[warrior 0/8] Pull request

[warrior 0/8] Pull request

[akuster]

Please merge these changes into warrior

The following changes since commit ae341aed81be28232cc34daf4684bc0922f17699:

  yocto-uninative.inc: version 2.8 updates glibc to 2.31 (2020-03-26 07:04:11 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/warrior-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/warrior-next

Adrian Bunk (3):
  git: Upgrade 2.20.1 -> 2.20.4
  python: Upgrade 2.7.17 -> 2.17.18
  openssl: Upgrade 1.1.1d -> 1.1.1e

Alexander Kanavin (1):
  openssl: update to 1.1.1f

Denys Dmytriyenko (1):
  openssl: recommend cryptodev-module for corresponding PACKAGECONFIG

Jan Luebbe (1):
  openssl: upgrade 1.1.1f -> 1.1.1g

Lee Chee Yang (1):
  cve-check: CPE version '-' as all version

Richard Purdie (1):
  openssl: Fix reproducibility issue

 meta/classes/cve-check.bbclass                |   2 +-
 .../openssl/openssl/CVE-2019-1551.patch       | 758 ------------------
 .../openssl/openssl/reproducible.patch        |  32 +
 .../{openssl_1.1.1d.bb => openssl_1.1.1g.bb}  |   7 +-
 .../recipes-core/meta/cve-update-db-native.bb |   2 +-
 meta/recipes-devtools/git/git_2.20.1.bb       |  11 -
 meta/recipes-devtools/git/git_2.20.4.bb       |  11 +
 ...tive_2.7.17.bb => python-native_2.7.18.bb} |   0
 meta/recipes-devtools/python/python.inc       |   6 +-
 .../{python_2.7.17.bb => python_2.7.18.bb}    |   0
 10 files changed, 51 insertions(+), 778 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1d.bb => openssl_1.1.1g.bb} (97%)
 delete mode 100644 meta/recipes-devtools/git/git_2.20.1.bb
 create mode 100644 meta/recipes-devtools/git/git_2.20.4.bb
 rename meta/recipes-devtools/python/{python-native_2.7.17.bb => python-native_2.7.18.bb} (100%)
 rename meta/recipes-devtools/python/{python_2.7.17.bb => python_2.7.18.bb} (100%)

-- 
2.17.1

[warrior 1/8] git: Upgrade 2.20.1 -> 2.20.4

[akuster]

From: Adrian Bunk <bunk@stusta.de>

This includes the fixes for CVE-2020-5260 and CVE-2020-11008.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/git/git_2.20.1.bb | 11 -----------
 meta/recipes-devtools/git/git_2.20.4.bb | 11 +++++++++++
 2 files changed, 11 insertions(+), 11 deletions(-)
 delete mode 100644 meta/recipes-devtools/git/git_2.20.1.bb
 create mode 100644 meta/recipes-devtools/git/git_2.20.4.bb

diff --git a/meta/recipes-devtools/git/git_2.20.1.bb b/meta/recipes-devtools/git/git_2.20.1.bb
deleted file mode 100644
index 877fb05e58..0000000000
--- a/meta/recipes-devtools/git/git_2.20.1.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
-                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
-                 "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "7a7769e5c957364ed0aed89e6e67c254"
-SRC_URI[tarball.sha256sum] = "edc3bc1495b69179ba4e272e97eff93334a20decb1d8db6ec3c19c16417738fd"
-SRC_URI[manpages.md5sum] = "78c6e54a61a167dab5e8ae07036293ab"
-SRC_URI[manpages.sha256sum] = "e9c123463abd05e142defe44a8060ce6e9853dfd8c83b2542e38b7deac4e6d4c"
diff --git a/meta/recipes-devtools/git/git_2.20.4.bb b/meta/recipes-devtools/git/git_2.20.4.bb
new file mode 100644
index 0000000000..e44da452ad
--- /dev/null
+++ b/meta/recipes-devtools/git/git_2.20.4.bb
@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+                 "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "6f524e37186a79848a716e2a91330868"
+SRC_URI[tarball.sha256sum] = "92719084d7648b69038ea617a3bc45ec74f60ed7eef753ae2ad84b6f0b268e9a"
+SRC_URI[manpages.md5sum] = "dceabcda244042a06ed4cabd754627a5"
+SRC_URI[manpages.sha256sum] = "72fdd1799756b1240921d10eb5c67de9a651b44d429ba7293929c9d5344ad3e0"
-- 
2.17.1

