If CVE_PRODUCT is not explicitly set to google:snappy, CVEs are
found for https://github.com/KnpLabs/snappy instead.
Signed-off-by: Emil Kronborg Andersen <emkan@prevas.dk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b888130e957eb4fe9d69fd70f3b3778ba980b728)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The actual patch was identified by checking the file that was modified
in the tag 6.0.42, and also by looking at the Jira item referenced by it:
the patch references DEV-4466, the same ID that is referenced in the
Jira ticket[1] referenced by the NVD report (look in the "All Activity" tab).
[1]: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The CVE_PRODUCT is set with a weak default assignment in the cve-check.bbclass,
which means that when the recipe uses +=, it overrides the original weak adefault
value instead of appending to it.
Set all applicable values in CVE_PRODUCT variable explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Beside other bugfixes, it contains fixes for CVE-2025-12817 and CVE-2025-12818.
Release notes: https://www.postgresql.org/docs/release/14.20/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e87e51da49fe121be8f6dd4cec3263a345f2f876)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe fetches from multiple repositories, however the SRCREV_FORMAT
variable wasn't set. Due to this the recipe couldn't reuse sstate artifacts from
a mirror, only threw warnings:
WARNING: gosu-1.14-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs are:
git://github.com/tianon/gosu.git;branch=master;protocol=https
git://github.com/opencontainers/runc;name=runc;branch=main;protocol=https', None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-support/
gosu/gosu_1.14.bb:do_package_qa_setscene) failed with exit code '1' - real task
will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It fetches from multiple repositories, but didn't have SRCREV_FORMAT
set. Because of this, the recipe couldn't use sstate artifacts from
a mirror, just threw many warnings:
WARNING: sysdig-0.28.0-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs
are:\ngit://github.com/draios/sysdig.git;branch=dev;protocol=https;name=sysdig
git://github.com/falcosecurity/libs;protocol=https;branch=master;name=falco;subdir=git/falcosecurity-libs',
None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-extended/sysdig/sysdig_0.28.0.bb
:do_package_qa_setscene) failed with exit code '1' - real task will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.
The recipe requires pam DISTRO_FEATURE to be present.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54ca51b6c6c90ad464a488e1ee271d3fff708955)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case usrmerge DISTRO_FEATURE is enabled, the recipe installs its
binaries into /sbin folder, which however supposed to be a symlink
to /usr/sbin folder, thus ultimately failing the installation.
To avoid this problem, backport a patch from master branch that allows
specifying the installation location.
This is a partial backport of 682657248c654c54ac87edc9bf0a95fb59ff0b1e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785
The vulnerability is not present in the currently used version, so
ignore it.
Current version: 20190801
First vulnerable version: 20190813
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>