summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2022-04-12 11:21:13 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-04-13 22:23:49 +0100
commit5d921844b4b9cc4c44542c7ad7bbbca652c49ed3 (patch)
tree9374f31c250ed05c3e0db5b6b0bd41f606abfdd2
parent7568f6408ae0fe94c0e3d1dcb4f1c5e5cfb29b99 (diff)
downloadpoky-5d921844b4b9cc4c44542c7ad7bbbca652c49ed3.tar.gz
git: Ignore CVE-2022-24975
Everyone I've talked to doesn't see this as a major issue. The CVE asks for a documentation improvement on the --mirror option to git clone as deleted content could be leaked into a mirror. For OE's general users/use cases, we wouldn't build or ship docs so this wouldn't affect us. (From OE-Core rev: 5dfe2dd5482c9a446f8e722fe51903d205e6770d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/git/git_2.35.1.bb5
1 files changed, 5 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git_2.35.1.bb b/meta/recipes-devtools/git/git_2.35.1.bb
index 47c2211864..e39142128b 100644
--- a/meta/recipes-devtools/git/git_2.35.1.bb
+++ b/meta/recipes-devtools/git/git_2.35.1.bb
@@ -18,6 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
18 18
19CVE_PRODUCT = "git-scm:git" 19CVE_PRODUCT = "git-scm:git"
20 20
21# This is about a manpage not mentioning --mirror may "leak" information
22# in mirrored git repos. Most OE users wouldn't build the docs and
23# we don't see this as a major issue for our general users/usecases.
24CVE_CHECK_IGNORE += "CVE-2022-24975"
25
21PACKAGECONFIG ??= "expat curl" 26PACKAGECONFIG ??= "expat curl"
22PACKAGECONFIG[cvsserver] = "" 27PACKAGECONFIG[cvsserver] = ""
23PACKAGECONFIG[svn] = "" 28PACKAGECONFIG[svn] = ""