Message ID | 20220517111500.735-1-ranjitsinhrathod1991@gmail.com |
---|---|
State | Accepted, archived |
Commit | 970743af349e21a399da6241587b849b14933bc5 |
Headers | show |
Series | [dunfell] git: Use CVE_CHECK_WHITELIST instead of CVE_CHECK_IGNORE | expand |
Hi, On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > branch Good finding, thanks. I think it makes sence to support both CVE_CHECK_WHITELIST and CVE_CHECK_IGNORE variables in dunfell as patches will be cherry-picked and this issue may creep in again silently. Other opinions? Cheers, -Mikko > Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> > --- > meta/recipes-devtools/git/git.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc > index 879920d97e..b5d0004712 100644 > --- a/meta/recipes-devtools/git/git.inc > +++ b/meta/recipes-devtools/git/git.inc > @@ -22,7 +22,7 @@ CVE_PRODUCT = "git-scm:git" > # This is about a manpage not mentioning --mirror may "leak" information > # in mirrored git repos. Most OE users wouldn't build the docs and > # we don't see this as a major issue for our general users/usecases. > -CVE_CHECK_IGNORE += "CVE-2022-24975" > +CVE_CHECK_WHITELIST += "CVE-2022-24975" > > PACKAGECONFIG ??= "" > PACKAGECONFIG[cvsserver] = "" > -- > 2.17.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165727): https://lists.openembedded.org/g/openembedded-core/message/165727 > Mute This Topic: https://lists.openembedded.org/mt/91160955/3616751 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mikko.rapeli@bmw.de] > -=-=-=-=-=-=-=-=-=-=-=- >
On Tue, 2022-05-17 at 11:41 +0000, Mikko Rapeli wrote: > Hi, > > On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > > branch > > Good finding, thanks. I think it makes sence to support both CVE_CHECK_WHITELIST > and CVE_CHECK_IGNORE variables in dunfell as patches will be cherry-picked and > this issue may creep in again silently. > > Other opinions? I wondered if we backport the BB_RENAMED_VARIABLES functionality to older bitbakes but use it differently - have it error if the new names are detected? That way we solve this for the other variable names too. Steve: Any thoughts? Cheers, Richard
On Tue, May 17, 2022 at 1:57 AM Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Tue, 2022-05-17 at 11:41 +0000, Mikko Rapeli wrote: > > Hi, > > > > On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > > > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > > > branch > > > > Good finding, thanks. I think it makes sence to support both CVE_CHECK_WHITELIST > > and CVE_CHECK_IGNORE variables in dunfell as patches will be cherry-picked and > > this issue may creep in again silently. > > > > Other opinions? > > I wondered if we backport the BB_RENAMED_VARIABLES functionality to > older bitbakes but use it differently - have it error if the new names > are detected? > > That way we solve this for the other variable names too. > > Steve: Any thoughts? First of all, sorry this slipped by me :-( I support the approach of having bitbake error if the new names are detected and would gladly take such a patch. I think this is much better than having a mix of old and new variable names in dunfell. Steve
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 879920d97e..b5d0004712 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc @@ -22,7 +22,7 @@ CVE_PRODUCT = "git-scm:git" # This is about a manpage not mentioning --mirror may "leak" information # in mirrored git repos. Most OE users wouldn't build the docs and # we don't see this as a major issue for our general users/usecases. -CVE_CHECK_IGNORE += "CVE-2022-24975" +CVE_CHECK_WHITELIST += "CVE-2022-24975" PACKAGECONFIG ??= "" PACKAGECONFIG[cvsserver] = ""
Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell branch Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> --- meta/recipes-devtools/git/git.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)