From patchwork Tue Jul 16 12:46:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 169057 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp809559ilk; Tue, 16 Jul 2019 05:46:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqwo7XPUjFvioqfwhMjjSWCc2Q61CQ0VGfM5+8FAQ6hbls3xKQKJFPWmRYswCmngWV3ipqaB X-Received: by 2002:a17:902:ba8b:: with SMTP id k11mr35080094pls.107.1563281215728; Tue, 16 Jul 2019 05:46:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563281215; cv=none; d=google.com; s=arc-20160816; b=cOGOBbe1gqbVNSUDa3pOSAbZyMBNyROklu7GaGI/PnJxpP09OJnplGWPy2ppzwoZG2 jRx00h02QhTKhEfrHE5OIxrxXSttViPdKoKZ4jIMbeNgYN8GCb0JLw8FMvCLW5OmcHMs bVrjx5sEc3/646Qo5aVNGF+B9B6jDix4Tlr0th4D6KwhhjJCg1219wVkTboHWjrUiJG+ AmhV9y/7gdgYRO59zTD9vucoYhtvZ/G3h2BnhSt4n9XqgKRa1nW+rB63Gd9F0rj3wlVm 5fr60IoCfLa4qBNIra+CJQeDMuNjvyBNHzNI09I9r0LIURP7C34aFeYqWe50z6AJn3mG 9kaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=og/6b1bDJ7yoVGZRqpPmioe8AemYlSLD5du6pLF0Qas=; b=kPEns/MA7zgvp5C+q0DQEyBqEJI9DrhRfna9ydCUzi4mjAPcLBgVq0xBYv79+AtTby 6PmkL8286c1j1/1rDkMxc9kFko6CuXV9qecfmUKzwKz3POyVfSbnr0pxHUWU498PjI5f ehv6WOLbgR/pB/JzqEdvOsztzQiD2jUxiCBsyz/IfyjRNFOed9/tuERSeg10dRrkMmH5 EisaMVcSzMyXGAVQf4NZZVnqAeWIJSQdvme9TlBie49MQq++WwVax3gFyAxjPY5x37f1 jccfEG9APL08VcZPMarBvAkNIFK2uOgkepMMmV7oiE/LKaEvfeoYuAO85nf7/xeBwEdK XK8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=sshcKQCg; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id i188si20142297pfe.96.2019.07.16.05.46.55; Tue, 16 Jul 2019 05:46:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=sshcKQCg; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 1D07B7E467; Tue, 16 Jul 2019 12:46:49 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by mail.openembedded.org (Postfix) with ESMTP id 7BEDA7E467 for ; Tue, 16 Jul 2019 12:46:47 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id p17so20777505wrf.11 for ; Tue, 16 Jul 2019 05:46:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=Zxnw26pXT7BWJoNZngNpcaJQUuXdH8knUN2cRx4JfbY=; b=sshcKQCgkdn9vBbj+odhAAl2n2GuTprEf8vRR3tr25DypBPn3EUFXTWwOovzZTnzi8 hD8PZUtcTw5MUJMlxhRmBSI0iTNbvz1ZJU+S0VCJ23By+5PUN2c+JQWwsoS1XkL00caf QGJFFO8OoPgV62z6WzgLAhBZTCHu3wNaK0GDpthcT2F2Sm5MR1GRKqTao2Y4MbnqzB4x T6J2fL1AZElnefSwHzFfF4Sb9/8Hv7u1KQ+WGGOzgoSGjMKO9pOc16HuXNuppvnZ204n ip/LCg+HkAStBWjyNWnU6c68+S22/nZd8UcF6lRUAy/RMoKxng0eMt8NWIp/kvozGbOH fnkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=Zxnw26pXT7BWJoNZngNpcaJQUuXdH8knUN2cRx4JfbY=; b=IiHBKebXTHu6b9Wllpi53w4e57IgKlMNzykeK7cz/8IhOUrzufbWrv1lKGocmHV+nR 00gNAcXQgqtRAa+VdKF5d9KznbHR6G7zf9WW/SpKua2P2FpTVL5EISQk+FMn6yxMdej/ 9xGqcUj3IOD+kalnTqj1LmRYHGRrGbrPFGpXNWrJ8HQWFYX4RZTcp3C5dXSOGw2EY9ff 4SDQHnfv+YMCAa91Cs8P30EuWG8KJVaP7ydHn1CeoAkijdjZX4vDMk7o3b4Hh7JXtWyM uh42tLr3ociisydi4eNUQcw8zFt/Cbnfb55leA3Vyljf5OyE20NdcZReiHz3lBqnekLd 9UFQ== X-Gm-Message-State: APjAAAUwpm/OQkKaVKgfaIhvjxJO94l8nSbqUphh2J8au2lbx4bI88bR OFkmFXflZ72BCqjAnSNgKDpiNZLTMkY= X-Received: by 2002:a5d:680d:: with SMTP id w13mr36669784wru.141.1563281207875; Tue, 16 Jul 2019 05:46:47 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id t3sm13517989wmi.6.2019.07.16.05.46.46 for (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 16 Jul 2019 05:46:46 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 16 Jul 2019 13:46:43 +0100 Message-Id: <20190716124643.22183-1-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [OE-core] [PATCH] cve-check: remove redundant readline CVE whitelisting X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the tooling wasn't able to detect this version. As we now ship readline 8 we don't need to manually whitelist it, and if we did then the whitelisting should be in the readline recipe. Signed-off-by: Ross Burton --- meta/classes/cve-check.bbclass | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ffd624333f6..5979edf3d17 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\ glibc-locale \ " -# Whitelist for CVE and version of package -CVE_CHECK_CVE_WHITELIST = "{\ - 'CVE-2014-2524': ('6.3','5.2',), \ -}" +# Whitelist for CVE and version of package. If a CVE is found then the PV is +# compared with the version list, and if found the CVE is considered +# patched. +# +# The value should be valid Python in this format: +# { +# 'CVE-2014-2524': ('6.3','5.2') +# } +CVE_CHECK_CVE_WHITELIST ?= "{}" python do_cve_check () { """