From patchwork Wed Nov 6 15:37:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178729 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp857505ilf; Wed, 6 Nov 2019 08:41:10 -0800 (PST) X-Google-Smtp-Source: APXvYqzi5i8No6DOKopPtI0RzqXL2vqqxorheiMx2q5oNUZf4QM8rCnT6HqQssxnySD71szOh2Yz X-Received: by 2002:a17:902:8ecc:: with SMTP id x12mr3630266plo.134.1573058469831; Wed, 06 Nov 2019 08:41:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058469; cv=none; d=google.com; s=arc-20160816; b=Er3FfRVJ9CKedaNApiV29kak+HjUnvjEoIXA1tWzI6Kiko5GjBjVmwh+f5wyxdVx2H 4lyxdfOxJpin/BboLBzFx3CmDtepBHj1wdParK1Ilnbc9I6INvedf4iID+ZhzTzVJBXK np5YAxFle7ZkaE7/iyMmzw+4R2/Lhg/agoXHElnjofh0ZfTgDMFpIjCpjvZVUWiJKaad ghs9N4yUnUKUNWXoDuUDqzsB4miAo/5zFFk3wwfHEFVXQd5O17sElqjqqs9cKH+ZAHue v7w9Oakci6CCz8M/fbKsVJBe3V6qpgFzFJPfrxufZeg4QYRgQvsEGnuOQ37ONkOhRepY caug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=+8G8spdddcddi/7qDKuNnZFH421AlX63BTQkk3Y5+k4=; b=zRn9k/9iaW+o2Jfeixa13SynYiceLeo+Czj0NNiCV9TNDAbOcVd0zzXCnLyi7BF4LD LThPtrzVtAY6VewzXtgW7U76yytEDOIZle11cSxbym2GyY36Cx3BjmMYJ5J8pqkQvn3Y vO7e3/nEi6HGjYB/YSYWW98Jn0LbLGtznTteBrBMFU/dQERDpc6N6u+f4b33OSTl60Xh wkFsEqWqX8nFPaoTdiBf0CFLEWOXF3zbjk07BEgr967/MfFEGsKGNIX5jlJsbDNpESSt LR+QFySX5ykTOvy47zuk8jpKb0oyrJCQq0qrEwbgQkg2ZzkHyR2Td4nnXAd9EUO6HTna /sxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=auR5FsDR; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s15si14850243plq.44.2019.11.06.08.41.09; Wed, 06 Nov 2019 08:41:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=auR5FsDR; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 5BAC57F87C; Wed, 6 Nov 2019 16:40:49 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 0428A7F859 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=Subject:References:In-Reply-To:Message-Id:Date:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=t7mqpSH0w+7hf8L+mYTTuLgoz7hUOksc4x9MLiM8LUg=; b=auR5FsDRB2b31/g8giGIHHyA8y pVqTKhag76LAqlIveIOhDlGCvfgBsBMZ09fszHtqsOQ6PG/Wipa6isyCP1hignXtiyU0Eb3Wz/bFi uMf2mjipFZN8eL2Ovf5e6jLIMvPV6vXCG19/5drxK4zWFx9ZbtbOhfvaG7J/UJxdlwJTe5D5aILde ynEfuGPxNnJjbTvbXs/khLxBdNZNx4NyXMpbDb0Uc3DIKfrd8XFoqWtmDM+sH+qmVvtWgcAOufpbJ iQuaoKuTSiJfKFUK15U8HdshF2ZcV8hax9e4LamCU8DlbXmF6jZnFYPvLYmCsv71D4RnHSgdakEFu Hm8F6/SA==; Received: from [2001:67c:1be8::12] (helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOO-00009n-Lp; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO4-0007UT-GU; Wed, 06 Nov 2019 17:38:24 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:22 +0200 Message-Id: <362131f7b0967da825c47df6a6a136408054bce9.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 8.3 (++++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: FROM_HAS_DN(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: TO_DN_SOME(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.19) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: HFILTER_HOSTNAME_UNKNOWN(2.50) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf allow Message-ID: 362131f7b0967da825c47df6a6a136408054bce9.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++++ X-SA-Exim-Connect-IP: 2001:67c:1be8::12 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,SPF_HELO_NONE,SPF_NEUTRAL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000) X-SA-Exim-Scanned: Yes (on mail.kapsi.fi) Subject: [OE-core] [PATCH RFC CFH][sumo 07/47] cve-check: be idiomatic X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Instead of generating a series of indexes via range(len(list)), just iterate the list. (From OE-Core rev: 27eb839ee651c2d584db42d23bcf5dd764eb33f1) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 379f712..1e7e8dd 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -170,18 +170,19 @@ def check_cves(d, patched_cves): cves_unpatched = [] # CVE_PRODUCT can contain more than one product (eg. curl/libcurl) - bpn = d.getVar("CVE_PRODUCT").split() + products = d.getVar("CVE_PRODUCT").split() # If this has been unset then we're not scanning for CVEs here (for example, image recipes) - if len(bpn) == 0: + if not products: return ([], []) pv = d.getVar("CVE_VERSION").split("+git")[0] - cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) # If the recipe has been whitlisted we return empty lists if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split(): bb.note("Recipe has been whitelisted, skipping check") return ([], []) + cve_whitelist = ast.literal_eval(d.getVar("CVE_CHECK_CVE_WHITELIST")) + import sqlite3 db_file = d.getVar("CVE_CHECK_DB_FILE") conn = sqlite3.connect(db_file) @@ -190,8 +191,8 @@ def check_cves(d, patched_cves): query = """SELECT * FROM PRODUCTS WHERE (PRODUCT IS '{0}' AND VERSION = '{1}' AND OPERATOR IS '=') OR (PRODUCT IS '{0}' AND OPERATOR IS '<=');""" - for idx in range(len(bpn)): - for row in c.execute(query.format(bpn[idx],pv)): + for product in products: + for row in c.execute(query.format(product, pv)): cve = row[1] version = row[4] @@ -200,15 +201,15 @@ def check_cves(d, patched_cves): except: discardVersion = True - if pv in cve_whitelist.get(cve,[]): - bb.note("%s-%s has been whitelisted for %s" % (bpn[idx], pv, cve)) + if pv in cve_whitelist.get(cve, []): + bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) elif cve in patched_cves: bb.note("%s has been patched" % (cve)) elif discardVersion: bb.debug(2, "Do not consider version %s " % (version)) else: cves_unpatched.append(cve) - bb.debug(2, "%s-%s is not patched for %s" % (bpn[idx], pv, cve)) + bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve)) conn.close() return (list(patched_cves), cves_unpatched) From patchwork Wed Nov 6 15:37:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178725 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp850973ilf; Wed, 6 Nov 2019 08:36:03 -0800 (PST) X-Google-Smtp-Source: APXvYqx/bY/HIiBIhbm1Bm6zITsYD5iOgwsv3Tpfr3d8xtgxB5p44B3jEHON+ckfS9I2LOyBYdl8 X-Received: by 2002:a62:1c89:: with SMTP id c131mr4482145pfc.168.1573058162889; Wed, 06 Nov 2019 08:36:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058162; cv=none; d=google.com; s=arc-20160816; b=zcgLvmohWahhMP5F1ANyrYXI3WkuicEFwDcPsDBXrKBi6LRqbLoe1QBApnHpcmKJo+ uRDOf+XGRAeUvnZvfswOQVCZvZMvImPMga2gYL69z7jtucOBNMGQMXCH1B0pxQ151zvP ufY3Jihk88S01Bp+jYkzxdWHG1nxd6XasY3NT5At7/1dy78zadcuwqmgHiINstGdKBxO OEjkpDYXIibXPyTLF4MW3iKg53Mq2pAxbubjoYXqgSKfoz5jiOmYtUVeC9QUzSr6IHEN 5cYGxPR/9aPW/NfB7RzPWaGRgLx1vSdiExeaFz/A6SHd+ZedOFvBNfZaaB+L46WM77Eo uFGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=3DHinQ5fRr2zmarG4JvJCqITP0opHIF63znnjf0767c=; b=LPs3yuqYBYDNtag34bQB5TwCp8FcuYtzoNrKvVK2N0HZsTzYVli4Zp2ADOmt1gwCXP VkzgTCHjuaqs6CUOhcsvxg1HmASXtWUZ+rt0cUCsIdCYkmUsKWzYsOAedBdFLzg/lUwD JBRxuUBqbYiB2Ef859RhzomFrbTYvFUKgulcehmQKPH8i5WxltSZChxjsR6UE95+CFjm Ey0RVQTZ7cbT4Gq5/HrB/NmU9KDoHQPLxNlB4YI2JKB5i36LxyxWC1uSLmD3zDRUH+KE Drm52bPAt4rPbLjk/od6F+pNT5FQl19X4OhxwroKUUaNlLDTbqTKwYSFOyoiOee9hF8d HqOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Wrzb2BAc; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id a8si26797116plp.342.2019.11.06.08.36.02; Wed, 06 Nov 2019 08:36:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Wrzb2BAc; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 9E6107FBCA; Wed, 6 Nov 2019 16:35:42 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 650C87F838 for ; Wed, 6 Nov 2019 15:38:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=D/dv/wUti9rpfvNIZKsIKcr8DEaJgGF2FzBAbC03Hj0=; b=Wrzb2BAcU/2vgFZ7MPLjhwwH7e bQU2uuoJNpSG438wpB5s1GbD/LpgX3CyRnzA97P3/C5QXuOZ51d/ZG5zH0D2EWzIGC5y22pw8a/Zz 6zcNV258m/t5uECriCD+rFgHo9yisGO+fKQklp8nsWXFljKBR66VpkY2QaQi49B+FLAQoC584CVte YUywKGu6BvFZjI1QTeoMldM/9JuQ7Or7UuWtd1f4bU2s+YkClwUB2Po60mn3KDpYOmmjWIOo9wx6r I94jZCQJmu52Dy/U9bW/0bExxn0xEbDHU56eY9/M99kK9WzBp8SWVGGLEKEeQALqUDHBTk/BzbCnO fad40SDA==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOF-0000A7-5T; Wed, 06 Nov 2019 17:38:35 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO4-0007VA-Vq; Wed, 06 Nov 2019 17:38:24 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:28 +0200 Message-Id: <751d36152e8c743d8623d8096af98c841e2cb233.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 751d36152e8c743d8623d8096af98c841e2cb233.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 13/47] cve-check: remove redundant readline CVE whitelisting X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the tooling wasn't able to detect this version. As we now ship readline 8 we don't need to manually whitelist it, and if we did then the whitelisting should be in the readline recipe. (From OE-Core rev: 07bb8b25e172aa5c8ae96b6e8eb4ac901b835219) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ffd6243..5979edf 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\ glibc-locale \ " -# Whitelist for CVE and version of package -CVE_CHECK_CVE_WHITELIST = "{\ - 'CVE-2014-2524': ('6.3','5.2',), \ -}" +# Whitelist for CVE and version of package. If a CVE is found then the PV is +# compared with the version list, and if found the CVE is considered +# patched. +# +# The value should be valid Python in this format: +# { +# 'CVE-2014-2524': ('6.3','5.2') +# } +CVE_CHECK_CVE_WHITELIST ?= "{}" python do_cve_check () { """ From patchwork Wed Nov 6 15:37:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178728 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp854253ilf; Wed, 6 Nov 2019 08:38:38 -0800 (PST) X-Google-Smtp-Source: APXvYqzFMjjO1EKQU4JhlVRPibYMr2SGR3DBLP2xT0jcp7GOYUrXrojf5AY4i7x+lVd1bxOq6GnQ X-Received: by 2002:a17:90a:ba82:: with SMTP id t2mr4858802pjr.83.1573058318004; Wed, 06 Nov 2019 08:38:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058317; cv=none; d=google.com; s=arc-20160816; b=hi3oPVZFYZUxP5GOmRd6CXfTneju38DHoE/zzU5mR24Jo+2dK38pEjGXvlkVUriid9 WhwMvADxVCFxu2VjQ1DdHuk0P9qXEQfSNTLi570/UjqE7aEzCn6crygMuEmORwIRNBCk SJ6orLtYrMkBw+Oq5GrDkZeiwl+lYHg7NBha72qcLXx9CIFxGEy5faV2V1NsgIZkBxJI G97LoViTUCxOcOlwz5pt0nUmal0igMDorzR0vM4EMmbC2GrQKpj9YjdkPkTH82fTxyNl mKTJJZ64/gAhp2jbVaenpYbT5dcY6EogVyAXJcy/P/17CUz6TH2dx09P9TzHzjWJe60F 622A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:references:in-reply-to :message-id:date:to:from:dkim-signature:delivered-to; bh=C/9sT54WNXWaQKT8nPOenVOxJiAoDL9JKjwO9V/Gs+s=; b=PLyzVb89tPBVwDSJl8xF0oUTwV5/fVTNurg/b6wVCmpIz5s3d5iD3OXMcWhJbTPWfV 20m6+vWB6sef1e7uDtmvm+NjX+0BnGru/dsTLwzC+sd/7Q3c5yfYIDxJDf8Gp3HVYX0h Jr50mv0L7IsE8TYugeiBqjqv2a0uksHhWaEUmiVFcOhSR8mAmupORy9sC4oXb3n/BXze wmhjSi0goelBcQ3rFHq/neN+yVjkHWPkzaeuNG//8MUvyslM7FtzWXIeYkWSBjDYRKZA 7BrB6P71j6aIHEGtIYzyEMUS3H6jX0RuNDveMH0qDmXegTPtB+4xy/bQ57ozN9v2hKG9 RQuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=xgi3hyOP; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id z63si30543593pgb.427.2019.11.06.08.38.37; Wed, 06 Nov 2019 08:38:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=xgi3hyOP; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id B53AD7F877; Wed, 6 Nov 2019 16:38:17 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id B71097F877 for ; Wed, 6 Nov 2019 15:38:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References :In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=hwU9gDYN/QmA0HlNORgdICYSfw78ZxVeivhF57OFWUw=; b=xgi3hyOP8gXTP/CeT8+k7lyskI rOwpJntbS856vZCz++T2DKKmdhBo2H7fcQ9wLo3MJpHB4dzkvRX+VoN4Qe8J7HgzHuzK2HJox6Wgo cyoGnb/41NnZUXyJ8k30ClVh36nBbEn4bgxwKWDnPKl1/xEcx7pNbums9xP5FKnlicZQsJgdKCEOR 9aRhh0ijx8iG68fJgrYoteA5CxAPU5RQE5EfWkND9g89cL9A8IUUgYkdpKA6LQV+r/UKXpgruV9i2 bO2v0pHN/fsxLSmJ3wSMB0FaUpaGxldzfA86pmKkyVBgylHqWzI9fw7Ed+6RFN+S95hWliK93hG6A goJTNyAg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOF-0000A9-76; Wed, 06 Nov 2019 17:38:39 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007VL-28; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:29 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: a8c58695767f5bb046b961b0bf9e0e931f321d92.