diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2023-07-20 09:19:50 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-21 11:52:26 +0100 |
commit | c15e506a4674e558922c5a75512ca2b5c296cd44 (patch) | |
tree | a0cc1ebf9daca61304185ed901596e31f4029658 /meta/recipes-graphics | |
parent | 7e18a90d35a62cd6894385a9dab549a594d5f11e (diff) | |
download | poky-c15e506a4674e558922c5a75512ca2b5c296cd44.tar.gz |
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
(From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r-- | meta/recipes-graphics/builder/builder_0.1.bb | 3 | ||||
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 19 |
2 files changed, 10 insertions, 12 deletions
diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb index 39be3bd63f..1700015ded 100644 --- a/meta/recipes-graphics/builder/builder_0.1.bb +++ b/meta/recipes-graphics/builder/builder_0.1.bb | |||
@@ -29,5 +29,4 @@ do_install () { | |||
29 | chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh | 29 | chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh |
30 | } | 30 | } |
31 | 31 | ||
32 | # -4178 is an unrelated 'builder' | 32 | CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder" |
33 | CVE_CHECK_IGNORE = "CVE-2008-4178" | ||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index ecb164ddf7..085fcaf87a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | |||
@@ -20,16 +20,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" | |||
20 | UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" | 20 | UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" |
21 | 21 | ||
22 | CVE_PRODUCT = "xorg-server x_server" | 22 | CVE_PRODUCT = "xorg-server x_server" |
23 | # This is specific to Debian's xserver-wrapper.c | 23 | |
24 | CVE_CHECK_IGNORE += "CVE-2011-4613" | 24 | CVE_STATUS[CVE-2011-4613] = "not-applicable-platform: This is specific to Debian's xserver-wrapper.c" |
25 | # As per upstream, exploiting this flaw is non-trivial and it requires exact | 25 | CVE_STATUS[CVE-2020-25697] = "upstream-wontfix: \ |
26 | # timing on the behalf of the attacker. Many graphical applications exit if their | 26 | As per upstream, exploiting this flaw is non-trivial and it requires exact \ |
27 | # connection to the X server is lost, so a typical desktop session is either | 27 | timing on the behalf of the attacker. Many graphical applications exit if their \ |
28 | # impossible or difficult to exploit. There is currently no upstream patch | 28 | connection to the X server is lost, so a typical desktop session is either \ |
29 | # available for this flaw. | 29 | impossible or difficult to exploit. There is currently no upstream patch \ |
30 | CVE_CHECK_IGNORE += "CVE-2020-25697" | 30 | available for this flaw." |
31 | # This is specific to XQuartz, which is the macOS X server port | 31 | CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port" |
32 | CVE_CHECK_IGNORE += "CVE-2022-3553" | ||
33 | 32 | ||
34 | S = "${WORKDIR}/${XORG_PN}-${PV}" | 33 | S = "${WORKDIR}/${XORG_PN}-${PV}" |
35 | 34 | ||