[warrior 2/8] python: Upgrade 2.7.17 -> 2.17.18

[akuster]

From: Adrian Bunk <bunk@stusta.de>

LICENSE checksum changed due to 2019 -> 2020 update.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{python-native_2.7.17.bb => python-native_2.7.18.bb}    | 0
 meta/recipes-devtools/python/python.inc                     | 6 +++---
 .../python/{python_2.7.17.bb => python_2.7.18.bb}           | 0
 3 files changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-devtools/python/{python-native_2.7.17.bb => python-native_2.7.18.bb} (100%)
 rename meta/recipes-devtools/python/{python_2.7.17.bb => python_2.7.18.bb} (100%)

diff --git a/meta/recipes-devtools/python/python-native_2.7.17.bb b/meta/recipes-devtools/python/python-native_2.7.18.bb
similarity index 100%
rename from meta/recipes-devtools/python/python-native_2.7.17.bb
rename to meta/recipes-devtools/python/python-native_2.7.18.bb
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index a2424a67bf..bd214e8f8b 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,13 +5,13 @@ SECTION = "devel/python"
 # bump this on every change in contrib/python/generate-manifest-2.7.py
 INC_PR = "r1"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            "
 
-SRC_URI[md5sum] = "b3b6d2c92f42a60667814358ab9f0cfd"
-SRC_URI[sha256sum] = "4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41"
+SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a"
+SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python_2.7.17.bb b/meta/recipes-devtools/python/python_2.7.18.bb
similarity index 100%
rename from meta/recipes-devtools/python/python_2.7.17.bb
rename to meta/recipes-devtools/python/python_2.7.18.bb
-- 
2.17.1

[warrior 3/8] openssl: Fix reproducibility issue

[akuster]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There was a build architecture leaking into the target ptest which
could vary depending upon host. Remove it as its cosmetic.

[YOCTO #13770]

(From OE-Core rev: 37db519eedb7eb5cd4f14d05f30f5d580aa7458d)

(From OE-Core rev: c31c676319812e6fc036741db2ab8e16eccff723)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openssl/openssl/reproducible.patch        | 32 +++++++++++++++++++
 .../openssl/openssl_1.1.1d.bb                 |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 0000000000..a24260c95d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g. 
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than 
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+ 
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+                           @{$config{perlargv}}), "\n";
+         print "\nPerl information:\n\n";
+         print '    ',$config{perl_cmd},"\n";
+-        print '    ',$config{perl_version},' for ',$config{perl_archname},"\n";
++        print '    ',$config{perl_version},"\n";
+     }
+     if ($dump || $options) {
+         my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index d256646934..67eea6592e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://CVE-2019-1551.patch \
+           file://reproducible.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
-- 
2.17.1

[warrior 4/8] openssl: recommend cryptodev-module for corresponding PACKAGECONFIG

[akuster]

From: Denys Dmytriyenko <denys@ti.com>

Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 57fcf9b517fe95e871122946cb99fe7fa9fd2e26)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 67eea6592e..d656cb3cfa 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -33,7 +33,7 @@ PACKAGECONFIG ?= ""
 PACKAGECONFIG_class-native = ""
 PACKAGECONFIG_class-nativesdk = ""
 
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
 
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"
-- 
2.17.1

[warrior 5/8] openssl: Upgrade 1.1.1d -> 1.1.1e

[akuster]

From: Adrian Bunk <bunk@stusta.de>

Backported patch removed.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 710bc0f8544f54750c8fb7b8affa243932927a24)
[AK: bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openssl/openssl/CVE-2019-1551.patch       | 758 ------------------
 .../{openssl_1.1.1d.bb => openssl_1.1.1e.bb}  |   4 +-
 2 files changed, 1 insertion(+), 761 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1d.bb => openssl_1.1.1e.bb} (97%)

