Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cpe-info reporting and maintenance script #32

Closed
wants to merge 74 commits into from
Closed

cpe-info reporting and maintenance script #32

wants to merge 74 commits into from

Conversation

rc-matthew-l-weber
Copy link
Contributor

No description provided.

@rc-matthew-l-weber
cpe-info: new make target
565465f 
Similar to make legal-info, produce a csv delimited file containing
all selected packages CPE identification.

Have the pkg infra define CPE_ID_* defaults using the package name
for the vendor and name as most CPE IDs seem to align with that
assumption. Also use the pkg version as the CPE ID's version field.

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes
v2
[Thomas P
 - Moved comment on conditionals back to this patchset where
   the conditional is created vs later

v3
[Thomas P
 - Merged infra define CPE_ID_*  into this patch
 - Report all packages vs restricting to just allowing based on if
   the VENDOR was set (v2). This now represents Thomas P's original
   idea to report everything.  At first I felt I should restrict
   the reporting to those CPE IDs we had made sure were correct.
   Turns out we should have actually let the script handle fixing
   the CPEs and just make a complete design of this up front.

[Matt
 - Moved to using the _project on all vendors instead of just name
@rc-matthew-l-weber
cpe-info: id prefix/suffix
54b8996 
There are two types of software cpe prefixes, one for applications and
one for operating systems. Note: There is a third type for hardware.

This patchset determines which should be used and stores that
information with the package for later use when assembling the CPE
report.

There is also a suffix which we just default to wildcards at this
point.

Refs:
   https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
   https://cpe.mitre.org/specification/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Change to using a filter on pkg name value vs ifelse

v3
[Arnout
 - Moved CPE prefix and suffix defines to package/Makefile.in
@rc-matthew-l-weber
cpe-info: only report target pkgs
8923f83 
The reporting of host packages causes some duplication and complicates
what is really in the targets configuration. For the purpose of the
first version of this patchset, its assumed that host packages aren't
relevant for the configuration and we only report the target's
contents.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - select if target vs selecting not host

v3
 - Fixed host build error because cpe-info wasn't defined
@rc-matthew-l-weber
cpe-info: update manual for new pkg vars
7f82e9b 
Provide guidance on setting up the *_CPE_* and *_CVE_* variables.

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes
v2
[Thomas P
 - Reworded LIBFOO_CVE_PATCHED description

[Matt W
 - Added definition for new preset variables to auto-gen the CPE ID
 - Added example LIBFOO_CPE_ID_VENDOR to LIBFOO

v3
 - Updated to make *_CPE_VENDOR optional
 - Changed wording around _CPE_ID as there is only one defined now
@rc-matthew-l-weber
cpe-info: cpeCheck script
7a71b2b 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
bash: add custom CPE_ID_VENDOR
5740730 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
bzip2: add custom CPE_ID_VENDOR
58915a5 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
dhcp: add custom CPE_ID_VENDOR
0e92226 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
gdb: add custom CPE_ID_VENDOR
f9ec7bf 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
glibc: add custom CPE_ID_VENDOR
42f5ad0 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
gzip: add custom CPE_ID_VENDOR
8204ecb 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Matt W
 - Added second CPE ID

v3
 - Removed second ID and updated definitions
@rc-matthew-l-weber
libgcrypt: add custom CPE_ID_VENDOR
20c8a18 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
linux: add custom CPE_ID_VENDOR
025085d 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
linux-headers: add custom CPE_ID_VENDOR
9b110b4 
This package will report with the same CPE as the
linux package.  As such, depending on the toolchain
approach, there will be a duplicate record with the
same information.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
openssh: add custom CPE_ID_VENDOR
1912112 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.

v3
 - removed new line
@rc-matthew-l-weber
xerces: add custom CPE_ID_VENDOR
b9dce49 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Thomas P
 - Updated how the ID is generated.
@rc-matthew-l-weber
expat: add custom CPE_ID_VENDOR
57ee51f 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
ipset: add custom CPE_ID_VENDOR
bc48013 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
audit: add custom CPE_ID_VENDOR
20f82f6 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>

