diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2023-07-20 09:19:50 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-21 11:52:26 +0100 |
commit | c15e506a4674e558922c5a75512ca2b5c296cd44 (patch) | |
tree | a0cc1ebf9daca61304185ed901596e31f4029658 /meta/recipes-connectivity/openssh | |
parent | 7e18a90d35a62cd6894385a9dab549a594d5f11e (diff) | |
download | poky-c15e506a4674e558922c5a75512ca2b5c296cd44.tar.gz |
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
(From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_9.3p1.bb | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb index 42ce814523..3edc123b9a 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb | |||
@@ -28,15 +28,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
28 | " | 28 | " |
29 | SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8" | 29 | SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8" |
30 | 30 | ||
31 | # This CVE is specific to OpenSSH with the pam opie which we don't build/use here | 31 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." |
32 | CVE_CHECK_IGNORE += "CVE-2007-2768" | ||
33 | 32 | ||
34 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 | 33 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 |
35 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded | 34 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded |
36 | CVE_CHECK_IGNORE += "CVE-2014-9278" | 35 | CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ |
36 | Red Hat Enterprise Linux 7 and when running in a Kerberos environment" | ||
37 | 37 | ||
38 | # CVE only applies to some distributed RHEL binaries | 38 | CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." |
39 | CVE_CHECK_IGNORE += "CVE-2008-3844" | ||
40 | 39 | ||
41 | PAM_SRC_URI = "file://sshd" | 40 | PAM_SRC_URI = "file://sshd" |
42 | 41 | ||