* [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
@ 2020-05-28 14:07 Ralph Siemsen
2020-05-29 12:34 ` [meta-arm] " Sumit Garg
0 siblings, 1 reply; 5+ messages in thread
From: Ralph Siemsen @ 2020-05-28 14:07 UTC (permalink / raw)
To: meta-arm; +Cc: Ralph Siemsen
Yocto cve-check currently produces numerous warnings like:
WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
In turn this means that some potential CVEs are not reported.
This occurs because PV has been prefixed with "arm-", to allow for
multiple gcc implementations.
Fix this by setting CVE_VERSION to the non-prefixed version.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
This patch is against master, but should also be applied to dunfell.
meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
3 files changed, 3 insertions(+)
diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
index c47c320..65fbeff 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
@@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
BASEPV = "8.2"
PV = "arm-${BASEPV}"
+CVE_VERSION = "${BASEPV}"
MMYY = "19.01"
RELEASE = "20${MMYY}"
diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
index 65eb0df..3fb87bb 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
@@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
BASEPV = "8.3"
PV = "arm-${BASEPV}"
+CVE_VERSION = "${BASEPV}"
MMYY = "19.03"
RELEASE = "20${MMYY}"
diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
index 08e8f7f..08ad796 100644
--- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
+++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
@@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
# Third digit in PV should be incremented after a minor release
PV = "arm-9.2"
+CVE_VERSION = "9.2"
# BINV should be incremented to a revision after a minor gcc release
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
2020-05-28 14:07 [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings Ralph Siemsen
@ 2020-05-29 12:34 ` Sumit Garg
2020-05-29 14:28 ` Jon Mason
0 siblings, 1 reply; 5+ messages in thread
From: Sumit Garg @ 2020-05-29 12:34 UTC (permalink / raw)
To: Ralph Siemsen; +Cc: meta-arm
On Thu, 28 May 2020 at 19:37, Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
>
> Yocto cve-check currently produces numerous warnings like:
> WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
> Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
> In turn this means that some potential CVEs are not reported.
>
> This occurs because PV has been prefixed with "arm-", to allow for
> multiple gcc implementations.
>
> Fix this by setting CVE_VERSION to the non-prefixed version.
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> ---
> This patch is against master, but should also be applied to dunfell.
>
> meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
> meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
> meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
> 3 files changed, 3 insertions(+)
>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> index c47c320..65fbeff 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
>
> BASEPV = "8.2"
> PV = "arm-${BASEPV}"
> +CVE_VERSION = "${BASEPV}"
>
> MMYY = "19.01"
> RELEASE = "20${MMYY}"
> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> index 65eb0df..3fb87bb 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
>
> BASEPV = "8.3"
> PV = "arm-${BASEPV}"
> +CVE_VERSION = "${BASEPV}"
>
> MMYY = "19.03"
> RELEASE = "20${MMYY}"
> diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> index 08e8f7f..08ad796 100644
> --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> @@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
> # Third digit in PV should be incremented after a minor release
>
> PV = "arm-9.2"
> +CVE_VERSION = "9.2"
>
> # BINV should be incremented to a revision after a minor gcc release
>
> --
> 2.17.1
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
2020-05-29 12:34 ` [meta-arm] " Sumit Garg
@ 2020-05-29 14:28 ` Jon Mason
2020-05-29 18:28 ` Ralph Siemsen
0 siblings, 1 reply; 5+ messages in thread
From: Jon Mason @ 2020-05-29 14:28 UTC (permalink / raw)
To: Sumit Garg; +Cc: Ralph Siemsen, meta-arm
On Fri, May 29, 2020 at 06:04:05PM +0530, Sumit Garg wrote:
> On Thu, 28 May 2020 at 19:37, Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
> >
> > Yocto cve-check currently produces numerous warnings like:
> > WARNING: gcc-cross-arm-arm-8.3-r2019.03 do_cve_check: gcc:
> > Failed to compare arm-8.3 < 10.0 for CVE-2019-15847
> > In turn this means that some potential CVEs are not reported.
> >
> > This occurs because PV has been prefixed with "arm-", to allow for
> > multiple gcc implementations.
> >
> > Fix this by setting CVE_VERSION to the non-prefixed version.
> >
> > Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
> > ---
> > This patch is against master, but should also be applied to dunfell.
> >
> > meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 1 +
> > meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 1 +
> > meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 1 +
> > 3 files changed, 3 insertions(+)
> >
>
> Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Applied to the master branch.
Thanks,
Jon
>
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > index c47c320..65fbeff 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> > BASEPV = "8.2"
> > PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> > MMYY = "19.01"
> > RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > index 65eb0df..3fb87bb 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc
> > @@ -2,6 +2,7 @@ require recipes-devtools/gcc/gcc-common.inc
> >
> > BASEPV = "8.3"
> > PV = "arm-${BASEPV}"
> > +CVE_VERSION = "${BASEPV}"
> >
> > MMYY = "19.03"
> > RELEASE = "20${MMYY}"
> > diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > index 08e8f7f..08ad796 100644
> > --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc
> > @@ -3,6 +3,7 @@ require recipes-devtools/gcc/gcc-common.inc
> > # Third digit in PV should be incremented after a minor release
> >
> > PV = "arm-9.2"
> > +CVE_VERSION = "9.2"
> >
> > # BINV should be incremented to a revision after a minor gcc release
> >
> > --
> > 2.17.1
> >
> >
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
2020-05-29 14:28 ` Jon Mason
@ 2020-05-29 18:28 ` Ralph Siemsen
2020-05-30 21:08 ` Jon Mason
0 siblings, 1 reply; 5+ messages in thread
From: Ralph Siemsen @ 2020-05-29 18:28 UTC (permalink / raw)
To: Jon Mason; +Cc: Sumit Garg, meta-arm
[-- Attachment #1: Type: text/plain, Size: 279 bytes --]
Hi Jon,
On Fri, May 29, 2020 at 10:28 AM Jon Mason <jdmason@kudzu.us> wrote:
>
> Applied to the master branch.
>
Great, thank you.
What is the process for applying it to dunfell - should I send another
patch (only the subject line will differ)?
Regards
Ralph
[-- Attachment #2: Type: text/html, Size: 613 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-arm] [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings
2020-05-29 18:28 ` Ralph Siemsen
@ 2020-05-30 21:08 ` Jon Mason
0 siblings, 0 replies; 5+ messages in thread
From: Jon Mason @ 2020-05-30 21:08 UTC (permalink / raw)
To: Ralph Siemsen; +Cc: Sumit Garg, meta-arm
On Fri, May 29, 2020 at 02:28:12PM -0400, Ralph Siemsen wrote:
> Hi Jon,
>
> On Fri, May 29, 2020 at 10:28 AM Jon Mason <jdmason@kudzu.us> wrote:
>
> >
> > Applied to the master branch.
> >
>
> Great, thank you.
>
> What is the process for applying it to dunfell - should I send another
> patch (only the subject line will differ)?
It is sufficient to ask me here :)
Thanks,
Jon
>
> Regards
> Ralph
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-30 21:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-28 14:07 [PATCH] arm-toolchain: set CVE_VERSION to fix cve-check warnings Ralph Siemsen
2020-05-29 12:34 ` [meta-arm] " Sumit Garg
2020-05-29 14:28 ` Jon Mason
2020-05-29 18:28 ` Ralph Siemsen
2020-05-30 21:08 ` Jon Mason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.