From b7d2861976669d4f6decc55762ba83fe0371d6d5 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 24 Jul 2020 16:15:54 -0500 Subject: poky: subtree update:968fcf4989..23deb29c1b Arthur She (1): igt-gpu-tools: Add PACKAGECONFIG for Chamelium support Bruce Ashfield (4): linux-yocto/5.4: update to v5.4.51 linux-yocto-rt/5.4: fix mmdrop stress test issues kernel-yocto: account for extracted defconfig in elements check kernel-devsrc: fix on-target module build for v5.8+ Changqing Li (2): dpkg: change SRC_URI to take dpkg from git gtk-immodules-cache.bbclass: fix post install scriptlet error Charlie Davies (1): u-boot: fix condition to allow use of *.cfg Chen Qi (1): rpm: fix nativesdk's default var location Christian Eggers (2): avahi: Fix typo in recipe util-linux: Set license for library sub packages Daniel Ammann (1): image.bbclass: improve wording when image size exceeds the specified limit Dmitry Baryshkov (1): gcc-10.1: add fix for PR 96130 Douglas (2): nativesdk: clear MACHINE_FEATURES nativesdk: Set the CXXFLAGS to the BUILDSDK_CXXFLAGS He Zhe (1): cryptodev-module: Backport a patch to fix build failure with kernel v5.8 Hongxu Jia (1): e2fsprogs: fix up check for hardlinks always false if inode > 0xFFFFFFFF Jens Rehsack (3): subversion: extend for nativesdk serf: extend for nativesdk kmod: add packageconfig for xz and ssl Joshua Watt (8): virtual/libgbm is the provider of gbm.pc diffoscope: upgrade 150 -> 151 python3-pycryptodomex: upgrade 3.9.7 -> 3.9.8 python3-pycryptodome: upgrade 3.9.7 -> 3.9.8 classes/reproducible: Move to library code lib/oe/reproducible: Fix error when no git HEAD classes/cmake: Fix host detection classes/package: Use HOST_OS for runtime dependencies Kamil Dziezyk (1): qemu: fix for virtfs configuration error in qemu 5.0.0 Kevin Hao (3): wic/filemap: Drop the unused block_is_unmapped() wic/filemap: Drop the unused get_unmapped_ranges() wic/filemap: Fall back to standard copy when no way to get the block map Khem Raj (4): go: Disbale CGO for riscv64 go-dep: Fix build on riscv64 musl: Update to latest tip site: Make sys_siglist default to no Konrad Weihmann (2): bitbake: pyshyacc: allow double COMMA statements ptest: append to FILES Kurt Kiefer (1): linux-firmware: add ibt-20 package Lee Chee Yang (1): bison: fix Argument list too long error Mingli Yu (1): python3: define a profile directory path Naveen Saini (3): libva: upgrade 2.7.1 -> 2.8.0 libva-initial: upgrade 2.7.1 -> 2.8.0 libva-utils: upgrade 2.7.1 -> 2.8.0 Oleksandr (1): expat: Added ptest Pierre-Jean Texier (1): u-boot: upgrade 2020.04 -> 2020.07 Rasmus Villemoes (1): cml1: Move find_cfgs() helper to cml1.bbclass Ricardo Salveti (1): sudo: set with-rundir to /run/sudo Richard Purdie (34): bitbake: fetch2: Change git fetcher not to destroy old references oeqa/selftest/sstatetests: Avoid polluting DL_DIR bitbake: server/process: Fix a rare lockfile race qemurunner: Ensure pid location is deterministic qemurunner: Add extra debug info when qemu fails to start bitbake: server/process: Ensure UI-less servers don't sit in infinite loops oeqa/utils/qemurunner: Fix missing pid file tracebacks mpfr: upgrade 4.0.2 -> 4.1.0 libuv: upgrade 1.38.0 -> 1.38.1 btrfs-tools: upgrade 5.6.1 -> 5.7 init-system-helpers: upgrade 1.57 -> 1.58 createrepo-c: upgrade 0.15.11 -> 0.16.0 mtd-utils: upgrade 2.1.1 -> 2.1.2 dpkg: upgrade 1.20.0 -> 1.20.5 python3-cython: upgrade 0.29.20 -> 0.29.21 python3-git: upgrade 3.1.3 -> 3.1.7 asciidoc: upgrade 9.0.0 -> 9.0.1 libnsl2: upgrade 1.2.0 -> 1.3.0 rpcsvc-proto: upgrade 1.4.1 -> 1.4.2 stress-ng: upgrade 0.11.14 -> 0.11.15 epiphany: upgrade 3.36.2 -> 3.36.3 ffmpeg: upgrade 4.3 -> 4.3.1 gnupg: upgrade 2.2.20 -> 2.2.21 mpg123: upgrade 1.26.1 -> 1.26.2 libevent: upgrade 2.1.11 -> 2.1.12 webkitgtk: upgrade 2.28.2 -> 2.28.3 libgcrypt: upgrade 1.8.5 -> 1.8.6 bitbake: server/process: