poky: subtree update:52a625582e..7035b4b21e

Adrian Bunk (9):
      squashfs-tools: Upgrade to 4.4
      screen: Upgrade 4.6.2 -> 4.7.0
      stress-ng: Upgrade 0.10.00 -> 0.10.08
      nspr: Upgrade 4.21 -> 4.23
      gcc: Remove stale gcc 8 patchfile
      gnu-efi: Upgrade 3.0.9 -> 3.0.10
      python3-numpy: Stop shipping manual config files
      coreutils: Move stdbuf into an own package coreutils-stdbuf
      gnu-efi: Upgrade 3.0.10 -> 3.0.11

Alessio Igor Bogani (1):
      systemtap: support usrmerge

Alexander Hirsch (1):
      libksba: Fix license specification

Alexander Kanavin (6):
      gcr: update to 3.34.0
      btrfs-tools: update to 5.3
      libmodulemd-v1: update to 1.8.16
      selftest: skip virgl test on centos 7 entirely
      nfs-utils: do not depend on bash unnecessarily
      selftest: add a test for gpl3-free images

Alistair Francis (4):
      opensbi: Bump from 0.4 to 0.5
      u-boot: Bump from 2019.07 to 2019.10
      qemuriscv64: Build smode U-Boot
      libsdl2: Fix build failure when using mesa 19.2.1

Andreas Müller (4):
      adwaita-icon-theme: upgrade 3.32.0 -> 3.34.0
      gsettings-desktop-schemas: upgrade 3.32.0 -> 3.34.0
      IMAGE_LINGUAS_COMPLEMENTARY: auto-add language packages other than locales
      libical: add PACKAGECONFIG glib and enable it by default

André Draszik (10):
      testimage.bbclass: support hardware-controlled targets
      testimage.bbclass: enable ssh agent forwarding
      oeqa/runtime/df: don't fail on long device names
      oeqa/core/decorator: add skipIfFeature
      oeqa/runtime/opkg: skip install on read-only-rootfs
      oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
      ruby: update to v2.6.4
      ruby: some ptest fixes
      oeqa/runtime/context.py: ignore more files when loading controllers
      connman: mark connman-wait-online as SYSTEMD_PACKAGE

Bruce Ashfield (6):
      linux-yocto/4.19: update to v4.19.78
      linux-yocto/5.2: update to v5.2.20
      perf: fix v5.4+ builds
      perf: create directories before copying single files
      perf: add 'cap' PACKAGECONFIG
      perf: drop 'include' copy

Carlos Rafael Giani (12):
      gstreamer1.0: upgrade to version 1.16.1
      gstreamer1.0-plugins-base: upgrade to version 1.16.1
      gstreamer1.0-plugins-good: upgrade to version 1.16.1
      gstreamer1.0-plugins-bad: upgrade to version 1.16.1
      gstreamer1.0-plugins-ugly: upgrade to version 1.16.1
      gstreamer1.0-libav: upgrade to version 1.16.1
      gstreamer1.0-vaapi: upgrade to version 1.16.1
      gstreamer1.0-omx: upgrade to version 1.16.1
      gstreamer1.0-python: upgrade to version 1.16.1
      gstreamer1.0-rtsp-server: upgrade to version 1.16.1
      gst-validate: upgrade to version 1.16.1
      gstreamer: Change SRC_URI to use HTTPS access instead of HTTP

Changqing Li (4):
      qemu: Fix CVE-2019-12068
      python: Fix CVE-2019-10160
      sudo: fix CVE-2019-14287
      mdadm: fix do_package failed when changed local.conf but not cleaned

Chee Yang Lee (2):
      wic/help: change 'wic write' help description
      wic/engine: use 'linux-swap' for swap file system

Chen Qi (3):
      go: fix CVE-2019-16276
      python3: fix CVE-2019-16935
      python: fix CVE-2019-16935