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 14/47] cve-check-tool: remove X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton (From OE-Core rev: 5388ed6d1378d647a65912dbd537f9ef3cb5760a) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../cve-check-tool/cve-check-tool_5.6.4.bb | 62 ------ ...01-Fix-freeing-memory-allocated-by-sqlite.patch | 50 ----- ...ow-overriding-default-CA-certificate-file.patch | 215 --------------------- ...ogress-in-percent-when-downloading-CVE-db.patch | 135 ------------- ...are-computed-vs-expected-sha256-digit-str.patch | 52 ----- .../check-for-malloc_trim-before-using-it.patch | 51 ----- 6 files changed, 565 deletions(-) delete mode 100644 meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch delete mode 100644 meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch diff --git a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb deleted file mode 100644 index 1c84fb1..0000000 --- a/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb +++ /dev/null @@ -1,62 +0,0 @@ -SUMMARY = "cve-check-tool" -DESCRIPTION = "cve-check-tool is a tool for checking known (public) CVEs.\ -The tool will identify potentially vunlnerable software packages within Linux distributions through version matching." -HOMEPAGE = "https://github.com/ikeydoherty/cve-check-tool" -SECTION = "Development/Tools" -LICENSE = "GPL-2.0+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6" - -SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ - file://check-for-malloc_trim-before-using-it.patch \ - file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \ - file://0001-curl-allow-overriding-default-CA-certificate-file.patch \ - file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \ - file://0001-Fix-freeing-memory-allocated-by-sqlite.patch \ - " - -SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155" -SRC_URI[sha256sum] = "b8f283be718af8d31232ac1bfc10a0378fb958aaaa49af39168f8acf501e6a5b" - -UPSTREAM_CHECK_URI = "https://github.com/ikeydoherty/cve-check-tool/releases" - -DEPENDS = "libcheck glib-2.0 json-glib curl libxml2 sqlite3 openssl ca-certificates" - -RDEPENDS_${PN} = "ca-certificates" - -inherit pkgconfig autotools - -EXTRA_OECONF = "--disable-coverage --enable-relative-plugins" -CFLAGS_append = " -Wno-error=pedantic" - -do_populate_cve_db() { - if [ "${BB_NO_NETWORK}" = "1" ] ; then - bbwarn "BB_NO_NETWORK is set; Can't update cve-check-tool database, new CVEs won't be detected" - return - fi - - # In case we don't inherit cve-check class, use default values defined in the class. - cve_dir="${CVE_CHECK_DB_DIR}" - cve_file="${CVE_CHECK_TMP_FILE}" - - [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK" - [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" - - unused="${@bb.utils.export_proxies(d)}" - bbdebug 2 "Updating cve-check-tool database located in $cve_dir" - # --cacert works around curl-native not finding the CA bundle - if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then - printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file" - else - bbwarn "Error in executing cve-check-update" - if [ "${@'1' if bb.data.inherits_class('cve-check', d) else '0'}" -ne 0 ] ; then - bbwarn "Failed to update cve-check-tool database, CVEs won't be checked" - fi - fi -} - -addtask populate_cve_db after do_populate_sysroot -do_populate_cve_db[depends] = "cve-check-tool-native:do_populate_sysroot" -do_populate_cve_db[nostamp] = "1" -do_populate_cve_db[progress] = "percent" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch b/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch deleted file mode 100644 index 4a82cf2..0000000 --- a/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a3353429652f83bb8b0316500faa88fa2555542d Mon Sep 17 00:00:00 2001 -From: Peter Marko -Date: Thu, 13 Apr 2017 23:09:52 +0200 -Subject: [PATCH] Fix freeing memory allocated by sqlite - -Upstream-Status: Backport -Signed-off-by: Peter Marko ---- - src/core.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/core.c b/src/core.c -index 6263031..6788f16 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -82,7 +82,7 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - -@@ -91,7 +91,7 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - -@@ -99,11 +99,11 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - if (err) { -- free(err); -+ sqlite3_free(err); - } - - return true; --- -2.1.4 - diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch b/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch deleted file mode 100644 index 3d8ebd1..0000000 --- a/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 825a9969dea052b02ba868bdf39e676349f10dce Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen -Date: Thu, 9 Feb 2017 14:51:28 +0200 -Subject: [PATCH] curl: allow overriding default CA certificate file - -Similar to curl, --cacert can now be used in cve-check-tool and -cve-check-update to override the default CA certificate file. Useful -in cases where the system default is unsuitable (for example, -out-dated) or broken (as in OE's current native libcurl, which embeds -a path string from one build host and then uses it on another although -the right path may have become something different). - -Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/45] - -Signed-off-by: Patrick Ohly - - -Took Patrick Ohlys original patch from meta-security-isafw, rebased -on top of other patches. - -Signed-off-by: Jussi Kukkonen ---- - src/library/cve-check-tool.h | 1 + - src/library/fetch.c | 10 +++++++++- - src/library/fetch.h | 3 ++- - src/main.c | 5 ++++- - src/update-main.c | 4 +++- - src/update.c | 12 +++++++----- - src/update.h | 2 +- - 7 files changed, 27 insertions(+), 10 deletions(-) - -diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h -index e4bb5b1..f89eade 100644 ---- a/src/library/cve-check-tool.h -+++ b/src/library/cve-check-tool.h -@@ -43,6 +43,7 @@ typedef struct CveCheckTool { - bool bugs; /**output_file = output_file; -+ self->cacert_file = cacert_file; - - if (!csv_mode && self->output_file) { - quiet = false; -@@ -530,7 +533,7 @@ int main(int argc, char **argv) - if (status) { - fprintf(stderr, "Update of db forced\n"); - cve_db_unlock(); -- if (!update_db(quiet, db_path->str)) { -+ if (!update_db(quiet, db_path->str, self->cacert_file)) { - fprintf(stderr, "DB update failure\n"); - goto cleanup; - } -diff --git a/src/update-main.c b/src/update-main.c -index 2379cfa..c52d9d0 100644 ---- a/src/update-main.c -+++ b/src/update-main.c -@@ -43,11 +43,13 @@ the Free Software Foundation; either version 2 of the License, or\n\ - static gchar *nvds = NULL; - static bool _show_version = false; - static bool _quiet = false; -+static const char *_cacert_file = NULL; - - static GOptionEntry _entries[] = { - { "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL }, - { "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL }, - { "quiet", 'q', 0, G_OPTION_ARG_NONE, &_quiet, "Run silently", NULL }, -+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &_cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL}, - { .short_name = 0 } - }; - -@@ -88,7 +90,7 @@ int main(int argc, char **argv) - goto end; - } - -- if (update_db(_quiet, db_path->str)) { -+ if (update_db(_quiet, db_path->str, _cacert_file)) { - ret = EXIT_SUCCESS; - } else { - fprintf(stderr, "Failed to update database\n"); -diff --git a/src/update.c b/src/update.c -index 070560a..8cb4a39 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -267,7 +267,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok) - - static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db, - bool db_exist, bool verbose, -- unsigned int this_percent, unsigned int next_percent) -+ unsigned int this_percent, unsigned int next_percent, -+ const char *cacert_file) - { - const char nvd_uri[] = URI_PREFIX; - autofree(cve_string) *uri_meta = NULL; -@@ -331,14 +332,14 @@ refetch: - } - - /* Fetch NVD META file */ -- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent); -+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent, cacert_file); - if (st == FETCH_STATUS_FAIL) { - fprintf(stderr, "Failed to fetch %s\n", uri_meta->str); - return -1; - } - - /* Fetch NVD XML file */ -- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent); -+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent, cacert_file); - switch (st) { - case FETCH_STATUS_FAIL: - fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str); -@@ -391,7 +392,7 @@ refetch: - return 0; - } - --bool update_db(bool quiet, const char *db_file) -+bool update_db(bool quiet, const char *db_file, const char *cacert_file) - { - autofree(char) *db_dir = NULL; - autofree(CveDB) *cve_db = NULL; -@@ -466,7 +467,8 @@ bool update_db(bool quiet, const char *db_file) - if (!quiet) - fprintf(stderr, "completed: %u%%\r", start_percent); - rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet, -- start_percent, end_percent); -+ start_percent, end_percent, -+ cacert_file); - switch (rc) { - case 0: - if (!quiet) -diff --git a/src/update.h b/src/update.h -index b8e9911..ceea0c3 100644 ---- a/src/update.h -+++ b/src/update.h -@@ -15,7 +15,7 @@ cve_string *get_db_path(const char *path); - - int update_required(const char *db_file); - --bool update_db(bool quiet, const char *db_file); -+bool update_db(bool quiet, const char *db_file, const char *cacert_file); - - - /* --- -2.1.4 - diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch b/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch deleted file mode 100644 index 8ea6f68..0000000 --- a/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e9ed26cde63f8ca7607a010a518329339f8c02d3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= -Date: Mon, 26 Sep 2016 12:12:41 +0100 -Subject: [PATCH] print progress in percent when downloading CVE db -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Pending -Signed-off-by: André Draszik ---- - src/library/fetch.c | 28 +++++++++++++++++++++++++++- - src/library/fetch.h | 3 ++- - src/update.c | 16 ++++++++++++---- - 3 files changed, 41 insertions(+), 6 deletions(-) - -diff --git a/src/library/fetch.c b/src/library/fetch.c -index 06d4b30..0fe6d76 100644 ---- a/src/library/fetch.c -+++ b/src/library/fetch.c -@@ -37,13 +37,37 @@ static size_t write_func(void *ptr, size_t size, size_t nmemb, struct fetch_t *f - return fwrite(ptr, size, nmemb, f->f); - } - --FetchStatus fetch_uri(const char *uri, const char *target, bool verbose) -+struct percent_t { -+ unsigned int start; -+ unsigned int end; -+}; -+ -+static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow) -+{ -+ (void) ultotal; -+ (void) ulnow; -+ -+ struct percent_t *percent = (struct percent_t *) ptr; -+ -+ if (dltotal && percent && percent->end >= percent->start) { -+ unsigned int diff = percent->end - percent->start; -+ if (diff) { -+ fprintf(stderr,"completed: %"CURL_FORMAT_CURL_OFF_T"%%\r", percent->start + (diff * dlnow / dltotal)); -+ } -+ } -+ -+ return 0; -+} -+ -+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -+ unsigned int start_percent, unsigned int end_percent) - { - FetchStatus ret = FETCH_STATUS_FAIL; - CURLcode res; - struct stat st; - CURL *curl = NULL; - struct fetch_t *f = NULL; -+ struct percent_t percent = { .start = start_percent, .end = end_percent }; - - curl = curl_easy_init(); - if (!curl) { -@@ -67,6 +91,8 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose) - } - if (verbose) { - (void)curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L); -+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &percent); -+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_callback_new); - } - res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)write_func); - if (res != CURLE_OK) { -diff --git a/src/library/fetch.h b/src/library/fetch.h -index 70c3779..4cce5d1 100644 ---- a/src/library/fetch.h -+++ b/src/library/fetch.h -@@ -28,7 +28,8 @@ typedef enum { - * @param verbose Whether to be verbose - * @return A FetchStatus, indicating the operation taken - */ --FetchStatus fetch_uri(const char *uri, const char *target, bool verbose); -+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -+ unsigned int this_percent, unsigned int next_percent); - - /** - * Attempt to extract the given gzipped file -diff --git a/src/update.c b/src/update.c -index 30fbe96..eaeeefd 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -266,7 +266,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok) - } - - static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db, -- bool db_exist, bool verbose) -+ bool db_exist, bool verbose, -+ unsigned int this_percent, unsigned int next_percent) - { - const