subtree updates
meta-openembedded: 4dbbef7a39..9953ca1ac0:
Andreas Cord-Landwehr (1):
freerdp: provide cmake integration
BELOUARGA Mohamed (1):
Monocypher: Correct source URI and license
Clément Péron (2):
abseil-cpp: rename recipe to follow the version
protobuf: upgrade 4.23.4 -> 4.25.2
Fabio Estevam (1):
v4l-utils: Remove unneeded musl patch
Gassner, Tobias.ext (1):
softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES
Gianfranco Costamagna (1):
vbxguestdrivers: upgrade 7.0.12 -> 7.0.14
Khem Raj (4):
Revert "rng-tools: move from oe-core to meta-oe"
python3-pillow: Correct branch parameter in SRC_URI
python3-multidict: Make it work with python 3.12
python3-multidict: Fix running ptests
Markus Volk (6):
eog: update 45.1 -> 45.2
file-roller: update 43.0 -> 43.1
gvfs: update 1.52.1 -> 1.52.2
gjs: update 1.78.1 -> 1.78.2
mozjs: update 115.2.0 -> 115.6.0
pipewire: update 1.0.0 -> 1.0.1
Michael Haener (1):
nginx: add http sub module feature
Pablo Saavedra (1):
libbacktrace: fix sdk installation
Peter Marko (2):
protobuf-c: change branch to master
srecord: fix malformed patch upstream status
Ross Burton (1):
mozjs-115: fix the build on ARMv5
Yi Zhao (1):
samba: upgrade 4.19.3 -> 4.19.4
Yoann Congal (3):
packagegroup-meta-oe: remove mongodb
python3-coverage: add native and nativesdk BBCLASSEXTEND
python3-pytest-cov: Add missing python3-pytest RDEPENDS
alperak (8):
fmt: upgrade 10.1.1 -> 10.2.1
gerbera: upgrade 1.12.1 -> 2.0.0
spdlog: upgrade 1.12 -> 1.13
libebml: upgrade 1.4.4 -> 1.4.5
lcms: upgrade 2.15 -> 2.16
libkcapi: upgrade 1.4.0 -> 1.5.0
icewm: upgrade 3.4.4 -> 3.4.5
libreport: upgrade 2.17.8 -> 2.17.11
meta-raspberrypi: b859bc3eca..9c901bf170:
Damiano Ferrari (2):
rpi-config: Add CAN0_INTERRUPT_PIN and CAN1_INTERRUPT_PIN variable
docs: add info on how to set different CAN interrupt pins
Florin Sarbu (1):
Add Raspberry Pi 5
Leon Anavi (7):
rpi-base.inc: Add vc4-kms-v3d-pi5.dtbo
u-boot_%.bbappend: Skip for Raspberry Pi 5
rpi-config: Reduce config.txt size
linux-raspberrypi.inc: bcm2712_defconfig for rpi5
conf/machine/raspberrypi5.conf: kernel_2712.img
conf/machine/raspberrypi5.conf: ttyAMA10
conf/machine/raspberrypi5.conf: Use "Image"
poky: 7af374c90c..348d9aba33:
Alejandro Hernandez Samaniego (1):
newlib: Upgrade 4.3.0 -> 4.4.0
Alexander Kanavin (1):
shadow: replace static linking with dynamic libraries in a custom location and bundled with shadow
Anuj Mittal (4):
bluez5: upgrade 5.71 -> 5.72
cronie: upgrade 1.7.0 -> 1.7.1
libpsl: upgrade 0.21.2 -> 0.21.5
grub2: upgrade 2.06 -> 2.12
Bruce Ashfield (12):
linux-yocto/6.6: update to v6.6.11
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.72
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.6: cfg: arm: introduce page size fragments
linux-yocto/6.6: security/cfg: add configs to harden protection
linux-yocto/6.1: security/cfg: add configs to harden protection
linux-yocto/6.6: update to v6.6.12
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.73
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: drop recipes
Chen Qi (5):
oeqa/selftest: add test case to cover 'devtool modify -n' for a git recipe
systemd: refresh musl patches for v255.1
systemd: upgrade to 255.1
systemd-boot: upgrade to 255.1
rootfs-postcommands.bbclass: ignore comment mismatch in systemd_user_check
Etienne Cordonnier (1):
cmake.bbclass: add Darwin support
Fabio Estevam (2):
weston: Update to 13.0.0
pulseaudio: Update to 17.0
Jiang Kai (4):
debianutils: upgrade 5.15 -> 5.16
enchant2: upgrade 2.6.4 -> 2.6.5
libsecret: upgrade 0.21.1 -> 0.21.2
libxrandr: upgrade 1.5.3 -> 1.5.4
Joe Slater (1):
eudev: modify predictable network if name search
Jonathan GUILLOT (1):
udev-extraconf: fix unmount directories containing octal-escaped chars
Julien Stephan (3):
externalsrc: fix task dependency for do_populate_lic
devtool: modify: add support for multiple source in SRC_URI
oeqa/selftest/devtool: add test for recipes with multiple sources in SRC_URI
Kai Kang (2):
nativesdk-cairo: fix build error
p11-kit: fix parallel build failures
Kevin Hao (2):
yocto-bsp: Bump the default kernel to v6.6
yocto-bsp: Drop the support for v6.1 kernel
Khem Raj (4):
libgudev: Pass export-dynamic to linker directly.
