From: "Valek, Andrej" <andrej.valek@siemens.com>
To: "openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Cc: "richard.purdie@linuxfoundation.org"
<richard.purdie@linuxfoundation.org>
Subject: Re: [OE-core][PATCH v9 0/3] CVE-check handling
Date: Wed, 19 Jul 2023 10:26:50 +0000 [thread overview]
Message-ID: <38950e1b3bd475c131e7e4b5db03d9d170c8d690.camel@siemens.com> (raw)
In-Reply-To: <20230623111459.97933-2-andrej.valek@siemens.com>
Hello,
I would like to ask, what's the status here?
Regards,
Andrej
On Fri, 2023-06-23 at 13:14 +0200, Andrej Valek wrote:
> After discussion in all parallel threads we proposed following variant which
> covers both expressed requirements to have very small number of different cve
> statuses and also very large number of them at the same time.
> This is a compromise version which maybe is not ideal but deals with
> conflicting responses we got.
>
> Changes compared to version 8:
> - moved CVE_CHECK_STATUSMAP into separated cve-check-map.conf file
> - this will allow to use it without inheriting the cve-check class, like for
> SPDX
>
> Documentation will be updated in separated repository.
>
> meta/classes/cve-check.bbclass | 81 +++-
> meta/conf/bitbake.conf | 1 +
> meta/conf/cve-check-map.conf | 28 ++
> .../distro/include/cve-extra-exclusions.inc | 371 +++++++++---------
> meta/lib/oe/cve_check.py | 25 ++
> meta/lib/oeqa/selftest/cases/cve_check.py | 26 +-
> meta/recipes-bsp/grub/grub2.inc | 6 +-
> meta/recipes-connectivity/avahi/avahi_0.8.bb | 3 +-
> .../recipes-connectivity/bind/bind_9.18.15.bb | 2 +-
> .../bluez5/bluez5_5.66.bb | 4 +-
> .../openssh/openssh_9.3p1.bb | 9 +-
> .../openssl/openssl_3.1.1.bb | 3 +-
> meta/recipes-core/coreutils/coreutils_9.3.bb | 4 +-
> meta/recipes-core/glibc/glibc_2.37.bb | 17 +-
> meta/recipes-core/libxml/libxml2_2.10.4.bb | 4 -
> meta/recipes-core/systemd/systemd_253.3.bb | 3 -
> meta/recipes-devtools/cmake/cmake.inc | 4 +-
> meta/recipes-devtools/flex/flex_2.6.4.bb | 6 +-
> meta/recipes-devtools/gcc/gcc-13.1.inc | 3 +-
> meta/recipes-devtools/git/git_2.39.3.bb | 7 -
> meta/recipes-devtools/jquery/jquery_3.6.3.bb | 5 +-
> meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +-
> .../recipes-devtools/python/python3_3.11.3.bb | 13 +-
> meta/recipes-devtools/qemu/qemu.inc | 13 +-
> meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 -
> meta/recipes-devtools/tcltk/tcl_8.6.13.bb | 4 -
> meta/recipes-extended/cpio/cpio_2.14.bb | 3 +-
> meta/recipes-extended/cups/cups.inc | 17 +-
> .../ghostscript/ghostscript_10.01.1.bb | 3 +-
> .../iputils/iputils_20221126.bb | 5 +-
> .../libtirpc/libtirpc_1.3.3.bb | 3 +-
> .../logrotate/logrotate_3.21.0.bb | 5 +-
> meta/recipes-extended/procps/procps_4.0.3.bb | 4 -
> meta/recipes-extended/shadow/shadow_4.13.bb | 7 +-
> meta/recipes-extended/unzip/unzip_6.0.bb | 3 +-
> .../xinetd/xinetd_2.3.15.4.bb | 2 +-
> meta/recipes-extended/zip/zip_3.0.bb | 7 +-
> .../libnotify/libnotify_0.8.2.bb | 2 +-
> meta/recipes-gnome/librsvg/librsvg_2.56.0.bb | 3 +-
> meta/recipes-graphics/builder/builder_0.1.bb | 3 +-
> .../xorg-xserver/xserver-xorg.inc | 19 +-
> .../linux/cve-exclusion_6.1.inc | 11 +-
> .../libpng/libpng_1.6.39.bb | 3 +-
> meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 10 +-
> .../libgcrypt/libgcrypt_1.10.2.bb | 4 +-
> .../recipes-support/libxslt/libxslt_1.1.38.bb | 4 +-
> meta/recipes-support/lz4/lz4_1.9.4.bb | 3 +-
> meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 7 -
> 48 files changed, 403 insertions(+), 373 deletions(-)
> create mode 100644 meta/conf/cve-check-map.conf
>
next prev parent reply other threads:[~2023-07-19 10:26 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-05 11:18 [OE-core][PATCH] cve-check: add option to add additional patched CVEs Andrej Valek
2023-05-05 11:30 ` Richard Purdie
2023-05-05 11:36 ` Valek, Andrej
2023-05-05 11:59 ` Richard Purdie
2023-05-08 8:57 ` adrian.freihofer
2023-05-09 9:02 ` Ross Burton
2023-05-09 9:16 ` Richard Purdie
2023-05-09 9:32 ` Mikko Rapeli
2023-05-09 21:37 ` Douglas Royds
2023-05-10 6:56 ` Mikko Rapeli
2023-05-09 8:19 ` Michael Opdenacker
2023-05-17 5:41 ` [OE-core][PATCH v2] " Andrej Valek