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
deleted file mode 100644
index 0cc19cb5f4..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
+++ /dev/null
@@ -1,758 +0,0 @@
-From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Wed, 4 Dec 2019 12:48:21 +0100
-Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
-
-There is an overflow bug in the x64_64 Montgomery squaring procedure used in
-exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
-suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
-result of this defect would be very difficult to perform and are not believed
-likely. Attacks against DH512 are considered just feasible. However, for an
-attack the target would have to re-use the DH512 private key, which is not
-recommended anyway. Also applications directly using the low level API
-BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
-
-CVE-2019-1551
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/10575)
-
-CVE: CVE-2019-1551
-Upstream-Status: Backport
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
- 1 file changed, 197 insertions(+), 184 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
-index b1797b649f0..7534d5cd03e 100755
---- a/crypto/bn/asm/rsaz-x86_64.pl
-+++ b/crypto/bn/asm/rsaz-x86_64.pl
-@@ -116,7 +116,7 @@
- 	subq	\$128+24, %rsp
- .cfi_adjust_cfa_offset	128+24
- .Lsqr_body:
--	movq	$mod, %rbp		# common argument
-+	movq	$mod, %xmm1		# common off-load
- 	movq	($inp), %rdx
- 	movq	8($inp), %rax
- 	movq	$n0, 128(%rsp)
-@@ -134,7 +134,8 @@
- .Loop_sqr:
- 	movl	$times,128+8(%rsp)
- #first iteration
--	movq	%rdx, %rbx
-+	movq	%rdx, %rbx		# 0($inp)
-+	mov	%rax, %rbp		# 8($inp)
- 	mulq	%rdx
- 	movq	%rax, %r8
- 	movq	16($inp), %rax
-@@ -173,31 +174,29 @@
- 	mulq	%rbx
- 	addq	%rax, %r14
- 	movq	%rbx, %rax
--	movq	%rdx, %r15
--	adcq	\$0, %r15
-+	adcq	\$0, %rdx
- 
--	addq	%r8, %r8		#shlq	\$1, %r8
--	movq	%r9, %rcx
--	adcq	%r9, %r9		#shld	\$1, %r8, %r9
-+	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
-+	addq	%r8, %r8
-+	 movq	%rdx, %r15
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
--	movq	%rax, (%rsp)
--	addq	%rdx, %r8
--	adcq	\$0, %r9
-+	addq	%r8, %rdx
-+	adcq	\$0, %rcx
- 
--	movq	%r8, 8(%rsp)
--	shrq	\$63, %rcx
-+	movq	%rax, (%rsp)
-+	movq	%rdx, 8(%rsp)
- 
- #second iteration
--	movq	8($inp), %r8
- 	movq	16($inp), %rax
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r10
- 	movq	24($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r11
- 	movq	32($inp), %rax
- 	adcq	\$0, %rdx
-@@ -205,7 +204,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -213,7 +212,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -221,7 +220,7 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -229,39 +228,39 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
--	mulq	%r8
-+	mulq	%rbp
- 	addq	%rax, %r15
--	movq	%r8, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r15
--	movq	%rdx, %r8
--	movq	%r10, %rdx
--	adcq	\$0, %r8
-+	adcq	\$0, %rdx
- 
--	add	%rdx, %rdx
--	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
--	movq	%r11, %rbx
--	adcq	%r11, %r11		#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r8
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	 movq	16($inp), %rbp
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	24($inp), %rax
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 16(%rsp)
- 	movq	%r10, 24(%rsp)
--	shrq	\$63, %rbx
- 
- #third iteration
--	movq	16($inp), %r9
--	movq	24($inp), %rax
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r12
- 	movq	32($inp), %rax
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r13
- 	movq	40($inp), %rax
- 	adcq	\$0, %rdx
-@@ -269,7 +268,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
-+	mulq	%rbp
- 	addq	%rax, %r14
- 	movq	48($inp), %rax
- 	adcq	\$0, %rdx