char nvd_uri[] = URI_PREFIX; - autofree(cve_string) *uri_meta = NULL; -@@ -330,14 +331,14 @@ refetch: - } - - /* Fetch NVD META file */ -- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose); -+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent); - if (st == FETCH_STATUS_FAIL) { - fprintf(stderr, "Failed to fetch %s\n", uri_meta->str); - return -1; - } - - /* Fetch NVD XML file */ -- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose); -+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent); - switch (st) { - case FETCH_STATUS_FAIL: - fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str); -@@ -459,10 +460,17 @@ bool update_db(bool quiet, const char *db_file) - for (int i = YEAR_START; i <= year+1; i++) { - int y = i > year ? -1 : i; - int rc; -+ unsigned int start_percent = ((i+0 - YEAR_START) * 100) / (year+2 - YEAR_START); -+ unsigned int end_percent = ((i+1 - YEAR_START) * 100) / (year+2 - YEAR_START); - -- rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet); -+ if (!quiet) -+ fprintf(stderr, "completed: %u%%\r", start_percent); -+ rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet, -+ start_percent, end_percent); - switch (rc) { - case 0: -+ if (!quiet) -+ fprintf(stderr,"completed: %u%%\r", end_percent); - continue; - case ENOMEM: - goto oom; --- -2.9.3 - diff --git a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch b/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch deleted file mode 100644 index 458c0cc..0000000 --- a/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch +++ /dev/null @@ -1,52 +0,0 @@ -From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001 -From: Sergey Popovich -Date: Fri, 21 Apr 2017 07:32:23 -0700 -Subject: [PATCH] update: Compare computed vs expected sha256 digit string - ignoring case - -We produce sha256 digest string using %x snprintf() -qualifier for each byte of digest which uses alphabetic -characters from "a" to "f" in lower case to represent -integer values from 10 to 15. - -Previously all of the NVD META files supply sha256 -digest string for corresponding XML file in lower case. - -However due to some reason this changed recently to -provide digest digits in upper case causing fetched -data consistency checks to fail. This prevents database -from being updated periodically. - -While commit c4f6e94 (update: Do not treat sha256 failure -as fatal if requested) adds useful option to skip -digest validation at all and thus provides workaround for -this situation, it might be unacceptable for some -deployments where we need to ensure that downloaded -data is consistent before start parsing it and update -SQLite database. - -Use strcasecmp() to compare two digest strings case -insensitively and addressing this case. - -Upstream-Status: Backport -Signed-off-by: Sergey Popovich ---- - src/update.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/update.c b/src/update.c -index 8588f38..3cc6b67 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) - snprintf(&csum_data[idx], len, "%02hhx", digest[i]); - } - -- ret = streq(csum_meta, csum_data); -+ ret = !strcasecmp(csum_meta, csum_data); - - err_unmap: - munmap(buffer, length); --- -2.11.0 - diff --git a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch b/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch deleted file mode 100644 index 0774ad9..0000000 --- a/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch +++ /dev/null @@ -1,51 +0,0 @@ -From ce64633b9733e962b8d8482244301f614d8b5845 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 22 Aug 2016 22:54:24 -0700 -Subject: [PATCH] Check for malloc_trim before using it - -malloc_trim is gnu specific and not all libc -implement it, threfore write a configure check -to poke for it first and use the define to -guard its use. - -Helps in compiling on musl based systems - -Signed-off-by: Khem Raj ---- -Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/48] - configure.ac | 2 ++ - src/core.c | 4 ++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d3b66ce..79c3542 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -19,6 +19,8 @@ m4_define([json_required_version], [0.16.0]) - m4_define([openssl_required_version],[1.0.0]) - # TODO: Set minimum sqlite - -+AC_CHECK_FUNCS_ONCE(malloc_trim) -+ - PKG_CHECK_MODULES(CVE_CHECK_TOOL, - [ - glib-2.0 >= glib_required_version, -diff --git a/src/core.c b/src/core.c -index 6263031..0d5df29 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -498,9 +498,9 @@ bool cve_db_load(CveDB *self, const char *fname) - } - - b = true; -- -+#ifdef HAVE_MALLOC_TRIM - malloc_trim(0); -- -+#endif - xmlFreeTextReader(r); - if (fd) { - close(fd); --- -2.9.3 - From patchwork Wed Nov 6 15:37:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178726 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp851737ilf; Wed, 6 Nov 2019 08:36:40 -0800 (PST) X-Google-Smtp-Source: APXvYqy8/8z5m7mZG4P2z/NFotGSGgZ2Cd5qVsNAL9htOvnuu7WS2BdqiTHQMmeqmTkbiUjHMJZp X-Received: by 2002:a17:90a:3390:: with SMTP id n16mr4785129pjb.53.1573058200551; Wed, 06 Nov 2019 08:36:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058200; cv=none; d=google.com; s=arc-20160816; b=tkwXDmVomU6W1ZyJEHflk3KcRe9Q5qZb8kvIBVkNL6ZFr+k4PEnMIk72C3GozOu9o4 fGYUYBuaiWON3ANA0PVvpZZgVk3q0KZWkh/WG9jvCVHrTcWJ+NOVL7pCTEn/rXn7rkVk aOe4i6IQKocM9b3lYkSfqmDqSqMNcwQT8ID7S6fsLpq4UlkAaUsyQ5mTRAr2Q9iOChOZ +6RU9aY8SLXSQt7QMaZk/T7HISmW2lr0dj/yfMmxR6w/c/eUd2JwxY4QIpH1yKvNnpxE awZagrgJ3e82qNMEjAkctgaU5G1GKgCHi9vpvNwnthuVMZ4vR3QQYafwJ2+hseYZWtdl 8dgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=PX9cneuFqzXE11NsIE5Ed3ve59vHPPuAv/o7l7hlc58=; b=t6fhTCcst1KfuO/McApxCuXWJcvvfJhhTqEb9SPPgeaDGk6rOIZs76O94AWdj4gIlv RW5IGUaUMV9S5yPsBVsVao2r6hodtNZ9hPDDAVhrv3n/vhR5rtIArosrIlPeSy4z6+mc L++8RQnXIqRhOlvslpUbnYukxUZKB/xCcsfQdQfBgkEPhAQ/Zpr1AhThkS/kXp/VdAQ5 ESkzu6muQd5DjyiJ3l0m+40GzFrV3pzzJL6BBBs2rzQ5NFqRvYOoQCHm60ZzcK7UWFhK L78z+YrBazHDqI7fKXHZzg5Ui2NBAAWF6R+W0nglUhqkBBahyYRwCVZ9FI346NlzCOrs ktOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=OzWtUtXU; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id b3si32205028pfp.83.2019.11.06.08.36.40; Wed, 06 Nov 2019 08:36:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=OzWtUtXU; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 726F17FA47; Wed, 6 Nov 2019 16:36:20 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 6823F7F841 for ; Wed, 6 Nov 2019 15:38:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=p1iZ1FyVocRalraxK9DjTGxslDzBZvjwiG5zJpYtOOM=; b=OzWtUtXUyVcvVMwUGEpuATPHuP 77HtROr4XSl8shHkQPGJKZAKfkmyDuZfypDFuEz/kAeWuYdMJ7elVS86QapHN5bqjWR/HP4/uWWbj dk11KFm9rPKIVJ4C5h02NRvSMCUNTnPeuHlJfyK+e5TVap7orxH2ftSOo3FieQ11XUrWXxEMySczh z/rLwrbcKchySHjp6O/tCycPupJgjzlEiGsbGnxkn/kybXh+RIsFif2LE+0A7J5M2fbz17loS0dxM 0diQUZSJgMhdTbWgp1RcXllYwGVPi+ZFzLKQ0Cj6oGLs4V1FqiwE6uvEfayEiqeATtvPoz4lMIGRx NRNf19gg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOF-0000AA-A2; Wed, 06 Nov 2019 17:38:35 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007VT-4N; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:30 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: e7e458bb17c1967b2fabd47f56ba78422a190e56.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 15/47] glibc: exclude child recipes from CVE scanning X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton As glibc will be scanned for CVEs, we don't need to scan glibc-locale, glibc-mtrace, and glibc-scripts which are all separate recipes for technical reasons. Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the global whitelist. (From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 4 +--- meta/recipes-core/glibc/glibc-locale.inc | 3 +++ meta/recipes-core/glibc/glibc-mtrace.inc | 3 +++ meta/recipes-core/glibc/glibc-scripts.inc | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5979edf..19ac48c 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -37,9 +37,7 @@ CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" # Whitelist for packages (PN) -CVE_CHECK_PN_WHITELIST = "\ - glibc-locale \ -" +CVE_CHECK_PN_WHITELIST ?= "" # Whitelist for CVE and version of package. If a CVE is found then the PV is # compared with the version list, and if found the CVE is considered diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc index e50e5cf..06edcfe 100644 --- a/meta/recipes-core/glibc/glibc-locale.inc +++ b/meta/recipes-core/glibc/glibc-locale.inc @@ -95,3 +95,6 @@ do_install () { inherit libc-package BBCLASSEXTEND = "nativesdk" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc index d703c14..ef9d60e 100644 --- a/meta/recipes-core/glibc/glibc-mtrace.inc +++ b/meta/recipes-core/glibc/glibc-mtrace.inc @@ -11,3 +11,6 @@ do_install() { install -d -m 0755 ${D}${bindir} install -m 0755 ${SRC}/mtrace ${D}${bindir}/ } + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc index 2a2b415..14a14e4 100644 --- a/meta/recipes-core/glibc/glibc-scripts.inc +++ b/meta/recipes-core/glibc/glibc-scripts.inc @@ -18,3 +18,6 @@ do_install() { # sotruss script requires sotruss-lib.so (given by libsotruss package), # to produce trace of the library calls. RDEPENDS_${PN} += "libsotruss" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" From patchwork Wed Nov 6 15:37:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178727 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp852512ilf; Wed, 6 Nov 2019 08:37:19 -0800 (PST) X-Google-Smtp-Source: APXvYqxAug/A8oqYxjno6Uw0GP96RDBiz5GrNN7h1oVuFUtx+RBpa+M8YdygU6ZgRDZB6XLIlqgo X-Received: by 2002:a63:1703:: with SMTP id x3mr3984048pgl.263.1573058239417; Wed, 06 Nov 2019 08:37:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058239; cv=none; d=google.com; s=arc-20160816; b=rCoa6F/HHP//KDeLkB6+N0g4Y9JwXGggwYlxFDRB3EAKPtR2qu1dS6QLEyK9+tRiqP N6c2Wi8mmKKWTfkZpZp59UiFFvH59oQeEtCrVaGuGqjQpXN1Rf59bObcnAQQxIh6SIlI e1r2tadZhrvKdkAXYTWBv0R/cWEWErED6TQ4sVbKOJGmUfDMS4ixKWAP3NF2y5x/A9xI TKipZJ3+/RzYKgGORugnJs7Bs4Ufi2ODxBCicCChkvGBT0NYBwAeu6teebGHkLhp3+qW 15y56t4xcpcPfprolH6NN2GgGnaqlKz9Bq3SS/Ik1mosYSvaUNg9oxhL5D5BZs58p014 +2rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=gDp6fSFhdtsOReY8G+58SH23Zb7yBIVzIJ9yarsyDb4=; b=oy9EQoHHxmOXHAqpvLj0/vSPuCiz4QBUI4TMJBbGIESmEt2NZlKKduHZG8sc/Dj54W G/v6Y66tJf1slHTDv+5DtQsGZCo7PhwdALEwt9DIWO/Ygxl9HUu4mp8E9OU61om4neKI ZdFD+0U8hYiHHiHEmTMFwQE4stpiXWd0dAA7j3KSXYwMFqzbTfbgbe9YywaPqIepdPGX csEDG2yuR7C7m5cuQ9GzU7bGBs0F9in75yYJmqk6Vznc683ME4xjv1FUiRGwdMzhHoPu it6gT9qunG6eZE8QqLSz+mDvGePz9kNTcFPzHYNd92V4x1WLft/s5yOBSi/MjNICqaaW D6ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="O3c/2fQe"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id y125si6126691pgb.64.2019.11.06.08.37.19; Wed, 06 Nov 2019 08:37:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="O3c/2fQe"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 181BC7F87E; Wed, 6 Nov 2019 16:36:59 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 80F457F859 for ; Wed, 6 Nov 2019 15:38:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ocz+mtV0zAmQN4Rz4TwVhvpnehtbKIBuC2uSnWuKzI0=; b=O3c/2fQeALMMUO83Nc7R+D9JIk AuVuZjqj/XLs+wcdN55prNXBamARyb00fcE8TbCo5bG4iz9GFyZa3heIBIciDMZf/6xAi/K8ICRiw uMKVuFnoy7xFswmwMMUVDkqsxL3iffVYIw2fdX8jZZS8TWsmtDAZpxuwSlA2tBhj+C2NENokySgAp ASJnMiKiv+Zwos67fN7ILwBo7hy1vopchZ/vMZYWBlGTIVdGVSZXNB0BNtEr0z/Cnvfqynqlc8+/d xFYLwv5kz+rfFh/nfLb0IK+q3FtURd/tqsNYfLuOQm5Qlw2PENj3xNHRKjIcdWNLhwP6rAhcRhw6q i+nI0/2Q==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOF-0000AC-EM; Wed, 06 Nov 2019 17:38:35 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007Vy-8N; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:32 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: f42f28b9d3f396b302c5612a031a1fb2311628f1.