| Message ID | 20230621104215.2137991-1-Martin.Jansa@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security] *.patch: add Upstream-Status to all patches | expand |
Hello Martin, On 6/21/23 6:42 AM, Martin Jansa wrote: > There is new patch-status QA check in oe-core: > https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a > > This is temporary work around just to hide _many_ warnings from > optional patch-status (if you add it to WARN_QA). > > This just added > Upstream-Status: Pending > everywhere without actually investigating what's the proper status. > > This is just to hide current QA warnings and to catch new .patch files being > added without Upstream-Status, but the number of Pending patches is now terrible: > > 0 (0%) meta-parsec > N/A (0%) meta-hardening > 1 (100%) meta-integrity > 15 (68%) meta-tpm > 27 (61%) meta-security > > Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> > --- > ...Do-not-get-generation-using-ioctl-when-evm_portable-.patch | 4 ++++ > .../0001-create-tpm-key-support-well-known-key-option.patch | 2 ++ > .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 2 ++ > ...tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch | 2 ++ > ...tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch | 2 ++ > .../recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch | 2 ++ Those appear to be fine. > .../openscap/files/0002-openembedded-add-Poky-distro.patch | 2 ++ The openscap patches are being dropped as they got accepted upstream. I sent a patch last night to reflect that. I can drop this change. > recipes-perl/perl/files/libwhisker2.patch | 2 ++ > recipes-scanners/clamav/files/test.patch | 2 ++ the "test.patch" isn't used anywhere so I can remove it later. > .../ecryptfs-utils/files/define_musl_sword_type.patch | 2 ++ This one is missing other standard patch information. Looks like a bit more cleanup is in order on my part. > recipes-security/isic/files/configure_fix.patch | 2 ++ This patch contains "Inappropriate" to the Upstream-Status should Inappropriate [reason] not pending. > recipes-security/isic/files/isic-0.07-make.patch | 2 ++ This patch contains "Backport" so the Upstream-Status should be Backport not pending. > recipes-security/isic/files/isic-0.07-netinet.patch | 2 ++ This patch contains "Backport" so the Upstream-Status should be Backport not pending. I can take those last six as-is and send a follow up tweaking as needed or you can send a V2. Your call. thanks, Armin > 13 files changed, 28 insertions(+) > > diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > index 3624576..f0d8975 100644 > --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > @@ -13,6 +13,8 @@ ioctl is not supported by the filesystem. > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > --- > +Upstream-Status: Pending > + > src/evmctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > @@ -30,6 +32,8 @@ index 6d2bb67..c35a28c 100644 > int fd = open(file, 0); > > --- > +Upstream-Status: Pending > + > 2.39.2 > > > diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > index bed8b92..e6068af 100644 > --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > Date: Wed Jun 19 18:57:13 2013 +0800 > diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > index 2caaaf0..74def4f 100644 > --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > Date: Wed Jun 19 18:57:13 2013 +0800 > diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > index cc8772d..732961d 100644 > --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > --- > +Upstream-Status: Pending > + > e_tpm.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- > e_tpm.h | 4 ++ > e_tpm_err.c | 4 ++ > diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > index 535472a..3cbfc3c 100644 > --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > @@ -12,6 +12,8 @@ wrong case. > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > --- > +Upstream-Status: Pending > + > create_tpm_key.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > index 40150af..d427d67 100644 > --- a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > Index: git/include/tpm_tspi.h > =================================================================== > --- git.orig/include/tpm_tspi.h > diff --git a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > index 182d9ec..767b473 100644 > --- a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > +++ b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > @@ -5,6 +5,8 @@ Subject: [PATCH 2/2] openembedded: add Poky distro > > Signed-off-by: Armin Kuster <akuster@mvista.com> > --- > +Upstream-Status: Pending > + > cpe/openscap-cpe-dict.xml | 4 ++++ > cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ > src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- > diff --git a/recipes-perl/perl/files/libwhisker2.patch b/recipes-perl/perl/files/libwhisker2.patch > index c066366..4ea1ee5 100644 > --- a/recipes-perl/perl/files/libwhisker2.patch > +++ b/recipes-perl/perl/files/libwhisker2.patch > @@ -7,6 +7,8 @@ Subject: [PATCH] Mandir and perl install dir were overwritten with faulty > > Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> > --- > +Upstream-Status: Pending > + > Makefile.pl | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/recipes-scanners/clamav/files/test.patch b/recipes-scanners/clamav/files/test.patch > index a22b45d..8d94863 100644 > --- a/recipes-scanners/clamav/files/test.patch > +++ b/recipes-scanners/clamav/files/test.