[yocto] [meta-security][PATCH] *.patch: fix CVE and Signed-off-by tag
2023-07-02
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org
From: Sanjay Chitroda * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Missing Signed-off-by tag (./recipes-scanners/clamav/files/oe_cmake_fixup.patch) Missing CVE tag (./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch) Signed-off-by: Sanjay Chitroda --- recipes-scanners/clamav/files/oe_cmake_fixup.patch| 2 +- .../ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch b/recipes-scanners/clamav/files/oe_cmake_fixup.patch index c9c88b9..692be72 100644 --- a/recipes-scanners/clamav/files/oe_cmake_fixup.patch +++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch @@ -3,7 +3,7 @@ Issue with rpath including /usr/lib and crosscompile checkes causing oe configur Use oe's cmake rpath framework and exclude some of the cmake checks that fail in our env Upstream-Status: Inappropriate [configuration] -Singed-off-by: Armin Kuster +Signed-off-by: Armin Kuster Index: git/CMakeLists.txt === diff --git a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch index a457d79..02105f5 100644 --- a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch +++ b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch @@ -14,9 +14,11 @@ the patch comes from: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6224 https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882 -Upstream-Status: Backport +CVE: CVE-2016-6224 +Upstream-Status: Backport [https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882] Signed-off-by: Li Zhou +Signed-off-by: Sanjay Chitroda --- ChangeLog | 9 + src/utils/ecryptfs-setup-swap | 10 -- -- 2.35.6 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60489): https://lists.yoctoproject.org/g/yocto/message/60489 Mute This Topic: https://lists.yoctoproject.org/mt/99913307/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
2023-05-30
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org
Hi all, Any update/comment ? Thanks, Sanjay -Original Message- From: Sanjay Chitroda Sent: Monday, May 15, 2023 6:45 PM To: yocto@lists.yoctoproject.org Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda --- recipes-security/selinux/selinux_common.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index 383f62d..cd51a86 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -15,3 +15,5 @@ do_install() { SHLIBDIR="${base_libdir}" \ SYSTEMDDIR="${systemd_unitdir}" } + +CVE_PRODUCT ?= "kernel:selinux" -- 2.35.6 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60145): https://lists.yoctoproject.org/g/yocto/message/60145 Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
2023-05-26
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org
Hi all, Any update/comment ? Thanks, Sanjay -Original Message- From: Sanjay Chitroda Sent: Friday, May 12, 2023 7:12 PM To: yocto@lists.yoctoproject.org Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda --- recipes-security/selinux/selinux_common.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index 383f62d..cd51a86 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -15,3 +15,5 @@ do_install() { SHLIBDIR="${base_libdir}" \ SYSTEMDDIR="${systemd_unitdir}" } + +CVE_PRODUCT ?= "kernel:selinux" -- 2.35.6 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60131): https://lists.yoctoproject.org/g/yocto/message/60131 Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
2023-05-15
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org
The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda --- recipes-security/selinux/selinux_common.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index 383f62d..cd51a86 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -15,3 +15,5 @@ do_install() { SHLIBDIR="${base_libdir}" \ SYSTEMDDIR="${systemd_unitdir}" } + +CVE_PRODUCT ?= "kernel:selinux" -- 2.35.6 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60028): https://lists.yoctoproject.org/g/yocto/message/60028 Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [dunfell][PATCH] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
2023-05-15
Thread
Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org
From: Alex Kiernan The CVE product name for PyPI packages is (usually) the same as the PyPI package name (and not our recipe name), so use that as the default. Signed-off-by: Alex Kiernan Signed-off-by: Alex Kiernan Signed-off-by: Richard Purdie (cherry picked from commit 61f6b0ad09bf87cdc2d3f08770b7c44cad1d0e58) Signed-off-by: Sanjay Chitroda --- meta/classes/pypi.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass index 87b4c85fc0..c68367449a 100644 --- a/meta/classes/pypi.bbclass +++ b/meta/classes/pypi.bbclass @@ -24,3 +24,5 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}" UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/; UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)/" + +CVE_PRODUCT ?= "python:${PYPI_PACKAGE}" -- 2.35.6 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#60025): https://lists.yoctoproject.org/g/yocto/message/60025 Mute This Topic: https://lists.yoctoproject.org/mt/98900696/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-