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 17/47] cve-check: allow comparison of Vendor as well as Product X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Some product names are too vague to be searched without also matching the vendor, for example Flex could be the parser compiler we ship, or Adobe Flex, or Apache Flex, or IBM Flex. If entries in CVE_PRODUCT contain a colon then split it as vendor:product to improve the search. Also don't use .format() to construct SQL as that can lead to security issues. Instead, use ? placeholders and lets sqlite3 handle the escaping. (From OE-Core rev: e6bf90009877d00243417898700d2320fd87b39c) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 2a13816..e8668b2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -190,12 +190,16 @@ def check_cves(d, patched_cves): import sqlite3 db_file = d.getVar("CVE_CHECK_DB_FILE") conn = sqlite3.connect(db_file) - c = conn.cursor() - - query = "SELECT * FROM PRODUCTS WHERE PRODUCT IS '{0}';" for product in products: - for row in c.execute(query.format(product, pv)): + c = conn.cursor() + if ":" in product: + vendor, product = product.split(":", 1) + c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR IS ?", (product, vendor)) + else: + c.execute("SELECT * FROM PRODUCTS WHERE PRODUCT IS ?", (product,)) + + for row in c: cve = row[1] version_start = row[4] operator_start = row[5] From patchwork Wed Nov 6 15:37:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178745 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp883878ilf; Wed, 6 Nov 2019 09:02:28 -0800 (PST) X-Google-Smtp-Source: APXvYqwbqFD5P+sNtzJxYU5xkj4aDBwwM95p/K3PKb5BhiKuw018MktJBkprveLyYMdc/mPrOViF X-Received: by 2002:a65:654e:: with SMTP id a14mr3993809pgw.170.1573059747883; Wed, 06 Nov 2019 09:02:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059747; cv=none; d=google.com; s=arc-20160816; b=JmmvcOGWyAy+iDP3sHGjxoAwi0GS0OnUfg2x6MH5SmAKwy6TjWUuJ4kAAov6ONcUsb G9xu9X5IdFy9Ux8BOwdZwRIQCUOfRY5iHAFYq5WRTxQd9pFzaNvYcJJCv0wCQWO9DjJt 02lnoBUOHV7O5QKrz9vnTmrKCCqxLjcSWE5bxC+V5sYao01zddMjgtITVclnSwRwipTK UZyOU/cmSl7SsI43r5T3gfJYJxUCsUrm1/Bdj6mFT8mdE9XK7hWnb7oUKp7qJi+QKaXG 5dPpRU3Y4WudmzNpE/sTvU3TdBLxf92vB7+UE/dr4I/QDdmwUiYgUuCpx8LOtIqs0/Io wl2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=YuSR5nvJBDoIfp+Qmub214StB0xXoovRWMhm0dEVMUY=; b=ml7l8hQRPm6jizo5eb2lWHn9o7enU2VBWEqk+xsh/CwaAt7h67Y2Jy2xNOsIyxKlXt HkQ8TONSIRYm3JianNrI5EwKNbKvgZlz9DDVb8vVb/Zqht+y0nAwYpwBts8rHN90U1An E1OejzUeqGXqPjH8baGYDvmj6toiBcBEgIjyH9s+QDc1M6lWaN0Cox1RfKq1uL7y5BiD ctrEWEElV0Ipy5NmU+PxoL8Vyaxe43xOBrqW84HZ+hMt+Uw2xE2H0dHrAUMAuamiZ/Kw djWb+X3ArmiZkm7aR3w/L5K4YIfE9RAol0DeAxtaeRIHPc05zefE+eLKLT8Jq+tESHls cg3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=U0GteLOs; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id q129si30677363pfq.213.2019.11.06.09.02.27; Wed, 06 Nov 2019 09:02:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=U0GteLOs; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 37E8F7FA6F; Wed, 6 Nov 2019 17:02:07 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 8A6057F96F for ; Wed, 6 Nov 2019 15:38:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=Subject:References:In-Reply-To:Message-Id:Date:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0BLUxIDosntKT7JbjuSC/B3qEOJxmJGvt1pD3xp6h1U=; b=U0GteLOsk6nSm8QL9ojifPpuOP jAWqAwkgTFFQqM/bDoXA011Kj8W9zpci1ieiv+aQifV55YBdFGJ8gPRs/RB9+OIS7A9CP8PGub2Z4 F6zyhxJy+yHnLqLBTGk24lwT2VPZv8HnB/0cnXJqcqBX0TukTbfeDcKyxE/YPsu9y3Wh4CHdyG/AC 7oOISwheE6jXpdn+PzikN/5axNIQguoQXauDS6ng5I/i5y/zSnYVK7U3vzkRMSwncqSRWecjQMPD9 w4qXI863pdKZWv9gnFQNTFIZpOF6ZneYz510/rq2I0+5DuPRfQDGgHcCHKs31t+VD/iQMNbn8qsfY a/xR+Mjg==; Received: from [2001:67c:1be8::12] (helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOd-00009j-24; Wed, 06 Nov 2019 17:39:00 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007WD-DF; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:34 +0200 Message-Id: <9b102be1ec621975328f6651220be0d4b475b570.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 8.3 (++++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: FROM_HAS_DN(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: TO_DN_SOME(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.19) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: HFILTER_HOSTNAME_UNKNOWN(2.50) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf allow Message-ID: 9b102be1ec621975328f6651220be0d4b475b570.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++++ X-SA-Exim-Connect-IP: 2001:67c:1be8::12 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,SPF_HELO_NONE,SPF_NEUTRAL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000) X-SA-Exim-Scanned: Yes (on mail.kapsi.fi) Subject: [OE-core] [PATCH RFC CFH][sumo 19/47] cve-update-db-native: use SQL placeholders instead of format strings X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton (From OE-Core rev: 91770338f76ef35f3c4eeac216eb9d2b3188e575) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index ae8f1a9..d60159b 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -57,7 +57,7 @@ python do_populate_cve_db() { break # Compare with current db last modified date - c.execute("select DATE from META where YEAR = '%d'" % year) + c.execute("select DATE from META where YEAR = ?", (year,)) meta = c.fetchone() if not meta or meta[0] != last_modified: # Update db with current year json file From patchwork Wed Nov 6 15:37:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178743 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp877291ilf; Wed, 6 Nov 2019 08:57:53 -0800 (PST) X-Google-Smtp-Source: APXvYqyE2v1LXliSIJT8yssPp0S09vYl/bya8G0jrOY/LUadvAz9iqhGnwaBps7ScDm7iox7vXiM X-Received: by 2002:a62:fb0e:: with SMTP id x14mr4620656pfm.194.1573059473758; Wed, 06 Nov 2019 08:57:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059473; cv=none; d=google.com; s=arc-20160816; b=06aKGJqVf4si1okaIQv49+Y4i9q5Z8BBaEEW7PpJ8IkCXPSK6iSvev/Dusa7LNGzTD k1gp0hiBhVCQpzJoQ5gYdSOuFxOwh/SEb0eQvuK0X/lM/EazBrMuUHdMd294rXYZxK+6 byfathM4GXkY3nR8axJ9Qbmlo8EVYOPWaRhcQh0xOcUFS+PAd7BijWyIvo4GRA4YIqfR uA2LV0V2Ylm5MYjFUptgDpvEMUNkgFAWHU1I0u4wakFHjCk190597/LgxMrlXki0dcEE Y9KptJ9CTgTg9nSVJvVuxIzoc8PtzSGPAXXSzB9qmMEZ58gj76+4UNCyN6hQswEv8zui RslQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=AJhGj0bC9P8QxrxmsVMFge/7cSdVDh5oJOD2MQOSBlI=; b=Jhq+P0oro3l+kLudbogYduIF+2tEN4k2ZCTh+podrGfLQlQflsKd0XMSLYCqfVZYyj J/INcjhUb+w+5HbIoJ1oEfBLwMinpQWL82TjY0yGK5A8yDNsEYZRR2bNb9GJPbINqODw QAYX4+w44GTwjcjuzOLgJAA0WG3dkiFK8iDVTkQLBllM9n9bA0Xp2/vwEATy+p2PE0eK juRt4UKuxyiP82OSHXl1jCw1msjqKVoivSZS2DlckWNms7P1g7NxQ2QO1Ql+XZuSRwiE P1PoUf3jKcPBv6syBz8B2a8hEV52RAJQu2beuDp9r78bd16FVcM9b/62LrwMP9b8Oxdw 9swg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=NZxfSydK; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id in14si3573816pjb.63.2019.11.06.08.57.53; Wed, 06 Nov 2019 08:57:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=NZxfSydK; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 7938C7FA41; Wed, 6 Nov 2019 16:57:33 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id C60257F83A for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=WdKLBdMNQXgkrH9y/YoNoZoDmw8PsaMOae2QwtYH6AM=; b=NZxfSydKcaSbvAX52vhJVHSA/r Rbqmy46aN3OZ7wqrkjfx0apll09mRUzIdjnX88ol99neDjrOFx6kEB7s1PVoCGIChtgOiIztkaTbR NcZ0RoYYMRGfDBgB/A04l5nBMYpOp1p8giqa66QU5PSLRg4l1xg6Zp0jffGCt0yqQqB2t0CKApAxu 6Xxkp7qDpBEFJGZwt6xxhbflymlPRK5U+0A+jO14keg3DNA1ggPB6Ds3JyrK7EgsTkKxhZgrWUg+o BttWImdyHJ0Q1uygcmzjz9VwUzqAk7CXbqniR/fnQ7LLxzIqMbfFMiLfln/x43jGfDaxlK4EUh2Xc TAESiROA==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-0000A5-EY; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007Wx-Jd; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:37 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: ef12b25a393e1c404c36a06b1e2f994b026b27bc.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 22/47] cve-update-db-native: use os.path.join instead of + X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton (From OE-Core rev: 4b301030cf9cf7a981dcff85a50e915c045e3130) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index af2946b..35f7472 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -24,11 +24,11 @@ python do_populate_cve_db() { BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" YEAR_START = 2002 - db_dir = d.getVar("DL_DIR") + '/CVE_CHECK' - db_file = db_dir + '/nvdcve_1.0.db' - json_tmpfile = db_dir + '/nvd.json.gz' + db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK') + db_file = os.path.join(db_dir, 'nvdcve_1.0.db') + json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') proxy = d.getVar("https_proxy") - cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a') + cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') if not os.path.isdir(db_dir): os.mkdir(db_dir) From patchwork Wed Nov 6 15:37:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178742 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp875840ilf; Wed, 6 Nov 2019 08:56:38 -0800 (PST) X-Google-Smtp-Source: APXvYqynZJtHdFliZK91FubruX2v3gofZ4qKRioAD0co53CqEtHC4/euDG5FZ25ax+SsMgATltFv X-Received: by 2002:a63:ff65:: with SMTP id s37mr3938282pgk.331.1573059398283; Wed, 06 Nov 2019 08:56:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059398; cv=none; d=google.com; s=arc-20160816; b=xtYgBiedvdbouoEwgzG5Q6+qUHg08Rdq1OKDXdMRp0STOUKsyfWnZc0cFd9sujDrp7 wdOW5n3aUwFnt0NDF0rlLfe8+dJBlUW4Ou5c8mgAPLfPt6nCsJmZaD0X3sZTiNOk2Nx2 I/C4PwyXDEy68VreUU4BguKNNGDrhmiGxmeZhT+R72pFGsy9xEJphzaqI4RKXFcLPv+a RkUYf7OKzEXZKEfCobrHZwPPpSfBgNHNbNrQ2Hkyg1wxpPoIIEbs8bUezaEdWkgRDuoG h8S7W7Jkr05HYtbdJjyblujD0j0uxHOxFecQNH+Um/AXuSuSsO4vRxl5s9NZ7YVhbAQG WCaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=Td+lc3nZzX+yZmEuqckm439gd5TxgiLDAM7XyaO54X4=; b=OeQp7Kq1IQ6OpIUCdaw6ec5H8Un3yJGQAJwGmIeiSdQV+uxuxsEo2CJBakw1jb+i8h R4A5lrFWXxB+C9S8X+RN24tonX8FkRNtzdNmsAzTxo8Dkzef1ncTQFzO9janDKqn2YbS Sa5dPPP03c69FtvcY4RF3+tdYaaMNgryj7T8sCqQygoGxAaXzLLDDoI0Jfp5ylaVAeQh bHQo9EhUZ1eST23PZYFYJOgk1WinMan+Vb4jV/qhBgFYv7mfx+q0v41WwuPZy2QegKS4 RVSpzXcpwOrWHNjHSPoK76qVwc84Vl2kg9dWDZUxk9FoSHV4tf11/suZa1wgY+xPMVpc ICIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=WvCMs+oo; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id d10si262494pll.308.2019.11.06.08.56.37; Wed, 06 Nov 2019 08:56:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=WvCMs+oo; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 2D63B7F9A7; Wed, 6 Nov 2019 16:56:18 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id B234E7F8CB for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=o9Fk2O5Xs48ULpn5e1j3BGl++HHvRMT3pukKD1AVkrk=; b=WvCMs+oo9D9WgdctJRjj58Sak1 g2GaWPBFIFRzcpCckWexW/nd32u6mZZa6c/sp5K+KUtqV1hEgCxym+N7leaXFXy6j9AjrgplZWOTE izydCzgsK7ll10qwlZeUJPFR3DlChFH4RcTGUgUOHRzr+TW7ixTsDMUMJ66HphLcKfGvbmcAoP0+K Ppg0ptJjjxVgeuU9sYjGp7LH9z78dPaW/rw41TsYcLBXFPbW/yQKGLbCxzmag5Gd1ZItAwQTlAQXl l01iKsE/l9tslHpQsn0y0y/6+bgNL3SwA/DNKdSdMDYQMzKoN1tLSfcZr2kJBHlotYRHZNlEMMj8m SAtU7i9w==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-0000AA-9O; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007X3-Lu; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:38 +0200 Message-Id: <1ee2c6aa0210b91d1855787d9785a97f8312f025.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 1ee2c6aa0210b91d1855787d9785a97f8312f025.