Conflicts:
	package/audit/audit.mk
@rc-matthew-l-weber
grep: add custom CPE_ID_VENDOR
030bd26 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
readline: add custom CPE_ID_VENDOR
e67fcfb 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
tar: add custom CPE_ID_VENDOR
269c60a 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
hostapd: add custom CPE_ID_VENDOR
cec5091 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
iptables: add custom CPE_ID_VENDOR
f12d639 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libfcgi: add custom CPE_ID_VENDOR
01e122a 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libxml2: add custom CPE_ID_VENDOR
3885796 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
linux-pam: add custom CPE_ID_VENDOR
ab9a916 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
lz4: add custom CPE_ID_VENDOR
f79dda9 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
ncurses: add custom CPE_ID_VENDOR
0d4eb27 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
rc-matthew-l-weber and others added 23 commits March 24, 2018 22:14
@rc-matthew-l-weber
libestr: add custom CPE_ID_VENDOR
b5e799a 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libfastjson: add custom CPE_ID_VENDOR
0648bf6 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
liblogging: add custom CPE_ID_VENDOR
a334474 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libnetfilter_conntrack: add custom CPE_ID_VENDOR
cc40a33 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libnetfilter_cthelper: add custom CPE_ID_VENDOR
eb4d330 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libnetfilter_cttimeout: add custom CPE_ID_VENDOR
26cdef5 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libnetfilter_queue: add custom CPE_ID_VENDOR
c7d5879 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libpcap: add custom CPE_ID_VENDOR
03ced72 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libqmi: add custom CPE_ID_VENDOR
f6ac294 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libselinux: add custom CPE_ID_VENDOR
cb1b4d2 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libsemanage: add custom CPE_ID_VENDOR
eba304e 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libsepol: add custom CPE_ID_VENDOR
6515136 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
linux-firmware: add custom CPE_ID_VENDOR
6009bb7 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
refpolicy: add custom CPE_ID_VENDOR
48fcd0c 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
setools: add custom CPE_ID_VENDOR
1bddaae 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
wireless-regdb: add custom CPE_ID_VENDOR
9ffb911 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@clshotwe @rc-matthew-l-weber
mpfr: add custom CPE_ID_VENDOR
e975828 
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
@clshotwe @rc-matthew-l-weber
vim: add custom CPE_ID_VENDOR
767d670 
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
@rc-matthew-l-weber
gnupg: add custom CPE_ID_VENDOR
4ff40d2 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
lighttpd: add custom CPE_ID_VENDOR
160bf89 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
rsyslog: add custom CPE_ID_VENDOR
86bef6f 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
strongswan: add custom CPE_ID_VENDOR
0eb6574 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
libopenssl: add custom CPE_ID_VENDOR
34eaf31 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@rc-matthew-l-weber
cvescript fixups
de28d67 
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
@tpetazzoni tpetazzoni closed this Mar 31, 2018
@matthew-l-weber
Copy link

Oops, shouldn't have been associated as a pull.

ebertland pushed a commit to ebertland/buildroot that referenced this pull request Jun 8, 2019
@chris-cerebras @ebertland
create README-cb (buildroot#32)
23ff23a 
This change adds a README that describes basic
procedures for using and maintaining buildroot.

testing: none
issue: buildroot#20
lubosz pushed a commit to lubosz/buildroot that referenced this pull request Jun 14, 2020
@glebm @lubosz
Update ncurses 5.9 -> 6.1 (buildroot#32)
20a6eca 
* Update ncurses from upstream

* ncurses: Update for old buildroot compatibility

* ncurses: Add st-256color terminfo

Used by the ST-SDL application
lubosz pushed a commit to lubosz/buildroot that referenced this pull request Jun 14, 2020
@soarqin @lubosz
Fix build broken from buildroot#32
a8ea02e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@rc-matthew-l-weber @matthew-l-weber @tpetazzoni @clshotwe