poky: subtree update:c6bc20857c..b23aa6b753

Anatol Belski (1):
      bitbake: bitbake: hashserv: Fix localhost sometimes resolved to a wrong IP

Andrew Geissler (1):
      systemd: Upgrade v246.2 -> v246.6

Anibal Limon (1):
      mesa: update 20.1.6 -> 20.1.8

Bruce Ashfield (2):
      linux-yocto/beaglebone: Switch to sdhci-omap driver
      kernel-yocto: add KBUILD_DEFCONFIG search location to failure message

Changqing Li (1):
      sysklogd: fix parallel build issue

Charlie Davies (2):
      bitbake: bitbake: fetch/git: add support for SRC_URI containing spaces in url
      bitbake: bitbake: tests/fetch: add unit tests for SRC_URI with spaces in url

Chee Yang Lee (1):
      bash : include patch 17 & 18

Chen Qi (2):
      populate_sdk_ext.bbclass: add ESDK_MANIFEST_EXCLUDES
      testsdk.py: remove workspace/sources to avoid failure in case of multilib

Chris Laplante (3):
      bitbake.conf: add name of multiconfig to BUILDCFG_HEADER when multiconfig is active
      cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing of per-recipe check file
      cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting of patched CVEs

Christian Eggers (1):
      packagegroup: rrecommend perf also for musl on ARM

De Huo (1):
      bash: fix CVE-2019-18276

Jean-Francois Dagenais (2):
      bitbake: bitbake: tests/siggen: introduce clean_basepath testcases
      bitbake: bitbake: siggen: clean_basepath: improve perfo and readability

Jens Rehsack (1):
      image-artifact-names: make variables overridable

Jon Mason (1):
      Space-comma Cleanups

Jonathan Richardson (1):
      cortex-m0.inc: Add tuning for cortex-m0

Kai Kang (2):
      systemd: disable xdg-autostart generator by default
      kea: fix conflict between multilibs

Khairul Rohaizzat Jamaluddin (1):
      sphinx: ref-variables: Added entry for IMAGE_EFI_BOOT_FILES

Khem Raj (6):
      ncurses: Create alternative symlinks for st and st-256color
      packagegroups: remove strace and lttng-tools for rv32/musl
      qemuboot: Add QB_RNG variable
      gettext: Fix ptest failure
      ptest-runner: Backport patch to fix inappropriate ioctl error
      systemd: Drop 0023-Fix-field-efi_loader_entry_one_shot_stat-has-incompl.patch

Konrad Weihmann (1):
      testexport: rename create_tarball method

Leif Middelschulte (2):
      bitbake: fetch2: fix handling of `\` in file:// SRC_URI
      bitbake: tests/fetch: backslash support in file:// URIs

Mark Jonas (2):
      Add license text for PSF-2.0
      Map license names PSF and PSFv2 to PSF-2.0

Mingli Yu (3):
      kea: create /var/lib/kea and /var/run/kea folder
      bind: remove -r option for rndc-confgen
      debianutils: update the debian snapshot version

Nicolas Dechesne (3):
      sphinx: report errors when dependencies are not met
      README: include detailed information about sphinx
      sphinx: fix up some trademark and branding issues

Norman Stetter (1):
      sstate.bbclass: Check file ownership before doing 'touch -a'

Otavio Salvador (1):
      openssh: Allow enable/disable of rng-tools recommendation on sshd

Peter A. Bigot (1):
      go-mod.bbclass: use append to add `modcacherw`

Quentin Schulz (2):
      docs: static: theme_overrides.css: fix responsive design on <640px screens
      docs: fix broken links

Randy MacLeod (1):
      curl: Change SRC_URI from http to https

Rasmus Villemoes (1):
      kernel.bbclass: ensure symlink_kernsrc task gets run even with externalsrc

Richard Purdie (15):
      scripts/oe-build-perf-report: Use python3 from the environment
      dropbear/openssh: Lower priority of key generation
      oeqa/qemurunner: Increase serial timeout
      python3-markupsafe: Import from meta-oe/meta-python
      python3-jinja2: Import from meta-oe/meta-python
      buildtools-tarball: Add python3-jinja2
      buildtools-tarball: Fix conflicts with oe-selftest and other tooling
      oeqa/selftest/incompatible_lib: Fix append usage
      oeqa/selftest/containerimage: Update to match assumptions in configuration
      ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
      build-appliance-image: Update to master head revision
      bitbake: Revert "bitbake-layers: add signal hander to avoid exception"
      staging: Ensure cleaned dependencies are added
      oeqa/selftest/devtool: Add sync call to test teardown
      bitbake: cooker: Avoid tracebacks if data was never setup