-@@ -277,9 +276,7 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 movq	%r12, %r10
--	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
-+	mulq	%rbp
- 	addq	%rax, %r15
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -287,36 +284,40 @@
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
--	mulq	%r9
--	 shrq	\$63, %r10
-+	mulq	%rbp
- 	addq	%rax, %r8
--	movq	%r9, %rax
-+	movq	%rbp, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r8
--	movq	%rdx, %r9
--	adcq	\$0, %r9
-+	adcq	\$0, %rdx
- 
--	movq	%r13, %rcx
--	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r9
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	 movq	24($inp), %r10
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	32($inp), %rax
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 32(%rsp)
- 	movq	%r12, 40(%rsp)
--	shrq	\$63, %rcx
- 
- #fourth iteration
--	movq	24($inp), %r10
--	movq	32($inp), %rax
-+	mov	%rax, %r11		# 32($inp)
- 	mulq	%r10
- 	addq	%rax, %r14
- 	movq	40($inp), %rax
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %r12		# 40($inp)
- 	mulq	%r10
- 	addq	%rax, %r15
- 	movq	48($inp), %rax
-@@ -325,9 +326,8 @@
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
-+	mov	%rax, %rbp		# 48($inp)
- 	mulq	%r10
--	 movq	%r14, %r12
--	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
- 	addq	%rax, %r8
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
-@@ -336,32 +336,33 @@
- 	adcq	\$0, %rbx
- 
- 	mulq	%r10
--	 shrq	\$63, %r12
- 	addq	%rax, %r9
- 	movq	%r10, %rax
- 	adcq	\$0, %rdx
- 	addq	%rbx, %r9
--	movq	%rdx, %r10
--	adcq	\$0, %r10
-+	adcq	\$0, %rdx
- 
--	movq	%r15, %rbx
--	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
-+	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
-+	addq	%r13, %r13
-+	 movq	%rdx, %r10
-+	adcq	%r14, %r14
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r13
-+	 movq	%r12, %rax		# 40($inp)
- 	adcq	%rdx, %r14
--	adcq	\$0, %r15
-+	adcq	\$0, %rbx
- 
- 	movq	%r13, 48(%rsp)
- 	movq	%r14, 56(%rsp)
--	shrq	\$63, %rbx
- 
- #fifth iteration
--	movq	32($inp), %r11
--	movq	40($inp), %rax
- 	mulq	%r11
- 	addq	%rax, %r8
--	movq	48($inp), %rax
-+	movq	%rbp, %rax		# 48($inp)
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-@@ -369,97 +370,99 @@
- 	addq	%rax, %r9
- 	movq	56($inp), %rax
- 	adcq	\$0, %rdx
--	 movq	%r8, %r12
--	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
- 	addq	%rcx, %r9
- 	movq	%rdx, %rcx
- 	adcq	\$0, %rcx
- 
-+	mov	%rax, %r14		# 56($inp)
- 	mulq	%r11
--	 shrq	\$63, %r12
- 	addq	%rax, %r10
- 	movq	%r11, %rax
- 	adcq	\$0, %rdx
- 	addq	%rcx, %r10
--	movq	%rdx, %r11
--	adcq	\$0, %r11
-+	adcq	\$0, %rdx
- 
--	movq	%r9, %rcx
--	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
-+	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
-+	addq	%r15, %r15
-+	 movq	%rdx, %r11
-+	adcq	%r8, %r8
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r15
-+	 movq	%rbp, %rax		# 48($inp)
- 	adcq	%rdx, %r8
--	adcq	\$0, %r9
-+	adcq	\$0, %rcx
- 
- 	movq	%r15, 64(%rsp)
- 	movq	%r8, 72(%rsp)
--	shrq	\$63, %rcx
- 
- #sixth iteration
--	movq	40($inp), %r12
--	movq	48($inp), %rax
- 	mulq	%r12
- 	addq	%rax, %r10
--	movq	56($inp), %rax
-+	movq	%r14, %rax		# 56($inp)
- 	movq	%rdx, %rbx
- 	adcq	\$0, %rbx
- 
- 	mulq	%r12
- 	addq	%rax, %r11
- 	movq	%r12, %rax
--	 movq	%r10, %r15
--	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
- 	adcq	\$0, %rdx
--	 shrq	\$63, %r15
- 	addq	%rbx, %r11
--	movq	%rdx, %r12
--	adcq	\$0, %r12
-+	adcq	\$0, %rdx
- 
--	movq	%r11, %rbx
--	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
-+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
-+	addq	%r9, %r9
-+	 movq	%rdx, %r12
-+	adcq	%r10, %r10
-+	adcq	\$0, %rbx
- 
- 	mulq	%rax
-+	addq	%rcx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r9
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r10
--	adcq	\$0, %r11
-+	adcq	\$0, %rbx
- 
