[yocto] [meta-security][PATCH] *.patch: fix CVE and Signed-off-by tag

2023-07-02 Thread Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org 
From: Sanjay Chitroda 

* as reported by openembedded-core/scripts/contrib/patchreview.py -v .

Missing Signed-off-by tag (./recipes-scanners/clamav/files/oe_cmake_fixup.patch)
Missing CVE tag 
(./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch)

Signed-off-by: Sanjay Chitroda 
---
 recipes-scanners/clamav/files/oe_cmake_fixup.patch| 2 +-
 .../ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch   | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/recipes-scanners/clamav/files/oe_cmake_fixup.patch 
b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
index c9c88b9..692be72 100644
--- a/recipes-scanners/clamav/files/oe_cmake_fixup.patch
+++ b/recipes-scanners/clamav/files/oe_cmake_fixup.patch
@@ -3,7 +3,7 @@ Issue with rpath including /usr/lib and crosscompile checkes 
causing oe configur
 Use oe's cmake rpath framework and exclude some of the cmake checks that fail 
in our env
 
 Upstream-Status: Inappropriate [configuration]
-Singed-off-by: Armin Kuster 
+Signed-off-by: Armin Kuster 
 
 Index: git/CMakeLists.txt
 ===
diff --git 
a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch 
b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
index a457d79..02105f5 100644
--- a/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
+++ b/recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
@@ -14,9 +14,11 @@ the patch comes from:
 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6224
 https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
 
-Upstream-Status: Backport
+CVE: CVE-2016-6224
+Upstream-Status: Backport 
[https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882]
 
 Signed-off-by: Li Zhou 
+Signed-off-by: Sanjay Chitroda 
 ---
  ChangeLog |  9 +
  src/utils/ecryptfs-setup-swap | 10 --
-- 
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60489): https://lists.yoctoproject.org/g/yocto/message/60489
Mute This Topic: https://lists.yoctoproject.org/mt/99913307/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT

2023-05-30 Thread Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org 
Hi all,

Any update/comment ?

Thanks,
Sanjay

-Original Message-
From: Sanjay Chitroda  
Sent: Monday, May 15, 2023 6:45 PM
To: yocto@lists.yoctoproject.org
Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 

Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT

The CVE product name for selinux-* package is (usually) the selinux (and not 
our recipe name), so use selinux as the default.

See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html

"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE database differ 
from yocto recipe names. This series fixes several of those name mapping 
problems by setting the CVE_PRODUCT correctly in the recipes. To check this 
mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to 
buildhistory for recipes and packages."

Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux

Signed-off-by: Sanjay Chitroda 
---
 recipes-security/selinux/selinux_common.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/selinux/selinux_common.inc 
b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
 SHLIBDIR="${base_libdir}" \
 SYSTEMDDIR="${systemd_unitdir}"
 }
+
+CVE_PRODUCT ?= "kernel:selinux"
--
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60145): https://lists.yoctoproject.org/g/yocto/message/60145
Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT

2023-05-26 Thread Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org 
Hi all,

Any update/comment ?

Thanks,
Sanjay

-Original Message-
From: Sanjay Chitroda  
Sent: Friday, May 12, 2023 7:12 PM
To: yocto@lists.yoctoproject.org
Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 

Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT

The CVE product name for selinux-* package is (usually) the selinux (and not 
our recipe name), so use selinux as the default.

See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html

"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE database differ 
from yocto recipe names. This series fixes several of those name mapping 
problems by setting the CVE_PRODUCT correctly in the recipes. To check this 
mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to 
buildhistory for recipes and packages."

Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux

Signed-off-by: Sanjay Chitroda 
---
 recipes-security/selinux/selinux_common.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/selinux/selinux_common.inc 
b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
 SHLIBDIR="${base_libdir}" \
 SYSTEMDDIR="${systemd_unitdir}"
 }
+
+CVE_PRODUCT ?= "kernel:selinux"
--
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60131): https://lists.yoctoproject.org/g/yocto/message/60131
Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [meta-selinux][PATCH] selinux: Set CVE_PRODUCT

2023-05-15 Thread Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org 
The CVE product name for selinux-* package is (usually) the selinux
(and not our recipe name), so use selinux as the default.

See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html

"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."

Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview_type=all_product=cpe%3A%2F%3Akernel%3Aselinux

Signed-off-by: Sanjay Chitroda 
---
 recipes-security/selinux/selinux_common.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/selinux/selinux_common.inc 
b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
 SHLIBDIR="${base_libdir}" \
 SYSTEMDDIR="${systemd_unitdir}"
 }
+
+CVE_PRODUCT ?= "kernel:selinux"
-- 
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60028): https://lists.yoctoproject.org/g/yocto/message/60028
Mute This Topic: https://lists.yoctoproject.org/mt/98902885/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] [dunfell][PATCH] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE

2023-05-15 Thread Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.yoctoproject.org 
From: Alex Kiernan 

The CVE product name for PyPI packages is (usually) the same as the PyPI
package name (and not our recipe name), so use that as the default.

Signed-off-by: Alex Kiernan 
Signed-off-by: Alex Kiernan 
Signed-off-by: Richard Purdie 
(cherry picked from commit 61f6b0ad09bf87cdc2d3f08770b7c44cad1d0e58)
Signed-off-by: Sanjay Chitroda 
---
 meta/classes/pypi.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index 87b4c85fc0..c68367449a 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -24,3 +24,5 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 
 UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/;
 UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)/"
+
+CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
-- 
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#60025): https://lists.yoctoproject.org/g/yocto/message/60025
Mute This Topic: https://lists.yoctoproject.org/mt/98900696/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-