Re: CVE patch updates


Monsees, Steven C (US)
 

 

When building in cve-check to see what is reported, it generated all blank/empty report files…

Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).

 

 

10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full

Parsing recipes: 100% |#############################################################################################| Time: 0:01:07

Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors.

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.44.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "rhel-7.9"

TARGET_SYS           = "x86_64-poky-linux"

MACHINE              = "sbca-default"

DISTRO               = "limws"

DISTRO_VERSION       = "3.0.4"

TUNE_FEATURES        = "m64 corei7"

TARGET_FPU           = ""

meta                

meta-poky            = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"

meta-perl           

meta-python         

meta-filesystems    

meta-networking     

meta-initramfs      

meta-oe              = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"

meta-virtualization  = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"

meta                 = "master:a32ddd2b2a51b26c011fa50e441df39304651503"

meta-clang           = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"

meta-intel           = "zeus:d9942d4c3a710406b051852de7232db03c297f4e"

meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"

 

Initialising tasks: 100% |##########################################################################################| Time: 0:00:04

Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02

Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete)

NOTE: Executing Tasks

NOTE: Setscene tasks completed

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.

 

 

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>

 

 

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l

total 0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>

 

 

From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@...
Subject: CVE patch updates

 

 

 

I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

 

Is there a yocto page somewhere that goes over this side of things ?,

I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).

 

Thanks,

Steve

Join yocto@lists.yoctoproject.org to automatically receive all group messages.