- 	movq	%r9, 80(%rsp)
- 	movq	%r10, 88(%rsp)
- 
- #seventh iteration
--	movq	48($inp), %r13
--	movq	56($inp), %rax
--	mulq	%r13
-+	mulq	%rbp
- 	addq	%rax, %r12
--	movq	%r13, %rax
--	movq	%rdx, %r13
--	adcq	\$0, %r13
-+	movq	%rbp, %rax
-+	adcq	\$0, %rdx
- 
--	xorq	%r14, %r14
--	shlq	\$1, %rbx
--	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
--	adcq	%r13, %r13		#shld	\$1, %r12, %r13
--	adcq	%r14, %r14		#shld	\$1, %r13, %r14
-+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
-+	addq	%r11, %r11
-+	 movq	%rdx, %r13
-+	adcq	%r12, %r12
-+	adcq	\$0, %rcx
- 
- 	mulq	%rax
-+	addq	%rbx, %rax
-+	adcq	\$0, %rdx
- 	addq	%rax, %r11
-+	 movq	%r14, %rax		# 56($inp)
- 	adcq	%rdx, %r12
--	adcq	\$0, %r13
-+	adcq	\$0, %rcx
- 
- 	movq	%r11, 96(%rsp)
- 	movq	%r12, 104(%rsp)
- 
- #eighth iteration
--	movq	56($inp), %rax
-+	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
-+	addq	%r13, %r13
-+	adcq	\$0, %rbx
-+
- 	mulq	%rax
--	addq	%rax, %r13
-+	addq	%rcx, %rax
- 	adcq	\$0, %rdx
--
--	addq	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
-+	addq	%r13, %rax
-+	adcq	%rbx, %rdx
- 
- 	movq	(%rsp), %r8
- 	movq	8(%rsp), %r9
-@@ -469,6 +472,10 @@
- 	movq	40(%rsp), %r13
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
-+	movq	%xmm1, %rbp
-+
-+	movq	%rax, 112(%rsp)
-+	movq	%rdx, 120(%rsp)
- 
- 	call	__rsaz_512_reduce
- 
-@@ -500,9 +507,9 @@
- .Loop_sqrx:
- 	movl	$times,128+8(%rsp)
- 	movq	$out, %xmm0		# off-load
--	movq	%rbp, %xmm1		# off-load
- #first iteration
- 	mulx	%rax, %r8, %r9
-+	mov	%rax, %rbx
- 
- 	mulx	16($inp), %rcx, %r10
- 	xor	%rbp, %rbp		# cf=0, of=0
-@@ -510,40 +517,39 @@
- 	mulx	24($inp), %rax, %r11
- 	adcx	%rcx, %r9
- 
--	mulx	32($inp), %rcx, %r12
-+	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
- 	adcx	%rax, %r10
- 
--	mulx	40($inp), %rax, %r13
-+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
- 	adcx	%rcx, %r11
- 
--	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
-+	mulx	48($inp), %rcx, %r14
- 	adcx	%rax, %r12
- 	adcx	%rcx, %r13
- 
--	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
-+	mulx	56($inp), %rax, %r15
- 	adcx	%rax, %r14
- 	adcx	%rbp, %r15		# %rbp is 0
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shl	\$1, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rdx, %r8
--	 mov	8($inp), %rdx
--	adcx	%rbp, %r9
-+	mulx	%rdx, %rax, $out
-+	 mov	%rbx, %rdx		# 8($inp)
-+	xor	%rcx, %rcx
-+	adox	%r8, %r8
-+	adcx	$out, %r8
-+	adox	%rbp, %rcx
-+	adcx	%rbp, %rcx
- 
- 	mov	%rax, (%rsp)
- 	mov	%r8, 8(%rsp)
- 
- #second iteration
--	mulx	16($inp), %rax, %rbx
-+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
- 	adox	%rax, %r10
- 	adcx	%rbx, %r11
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
-+	mulx	24($inp), $out, %r8
- 	adox	$out, %r11
-+	.byte	0x66
- 	adcx	%r8, %r12
- 
- 	mulx	32($inp), %rax, %rbx
-@@ -561,24 +567,25 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
- 	adox	$out, %r15
- 	adcx	%rbp, %r8
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r8
-+	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp,%ebp
--	mulx	%rdx, %rax, %rcx
--	 mov	16($inp), %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rcx, %r10
--	adcx	%rbp, %r11
-+	adox	%rbp, %rbx
-+	adcx	$out, %r10
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 16(%rsp)
- 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
- 
- #third iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
-+	mulx	24($inp), $out, %r9
- 	adox	$out, %r12
- 	adcx	%r9, %r13
- 
-@@ -586,7 +593,7 @@
- 	adox	%rax, %r13
- 	adcx	%rcx, %r14
- 
--	mulx	40($inp), $out, %r9
-+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
- 	adox	$out, %r14
- 	adcx	%r9, %r15
- 
-@@ -594,27 +601,28 @@
- 	adox	%rax, %r15
- 	adcx	%rcx, %r8
- 
--	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
-+	mulx	56($inp), $out, %r9
- 	adox	$out, %r8