coreutils: Fix build with clang
glibc: Do not enable CET on 32bit x86
rust: Re-write RPATHs in the copies llvm-config
Pavel Zhukov (1):
mdadm: Disable ptests
Peter Marko (1):
zlib: ignore CVE-2023-6992
Richard Purdie (7):
qemu: add PACKAGECONFIG for sndio
poky-altcfg: Update PREFERRED_VERSION for kerenl
xev: Drop diet libx11 related patch
libxcomposite: Drop obsolete patch
python3-subunit: Add missing module dependency
qemu: Upgrade 8.1.2 -> 8.2.0
qemu: Fix segfaults in webkitgtk:do_compile on debian11
Robert Yang (1):
autoconf: 2.72d -> 2.72e
Ross Burton (7):
cve_check: handle CVE_STATUS being set to the empty string
cve_check: cleanup logging
xserver-xorg: add PACKAGECONFIG for xvfb
xserver-xorg: disable xvfb by default
libssh2: backport fix for CVE-2023-48795
bitbake: bitbake: Version bump for inherit_defer addition
sanity: require bitbake 2.7.2 for the inherit_defer statement
Ryan Eatmon (1):
python3-yamllint: Add recipe
Simone Weiß (2):
tune-core2: Update qemu cpu to supported model
gcc: Update status of CVE-2023-4039
Thomas Perrot (1):
opensbi: bump to 1.4
Timotheus Giuliani (1):
linux-firmware: fix mediatek MT76x empty license package
Vincent Davis Jr (1):
shaderc: update commit hash to v2023.7
Wang Mingyu (2):
python3-subunit: upgrade 1.4.2 -> 1.4.4
libtest-warnings-perl: upgrade 0.031 -> 0.032
William Hauser (1):
native.bbclass: base_libdir unique from libdir
William Lyu (1):
perl: Fix perl-module-* being ignored via COMPLEMENTARY_GLOB
Yash Shinde (7):
rust: Fetch cargo from rust-snapshot dir.
rust: detect user-specified custom targets in compiletest
rust: Enable RUSTC_BOOTSTRAP to use nightly features during rust oe-selftest.
rust: Fix assertion failure error on oe-selftest
rust: Add new tests in the exclude list for rust oe-selftest
rust: Remove the test cases whose parent dir is also present in the exclude list
rust: Enable rust oe-selftest.
Yogita Urade (1):
tiff: fix CVE-2023-6228
meta-arm: 1cad3c3813..6bb1fc8d8c:
Harsimran Singh Tungal (1):
n1sdp:arm-bsp/optee: Update optee to v4.0
Ross Burton (1):
arm-bsp/linux-yocto: add 6.1 recipe
Change-Id: Ib4cc4e128e4d41f3329cf83a0d5e8539ef07ebe3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index 3fa77bf..ed5c714 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -79,20 +79,19 @@
import re
import oe.patch
- pn = d.getVar("PN")
- cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
+ cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+")
# Matches the last "CVE-YYYY-ID" in the file name, also if written
# in lowercase. Possible to have multiple CVE IDs in a single
# file name, but only the last one will be detected from the file name.
# However, patch files contents addressing multiple CVE IDs are supported
# (cve_match regular expression)
-
- cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
+ cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE)
patched_cves = set()
- bb.debug(2, "Looking for patches that solves CVEs for %s" % pn)
- for url in oe.patch.src_patches(d):
+ patches = oe.patch.src_patches(d)
+ bb.debug(2, "Scanning %d patches for CVEs" % len(patches))
+ for url in patches:
patch_file = bb.fetch.decodeurl(url)[2]
# Check patch file name for CVE ID
@@ -100,7 +99,7 @@
if fname_match:
cve = fname_match.group(1).upper()
patched_cves.add(cve)
- bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file))
+ bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file))
# Remote patches won't be present and compressed patches won't be
# unpacked, so say we're not scanning them
@@ -231,7 +230,7 @@
Convert CVE_STATUS into status, detail and description.
"""
status = d.getVarFlag("CVE_STATUS", cve)
- if status is None:
+ if not status:
return ("", "", "")
status_split = status.split(':', 1)
@@ -240,7 +239,7 @@
status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail)
if status_mapping is None:
- bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
+ bb.warn('Invalid detail "%s" for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status))
status_mapping = "Unpatched"
return (status_mapping, detail, description)