Fix note reference -> info bitbake: cooker: Fix unmatched files handling leading to misleading warnings bitbake: build: Allow deltask to take multiple tasknames pseudo: Update to add OFC fcntl lock updates oeqa/qemurunner: Add priority/nice information for running processes bitbake: cooker: Improve multiconfig configuration error reporting bitbake: cooker: Handle multiconfig name mappings correctly Robert Yang (1): openssl: openssl-bin requires openssl-conf to run Ross Burton (9): insane: consolidate skipping of temporary do_package files perf: add PACKAGECONFIG for CoreSight support autotools: don't special-case help2man-native for dependencies flex: fix build with autoconf 2.70 nasm: fix build with autoconf 2.70 init-ifupdown: always make machine-specific insane: improve arch test messages startup-notification: add time_t type mismatch patch from upstream gcc: mitigate the Straight-line Speculation attack Sakib Sajal (5): qemu: fix CVE-2020-13362 qemu: fix CVE-2020-13659 qemu: fix CVE-2020-13800 qemu: fix CVE-2020-13791 busybox: make hwclock compatible with glibc 2.31 Tanu Kaskinen (2): alsa-lib: upgrade 1.2.3.1 -> 1.2.3.2 pulseaudio: improve the Thumb frame pointer fix Taras Kondratiuk (1): nfs-utils: use rpcgen tool from HOSTTOOLS_DIR Tim Orling (2): lib/oe/recipeutils.py: add AUTHOR; BBCLASSEXTEND scripts/lib/recipetool/create.py: fix regex strings Wang Mingyu (4): dbus: upgrade 1.12.18 -> 1.12.20 fribidi: upgrade 1.0.9 -> 1.0.10 glib-2.0: upgrade 2.64.3 -> 2.64.4 libvorbis: upgrade 1.3.6 -> 1.3.7 Yi Zhao (1): bind: upgrade 9.11.19 -> 9.11.21 Yongxin Liu (2): linux-firmware: fix the wrong file path for ibt-misc linux-firmware: move ibt-misc to the end of ibt packages akuster (3): cve-check.bbclass: always save cve report ref-system-requirements: update supported hosts lists glibc: whitelist CVE-2010-10029 zhengruoqin (1): gnutls: Fix krb5 code license to GPLv2.1+ to match the LICENSE file. Signed-off-by: Andrew Geissler Change-Id: Iae9b13b7fe09bb3c0ab953a063793c95e8b17468 --- poky/meta/classes/cve-check.bbclass | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'poky/meta/classes/cve-check.bbclass') diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index 514897e8b..0889e7544 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db" CVE_CHECK_LOG ?= "${T}/cve.log" CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check" +CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve" +CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary" +CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" @@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= "" # CVE_CHECK_WHITELIST ?= "" +python cve_save_summary_handler () { + import shutil + import datetime + + cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE") + + cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME") + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + + timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S') + cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp)) + + shutil.copyfile(cve_tmp_file, cve_summary_file) + + if cve_summary_file and os.path.exists(cve_summary_file): + cvefile_link = os.path.join(cvelogpath, cve_summary_name) + + if os.path.exists(os.path.realpath(cvefile_link)): + os.remove(cvefile_link) + os.symlink(os.path.basename(cve_summary_file), cvefile_link) +} + +addhandler cve_save_summary_handler +cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted" + python do_cve_check () { """ Check recipe for patched and unpatched CVEs @@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data): f.write(write_string) if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1": + cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR") + bb.utils.mkdirhier(cvelogpath) + with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f: f.write("%s" % write_string) -- cgit v1.2.3