Ross Burton (11):
      gettext: no need to depend on bison-native
      meta: add/fix invalid Upstream-Status tags
      bitbake: taskexp: update for GTK API changes
      glibc: make nscd optional
      utils: respect scheduler affinity in cpu_count()
      rpm: disable libarchive use
      sstate: set mode explicitly when creating directories in sstate-cache
      rpm: add PACKAGECONFIG for the systemd inhibit plugin
      boost: move the build directory outside of S
      bitbake: utils: add umask changing context manager
      bitbake: siggen: use correct umask when writing siginfo

Saul Wold (2):
      testimage: Add testimage_dump_target to kwargs
      target/ssh.py: Add dump_target support

Teoh Jay Shen (1):
      oeqa/runtime : add test for RTC(Real Time Clock)

Tim Orling (1):
      oeqa/selftest/cases/devtool.py: avoid .pyc race

Usama Arif (1):
      ref-manual: document authentication key variables

Wang Mingyu (1):
      maintainers.inc: Add Zang Ruochen and Wang Mingyu for several recipes

Yi Zhao (4):
      dhcpcd: pass --dbdir to EXTRA_OECONF to set database directory
      dhcpcd: set --runstatedir to /run
      dhcpcd: add dhcpcd user to support priviledge separation
      dhcpcd: set service to conflict with connman

akuster (1):
      libdrm: fix build failure

zangrc (4):
      bind: upgrade 9.16.5 -> 9.16.7
      stress-ng: upgrade 0.11.19 -> 0.11.21
      pango: upgrade 1.46.1 -> 1.46.2
      sudo: upgrade 1.9.2 -> 1.9.3

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I2c19d3b3793ee5a6f42e04817147d75f315943a5

1 files changed, 24 insertions, 18 deletions

diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 02fef7c205..25cefda92e 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -36,18 +36,21 @@ CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
 CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
 
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
+CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
 CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
 
+CVE_CHECK_REPORT_PATCHED ??= "1"
+
 # Whitelist for packages (PN)
 CVE_CHECK_PN_WHITELIST ?= ""
 
 # Whitelist for CVE. If a CVE is found, then it is considered patched.
 # The value is a string containing space separated CVE values:
-# 
+#
 # CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
-# 
+#
 CVE_CHECK_WHITELIST ?= ""
 
 python cve_save_summary_handler () {
@@ -118,7 +121,7 @@ python cve_check_write_rootfs_manifest () {
     import shutil
 
     if d.getVar("CVE_CHECK_COPY_FILES") == "1":
-        deploy_file = os.path.join(d.getVar("CVE_CHECK_DIR"), d.getVar("PN"))
+        deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
         if os.path.exists(deploy_file):
             bb.utils.remove(deploy_file)
 
@@ -331,12 +334,15 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
     bb.utils.mkdirhier(os.path.dirname(cve_file))
 
     for cve in sorted(cve_data):
+        is_patched = cve in patched
+        if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
+            continue
         write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
         write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV"))
         write_string += "CVE: %s\n" % cve
         if cve in whitelisted:
             write_string += "CVE STATUS: Whitelisted\n"
-        elif cve in patched:
+        elif is_patched:
             write_string += "CVE STATUS: Patched\n"
         else:
             unpatched_cves.append(cve)
@@ -350,20 +356,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
     if unpatched_cves:
         bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
 
-    with open(cve_file, "w") as f:
-        bb.note("Writing file %s with CVE information" % cve_file)
-        f.write(write_string)
-
-    if d.getVar("CVE_CHECK_COPY_FILES") == "1":
-        cve_dir = d.getVar("CVE_CHECK_DIR")
-        bb.utils.mkdirhier(cve_dir)
-        deploy_file = os.path.join(cve_dir, d.getVar("PN"))
-        with open(deploy_file, "w") as f:
+    if write_string:
+        with open(cve_file, "w") as f:
+            bb.note("Writing file %s with CVE information" % cve_file)
             f.write(write_string)
 
-    if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
-        cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
-        bb.utils.mkdirhier(cvelogpath)
+        if d.getVar("CVE_CHECK_COPY_FILES") == "1":
+            deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
+            bb.utils.mkdirhier(os.path.dirname(deploy_file))
+            with open(deploy_file, "w") as f:
+                f.write(write_string)
+
+        if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+            cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+            bb.utils.mkdirhier(cvelogpath)
 
-        with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
-            f.write("%s" % write_string)
+            with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
+                f.write("%s" % write_string)