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > Index: clamav-0.103.0/Makefile.am > =================================================================== > --- clamav-0.103.0.orig/Makefile.am > diff --git a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > index 3b29be0..01b7dd8 100644 > --- a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > +++ b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c > =================================================================== > --- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c > diff --git a/recipes-security/isic/files/configure_fix.patch b/recipes-security/isic/files/configure_fix.patch > index fc2a774..801fe0c 100644 > --- a/recipes-security/isic/files/configure_fix.patch > +++ b/recipes-security/isic/files/configure_fix.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > isic: add with-libnet remove libnet test > > Inappropriate - builds fine on non-oe systems. We need to exlude > diff --git a/recipes-security/isic/files/isic-0.07-make.patch b/recipes-security/isic/files/isic-0.07-make.patch > index 9cffa8a..838c873 100644 > --- a/recipes-security/isic/files/isic-0.07-make.patch > +++ b/recipes-security/isic/files/isic-0.07-make.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > isic: Fixup makefile to support destination > > Backport: > diff --git a/recipes-security/isic/files/isic-0.07-netinet.patch b/recipes-security/isic/files/isic-0.07-netinet.patch > index c4ea74e..4b03880 100644 > --- a/recipes-security/isic/files/isic-0.07-netinet.patch > +++ b/recipes-security/isic/files/isic-0.07-netinet.patch > @@ -1,3 +1,5 @@ > +Upstream-Status: Pending > + > isic: add missing header file > > Backport: > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#60370): https://lists.yoctoproject.org/g/yocto/message/60370 > Mute This Topic: https://lists.yoctoproject.org/mt/99673661/3616698 > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [akuster808@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Wed, Jun 21, 2023 at 3:42 PM akuster808 <akuster808@gmail.com> wrote: > Hello Martin, > Hello Armin, On 6/21/23 6:42 AM, Martin Jansa wrote: > > There is new patch-status QA check in oe-core: > > > https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a > > > > This is temporary work around just to hide _many_ warnings from > > optional patch-status (if you add it to WARN_QA). > > > > This just added > > Upstream-Status: Pending > > everywhere without actually investigating what's the proper status. > > > > This is just to hide current QA warnings and to catch new .patch files > being > > added without Upstream-Status, but the number of Pending patches is now > terrible: > > > > 0 (0%) meta-parsec > > N/A (0%) meta-hardening > > 1 (100%) meta-integrity > > 15 (68%) meta-tpm > > 27 (61%) meta-security > > > > Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> > > > > --- > > ...Do-not-get-generation-using-ioctl-when-evm_portable-.patch | 4 ++++ > > .../0001-create-tpm-key-support-well-known-key-option.patch | 2 ++ > > .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 2 ++ > > ...tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch | 2 ++ > > ...tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch | 2 ++ > > .../recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch | 2 ++ > Those appear to be fine. > > .../openscap/files/0002-openembedded-add-Poky-distro.patch | 2 ++ > The openscap patches are being dropped as they got accepted upstream. I > sent a patch last night to reflect that. > > I can drop this change. > > recipes-perl/perl/files/libwhisker2.patch | 2 ++ > > recipes-scanners/clamav/files/test.patch | 2 ++ > the "test.patch" isn't used anywhere so I can remove it later. > > .../ecryptfs-utils/files/define_musl_sword_type.patch | 2 ++ > This one is missing other standard patch information. Looks like a bit > more cleanup is in order on my part. > > recipes-security/isic/files/configure_fix.patch | 2 ++ > This patch contains "Inappropriate" to the Upstream-Status should > Inappropriate [reason] not pending. > > recipes-security/isic/files/isic-0.07-make.patch | 2 ++ > This patch contains "Backport" so the Upstream-Status should be Backport > not pending. > > recipes-security/isic/files/isic-0.07-netinet.patch | 2 ++ > This patch contains "Backport" so the Upstream-Status should be Backport > not pending. > > I can take those last six as-is and send a follow up tweaking