diff options
author | Davide Gardenal <davidegarde2000@gmail.com> | 2022-07-18 13:07:06 +0200 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2022-07-18 09:11:22 -0700 |
commit | efa12676dd0676fd0aa63457d7ba360fe8a6fae2 (patch) | |
tree | ad3dea96d17132931893fc8b9ef0edf212de5a8e /meta-oe | |
parent | 261465eb6e2bd8f83e6841f8e42e1fb1be6d1499 (diff) | |
download | meta-openembedded-efa12676dd0676fd0aa63457d7ba360fe8a6fae2.tar.gz |
meta-oe: ignore patched CVEs
Some old CVEs don't have a vulnerable version range in the NVD database,
this causes come mismatch with cve-check. Ignore many CVEs that are
picked up by the class but are patched in our products.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe')
9 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 2fa24b29b..28a3e1e77 100644 --- a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb | |||
@@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \ | |||
11 | " | 11 | " |
12 | SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" | 12 | SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" |
13 | 13 | ||
14 | CVE_CHECK_IGNORE += "\ | ||
15 | CVE-2009-1760 \ | ||
16 | " | ||
17 | |||
14 | PV = "0.13.8" | 18 | PV = "0.13.8" |
15 | 19 | ||
16 | S = "${WORKDIR}/git" | 20 | S = "${WORKDIR}/git" |
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index e9cb7adb8..df90b629a 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb | |||
@@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520 | |||
18 | 18 | ||
19 | S = "${WORKDIR}/imap-${PV}" | 19 | S = "${WORKDIR}/imap-${PV}" |
20 | 20 | ||
21 | CVE_CHECK_IGNORE += "\ | ||
22 | CVE-2005-0198 \ | ||
23 | " | ||
24 | |||
21 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" | 25 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" |
22 | PACKAGECONFIG[pam] = ",,libpam" | 26 | PACKAGECONFIG[pam] = ",,libpam" |
23 | 27 | ||
diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb index ecbfad394..a59a5c41d 100644 --- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb +++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb | |||
@@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823" | |||
21 | 21 | ||
22 | S = "${WORKDIR}/git" | 22 | S = "${WORKDIR}/git" |
23 | 23 | ||
24 | CVE_CHECK_IGNORE += "\ | ||
25 | CVE-2012-5638 \ | ||
26 | " | ||
27 | |||
24 | DEPENDS = "libaio util-linux" | 28 | DEPENDS = "libaio util-linux" |
25 | 29 | ||
26 | inherit setuptools3 useradd | 30 | inherit setuptools3 useradd |
diff --git a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb index 7e00f150d..4b9ae4758 100644 --- a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb +++ b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb | |||
@@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \ | |||
32 | SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30" | 32 | SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30" |
33 | SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd" | 33 | SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd" |
34 | 34 | ||
35 | CVE_CHECK_IGNORE += "\ | ||
36 | CVE-2012-3381 \ | ||
37 | " | ||
38 | |||
35 | inherit autotools | 39 | inherit autotools |
36 | inherit systemd | 40 | inherit systemd |
37 | 41 | ||
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index aa597cd8e..4c51af669 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb | |||
@@ -31,6 +31,10 @@ SRC_URI:append:class-nativesdk = "\ | |||
31 | 31 | ||
32 | SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8" | 32 | SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8" |
33 | 33 | ||
34 | CVE_CHECK_IGNORE += "\ | ||
35 | CVE-2014-9157 \ | ||
36 | " | ||
37 | |||
34 | PACKAGECONFIG ??= "librsvg" | 38 | PACKAGECONFIG ??= "librsvg" |
35 | PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg" | 39 | PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg" |
36 | 40 | ||
diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 4c17105a9..27dff82df 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb | |||
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" | |||
6 | SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" | 6 | SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" |
7 | SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" | 7 | SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" |
8 | 8 | ||
9 | CVE_CHECK_IGNORE += "\ | ||
10 | CVE-2015-8751 \ | ||
11 | " | ||
12 | |||
9 | S = "${WORKDIR}/git" | 13 | S = "${WORKDIR}/git" |
10 | 14 | ||
11 | inherit cmake | 15 | inherit cmake |
diff --git a/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-oe/recipes-support/atop/atop_2.4.0.bb index 35540b3b8..b1d2abde7 100644 --- a/meta-oe/recipes-support/atop/atop_2.4.0.bb +++ b/meta-oe/recipes-support/atop/atop_2.4.0.bb | |||
@@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \ | |||
24 | SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436" | 24 | SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436" |
25 | SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69" | 25 | SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69" |
26 | 26 | ||
27 | CVE_CHECK_IGNORE += "\ | ||
28 | CVE-2011-3618 \ | ||
29 | " | ||
30 | |||
27 | do_compile() { | 31 | do_compile() { |
28 | oe_runmake all | 32 | oe_runmake all |
29 | } | 33 | } |
diff --git a/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-oe/recipes-support/emacs/emacs_27.2.bb index b78dc5e45..4a7e7aba5 100644 --- a/meta-oe/recipes-support/emacs/emacs_27.2.bb +++ b/meta-oe/recipes-support/emacs/emacs_27.2.bb | |||
@@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch" | |||
11 | 11 | ||
12 | SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9" | 12 | SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9" |
13 | 13 | ||
14 | CVE_CHECK_IGNORE = "\ | ||
15 | CVE-2007-6109 \ | ||
16 | " | ||
17 | |||
14 | PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls" | 18 | PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls" |
15 | PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5" | 19 | PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5" |
16 | PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp" | 20 | PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp" |
diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb index 14b1aaf01..3d8a45786 100644 --- a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb +++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb | |||
@@ -15,6 +15,11 @@ SRC_URI = "\ | |||
15 | 15 | ||
16 | SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603" | 16 | SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603" |
17 | 17 | ||
18 | CVE_CHECK_IGNORE += "\ | ||
19 | CVE-2010-1624 \ | ||
20 | CVE-2011-3594 \ | ||
21 | " | ||
22 | |||
18 | PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ | 23 | PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ |
19 | ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \ | 24 | ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \ |
20 | " | 25 | " |