subtree updates2.12.0-rc1

meta-openembedded: 5357c7a40e..a47ef04661: Adrian Fiergolski (1): python3-matplotlib: add missing dependency Adrian Freihofer (2): conntrack-tools: fix postinst script modemmanager: update to 1.18.8 Akash Hadke (2): ntfs-3g-ntfsprogs: Set CVE_PRODUCT to "tuxera:ntfs-3g" iperf: Set CVE_PRODUCT to "iperf_project:iperf" Armin Kuster (5): meta-oe-image: fix build depends meta-python-image: Fix build depends meta-gnome: fix layer depends. mariadb: update to 10.7.4 mariadb: Fix i386 Clang builds Ashish Sharma (1): netserver: don't change permissions on /dev/null Aurélien Bertron (1): fix(syslog-ng): warning about conf version Bartosz Golaszewski (2): python3-speedtest-cli: fix RDEPENDS python3-pybluez: fix a runtime issue with python 3.10 Bassem Boubaker (1): conntrack-tools: Fix missing capability Changqing Li (5): chrony: create /var/lib/chrony by systemd-tmpfiles redis: upgrade 6.2.6 -> 6.2.7 redis: upgrade 7.0-rc3 -> 7.0.2 apache2: upgrade 2.4.53 -> 2.4.54 zabbix: upgrade 5.2.6 -> 5.4.12 Chen Qi (1): ntfs-3g-ntfsprogs: upgrade to 2022.5.17 Davide Gardenal (11): emlog: ignore unrelated CVEs imagemagick: upgrade 7.0.10-25 -> 7.0.10-62 usrsctp: add CVE_VERSION to correctly check for CVEs openflow: ignore CVE-2018-1078 ntp: ignore many CVEs wireshark: upgrade 3.4.11 -> 3.4.12 thrift: add CVE_PRODUCT to fix CVE reporting spice: ignore patched CVEs quagga: ignore CVE-2016-4049 freeradius: ignore patched CVEs openflow: ignore unrelated CVEs Denys Dmytriyenko (3): devmem2: reinstate previous patches, removed by mistake devmem2: add support for different page sizes devmem2: the source and patches moved to github repo Diego Sueiro (1): bats: upgrade 1.6.0 -> 1.6.1 Gianfranco (2): sdbus-c++-libsystemd: Bump SRCREV to last commit of 250-stable branch libmtp: Add doxygen-native dependency in case documentation build is enabled in PACKAGECONFIG. This fixes a FTBFS due to missing dependency. Gianfranco Costamagna (1): vboxguestdrivers: upgrade 6.1.32 -> 6.1.34 Hitendra Prajapati (1): cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands Javier Viguera (1): networkmanager: fix build with enabled ppp Jeremy Puhlman (1): freeradius: mutlilib fixes Jiaqing Zhao (2): openldap: Remove libgcrypt dependency openldap: Upgrade 2.5.9 -> 2.5.12 Joerg Vehlow (1): jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF Julien STEPHAN (1): libcamera: fix packaging Kai Kang (4): conntrack-tools: fix postinst script python3-wxgtk4: backport patch to fix svg issue libportal: add distro features check graphviz: rrecommends on liberation-fonts Khem Raj (11): ufw: Fix packaging errors found with ppc64 libcereal: Enable for glibc/ppc mimic: Use special rateconv.c license makedumpfile: Use right TARGET for ppc32 evince: Add dbus to depnedencies on non-x11 builds evolution-data-server: Do not pass --library-path to gir compiler python3-wxgtk4: Needs x11 for sip module unattended-upgrades: Disable auto-detecting modules sdbus-c++: Link with libatomic on mips/ppc32 sdbus-c++: Link with libatomic for rv32 sdbus-c++-libsystemd: Fix patch fuzz Markus Volk (1): minidlna: fix obsolete license warning Martin Jansa (3): ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay leveldb: switch from master branch to main tesseract-lang: switch from master branch to main Michael Opdenacker (1): devmem2: update SRC_URI according to redirect Mingli Yu (1): s-nail: Set VAL_MTA Nicolas Dechesne (1): imlib2: update SRC_URI Peter Marko (1): libgpiod: move test dependencies to ptest package Richard Neill (1): bats: Add patch to fix false-negatives caused by teardown code Wentao Zhang (1): protobuf-c: update to 1.4.1 fix CVE-2022-33070 Xu Huan (1): python3-astroid: upgrade 2.11.2 -> 2.11.3 Yi Zhao (4): frr: inherit autotools-brokensep instead of autotools networkmanager: fix parallel build failure dnsmasq: Security fix CVE-2022-0934 strongswan: upgrade 5.9.5 -> 5.9.6 Yue Tao (2): exo: upgrade 4.16.3 -> 4.16.4 dlt-daemon: upgrade to commit 6a3bd901d8 to fix CVE-2022-31291 wangmy (5): php: upgrade 8.1.4 -> 8.1.5 php: upgrade 8.1.5 -> 8.1.6 postgresql: upgrade 14.2 -> 14.3 postgresql: upgrade 14.3 -> 14.4 php: upgrade 8.1.6 -> 8.1.7 meta-security: 93f2146211..c79262a30b: Anton Antonov (1): Parsec-service: Update installation procedure Armin Kuster (5): fscrypt: add distro_check on pam aide: Update 01.17.4 tpm2-pkcs11: tpm2-pkcs11 module missing tpm2-tools: Add missing rdepends oeqa/cases/tpm2: fix and enhance test suite Davide Gardenal (1): sssd: ignore CVE-2018-16838 Jeremy A. Puhlman (5): aide: Add depend on audit when audit is enabled. lib-perl: prefix man pages to avoid conflicting with base perl libmhash: add multilib header python3-privacyidea: add correct path to lib/privacyidea clamav: make install owner match the added user name Jose Quaresma (1): meta-integrity: kernel-modsign: prevents splitting out debug symbols poky: d84c73d1ef..e4b5c35fd4: Ahmed Hossam (1): insane.bbclass: host-user-contaminated: Correct per package home path Alejandro Hernandez Samaniego (2): package.bbclass: Fix base directory for debugsource files when using externalsrc package.bbclass: Fix kernel source handling when not using externalsrc Alex Kiernan (1): pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE Alexander Kanavin (41): systemd: upgrade 250.4 -> 250.5 mesa: upgrade 22.0.0 -> 22.0.2 bind: upgrade 9.18.1 -> 9.18.2 cronie: upgrade 1.6.0 -> 1.6.1 epiphany: upgrade 42.0 -> 42.2 ffmpeg: upgrade 5.0 -> 5.0.1 fribidi: upgrade 1.0.11 -> 1.0.12 libinput: upgrade 1.19.3 -> 1.19.4 sqlite3: upgrade 3.38.2 -> 3.38.3 webkitgtk: upgrade 2.36.0 -> 2.36.1 xwayland: upgrade 22.1.0 -> 22.1.1 mmc-utils: upgrade to latest revision gst-devtools: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2 gstreamer1.0: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2 libcgroup: upgrade 2.0.1 -> 2.0.2 mesa: upgrade 22.0.2 -> 22.0.3 mobile-broadband-provider-info: upgrade 20220315 -> 20220511 sqlite3: upgrade 3.38.3 -> 3.38.5 bash: submit patch upstream valgrind: submit arm patches upstream zip/unzip: mark all submittable patches as Inactive-Upstream python3: use built-in distutils for ptest, rather than setuptools' 'fork' wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 oeqa/sdk: drop the nativesdk-python 2.x test at: take tarballs from debian openssl: update 3.0.4 -> 3.0.5 gstreamer1.0: upgrade 1.20.2 -> 1.20.3 weston: update 10.0.0 -> 10.0.1 glib-2.0: upgrade 2.72.2 -> 2.72.3 glib-networking: upgrade 2.72.0 -> 2.72.1 libsoup: upgrade 3.0.6 -> 3.0.7 waffle: correctly request wayland-scanner executable Aryaman Gupta (1): e2fsprogs: update upstream status Bruce Ashfield (48): linux-yocto/5.10: update to v5.10.110 linux-yocto/5.10: base: enable kernel crypto userspace API linux-yocto/5.10: update to v5.10.112 linux-yocto/5.15: arm: poky-tiny cleanup and fixes linux-yocto/5.15: update to v5.15.33 linux-yocto/5.15: base: enable kernel crypto userspace API linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context linux-yocto/5.15: fix ppc boot linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction linux-yocto/5.15: update to v5.15.35 linux-yocto/5.15: Fix CVE-2022-28796 linux-yocto: enable powerpc debug fragment linux-yocto/5.15: fix -standard kernel build issue linux-yocto/5.15: update to v5.15.36 linux-yocto/5.15: fix qemuarm graphical boot strace: fix ptest failure in landlock yocto-bsps: update to v5.15.36 linux-yocto/5.15: update to v5.15.37 linux-yocto/5.10: update to v5.10.113 linux-yocto/5.15: update to v5.15.38 linux-yocto/5.10: update to v5.10.114 linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default linux-yocto/5.15: update to v5.15.43 linux-yocto/5.10: update to v5.10.118 linux-yocto/5.15: Enable MDIO bus config linux-yocto/5.15: cfg/xen: Move x86 configs to separate file linux-yocto/5.15: update to v5.15.44 linux-yocto/5.10: update to v5.10.119 lttng-modules: fix build against 5.18-rc7+ linux-yocto/5.10: update to v5.10.121 linux-yocto/5.10: update to v5.10.123 linux-yocto/5.10: update to v5.10.128 linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning linux-yocto/5.10: fix buildpaths issue with gen-mach-types linux-yocto/5.10: update to v5.10.130 linux-yocto/5.10: fix buildpaths issue with pnmtologo linux-yocto/5.15: update to v5.15.46 linux-yocto/5.15: update to v5.15.48 