[OE-core] [PATCH] python3-pip: Fix RDEPENDS after the update

[Daiane Angolini]

Fix the following error messages:

   ModuleNotFoundError: No module named 'distutils'

   ModuleNotFoundError: No module named 'colorsys'

Signed-off-by: Daiane Angolini 
---
 meta/recipes-devtools/python/python3-pip_22.1.2.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/python/python3-pip_22.1.2.bb 
b/meta/recipes-devtools/python/python3-pip_22.1.2.bb
index 0573db603d..5fe59a4762 100644
--- a/meta/recipes-devtools/python/python3-pip_22.1.2.bb
+++ b/meta/recipes-devtools/python/python3-pip_22.1.2.bb
@@ -54,6 +54,8 @@ RDEPENDS:${PN} = "\
   python3-unixadmin \
   python3-xmlrpc \
   python3-pickle \
+  python3-distutils \
+  python3-image \
 "
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166827): 
https://lists.openembedded.org/g/openembedded-core/message/166827
Mute This Topic: https://lists.openembedded.org/mt/91714331/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OE-core CVE metrics for kirkstone on Sun 12 Jun 2022 03:00:01 AM HST

[Steve Sakoman]

On Sun, Jun 12, 2022, 5:57 AM Robert Joslyn 
wrote:

>
>
> > On Jun 12, 2022, at 6:02 AM, Steve Sakoman  wrote:
> >
> > Branch: kirkstone
> >
> > New this week: 5 CVEs
> > CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 *
> > CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
> > CVE-2022-1942 (CVSS3: 7.8 HIGH): vim
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
> > CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
> > CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *
>
> CVE-2022-27778 doesn’t apply to the curl versions in kirkstone or dunfell
> (master already has the fixed version). It looks like the NVD doesn’t quite
> have the right version ranges based on what the curl developers have
> published. I’ve sent an email to hopefully get the NVD updated.
>

Thanks Robert!

Steve

>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166826): 
https://lists.openembedded.org/g/openembedded-core/message/166826
Mute This Topic: https://lists.openembedded.org/mt/91705261/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OE-core CVE metrics for kirkstone on Sun 12 Jun 2022 03:00:01 AM HST

[Robert Joslyn]

> On Jun 12, 2022, at 6:02 AM, Steve Sakoman  wrote:
> 
> Branch: kirkstone
> 
> New this week: 5 CVEs
> CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 *
> CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
> CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
> CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
> CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *

CVE-2022-27778 doesn’t apply to the curl versions in kirkstone or dunfell 
(master already has the fixed version). It looks like the NVD doesn’t quite 
have the right version ranges based on what the curl developers have published. 
I’ve sent an email to hopefully get the NVD updated.

Thanks,
Robert


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166825): 
https://lists.openembedded.org/g/openembedded-core/message/166825
Mute This Topic: https://lists.openembedded.org/mt/91705261/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for kirkstone on Sun 12 Jun 2022 03:00:01 AM HST

[Steve Sakoman]

Branch: kirkstone

New this week: 5 CVEs
CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 *
CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *

Removed this week: 16 CVEs
CVE-2022-1210 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1210 *
CVE-2022-1587 (CVSS3: 9.1 CRITICAL): libpcre2:libpcre2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1587 *
CVE-2022-1621 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1621 *
CVE-2022-1629 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1629 *
CVE-2022-1674 (CVSS3: 5.5 MEDIUM): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1674 *
CVE-2022-1733 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1733 *
CVE-2022-1735 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1735 *
CVE-2022-1769 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1769 *
CVE-2022-1771 (CVSS3: 5.5 MEDIUM): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1771 *
CVE-2022-1785 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1785 *
CVE-2022-1796 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1796 *
CVE-2022-1851 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1851 *
CVE-2022-1886 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1886 *
CVE-2022-1898 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1898 *
CVE-2022-29458 (CVSS3: 7.1 HIGH): ncurses:ncurses-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29458 *
CVE-2022-29824 (CVSS3: 6.5 MEDIUM): libxslt:libxslt-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29824 *

Full list:  Found 14 unpatched CVEs
CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-3750 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3750 *
CVE-2022-0529 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
CVE-2022-0530 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
CVE-2022-1183 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1183 *
CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 *
CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *
CVE-2022-30065 (CVSS3: 7.8 HIGH): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30065 *


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166824): 
https://lists.openembedded.org/g/openembedded-core/message/166824
Mute This Topic: https://lists.openembedded.org/mt/91705261/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for dunfell on Sun 12 Jun 2022 02:30:01 AM HST

[Steve Sakoman]

Branch: dunfell

New this week: 5 CVEs
CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 *
CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *

Removed this week: 3 CVEs
CVE-2021-30560 (CVSS3: 8.8 HIGH): libxslt:libxslt-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30560 *
CVE-2022-1587 (CVSS3: 9.1 CRITICAL): libpcre2:libpcre2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1587 *
CVE-2022-29824 (CVSS3: 6.5 MEDIUM): libxslt:libxslt-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29824 *

Full list:  Found 84 unpatched CVEs
CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2020-13754 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754 *
CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 *
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 *
CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 *
CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27661 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 *
CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 *
CVE-2020-27821 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27821 *
CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 *
CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 *
CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 *
CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-27918 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27918 *
CVE-2021-28544 (CVSS3: 4.3 MEDIUM): subversion 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28544 *
CVE-2021-31525 (CVSS3: 5.9 

[OE-core] OE-core CVE metrics for master on Sun 12 Jun 2022 02:00:01 AM HST

[Steve Sakoman]

Branch: master

New this week: 3 CVEs
CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *

Removed this week: 0 CVEs

Full list:  Found 10 unpatched CVEs
CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2022-0529 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
CVE-2022-0530 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 *
CVE-2022-1942 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 *
CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 *
CVE-2022-29458 (CVSS3: 7.1 HIGH): ncurses:ncurses-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29458 *
CVE-2022-30065 (CVSS3: 7.8 HIGH): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30065 *


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166822): 
https://lists.openembedded.org/g/openembedded-core/message/166822
Mute This Topic: https://lists.openembedded.org/mt/91704462/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-