RE: CVE patch updates

RE: CVE patch updates

[Monsees, Steven C (US)]

[-- Attachment #1: Type: text/plain, Size: 7294 bytes --]


When building in cve-check to see what is reported, it generated all blank/empty report files...
Can someone explain this ?, my local.conf does have the proper modification (INHERIT += "cve-check").


10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full
Parsing recipes: 100% |#############################################################################################| Time: 0:01:07
Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION           = "1.44.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "rhel-7.9"
TARGET_SYS           = "x86_64-poky-linux"
MACHINE              = "sbca-default"
DISTRO               = "limws"
DISTRO_VERSION       = "3.0.4"
TUNE_FEATURES        = "m64 corei7"
TARGET_FPU           = ""
meta
meta-poky            = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"
meta-perl
meta-python
meta-filesystems
meta-networking
meta-initramfs
meta-oe              = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"
meta-virtualization  = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"
meta                 = "master:a32ddd2b2a51b26c011fa50e441df39304651503"
meta-clang           = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"
meta-intel           = "zeus:d9942d4c3a710406b051852de7232db03c297f4e"
meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"

Initialising tasks: 100% |##########################################################################################| Time: 0:00:04
Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02
Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete)
NOTE: Executing Tasks
NOTE: Setscene tasks completed
Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.


13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>


13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l
total 0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>


From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@lists.yoctoproject.org
Subject: CVE patch updates



I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

Is there a yocto page somewhere that goes over this side of things ?,
I did not see much in the mega-manual... I am running on zeus based platforms (for both armarch64 and x86_64).

Thanks,
Steve

[-- Attachment #2: Type: text/html, Size: 19150 bytes --]

CVE patch updates

[Monsees, Steven C (US)]

[-- Attachment #1: Type: text/plain, Size: 346 bytes --]



I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

Is there a yocto page somewhere that goes over this side of things ?,
I did not see much in the mega-manual... I am running on zeus based platforms (for both armarch64 and x86_64).

Thanks,
Steve

[-- Attachment #2: Type: text/html, Size: 2314 bytes --]