE-Core rev: cef180de3684491f1ac4180ddbcc102121222181) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pkgconf: upgrade 1.6.1 -> 1.6.3Ross Burton2019-07-181-2/+2
| | | | | | | (From OE-Core rev: 4a69bf5ae3328d124a7607a52333643ebf7ec0b3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flex: set CVE_PRODUCT to include vendorRoss Burton2019-07-181-0/+3
| | | | | | | | | | | | There are many projects called Flex and they have CVEs, so also set the vendor to remove these false positives. (From OE-Core rev: 0598ccdcb31e16f1d1227197591b10ba441fcfe2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: set CVE vendor to git-scmRoss Burton2019-07-181-0/+2
| | | | | | | | | There's a Jenkins plugin for Git. (From OE-Core rev: f2adf5e4d3e9afc6d45665bbe728c69d195a46ef) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: set CVE vendor to ApacheRoss Burton2019-07-181-0/+2
| | | | | | | | | There's a Jenkins plugin for Subversion. (From OE-Core rev: ac115c3b5f1dcb95fb7d39537693fe0dcd330451) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.7.3 -> 3.7.4Anuj Mittal2019-07-171-2/+2
| | | | | | | | | | | Also fixes CVE-2019-9740, CVE-2019-9948. For details, see: https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final (From OE-Core rev: 73579c846fe02fb14464869ed382faf8fe299636) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: fix CVE-2019-9740Anuj Mittal2019-07-172-0/+216
| | | | | | | (From OE-Core rev: 8eddac3305b7b428565103cde88cba444e3f0dd0) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>