Chris Laplante via bitbake-devel (2):
      bitbake: bitbake: contrib/vim: initial commit, with unmodified code from indent/python.vim
      bitbake: bitbake: contrib/vim: Modify Python indentation to work with 'python do_task {'

Christopher Larson (2):
      bitbake: fetch2/git: fetch shallow revs when needed
      bitbake: tests/fetch: add test for fetching shallow revs

Dan Callaghan (1):
      elfutils: add PACKAGECONFIG for compression algorithms

Douglas Royds via Openembedded-core (1):
      icecc: Export ICECC_CC and friends via wrapper-script

Eduardo Abinader (1):
      devtool: add ssh key option to deploy-target param

Eugene Smirnov (1):
      wic/rawcopy: Support files in sub-directories

Ferry Toth (1):
      sudo: Fix fetching sources

Frazer Leslie Clews (2):
      makedevs: fix format strings in makedevs.c in print statements
      makedevs: fix invalidScanfFormatWidth to prevent overflowing usr_buf

George McCollister (1):
      openssl: make OPENSSL_ENGINES match install path

Haiqing Bai (1):
      unfs3: fixed the issue that unfsd consumes 100% CPU

He Zhe (1):
      ltp: Fix overcommit_memory failure

Hongxu Jia (1):
      openssh: fix CVE-2019-16905

Joe Slater (2):
      libtiff: fix CVE-2019-17546
      libxslt: fix CVE-2019-18197

Kai Kang (1):
      bind: fix CVE-2019-6471 and CVE-2018-5743

Liwei Song (1):
      util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]

Mattias Hansson (1):
      base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot

Max Tomago (1):
      python-native: Remove debug.patch

Maxime Roussin-Bélanger (2):
      meta: update and add missing homepage/bugtracker links
      meta: add missing description in recipes-gnome

Michael Ho (1):
      cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

Mike Crowe (2):
      kernel-fitimage: Cope with non-standard kernel deploy subdirectory
      kernel-devicetree: Cope with non-standard kernel deploy subdirectory

Mikko Rapeli (1):
      systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}

Nicola Lunghi (1):
      ofono: tidy up the recipe

Ola x Nilsson (10):
      oeqa/selftest/recipetool: Use with to control file handle lifetime
      oe.types.path: Use with to control file handle lifetime
      lib/oe/packagedata: Use with to control file handle lifetime
      lib/oe/package_manager: Use with to control file handle lifetime
      report-error.bbclass: Use with to control file handle lifetime
      package.bbclass: Use with to manage file handle lifetimes
      devtool-source.bbclass: Use with to manage file handle lifetime
      libc-package.bbclass: Use with to manage filehandle in do_spit_gconvs
      bitbake: bitbake: prserv/serv: Use with while reading pidfile
      bitbake: bitbake: ConfHandler: Use with to manage filehandle lifetime

Oleksandr Kravchuk (4):
      ell: update to 0.23
      ell: update to 0.25
      ell: update to 0.26
      ofono: update to 1.31

Ricardo Ribalda Delgado (1):
      i2c-tools: Add missing RDEPEND

Richard Leitner (1):
      kernel-fitimage: introduce FIT_SIGN_ALG

Richard Purdie (4):
      tinderclient: Drop obsolete class
      meson: Backport fix to assist meta-oe breakage
      nfs-utils: Improve handling when no exported fileysystems
      qemu: Avoid potential build configuration contamination