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 23/47] cve-update-db: actually inherit native X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton The recipe was called -native but didn't inherit native. (From OE-Core rev: f0d822fad2a163d1ee32ed3b4c0359245140e19b) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 35f7472..9470cbe 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -2,9 +2,8 @@ SUMMARY = "Updates the NVD CVE database" LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" -PACKAGES = "" -inherit nopackages +inherit native deltask do_unpack deltask do_patch From patchwork Wed Nov 6 15:37:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178744 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp880641ilf; Wed, 6 Nov 2019 09:00:31 -0800 (PST) X-Google-Smtp-Source: APXvYqyTsKueM9Vn8XlqEPC3ja6dYJvuZVBAxmpxfwoRROxceRJ/BvOwzSwxhOYLNmM/U3ExIK9t X-Received: by 2002:a65:6149:: with SMTP id o9mr4025399pgv.228.1573059631275; Wed, 06 Nov 2019 09:00:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059631; cv=none; d=google.com; s=arc-20160816; b=kzRG1WdSnQvmmut1ATYU6Gtlh3lIXM0rznK/7Cdh9paY0M/x4pJdun47gLztqBHo45 rl55xQAapI0RdO80n+f1YmwSy1tLxWQaA27ThkEvjPWrIy4gtAA6Oh2VHKhRuwOOTsZg LmTWSxVlff6nsDZJ3Lr+ImajAVGSt813YPj6XODz/NXahgjJr3NU/Lvo/o4ITyPeJnfI zM9RavQepYkFrKxf22gKgajTEtCFSI8iLQrKeLNNhJBYU6t4DHnoh9Y5k/4nKcwZoWr/ tcNdHqtRtj9HdakcTmBLCLmXUK5wctJXjqvStRkantUitRyooBOrBmC793cGpMiDAmqZ wBKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=Ath0qUY0eoT30GzffJHqzHsFjV8d+wmQfQbzjYHt0ns=; b=aDjznVDW+OxYiXN9MKXu4R7HdBLA6JlpSXn9541x7EUy+iNqT4dIaZUxwCwZdB6Bbl MGccr7mwdjcICePLGV95iWzXR3/cHkO8s5KeBJGeJmxamfX7zdIfuJYhA+1JICb4eCOc cZZOhA4kkNDesaKq3Hedfl1xCHcMsHgIl9gX0qf8eJTqglth6eA+qYMzYme0yzqFXFGl PrUfxEx9yIvy/c0qnJ5S1JvtTRH6RECo+6bXyaLA88ZIDRgIb6OwQI0YBaMtk85Z0ipU VEcNBTBCL1ueE8aNO7qvG8ZwUWwUFzM6/+DWv5E8ctj8TdMlTXYpCkucSCYhGct/iiGY fsHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=hcUYAWi9; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id y144si1701809pfc.145.2019.11.06.09.00.30; Wed, 06 Nov 2019 09:00:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=hcUYAWi9; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id DAC647FA35; Wed, 6 Nov 2019 17:00:09 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 38AC07F889 for ; Wed, 6 Nov 2019 15:38:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=Subject:References:In-Reply-To:Message-Id:Date:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=k4MQMpMc0QHdn9nlctlEHw4Xrn9vqeDVwI0xIcK/uqk=; b=hcUYAWi9lF2qVK03kQ6FgqVZgJ JOWv6CGKiLN44f0VGzUCwDs+3TWzXg6hCeh1nQVNezOVcipNZnCMSTwiprx2/kHoRTU2RRMDmDNIs eU67qXbPsEMA3zSVAYmHQHeRyAFez9yUHRVey+LcpZPnz/Wb4j0qNBvVwYM+4/u2xo9SmCiE0JDwG uJM22bqeKMxiy1wB/AU4kOgi/ZQOfvc2QBgxV7LoEbwIffGhtjMgRBcGjCNDzQaUah6wlC92qFdl9 Xq0ox1SNejPb6ZjT+77MHjANjzHyqBatKtXpPmmZ1D50IKjr2GXBOin2W5+YO6ElwnLzfqwxXGLwg oRBRvhJg==; Received: from [2001:67c:1be8::12] (helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-00009s-7b; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007XB-OL; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:39 +0200 Message-Id: <45dd5c1feb860bc1153bc0e22b1707b122868eb2.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 8.3 (++++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: FROM_HAS_DN(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: TO_DN_SOME(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.19) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: HFILTER_HOSTNAME_UNKNOWN(2.50) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf allow Message-ID: 45dd5c1feb860bc1153bc0e22b1707b122868eb2.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++++ X-SA-Exim-Connect-IP: 2001:67c:1be8::12 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,SPF_HELO_NONE,SPF_NEUTRAL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000) X-SA-Exim-Scanned: Yes (on mail.kapsi.fi) Subject: [OE-core] [PATCH RFC CFH][sumo 24/47] cve-update-db-native: use executemany() to optimise CPE insertion X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Instead of calling execute() repeatedly, rewrite the function to be a generator and use executemany() for performance. (From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 85 ++++++++++---------------- 1 file changed, 32 insertions(+), 53 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 9470cbe..a5d8e32 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -97,70 +97,49 @@ def initialize_db(c): VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ VERSION_END TEXT, OPERATOR_END TEXT)") -def insert_elt(c, db_values): - query = "insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)" - c.execute(query, db_values) - def parse_node_and_insert(c, node, cveId): # Parse children node if needed - try: - for child in node['children']: - parse_node_and_insert(c, child, cveId) - except: - pass - - # Exit if the cpe_match node does not exists - try: - cpe_match = node['cpe_match'] - except: - return - - for cpe in cpe_match: - if not cpe['vulnerable']: - return - cpe23 = cpe['cpe23Uri'].split(':') - vendor = cpe23[3] - product = cpe23[4] - version = cpe23[5] - - if version != '*': - # Version is defined, this is a '=' match - db_values = [cveId, vendor, product, version, '=', '', ''] - insert_elt(c, db_values) - else: - # Parse start version, end version and operators - op_start = '' - op_end = '' - v_start = '' - v_end = '' - - try: - if cpe['versionStartIncluding']: + for child in node.get('children', ()): + parse_node_and_insert(c, child, cveId) + + def cpe_generator(): + for cpe in node.get('cpe_match', ()): + if not cpe['vulnerable']: + return + cpe23 = cpe['cpe23Uri'].split(':') + vendor = cpe23[3] + product = cpe23[4] + version = cpe23[5] + + if version != '*': + # Version is defined, this is a '=' match + yield [cveId, vendor, product, version, '=', '', ''] + else: + # Parse start version, end version and operators + op_start = '' + op_end = '' + v_start = '' + v_end = '' + + if 'versionStartIncluding' in cpe: op_start = '>=' v_start = cpe['versionStartIncluding'] - except: - pass - try: - if cpe['versionStartExcluding']: + + if 'versionStartExcluding' in cpe: op_start = '>' v_start = cpe['versionStartExcluding'] - except: - pass - try: - if cpe['versionEndIncluding']: + + if 'versionEndIncluding' in cpe: op_end = '<=' v_end = cpe['versionEndIncluding'] - except: - pass - try: - if cpe['versionEndExcluding']: + + if 'versionEndExcluding' in cpe: op_end = '<' v_end = cpe['versionEndExcluding'] - except: - pass - db_values = [cveId, vendor, product, v_start, op_start, v_end, op_end] - insert_elt(c, db_values) + yield [cveId, vendor, product, v_start, op_start, v_end, op_end] + + c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) def update_db(c, json_filename): import json From patchwork Wed Nov 6 15:37:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178741 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp875071ilf; Wed, 6 Nov 2019 08:55:59 -0800 (PST) X-Google-Smtp-Source: APXvYqwMkKQH6TfTO/mxC0Gq74dCBj43jcp8p+ggZZ+rWgHpWs0svXroWBqCNrmEqlU+PA4gf+sI X-Received: by 2002:a63:f94f:: with SMTP id q15mr4098062pgk.412.1573059359406; Wed, 06 Nov 2019 08:55:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059359; cv=none; d=google.com; s=arc-20160816; b=jfwscoc+bmtKDfJzrzEn0zz2xYNLMn8yCgkiHZZs9eySHb3wIGfc2goQdp6AwNuoAD 7qPJeg9gBnXaD0nUMtRWV8wqPIUnVAs0XPIFSuS6gmR1FWtU/Dvu9YPobVqOv8r3DNbD 8F0Z6QzBGKtOWngjB+G21cXu+qVsbKPKeyoiQQcn6g5Iqpza/nnvrAZD4YL0usb3mSJ3 EPhDwZRsD0td8RJnOOpamMVdqQMc5guCPmJU+Z/YA9A9VOdyC3ZMN7nUe6Xg4PoK3pOd KmBzjePFHqSR5G6Wqamqm7Q178nSCB2/VniYaGTxl9m2U1OSH4q96TzILKjt+9b3/HVw Z9BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=hK50fvMlYl4amFlDe+mXz6Svxqafe1gAABza2HYV2+g=; b=wacW5j8+gaDA2YBEo8FnMXaS/0xEf+YDLYV7tKRhg3WDHLEfkMhMDhYWBd9mF1XvbH 37PB5fzL44fS0ocjN+X7FkVBOHXn7kl2d8JEJNo97fGvdDk86w2ywzuKSUrEVIpl1P29 8wq/8LOhSSXUHeqCTM0Er4UyOmdpXU85Vy2tUExZjsFW9B2hxni1RhTnr1x77qzhUK8t eEKoQn0tJoLXZlWfX5JLMA04Fn/isy4xoymkYFza4ZVMF1ytzMSOg77VXwLz1fKvfo3y 6DmeU1KaO/3fKk73VPN4BazMdn3S9MOW0hFHtmyaqd8t+wXL4o0BcoC/x2G8Ht7omYIU HOSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="y2f/L0qO"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id g21si7138540pgh.467.2019.11.06.08.55.59; Wed, 06 Nov 2019 08:55:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="y2f/L0qO"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 175A27F9A7; Wed, 6 Nov 2019 16:55:39 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 9BD5D7F895 for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=YI8XShzA0FjpelZ+DPcqRe7psfe++srLUXtyfUNaodY=; b=y2f/L0qO7djiz/P9Gga5LRsJ23 cX/r6kH3bqWBn5W6Avr4kqkXEanTpfukgrQf+gN+lJzaB/QL10hI/gPlvWdyPT7W51lTiUzWhpopT A6GWCHScVofh7SH60aSkctrXRepiA8Qda89qk8aeEJiJyOXPSdC3qIYZxwEmfeQWfHweSJ2p86SCE b3YjqFtiFOx8EDB/QXtimkXnnOGofzOoeWlOoo+2F9ASsKJjgOc9klPuHXtNbxG9uLllWUN4+YqnM Tcopz+Pj0ZhQfR1m4myIYEXJJNMucPurte0HmZIuAQo1tLnA3WrRc3O8szoDI1tlW5ZOS/nQh23Ye bVjcJAJA==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-0000A1-1q; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007XI-RH; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:40 +0200 Message-Id: <487417678e7175395516806742a481b47fd0a151.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 487417678e7175395516806742a481b47fd0a151.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 25/47] cve-update-db-native: improve metadata parsing X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton The metadata parser is fragile: first it coerces a bytes() to a str() (so the string is b'LastModifiedDate:2019...'), assumes the first line is the date, and then uses a regex to parse (which then includes the trailing quote as part of the date). Clean this up by parsing the bytes as UTF-8 (ASCII is probably fine, but this is safer), iterate through the lines and split on colons to find the right key/value pair. (From OE-Core rev: bb4e53af33d6ca1e9346464adbdc1b39c47530f3) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index a5d8e32..6907197 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -17,7 +17,7 @@ python do_populate_cve_db() { Update NVD database with json data feed """ - import sqlite3, urllib, shutil, gzip, re + import sqlite3, urllib, shutil, gzip from datetime import date BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" @@ -47,13 +47,15 @@ python do_populate_cve_db() { req = urllib.request.Request(meta_url) if proxy: req.set_proxy(proxy, 'https') - try: - with urllib.request.urlopen(req, timeout=1) as r: - date_line = str(r.read().splitlines()[0]) - last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1) - except: - cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') - break + with urllib.request.urlopen(req) as r: + for l in r.read().decode("utf-8").splitlines(): + key, value = l.split(":", 1) + if key == "lastModifiedDate": + last_modified = value + break + else: + bb.warn("Cannot parse CVE metadata, update failed") + return # Compare with current db last modified date c.execute("select DATE from META where YEAR = ?", (year,)) From patchwork Wed Nov 6 15:37:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178740 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp874385ilf; Wed, 6 Nov 2019 08:55:21 -0800 (PST) X-Google-Smtp-Source: APXvYqxw+xUbeWPpeaKfx2v37f4aQ1LKt9MVb1+DHLdQLPFHPAV7z+/ttqdYXXWsKO12SGHp4QDK X-Received: by 2002:a63:234c:: with SMTP id u12mr3903152pgm.384.1573059321431; Wed, 06 Nov 2019 08:55:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059321; cv=none; d=google.com; s=arc-20160816; b=KGzio9/swCi5d6kY4zSOucFiUlJMzcW1v95Ac3UxSwgJIG1dyJM9N5EzjYAunrycre yRN7wdP0d2+fp1ti5NaoDryJzVfjX2cXHaVA77ctdSz6+o0YR5GudphCeF5uhzE4ThEe IQ7KM8/Wf9vN1uTxrb2jLKwzCk+Xhx4qmR8QdeTG2g/YXJCLSafZCKMKohEvvfZgZ/Sy BlPpqvHxigu+hCmxOETdu4vWAsHHVFLL+fZqzyLbVpbik7dXgl2PTDXel4KE0DEvuKss Ekl1tFoOgEd3W/5oXPiX6v0CSAvKpJZuUTSlomXul1kCqxDV+BawLPtsWv+0bGLjR+S/ Okog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=Kq/IsCpS/yYJPTcWA2s6+Dc4OivuIZ2D7JkHqK93DMk=; b=evPcyVso5zjqXaj3ZVeKo4/QXeOJIdRtYp+gDEpPSASc5bSJmWcvMgL2SfcP0neTrl qEZTwfw1AQ+UHWX3Zv0T4FIeu6rN5QmowIaHSa8P2uzsr6QWLrcoWV6p07ajQ5nJfFXa 1SJ7XVb5s/hmQzZGm1rKxUxtpeQssqk4kadU2YQQqDculCdt3jflZzCQsdHcn0GrwfQP ScuVq2kP/vPpPeAkF0l7PcB4oo6Yh+RBDnWykMI4NxkLTbhTYCpk61TzstGI+UHFzcGD Zcs3Yk6X/tkZs0fm16eUOEfHEqlfvk/OypDt3oGe46YWqVlTAFSdb2Qa+9EQW2x0citI kMxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="jGU/z9yR"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id u15si14275893pgc.477.2019.11.06.08.55.21; Wed, 06 Nov 2019 08:55:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="jGU/z9yR"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 513F97FA20; Wed, 6 Nov 2019 16:55:01 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 9C5FC7F899 for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uGziAfjOSxnkNrexjZ/jkqOxvYb38GQuJYlUjrRSyek=; b=jGU/z9yR0QulafT0bJwt4k82UO c+50TUSHDhxc+deOgxsMVyVLNPN2gXVqv5rekTakhzEUKaQL4ZFATrdark77hWzIkMua1fmoi3tmR YWsQo6x58n6vtBJPoa2oEfrmhCSno8LZsI9N+/5pH7P7WA4G75x5G2Z2AyRQ2FL0aC4Y/pIghzenl jHICUY06yTFkeSnFURdoAurT2RLIDE/L2x9ZqY0DL264L8+PB//L6UGoH+oeA6ZHtkLSlnZz9CaX7 d4QGZrkD77Um2vatzKeyW/4a3KtP5KmlbtsNWYvlfdaNSGA5xP4TT4DY/UpSwyrcZvaNVLwkF/r/+ OQES51Bg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-0000AC-1n; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO5-0007XP-TV; Wed, 06 Nov 2019 17:38:25 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:41 +0200 Message-Id: <311cfe9aa30c7d4a9476dec12769d2c4290f5a91.1573047194.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 311cfe9aa30c7d4a9476dec12769d2c4290f5a91.