Re: [OE-core][PATCH v9 0/3] CVE-check handling
On Wed, Jul 19, 2023 at 2:03 PM Andrej Valek via lists.openembedded.org wrote: > Even better, > > So I will make one more rebase, just for "[OE-core][PATCH v9 3/3] > cve_check: > convert CVE_CHECK_IGNORE to CVE_STATUS" > > This version looks best from all I've seen. Let's get it in in this version. I'll have a pachset to fix a few issues after we get multiple fetchers in. I *think* I will be able to use it with multi-fetchers. Kind regards, Marta -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184650): https://lists.openembedded.org/g/openembedded-core/message/184650 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH v9 0/3] CVE-check handling
Even better, So I will make one more rebase, just for "[OE-core][PATCH v9 3/3] cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS" Regards, Andrej On Wed, 2023-07-19 at 11:16 +, Ross Burton wrote: > On 19 Jul 2023, at 11:54, Richard Purdie > wrote: > > > > On Wed, 2023-07-19 at 10:26 +, Valek, Andrej wrote: > > > Hello, > > > > > > I would like to ask, what's the status here? > > > > I've asked for some people to help review it and I'm waiting on their > > feedback. FWIW they did promise "this morning" yesterday so they have > > around 6 minutes! > > I suspect I was that person :). I have no major objections to the patch now. > > Cheers, > Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184580): https://lists.openembedded.org/g/openembedded-core/message/184580 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH v9 0/3] CVE-check handling
On 19 Jul 2023, at 11:54, Richard Purdie wrote: > > On Wed, 2023-07-19 at 10:26 +, Valek, Andrej wrote: >> Hello, >> >> I would like to ask, what's the status here? > > I've asked for some people to help review it and I'm waiting on their > feedback. FWIW they did promise "this morning" yesterday so they have > around 6 minutes! I suspect I was that person :). I have no major objections to the patch now. Cheers, Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184578): https://lists.openembedded.org/g/openembedded-core/message/184578 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH v9 0/3] CVE-check handling
On Wed, 2023-07-19 at 10:26 +, Valek, Andrej wrote: > Hello, > > I would like to ask, what's the status here? I've asked for some people to help review it and I'm waiting on their feedback. FWIW they did promise "this morning" yesterday so they have around 6 minutes! Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184577): https://lists.openembedded.org/g/openembedded-core/message/184577 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH v9 0/3] CVE-check handling
Hello, I would like to ask, what's the status here? Regards, Andrej On Fri, 2023-06-23 at 13:14 +0200, Andrej Valek wrote: > After discussion in all parallel threads we proposed following variant which > covers both expressed requirements to have very small number of different cve > statuses and also very large number of them at the same time. > This is a compromise version which maybe is not ideal but deals with > conflicting responses we got. > > Changes compared to version 8: > - moved CVE_CHECK_STATUSMAP into separated cve-check-map.conf file > - this will allow to use it without inheriting the cve-check class, like for > SPDX > > Documentation will be updated in separated repository. > > meta/classes/cve-check.bbclass | 81 +++- > meta/conf/bitbake.conf | 1 + > meta/conf/cve-check-map.conf | 28 ++ > .../distro/include/cve-extra-exclusions.inc | 371 +- > meta/lib/oe/cve_check.py | 25 ++ > meta/lib/oeqa/selftest/cases/cve_check.py | 26 +- > meta/recipes-bsp/grub/grub2.inc | 6 +- > meta/recipes-connectivity/avahi/avahi_0.8.bb | 3 +- > .../recipes-connectivity/bind/bind_9.18.15.bb | 2 +- > .../bluez5/bluez5_5.66.bb | 4 +- > .../openssh/openssh_9.3p1.bb | 9 +- > .../openssl/openssl_3.1.1.bb | 3 +- > meta/recipes-core/coreutils/coreutils_9.3.bb | 4 +- > meta/recipes-core/glibc/glibc_2.37.bb | 17 +- > meta/recipes-core/libxml/libxml2_2.10.4.bb | 4 - > meta/recipes-core/systemd/systemd_253.3.bb | 3 - > meta/recipes-devtools/cmake/cmake.inc | 4 +- > meta/recipes-devtools/flex/flex_2.6.4.bb | 6 +- > meta/recipes-devtools/gcc/gcc-13.1.inc | 3 +- > meta/recipes-devtools/git/git_2.39.3.bb | 7 - > meta/recipes-devtools/jquery/jquery_3.6.3.bb | 5 +- > meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +- > .../recipes-devtools/python/python3_3.11.3.bb | 13 +- > meta/recipes-devtools/qemu/qemu.inc | 13 +- > meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 - > meta/recipes-devtools/tcltk/tcl_8.6.13.bb | 4 - > meta/recipes-extended/cpio/cpio_2.14.bb | 3 +- > meta/recipes-extended/cups/cups.inc | 17 +- > .../ghostscript/ghostscript_10.01.1.bb | 3 +- > .../iputils/iputils_20221126.bb | 5 +- > .../libtirpc/libtirpc_1.3.3.bb | 3 +- > .../logrotate/logrotate_3.21.0.bb | 5 +- > meta/recipes-extended/procps/procps_4.0.3.bb | 4 - > meta/recipes-extended/shadow/shadow_4.13.bb | 7 +- > meta/recipes-extended/unzip/unzip_6.0.bb | 3 +- > .../xinetd/xinetd_2.3.15.4.bb | 2 +- > meta/recipes-extended/zip/zip_3.0.bb | 7 +- > .../libnotify/libnotify_0.8.2.bb | 2 +- > meta/recipes-gnome/librsvg/librsvg_2.56.0.bb | 3 +- > meta/recipes-graphics/builder/builder_0.1.bb | 3 +- > .../xorg-xserver/xserver-xorg.inc | 19 +- > .../linux/cve-exclusion_6.1.inc | 11 +- > .../libpng/libpng_1.6.39.bb | 3 +- > meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 10 +- > .../libgcrypt/libgcrypt_1.10.2.bb | 4 +- > .../recipes-support/libxslt/libxslt_1.1.38.bb | 4 +- > meta/recipes-support/lz4/lz4_1.9.4.bb | 3 +- > meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 7 - > 48 files changed, 403 insertions(+), 373 deletions(-) > create mode 100644 meta/conf/cve-check-map.conf > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184575): https://lists.openembedded.org/g/openembedded-core/message/184575 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH v9 0/3] CVE-check handling
After discussion in all parallel threads we proposed following variant which covers both expressed requirements to have very small number of different cve statuses and also very large number of them at the same time. This is a compromise version which maybe is not ideal but deals with conflicting responses we got. Changes compared to version 8: - moved CVE_CHECK_STATUSMAP into separated cve-check-map.conf file - this will allow to use it without inheriting the cve-check class, like for SPDX Documentation will be updated in separated repository. meta/classes/cve-check.bbclass| 81 +++- meta/conf/bitbake.conf| 1 + meta/conf/cve-check-map.conf | 28 ++ .../distro/include/cve-extra-exclusions.inc | 371 +- meta/lib/oe/cve_check.py | 25 ++ meta/lib/oeqa/selftest/cases/cve_check.py | 26 +- meta/recipes-bsp/grub/grub2.inc | 6 +- meta/recipes-connectivity/avahi/avahi_0.8.bb | 3 +- .../recipes-connectivity/bind/bind_9.18.15.bb | 2 +- .../bluez5/bluez5_5.66.bb | 4 +- .../openssh/openssh_9.3p1.bb | 9 +- .../openssl/openssl_3.1.1.bb | 3 +- meta/recipes-core/coreutils/coreutils_9.3.bb | 4 +- meta/recipes-core/glibc/glibc_2.37.bb | 17 +- meta/recipes-core/libxml/libxml2_2.10.4.bb| 4 - meta/recipes-core/systemd/systemd_253.3.bb| 3 - meta/recipes-devtools/cmake/cmake.inc | 4 +- meta/recipes-devtools/flex/flex_2.6.4.bb | 6 +- meta/recipes-devtools/gcc/gcc-13.1.inc| 3 +- meta/recipes-devtools/git/git_2.39.3.bb | 7 - meta/recipes-devtools/jquery/jquery_3.6.3.bb | 5 +- meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +- .../recipes-devtools/python/python3_3.11.3.bb | 13 +- meta/recipes-devtools/qemu/qemu.inc | 13 +- meta/recipes-devtools/rsync/rsync_3.2.7.bb| 3 - meta/recipes-devtools/tcltk/tcl_8.6.13.bb | 4 - meta/recipes-extended/cpio/cpio_2.14.bb | 3 +- meta/recipes-extended/cups/cups.inc | 17 +- .../ghostscript/ghostscript_10.01.1.bb| 3 +- .../iputils/iputils_20221126.bb | 5 +- .../libtirpc/libtirpc_1.3.3.bb| 3 +- .../logrotate/logrotate_3.21.0.bb | 5 +- meta/recipes-extended/procps/procps_4.0.3.bb | 4 - meta/recipes-extended/shadow/shadow_4.13.bb | 7 +- meta/recipes-extended/unzip/unzip_6.0.bb | 3 +- .../xinetd/xinetd_2.3.15.4.bb | 2 +- meta/recipes-extended/zip/zip_3.0.bb | 7 +- .../libnotify/libnotify_0.8.2.bb | 2 +- meta/recipes-gnome/librsvg/librsvg_2.56.0.bb | 3 +- meta/recipes-graphics/builder/builder_0.1.bb | 3 +- .../xorg-xserver/xserver-xorg.inc | 19 +- .../linux/cve-exclusion_6.1.inc | 11 +- .../libpng/libpng_1.6.39.bb | 3 +- meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 10 +- .../libgcrypt/libgcrypt_1.10.2.bb | 4 +- .../recipes-support/libxslt/libxslt_1.1.38.bb | 4 +- meta/recipes-support/lz4/lz4_1.9.4.bb | 3 +- meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 7 - 48 files changed, 403 insertions(+), 373 deletions(-) create mode 100644 meta/conf/cve-check-map.conf -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183321): https://lists.openembedded.org/g/openembedded-core/message/183321 Mute This Topic: https://lists.openembedded.org/mt/99716038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-