diff options
Diffstat (limited to 'poky/meta/conf/distro')
-rw-r--r-- | poky/meta/conf/distro/include/cve-extra-exclusions.inc | 57 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/maintainers.inc | 23 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/ptest-packagelists.inc | 1 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/tcmode-default.inc | 4 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/yocto-uninative.inc | 10 |
5 files changed, 27 insertions, 68 deletions
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index 9d4422bc0f..fcef6a14fb 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -53,60 +53,17 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" CVE_STATUS_DB[status] = "upstream-wontfix: Since Oracle relicensed bdb, the open source community is slowly but surely \ replacing bdb with supported and open source friendly alternatives. As a result this CVE is unlikely to ever be fixed." -# -# Kernel CVEs, e.g. linux-yocto* +# Kernel CVEs that are generic but can't be added to the kernel's hand-maintained cve-exclusion.inc +# or machine-maintained cve-exclusion_VERSION.inc files, such as issues that describe TCP/IP design +# flaws or processor-specific exploits that can't be mitigated. # # For OE-Core our policy is to stay as close to the kernel stable releases as we can. This should # ensure the bulk of the major kernel CVEs are fixed and we don't dive into each individual issue # as the stable maintainers are much more able to do that. -# -# Rather than just ignore all kernel CVEs, list the ones we ignore on this basis here, allowing new -# issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd -# welcome than and then entries can likely be removed from here. -# - -CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_2010 CVE_STATUS_KERNEL_2017 CVE_STATUS_KERNEL_2018 CVE_STATUS_KERNEL_2020 \ - CVE_STATUS_KERNEL_2021 CVE_STATUS_KERNEL_2022" - -# 1999-2010 -CVE_STATUS_KERNEL_2010 = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \ - CVE-2008-4609 CVE-2010-0298 CVE-2010-4563" -CVE_STATUS_KERNEL_2010[status] = "ignored" - -# 2011-2017 -CVE_STATUS_KERNEL_2017 = "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \ - CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264" -CVE_STATUS_KERNEL_2017[status] = "ignored" - -# 2018 -CVE_STATUS_KERNEL_2018 = "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \ - CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873" -CVE_STATUS_KERNEL_2018[status] = "ignored" - -# 2020 -CVE_STATUS_KERNEL_2020 = "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" -CVE_STATUS_KERNEL_2020[status] = "ignored" - -# 2021 -CVE_STATUS_KERNEL_2021 = "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ - CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" -CVE_STATUS_KERNEL_2021[status] = "ignored" - -# 2022 -CVE_STATUS_KERNEL_2022 = "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ - CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ - CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \ - CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \ - CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \ - CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ - CVE-2022-29582 CVE-2022-29968" -CVE_STATUS_KERNEL_2022[status] = "ignored" - - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3563 -# https://nvd.nist.gov/vuln/detail/CVE-2022-3637 -CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git" -CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git" +CVE_STATUS[CVE-1999-0524] = "ignored: issue is that ICMP exists, can be filewalled if required" +CVE_STATUS[CVE-2008-4609] = "ignored: describes design flaws in TCP" +CVE_STATUS[CVE-2010-4563] = "ignored: low impact, only enables detection of hosts which are sniffing network traffic" +CVE_STATUS[CVE-2011-0640] = "ignored: requires physical access and any mitigation would mean USB is impractical to use" # qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255 CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \ diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 202e5739a0..3619588ae6 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -88,6 +88,7 @@ RECIPE_MAINTAINER:pn-bzip2 = "Denys Dmytriyenko <denis@denix.org>" RECIPE_MAINTAINER:pn-ca-certificates = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-cairo = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-cargo = "Randy MacLeod <Randy.MacLeod@windriver.com>" +RECIPE_MAINTAINER:pn-cargo-c-native = "Frederic Martinsons <frederic.martinsons@gmail.com>" RECIPE_MAINTAINER:pn-cantarell-fonts = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-ccache = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER:pn-cdrtools-native = "Yi Zhao <yi.zhao@windriver.com>" @@ -596,7 +597,7 @@ RECIPE_MAINTAINER:pn-ptest-runner = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-pulseaudio = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-pulseaudio-client-conf-sato = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-puzzles = "Anuj Mittal <anuj.mittal@intel.com>" -RECIPE_MAINTAINER:pn-python3 = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3 = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-alabaster = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-asn1crypto = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-atomicwrites = "Tim Orling <tim.orling@konsulko.com>" @@ -610,10 +611,10 @@ RECIPE_MAINTAINER:pn-python3-cffi = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-chardet = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-cryptography = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-cryptography-vectors = "Tim Orling <tim.orling@konsulko.com>" -RECIPE_MAINTAINER:pn-python3-cython = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-cython = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-dbus = "Zang Ruochen <zangruochen@loongson.cn>" -RECIPE_MAINTAINER:pn-python3-dbusmock = "Unassigned <unassigned@yoctoproject.org>" -RECIPE_MAINTAINER:pn-python3-docutils = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-dbusmock = "Trevor Gamblin <tgamblin@baylibre.com>" +RECIPE_MAINTAINER:pn-python3-docutils = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-dtc = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-dtschema = "Bruce Ashfield <bruce.ashfield@gmail.com>" RECIPE_MAINTAINER:pn-python3-dtschema-wrapper = "Bruce Ashfield <bruce.ashfield@gmail.com>" @@ -621,10 +622,10 @@ RECIPE_MAINTAINER:pn-python3-editables = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-python3-pycryptodome = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER:pn-python3-pycryptodomex = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER:pn-python3-pyrsistent = "Bruce Ashfield <bruce.ashfield@gmail.com>" -RECIPE_MAINTAINER:pn-python3-extras = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-extras = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-flit-core = "Tim Orling <tim.orling@konsulko.com>" -RECIPE_MAINTAINER:pn-python3-git = "Unassigned <unassigned@yoctoproject.org>" -RECIPE_MAINTAINER:pn-python3-gitdb = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-git = "Trevor Gamblin <tgamblin@baylibre.com>" +RECIPE_MAINTAINER:pn-python3-gitdb = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-hatchling = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-python3-hatch-fancy-pypi-readme = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-python3-hatch-vcs = "Ross Burton <ross.burton@arm.com>" @@ -633,7 +634,7 @@ RECIPE_MAINTAINER:pn-python3-idna = "Bruce Ashfield <bruce.ashfield@gmail.com>" RECIPE_MAINTAINER:pn-python3-imagesize = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-importlib-metadata = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-iniconfig = "Tim Orling <tim.orling@konsulko.com>" -RECIPE_MAINTAINER:pn-python3-iniparse = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-iniparse = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-iso8601 = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-installer = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-python3-jinja2 = "Richard Purdie <richard.purdie@linuxfoundation.org>" @@ -642,12 +643,12 @@ RECIPE_MAINTAINER:pn-python3-jsonschema = "Bruce Ashfield <bruce.ashfield@gmail. RECIPE_MAINTAINER:pn-python3-libarchive-c = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER:pn-python3-lxml = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-python3-magic = "Joshua Watt <JPEWhacker@gmail.com>" -RECIPE_MAINTAINER:pn-python3-mako = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-mako = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-markdown = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-python3-markupsafe = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER:pn-python3-more-itertools = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-ndg-httpsclient = "Tim Orling <tim.orling@konsulko.com>" -RECIPE_MAINTAINER:pn-python3-numpy = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-numpy = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-packaging = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pathlib2 = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pathspec = "Ross Burton <ross.burton@arm.com>" @@ -666,7 +667,7 @@ RECIPE_MAINTAINER:pn-python3-pyelftools = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER:pn-python3-pygments = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pygobject = "Zang Ruochen <zangruochen@loongson.cn>" RECIPE_MAINTAINER:pn-python3-pyopenssl = "Tim Orling <tim.orling@konsulko.com>" -RECIPE_MAINTAINER:pn-python3-pyparsing = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-pyparsing = "Trevor Gamblin <tgamblin@baylibre.com>" RECIPE_MAINTAINER:pn-python3-pyproject-hooks = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-python3-pysocks = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pytest = "Tim Orling <tim.orling@konsulko.com>" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index bbbef5b043..9160103cb0 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -96,6 +96,7 @@ PTESTS_SLOW = "\ glib-2.0 \ gnutls \ gstreamer1.0 \ + less \ libevent \ libgcrypt \ libmodule-build-perl \ diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc index 1c4a22aef0..69280fd210 100644 --- a/poky/meta/conf/distro/include/tcmode-default.inc +++ b/poky/meta/conf/distro/include/tcmode-default.inc @@ -20,9 +20,9 @@ GCCVERSION ?= "13.%" SDKGCCVERSION ?= "${GCCVERSION}" BINUVERSION ?= "2.41%" GDBVERSION ?= "13.%" -GLIBCVERSION ?= "2.37" +GLIBCVERSION ?= "2.38%" LINUXLIBCVERSION ?= "6.4%" -QEMUVERSION ?= "8.0%" +QEMUVERSION ?= "8.1%" GOVERSION ?= "1.20%" LLVMVERSION ?= "16.%" RUSTVERSION ?= "1.70%" diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index b3bd7794fb..eaa3e9b31c 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.37" -UNINATIVE_VERSION = "4.1" +UNINATIVE_MAXGLIBCVERSION = "2.38" +UNINATIVE_VERSION = "4.3" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "b6ff9171aa7d3828bc81197822e804725908856bbd488bf412121cc0deddcb60" -UNINATIVE_CHECKSUM[i686] ?= "6354fd2e09af1f111bad5e34ce7af4f9ad7cd266188af7eeceaeb982afd5354b" -UNINATIVE_CHECKSUM[x86_64] ?= "f83eca543170adfd2432b135ca655922a4303622d73cc4b13e92b973cdf49e3a" +UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec" +UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd" +UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030" |