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 26/47] cve-update-db-native: clean up JSON fetching X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Currently the code fetches the compressed JSON, writes it to a temporary file, uncompresses that with gzip and passes the fake file object to update_db(). Instead, uncompress the gzip'd data in memory and pass the JSON directly to update_db(). (From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-core/meta/cve-update-db-native.bb | 29 +++++++++++--------------- 1 file changed, 12 insertions(+), 17 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 6907197..a06b74a 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -62,25 +62,20 @@ python do_populate_cve_db() { meta = c.fetchone() if not meta or meta[0] != last_modified: # Clear products table entries corresponding to current year - cve_year = 'CVE-' + str(year) + '%' - c.execute("delete from PRODUCTS where ID like ?", (cve_year,)) + c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) # Update db with current year json file - req = urllib.request.Request(json_url) - if proxy: - req.set_proxy(proxy, 'https') try: - with urllib.request.urlopen(req, timeout=1) as r, \ - open(json_tmpfile, 'wb') as tmpfile: - shutil.copyfileobj(r, tmpfile) - except: + req = urllib.request.Request(json_url) + if proxy: + req.set_proxy(proxy, 'https') + with urllib.request.urlopen(req) as r: + update_db(c, gzip.decompress(r.read())) + c.execute("insert or replace into META values (?, ?)", [year, last_modified]) + except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') - break - - with gzip.open(json_tmpfile, 'rt') as jsonfile: - update_db(c, jsonfile) - c.execute("insert or replace into META values (?, ?)", - [year, last_modified]) + bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) + return # Update success, set the date to cve_check file. if year == date.today().year: @@ -143,9 +138,9 @@ def parse_node_and_insert(c, node, cveId): c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) -def update_db(c, json_filename): +def update_db(c, jsondata): import json - root = json.load(json_filename) + root = json.loads(jsondata) for elt in root['CVE_Items']: if not elt['impact']: From patchwork Wed Nov 6 15:37:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178739 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp873652ilf; Wed, 6 Nov 2019 08:54:43 -0800 (PST) X-Google-Smtp-Source: APXvYqyU26ai5C205LV77yLtpnGYyVil/7Mqv2nqWXw37o8vBqU9FaLLlYIJvLGg/jfFEpgT6sCq X-Received: by 2002:a62:4dc6:: with SMTP id a189mr4548132pfb.71.1573059283827; Wed, 06 Nov 2019 08:54:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059283; cv=none; d=google.com; s=arc-20160816; b=WmYQTZ1Kd+85rROZd5RqkX/Xh90NaEq9MAsPmzQgDZXXIJRPFsgRDOLADbCtfjCbt5 Dle2S+TYPjwtyyhg7117GMa19Y3FkkwKOMpy1DgETy/k1amD2xJySmcdxg3CY3sCCBcO uogt3HsUnjxlXQVqjI8z9i2OWV8BDW/+TbvEGzOTen/NmioggnRVlE1QZ5NlKbq4mKl6 plNMPXSqAhKvBckndl8LnKDLKFuOOvJG7BnYnQCInjWxVedTITFScHVc1hgz9lMM7jU2 rXDLwtz48G8N3XUAq7A/YknYWCF5gWNu7odaKpmjBYnwxvS3r85FzwoleRpX5LXBlH9U 5cEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=TP+ftPmc1pbmKZcPBqPZpdxS78p0F5HqmD3RVqmxQQw=; b=nUjOgt1lJ3gtn/HDEqB2cWBnewlaDiq3DPZpb5N7/Op7oT6mdI/Au/ihyEmw5ocqGp ElFd9XL8TaFd1fHFBPFgQwauTnVwnkXqe4Y0WfVMCew1XkKTaRCgb/GVd7JivsGXSkej gi8LNFdA7j2m0ci5FzSkfny3BxNyIcwBAv/kJhv+udG8VjOR1NlpLnQq+WxYOkYQIXt6 NApoOj7fID9RONNrTykm/gv6AsFywKXjUDJOezGZtPI1Ii8uYdjtztLx6zJCk22kIPgl AiBKSVhfMMojARhtffostnuZJWAYMIu5nzttbn5E0KKupuJ3d07k++72fjWeNArAN83p qiWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=mzU4Fcjl; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id g5si11524375plq.202.2019.11.06.08.54.43; Wed, 06 Nov 2019 08:54:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=mzU4Fcjl; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id A31DF7F8A6; Wed, 6 Nov 2019 16:54:25 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 965257F890 for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tdFatvKJdv+sHLX90Rez1O7FqZAZk2df9kIf94gIdcY=; b=mzU4FcjluIDRq7DaKA+yi9rCdb F7yoPc0ZwcEIJ/wva6/8165lY4CNMiuiS6rpbyRTEYRIDPjyDi+CI/w8k1HxJgqW68xZcpKENFXs1 GIacxrt0qX9M0vsRNb0lXlDmSw5snkBuTSrmPjsv21gBtsxmnOwxXTLBJeXf0sGaJl22jsDtLNy/W /kOcLhcJVNd0abX7x/JcnkY47lkZxjPXmuLnkYyAQ0BNQ+OKgG7l0wPFWdLwahM9ML4O5W7moDA5t uHndJ2BeNMF/ZATPyT2URX2jhVkFATYK6U1Ft9k83afffRawpXHl3g5GkuyuxDuqBIjJPTGD3fOBs fZOOD41w==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-00009z-1p; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO6-0007Xe-3L; Wed, 06 Nov 2019 17:38:26 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:43 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: d77be18c4f89e9b6ee1b22593a987da5c890df5d.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 28/47] cve-check: ensure all known CVEs are in the report X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton CVEs that are whitelisted or were not vulnerable when there are version comparisons were not included in the report, so alter the logic to ensure that all relevant CVEs are in the report for completeness. (From OE-Core rev: 98256ff05fcfe9d5ccad360582c36eafb577c264) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c00d291..f87bcc9 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -208,12 +208,14 @@ def check_cves(d, patched_cves): if cve in cve_whitelist: bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve)) + # TODO: this should be in the report as 'whitelisted' + patched_cves.add(cve) elif cve in patched_cves: bb.note("%s has been patched" % (cve)) else: to_append = False if (operator_start == '=' and pv == version_start): - cves_unpatched.append(cve) + to_append = True else: if operator_start: try: @@ -243,8 +245,11 @@ def check_cves(d, patched_cves): to_append = to_append_start or to_append_end if to_append: + bb.note("%s-%s is vulnerable to %s" % (product, pv, cve)) cves_unpatched.append(cve) - bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve)) + else: + bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve)) + patched_cves.add(cve) conn.close() return (list(patched_cves), cves_unpatched) From patchwork Wed Nov 6 15:37:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178738 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp872330ilf; Wed, 6 Nov 2019 08:53:30 -0800 (PST) X-Google-Smtp-Source: APXvYqzGse2fn42BsZWgP83b5XgNBmZKdSVi8+jz2qwXYOZDuS8OvRYro1FRvq65rssLJAtX6V2a X-Received: by 2002:a62:1dc6:: with SMTP id d189mr4617637pfd.100.1573059209945; Wed, 06 Nov 2019 08:53:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573059209; cv=none; d=google.com; s=arc-20160816; b=iaIyNxnxiNrHmkwWwJnodJUSj9RkMwaoymry6hmM71MZkEwQwRieOCfsYxEwMzTTlO Ep53viwlCFGVsB0rPG0KWPNvKLjkEZE7JYq289DhOCTKgjUSj/P2mbVAqsUPxU4Gh/Mu PHx7rMVfnt2x76+TPGsFwVfEEneUn2NdzotYoDceiLaFDPnEVVrb3KNqTxP6NG2xtgP4 zo3AzY3XTl+SLbn/83k+Ph5zErHE7uHmbpBUdCQUaT013ZX09wjB2IH0MOTpEKzLqjKS 00SIKyzZijBPFs/URwAEc8pBewYcHUIAJEqoJEnKcBqeKFumdzgnvFM9GlO5V6dfEiqA Z63A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=VW8Q7P+XH2AuNW1J2VDj1aLL+wHtwrdByKYs3gIXJKo=; b=Vz0uU6Y+ByipNRFiONktFXrwaSPLSKmPE0kIxUz+zkqN0cvaB+rJ9tu6vg0e7Ts9Oa L63MQ8LHaiSJL4x55EQ0TeT/QqNBExY3+jxVGnyumE2uenQmNO6pGdWzlB1UiDKvAKmd 8sle4ZHYQRNt/ZDSvo93qJ/JuNXVdmRB8qYquCZkHol+EdnQwdJIYgYv4GHh2xRLHJZX 9D2sXKFhCGTYRVal0BpDgAyT4pI3SkR/aoTpbWvknWXtSr7RO+H1mWUrgjORcO7Y9l5k eH71i+uqs3bZWfExo+CI0ADJZg3RD0EstycyBYU+ZIKB6ziE4rYpMSiEMyVQml6SEXNw qv7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=UMRGPJc8; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id p5si1805120pgk.393.2019.11.06.08.53.29; Wed, 06 Nov 2019 08:53:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=UMRGPJc8; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id AFC207F8BD; Wed, 6 Nov 2019 16:53:09 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 903687F88F for ; Wed, 6 Nov 2019 15:38:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IB0Se0/PPjv+a0I7BUhojFd/G01Ke9y481dOtXNbpYo=; b=UMRGPJc8gpRzCTwWy4KDrJZEWP LAMQVXb0RRPSQCHqH+9pdx9BOKT6JaWQhWcDIcNBzHCOAlVHXtziVIWteK0fC9ALypl1Pn01zm9oT PozSYTDxk+UsCT+4ebLi3/XJ4MwgyASksR9EO9yptsH1FrQ620rAJ8JyPraqJXmDO7zHKDaVzcOl1 XAntjdu5eD2lAPGYLnZ84qU8b+pUQzyr0I9jfEPmWfFF+YIzvWHwVrVd0PqCOsv+iJSkUbvqoFDtq 9VKNiBEFJyDYHLqOpvt2MEZfww9JPRw+kSckyK31l+ULU624Q8Vw0FWKMh/snhK0STrpwkzSCmxvF pmq5eEjQ==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOa-0000A7-1p; Wed, 06 Nov 2019 17:38:56 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO6-0007Xm-6Q; Wed, 06 Nov 2019 17:38:26 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:44 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: b6af9b08acf718d80139a894479b688216f32012.1573047194.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 29/47] cve-check: failure to parse versions should be more visible X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton Signed-off-by: Richard Purdie --- meta/classes/cve-check.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index f87bcc9..1c8b222 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -222,7 +222,7 @@ def check_cves(d, patched_cves): to_append_start = (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start)) to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start)) except: - bb.note("%s: Failed to compare %s %s %s for %s" % + bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_start, version_start, cve)) to_append_start = False else: @@ -233,7 +233,7 @@ def check_cves(d, patched_cves): to_append_end = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end)) to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end)) except: - bb.note("%s: Failed to compare %s %s %s for %s" % + bb.warn("%s: Failed to compare %s %s %s for %s" % (product, pv, operator_end, version_end, cve)) to_append_end = False else: From patchwork Wed Nov 6 15:37:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178737 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp867740ilf; Wed, 6 Nov 2019 08:49:33 -0800 (PST) X-Google-Smtp-Source: APXvYqxzmlJxh/ExTWtMZAqTu0jnJaNjZuJLxdT4VOAyNg/0AN0Azw2TXz3cHtV+OvWTvdmkxMCs X-Received: by 2002:a63:471b:: with SMTP id u27mr3889146pga.96.1573058972960; Wed, 06 Nov 2019 08:49:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058972; cv=none; d=google.com; s=arc-20160816; b=jXbqQaI3GEQ8TCgKY+Qx0gLuUK6w3VIwQRcSin2PwOGW02K3NfKX94Ie4pL3O0oxRN 5LEH2ah1/AaAw/MGIIRu8NKOKFDWxoeMvFSHF0qmG6wLeK+oE9E43dz+Z9swjH2f8K0/ mV3dwNTRRbYKXCmkDdSOMGIQnwmuA5487VWYdof7BPJak+fS9dyL56reJyoroRT5R4lU ksZmZa9MgZnESImIq0tVgojvmD9ihr2Y6+WzCkGw9fnTejvKTh7EfHkFVqYEu4QVybbV LUUfq03nsD+yioRjsefgPOgH3aQpckzDOfTyMcSMrzfJKzU6Q/4zHexdm+ylxe4yqO2i D9Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=aDDMxqmrHoMavCYXI+VaptcV6SOATbPKpllcFAdaAvw=; b=c/VdKvNiuQWvwjp77s4QiMshFSNLaVoNNlMUx9oO6J2SSGkmuRBUkIjEhsanZCAvpp QitAD1jGHSWu/jWD2UZeUuy+CTa4VehXbaTUoxL7OrzHQq49lTvGXfrje6uJuNE+5/6t 0CwH8YXHjCYOAO7xLZGaV99uEddE6zmWaFLhSHxzPY0hhxafipxWVaN+vgQd0Ocnsm/t C0+PE88X4xVio0uA0FldUNLV4MB7ubIfjKD4OMbPW4PZrl6i7V5kJd+5arP83CCk7iQE RyxeNLPtKj13rq1LTle73AgRuuh4zF0yMA6fyrzEXK3wPfVKlj+2iEjQx2aQkOy9zqUA hItw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=zAncJV+N; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id b7si30906579pgk.595.2019.11.06.08.49.32; Wed, 06 Nov 2019 08:49:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=zAncJV+N; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 88A747FBAC; Wed, 6 Nov 2019 16:49:12 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id E10CC7F83A for ; Wed, 6 Nov 2019 15:38:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8JSNFkyDfKuo+l+0fGpLSm0yIBtedUVWQyGfc5D3YsM=; b=zAncJV+NfsbBGXYLD7rceEVHqt ChJcrtFGWe7r8zn5mxLs1my8WtdFlrhtaLbnUGDBsjjaD5CmUo6UcWtRmOVkrChM97sM/R+CXagpm p0RI86Jdj4nrWeiAEutcVSOXpaz1IzK7GgNabveok2V4il0EpgteuuEX/b+WTMSgnywBe3cA+plJw xLnhgNn8VE4p8nFXPB49r/sITLyfOVmkqxyYLHOntOODA0ePC05l0qmZjPBvKyd8B3NZSUaDnorch W0/HHhGwS3RFuPRlSlO2IKaRibiXaoyhWOIVXULiDMzJODz4QO+V/B45ZzqWqJ9i3nWdsfX09dKID 1V/hhagg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOT-0000A9-My; Wed, 06 Nov 2019 17:38:49 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO6-0007ZO-Ro; Wed, 06 Nov 2019 17:38:26 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:52 +0200 Message-Id: <7c267e1400c6cddd22e256a6705233f2e22d49d3.