From 3e21211b430151dc62ba1c9ba9cb056da0dbd83e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 16 Apr 2020 02:09:05 -0400 Subject: [PATCH 1/3] test_image_content: whitelist some GLSAs systemd and sudo are already fixed. Git was fixed by updating to 2.23.2, not 2.24.1. Samba is 2 years old and customized, thus difficult to update. file, Python, and gdb are only in the SDK. --- build_library/test_image_content.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/build_library/test_image_content.sh b/build_library/test_image_content.sh index bc94a231c9..1d1f6ae210 100644 --- a/build_library/test_image_content.sh +++ b/build_library/test_image_content.sh @@ -9,6 +9,13 @@ GLSA_WHITELIST=( 201909-01 # Perl, SDK only 201909-08 # backported fix 201911-01 # package too old to even have the affected USE flag + 202003-20 # backported fix + 202003-12 # only applies to old, already-fixed CVEs + 202003-24 # SDK only + 202003-26 # SDK only + 202003-30 # fixed by updating within older minor release + 202003-31 # SDK only + 202003-52 # difficult to update :-( ) glsa_image() { From 832ab266d98cb4740ed19d337473f2a5f645fcab Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 15 May 2020 00:45:07 -0400 Subject: [PATCH 2/3] test_image_content: whitelist some GLSAs Git was fixed by updating to 2.23.3, not 2.26.2. Python and QEMU are only in the SDK. --- build_library/test_image_content.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build_library/test_image_content.sh b/build_library/test_image_content.sh index 1d1f6ae210..65a4eeda25 100644 --- a/build_library/test_image_content.sh +++ b/build_library/test_image_content.sh @@ -16,6 +16,9 @@ GLSA_WHITELIST=( 202003-30 # fixed by updating within older minor release 202003-31 # SDK only 202003-52 # difficult to update :-( + 202004-13 # fixed by updating within older minor release + 202005-02 # SDK only + 202005-09 # SDK only ) glsa_image() { From d86e25ec8dbc9c2c43ba0444d5082ea42f3cb733 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 16 May 2020 21:59:30 -0400 Subject: [PATCH 3/3] test_image_content: whitelist OpenSSL GLSA We updated to 1.0.2u instead of 1.1.1g. --- build_library/test_image_content.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build_library/test_image_content.sh b/build_library/test_image_content.sh index 65a4eeda25..ce5c1be108 100644 --- a/build_library/test_image_content.sh +++ b/build_library/test_image_content.sh @@ -16,6 +16,7 @@ GLSA_WHITELIST=( 202003-30 # fixed by updating within older minor release 202003-31 # SDK only 202003-52 # difficult to update :-( + 202004-10 # fixed by updating within older minor release 202004-13 # fixed by updating within older minor release 202005-02 # SDK only 202005-09 # SDK only