as needed > or you can send a V2. Your call. > I use only very small portion of meta-security (just selinux recipe), so if you can do the fix-up yourself my CI&I will be grateful. Regards, thanks, > Armin > > 13 files changed, 28 insertions(+) > > > > diff --git > a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > index 3624576..f0d8975 100644 > > --- > a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > +++ > b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > @@ -13,6 +13,8 @@ ioctl is not supported by the filesystem. > > > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > > --- > > +Upstream-Status: Pending > > + > > src/evmctl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > @@ -30,6 +32,8 @@ index 6d2bb67..c35a28c 100644 > > int fd = open(file, 0); > > > > --- > > +Upstream-Status: Pending > > + > > 2.39.2 > > > > > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > index bed8b92..e6068af 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > > Date: Wed Jun 19 18:57:13 2013 +0800 > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > index 2caaaf0..74def4f 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > > Date: Wed Jun 19 18:57:13 2013 +0800 > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > index cc8772d..732961d 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx > > > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > > --- > > +Upstream-Status: Pending > > + > > e_tpm.c | 157 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- > > e_tpm.h | 4 ++ > > e_tpm_err.c | 4 ++ > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > index 535472a..3cbfc3c 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > @@ -12,6 +12,8 @@ wrong case. > > > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > > --- > > +Upstream-Status: Pending > > + > > create_tpm_key.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git > a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > index 40150af..d427d67 100644 > > --- a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: git/include/tpm_tspi.h > > =================================================================== > > --- git.orig/include/tpm_tspi.h > > diff --git > a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > index 182d9ec..767b473 100644 > > --- > a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > +++ > b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > @@ -5,6 +5,8 @@ Subject: [PATCH 2/2] openembedded: add Poky distro > > > > Signed-off-by: Armin Kuster <akuster@mvista.com> > > --- > > +Upstream-Status: Pending > > + > > cpe/openscap-cpe-dict.xml | 4 ++++ > > cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ > > src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- > > diff --git a/recipes-perl/perl/files/libwhisker2.patch > b/recipes-perl/perl/files/libwhisker2.patch > > index c066366..4ea1ee5 100644 > > --- a/recipes-perl/perl/files/libwhisker2.patch > > +++ b/recipes-perl/perl/files/libwhisker2.patch > > @@ -7,6 +7,8 @@ Subject: [PATCH] Mandir and perl install dir were > overwritten with faulty > > > > Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> > > --- > > +Upstream-Status: Pending > > + > > Makefile.pl | 12 +++++++----- > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > diff --git a/recipes-scanners/clamav/files/test.patch > b/recipes-scanners/clamav/files/test.patch > > index a22b45d..8d94863 100644 > > --- a/recipes-scanners/clamav/files/test.patch > > +++ b/recipes-scanners/clamav/files/test.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: clamav-0.103.0/Makefile.am > > =================================================================== > > --- clamav-0.103.0.orig/Makefile.am > > diff --git > a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > index 3b29be0..01b7dd8 100644 > > --- a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > +++ b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c > > =================================================================== > > --- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c > > diff --git a/recipes-security/isic/files/configure_fix.patch > b/recipes-security/isic/files/configure_fix.patch > > index fc2a774..801fe0c 100644 > > --- a/recipes-security/isic/files/configure_fix.patch > > +++ b/recipes-security/isic/files/configure_fix.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: add with-libnet remove libnet test > > > > Inappropriate - builds fine on non-oe systems. We need to exlude > > diff --git a/recipes-security/isic/files/isic-0.07-make.patch > b/recipes-security/isic/files/isic-0.07-make.patch > > index 9cffa8a..838c873 100644 > > --- a/recipes-security/isic/files/isic-0.07-make.patch > > +++ b/recipes-security/isic/files/isic-0.07-make.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: Fixup makefile to support destination > > > > Backport: > > diff --git a/recipes-security/isic/files/isic-0.07-netinet.patch > b/recipes-security/isic/files/isic-0.07-netinet.patch > > index c4ea74e..4b03880 100644 > > --- a/recipes-security/isic/files/isic-0.07-netinet.patch > > +++ b/recipes-security/isic/files/isic-0.07-netinet.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: add missing header file > > > > Backport: > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#60370): > https://lists.yoctoproject.org/g/yocto/message/60370 > > Mute This Topic: https://lists.yoctoproject.org/mt/99673661/3616698 > > Group Owner: yocto+owner@lists.yoctoproject.org > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ > akuster808@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > >
I've checked the master-next now and somehow I've missed some of the Upstream-Status issues earlier, so I've sent 4 more changes based on master-next. Cheers, On Wed, Jun 21, 2023 at 3:49 PM Martin Jansa via lists.yoctoproject.org <Martin.Jansa=gmail.com@lists.yoctoproject.org> wrote: > On Wed, Jun 21, 2023 at 3:42 PM akuster808 <akuster808@gmail.com> wrote: > >> Hello Martin, >> > > Hello Armin, > > On 6/21/23 6:42 AM, Martin Jansa wrote: >> > There is new patch-status QA check in oe-core: >> > >> https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a >> > >> > This is temporary work around just to hide _many_ warnings from >> > optional patch-status (if you add it to WARN_QA). >> > >> > This just added >> > Upstream-Status: Pending >> > everywhere without actually investigating what's the proper status. >> > >> > This is just to hide current QA warnings and to catch new .patch files >> being >> > added without Upstream-Status, but the number of Pending patches is now >> terrible: >> > >> > 0 (0%) meta-parsec >> > N/A (0%) meta-hardening >> > 1 (100%) meta-integrity >> > 15 (68%) meta-tpm >> > 27 (61%) meta-security >> > >> > Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> >> >> >> > --- >> > ...Do-not-get-generation-using-ioctl-when-evm_portable-.patch | 4 ++++ >> > .../0001-create-tpm-key-support-well-known-key-option.patch | 2 ++ >> > .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 2 ++ >> > ...tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch | 2 ++ >> > ...tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch | 2 ++ >> > .../recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch | 2 ++ >> Those appear to be fine. >> > .../openscap/files/0002-openembedded-add-Poky-distro.patch | 2 ++ >> The openscap patches are being dropped as they got accepted upstream. I >> sent a patch last night to reflect that. >> >> I can drop this change. >> > recipes-perl/perl/files/libwhisker2.patch | 2 ++ >> > recipes-scanners/clamav/files/test.patch | 2 ++ >> the "test.patch" isn't used anywhere so I can remove it later. >> > .../ecryptfs-utils/files/define_musl_sword_type.patch | 2 ++ >> This one is missing other standard patch information. Looks like a bit >> more cleanup is in order on my part. >> > recipes-security/isic/files/configure_fix.patch | 2 ++ >> This patch contains "Inappropriate" to the Upstream-Status should >> Inappropriate [reason] not pending. >> > recipes-security/isic/files/isic-0.07-make.patch | 2 ++ >> This patch contains "Backport" so the Upstream-Status should be Backport >> not pending. >> > recipes-security/isic/files/isic-0.07-netinet.patch | 2 ++ >> This patch contains "Backport" so the Upstream-Status should be Backport >> not pending. >> >> I can take those last six as-is and send a follow up tweaking as needed >> or you can send a V2. Your call. >> > > I use only very small portion of meta-security (just selinux recipe), so > if you can do the fix-up yourself my CI&I will be grateful. > > Regards, > > thanks, >> Armin >> > 13 files changed, 28 insertions(+) >> > >> > diff --git >> a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch >> b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch >> > index 3624576..f0d8975 100644 >> > --- >> a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch >> > +++ >> b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch >> > @@ -13,6 +13,8 @@ ioctl is not supported by the filesystem. >> > >> > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> >> > --- >> > +Upstream-Status: Pending >> > + >> > src/evmctl.