linux-yocto/5.15: drop obselete GPIO sysfs ABI linux-yocto/5.15: update to v5.15.52 linux-yocto/5.15: fix qemuppc buildpaths warning linux-yocto/5.15: fix build_OID_registry buildpaths warning linux-yocto/5.15: fix buildpaths issue with gen-mach-types linux-yocto/5.15: update to v5.15.54 linux-yocto/5.15: fix buildpaths issue with pnmtologo kernel-devsrc: fix reproducibility and buildpaths QA warning kernel-devsrc: ppc32: fix reproducibility perf: fix reproducibility in 5.19+ Chanho Park (2): cargo_common.bbclass: enable bitbake vendoring for externalsrc externalsrc.bbclass: support crate fetcher on externalsrc Chen Qi (1): go-helloworld: remove unused GO_WORKDIR Christoph Lauer (1): package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo Claudius Heine (2): overlayfs: add docs about skipping QA check & service dependencies classes: rootfs-postcommands: add skip option to overlayfs_qa_check David Bagonyi (1): sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity Davide Gardenal (14): cve-check: add JSON format to summary output cve-check: fix symlinks where link and output path are equal rootfs-postcommands: fix symlinks where link and output path are equal openssl: minor security upgrade 3.0.2 -> 3.0.3 freetype: backport patch for CVE-2022-27404 freetype: backport patch for CVE-2022-27405 freetype: backport patch for CVE-2022-27406 qemu: backport patch for CVE-2021-4206 qemu: backport patch for CVE-2021-4207 base-passwd: Disable shell for default users libpcre2: upgrade 10.39 -> 10.40 ncurses: update to patchlevel 20220423 baremetal-image: fix broken symlink in do_rootfs efivar: add musl libc compatibility Dmitry Baryshkov (6): linux-firmware: upgrade 20220411 -> 20220509 image.bbclass: allow overriding dependency on virtual/kernel:do_deploy linux-firmware: package new Qualcomm firmware linux-firmware: split ath3k firmware linux-firmware: add support for building snapshots linux-firmware: upgrade 20220509 -> 20220610 Ernst Sjöstrand (2): cve-check: Add helper for symlink handling cve-check: Only include installed packages for rootfs manifest Felix Moessbauer (1): wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions Gunjan Gupta (1): bitbake: fetch2/osc: Small fixes for osc fetcher He Zhe (1): lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel Hitendra Prajapati (1): pcre2: CVE-2022-1586 Out-of-bounds read Jack Mitchell (1): meson.bbclass: add cython binary to cross/native toolchain config Jeremy Puhlman (1): gcc: depend on zstd-native Jiaqing Zhao (8): libxml2: Upgrade 2.9.13 -> 2.9.14 sed: Specify shell for "nobody" user in run-ptest strace: Don't run ptest as "nobody" systemd: Drop 0001-test-parse-argument-Include-signal.h.patch systemd: Remove __compare_fn_t type in musl-specific patch systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch systemd: Correct path returned in sd_path_lookup() systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch Joerg Vehlow (1): libseccomp: Add missing files for ptests Jon Mason (2): poky-tiny: enable qemuarmv5/qemuarm64 and cleanups qemuarmv5: use arm-versatile-926ejs KMACHINE Jose Quaresma (3): archiver: use bb.note instead of echo archiver: don't use machine variables in shared recipes curl: backport openssl fix CN check error code Justin Bronder (1): pulseaudio: conditionally depend on alsa-plugins-pulseaudio-conf Kai Kang (2): xxhash: fix build with gcc 12 glibc-tests: not clear BBCLASSEXTEND Khem Raj (11): kmod: Enable xz support by default qemu: Add packageconfig for libbpf support linux-yocto: Enable powerpc-debug fragment for ppc64 LE systemd: Fix build regression with latest update ovmf: Fix native build with gcc-12 gcc: Upgrade to 11.3 release systemd: Drop redundant musl patches systemd: Document future actions needed for set of musl patches systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch systemd: Update patch status libmodule-build-perl: Use env utility to find perl interpreter Konrad Weihmann (1): linux-firmware: replace mkdir by install Lee Chee Yang (1): ghostscript: fix CVE-2022-2085 Lucas Stach (1): perf: sort-pmuevents: really keep array terminators Marcel Ziswiler (1): alsa-plugins: fix libavtp vs. avtp packageconfig Markus Volk (2): mesa.inc: package 00-radv-defaults.conf python3: Backport patch to fix an issue in subinterpreters Marta Rybczynska (9): cve-update-db-native: update the CVE database once a day only cve-update-db-native: let the user to drive the update interval cve-check: Fix report generation cve-check: move update_symlinks to a library cve-check: write empty fragment files in the text mode cve-check: fix return type in check_cves cve-update-db-native: make it possible to disable database updates cve-check: add support for Ignored CVEs oeqa/selftest/cve_check: add tests for Ignored and partial reports Martin Jansa (9): staging.bbclass: process direct dependencies in deterministic order insane.bbclass: make sure to close .patch files makedevs: Don't use COPYING.patch just to add license file into ${S} patch.py: make sure that patches/series file exists before quilt pop lttng-modules: fix shell syntax buildhistory.bbclass: fix shell syntax when using dash rootfs.py: close kernel_abi_ver_file mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again wic: fix WicError message Matt Madison (1): bitbake: providers: use local variable for packages_dynamic pattern Maxime Roussin-Bélanger (1): libffi: fix native build being not portable Michael Opdenacker (4): rootfs-postcommands.bbclass: correct comments manuals: switch to the sstate mirror shared between all versions docs: BB_HASHSERVE_UPSTREAM: update to new host ref-manual: variables: remove sphinx directive from literal block Ming Liu (3): udev-extraconf: let automount base directory configurable udev-extraconf: fix some systemd automount issues udev-extraconf:mount.sh: fix path mismatching issues Mingli Yu (2): perl: Fix build with gcc-12 oescripts: change compare logic in OEListPackageconfigTests Muhammad Hamza (6): initramfs-framework: move storage mounts to actual rootfs udev-extraconf/mount.sh: add LABELs to mountpoints udev-extraconf/mount.sh: save mount name in our tmp filecache udev-extraconf/mount.sh: only mount devices on hotplug udev-extraconf: force systemd-udevd to use shared MountFlags udev-extraconf/mount.sh: ignore lvm in automount Naveen Saini (1): pciutils: avoid lspci conflict with busybox Nick Potenski (1): systemd: systemd-systemctl: Support instance conf files during enable Pascal Bach (1): bin_package: install into base_prefix Paul Eggleton (4): devtool: ignore pn- overrides when determining SRC_URI overrides patch: handle if S points to a subdirectory of a git repo devtool: finish: handle patching when S points to subdir of a git repo oe-selftest: devtool: test modify git recipe building from a subdir Paulo Neves (2): python: Avoid shebang overflow on python-config.py gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2 Pavel Zhukov (3): bitbake.conf: Make TCLIBC and TCMODE lazy assigned systemd: update 0008-add-missing-FTW_-macros-for-musl.patch harfbuzz: Fix compilation with clang Peter Bergin (1): rust: fix issue building cross-canadian tools for aarch64 on x86_64 Peter Kjellerstedt (4): license_image.bbclass: Make QA errors fail the build libseccomp: Correct LIC_FILES_CHKSUM license.bbclass: Bound beginline and endline in copy_license_files() base.bbclass: Correct the test for obsolete license exceptions Peter Marko (2): openssl: extract legacy provider module to a separate package alsa-state: correct license Pgowda (1): binutils : CVE-2019-1010204 Portia (1): volatile-binds: Change DefaultDependencies from false to no Raju Kumar Pothuraju (1): kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set Rasmus Villemoes (1): e2fsprogs: add alternatives handling of lsattr as well Richard Purdie (79): bitbake: tests/parse: Fix one test overwriting another bitbake: server/process: Drop unused import bitbake: ui/buildinfohelper: Drop unused import bitbake: cooker: Drop unused loop bitbake: msg: Drop unused local variable bitbake: buildinfohelper: Drop unused function bitbake: fetch2/crate: Drop unused import bitbake: siggen: Drop pointless break statement bitbake: ui/knotty: Drop pointless pass statement bitbake: persist_data: Use a valid exception for missing implementation