After discussion in all parallel threads we proposed following variant which covers both expressed requirements to have very small number of different cve statuses and also very large number of them at the same time. This is a compromise version which maybe is not ideal but deals with conflicting responses we got.
Changes compare to version 6: - added conversion from CVE_CHECK_IGNORE to CVE_STATUS - added comments for all statuses - dropped "not-affected" status - conversion showed that it is not very usefull - added "disputed" status Documentation will be updated in separated repository. meta/classes/cve-check.bbclass | 99 ++++- .../distro/include/cve-extra-exclusions.inc | 371 +++++++++--------- meta/lib/oe/cve_check.py | 25 ++ meta/lib/oeqa/selftest/cases/cve_check.py | 26 +- meta/recipes-bsp/grub/grub2.inc | 6 +- meta/recipes-connectivity/avahi/avahi_0.8.bb | 3 +- .../recipes-connectivity/bind/bind_9.18.15.bb | 2 +- .../bluez5/bluez5_5.66.bb | 4 +- .../openssh/openssh_9.3p1.bb | 9 +- .../openssl/openssl_3.1.1.bb | 3 +- meta/recipes-core/coreutils/coreutils_9.3.bb | 4 +- meta/recipes-core/glibc/glibc_2.37.bb | 17 +- meta/recipes-core/libxml/libxml2_2.10.4.bb | 4 - meta/recipes-core/systemd/systemd_253.3.bb | 3 - meta/recipes-devtools/cmake/cmake.inc | 4 +- meta/recipes-devtools/flex/flex_2.6.4.bb | 6 +- meta/recipes-devtools/gcc/gcc-13.1.inc | 3 +- meta/recipes-devtools/git/git_2.39.3.bb | 7 - meta/recipes-devtools/jquery/jquery_3.6.3.bb | 5 +- meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 +- .../recipes-devtools/python/python3_3.11.3.bb | 13 +- meta/recipes-devtools/qemu/qemu.inc | 13 +- meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 - meta/recipes-devtools/tcltk/tcl_8.6.13.bb | 4 - meta/recipes-extended/cpio/cpio_2.14.bb | 3 +- meta/recipes-extended/cups/cups.inc | 17 +- .../ghostscript/ghostscript_10.01.1.bb | 3 +- .../iputils/iputils_20221126.bb | 5 +- .../libtirpc/libtirpc_1.3.3.bb | 3 +- .../logrotate/logrotate_3.21.0.bb | 5 +- meta/recipes-extended/procps/procps_4.0.3.bb | 4 - meta/recipes-extended/shadow/shadow_4.13.bb | 7 +- meta/recipes-extended/unzip/unzip_6.0.bb | 3 +- .../xinetd/xinetd_2.3.15.4.bb | 2 +- meta/recipes-extended/zip/zip_3.0.bb | 7 +- .../libnotify/libnotify_0.8.2.bb | 2 +- meta/recipes-gnome/librsvg/librsvg_2.56.0.bb | 3 +- meta/recipes-graphics/builder/builder_0.1.bb | 3 +- .../xorg-xserver/xserver-xorg.inc | 19 +- .../linux/cve-exclusion_6.1.inc | 11 +- .../libpng/libpng_1.6.39.bb | 3 +- meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 9 +- .../libgcrypt/libgcrypt_1.10.2.bb | 4 +- .../recipes-support/libxslt/libxslt_1.1.38.bb | 4 +- meta/recipes-support/lz4/lz4_1.9.4.bb | 3 - meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 7 - 46 files changed, 390 insertions(+), 374 deletions(-) -- 2.41.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183224): https://lists.openembedded.org/g/openembedded-core/message/183224 Mute This Topic: https://lists.openembedded.org/mt/99693212/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
