From patchwork Mon Nov 4 14:26:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 178430 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1554582ilf; Mon, 4 Nov 2019 06:27:08 -0800 (PST) X-Google-Smtp-Source: APXvYqx2ZMRA9+DisOyoyQe4OnmXXqM6Lckqhlh8/GztAMy/a/LpV8Ffsf0NhOhhY49uxt6tPpS1 X-Received: by 2002:a62:b504:: with SMTP id y4mr18616702pfe.124.1572877627986; Mon, 04 Nov 2019 06:27:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572877627; cv=none; d=google.com; s=arc-20160816; b=Pjl5KHbxeupvaPvgTgnTz/xjnkbRX50oHIGqnDKbpaauKPlCVarZxlBWTZ/M7I95/i pkm9yqNi70hVlbAqt5KMYJPGK/Je3kjOzyfooDPuc5vU9c5xgHpyGZfm6tlNfUt+tYwy usGYirNr+FZ3aylRkVwuRWNxPUx970P2alyWa/JTPaT0daB1P5vzgleOY7qO3MXusFC8 qq43QWAM8Liywus+Cd5jhDGoNjEdeSM5aAc1Bb6mXmGje4CvXips8/lEkhja/g1sfbU2 LqVHxYPYXYRCaev4livih3WjHesNKCUZmVO8PaXcV8uwgngGcPtfY/T73MLZI94h1f0Z Z+xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=fOjctsKHXn/Dz/058EOgwEIL0SQlMfVUMF1cG7iy7Yo=; b=Hm3sbydjmD31gYjbZrVE/+5d9AmzP35oVJc+8H1qoYDrnBUe4Z3Fjk0dCRJ5oGWW9W plcdoUio1QeBN41AOJezyWR51yf2DhAOkXvbZlRAxnrRIebLtLZCUFicaxktFk+SPuOf eO8bwwoEjXrfIzpoQkQHmuNKqfCApEeeFqUgjFoCqB2N8Ol+ut61k4a9U4HOpzd9kslx Wst4eB4M2O2PUNuTsLEA1JwEMZdTZekeBr9pTfmzaakxITLUFXET5VcldAFaW8NBuS9D l7JUQbrQgr4aAT4UrJBoYHOVwuPDqDRnbIOkZ5dSrgHplOiH2rbVRIKOjPqu0iSMyZtT y8bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=HsfexEHs; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id 2si22392446pld.6.2019.11.04.06.27.07; Mon, 04 Nov 2019 06:27:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=HsfexEHs; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id EB88E7F8D0; Mon, 4 Nov 2019 14:27:02 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mail.openembedded.org (Postfix) with ESMTP id 2D7D07F8B1 for ; Mon, 4 Nov 2019 14:26:59 +0000 (UTC) Received: by mail-wr1-f54.google.com with SMTP id w18so17339171wrt.3 for ; Mon, 04 Nov 2019 06:27:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=qzhcPzhbRcK3U+HEebUClC4GqRLxqaMypHSwoqOltTQ=; b=HsfexEHsIFyBjQq+bPgdVO8KZBzQJiDNRIgVcbZe5W7+AbHRnIAsZSN7F/ZTATByNG Fyd0qF/O7rS9IsnwzDNW1sgJg37o4APcPLZMVVmryKTCSelPXvTM742ex5JN00fz+zWE NnnP7NaAnCIRV59qf+BnSUGR2b/Kr7v0rFhjuSgqHg5HZo0ME3d4ZNk7VcnjAeN4Lg9a sj7R8VgjzAxo6UIebvfXrKR4X/WN2wetYk4pwlHqFZFQBWA8hkSa3WmNNVtNtswweMqv OOaYrsN7LcB8BNv7R4HNKh727UYPz5VzdJVdmsiBoNgiZdoNeIOz5vhBbLlU7/szc5C2 Eqdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qzhcPzhbRcK3U+HEebUClC4GqRLxqaMypHSwoqOltTQ=; b=EF+zgyDeJIVNerThEbLpw8WPJoeI0yNpUKXMA9ZHklZkqiRjliDpeBeT0yN8eVCG+v TD9igxY/wslmDV5S8yUK3zNrGGYNkx7emttx/8SwzSPbgo489PegQkAEmelGqlfSgbRH JVAndXP5d729jL6TDW04mtvjMTK05vWs/qPsnvHjWaKcllY2la35Ec/wfrB+35cATw8Y Vy5Q2IX7cvYF+rrjzxYvdmLBkLEbbQrCfBnkcpREqgh3FCfol7M66+vQ5xP+MHD8Ftdu HdoDy/qrC8Su5NPSyOaAbfnntnHsBBRf4JnJYVPvfGff8O4DlQ3OKUnkXwNb7AAshipi tgtQ== X-Gm-Message-State: APjAAAXcw1CrEPPMu5U34UBEE+tVLkYs67wK2y7Jxl2C2JyYK4XQhgCg H4KI33GSrciX+KEe6htcEAigJ/eEaGw= X-Received: by 2002:a5d:6cb0:: with SMTP id a16mr6039405wra.194.1572877619707; Mon, 04 Nov 2019 06:26:59 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d4sm26873251wrc.54.2019.11.04.06.26.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 06:26:59 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 14:26:53 +0000 Message-Id: <20191104142654.20440-2-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191104142654.20440-1-ross.burton@intel.com> References: <20191104142654.20440-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH v2 2/3] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. Signed-off-by: Ross Burton --- meta/recipes-extended/procps/procps_3.3.15.bb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb index 9756db0e7b7..f240e54fd84 100644 --- a/meta/recipes-extended/procps/procps_3.3.15.bb +++ b/meta/recipes-extended/procps/procps_3.3.15.bb @@ -4,9 +4,9 @@ the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill HOMEPAGE = "https://gitlab.com/procps-ng/procps" SECTION = "base" LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ - " +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ + " DEPENDS = "ncurses" @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121"