[PATCH v3] python/python3: Whitelist CVE-2019-18348

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v3] python/python3: Whitelist CVE-2019-18348
@ 2019-12-07 23:11 Adrian Bunk
  2019-12-07 23:31 ` ✗ patchtest: failure for python/python3: Whitelist CVE-2019-18348 (rev2) Patchwork
  2019-12-09 15:17 ` [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
  0 siblings, 2 replies; 4+ messages in thread
From: Adrian Bunk @ 2019-12-07 23:11 UTC (permalink / raw)
  To: openembedded-core

This is not exploitable when glibc has CVE-2016-10739 fixed,
which is fixed in the upstream version since warrior.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
 meta/recipes-devtools/python/python.inc       | 3 +++
 meta/recipes-devtools/python/python3_3.7.5.bb | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 110ec315d9..19a2f3e743 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -29,6 +29,9 @@ CVE_CHECK_WHITELIST += "CVE-2017-18207"
 # of Python that cannot really be altered at this point."
 CVE_CHECK_WHITELIST += "CVE-2015-5652"
 
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
 PYTHON_MAJMIN = "2.7"
 
 inherit autotools pkgconfig
diff --git a/meta/recipes-devtools/python/python3_3.7.5.bb b/meta/recipes-devtools/python/python3_3.7.5.bb
index 57eaaea5e7..da991f5139 100644
--- a/meta/recipes-devtools/python/python3_3.7.5.bb
+++ b/meta/recipes-devtools/python/python3_3.7.5.bb
@@ -47,6 +47,9 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
 
 CVE_PRODUCT = "python"
 
+# This is not exploitable when glibc has CVE-2016-10739 fixed.
+CVE_CHECK_WHITELIST += "CVE-2019-18348"
+
 PYTHON_MAJMIN = "3.7"
 PYTHON_BINABI = "${PYTHON_MAJMIN}m"
 
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* ✗ patchtest: failure for python/python3: Whitelist CVE-2019-18348 (rev2)
  2019-12-07 23:11 [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
@ 2019-12-07 23:31 ` Patchwork
  2019-12-09 15:17 ` [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
  1 sibling, 0 replies; 4+ messages in thread
From: Patchwork @ 2019-12-07 23:31 UTC (permalink / raw)
  To: Adrian Bunk; +Cc: openembedded-core

== Series Details ==

Series: python/python3: Whitelist CVE-2019-18348 (rev2)
Revision: 2
URL   : https://patchwork.openembedded.org/series/21497/
State : failure

== Summary ==

Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:

* Issue             Series does not apply on top of target branch [test_series_merge_on_head] 
  Suggested fix    Rebase your series on top of targeted branch
  Targeted branch  master (currently at d40853b10d)

If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v3] python/python3: Whitelist CVE-2019-18348
  2019-12-07 23:11 [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
  2019-12-07 23:31 ` ✗ patchtest: failure for python/python3: Whitelist CVE-2019-18348 (rev2) Patchwork
@ 2019-12-09 15:17 ` Adrian Bunk
  2019-12-10  0:00   ` Ross Burton
  1 sibling, 1 reply; 4+ messages in thread
From: Adrian Bunk @ 2019-12-09 15:17 UTC (permalink / raw)
  To: openembedded-core, Richard Purdie

Please apply, v2 was already on master-next at some point but this 
change has some trivial context overlap with the Python 3.7->3.8
upgrade so v2 was dropped when 3.8 was dropped.

Thanks
Adrian


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v3] python/python3: Whitelist CVE-2019-18348
  2019-12-09 15:17 ` [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
@ 2019-12-10  0:00   ` Ross Burton
  0 siblings, 0 replies; 4+ messages in thread
From: Ross Burton @ 2019-12-10  0:00 UTC (permalink / raw)
  To: openembedded-core

On 09/12/2019 15:17, Adrian Bunk wrote:
> Please apply, v2 was already on master-next at some point but this
> change has some trivial context overlap with the Python 3.7->3.8
> upgrade so v2 was dropped when 3.8 was dropped.

Rebased this morning and queued again in ross/mut.

Ross


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-12-10  0:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-07 23:11 [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
2019-12-07 23:31 ` ✗ patchtest: failure for python/python3: Whitelist CVE-2019-18348 (rev2) Patchwork
2019-12-09 15:17 ` [PATCH v3] python/python3: Whitelist CVE-2019-18348 Adrian Bunk
2019-12-10  0:00   ` Ross Burton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.