From patchwork Sun Nov 10 14:54:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anuj Mittal X-Patchwork-Id: 179039 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp5471451ilf; Sun, 10 Nov 2019 06:55:13 -0800 (PST) X-Google-Smtp-Source: APXvYqwfyBKhXXH7RFc+a9dX8iLLAYc4+lBkrolbMQwbrw//4M59wip0opxJnCAGseWybf7sNvPT X-Received: by 2002:a17:90a:7109:: with SMTP id h9mr24489745pjk.54.1573397713067; Sun, 10 Nov 2019 06:55:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573397713; cv=none; d=google.com; s=arc-20160816; b=By5GzUpWcaRINRv0xIAPHWilYqXTZHu8r9D5CstqhdB6xhnc+bEqQEblAO1uYiICWg eyjHk0ShVuY1QyyQsdcm8J3K+JiA5zhLkv4eQmmv/nioLOSVygksR2MK6kVOeB/dJFPr f8rN6m+Hl/kpUsHFga5Ut3tBUw7RCnzZXD8J0DqKH5ycko7cxsYOnBnC5KxRYY04bjSA 5fpn0tpE/zd7o9sD+KTEP1USRX2S+4WIEjLBdyNUSJ1hxTImE9TjMowYNiS/kcbGQTlY H2I8wUMHnmWlah/ysLg8tSJKIaIFeDkmr0haKrXPjpXckmHBB8t+LZAnURXTcagrAoVd atyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :delivered-to; bh=JRSxWMXp3vMZmClmSbK45DcZQRWH9/T2G7Obz5GfNjI=; b=owvGs5Em9ZcZ8TAp39sB4gEcTDGF5aHp4eBXD39x6+yWg9NNL15UIbGs+AMX8lprfI 1R0Bem45L1rHWEMOvyJvLn41V5yaOF5AAW7XeFZI+0RvYAhzgww4vRGuD+rZsi6axe1Q yzZ9WLnhkX6MFvq0ex2VUD+x1AnfRMtrEflzLq6XrdUQz/taLKD/OHKNwacjC3xyly43 pUWhLkBD6lIa6yL170C3mKMIpW2+wbepct8a1rR18EaSO2yiLGx1CWt8LOgnCL3xuXft /0uEFRF/DiHWjPYuOWTF8UJ+z/6Adk7i3Zgkp75o3Ln7EGXaC+fRQ8TvqJ3BRAawAw9m 4iyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id c9si13376134plz.431.2019.11.10.06.55.12; Sun, 10 Nov 2019 06:55:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 15F2A7FA0C; Sun, 10 Nov 2019 14:54:55 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mail.openembedded.org (Postfix) with ESMTP id 4495D7F97E for ; Sun, 10 Nov 2019 14:54:42 +0000 (UTC) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:43 -0800 X-IronPort-AV: E=Sophos;i="5.68,289,1569308400"; d="scan'208";a="197423079" Received: from wkwak-mobl1.gar.corp.intel.com (HELO anmitta2-mobl1.gar.corp.intel.com) ([10.252.8.93]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2019 06:54:41 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Date: Sun, 10 Nov 2019 22:54:13 +0800 Message-Id: <20191110145416.5171-5-anuj.mittal@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191110145416.5171-1-anuj.mittal@intel.com> References: <20191110145416.5171-1-anuj.mittal@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 4/7] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal --- meta/recipes-extended/procps/procps_3.3.15.bb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- 2.21.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb index 9756db0e7b..f240e54fd8 100644 --- a/meta/recipes-extended/procps/procps_3.3.15.bb +++ b/meta/recipes-extended/procps/procps_3.3.15.bb @@ -4,9 +4,9 @@ the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill HOMEPAGE = "https://gitlab.com/procps-ng/procps" SECTION = "base" LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ - " +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ + " DEPENDS = "ncurses" @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121"