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > @@ -30,6 +32,8 @@ index 6d2bb67..c35a28c 100644 >> > int fd = open(file, 0); >> > >> > --- >> > +Upstream-Status: Pending >> > + >> > 2.39.2 >> > >> > >> > diff --git >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch >> > index bed8b92..e6068af 100644 >> > --- >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch >> > +++ >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed >> > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> >> > Date: Wed Jun 19 18:57:13 2013 +0800 >> > diff --git >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch >> > index 2caaaf0..74def4f 100644 >> > --- >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch >> > +++ >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed >> > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> >> > Date: Wed Jun 19 18:57:13 2013 +0800 >> > diff --git >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch >> > index cc8772d..732961d 100644 >> > --- >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch >> > +++ >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch >> > @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx >> > >> > Signed-off-by: Meng Li <Meng.Li@windriver.com> >> > --- >> > +Upstream-Status: Pending >> > + >> > e_tpm.c | 157 >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- >> > e_tpm.h | 4 ++ >> > e_tpm_err.c | 4 ++ >> > diff --git >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch >> > index 535472a..3cbfc3c 100644 >> > --- >> a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch >> > +++ >> b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch >> > @@ -12,6 +12,8 @@ wrong case. >> > >> > Signed-off-by: Meng Li <Meng.Li@windriver.com> >> > --- >> > +Upstream-Status: Pending >> > + >> > create_tpm_key.c | 3 ++- >> > 1 file changed, 2 insertions(+), 1 deletion(-) >> > >> > diff --git >> a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch >> b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch >> > index 40150af..d427d67 100644 >> > --- a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch >> > +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > Index: git/include/tpm_tspi.h >> > =================================================================== >> > --- git.orig/include/tpm_tspi.h >> > diff --git >> a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch >> b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch >> > index 182d9ec..767b473 100644 >> > --- >> a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch >> > +++ >> b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch >> > @@ -5,6 +5,8 @@ Subject: [PATCH 2/2] openembedded: add Poky distro >> > >> > Signed-off-by: Armin Kuster <akuster@mvista.com> >> > --- >> > +Upstream-Status: Pending >> > + >> > cpe/openscap-cpe-dict.xml | 4 ++++ >> > cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ >> > src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- >> > diff --git a/recipes-perl/perl/files/libwhisker2.patch >> b/recipes-perl/perl/files/libwhisker2.patch >> > index c066366..4ea1ee5 100644 >> > --- a/recipes-perl/perl/files/libwhisker2.patch >> > +++ b/recipes-perl/perl/files/libwhisker2.patch >> > @@ -7,6 +7,8 @@ Subject: [PATCH] Mandir and perl install dir were >> overwritten with faulty >> > >> > Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> >> > --- >> > +Upstream-Status: Pending >> > + >> > Makefile.pl | 12 +++++++----- >> > 1 file changed, 7 insertions(+), 5 deletions(-) >> > >> > diff --git a/recipes-scanners/clamav/files/test.patch >> b/recipes-scanners/clamav/files/test.patch >> > index a22b45d..8d94863 100644 >> > --- a/recipes-scanners/clamav/files/test.patch >> > +++ b/recipes-scanners/clamav/files/test.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > Index: clamav-0.103.0/Makefile.am >> > =================================================================== >> > --- clamav-0.103.0.orig/Makefile.am >> > diff --git >> a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch >> b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch >> > index 3b29be0..01b7dd8 100644 >> > --- a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch >> > +++ b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c >> > =================================================================== >> > --- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c >> > diff --git a/recipes-security/isic/files/configure_fix.patch >> b/recipes-security/isic/files/configure_fix.patch >> > index fc2a774..801fe0c 100644 >> > --- a/recipes-security/isic/files/configure_fix.patch >> > +++ b/recipes-security/isic/files/configure_fix.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > isic: add with-libnet remove libnet test >> > >> > Inappropriate - builds fine on non-oe systems. We need to exlude >> > diff --git a/recipes-security/isic/files/isic-0.07-make.patch >> b/recipes-security/isic/files/isic-0.07-make.patch >> > index 9cffa8a..838c873 100644 >> > --- a/recipes-security/isic/files/isic-0.07-make.patch >> > +++ b/recipes-security/isic/files/isic-0.07-make.