RE: CVE patch updates - Monsees, Steven C (US)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Monsees, Steven C (US)" <steven.monsees@baesystems.com>
To: "yocto@lists.yoctoproject.org" <yocto@lists.yoctoproject.org>
Subject: RE: CVE patch updates
Date: Thu, 24 Mar 2022 18:00:13 +0000	[thread overview]
Message-ID: <20220324180120.0867AC433F5@smtp.lore.kernel.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 7294 bytes --]


When building in cve-check to see what is reported, it generated all blank/empty report files...
Can someone explain this ?, my local.conf does have the proper modification (INHERIT += "cve-check").


10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full
Parsing recipes: 100% |#############################################################################################| Time: 0:01:07
Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION           = "1.44.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "rhel-7.9"
TARGET_SYS           = "x86_64-poky-linux"
MACHINE              = "sbca-default"
DISTRO               = "limws"
DISTRO_VERSION       = "3.0.4"
TUNE_FEATURES        = "m64 corei7"
TARGET_FPU           = ""
meta
meta-poky            = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"
meta-perl
meta-python
meta-filesystems
meta-networking
meta-initramfs
meta-oe              = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"
meta-virtualization  = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"
meta                 = "master:a32ddd2b2a51b26c011fa50e441df39304651503"
meta-clang           = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"
meta-intel           = "zeus:d9942d4c3a710406b051852de7232db03c297f4e"
meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"

Initialising tasks: 100% |##########################################################################################| Time: 0:00:04
Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02
Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete)
NOTE: Executing Tasks
NOTE: Setscene tasks completed
Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.


13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>


13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l
total 0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>


From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@lists.yoctoproject.org
Subject: CVE patch updates



I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

Is there a yocto page somewhere that goes over this side of things ?,
I did not see much in the mega-manual... I am running on zeus based platforms (for both armarch64 and x86_64).

Thanks,
Steve

[-- Attachment #2: Type: text/html, Size: 19150 bytes --]

next             reply	other threads:[~2022-03-24 18:01 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-24 18:00 Monsees, Steven C (US) [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-03-24 16:56 CVE patch updates Monsees, Steven C (US)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220324180120.0867AC433F5@smtp.lore.kernel.org \
    --to=steven.monsees@baesystems.com \
    --cc=yocto@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.