2023-05-17 11:08 ` Mikko Rapeli
2023-05-19 6:24 ` [OE-core][PATCH v3 1/3] " Andrej Valek
2023-05-19 6:56 ` Mikko Rapeli
2023-05-19 7:44 ` Michael Opdenacker
2023-05-19 13:11 ` Marta Rybczynska
2023-05-20 7:43 ` Valek, Andrej
2023-05-22 7:57 ` Mikko Rapeli
2023-05-23 8:41 ` Valek, Andrej
2023-05-29 7:32 ` Valek, Andrej
2023-05-30 10:12 ` Richard Purdie
2023-06-02 21:10 ` adrian.freihofer
2023-06-02 21:27 ` Richard Purdie
2023-06-04 9:59 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
2023-06-21 7:52 ` Richard Purdie
2023-05-19 6:24 ` [OE-core][PATCH v3 2/3] oeqa/selftest/cve_check: add check for optional "reason" value Andrej Valek
2023-05-19 6:24 ` [OE-core][PATCH v3 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS and CVE_STATUS_REASONING Andrej Valek
2023-05-19 8:18 ` [OE-core][PATCH v4 1/3] cve-check: add option to add additional patched CVEs Andrej Valek
2023-05-19 9:17 ` Mikko Rapeli
2023-05-19 13:09 ` Michael Opdenacker
2023-05-19 13:19 ` Valek, Andrej
2023-05-23 11:39 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
2023-06-12 11:57 ` [OE-core][PATCH v5 0/2] CVE-check handling Andrej Valek
2023-06-12 11:57 ` [OE-core][PATCH v5 1/2] cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-15 12:47 ` Richard Purdie
2023-06-12 11:57 ` [OE-core][dunfell][PATCH 2/2] curl: whitelists CVE-2022-42915, CVE-2022-42916 and CVE-2022-43551 Andrej Valek
2023-06-12 12:01 ` Valek, Andrej
2023-06-12 11:59 ` [OE-core][PATCH v5 2/2] oeqa/selftest/cve_check: add check for opt "detail" and "description" values Andrej Valek
2023-06-20 14:15 ` [OE-core][PATCH v6 0/2] RFC: CVE-check handling Andrej Valek
2023-06-20 14:15 ` [OE-core][PATCH v6 1/2] RFC: cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-21 5:07 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
2023-06-21 6:48 ` [PATCH " Siddharth
2023-06-21 7:55 ` [OE-core][PATCH " Luca Ceresoli
2023-06-20 14:15 ` [OE-core][PATCH v6 2/2] RFC: oeqa/selftest/cve_check: rework test to new cve status handling Andrej Valek
2023-06-22 6:59 ` [OE-core][PATCH v7 0/3] CVE-check handling Andrej Valek
2023-06-22 12:42 ` Luca Ceresoli
2023-06-22 13:50 ` Valek, Andrej
2023-06-22 13:55 ` Luca Ceresoli
2023-06-22 13:59 ` Valek, Andrej
2023-06-22 14:07 ` Valek, Andrej
2023-06-22 16:24 ` Luca Ceresoli
2023-06-22 6:59 ` [OE-core][PATCH v7 1/3] cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-22 6:59 ` [OE-core][PATCH v7 2/3] oeqa/selftest/cve_check: rework test to new cve status handling Andrej Valek
2023-06-22 6:59 ` [OE-core][PATCH v7 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS Andrej Valek
2023-06-22 12:00 ` [OE-core][PATCH v8 0/3] CVE-check handling Andrej Valek
2023-06-22 12:00 ` [OE-core][PATCH v8 1/3] cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-23 10:02 ` Ross Burton
2023-06-23 11:22 ` Valek, Andrej
2023-06-22 12:00 ` [OE-core][PATCH v8 2/3] oeqa/selftest/cve_check: rework test to new cve status handling Andrej Valek
2023-06-22 12:00 ` [OE-core][PATCH v8 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS Andrej Valek
2023-06-23 11:14 ` [OE-core][PATCH v9 0/3] CVE-check handling Andrej Valek
2023-07-19 10:26 ` Valek, Andrej [this message]
2023-07-19 10:54 ` Richard Purdie
2023-07-19 11:16 ` Ross Burton
2023-07-19 12:03 ` Valek, Andrej
2023-07-20 16:41 ` Marta Rybczynska
2023-06-23 11:14 ` [OE-core][PATCH v9 1/3] cve-check: add option to add additional patched CVEs Andrej Valek
2023-06-23 11:14 ` [OE-core][PATCH v9 2/3] oeqa/selftest/cve_check: rework test to new cve status handling Andrej Valek
2023-06-23 11:14 ` [OE-core][PATCH v9 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS Andrej Valek
2023-07-20 7:19 ` [OE-core][PATCH] " Andrej Valek
2023-05-19 8:18 ` [OE-core][PATCH v4 2/3] oeqa/selftest/cve_check: add check for optional "reason" value Andrej Valek
2023-05-19 8:18 ` [OE-core][PATCH v4 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS and CVE_STATUS_REASONING Andrej Valek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=38950e1b3bd475c131e7e4b5db03d9d170c8d690.camel@siemens.com \
--to=andrej.valek@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox