Re: [OE-core][PATCH] cve-check: add option to add additional patched CVEs

Tue, 09 May 2023 01:20:00 -0700 

Hi Andrej,

On 05.05.23 at 13:18, Andrej Valek via lists.openembedded.org wrote:

CVE_CHECK_PATCHED - should contains an additional CVEs which have been
fixed and shouldn't be mark as vulnerable nor ignored.

Signed-off-by: Andrej Valek <[email protected]>
---
  meta/classes/cve-check.bbclass | 8 ++++++++
  1 file changed, 8 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index bd9e7e7445c..957ea0130dc 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -78,6 +78,11 @@ CVE_CHECK_SKIP_RECIPE ?= ""
  #
  CVE_CHECK_IGNORE ?= ""
+# Usually a CVE gets treated as patched when a patch with the name of the CVE 
+# gets applied. Basically this variable should not be used. But if there are
+# other reasons to mark a CVE as patched it can be added to this list.
+CVE_CHECK_PATCHED ?= ""
+
  # Layers to be excluded
  CVE_CHECK_LAYER_EXCLUDELIST ??= ""
@@ -284,6 +289,9 @@ def check_cves(d, patched_cves): cve_ignore = d.getVar("CVE_CHECK_IGNORE").split() + # add additional patched CVEs into existing patched list 
+    patched_cves.update(d.getVar("CVE_CHECK_PATCHED").split())
+
      import sqlite3
      db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
      conn = sqlite3.connect(db_file, uri=True)



Thanks for the patch!
However, we'd need you to add one thing to your git configuration, so that your patches are given an "Author" field which matches your "Signed-off-by" information. See https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Fixing_your_From_identity for details. 

Don't hesitate to send a patch test directly to me, if you wish.
Thanks again,
Michael.

--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181035): 
https://lists.openembedded.org/g/openembedded-core/message/181035
Mute This Topic: https://lists.openembedded.org/mt/98703185/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to