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 7c267e1400c6cddd22e256a6705233f2e22d49d3.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 37/47] flex: set CVE_PRODUCT to include vendor X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton There are many projects called Flex and they have CVEs, so also set the vendor to remove these false positives. (From OE-Core rev: 0598ccdcb31e16f1d1227197591b10ba441fcfe2) Signed-off-by: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-devtools/flex/flex_2.6.0.bb | 3 +++ 1 file changed, 3 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb index b89b751..954fcf7 100644 --- a/meta/recipes-devtools/flex/flex_2.6.0.bb +++ b/meta/recipes-devtools/flex/flex_2.6.0.bb @@ -68,3 +68,6 @@ do_install_ptest() { -e 's/^builddir = \(.*\)/builddir = ./' -e 's/^top_builddir = \(.*\)/top_builddir = ./' \ -i ${D}${PTEST_PATH}/Makefile } + +# Not Apache Flex, or Adobe Flex, or IBM Flex. +CVE_PRODUCT = "flex_project:flex" From patchwork Wed Nov 6 15:37:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178736 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp866954ilf; Wed, 6 Nov 2019 08:48:54 -0800 (PST) X-Google-Smtp-Source: APXvYqzOeHLg2TaZ1Q+nnNiO+tSsH+jXJb1pClJJczU+fPJpMQpbsFBgGSdmTTll2Rh2ddo+K0Hn X-Received: by 2002:a62:1454:: with SMTP id 81mr4504772pfu.86.1573058934281; Wed, 06 Nov 2019 08:48:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058934; cv=none; d=google.com; s=arc-20160816; b=KO/bYTMl69enK9zGEj5y9xcuBJkOO+43rF/3uvxpZDEhQjwx+FmEQ1qHN7HVOJQMIm YfEoDDNOnwHeLvDilSqliJxevFwwOthU3J8BBjRYJcYoBGE+jiQx5pTvinc8oUl2rNmz bqP1Boq1opVFhhwSjavojWJg2bcoel+/+3OfzBP9nB7KRLHSHBTaMR6ETzYK0Mq9ssYj 2F+4j6AlKVSE0a97C/8H9IQuydHofGHS7cyq67Ze38LGgK7vVZBiJp/O3NzWRdQm61i4 D0LeEK3aCpHEpwRgBz0acMF0x8SHfuirOXM+jR9AEwW5kUhDvrVwGud+vNoq91hzj6QY OyoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=or+u3hICqJClsBRks3pnat3V/AQ2nN/GJT8EkNT4NSA=; b=Br34ka47OmX1daTSUr4NHO8llbOxs8vgGvqtfV5YcCoYy+PvSfSfvOvdqeCENLS2sp blniFU5ZOQi3YttmXN1KFtLFkcTRmpDAzGtEbWFyyh/qAfM5+FfWpeRsir4qOpBiRhqF M1BQ7bzmxc+kYQn/9gNnBb7uOLj5YPbj4cmiqvm/qHF1gzxAvMY6KsIdTY4kS8nWTaXc dW5RIHHGcUXE9xTQXKfALDRDmODPMUataqt3DtIzrxzZXBHyapKAyWUur2/O+lX95Ang cJmlrsqf92axHlJxwO9PTHN8c2fx12p7FAA0RKLKS1adF70tTQXQnbFMJBfp9awRqqm0 Tq7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=ys+uVgEI; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id j20si32523713pfi.156.2019.11.06.08.48.54; Wed, 06 Nov 2019 08:48:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=ys+uVgEI; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 324837FB0A; Wed, 6 Nov 2019 16:48:34 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id D44827F859 for ; Wed, 6 Nov 2019 15:38:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=Subject:References:In-Reply-To:Message-Id:Date:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Fg8KIIrLWfZ3gZdES92uJoQeM1dAV3JPXLdgrbPdXok=; b=ys+uVgEIWuUd5gE0vtuJTv8W47 e52Zr8Id0XQyYt1k2YzcCzdg5KhQC6bxJijXTWQtKlkSqUY8j+3m+8JVF2cBdJIsZ8GcNzJU5kS2u 9L4kr6zAwKZeDGn/WKynHSNNHFnrsWMymhAwmg4Si8dVj56krYutq0TqZCsZZoS2cLyIBcCd7Lu4p nnMa41TrU2yZP2NPbew5uWKr6ytXxwaFnbGhTJeqVrNE/i1SDeuplLGAasbUWKVGJJT93t2IGElnE M0Lhn4t00+f0UM3Oi+iCBWhw5ATNEK7aKSs3Xs454Qgpb56ImHGhS5RBUWdCIMWulhmLL3wi8r7hZ piPCKrjw==; Received: from [2001:67c:1be8::12] (helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOS-0008Vv-7k; Wed, 06 Nov 2019 17:38:48 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007Zg-0W; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:54 +0200 Message-Id: <41d8d02673703e0e2b26f08414e485ca3ecadb5f.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 8.3 (++++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: FROM_HAS_DN(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: TO_DN_SOME(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.19) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: HFILTER_HOSTNAME_UNKNOWN(2.50) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf allow Message-ID: 41d8d02673703e0e2b26f08414e485ca3ecadb5f.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++++ X-SA-Exim-Connect-IP: 2001:67c:1be8::12 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RDNS_NONE,SPF_HELO_NONE,SPF_NEUTRAL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000) X-SA-Exim-Scanned: Yes (on mail.kapsi.fi) Subject: [OE-core] [PATCH RFC CFH][sumo 39/47] libpam: set CVE_PRODUCT X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton (From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-extended/pam/libpam_1.3.1.bb --- meta/recipes-extended/pam/libpam_1.3.0.bb | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/pam/libpam_1.3.0.bb b/meta/recipes-extended/pam/libpam_1.3.0.bb index 92ab72a..fbcbfa9 100644 --- a/meta/recipes-extended/pam/libpam_1.3.0.bb +++ b/meta/recipes-extended/pam/libpam_1.3.0.bb @@ -49,6 +49,8 @@ S = "${WORKDIR}/Linux-PAM-${PV}" inherit autotools gettext pkgconfig +CVE_PRODUCT = "linux-pam" + PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," PACKAGES += "${PN}-runtime ${PN}-xtests" From patchwork Wed Nov 6 15:37:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178735 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp863680ilf; Wed, 6 Nov 2019 08:46:15 -0800 (PST) X-Google-Smtp-Source: APXvYqwCpLnELV16PXYFwnAwzg6YyJ3N2BMrXBehxWfqgXp+DVG/yF4tU+P/+ooMYnF9gGFEDPA+ X-Received: by 2002:a63:3144:: with SMTP id x65mr3597276pgx.283.1573058774879; Wed, 06 Nov 2019 08:46:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058774; cv=none; d=google.com; s=arc-20160816; b=vkNzllPkC43oTuakaXBooGPauYs0YV3cBnI7ASFdQIvbvDCMdUGDGNzeNeqyBvKdfn VSo13cICKeKYqK3cVOAzx0go419uj2RNzQ0GwzZ4gupAW8GYqVqWMyFxXRx8sfKrzATJ ivWvLD1/UJuXxwakojuQId7E6zqVVLkH4hShZ2nBm+lnZJ2HnL9yMnv1aJ9zi/dG1zcZ CnvjJDE50X+JANS3BM9c1Z4/8KeqClAAgn9vXjZAHjL9TIz4E5GHOLWFDIPhLPJ6P92j pCnLP2MnjtRGTCQUeR3N4jVHYsNHyQWSmtmQTvRgugETHM9Krm1Rb0NxA1C9g0toh3eb jZaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=jGBPdiSqxD8XL5MSrc+4/lnslWZ5Oylofgn1hkW6k5E=; b=pKbvzIsp2k993wpMAZ1rqYU7clrBDtu7lbnfSg4h7WwKa53JxBuvecShk6iDS9VEXS pCPO9UJdt2Tarh3/ycXj6VKDn/ee2591e2ZrDVp7N5PcnAWb1+ogcKDPjrikG2q21Sfe ATK9JIf+BtKEeLs3DTsjOdJ6jGi/38nTmzliLZ85a/Tgcdnqv0qWKH715mGN/yJ2R9f8 Hstbpn5CwT9vsNXBJ8dyH9ckVKKgkH0D9fDCKivLjbHwkOEUP3AcY/qOTHNl0VW62qye ViTnyx13MtdocJL6/ZCzcNRvzoBx4Zzfah8GtYmvnc+soOryCdDkX5lCmQFW1emfV3XF 9V8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=gCsc3B2r; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s16si6543653plp.416.2019.11.06.08.46.14; Wed, 06 Nov 2019 08:46:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=gCsc3B2r; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id ACAD47FA9E; Wed, 6 Nov 2019 16:45:54 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 4C2E87F895 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=atJbTtcY9rLbnvHA8TtUUDN35ClQHHb0dV3U+2Zy6Lk=; b=gCsc3B2rfb9/EfK4UHQpM12AD+ ijtODOS7Z8ws35/p0iCYU11QDPfSniAM/qVUzk8poNZ7JFaG+cIxJNbJSCljdfeshn02C4Amk/zq7 bYKlFnK8JaFCx1cofXiZnGx6/jfMNf37Xx++GkUqKTrRPMLMVIruoFSMs4lueJjxhMi9kMiylrKxn 67NucLYl7Z7h6es9791ZsiJvQWanxis79NFbSSERlOxppldTY9hVxBJ4+BqbOrERdoQbyQ6HRn0SH pVN/GxWv5kVQa8o16+0alSg2uKczJmaTAw7q6caFkLR0MtCN+hJ5YBYO5GE0hZSTFdRuHdpHnNYsM Qm3LF2Rg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AA-V1; Wed, 06 Nov 2019 17:38:46 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007Zq-3H; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:55 +0200 Message-Id: <340de0c1062a72149b6b3b399215bafa61a52562.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 340de0c1062a72149b6b3b399215bafa61a52562.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 40/47] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. (From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-extended/procps/procps_3.3.15.bb --- meta/recipes-extended/procps/procps_3.3.12.bb | 3 +++ 1 file changed, 3 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb b/meta/recipes-extended/procps/procps_3.3.12.bb index 6e15b0a..d4ebaf9 100644 --- a/meta/recipes-extended/procps/procps_3.3.12.bb +++ b/meta/recipes-extended/procps/procps_3.3.12.bb @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121" From patchwork Wed Nov 6 15:37:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178731 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp859937ilf; Wed, 6 Nov 2019 08:43:08 -0800 (PST) X-Google-Smtp-Source: APXvYqxh1dxYcma04y+1rfogyypw5/8hD+JWqzvr1Vjx97UPE9kGQuoWM2CbWDjkpK0WXVlfLVZu X-Received: by 2002:a62:18d8:: with SMTP id 207mr4369894pfy.15.1573058588629; Wed, 06 Nov 2019 08:43:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058588; cv=none; d=google.com; s=arc-20160816; b=r5lCgUKZMKpeZhhtXRwDCagkpr5+4/+1YTH3mb+TpqXdIceuYxWIUErVW30jlazA/f YG7udlVGNNn1dg3VLc216wsTOyigkgDTR5HEysNnEwKDL2Mb65GU36m2aOWgmqdSnlH9 FX19kYwU9ibFtp9TsjaguHecIMIPrUf8xBgNhv4GHZQNgOKyves8feHb3fKFptyXGajG aDsjqs9ZpNtNXn0ckNM+yZ5Dzl9ZVzY+kTJgtCZLxneFFT2QSf1FxNoioIJv7x691CQ5 qc+kCkdg5yK8GlZi3R/W0hx99dT/i40jdpw12+HunOaptURSbKdzTi8PDBylsUKPc9hq bYFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=uSvkU1Rbp3G04y0jAsYuh0ysFlcxn6plGqMTKPh0/64=; b=X4XOHi6cCJAQ1NAhrERueY9hOerEM+vnEMqfyd0tYe63k2+95TSQQlC/WT4f4ZIKfw yVOH87zb5/TuxW15pFgGNRAXDQPw07zJpuCObr5z5C+NHnYibAwr30PLhZBM+aeyS/1N DKgOzumWlCq/OTXlgVcX3b8zXE8xXxVmQQANmyl8RDV1Mb8ou0CN4pTDeJ9bzX2RLuYV Z+NcQh1S5CHM1ewxahFktCGv3o/lodDJUTtPaFczLUaLXKxMI6rXbTWcOu7gqZt3gckl GuCAjxnatQO3n4gaguGklVqJoh8nYq/aN6UiWdEcycG4RpvygtieDu9EiD9jOUAZhE1E Od5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="B/3NqXgK"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t5si30505554pgc.423.2019.11.06.08.43.08; Wed, 06 Nov 2019 08:43:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b="B/3NqXgK"; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 6227B7F89E; Wed, 6 Nov 2019 16:42:48 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 223A17F889 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dCJKtxLAlj1VedhvFZ86eAM28Jmc/NFjiWM5T47hVuU=; b=B/3NqXgKZFsFliJgljESA/y1hQ jRoJ2KDWD6dRuQwUZEquSapT5SQ0qLsujmQGmqK/naYe4N8OxJKyIVc5zoGlKYFnJNPnJeuUOzqBJ bKz83e6oY3XWWKmyiJClqoknGm3DwQwpQK4qAwsjOeeaVVDWhVbx+qKrvPbM9COJ9k+5WDoVg9zRr AvM/N+YqZl9galDHV9OleQK/jCFkykmYADuvDmH10+mSZ23lmGNpkvF7lY9JaKAk/ucSid2NQCnaO PdJOaC+er9lTFn0qaXLtdX38Tdt6Cu8mFXCkKZITuCyfS3mUj5mi4k8GxMHwB4Ny8ANpqaVh6e+p0 wurIz0wg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AJ-Nw; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007a2-5o; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:56 +0200 Message-Id: <57017cad7ceeb6360d0fd8cc3116146117212d96.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 57017cad7ceeb6360d0fd8cc3116146117212d96.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 41/47] libpng: whitelist CVE-2019-17371 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng recipe. (From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-multimedia/libpng/libpng_1.6.37.bb --- meta/recipes-multimedia/libpng/libpng_1.6.34.bb | 3 +++ 1 file changed, 3 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.34.bb b/meta/recipes-multimedia/libpng/libpng_1.6.34.bb index 3877d6c..2edf268 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.34.