support/scripts/pkg-stats:81:22: E211 whitespace before '('
support/scripts/pkg-stats:404:1: E305 expected 2 blank lines after class or function definition, found 1
support/scripts/pkg-stats:561:12: E713 test for membership should be 'not in'
support/scripts/pkg-stats:567:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:595:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1051:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1057:1: E302 expected 2 blank lines, found 1
Also fix:
support/scripts/pkg-stats:1054:5: E722 do not use bare 'except'
found by a more recent flake8 version. The exception may be either
IndexError or AttributeError, so use Exception to catch either.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
move
http-client-body-temp-path
http-proxy-temp-path
http-fastcgi-temp-path
http-scgi-temp-path
http-uwsgi-temp-path
from /var/tmp/nginx to /var/cache/nginx
this allows the use of systemd constructs
LogsDirectory=nginx
CacheDirectory=nginx
to replace
ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx
as there isn't a similar construct for /var/tmp.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pud plugin needs gpsd and has a specific license
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
the part concerning pdf is merged upstream
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Virtual packages (with in pkg-stats speak have "no valid
infrastructure") and packages that have no version specified cannot be
used for CVE checking. They trigger a bunch of warnings from the CVE
checking code, as it cannot parse their version: they don't have any
version. So instead, we simply skip those packages.
A follow-up commit will improve the reporting to be able to
distinguish those packages from packages that have seen their CVEs
checked and don't have any reported.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit modifies cve.py, as well as its users cve-checker and
pkg-stats to support CPE ID based matching, for packages that have CPE
ID information.
One of the non-trivial thing is that we can't simply iterate over all
CVEs, and then iterate over all our packages to see which packages
have CPE ID information that match the CPEs affected by the
CVE. Indeed, this is an O(n^2) operation.
So instead, we do a pre-filtering of packages potentially affected. In
check_package_cves(), we build a cpe_product_pkgs dict that associates
a CPE product name to the packages that have this CPE product
name. The CPE product name is either derived from the CPE information
provided by the package if available, and otherwise we use the package
name, which is what was used prior to this patch.
And then, when we look at CVEs, we only consider the packages that
have a CPE product name matching the CPE products affected by the
CVEs. This is done in check_package_cve_affects().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves the pkg-stats script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Libarchive 3.5.1 is a bugfix release.
Update COPYRIGHT hash due to clarification about 'archive_entry.c' source
file:
- fde4660d7b
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Also add a comment in waf.hash about the mechanism for LICENSE hash check
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Link with libatomic if available.
Fixes:
- http://autobuild.buildroot.net/results/e0766eef95a2559d51e58d1a81a9c40df84ae509
.../build/quickjs-2020-11-08/quickjs.c:12229: undefined reference to `__atomic_fetch_xor_1'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- make it a generic variable, not tied to -latomic
- pass it in all step, like CROSS_PREFIX
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set CMAKE_BUILD_TYPE to Release to avoid the following build failure
with glibc < 2.12:
/home/buildroot/autobuild/run/instance-1/output-1/build/libmdbx-0.9.2/mdbx.c:487:5: error: #warning "libmdbx was only tested with GLIBC >= 2.12." [-Werror=cpp]
# warning "libmdbx was only tested with GLIBC >= 2.12."
^~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/1a60b2c3d2f276f99a22da48e8e16fcf5744eba0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since its introduction in Buildroot in 2013 with commit 07203d78c2
(trace-cmd: new package), trace-cmd has declared installing in staging.
But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.
Drop this declaration.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The layout of the pacakge direcotry has changed, as upstream has added
more than just trace-cmd in the repository (e.g. kernel-shark).
However, the buildsystem for trace-cmd is... unconventional:
- the top-level Makefile will recurse into the trace-cmd/
sub-directory, but does not pass any variable on the $(MAKE) command
line; instead, it exports them in the environment, e.g.:
export CFLAGS
- the top-level Makefile appends some definitions to CFLAGS et al.,
sometimes with a simple append-assignment, sometimes with an
overriden append-assignment, e.g.:
CFLAGS += -DVSOCK
override CFLAGS += -DNO_PTRACE
- the top-level Makefile does not export all the variables. For
example, LDFLAGS is not exported;
- the Makefile in the trace-cmd/ sub-directory expects some variables
to be set, which is done by the top-level Makefile.
As a consequence, we can no longer pass our variable definitions as make
variable defintions on the command line; we must pass them in the
environment. Note that for some, like CFLAGS, that would still work, but
it would not for others, like LDFLAGS; for consistency, we put all in
the environment.
We can however use the provided 'make install', that behaves as
expected. But we must repeat most environment variables; especially, we
duplicate TARGET_CONFIGURE_OPTS as it has PATH et al. which are needed
by the top-level Makefile to properly detect tools (e.g. swig), which it
uses to decide what it should install.
Drop upstreamed patch.
Update the licensing information: new license files have been added in a
sub-directory, and the top-level COPYING now only references those two
(rather than being the actual text of the GPL-2).
Use two spaces in hash file.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- keep using a git clone
- unbreak the build:
- use the default make target rule, or the plugins and python
bindings be built at install time, with the host compiler
- use the default install target rule
- expand commit log:
- detail buildsystem issues
- add new license files and their hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