- 	adcx	%rbp, %r9
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r9
-+	 mov	24($inp), %rdx
- 
--	mov	%r13, %rcx
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
- 	adcx	%rax, %r11
--	adcx	%rdx, %r12
--	 mov	24($inp), %rdx
--	adcx	%rbp, %r13
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	mov	%r11, 32(%rsp)
--	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
-+	mov	%r12, 40(%rsp)
- 
- #fourth iteration
--	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
-+	mulx	32($inp), %rax, %rbx
- 	adox	%rax, %r14
- 	adcx	%rbx, %r15
- 
-@@ -629,25 +637,25 @@
- 	mulx	56($inp), $out, %r10
- 	adox	$out, %r9
- 	adcx	%rbp, %r10
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r10
-+	 mov	32($inp), %rdx
- 
--	.byte	0x66
--	mov	%r15, %rbx
--	shld	\$1, %r14, %r15
--	shld	\$1, %rcx, %r14
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, $out
-+	adox	%r14, %r14
- 	adcx	%rax, %r13
--	adcx	%rdx, %r14
--	 mov	32($inp), %rdx
--	adcx	%rbp, %r15
-+	adox	%rbp, %rbx
-+	adcx	$out, %r14
-+	adcx	%rbp, %rbx
- 
- 	mov	%r13, 48(%rsp)
- 	mov	%r14, 56(%rsp)
- 
- #fifth iteration
--	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
-+	mulx	40($inp), $out, %r11
- 	adox	$out, %r8
- 	adcx	%r11, %r9
- 
-@@ -658,18 +666,19 @@
- 	mulx	56($inp), $out, %r11
- 	adox	$out, %r10
- 	adcx	%rbp, %r11
-+	 mulx	%rdx, %rax, $out
-+	 mov	40($inp), %rdx
- 	adox	%rbp, %r11
- 
--	mov	%r9, %rcx
--	shld	\$1, %r8, %r9
--	shld	\$1, %rbx, %r8
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rcx, %rcx
-+	adcx	%rbx, %rax
-+	adox	%r15, %r15
-+	adcx	%rbp, $out
-+	adox	%r8, %r8
- 	adcx	%rax, %r15
--	adcx	%rdx, %r8
--	 mov	40($inp), %rdx
--	adcx	%rbp, %r9
-+	adox	%rbp, %rcx
-+	adcx	$out, %r8
-+	adcx	%rbp, %rcx
- 
- 	mov	%r15, 64(%rsp)
- 	mov	%r8, 72(%rsp)
-@@ -682,18 +691,19 @@
- 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
- 	adox	$out, %r11
- 	adcx	%rbp, %r12
-+	 mulx	%rdx, %rax, $out
- 	adox	%rbp, %r12
-+	 mov	48($inp), %rdx
- 
--	mov	%r11, %rbx
--	shld	\$1, %r10, %r11
--	shld	\$1, %rcx, %r10
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r9, %r9
-+	adcx	%rbp, $out
-+	adox	%r10, %r10
- 	adcx	%rax, %r9
--	adcx	%rdx, %r10
--	 mov	48($inp), %rdx
--	adcx	%rbp, %r11
-+	adcx	$out, %r10
-+	adox	%rbp, %rbx
-+	adcx	%rbp, %rbx
- 
- 	mov	%r9, 80(%rsp)
- 	mov	%r10, 88(%rsp)
-@@ -703,31 +713,31 @@
- 	adox	%rax, %r12
- 	adox	%rbp, %r13
- 
--	xor	%r14, %r14
--	shld	\$1, %r13, %r14
--	shld	\$1, %r12, %r13
--	shld	\$1, %rbx, %r12
--
--	xor	%ebp, %ebp
--	mulx	%rdx, %rax, %rdx
--	adcx	%rax, %r11
--	adcx	%rdx, %r12
-+	mulx	%rdx, %rax, $out
-+	xor	%rcx, %rcx
- 	 mov	56($inp), %rdx
--	adcx	%rbp, %r13
-+	adcx	%rbx, %rax
-+	adox	%r11, %r11
-+	adcx	%rbp, $out
-+	adox	%r12, %r12
-+	adcx	%rax, %r11
-+	adox	%rbp, %rcx
-+	adcx	$out, %r12
-+	adcx	%rbp, %rcx
- 
- 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
- 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
- 
- #eighth iteration
- 	mulx	%rdx, %rax, %rdx
--	adox	%rax, %r13
--	adox	%rbp, %rdx
-+	xor	%rbx, %rbx
-+	adcx	%rcx, %rax
-+	adox	%r13, %r13
-+	adcx	%rbp, %rdx
-+	adox	%rbp, %rbx
-+	adcx	%r13, %rax
-+	adcx	%rdx, %rbx
- 
--	.byte	0x66
--	add	%rdx, %r14
--
--	movq	%r13, 112(%rsp)
--	movq	%r14, 120(%rsp)
- 	movq	%xmm0, $out
- 	movq	%xmm1, %rbp
- 
-@@ -741,6 +751,9 @@
- 	movq	48(%rsp), %r14
- 	movq	56(%rsp), %r15
- 
-+	movq	%rax, 112(%rsp)
-+	movq	%rbx, 120(%rsp)
-+
- 	call	__rsaz_512_reducex
- 
- 	addq	64(%rsp), %r8
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1e.bb
similarity index 97%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1e.bb
index d656cb3cfa..d016bb67e7 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1e.bb
@@ -16,7 +16,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
-           file://CVE-2019-1551.patch \
            file://reproducible.patch \
            "
 
