Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings

From: "Jon Mason" <jdmason@kudzu.us>
To: Sumit Garg <sumit.garg@linaro.org>
Cc: Ralph Siemsen <ralph.siemsen@linaro.org>,
	meta-arm@lists.yoctoproject.org
Subject: Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
Date: Fri, 29 May 2020 10:28:31 -0400	[thread overview]
Message-ID: <20200529142830.GA20456@kudzu.us> (raw)
In-Reply-To: <CAFA6WYO4c3rHboqfppR+-h_Cjy7trTypfYm7Bikf6hVMy-jJUw@mail.gmail.com>

On Fri, May 29, 2020 at 06:04:05PM +0530, Sumit Garg wrote:
> On Thu, 28 May 2020 at 19:37, Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
> >
> > Yocto cve-check currently produces numerous warnings like:
> >     WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
> >     Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
> > In turn this means that some potential CVEs are not reported.
> >
> > This occurs because PV has been prefixed with "arm-", to allow for
> > multiple gcc implementations.
> >
> > Fix this by setting CVE_VERSION to the non-prefixed version.
> >
> > Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> > ---
> > This patch is against master, but should also be applied to dunfell.
> >
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
> >  3 files changed, 3 insertions(+)
> >
> 
> Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

Applied to the master branch.

Thanks,
Jon

> 
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > index c47c320..65fbeff 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> >  BASEPV = "8.2"
> >  PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> >  MMYY = "19.01"
> >  RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > index 65eb0df..3fb87bb 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> >  BASEPV = "8.3"
> >  PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> >  MMYY = "19.03"
> >  RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > index 08e8f7f..08ad796 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > @@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >  # Third digit in PV should be incremented after a minor release
> >
> >  PV = "arm-9.2"
> > +CVE_VERSION = "9.2"
> >
> >  # BINV should be incremented to a revision after a minor gcc release
> >
> > --
> > 2.17.1
> >
> > 

> 