poky: sumo refresh 51872d3f99..3b8dc3a88e

Update poky to sumo HEAD.

Andrej Valek (1):
      wpa-supplicant: fix CVE-2018-14526

Armin Kuster (2):
      xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
      binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.

Bruce Ashfield (3):
      linux-yocto/4.12: update to v4.12.28
      linux-yocto/4.14: update to v4.14.62
      linux-yocto/4.14: update to v4.14.67

Changqing Li (6):
      libexif: patch for CVE-2017-7544
      squashfs-tools: patch for CVE-2015-4645(4646)
      libcroco: patch for CVE-2017-7960
      libid3tag: patch for CVE-2004-2779
      libice: patch for CVE-2017-2626
      apr-util: fix ptest fail problem

Chen Qi (2):
      util-linux: upgrade 2.32 -> 2.32.1
      busybox: move init related configs to init.cfg

Jagadeesh Krishnanjanappa (2):
      libarchive: CVE-2017-14501
      libcgroup: CVE-2018-14348

Jon Szymaniak (1):
      cve-check.bbclass: detect CVE IDs listed on multiple lines

Joshua Lock (1):
      os-release: fix to install in the expected location

Khem Raj (1):
      serf: Fix Sconstruct build with python 3.7

Konstantin Shemyak (1):
      cve-check.bbclass: do not download the CVE DB in package-specific tasks

Mike Looijmans (1):
      busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail

Ross Burton (1):
      lrzsz: fix CVE-2018-10195

Sinan Kaya (3):
      busybox: CVE-2017-15874
      libpng: CVE-2018-13785
      sqlite3: CVE-2018-8740

Yadi.hu (1):
      busybox: handle syslog

Yi Zhao (2):
      blktrace: Security fix CVE-2018-10689
      taglib: Security fix CVE-2018-11439

Zheng Ruoqin (1):
      glibc: fix CVE-2018-11237

Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

1 files changed, 7 insertions, 5 deletions

diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 537659df1..12ad3e5c5 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -146,15 +146,17 @@ def get_patches_cves(d):
                 with open(patch_file, "r", encoding="iso8859-1") as f:
                     patch_text = f.read()
 
-        # Search for the "CVE: " line
-        match = cve_match.search(patch_text)
-        if match:
+        # Search for one or more "CVE: " lines
+        text_match = False
+        for match in cve_match.finditer(patch_text):
             # Get only the CVEs without the "CVE: " tag
             cves = patch_text[match.start()+5:match.end()]
             for cve in cves.split():
                 bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
                 patched_cves.add(cve)
-        elif not fname_match:
+                text_match = True
+
+        if not fname_match and not text_match:
             bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
 
     return patched_cves
@@ -177,7 +179,7 @@ def check_cves(d, patched_cves):
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")
     cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST"))
     cve_cmd = "cve-check-tool"
-    cmd = [cve_cmd, "--no-html", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
+    cmd = [cve_cmd, "--no-html", "--skip-update", "--csv", "--not-affected", "-t", "faux", "-d", cve_db_dir]
 
     # If the recipe has been whitlisted we return empty lists
     if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():