[v2,2/2] linux-yocto: update CVE exclusions files

Message ID	20230825160830.2139251-2-ross.burton@arm.com
State	Accepted, archived
Commit	aac27011172dea37eb3687af57d05c9546b831ae
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH v2 2/2] linux-yocto: update CVE exclusions files Date: Fri, 25 Aug 2023 17:08:30 +0100 Message-Id: <20230825160830.2139251-2-ross.burton@arm.com> In-Reply-To: <20230825160830.2139251-1-ross.burton@arm.com> References: <20230825160830.2139251-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[v2,1/2] linux/generate-cve-exclusions: add version check warning \| expand [v2,1/2] linux/generate-cve-exclusions: add version check warning [v2,2/2] linux-yocto: update CVE exclusions files

Message ID

20230825160830.2139251-2-ross.burton@arm.com

State

Accepted, archived

Commit

aac27011172dea37eb3687af57d05c9546b831ae

Headers

From: ross.burton@arm.com
To: openembedded-core@lists.openembedded.org
Cc: nd@arm.com
Subject: [PATCH v2 2/2] linux-yocto: update CVE exclusions files
Date: Fri, 25 Aug 2023 17:08:30 +0100
Message-Id: <20230825160830.2139251-2-ross.burton@arm.com>
In-Reply-To: <20230825160830.2139251-1-ross.burton@arm.com>
References: <20230825160830.2139251-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

[v2,1/2] linux/generate-cve-exclusions: add version check warning | expand

Commit Message

Ross Burton Aug. 25, 2023, 4:08 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

No changes to the data, but the version checks are added.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 11 ++++++++++-
 meta/recipes-kernel/linux/cve-exclusion_6.4.inc | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 499785f6d2d..ce3a534cf34 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,5 +1,14 @@ 
+
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-21 12:41:13.991251 for version 6.1.43
+# Generated at 2023-08-25 12:42:35.329668 for version 6.1.46"
+
+python check_kernel_cve_status_version() {
+    this_version = "6.1.46"
+    kernel_version = d.getVar("LINUX_VERSION")
+    if kernel_version != this_version:
+        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
+}
+do_cve_check[prefuncs] += "check_kernel_cve_status_version"
 
 CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed after version 2.6.12rc2"
 
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
index b9210724bf0..63f0760b2d3 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
@@ -1,5 +1,14 @@ 
+
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-21 12:41:33.545124 for version 6.4.9
+# Generated at 2023-08-25 12:42:28.369507 for version 6.4.11"
+
+python check_kernel_cve_status_version() {
+    this_version = "6.4.11"
+    kernel_version = d.getVar("LINUX_VERSION")
+    if kernel_version != this_version:
+        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
+}
+do_cve_check[prefuncs] += "check_kernel_cve_status_version"
 
 CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed after version 2.6.12rc2"

[v2,2/2] linux-yocto: update CVE exclusions files

Commit Message

Patch