bitbake: runqueue: Drop pointless variable assignment bitbake: buildinfohelper: Drop unused variables bitbake: fetch2/osc: Add missing parameter bitbake: runqueue: Fix sig file location when using multiconfig bitbake: fetch/git : Use cat as pager lib/sstatesig: Fix find_siginfo to match sstate filename generation base: Avoid circular references to our own scripts scripts: Make git intercept global scripts/git: Ensure we don't have circular references package: Ensure we track whether PRSERV was active or not abi_version/sstate: Bump hashequiv and sstate versions due to git changes build-appliance-image: Update to kirkstone head revision vim: Upgrade 8.2.4681 -> 8.2.4912 cairo: Add missing GPLv3 license checksum entry sanity: Don't warn about make 4.2.1 for mint bitbake: build: Add clean_stamp API function to allow removal of task stamps staging: Fix rare sysroot corruption issue selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210 libxslt: Mark CVE-2022-29824 as not applying cve-extra-exclusions: Add kernel CVEs cve-check: Allow warnings to be disabled rust-common: Fix sstate signatures between arm hf and non-hf rust-common: Drop LLVM_TARGET and simplify rust-common: Fix native signature dependency issues lzo: Add further info to a patch and mark as Inactive-Upstream glib-2.0: upgrade 2.72.1 -> 2.72.2 libxkbcommon: upgrade 1.4.0 -> 1.4.1 gtk+3: upgrade 3.24.33 -> 3.24.34 webkitgtk: upgrade 2.36.1 -> 2.36.3 openssl: Backport fix for ptest cert expiry gcc-cross-canadian: Add nativesdk-zstd dependency local.conf.sample: Update sstate url to new 'all' path sanity: Switch to make 4.0 as a minimum version perl: Add dependency on make-native to avoid race issues glibc: Drop make-native dependency vim: Upgrade 8.2.5034 -> 8.2.5083 uboot-sign: Fix potential index error issues selftest/multiconfig: Test that multiconfigs in separate layers works gcc-source: Fix incorrect task dependencies from ${B} liberror-perl: Update sstate/equiv versions to clean cache python3: Remove problematic paths from sysroot files python3: Ensure stale empty python module directories don't break the build bitbake: server/process: Fix logging issues where only the first message was displayed build-appliance-image: Update to kirkstone head revision unzip: Port debian fixes for two CVEs cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) vim: 8.2.5083 -> 9.0.0005 openssl: Upgrade 3.0.3 -> 3.0.4 coreutils: Tweak packaging variable names for coreutils-dev oeqa/runtime/scp: Disable scp test for dropbear packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation oe-selftest-image: Ensure the image has sftp as well as dropbear qemu: Avoid accidental librdmacm linkage glibc-tests: Avoid reproducibility issues qemu: Fix slirp determinism issue qemu: Add PACKAGECONFIG for brlapi gperf: Add a patch to work around reproducibility issues gperf: Switch to upstream patch udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist insane: Fix buildpaths test to work with special devices lua: Fix multilib buildpath reproducibility issues vala: Fix on target wrapper buildpaths issue gtk-doc: Remove hardcoded buildpath kernel-arch: Fix buildpaths leaking into external module compiles gcc-runtime: Fix build when using gold gcc-runtime: Fix missing MLPREFIX in debug mappings selftest/runtime_test/virgl: Disable for all almalinux Robert Joslyn (3): powerpc: Remove invalid GLIBC_EXTRA_OECONF curl: Backport CVE fixes curl: Fix multiple CVEs Robert Yang (1): bitbake: fetch2/ssh.py: decode path back for ssh Roland Hieber (1): bitbake: cache: correctly handle file names containing colons Ross Burton (12): cve-check: no need to depend on the fetch task oeqa/selftest: add test for git working correctly inside pseudo Revert "bitbake.conf: mark all directories as safe for git to read" oeqa/selftest/cve_check: add tests for recipe and image reports tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid cups: ignore CVE-2022-26691 busybox: fix CVE-2022-30065 cve-check: hook cleanup to the BuildCompleted event, not CookerExit tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058 vim: upgrade to 9.0.0021 perl: don't install