From patchwork Wed Nov 6 15:37:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178725 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp850973ilf; Wed, 6 Nov 2019 08:36:03 -0800 (PST) X-Google-Smtp-Source: APXvYqx/bY/HIiBIhbm1Bm6zITsYD5iOgwsv3Tpfr3d8xtgxB5p44B3jEHON+ckfS9I2LOyBYdl8 X-Received: by 2002:a62:1c89:: with SMTP id c131mr4482145pfc.168.1573058162889; Wed, 06 Nov 2019 08:36:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058162; cv=none; d=google.com; s=arc-20160816; b=zcgLvmohWahhMP5F1ANyrYXI3WkuicEFwDcPsDBXrKBi6LRqbLoe1QBApnHpcmKJo+ uRDOf+XGRAeUvnZvfswOQVCZvZMvImPMga2gYL69z7jtucOBNMGQMXCH1B0pxQ151zvP ufY3Jihk88S01Bp+jYkzxdWHG1nxd6XasY3NT5At7/1dy78zadcuwqmgHiINstGdKBxO OEjkpDYXIibXPyTLF4MW3iKg53Mq2pAxbubjoYXqgSKfoz5jiOmYtUVeC9QUzSr6IHEN 5cYGxPR/9aPW/NfB7RzPWaGRgLx1vSdiExeaFz/A6SHd+ZedOFvBNfZaaB+L46WM77Eo uFGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=3DHinQ5fRr2zmarG4JvJCqITP0opHIF63znnjf0767c=; b=LPs3yuqYBYDNtag34bQB5TwCp8FcuYtzoNrKvVK2N0HZsTzYVli4Zp2ADOmt1gwCXP VkzgTCHjuaqs6CUOhcsvxg1HmASXtWUZ+rt0cUCsIdCYkmUsKWzYsOAedBdFLzg/lUwD JBRxuUBqbYiB2Ef859RhzomFrbTYvFUKgulcehmQKPH8i5WxltSZChxjsR6UE95+CFjm Ey0RVQTZ7cbT4Gq5/HrB/NmU9KDoHQPLxNlB4YI2JKB5i36LxyxWC1uSLmD3zDRUH+KE Drm52bPAt4rPbLjk/od6F+pNT5FQl19X4OhxwroKUUaNlLDTbqTKwYSFOyoiOee9hF8d HqOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Wrzb2BAc; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id a8si26797116plp.342.2019.11.06.08.36.02; Wed, 06 Nov 2019 08:36:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Wrzb2BAc; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 9E6107FBCA; Wed, 6 Nov 2019 16:35:42 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 650C87F838 for ; Wed, 6 Nov 2019 15:38:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=D/dv/wUti9rpfvNIZKsIKcr8DEaJgGF2FzBAbC03Hj0=; b=Wrzb2BAcU/2vgFZ7MPLjhwwH7e bQU2uuoJNpSG438wpB5s1GbD/LpgX3CyRnzA97P3/C5QXuOZ51d/ZG5zH0D2EWzIGC5y22pw8a/Zz 6zcNV258m/t5uECriCD+rFgHo9yisGO+fKQklp8nsWXFljKBR66VpkY2QaQi49B+FLAQoC584CVte YUywKGu6BvFZjI1QTeoMldM/9JuQ7Or7UuWtd1f4bU2s+YkClwUB2Po60mn3KDpYOmmjWIOo9wx6r I94jZCQJmu52Dy/U9bW/0bExxn0xEbDHU56eY9/M99kK9WzBp8SWVGGLEKEeQALqUDHBTk/BzbCnO fad40SDA==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOF-0000A7-5T; Wed, 06 Nov 2019 17:38:35 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO4-0007VA-Vq; Wed, 06 Nov 2019 17:38:24 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:28 +0200 Message-Id: <751d36152e8c743d8623d8096af98c841e2cb233.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 751d36152e8c743d8623d8096af98c841e2cb233.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 13/47] cve-check: remove redundant readline CVE whitelisting X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the tooling wasn't able to detect this version. As we now ship readline 8 we don't need to manually whitelist it, and if we did then the whitelisting should be in the readline recipe. (From OE-Core rev: 07bb8b25e172aa5c8ae96b6e8eb4ac901b835219) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ffd6243..5979edf 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\ glibc-locale \ " -# Whitelist for CVE and version of package -CVE_CHECK_CVE_WHITELIST = "{\ - 'CVE-2014-2524': ('6.3','5.2',), \ -}" +# Whitelist for CVE and version of package. If a CVE is found then the PV is +# compared with the version list, and if found the CVE is considered +# patched. +# +# The value should be valid Python in this format: +# { +# 'CVE-2014-2524': ('6.3','5.2') +# } +CVE_CHECK_CVE_WHITELIST ?= "{}" python do_cve_check () { """