diff options
| author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-12 11:21:13 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-13 22:23:49 +0100 |
| commit | 5d921844b4b9cc4c44542c7ad7bbbca652c49ed3 (patch) | |
| tree | 9374f31c250ed05c3e0db5b6b0bd41f606abfdd2 | |
| parent | 7568f6408ae0fe94c0e3d1dcb4f1c5e5cfb29b99 (diff) | |
| download | poky-5d921844b4b9cc4c44542c7ad7bbbca652c49ed3.tar.gz | |
git: Ignore CVE-2022-24975
Everyone I've talked to doesn't see this as a major issue. The CVE
asks for a documentation improvement on the --mirror option to
git clone as deleted content could be leaked into a mirror. For OE's
general users/use cases, we wouldn't build or ship docs so this wouldn't
affect us.
(From OE-Core rev: 5dfe2dd5482c9a446f8e722fe51903d205e6770d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/git/git_2.35.1.bb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git_2.35.1.bb b/meta/recipes-devtools/git/git_2.35.1.bb index 47c2211864..e39142128b 100644 --- a/meta/recipes-devtools/git/git_2.35.1.bb +++ b/meta/recipes-devtools/git/git_2.35.1.bb | |||
| @@ -18,6 +18,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" | |||
| 18 | 18 | ||
| 19 | CVE_PRODUCT = "git-scm:git" | 19 | CVE_PRODUCT = "git-scm:git" |
| 20 | 20 | ||
| 21 | # This is about a manpage not mentioning --mirror may "leak" information | ||
| 22 | # in mirrored git repos. Most OE users wouldn't build the docs and | ||
| 23 | # we don't see this as a major issue for our general users/usecases. | ||
| 24 | CVE_CHECK_IGNORE += "CVE-2022-24975" | ||
| 25 | |||
| 21 | PACKAGECONFIG ??= "expat curl" | 26 | PACKAGECONFIG ??= "expat curl" |
| 22 | PACKAGECONFIG[cvsserver] = "" | 27 | PACKAGECONFIG[cvsserver] = "" |
| 23 | PACKAGECONFIG[svn] = "" | 28 | PACKAGECONFIG[svn] = "" |