Message ID | cover.1693924532.git.bruce.ashfield@gmail.com |
---|---|
State | Not Applicable, archived |
Headers | show |
On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org <bruce.ashfield=gmail.com@lists.openembedded.org> wrote: > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > Richard, > > Here's the next round of -stable and configuration changes. > > I also ran into a build issue with 6.4+ on one of my builders > due to a gzip mismatch with zlib versions. So I've included > a fix for that. Would you be able to throw in a cve-exclusions update when you upgrade the kernels? I can do it, but it’s easier if it’s done as part of the upgrade. For now it’s a little manual. Have a clone of https://github.com/nluedtke/linux_kernel_cves to hand then: $ ./generate-cve-exclusions.py ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > cve-exclusion_6.4.inc (update paths as needed) Ross
On Wed, Sep 6, 2023 at 8:39 AM Ross Burton <Ross.Burton@arm.com> wrote: > > On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org <bruce.ashfield=gmail.com@lists.openembedded.org> wrote: > > > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > > > Richard, > > > > Here's the next round of -stable and configuration changes. > > > > I also ran into a build issue with 6.4+ on one of my builders > > due to a gzip mismatch with zlib versions. So I've included > > a fix for that. > > Would you be able to throw in a cve-exclusions update when you upgrade the kernels? I can do it, but it’s easier if it’s done as part of the upgrade. > > For now it’s a little manual. Have a clone of https://github.com/nluedtke/linux_kernel_cves to hand then: > > $ ./generate-cve-exclusions.py ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > cve-exclusion_6.4.inc > > (update paths as needed) I'll add that to my update steps. As long as I don't have to audit/check or manually edit anything, it won't be an issue. Bruce > > Ross
On 6 Sep 2023, at 13:56, Bruce Ashfield <bruce.ashfield@gmail.com> wrote: > > On Wed, Sep 6, 2023 at 8:39 AM Ross Burton <Ross.Burton@arm.com> wrote: >> >> On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org <bruce.ashfield=gmail.com@lists.openembedded.org> wrote: >>> >>> From: Bruce Ashfield <bruce.ashfield@gmail.com> >>> >>> Richard, >>> >>> Here's the next round of -stable and configuration changes. >>> >>> I also ran into a build issue with 6.4+ on one of my builders >>> due to a gzip mismatch with zlib versions. So I've included >>> a fix for that. >> >> Would you be able to throw in a cve-exclusions update when you upgrade the kernels? I can do it, but it’s easier if it’s done as part of the upgrade. >> >> For now it’s a little manual. Have a clone of https://github.com/nluedtke/linux_kernel_cves to hand then: >> >> $ ./generate-cve-exclusions.py ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > cve-exclusion_6.4.inc >> >> (update paths as needed) > > I'll add that to my update steps. > > As long as I don't have to audit/check or manually edit anything, it > won't be an issue. Cheers. Literally just run those commands and sanity check that it did something reasonable (ie didn’t write an error message to the files). I’ve been meaning to add a wrapper to do the right thing, but Marta is also working on integrating the data directly into the CVE check logic so I really do consider this script very much an interim solution. Ross
From: Bruce Ashfield <bruce.ashfield@gmail.com> Richard, Here's the next round of -stable and configuration changes. I also ran into a build issue with 6.4+ on one of my builders due to a gzip mismatch with zlib versions. So I've included a fix for that. Cheers, Bruce The following changes since commit 733afeffd19a2ae3af34abe95e514cb4b99cd366: bitbake: server/process: Add more timing debug (2023-09-05 08:14:50 +0100) are available in the Git repository at: https://git.yoctoproject.org/poky-contrib zedd/kernel https://git.yoctoproject.org/poky-contrib/log/?h=zedd/kernel Bruce Ashfield (8): linux-yocto/6.4: fix CONFIG_F2FS_IO_TRACE configuration warning linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning linux-yocto/6.4: update to v6.4.12 linux-yocto/6.1: update to v6.1.50 linux-yocto/6.4: update to v6.4.13 linux-yocto/6.4: update to v6.4.14 linux-yocto/6.1: update to v6.1.51 linux-yocto: add gzip-native to DEPENDS .../linux/linux-yocto-rt_6.1.bb | 6 ++-- .../linux/linux-yocto-rt_6.4.bb | 6 ++-- .../linux/linux-yocto-tiny_6.1.bb | 6 ++-- .../linux/linux-yocto-tiny_6.4.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto.inc | 2 +- meta/recipes-kernel/linux/linux-yocto_6.1.bb | 28 +++++++++---------- meta/recipes-kernel/linux/linux-yocto_6.4.bb | 28 +++++++++---------- 7 files changed, 41 insertions(+), 41 deletions(-)