diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-12 23:41:24 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-13 11:34:14 +0100 |
commit | ac9436c81b9c8c6709862ad88ce0f0aea3e571f3 (patch) | |
tree | d609e9641c7dce3d0c396778c05b3d2a7f1a01dd | |
parent | b77802fb058c90639701f97ea19114996da02cc0 (diff) | |
download | poky-ac9436c81b9c8c6709862ad88ce0f0aea3e571f3.tar.gz |
coreutils: Exclude CVE-2016-2781 from cve-check
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.
(From OE-Core rev: 2d273b5aed4a5bd509ec9c68a6f451c17ec17d0c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/coreutils/coreutils_8.32.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils_8.32.bb b/meta/recipes-core/coreutils/coreutils_8.32.bb index c1962ccb90..f3fe31fd3b 100644 --- a/meta/recipes-core/coreutils/coreutils_8.32.bb +++ b/meta/recipes-core/coreutils/coreutils_8.32.bb | |||
@@ -26,6 +26,10 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ | |||
26 | SRC_URI[md5sum] = "022042695b7d5bcf1a93559a9735e668" | 26 | SRC_URI[md5sum] = "022042695b7d5bcf1a93559a9735e668" |
27 | SRC_URI[sha256sum] = "4458d8de7849df44ccab15e16b1548b285224dbba5f08fac070c1c0e0bcc4cfa" | 27 | SRC_URI[sha256sum] = "4458d8de7849df44ccab15e16b1548b285224dbba5f08fac070c1c0e0bcc4cfa" |
28 | 28 | ||
29 | # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 | ||
30 | # runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. | ||
31 | CVE_CHECK_WHITELIST += "CVE-2016-2781" | ||
32 | |||
29 | EXTRA_OECONF_class-native = "--without-gmp" | 33 | EXTRA_OECONF_class-native = "--without-gmp" |
30 | EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" | 34 | EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" |
31 | EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname" | 35 | EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname" |