All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
@ 2020-05-28 14:07 Ralph Siemsen
  2020-05-29 12:34 ` [meta-arm] " Sumit Garg
  0 siblings, 1 reply; 5+ messages in thread
From: Ralph Siemsen @ 2020-05-28 14:07 UTC (permalink / raw)
  To: meta-arm; +Cc: Ralph Siemsen

Yocto cve-check currently produces numerous warnings like:
    WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
    Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
In turn this means that some potential CVEs are not reported.

This occurs because PV has been prefixed with "arm-", to allow for
multiple gcc implementations.

Fix this by setting CVE_VERSION to the non-prefixed version.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
This patch is against master, but should also be applied to dunfell.

 meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
 meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
 meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
 3 files changed, 3 insertions(+)

diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
index c47c320..65fbeff 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
@@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
 
 BASEPV = "8.2"
 PV = "arm-${BASEPV}"
+CVE_VERSION = "${BASEPV}"
 
 MMYY = "19.01"
 RELEASE = "20${MMYY}"
diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
index 65eb0df..3fb87bb 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
@@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
 
 BASEPV = "8.3"
 PV = "arm-${BASEPV}"
+CVE_VERSION = "${BASEPV}"
 
 MMYY = "19.03"
 RELEASE = "20${MMYY}"
diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
index 08e8f7f..08ad796 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
@@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
 # Third digit in PV should be incremented after a minor release
 
 PV = "arm-9.2"
+CVE_VERSION = "9.2"
 
 # BINV should be incremented to a revision after a minor gcc release
 
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
  2020-05-28 14:07 [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings Ralph Siemsen
@ 2020-05-29 12:34 ` Sumit Garg
  2020-05-29 14:28   ` Jon Mason
  0 siblings, 1 reply; 5+ messages in thread
From: Sumit Garg @ 2020-05-29 12:34 UTC (permalink / raw)
  To: Ralph Siemsen; +Cc: meta-arm

On Thu, 28 May 2020 at 19:37, Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
>
> Yocto cve-check currently produces numerous warnings like:
>     WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
>     Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
> In turn this means that some potential CVEs are not reported.
>
> This occurs because PV has been prefixed with "arm-", to allow for
> multiple gcc implementations.
>
> Fix this by setting CVE_VERSION to the non-prefixed version.
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> ---
> This patch is against master, but should also be applied to dunfell.
>
>  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
>  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
>  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
>  3 files changed, 3 insertions(+)
>

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> index c47c320..65fbeff 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
>
>  BASEPV = "8.2"
>  PV = "arm-${BASEPV}"
> +CVE_VERSION = "${BASEPV}"
>
>  MMYY = "19.01"
>  RELEASE = "20${MMYY}"
> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> index 65eb0df..3fb87bb 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
>
>  BASEPV = "8.3"
>  PV = "arm-${BASEPV}"
> +CVE_VERSION = "${BASEPV}"
>
>  MMYY = "19.03"
>  RELEASE = "20${MMYY}"
> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> index 08e8f7f..08ad796 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> @@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
>  # Third digit in PV should be incremented after a minor release
>
>  PV = "arm-9.2"
> +CVE_VERSION = "9.2"
>
>  # BINV should be incremented to a revision after a minor gcc release
>
> --
> 2.17.1
>
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
  2020-05-29 12:34 ` [meta-arm] " Sumit Garg
@ 2020-05-29 14:28   ` Jon Mason
  2020-05-29 18:28     ` Ralph Siemsen
  0 siblings, 1 reply; 5+ messages in thread
From: Jon Mason @ 2020-05-29 14:28 UTC (permalink / raw)
  To: Sumit Garg; +Cc: Ralph Siemsen, meta-arm

On Fri, May 29, 2020 at 06:04:05PM +0530, Sumit Garg wrote:
> On Thu, 28 May 2020 at 19:37, Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
> >
> > Yocto cve-check currently produces numerous warnings like:
> >     WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
> >     Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
> > In turn this means that some potential CVEs are not reported.
> >
> > This occurs because PV has been prefixed with "arm-", to allow for
> > multiple gcc implementations.
> >
> > Fix this by setting CVE_VERSION to the non-prefixed version.
> >
> > Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> > ---
> > This patch is against master, but should also be applied to dunfell.
> >
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
> >  meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
> >  3 files changed, 3 insertions(+)
> >
> 
> Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

Applied to the master branch.

Thanks,
Jon

> 
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > index c47c320..65fbeff 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> >  BASEPV = "8.2"
> >  PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> >  MMYY = "19.01"
> >  RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > index 65eb0df..3fb87bb 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> >  BASEPV = "8.3"
> >  PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> >  MMYY = "19.03"
> >  RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > index 08e8f7f..08ad796 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > @@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >  # Third digit in PV should be incremented after a minor release
> >
> >  PV = "arm-9.2"
> > +CVE_VERSION = "9.2"
> >
> >  # BINV should be incremented to a revision after a minor gcc release
> >
> > --
> > 2.17.1
> >
> > 

> 


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
  2020-05-29 14:28   ` Jon Mason
@ 2020-05-29 18:28     ` Ralph Siemsen
  2020-05-30 21:08       ` Jon Mason
  0 siblings, 1 reply; 5+ messages in thread
From: Ralph Siemsen @ 2020-05-29 18:28 UTC (permalink / raw)
  To: Jon Mason; +Cc: Sumit Garg, meta-arm

[-- Attachment #1: Type: text/plain, Size: 279 bytes --]

Hi Jon,

On Fri, May 29, 2020 at 10:28 AM Jon Mason <jdmason@kudzu.us> wrote:

>
> Applied to the master branch.
>

Great, thank you.

What is the process for applying it to dunfell - should I send another
patch (only the subject line will differ)?

Regards
Ralph

[-- Attachment #2: Type: text/html, Size: 613 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
  2020-05-29 18:28     ` Ralph Siemsen
@ 2020-05-30 21:08       ` Jon Mason
  0 siblings, 0 replies; 5+ messages in thread
From: Jon Mason @ 2020-05-30 21:08 UTC (permalink / raw)
  To: Ralph Siemsen; +Cc: Sumit Garg, meta-arm

On Fri, May 29, 2020 at 02:28:12PM -0400, Ralph Siemsen wrote:
> Hi Jon,
> 
> On Fri, May 29, 2020 at 10:28 AM Jon Mason <jdmason@kudzu.us> wrote:
> 
> >
> > Applied to the master branch.
> >
> 
> Great, thank you.
> 
> What is the process for applying it to dunfell - should I send another
> patch (only the subject line will differ)?

It is sufficient to ask me here :)

Thanks,
Jon

> 
> Regards
> Ralph

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-30 21:08 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-28 14:07 [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings Ralph Siemsen
2020-05-29 12:34 ` [meta-arm] " Sumit Garg
2020-05-29 14:28   ` Jon Mason
2020-05-29 18:28     ` Ralph Siemsen
2020-05-30 21:08       ` Jon Mason

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.