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > isic: Fixup makefile to support destination >> > >> > Backport: >> > diff --git a/recipes-security/isic/files/isic-0.07-netinet.patch >> b/recipes-security/isic/files/isic-0.07-netinet.patch >> > index c4ea74e..4b03880 100644 >> > --- a/recipes-security/isic/files/isic-0.07-netinet.patch >> > +++ b/recipes-security/isic/files/isic-0.07-netinet.patch >> > @@ -1,3 +1,5 @@ >> > +Upstream-Status: Pending >> > + >> > isic: add missing header file >> > >> > Backport: >> > >> > >> > >> >> > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#60376): > https://lists.yoctoproject.org/g/yocto/message/60376 > Mute This Topic: https://lists.yoctoproject.org/mt/99673661/3617156 > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ > Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On 6/22/23 10:54 AM, Martin Jansa wrote: > I've checked the master-next now and somehow I've missed some of the > Upstream-Status issues earlier, so I've sent 4 more changes based on > master-next. Thanks for help cleaning these up. Much appreciated. BR, Armin > > Cheers, > > On Wed, Jun 21, 2023 at 3:49 PM Martin Jansa via > lists.yoctoproject.org <http://lists.yoctoproject.org> > <Martin.Jansa=gmail.com@lists.yoctoproject.org> wrote: > > On Wed, Jun 21, 2023 at 3:42 PM akuster808 <akuster808@gmail.com> > wrote: > > Hello Martin, > > > Hello Armin, > > On 6/21/23 6:42 AM, Martin Jansa wrote: > > There is new patch-status QA check in oe-core: > > > https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a > > > > This is temporary work around just to hide _many_ warnings from > > optional patch-status (if you add it to WARN_QA). > > > > This just added > > Upstream-Status: Pending > > everywhere without actually investigating what's the proper > status. > > > > This is just to hide current QA warnings and to catch new > .patch files being > > added without Upstream-Status, but the number of Pending > patches is now terrible: > > > > 0 (0%) meta-parsec > > N/A (0%) meta-hardening > > 1 (100%) meta-integrity > > 15 (68%) meta-tpm > > 27 (61%) meta-security > > > > Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> > > > > --- > > > ...Do-not-get-generation-using-ioctl-when-evm_portable-.patch > | 4 ++++ > > .../0001-create-tpm-key-support-well-known-key-option.patch > | 2 ++ > > .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 2 ++ > > > ...tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > | 2 ++ > > > ...tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > | 2 ++ > > .../recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > | 2 ++ > Those appear to be fine. > > .../openscap/files/0002-openembedded-add-Poky-distro.patch > | 2 ++ > The openscap patches are being dropped as they got accepted > upstream. I > sent a patch last night to reflect that. > > I can drop this change. > > recipes-perl/perl/files/libwhisker2.patch | 2 ++ > > recipes-scanners/clamav/files/test.patch | 2 ++ > the "test.patch" isn't used anywhere so I can remove it later. > > .../ecryptfs-utils/files/define_musl_sword_type.patch > | 2 ++ > This one is missing other standard patch information. Looks > like a bit > more cleanup is in order on my part. > > recipes-security/isic/files/configure_fix.patch > | 2 ++ > This patch contains "Inappropriate" to the Upstream-Status should > Inappropriate [reason] not pending. > > recipes-security/isic/files/isic-0.07-make.patch > | 2 ++ > This patch contains "Backport" so the Upstream-Status should > be Backport > not pending. > > recipes-security/isic/files/isic-0.07-netinet.patch > | 2 ++ > This patch contains "Backport" so the Upstream-Status should > be Backport > not pending. > > I can take those last six as-is and send a follow up tweaking > as needed > or you can send a V2. Your call. > > > I use only very small portion of meta-security (just selinux > recipe), so if you can do the fix-up yourself my CI&I will be > grateful. > > Regards, > > thanks, > Armin > > 13 files changed, 28 insertions(+) > > > > diff --git > a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > index 3624576..f0d8975 100644 > > --- > a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > +++ > b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch > > @@ -13,6 +13,8 @@ ioctl is not supported by the filesystem. > > > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > > --- > > +Upstream-Status: Pending > > + > > src/evmctl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > @@ -30,6 +32,8 @@ index 6d2bb67..c35a28c 100644 > > int fd = open(file, 0); > > > > --- > > +Upstream-Status: Pending > > + > > 2.39.2 > > > > > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > index bed8b92..e6068af 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > > Date: Wed Jun 19 18:57:13 2013 +0800 > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > index 2caaaf0..74def4f 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed > > Author: Junxian.Xiao <Junxian.Xiao@windriver.com> > > Date: Wed Jun 19 18:57:13 2013 +0800 > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > index cc8772d..732961d 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch > > @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx > > > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > > --- > > +Upstream-Status: Pending > > + > > e_tpm.c | 157 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- > > e_tpm.h | 4 ++ > > e_tpm_err.c | 4 ++ > > diff --git > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > index 535472a..3cbfc3c 100644 > > --- > a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > +++ > b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch > > @@ -12,6 +12,8 @@ wrong case. > > > > Signed-off-by: Meng Li <Meng.Li@windriver.com> > > --- > > +Upstream-Status: Pending > > + > > create_tpm_key.