[meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
@ 2021-07-20  8:11 Saloni Jain
  2021-08-11  5:17 ` [oe] " Richard Leitner
  2021-08-23  4:25 ` Saloni Jain
  0 siblings, 2 replies; 4+ messages in thread
From: Saloni Jain @ 2021-07-20  8:11 UTC (permalink / raw)
  To: openembedded-devel, otavio, raj.khem; +Cc: nisha.parrakat, Saloni Jain

From: Saloni Jain <Saloni.Jain@kpit.com>

Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
---
 recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
 
 SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
 
+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
 S = "${WORKDIR}/xerces-2_11_0"
 
 inherit java-library
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [oe] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
  2021-07-20  8:11 [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 Saloni Jain
@ 2021-08-11  5:17 ` Richard Leitner
  2021-08-11 11:00   ` Saloni Jain
  2021-08-23  4:25 ` Saloni Jain
  1 sibling, 1 reply; 4+ messages in thread
From: Richard Leitner @ 2021-08-11  5:17 UTC (permalink / raw)
  To: jainsaloni0918@gmail.com
  Cc: openembedded-devel@lists.openembedded.org,
	otavio@ossystems.com.br, raj.khem@gmail.com,
	nisha.parrakat@kpit.com, Saloni Jain

Hi,
thanks for the patch and sorry for the late reply.
Unfortunately there are some problems with your patch.

Your git author seems to be set up incorrectly. Please set it up
correctly using the following commands before formatting the patch:

	$ git config user.name "John Doe"
	$ git config user.email johndoe@example.com

On Tue, Jul 20, 2021 at 04:11:40AM -0400, Saloni Jain via lists.openembedded.org wrote:
> Whitelisted below CVE:
> CVE-2018-2799:
> CVE only applies to some Oracle Java SE and Red Hat
> Enterprise Linux versions which is already fixed with
> updates and the issue is closed.
> Link: https://access.redhat.com/security/cve/CVE-2018-2799
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542

Furthermore you are missing a Signed-Off-By line here. Please add it.

> ---
>  recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> index 98ef32f..f2a4434 100644
> --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
> +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> @@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
>  
>  SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
>  
> +# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions.
> +# Already fixed with updates and closed.
> +# https://access.redhat.com/security/cve/CVE-2018-2799
> +# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
> +CVE_CHECK_WHITELIST += "CVE-2018-2799"
> +
>  S = "${WORKDIR}/xerces-2_11_0"
>  
>  inherit java-library
> -- 
> 2.17.1

Otherwise the patch seems fine to me. So I'm looking forward to receive
a v2 from you 😉

regards;rl

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [oe] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
  2021-08-11  5:17 ` [oe] " Richard Leitner
@ 2021-08-11 11:00   ` Saloni Jain
  0 siblings, 0 replies; 4+ messages in thread
From: Saloni Jain @ 2021-08-11 11:00 UTC (permalink / raw)
  To: Richard Leitner - SKIDATA; +Cc: openembedded-devel@lists.openembedded.org

[-- Attachment #1: Type: text/plain, Size: 2138 bytes --]

Hello,

Thank you for your reply and appreciate the feedback.
I will fix the mentioned comments and send a v2 for the patch.

Regards,
Saloni Jain

On Wed, 11 Aug 2021 at 01:17, Richard Leitner - SKIDATA <
Richard.Leitner@skidata.com> wrote:

> Hi,
> thanks for the patch and sorry for the late reply.
> Unfortunately there are some problems with your patch.
>
> Your git author seems to be set up incorrectly. Please set it up
> correctly using the following commands before formatting the patch:
>
>         $ git config user.name "John Doe"
>         $ git config user.email johndoe@example.com
>
> On Tue, Jul 20, 2021 at 04:11:40AM -0400, Saloni Jain via
> lists.openembedded.org wrote:
> > Whitelisted below CVE:
> > CVE-2018-2799:
> > CVE only applies to some Oracle Java SE and Red Hat
> > Enterprise Linux versions which is already fixed with
> > updates and the issue is closed.
> > Link: https://access.redhat.com/security/cve/CVE-2018-2799
> > Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542
>
> Furthermore you are missing a Signed-Off-By line here. Please add it.
>
> > ---
> >  recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb
> b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> > index 98ef32f..f2a4434 100644
> > --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
> > +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
> > @@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \
> >
> >  SRC_URI = "
> http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz"
> >
> > +# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux
> versions.
> > +# Already fixed with updates and closed.
> > +# https://access.redhat.com/security/cve/CVE-2018-2799
> > +# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
> > +CVE_CHECK_WHITELIST += "CVE-2018-2799"
> > +
> >  S = "${WORKDIR}/xerces-2_11_0"
> >
> >  inherit java-library
> > --
> > 2.17.1
>
> Otherwise the patch seems fine to me. So I'm looking forward to receive
> a v2 from you 😉
>
> regards;rl

[-- Attachment #2: Type: text/html, Size: 3824 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
  2021-07-20  8:11 [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 Saloni Jain
  2021-08-11  5:17 ` [oe] " Richard Leitner
@ 2021-08-23  4:25 ` Saloni Jain
  1 sibling, 0 replies; 4+ messages in thread
From: Saloni Jain @ 2021-08-23  4:25 UTC (permalink / raw)
  To: openembedded-devel

[-- Attachment #1: Type: text/plain, Size: 147 bytes --]

Hello,

Could anyone please do a review again and confirm if the patch is now okay for integration in upstream branch.

Regards,
Saloni Jain

[-- Attachment #2: Type: text/html, Size: 222 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-08-23  4:25 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-20  8:11 [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 Saloni Jain
2021-08-11  5:17 ` [oe] " Richard Leitner
2021-08-11 11:00   ` Saloni Jain
2021-08-23  4:25 ` Saloni Jain

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.