@@ -24,8 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
-SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+SRC_URI[sha256sum] = "694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe"
 
 inherit lib_package multilib_header ptest
 
-- 
2.17.1

[warrior 6/8] openssl: update to 1.1.1f

[akuster]

From: Alexander Kanavin <alex.kanavin@gmail.com>

This also un-breaks python3 ptest which got broken
with 1.1.1e update.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4ddf5b9d8cd769b7026663f93c8bc69b55d8cbf)
[AK: bugfix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openssl/{openssl_1.1.1e.bb => openssl_1.1.1f.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1e.bb => openssl_1.1.1f.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1e.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1f.bb
index d016bb67e7..204dc7c6fe 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb
@@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe"
+SRC_URI[sha256sum] = "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35"
 
 inherit lib_package multilib_header ptest
 
-- 
2.17.1

[warrior 7/8] openssl: upgrade 1.1.1f -> 1.1.1g

[akuster]

From: Jan Luebbe <jlu@pengutronix.de>

This also fixes CVE-2020-1967.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openssl/{openssl_1.1.1f.bb => openssl_1.1.1g.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1f.bb => openssl_1.1.1g.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1f.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index 204dc7c6fe..a57e09c802 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35"
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
 
 inherit lib_package multilib_header ptest
 
-- 
2.17.1

[warrior 8/8] cve-check: CPE version '-' as all version

[akuster]

From: Lee Chee Yang <chee.yang.lee@intel.com>

CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.

Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.

Non-valid CVE to be whitelisted separately.

[YOCTO #13617]

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c69ee3594079589d27c10db32bc288566ebde9ef)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/classes/cve-check.bbclass                 | 2 +-
 meta/recipes-core/meta/cve-update-db-native.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 01b3637469..0ab022b135 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -214,7 +214,7 @@ def check_cves(d, patched_cves):
                 (_, _, _, version_start, operator_start, version_end, operator_end) = row
                 #bb.debug(2, "Evaluating row " + str(row))
 
-                if (operator_start == '=' and pv == version_start):
+                if (operator_start == '=' and pv == version_start) or version_start == '-':
                     vulnerable = True
                 else:
                     if operator_start:
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 575254af40..1b4f31692b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -122,7 +122,7 @@ def parse_node_and_insert(c, node, cveId):
             product = cpe23[4]
             version = cpe23[5]
 
-            if version != '*':
+            if version != '*' and version != '-':
                 # Version is defined, this is a '=' match
                 yield [cveId, vendor, product, version, '=', '', '']
             else:
-- 
2.17.1