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git > a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > index 40150af..d427d67 100644 > > --- > a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > +++ > b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: git/include/tpm_tspi.h > > > =================================================================== > > --- git.orig/include/tpm_tspi.h > > diff --git > a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > index 182d9ec..767b473 100644 > > --- > a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > +++ > b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch > > @@ -5,6 +5,8 @@ Subject: [PATCH 2/2] openembedded: add Poky > distro > > > > Signed-off-by: Armin Kuster <akuster@mvista.com> > > --- > > +Upstream-Status: Pending > > + > > cpe/openscap-cpe-dict.xml | 4 ++++ > > cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ > > src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- > > diff --git a/recipes-perl/perl/files/libwhisker2.patch > b/recipes-perl/perl/files/libwhisker2.patch > > index c066366..4ea1ee5 100644 > > --- a/recipes-perl/perl/files/libwhisker2.patch > > +++ b/recipes-perl/perl/files/libwhisker2.patch > > @@ -7,6 +7,8 @@ Subject: [PATCH] Mandir and perl install dir > were overwritten with faulty > > > > Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> > > --- > > +Upstream-Status: Pending > > + > > Makefile.pl | 12 +++++++----- > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > diff --git a/recipes-scanners/clamav/files/test.patch > b/recipes-scanners/clamav/files/test.patch > > index a22b45d..8d94863 100644 > > --- a/recipes-scanners/clamav/files/test.patch > > +++ b/recipes-scanners/clamav/files/test.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: clamav-0.103.0/Makefile.am > > > =================================================================== > > --- clamav-0.103.0.orig/Makefile.am > > diff --git > a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > index 3b29be0..01b7dd8 100644 > > --- > a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > +++ > b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c > > > =================================================================== > > --- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c > > diff --git a/recipes-security/isic/files/configure_fix.patch > b/recipes-security/isic/files/configure_fix.patch > > index fc2a774..801fe0c 100644 > > --- a/recipes-security/isic/files/configure_fix.patch > > +++ b/recipes-security/isic/files/configure_fix.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: add with-libnet remove libnet test > > > > Inappropriate - builds fine on non-oe systems. We need to > exlude > > diff --git > a/recipes-security/isic/files/isic-0.07-make.patch > b/recipes-security/isic/files/isic-0.07-make.patch > > index 9cffa8a..838c873 100644 > > --- a/recipes-security/isic/files/isic-0.07-make.patch > > +++ b/recipes-security/isic/files/isic-0.07-make.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: Fixup makefile to support destination > > > > Backport: > > diff --git > a/recipes-security/isic/files/isic-0.07-netinet.patch > b/recipes-security/isic/files/isic-0.07-netinet.patch > > index c4ea74e..4b03880 100644 > > --- a/recipes-security/isic/files/isic-0.07-netinet.patch > > +++ b/recipes-security/isic/files/isic-0.07-netinet.patch > > @@ -1,3 +1,5 @@ > > +Upstream-Status: Pending > > + > > isic: add missing header file > > > > Backport: > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#60376): > https://lists.yoctoproject.org/g/yocto/message/60376 > Mute This Topic: https://lists.yoctoproject.org/mt/99673661/3617156 > Group Owner: yocto+owner@lists.yoctoproject.org > <mailto:yocto%2Bowner@lists.yoctoproject.org> > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub > [Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch index 3624576..f0d8975 100644 --- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch +++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch @@ -13,6 +13,8 @@ ioctl is not supported by the filesystem. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- +Upstream-Status: Pending + src/evmctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -30,6 +32,8 @@ index 6d2bb67..c35a28c 100644 int fd = open(file, 0); --- +Upstream-Status: Pending + 2.39.2 diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch index bed8b92..e6068af 100644 --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed Author: Junxian.Xiao <Junxian.Xiao@windriver.com> Date: Wed Jun 19 18:57:13 2013 +0800 diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch index 2caaaf0..74def4f 100644 --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed Author: Junxian.Xiao <Junxian.Xiao@windriver.com> Date: Wed Jun 19 18:57:13 2013 +0800 diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch index cc8772d..732961d 100644 --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx Signed-off-by: Meng Li <Meng.Li@windriver.com> --- +Upstream-Status: Pending + e_tpm.