| Message ID | fd6e4f80902a641f397ac02aa3de486aa2dcd137.1714703667.git.bruce.ashfield@gmail.com |
|---|---|
| State | Accepted, archived |
| Commit | d941200509cd215e1c8cde5be9875b5e61ec76ce |
| Headers | show |
| Series | [01/12] linux-yocto/6.6: update to v6.6.24 | expand |
Hello Bruce et al, For information, the linux_kernel_cves repo has now a banner "This repository has been archived by the owner on May 2, 2024. It is now read-only. ", so I guess this is the last update. Greg has scripting for statistics of the new process, haven't looked into them yet. Regards, Marta On Fri, May 3, 2024 at 4:40 AM Bruce Ashfield via lists.openembedded.org <bruce.ashfield=gmail.com@lists.openembedded.org> wrote: > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > Data pulled from: https://github.com/nluedtke/linux_kernel_cves > > 1/1 [ > Author: Nicholas Luedtke > Email: nicholas.luedtke@uwalumni.com > Subject: Update 25Feb24 > Date: Sun, 25 Feb 2024 07:03:08 -0500 > > ] > > Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> > --- > meta/recipes-kernel/linux/cve-exclusion_6.6.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > index bb9ba49c48..133cab88a3 100644 > --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > @@ -1,9 +1,9 @@ > > # Auto-generated CVE metadata, DO NOT EDIT BY HAND. > -# Generated at 2024-03-28 16:40:04.102652+00:00 for version 6.6.23 > +# Generated at 2024-04-04 03:23:25.421265+00:00 for version 6.6.24 > > python check_kernel_cve_status_version() { > - this_version = "6.6.23" > + this_version = "6.6.24" > kernel_version = d.getVar("LINUX_VERSION") > if kernel_version != this_version: > bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) > -- > 2.39.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#198933): https://lists.openembedded.org/g/openembedded-core/message/198933 > Mute This Topic: https://lists.openembedded.org/mt/105881317/5827677 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [rybczynska@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, May 3, 2024 at 1:42 AM Marta Rybczynska <rybczynska@gmail.com> wrote: > Hello Bruce et al, > For information, the linux_kernel_cves repo has now a banner "This > repository has been archived by the owner on May 2, 2024. It is now > read-only. ", > Yes, I had noticed that, but was letting my release scripts do their "thing" to at least update the date on the file. That way it was documented that I'm checking and waiting for the replacement to arrive. I did squash all the commits against the 6.1 kernel for that reason, since they are a no-op until something new arrives. Bruce > so I guess this is the last update. > > Greg has scripting for statistics of the new process, haven't looked > into them yet. > Regards, > Marta > > On Fri, May 3, 2024 at 4:40 AM Bruce Ashfield via > lists.openembedded.org > <bruce.ashfield=gmail.com@lists.openembedded.org> wrote: > > > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > > > Data pulled from: https://github.com/nluedtke/linux_kernel_cves > > > > 1/1 [ > > Author: Nicholas Luedtke > > Email: nicholas.luedtke@uwalumni.com > > Subject: Update 25Feb24 > > Date: Sun, 25 Feb 2024 07:03:08 -0500 > > > > ] > > > > Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> > > --- > > meta/recipes-kernel/linux/cve-exclusion_6.6.inc | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > > index bb9ba49c48..133cab88a3 100644 > > --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > > +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > > @@ -1,9 +1,9 @@ > > > > # Auto-generated CVE metadata, DO NOT EDIT BY HAND. > > -# Generated at 2024-03-28 16:40:04.102652+00:00 for version 6.6.23 > > +# Generated at 2024-04-04 03:23:25.421265+00:00 for version 6.6.24 > > > > python check_kernel_cve_status_version() { > > - this_version = "6.6.23" > > + this_version = "6.6.24" > > kernel_version = d.getVar("LINUX_VERSION") > > if kernel_version != this_version: > > bb.warn("Kernel CVE status needs updating: generated for %s but > kernel is %s" % (this_version, kernel_version)) > > -- > > 2.39.2 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#198933): > https://lists.openembedded.org/g/openembedded-core/message/198933 > > Mute This Topic: https://lists.openembedded.org/mt/105881317/5827677 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > rybczynska@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
Bit of a low effort first cut because I don't have a ton of time to take on the maintaince task right now, but here's a first cut at a version of the script that parses vulns entries. Note that it appears that the output from the original script is still required as the vulns repo doesn't have the data from the linux_kernel_cves repo imported. ________________________________ From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> on behalf of Bruce Ashfield via lists.openembedded.org <bruce.ashfield=gmail.com@lists.openembedded.org> Sent: Friday, May 3, 2024 5:50 AM To: Marta Rybczynska <rybczynska@gmail.com> Cc: yocto-security@lists.yoctoproject.org <yocto-security@lists.yoctoproject.org>; richard.purdie@linuxfoundation.org <richard.purdie@linuxfoundation.org>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> Subject: Re: [OE-core] [PATCH 02/12] linux-yocto/6.6: update CVE exclusions (6.6.24) Caution: This email originated from an external sender. Always use caution when opening links or attachments from external parties. On Fri, May 3, 2024 at 1:42 AM Marta Rybczynska <rybczynska@gmail.com<mailto:rybczynska@gmail.com>> wrote: Hello Bruce et al, For information, the linux_kernel_cves repo has now a banner "This repository has been archived by the owner on May 2, 2024. It is now read-only. ", Yes, I had noticed that, but was letting my release scripts do their "thing" to at least update the date on the file. That way it was documented that I'm checking and waiting for the replacement to arrive. I did squash all the commits against the 6.1 kernel for that reason, since they are a no-op until something new arrives. Bruce so I guess this is the last update. Greg has scripting for statistics of the new process, haven't looked into them yet. Regards, Marta On Fri, May 3, 2024 at 4:40 AM Bruce Ashfield via lists.openembedded.org<http://lists.openembedded.org> <bruce.ashfield=gmail.com@lists.openembedded.org<mailto:gmail.com@lists.openembedded.org>> wrote: > > From: Bruce Ashfield <bruce.ashfield@gmail.com<mailto:bruce.ashfield@gmail.com>> > > Data pulled from: https://github.com/nluedtke/linux_kernel_cves > > 1/1 [ > Author: Nicholas Luedtke > Email: nicholas.luedtke@uwalumni.com<mailto:nicholas.luedtke@uwalumni.com> > Subject: Update 25Feb24 > Date: Sun, 25 Feb 2024 07:03:08 -0500 > > ] > > Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com<mailto:bruce.ashfield@gmail.com>> > --- > meta/recipes-kernel/linux/cve-exclusion_6.6.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > index bb9ba49c48..133cab88a3 100644 > --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc > @@ -1,9 +1,9 @@ > > # Auto-generated CVE metadata, DO NOT EDIT BY HAND. > -# Generated at 2024-03-28 16:40:04.102652+00:00 for version 6.6.23 > +# Generated at 2024-04-04 03:23:25.421265+00:00 for version 6.6.24 > > python check_kernel_cve_status_version() { > - this_version = "6.6.23" > + this_version = "6.6.24" > kernel_version = d.getVar("LINUX_VERSION") > if kernel_version != this_version: > bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) > -- > 2.39.2 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index bb9ba49c48..133cab88a3 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-03-28 16:40:04.102652+00:00 for version 6.6.23 +# Generated at 2024-04-04 03:23:25.421265+00:00 for version 6.6.24 python check_kernel_cve_status_version() { - this_version = "6.6.23" + this_version = "6.6.24" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))