From: Akash Hadke
ipx.h header file is removed in kernel 5.15
Link:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/net?id=6c9b40844751ea30c72f7a2f92f4d704bc6b2927
which is causing below error for system with kernel equal and
higher than 5.15
| ../../git
iming parameters instead of
default RFC 3927 parameters. This option is useful for use of zcip in
automotive use-cases. In pratice, it decreases AutoIP allocation time
from ~10s to ~2s, at the expense of less resilience to collisions
Signed-off-by: Akash Hadke
---
...d-support-for-DoIP-ISO-
ned-off-by: Richard Purdie
(cherry picked from commit 498bbee789f0b3b3a827e7b6914dfa9de764b1be)
Signed-off-by: Akash Hadke
---
meta/lib/oe/cve_check.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index a4b831831b..
On Wed, Jul 20, 2022 at 05:11 PM, Ross Burton wrote:
>
>
>> On 19 Jul 2022, at 08:54, akash hadke via lists.openembedded.org
>> wrote:
>>
>> Actually, I wanted to get all patched CVE numbers from a recipe in one
>> variable, and the value of that varia
On Wed, Jul 20, 2022 at 12:19 AM, Marta Rybczynska wrote:
>
> On Tue, Jul 12, 2022 at 12:28 PM akash hadke via
> lists.openembedded.org
> wrote:
>
>> Add an anonymous function to get patched CVEs from the recipe
>> and set the value to 'CVE_PATCHED' variab
Actually, I wanted to get all patched CVE numbers from a recipe in one
variable, and the value of that variable will be used in other tasks. And for
this purpose, I used the anonymous function because without it I will not be
able to get the value of CVE_PATCHED in other tasks.
-=-=-=-=-=-=-=-=
Introduce a new variable 'CVE_CHECK_WITH_DB' default set
to '0', when it is set to non zero value it avoids CVE scan for
unpatched CVEs from NVD DB.
It will work as the second operational mode for cve-check.bbclass
which only exports the data.
Signed-off-by: Akash Hadke
-
Add an anonymous function to get patched CVEs from the recipe
and set the value to 'CVE_PATCHED' variable
This variable later can be used to do CVE data processing
outside of bitbake
Signed-off-by: Akash Hadke
---
meta/classes/cve-check.bbclass | 8
1 file changed, 8
Hello Ross,
We can inherit cve-check by default in the configuration to export CVE
information like CVE_PRODUCT, CVE_VERSION and the newly added variable
CVE_PATCHED. And CVE_CHECK_WITH_DB variable will avoid scanning the CVEs from DB
It will work like 2 operational mode for cve-check.bbclass
-=
et to non zero value it avoids CVE scan for
unpatched CVEs from NVD DB.
It will work as the second operational mode for cve-check.bbclass
which only exports the data.
Signed-off-by: Akash Hadke
---
meta/classes/cve-check.bbclass | 15 +--
1 file changed, 13 insertions(+), 2 deletions
for
the recipe.
Signed-off-by: Akash Hadke
---
.../distro/include/cve-extra-exclusions.inc | 42 ---
1 file changed, 26 insertions(+), 16 deletions(-)
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc
b/meta/conf/distro/include/cve-extra-exclusions.inc
index
whitelisted CVEs for
the recipe.
Signed-off-by: Akash Hadke
---
meta/conf/distro/include/cve-extra-exclusions.inc | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc
b/meta/conf/distro/include/cve-extra-exclusions.inc
index
Watt
Signed-off-by: Alexandre Belloni
Signed-off-by: Richard Purdie
(cherry picked from commit fa6c07bc1a585f204dbdc28704f61448edb8fdc8)
Signed-off-by: Akash Hadke
---
meta/classes/cve-check.bbclass | 62 +
meta/lib/oe/cve_check.py | 82
Hi Richard,
I tried modifying the cve-check.bbclass but did not able to get the solution
for disabling the NVD data, because when we inherit cve-check it executes the
cve_check task that checks CVEs from NVD DB. So I am also not sure how to
disable it hence I used the separate bbclass.
-=-=-=-
Hi Marta,
If you see the code from the succeeding patch to this
https://lists.openembedded.org/g/openembedded-core/message/165502 here I have
checked if cve-extra-exclusions.inc is included or not. If it is not included
then the code will not get executed.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You re
onent recipe. Hence, I have did the changes to exclude
CVEs from cve-extra-exclusions.inc
Best Regards,
Akash
From: Marta Rybczynska
Sent: 17 May 2022 14:42
To: Akash Hadke
Cc: OE-core ; Ranjitsinh Rathod
; Akash Hadke
Subject: Re: [OE-core] [poky][master][PATC
: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/classes/cve-export.bbclass | 37 +
1 file changed, 37 insertions(+)
create mode 100644 meta/classes/cve-export.bbclass
diff --git a/meta/classes/cve-export.bbclass b/meta/classes/cve-export.bbclass
new file mode 100644
27;)
cves = d.getVar('CVE_CHECK_IGNORE').split()
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/lib/oe/cve_check.py | 38 ++
1 file changed, 38 insertions(+)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index dc7d2e2826
This test compares values of variables CVE_CHECK_IGNORE with
CVE_IGNORED that is exported from cve-export.bbclass
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
meta/lib/oeqa/selftest/cases/cve_export.py | 24 ++
1 file changed, 24 insertions(+)
create mode
ackported below patch to fix this issue.
0037-Avoid-deadlock-between-pthread_create-and-ctors.patch
Link:
https://sourceware.org/git/?p=glibc.git;a=patch;h=024a7640ab9ecea80e527f4e4d7f7a1868e952c5
Signed-off-by: Akash Hadke
Signed-off-by: Akash Hadke
---
...l_update-slotinfo-to-avoid-use-after-f
From: Chen Qi
Backport patch to fix CVE-2021-28831.
(From OE-Core rev: e579dbd9a6b2472ca90f411c0b594da9e38c9aca)
Signed-off-by: Chen Qi
Signed-off-by: Richard Purdie
Signed-off-by: Akash Hadke
---
...ompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch | 51 ++
meta/recipes
Hi Armin,
Any update on this?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152819):
https://lists.openembedded.org/g/openembedded-core/message/152819
Mute This Topic: https://lists.openembedded.org/mt/83071295/21656
Group Owner: openembedded-cor
Any update on this?
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152332):
https://lists.openembedded.org/g/openembedded-core/message/152332
Mute This Topic: https://lists.openembedded.org/mt/83045843/21656
Group Owner: openembedded-core+ow...@lis
From: "akash.hadke"
Added fix for below CVE's
CVE-2019-5063
CVE-2019-5064
Link:
https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111.patch
Signed-off-by: akash hadke
---
.../opencv/CVE-2019-5063_and_2019-5064.patch | 78
://gitlab.com/libtiff/libtiff/-/commit/02875964eba5c4a2ea98c41562835428214adfe7.patch
2. 002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
Link:
https://gitlab.com/libtiff/libtiff/-/commit/ca70b5e702b9f50344b2d46691de9feae84e.patch
Signed-off-by: akash hadke
---
...tch_for_CVE-2020
This implementation assumes that iflag/oflag=direct will be used only
on block devices and files that are multiples of pagesize, and makes
no effort to solve issues with unaligned or partial reads (unlike gnu
coreutils dd)
Signed-off-by: akash hadke
---
...d-implement-iflag-direct-and-oflag
Adding SECLABEL{selinux}="some value" causes systemd-udev
to crash.
So applied below available patch to fix the issue.
systemd-udev-seclabel-options-crash-fix.patch
Link:
https://github.com/systemd/systemd/commit/0335d110afc08baf47d76b7011ce02510dfdd524.patch
Signed-off-by: a
27 matches
Mail list logo