From patchwork Wed Nov 13 15:31:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 179319 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp9759508ilf; Wed, 13 Nov 2019 07:33:22 -0800 (PST) X-Google-Smtp-Source: APXvYqz+61D7a7SIO6qDfCzEshd8Y5zE3svbkiw0dPesHKD3I7dJ1ccsESyNfmQRgJMyJI3T9rms X-Received: by 2002:a65:628f:: with SMTP id f15mr3252886pgv.91.1573659202372; Wed, 13 Nov 2019 07:33:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573659202; cv=none; d=google.com; s=arc-20160816; b=ZIzdZB484JayBB8Mvajc218UfOpijIi5Ir9zPbLT6hoGZuLTnGsPfD4d/xzMiNFKG9 XBcrjLGOFBT5LMTrYHX77BsRUv+S8KE2mnPhxcBLhCkkZ9D67P7i6yc5d5pPUq0YReav 01YOynlQowG5kp8gpV2lPAAKvhvuQA+PW9Ry38aGt1Kc6MDrVWIIG83rX6UW3PUuPNcv ikGDsjF1BSyU1l7OfnnATTCC0juSK6iX5WZw+Cagk23Lm4kGhahDhaqsqsBQsqhXosxH /KAxGgJTdQL3EcXUcuUNEWBP5LdrLqs/PV7uAKevd8DJd118+PtOB+jXQyIQVyl7D7ln OoFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=RY5fCIsLe6PbbGnSQaP5RJNZttC1DHVT39xemo1qpV0=; b=ngULQ7qfrpEJotk/vkt8ne2wgfTuJtN6bqWZgziOETaEmZJA22E05g+K8sqdNQ+h99 erh4KGotcVQOw8rmgH1EE/WEYlWf1Kgm1T2mScKkhqM4jcDH0mLkrXSkb2mzCg076DDm f+/HKXtn7L5VghzKzhQMxd3x/BPBznMqF1zBuG+gN9u8vfgZEgd4l9td8l0WUAk3hYmz frbHJ9nndqyy7NhtsF57wfXzYmR8MYHg9gvELq4H33sr3FYTAq0WKRntjfUHWRbPIzbU E3qXwkX6i+J1U0eGmmCVwRuySSbmH3B18SiHMmYgJAqYEKGRRtvZ0U68VkTG8i7t6SZM hYAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=PxFKEnjz; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id m143si3258052pfd.184.2019.11.13.07.33.22; Wed, 13 Nov 2019 07:33:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=PxFKEnjz; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 2A22F7F7D3; Wed, 13 Nov 2019 15:32:40 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mail.openembedded.org (Postfix) with ESMTP id 993CA6C102 for ; Wed, 13 Nov 2019 15:32:30 +0000 (UTC) Received: by mail-pg1-f179.google.com with SMTP id q17so1584315pgt.9 for ; Wed, 13 Nov 2019 07:32:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=Hp5mhSTL0N1bRzREMD5gYau4boxvXGcw3NDt2vJCkfU=; b=PxFKEnjz9Ti0AyeBItCTk0xuLqtQ/hoC9LEeLpap7Gdb43PRZmXW9xkgeoCX01WL45 ooIYm7tAFSyV3me3/gChfAQ70GDq7cTFDWeQL6Z3jBZVuhnNSUTOSSUZsQk0Fwxga/Zp tsrQahcpp6dCXUD8+YRgPwSxC0hWlpVu9QxrpMegzYrzCSuaZd+O7qxR6BAifr5DTAs6 g/Oicp6H/+UEewWzXmjvM/bFEBDa+6zelMy0VzP2Bogpp42saGR6lNLgNFjRLpN1UWfd diW65E4b8AKOw5wqdszxWQZt9OMTg0dIRp9HW3Q6vpI7zlWNIeawjLfEnYc/G+DHcNS5 vwOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=Hp5mhSTL0N1bRzREMD5gYau4boxvXGcw3NDt2vJCkfU=; b=Fvh+bQqovo9PudqRbm9I/XFF02aloZj+tXrWnnGxSbwgy92DoBAhB4b6p0NSPke3Cy 2V46o3JI4NvQQ4h6x8MnGKYptxyycxigtS3G/arP5N0HxafKH0F3SR+PS+NMCjZfcrgk Is8oLw7axC/T7KfYJfXh9cAgHLcDxtFpHdnHgRlwQcTaPfti9GWGwN6IzNHsVfemKnHm +lAN8SVyQETsuZjy222/o/UmbJyaUFgGmRxYX7f4BcQXFnj947Osr1ROVs1yqnTvZkEQ CddesivKYtMJC7N5IzDuTzfw9YqEb6OcknC8VD4wLYrF90+L/gjvE5SX8GSyebXPIzmb 9+ZQ== X-Gm-Message-State: APjAAAWtrKwaCunTnl6QmN3xoMYnmYoaXc4ylTI0Rw8ego4X+stGvEVh iL/XVzAaYSQc1Bn5NcOm4Td/JaFD X-Received: by 2002:a63:f441:: with SMTP id p1mr4355775pgk.362.1573659151483; Wed, 13 Nov 2019 07:32:31 -0800 (PST) Received: from akuster-ThinkPad-T460s.mvista.com ([2601:202:4180:a5c0:2cf9:53ea:e6ab:d378]) by smtp.gmail.com with ESMTPSA id s18sm3713613pfm.27.2019.11.13.07.32.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 13 Nov 2019 07:32:30 -0800 (PST) From: Armin Kuster To: openembedded-core@lists.openembedded.org Date: Wed, 13 Nov 2019 07:31:48 -0800 Message-Id: <16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d.1573658916.git.akuster808@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: Subject: [OE-core] [zeus 06/31] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal --- meta/recipes-extended/procps/procps_3.3.15.bb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb index 9756db0..f240e54 100644 --- a/meta/recipes-extended/procps/procps_3.3.15.bb +++ b/meta/recipes-extended/procps/procps_3.3.15.bb @@ -4,9 +4,9 @@ the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill HOMEPAGE = "https://gitlab.com/procps-ng/procps" SECTION = "base" LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ - " +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ + " DEPENDS = "ncurses" @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121"