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.34.bb @@ -30,3 +30,6 @@ PACKAGES =+ "${PN}-tools" FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" BBCLASSEXTEND = "native nativesdk" + +# CVE-2019-17371 is actually a memory leak in gif2png 2.x +CVE_CHECK_WHITELIST += "CVE-2019-17371" From patchwork Wed Nov 6 15:37:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178734 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp862170ilf; Wed, 6 Nov 2019 08:44:58 -0800 (PST) X-Google-Smtp-Source: APXvYqzf9oKitFvMvKVg1lFwUSOdoAZlpnLbYAM1X5YdM+c3uBuczNjpYN1sz8sEpOI0QPVwBFsm X-Received: by 2002:a63:6581:: with SMTP id z123mr3956886pgb.367.1573058698725; Wed, 06 Nov 2019 08:44:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058698; cv=none; d=google.com; s=arc-20160816; b=XFxQTUsS/5nqyqCg79WzMbISt+GDigJSw/TOu7774dkHkrAS2V9036ltJYH97vitrx RCW4bt2/FENb9hP50xBZrk7T7o084kTtJBoCrweKG4PMimpmEygT8LHzAaNDIn9k89Fc J4V5Gfl3LgASWN4PcM5krH9oGqp+gbT8Jww6PkKcdS7D3lkTzh/r+1L1AA4TnOFNNbcC wCwy++M6r/Zt1FFf7xMxoaizfxQsD750yB+0KXWIe+cCImIrqUf+Fbm8SHm+tV0FVayS DrAqoYj/0eiGUEM4FS0dLFoRrDHwD9RkOKOM5vp/pMrxV/I8zHVq1u2yPpMvzohNu1Zv p7OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=U7UsMOR2J/x5Mak9SjSUS+lNegsUm+MSZCnoLLzIJmQ=; b=IrraPxeSEqZRwQkrU0GmdsD2iD4dLp4lNumbqyDaa8i+p3ensSbgqKshg3VGih1HFV lj6HL65UqZF2moYvCMZ5/Vc9Ns1kCsoCzXMFvvVjVE0vXl9NBTjmiuvVJiZ5cogWqLVW ejFoCHM+o41WXPyy5JIrQ0Qlf27fdfDUSZQrT81FcNP2+y81m4rRPyh1WpKae6OgdPKE 4f5PVMHbpHUPrwMDzC2bOGRu67ulJ9ciesunQRfrMXyXZs+i+OEBWsZPZmUAXbL/P0dt jDTKia71VxukbFDWdDEVuDsAh8HCDHj3uw2bTJE4DJAHS7tMz3zUy79Kp6zerx0FnXCG rzEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=MWgfBJrT; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id t14si9603731pgi.208.2019.11.06.08.44.58; Wed, 06 Nov 2019 08:44:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=MWgfBJrT; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id A5E577F876; Wed, 6 Nov 2019 16:44:38 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 300B97F894 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2sBoPjGOoi0PoTMT5nu/cS3D2xQgSQ6bfCtsZUQisDA=; b=MWgfBJrTzGI31HxU/IqnM7f5bp grSkf8eMrbL1jbOiCNTAx6DMUcUqRHYBsRQPEcahGVuvUleGcfmLtgbkH591mQEfbRWTwHJmOKdRd EUwiZa/VFbekbWbwRwwBA/63RlT9kQa9kE8NmO4LAVO5sX3n0jELpSjLXx2Vg7EIrs5gc6uiAl8oj RQsHZpfuwcHyeXlIMCypP1raru0JaA2UDG5RavROgTosQ5dBgYbkXM6dJptIzyhuy+V3t/JDf+AQW HFP1voPTsaFabRoOzBxgxbELkaJEwdodeQMORaACZ8rf5LXJg8NHzdhJGRAa4Qjw+kkJbTB+1xfKy fm9ja91A==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AB-Kr; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007b6-DA; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:59 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: e39799f826ed237fdf2a71a0c3f824a8eda7c5ea.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 44/47] ed: set CVE vendor to avoid false positives X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton (From OE-Core rev: 2c3d689e4f78d8ea00b1bd2239af80c8fe038074) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-extended/ed/ed_1.15.bb --- meta/recipes-extended/ed/ed_1.14.2.bb | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/ed/ed_1.14.2.bb b/meta/recipes-extended/ed/ed_1.14.2.bb index 87d03b1..79d64f0 100644 --- a/meta/recipes-extended/ed/ed_1.14.2.bb +++ b/meta/recipes-extended/ed/ed_1.14.2.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7 \ SECTION = "base" +CVE_PRODUCT = "gnu:ed" + # LSB states that ed should be in /bin/ bindir = "${base_bindir}" From patchwork Wed Nov 6 15:38:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178730 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp859052ilf; Wed, 6 Nov 2019 08:42:23 -0800 (PST) X-Google-Smtp-Source: APXvYqxBOCRTmilZlymOImaZJRW9p/pvT+qehAosy7QuXZd8RjmXL0J4tiioyZG6iFNPco055c3S X-Received: by 2002:a63:2d43:: with SMTP id t64mr3908257pgt.428.1573058542846; Wed, 06 Nov 2019 08:42:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058542; cv=none; d=google.com; s=arc-20160816; b=oYCQz7h5QERvPvut0NsJJPHIiE9AuNNDsuRV7Xu5Z6uh+3bi6c827wL1AKp+GzSiX7 b+J/vU8LF1x2JEiavCrzlG4nQZPlPSmV553SKgWzXOV+gXRPwb7K9/LaQYOZQUhhENzQ LltDTR6VUBmAmCu2knTDebxSUzdiGorsz5ZSzx0/gSrxDBA7KOetJ6SmJsmFfjHjP1qn HUFuSt4DgEm5OUephX9i1UzE7anWbcNC/AFwWovYQ38p4Ae2NmoWofC65KEoVIiFymr9 dlIgQLmEWomgSX7cv/nPzFyeUo3kMaxzvQ5cuF+ax0OFGS+pYUcqIblP7vOUDGAymEl1 BsIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=V2s0gYRQwl4eJwNGAHvwqummlRYXtOrH5bUnQMtd/nQ=; b=xpUesy6SibEB8PObLsgkazNKezvsq5zp+LfS4mNyJErQWwEIspbZdcfuCaGomT6E16 RtLuMESwOcn3UjhrpPkJpRvFAxAdoh0ig5DsPf+PG/vRpF2LKuQBHPDKEi82XU6nF7XZ 6qSnjoHUXV6fV51iAuIJQ0sBPpXaw3SaGrb6EI6WWoC8KLfumXQE4FoLQd20MHCgFQe1 l9Osc4spgys02VyDf1pjv84V32/5oKe3UdyaGqANVvtwF4a2OqnFyP0YmjwwbtqstQku IecAvpfrlyuAamTeu0Wv2sD22JW68eo4nfXFSAx9n/tRLCzDhW07/KvdTjfyy+VDlBOj nyZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=n7lAw02D; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id bc9si28807308plb.199.2019.11.06.08.42.22; Wed, 06 Nov 2019 08:42:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=n7lAw02D; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id B10157FBEB; Wed, 6 Nov 2019 16:42:01 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 293307F88F for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8tnzYFOH7bo02RhYrrRtv7Wzz9HDsXtqUmqENg0fzRY=; b=n7lAw02D1bP+/zJVMo6asl6e6+ wAQqOEnW+vPqrR6DdGl6oHy0e642z2CnF3YhZPHKiA4myqIQCN9ftPNvFj8e49mv/q/OjpFU0S7c/ yU+NZ7SleXcuZUelUc43EBaZMqpJ/7fP4ZZ1fIuOw8eRju6R5zaTgeqKv7JXnmQ4lV09zA/4Iq3zb HTNvQGGb5mGuXNa1IUL/27BIdtGBnSXFJDNqMTcDpkB2Tl7wgCz5Tf9Zirmm6fzEImG2tTDCl0I96 PjlQHVJCblPxr3b5TH5w/lDbkRvw8VXrYdVFxKqgQf9mZmGEqbCG9KAOgOZiQCSvFdLA033KxaVsY qj+i402w==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AC-KU; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007bH-GK; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:38:00 +0200 Message-Id: <2c153c88bc31ad7d01dc844d3a223e257fde7d09.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 2c153c88bc31ad7d01dc844d3a223e257fde7d09.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 45/47] boost: set CVE vendor to Boost X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton There's a Boost module for Drupal. (From OE-Core rev: 30ff8bb6502d45549c698be052a1caf4cb5c611f) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-support/boost/boost.inc | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-support/boost/boost.inc b/meta/recipes-support/boost/boost.inc index 0461ec6..9e26102 100644 --- a/meta/recipes-support/boost/boost.inc +++ b/meta/recipes-support/boost/boost.inc @@ -2,6 +2,8 @@ SUMMARY = "Free peer-reviewed portable C++ source libraries" SECTION = "libs" DEPENDS = "bjam-native zlib bzip2" +CVE_PRODUCT = "boost:boost" + ARM_INSTRUCTION_SET_armv4 = "arm" ARM_INSTRUCTION_SET_armv5 = "arm" From patchwork Wed Nov 6 15:38:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178733 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp861398ilf; Wed, 6 Nov 2019 08:44:21 -0800 (PST) X-Google-Smtp-Source: APXvYqxAfganGJwSy5/EXYA6ISWoxB9p8izu7aDgU9g8L0E8drI4oqZgqbKcUNtuoLhQNGGRlGQy X-Received: by 2002:a63:e53:: with SMTP id 19mr3965350pgo.378.1573058661070; Wed, 06 Nov 2019 08:44:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058661; cv=none; d=google.com; s=arc-20160816; b=FPDwkjCgt3Ojpci1BMzbXLTDrTnUT/5Vn0hpA+LHslMjN7kwkqFvR4qoohtkV7+VBd 0Oop7qk3EtfEuMYqYo2cmY+uAeQyrYM1HsuO3PInEHS+p4T3UJeRtqYizaB6/GG5BG9B N9TtH/EKmZHekfS2/40qn8JXdTZ8DS534/yCGYmN3lagqPBdAdvmHzWJfxu4eXRncbsr A+9xEkSp5ia0xtD+KSQJVoQuvRMwhCcew/UY/X9uxFho9R9H61agGNIIxUXZU2yAH0Sg 0RfKsfqZQw0OCtJVZeJ0ZdupKKiHOu64CyPD3LlkB7GTau4O2cUvrlyAGaMLtaHHlQz5 nsig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=oLB4qImDLYzc5tG/To00V6ODIH6I/2mndbOu14nX8J4=; b=N7lObxhH10UAa4hOZmhOpYVTFpHPX4FqNve2uzbPeqZXQZy+GFxfJyylj58FgMyoD1 oy8cbnJijbUGqpobV8HvUiVQ6zWCRy/Ly6R+YLT6veOVk3c0mYEwtR5ySDMlNIHcbCdr CfJ6gYfRJ6YBoHJAshyTv8PQocVmOf3ntk7GY7FZW1dspmtbAZoNfm94pj0Iga4Y8eh2 siq5bOxy+K7qF+pf8QOV5IwTBMsVi83nrsgR1MRSAy4FpxpPfBlYtjJsHbQ2mxO00F28 QyQa49DeWYDmjkAHGnZKnpBN9qsAnJBYah3PMcSpHIRQKb/seT1ixs/CNhXx7BwYBxM9 jpug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=begwDECx; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id i16si31867605pgj.439.2019.11.06.08.44.20; Wed, 06 Nov 2019 08:44:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=begwDECx; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 8FC177F89E; Wed, 6 Nov 2019 16:44:00 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 288377F88B for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GG7FH2LmY7qetVZ8Po3/O357XZCNxQMLIkj85KPUjT4=; b=begwDECx0iZ4bmQFdrFtJf9tnd XBWujoza+WEfZhaF7c3Xgl6vacb3fr+3f3LhoUAmmwrJNKqLL7bhAFh+yMTCXapzEfqplCs86P5Tr 9uWt4ADlBDOvPfnqlhtGe0jCNsaQT4/D1WhYU8/KexPlI7uwoP/DUXdd9VaBuhYZwl5KxNRoys8en fonzwNAjnO6XHNXfUf1WHuxUoS3EBewTgLITm9DnQiWMWpZghQNqqewdOaYzYvs8SvJX9wjfmpqMv oeibDlI3HtFFrdgmG9haP5Yv9jzcl+9m3+BfepfmyteQ+l8xsveZNSPv4oAPrE4Q8o8wW3gEVaRLy eVMsAC1Q==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000A1-Kg; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007bM-JG; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:38:01 +0200 Message-Id: <994b3f7ceb564a18bf2bf1c280d74d4dd1c80246.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 994b3f7ceb564a18bf2bf1c280d74d4dd1c80246.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 46/47] subversion: set CVE vendor to Apache X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton There's a Jenkins plugin for Subversion. (From OE-Core rev: ac115c3b5f1dcb95fb7d39537693fe0dcd330451) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-devtools/subversion/subversion_1.12.0.bb --- meta/recipes-devtools/subversion/subversion_1.9.7.bb | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/subversion/subversion_1.9.7.bb b/meta/recipes-devtools/subversion/subversion_1.9.7.bb index 57735f7..0dee5a9 100644 --- a/meta/recipes-devtools/subversion/subversion_1.9.7.bb +++ b/meta/recipes-devtools/subversion/subversion_1.9.7.bb @@ -10,6 +10,8 @@ BBCLASSEXTEND = "native" inherit gettext pkgconfig +CVE_PRODUCT = "apache:subversion" + SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://disable_macos.patch \ file://serf.m4-Regex-modified-to-allow-D-in-paths.patch \ From patchwork Wed Nov 6 15:38:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178732 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp860653ilf; Wed, 6 Nov 2019 08:43:44 -0800 (PST) X-Google-Smtp-Source: APXvYqxb5fxOP60Hovc0xFDMzpTryofrY4DIwCogNfRQyw/pW/oGY+kq8HbYJnSkInHcF7kQWIUC X-Received: by 2002:a17:902:266:: with SMTP id 93mr3516410plc.163.1573058624740; Wed, 06 Nov 2019 08:43:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058624; cv=none; d=google.com; s=arc-20160816; b=vVBbOYK5+hoRYLY5X40/QgNWhBZ6fHifXEXgfa/iMVFXksOreeqNTBmnq685fuNrxi QyGpZGvcTNPmkOfLlMgLKFlqno25Zcqog8dIp3SeRq3qSnJ5ifGglwxuO4l0ltGQJs35 tl4xvrfDK5Be5+RtFGjARH4zqe4dvHqiEkzG2Z6z7Q5cpAvbFW8ImoEeuwpB/80T4oSO f+SqZ0p4DDfrXFNhU/r3/8+WN/6VJ5/d5Uk+si5xc2e9Wd0W6SXCW25lWnlNfVdeEcM0 z8ICCySBJ2c3Xd2qJfwv7GlWkm2tpJ3FnOmlMNPRQjBYYTsSglecxbUoGX3BpDcQ9w7U jhsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=JXiI4JDe/XGFD2VJl3ejfwprMywY7GRqELqWbB7H/xY=; b=0U9JDYtAOiYo5dh4hEj67lFrbo8AlSU+wVigJ846PurDufC1wMpKK5TNSWl0z0tCpT Cqx+hevFTnAiqWXGODu6/DJ9YqTlOYOWof3pjBjVRYjzs91bvh1WJ8wuiLSeIcaxdZT1 BynDjpK6UYT4K/p6utscYPSM30XSfZoQ97Hoos10RQVYaknn7RyGtyiB/ImGakLKo7A3 5UKymN3+ZIQEOQm84uV4qpxpzv6m6DgPil04zGTwSwF2jyT8GBtv3Rop3bN6n6HlM7rx ZXLRh/bY6riob9pIms250WrKfoqMROqZ4QwhO6+LEPoV5tnpy5UMNpaFnpM+ASkK7HQK OKHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Z7esQTGV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id 127si26037717pfa.178.2019.11.06.08.43.44; Wed, 06 Nov 2019 08:43:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=Z7esQTGV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 6C8AD7FBE2; Wed, 6 Nov 2019 16:43:24 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 2BD1F7F890 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HfaIH9iP8XLynAN6LG3gIsiibYhqjNVLIkAOiqv6cZ4=; b=Z7esQTGVLTNnVZXUNE1ksVBo+8 aDiDN29ykNGFCUtL8+iamYJ93DXt5zZWpZP32poFx/1xaeVumI3e5SiteGwpJSUfHumD8WjVUzwlV sBe8IyE5HU0Gkk1uAer6vJT/ulXDckInNa5Nvb6ITCv5pyTIoID+NL1lxOL5/3giuxJOAd8MWwScO r07pl/R/IdpOagH/PO529TnygiEFAgh67qKdcbYFi9fS6E00miJfI0gnnY5/kYwmo4x6c4zqvga92 rJ7QVARFNL5d3CAXUIGr9Thr8IeXX4vJZUHik+uYtTPHJ2V7vOmhuUDFKZ9Xtp1D0ykQVpqnXB9qO yl5w4VsA==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000A7-LE; Wed, 06 Nov 2019 17:38:45 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007bc-Lz; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:38:02 +0200 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(-0.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: a8626b00893a0a27aef30b25a2dc741b5bfc7edd.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 47/47] git: set CVE vendor to git-scm X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton There's a Jenkins plugin for Git. (From OE-Core rev: f2adf5e4d3e9afc6d45665bbe728c69d195a46ef) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-devtools/git/git.inc | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 8603c04..61247d2 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc @@ -15,6 +15,8 @@ S = "${WORKDIR}/git-${PV}" LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" +CVE_PRODUCT = "git-scm:git" + PACKAGECONFIG ??= "" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = ""