diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2024-01-26 22:04:43 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2024-01-27 00:13:47 +0300 |
commit | f52e3dde8c006aa1204b4d74d64bcda47fcd061e (patch) | |
tree | 2b74f493eb9baa0f2943f045654c7ab8f6e00c59 /poky/meta/lib/oe | |
parent | 5de6da07e075e1c2294ecda8843cc773d33416b6 (diff) | |
download | openbmc-f52e3dde8c006aa1204b4d74d64bcda47fcd061e.tar.xz |
subtree updates
meta-openembedded: 4dbbef7a39..9953ca1ac0:
Andreas Cord-Landwehr (1):
freerdp: provide cmake integration
BELOUARGA Mohamed (1):
Monocypher: Correct source URI and license
Clément Péron (2):
abseil-cpp: rename recipe to follow the version
protobuf: upgrade 4.23.4 -> 4.25.2
Fabio Estevam (1):
v4l-utils: Remove unneeded musl patch
Gassner, Tobias.ext (1):
softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES
Gianfranco Costamagna (1):
vbxguestdrivers: upgrade 7.0.12 -> 7.0.14
Khem Raj (4):
Revert "rng-tools: move from oe-core to meta-oe"
python3-pillow: Correct branch parameter in SRC_URI
python3-multidict: Make it work with python 3.12
python3-multidict: Fix running ptests
Markus Volk (6):
eog: update 45.1 -> 45.2
file-roller: update 43.0 -> 43.1
gvfs: update 1.52.1 -> 1.52.2
gjs: update 1.78.1 -> 1.78.2
mozjs: update 115.2.0 -> 115.6.0
pipewire: update 1.0.0 -> 1.0.1
Michael Haener (1):
nginx: add http sub module feature
Pablo Saavedra (1):
libbacktrace: fix sdk installation
Peter Marko (2):
protobuf-c: change branch to master
srecord: fix malformed patch upstream status
Ross Burton (1):
mozjs-115: fix the build on ARMv5
Yi Zhao (1):
samba: upgrade 4.19.3 -> 4.19.4
Yoann Congal (3):
packagegroup-meta-oe: remove mongodb
python3-coverage: add native and nativesdk BBCLASSEXTEND
python3-pytest-cov: Add missing python3-pytest RDEPENDS
alperak (8):
fmt: upgrade 10.1.1 -> 10.2.1
gerbera: upgrade 1.12.1 -> 2.0.0
spdlog: upgrade 1.12 -> 1.13
libebml: upgrade 1.4.4 -> 1.4.5
lcms: upgrade 2.15 -> 2.16
libkcapi: upgrade 1.4.0 -> 1.5.0
icewm: upgrade 3.4.4 -> 3.4.5
libreport: upgrade 2.17.8 -> 2.17.11
meta-raspberrypi: b859bc3eca..9c901bf170:
Damiano Ferrari (2):
rpi-config: Add CAN0_INTERRUPT_PIN and CAN1_INTERRUPT_PIN variable
docs: add info on how to set different CAN interrupt pins
Florin Sarbu (1):
Add Raspberry Pi 5
Leon Anavi (7):
rpi-base.inc: Add vc4-kms-v3d-pi5.dtbo
u-boot_%.bbappend: Skip for Raspberry Pi 5
rpi-config: Reduce config.txt size
linux-raspberrypi.inc: bcm2712_defconfig for rpi5
conf/machine/raspberrypi5.conf: kernel_2712.img
conf/machine/raspberrypi5.conf: ttyAMA10
conf/machine/raspberrypi5.conf: Use "Image"
poky: 7af374c90c..348d9aba33:
Alejandro Hernandez Samaniego (1):
newlib: Upgrade 4.3.0 -> 4.4.0
Alexander Kanavin (1):
shadow: replace static linking with dynamic libraries in a custom location and bundled with shadow
Anuj Mittal (4):
bluez5: upgrade 5.71 -> 5.72
cronie: upgrade 1.7.0 -> 1.7.1
libpsl: upgrade 0.21.2 -> 0.21.5
grub2: upgrade 2.06 -> 2.12
Bruce Ashfield (12):
linux-yocto/6.6: update to v6.6.11
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.72
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.6: cfg: arm: introduce page size fragments
linux-yocto/6.6: security/cfg: add configs to harden protection
linux-yocto/6.1: security/cfg: add configs to harden protection
linux-yocto/6.6: update to v6.6.12
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.73
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: drop recipes
Chen Qi (5):
oeqa/selftest: add test case to cover 'devtool modify -n' for a git recipe
systemd: refresh musl patches for v255.1
systemd: upgrade to 255.1
systemd-boot: upgrade to 255.1
rootfs-postcommands.bbclass: ignore comment mismatch in systemd_user_check
Etienne Cordonnier (1):
cmake.bbclass: add Darwin support
Fabio Estevam (2):
weston: Update to 13.0.0
pulseaudio: Update to 17.0
Jiang Kai (4):
debianutils: upgrade 5.15 -> 5.16
enchant2: upgrade 2.6.4 -> 2.6.5
libsecret: upgrade 0.21.1 -> 0.21.2
libxrandr: upgrade 1.5.3 -> 1.5.4
Joe Slater (1):
eudev: modify predictable network if name search
Jonathan GUILLOT (1):
udev-extraconf: fix unmount directories containing octal-escaped chars
Julien Stephan (3):
externalsrc: fix task dependency for do_populate_lic
devtool: modify: add support for multiple source in SRC_URI
oeqa/selftest/devtool: add test for recipes with multiple sources in SRC_URI
Kai Kang (2):
nativesdk-cairo: fix build error
p11-kit: fix parallel build failures
Kevin Hao (2):
yocto-bsp: Bump the default kernel to v6.6
yocto-bsp: Drop the support for v6.1 kernel
Khem Raj (4):
libgudev: Pass export-dynamic to linker directly.
coreutils: Fix build with clang
glibc: Do not enable CET on 32bit x86
rust: Re-write RPATHs in the copies llvm-config
Pavel Zhukov (1):
mdadm: Disable ptests
Peter Marko (1):
zlib: ignore CVE-2023-6992
Richard Purdie (7):
qemu: add PACKAGECONFIG for sndio
poky-altcfg: Update PREFERRED_VERSION for kerenl
xev: Drop diet libx11 related patch
libxcomposite: Drop obsolete patch
python3-subunit: Add missing module dependency
qemu: Upgrade 8.1.2 -> 8.2.0
qemu: Fix segfaults in webkitgtk:do_compile on debian11
Robert Yang (1):
autoconf: 2.72d -> 2.72e
Ross Burton (7):
cve_check: handle CVE_STATUS being set to the empty string
cve_check: cleanup logging
xserver-xorg: add PACKAGECONFIG for xvfb
xserver-xorg: disable xvfb by default
libssh2: backport fix for CVE-2023-48795
bitbake: bitbake: Version bump for inherit_defer addition
sanity: require bitbake 2.7.2 for the inherit_defer statement
Ryan Eatmon (1):
python3-yamllint: Add recipe
Simone Weiß (2):
tune-core2: Update qemu cpu to supported model
gcc: Update status of CVE-2023-4039
Thomas Perrot (1):
opensbi: bump to 1.4
Timotheus Giuliani (1):
linux-firmware: fix mediatek MT76x empty license package
Vincent Davis Jr (1):
shaderc: update commit hash to v2023.7
Wang Mingyu (2):
python3-subunit: upgrade 1.4.2 -> 1.4.4
libtest-warnings-perl: upgrade 0.031 -> 0.032
William Hauser (1):
native.bbclass: base_libdir unique from libdir
William Lyu (1):
perl: Fix perl-module-* being ignored via COMPLEMENTARY_GLOB
Yash Shinde (7):
rust: Fetch cargo from rust-snapshot dir.
rust: detect user-specified custom targets in compiletest
rust: Enable RUSTC_BOOTSTRAP to use nightly features during rust oe-selftest.
rust: Fix assertion failure error on oe-selftest
rust: Add new tests in the exclude list for rust oe-selftest
rust: Remove the test cases whose parent dir is also present in the exclude list
rust: Enable rust oe-selftest.
Yogita Urade (1):
tiff: fix CVE-2023-6228
meta-arm: 1cad3c3813..6bb1fc8d8c:
Harsimran Singh Tungal (1):
n1sdp:arm-bsp/optee: Update optee to v4.0
Ross Burton (1):
arm-bsp/linux-yocto: add 6.1 recipe
Change-Id: Ib4cc4e128e4d41f3329cf83a0d5e8539ef07ebe3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'poky/meta/lib/oe')
-rw-r--r-- | poky/meta/lib/oe/cve_check.py | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index 3fa77bf9a7..ed5c714cb8 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -79,20 +79,19 @@ def get_patched_cves(d): import re import oe.patch - pn = d.getVar("PN") - cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+") + cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+") # Matches the last "CVE-YYYY-ID" in the file name, also if written # in lowercase. Possible to have multiple CVE IDs in a single # file name, but only the last one will be detected from the file name. # However, patch files contents addressing multiple CVE IDs are supported # (cve_match regular expression) - - cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)") + cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE) patched_cves = set() - bb.debug(2, "Looking for patches that solves CVEs for %s" % pn) - for url in oe.patch.src_patches(d): + patches = oe.patch.src_patches(d) + bb.debug(2, "Scanning %d patches for CVEs" % len(patches)) + for url in patches: patch_file = bb.fetch.decodeurl(url)[2] # Check patch file name for CVE ID @@ -100,7 +99,7 @@ def get_patched_cves(d): if fname_match: cve = fname_match.group(1).upper() patched_cves.add(cve) - bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) + bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file)) # Remote patches won't be present and compressed patches won't be # unpacked, so say we're not scanning them @@ -231,7 +230,7 @@ def decode_cve_status(d, cve): Convert CVE_STATUS into status, detail and description. """ status = d.getVarFlag("CVE_STATUS", cve) - if status is None: + if not status: return ("", "", "") status_split = status.split(':', 1) @@ -240,7 +239,7 @@ def decode_cve_status(d, cve): status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail) if status_mapping is None: - bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) + bb.warn('Invalid detail "%s" for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) status_mapping = "Unpatched" return (status_mapping, detail, description) |