Robert Yang (1):
      bluez5: Fix for --enable-btpclient

Ross Burton (29):
      sanity: check the format of SDK_VENDOR
      file: explicitly disable seccomp
      python3: -dev should depend on distutils
      gawk: add PACKAGECONFIG for readline
      python3: alternative name is python3-config not python-config
      python3: ensure that all forms of python3-config are in python3-dev
      oeqa/selftest: use specialist assert* methods
      bluez5: refresh upstreamed patches
      xorgproto: fix summary
      libx11: upgrade to 1.6.9
      xorgproto: upgrade to 2019.2
      llvm: add missing Upstream-Status tags
      buildhistory-analysis: filter out -src changes by default
      squashfs-tools: remove redundant source checksums
      squashfs-tools: clean up compile/install tasks
      wpa-supplicant: fix CVE-2019-16275
      gcr: remove intltool-native
      elfutils: disable bzip
      cve-check: ensure all known CVEs are in the report
      git: some tools are no longer perl, so move to main recipe
      git: cleanup man install
      qemu-helper-native: add missing option to getopt() call
      qemu-helper-native: showing help shouldn't be an error
      qemu-helper-native: pass compiler flags
      oeqa/selftest: add test for oe-run-native
      cve-check: failure to parse versions should be more visible
      gst-examples: rename so PV is in filename
      sanity: check for more bits of Python
      recipeutils-test: use a small dependency in the dummy recipe

Sai Hari Chandana Kalluri (1):
      devtool: Add --remove-work option for devtool reset command

Scott Rifenbark (9):
      ref-manual: First pass of 2.8 migration changes (WIP)
      poky.ent: Updated the release date to October 2019
      dev-manual: Added info to "Selecting an Initialization Manager"
      ref-manual: 2nd pass 3.0 migration
      documenation: Changed "2.8" to "3.0".
      ref-manual: Removed deprecated link to ref-classes-bluetooth
      ref-manual, dev-manual: Clean up of a commit
      ref-manual: Updated the BUSYBOX_SPLIT_SUID variable.
      ref-manual, dev-manual: Added CMake toolchain files.

Stefan Agner (1):
      uninative: check .done file instead of tarball

Tom Benn (1):
      dbus: update dbus-1.init to reflect new PID file

Trevor Gamblin (5):
      aspell: upgrade from 0.60.7 to 0.60.8
      binutils: fix CVE-2019-17450
      binutils: fix CVE-2019-17451
      ncurses: fix CVE-2019-17594, CVE-2019-17595
      libgcrypt: upgrade 1.8.4 -> 1.8.5

Trevor Woerner (1):
      libcap-ng: undefined reference to `pthread_atfork'

Wenlin Kang (1):
      sysstat: fix CVE-2019-16167

Yann Dirson (1):
      mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIG

Yeoh Ee Peng (1):
      scripts/oe-pkgdata-util: Enable list-pkgs to print ordered packages

Yi Zhao (2):
      libsdl2: fix CVE-2019-13616
      libgcrypt: fix CVE-2019-12904

Zang Ruochen (6):
      bison:upgrade 3.4.1 -> 3.4.2
      e2fsprogs:upgrade 1.45.3 -> 1.45.4
      libxvmc:upgrade 1.0.11 -> 1.0.12
      python3-pip:upgrade 19.2.3 -> 19.3.1
      python-setuptools:upgrade 41.2.0 -> 41.4.0
      libcap-ng:upgrade 0.7.9 -> 0.7.10

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I50bc42f74dffdc406ffc0dea034e41462fe6e06b
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index c00d291..1c8b222 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -208,19 +208,21 @@
 
             if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
+                # TODO: this should be in the report as 'whitelisted'
+                patched_cves.add(cve)
             elif cve in patched_cves:
                 bb.note("%s has been patched" % (cve))
             else:
                 to_append = False
                 if (operator_start == '=' and pv == version_start):
-                    cves_unpatched.append(cve)
+                    to_append = True
                 else:
                     if operator_start:
                         try:
                             to_append_start =  (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
                             to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_start, version_start, cve))
                             to_append_start = False
                     else:
@@ -231,7 +233,7 @@
                             to_append_end  = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
                             to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_end, version_end, cve))
                             to_append_end = False
                     else:
@@ -243,8 +245,11 @@
                         to_append = to_append_start or to_append_end
 
                 if to_append:
+                    bb.note("%s-%s is vulnerable to %s" % (product, pv, cve))
                     cves_unpatched.append(cve)
-                bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve))
+                else:
+                    bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve))
+                    patched_cves.add(cve)
     conn.close()
 
     return (list(patched_cves), cves_unpatched)