Makefile.old into perl-ptest pulseaudio: add m4-native to DEPENDS Sakib Sajal (1): u-boot: fix CVE-2022-34835 Samuli Piippo (1): binutils: Bump to latest 2.38 release branch Sean Anderson (1): rootfs.py: find .ko.zst kernel modules Stefan Wiehler (1): kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task Steve Sakoman (11): scripts/contrib/oe-build-perf-report-email.py: remove obsolete check for phantomjs and optipng poky.conf: bump version for 4.0.1 release virgl: skip headless test on alma 8.6 python3: fix reproducibility issue with python3-core go: upgrade 1.17.8 -> 1.17.10 poky.conf: bump version for 4.0.2 openssh: break dependency on base package for -dev package dropbear: break dependency on base package for -dev package ruby: add PACKAGECONFIG for capstone qemu: add PACKAGECONFIG for capstone qemu: Avoid accidental libvdeplug linkage Sundeep KOKKONDA (4): rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets rust-common: Fix for target definitions returning 'NoneType' for arm glibc: stable 2.35 branch updates binutils : stable 2.38 branch updates Thomas Roos (1): recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG Tomasz Dziendzielski (1): bitbake: data: Do not depend on vardepvalueexclude flag Wentao Zhang (1): harfbuzz: fix CVE-2022-33068 Xiaobing Luo (1): devtool: Fix _copy_file() TypeError Yi Zhao (2): popt: fix override syntax in RDEPENDS git: fix override syntax in RDEPENDS leimaohui (1): cve-check.bbclass: Added do_populate_sdk[recrdeptask]. wangmy (15): librepo: upgrade 1.14.2 -> 1.14.3 cups: upgrade 2.4.1 -> 2.4.2 logrotate: upgrade 3.19.0 -> 3.20.1 iso-codes: upgrade 4.9.0 -> 4.10.0 lttng-ust: upgrade 2.13.2 -> 2.13.3 gst-devtools: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-libav: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-omx: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-bad: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-base: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-good: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-plugins-ugly: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-python: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-rtsp-server: upgrade 1.20.2 -> 1.20.3 gstreamer1.0-vaapi: upgrade 1.20.2 -> 1.20.3 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Ie30881bf20846b7311381bed443623fce8912406
author: Patrick Williams <patrick@stwcx.xyz> 2022-07-29 18:24:38 +0300
committer: Patrick Williams <patrick@stwcx.xyz> 2022-07-29 18:26:37 +0300
commit: cb2a94c39eddda6e0df65f98fff97cce711c9134 (patch)
tree: 0233c00d99735de440f920eb45ef10d47e14c00a /poky/meta/recipes-core/meta/cve-update-db-native.bb
parent: 322e9fc9c6aafb1be6757915ca920b5170642aa7 (diff)
download: openbmc-cb2a94c39eddda6e0df65f98fff97cce711c9134.tar.xz
1 files changed, 12 insertions, 2 deletions
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
index e5822cee58..18af89b53e 100644
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb
@@ -13,6 +13,10 @@ deltask do_install
 deltask do_populate_sysroot
 
 NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+# Use a negative value to skip the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
 
 python () {
     if not bb.data.inherits_class("cve-check", d):
@@ -43,12 +47,18 @@ python do_fetch() {
         if os.path.exists(db_file):
             os.remove(db_file)
 
-    # Don't refresh the database more than once an hour
+    # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if update_interval < 0:
+            bb.note("CVE database update skipped")
+            return
+        if time.time() - os.path.getmtime(db_file) < update_interval:
             bb.debug(2, "Recently updated, skipping")
             return
+
     except OSError:
         pass
author	Patrick Williams <patrick@stwcx.xyz>	2022-07-29 18:24:38 +0300
committer	Patrick Williams <patrick@stwcx.xyz>	2022-07-29 18:26:37 +0300
commit	cb2a94c39eddda6e0df65f98fff97cce711c9134 (patch)
tree	0233c00d99735de440f920eb45ef10d47e14c00a /poky/meta/recipes-core/meta/cve-update-db-native.bb
parent	322e9fc9c6aafb1be6757915ca920b5170642aa7 (diff)
download	openbmc-cb2a94c39eddda6e0df65f98fff97cce711c9134.tar.xz