The --cpeid option was mistakenly introduced by commit
92e7089a8c ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit bd665d182c
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.
This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.
Introduced similar methods for the error and na status, which will be
used in following commits.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
also set the indentation to 2 spaces in hash file
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gpgme is supported since 2005 and
4bb5db92a8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building uclibc 1.0.37 for SuperH architecture with linux-headers 5.10.7
fails at libpthread level due to missing time-related data structures,
usually defined by the kernel. Make uclibc correctly define those types.
A previous patch in buildroot [1] fixed the symptom by tampering with
linux-headers inclusions, but analysis [2] done in collaboration with
Linux folks concluded that the issue lied in (voluntary) include guard
"preemption" in uclibc kernel_types.h.
However, kernel_types.h was not up to date with relevant 64-bit time
data structures, so defining those here was needed.
The present uclibc patch was mailed to uclibc-ng mailing list and got
a positive response; I am not able to give a link to the discussion,
as it has not appeared yet [3] (perhaps I'm not looking at the right
place ?)
So until the patch is merged upstream and we bump uclibc version, keep
our patch here.
[1] https://git.buildroot.net/buildroot/commit/?id=742f37de8d0e3797698411dfc6a63bd7e98aafe2
[2] https://patchwork.kernel.org/project/linux-sh/patch/20210123165652.10884-1-geoffrey.legourrierec@gmail.com/
[3] https://mailman.uclibc-ng.org/pipermail/devel/2021-January/thread.html
Signed-off-by: Geoffrey Le Gourriérec <geoffrey.legourrierec@gmail.com>
Tested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add runtime dependencies to pythonX-ssl and python-setuptools.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Force Release build to remove -Werror and avoid the following build
failure:
/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/24b429ce0ae2b33e72bb6a0f523c3906e539a4fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit a7b51ed301 forgot to update hash of
COPYING which now contains LGPL-2.1+
Here is an extract of
0a8882b1a1:
"The vast majority of GdkPixbuf is released under the terms of the GNU
Lesser General Public License, version 2.1 or later.
The following files are released under the terms of the GNU Library
General Public License, version 2 or later:
[...]
The aggregate license of the GdkPixbuf project is the Lesser GPL v2.1 or
later."
Fixes:
- http://autobuild.buildroot.org/results/292306061216471c258a89e61b54c0d05c757321
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use https for download to save redirect.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