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- e_tpm.h | 4 ++ e_tpm_err.c | 4 ++ diff --git a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch index 535472a..3cbfc3c 100644 --- a/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch @@ -12,6 +12,8 @@ wrong case. Signed-off-by: Meng Li <Meng.Li@windriver.com> --- +Upstream-Status: Pending + create_tpm_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch index 40150af..d427d67 100644 --- a/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + Index: git/include/tpm_tspi.h =================================================================== --- git.orig/include/tpm_tspi.h diff --git a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch index 182d9ec..767b473 100644 --- a/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch +++ b/recipes-compliance/openscap/files/0002-openembedded-add-Poky-distro.patch @@ -5,6 +5,8 @@ Subject: [PATCH 2/2] openembedded: add Poky distro Signed-off-by: Armin Kuster <akuster@mvista.com> --- +Upstream-Status: Pending + cpe/openscap-cpe-dict.xml | 4 ++++ cpe/openscap-cpe-oval.xml | 14 ++++++++++++++ src/OVAL/probes/unix/runlevel_probe.c | 8 +++++++- diff --git a/recipes-perl/perl/files/libwhisker2.patch b/recipes-perl/perl/files/libwhisker2.patch index c066366..4ea1ee5 100644 --- a/recipes-perl/perl/files/libwhisker2.patch +++ b/recipes-perl/perl/files/libwhisker2.patch @@ -7,6 +7,8 @@ Subject: [PATCH] Mandir and perl install dir were overwritten with faulty Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> --- +Upstream-Status: Pending + Makefile.pl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/recipes-scanners/clamav/files/test.patch b/recipes-scanners/clamav/files/test.patch index a22b45d..8d94863 100644 --- a/recipes-scanners/clamav/files/test.patch +++ b/recipes-scanners/clamav/files/test.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + Index: clamav-0.103.0/Makefile.am =================================================================== --- clamav-0.103.0.orig/Makefile.am diff --git a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch index 3b29be0..01b7dd8 100644 --- a/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch +++ b/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c =================================================================== --- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c diff --git a/recipes-security/isic/files/configure_fix.patch b/recipes-security/isic/files/configure_fix.patch index fc2a774..801fe0c 100644 --- a/recipes-security/isic/files/configure_fix.patch +++ b/recipes-security/isic/files/configure_fix.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + isic: add with-libnet remove libnet test Inappropriate - builds fine on non-oe systems. We need to exlude diff --git a/recipes-security/isic/files/isic-0.07-make.patch b/recipes-security/isic/files/isic-0.07-make.patch index 9cffa8a..838c873 100644 --- a/recipes-security/isic/files/isic-0.07-make.patch +++ b/recipes-security/isic/files/isic-0.07-make.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + isic: Fixup makefile to support destination Backport: diff --git a/recipes-security/isic/files/isic-0.07-netinet.patch b/recipes-security/isic/files/isic-0.07-netinet.patch index c4ea74e..4b03880 100644 --- a/recipes-security/isic/files/isic-0.07-netinet.patch +++ b/recipes-security/isic/files/isic-0.07-netinet.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + isic: add missing header file Backport:
There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 0 (0%) meta-parsec N/A (0%) meta-hardening 1 (100%) meta-integrity 15 (68%) meta-tpm 27 (61%) meta-security Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> --- ...Do-not-get-generation-using-ioctl-when-evm_portable-.patch | 4 ++++ .../0001-create-tpm-key-support-well-known-key-option.patch | 2 ++ .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 2 ++ ...tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch | 2 ++ ...tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch | 2 ++ .../recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch | 2 ++ .../openscap/files/0002-openembedded-add-Poky-distro.patch | 2 ++ recipes-perl/perl/files/libwhisker2.patch | 2 ++ recipes-scanners/clamav/files/test.patch | 2 ++ .../ecryptfs-utils/files/define_musl_sword_type.patch | 2 ++ recipes-security/isic/files/configure_fix.patch | 2 ++ recipes-security/isic/files/isic-0.07-make.patch | 2 ++ recipes-security/isic/files/isic-0.07-netinet.patch | 2 ++ 13 files changed, 28 insertions(+)