summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/cmake/cmake.inc4
-rw-r--r--meta/recipes-devtools/flex/flex_2.6.4.bb6
-rw-r--r--meta/recipes-devtools/gcc/gcc-13.1.inc3
-rw-r--r--meta/recipes-devtools/git/git_2.39.3.bb7
-rw-r--r--meta/recipes-devtools/jquery/jquery_3.6.3.bb5
-rw-r--r--meta/recipes-devtools/ninja/ninja_1.11.1.bb3
-rw-r--r--meta/recipes-devtools/python/python3_3.11.4.bb16
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc13
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.2.7.bb3
-rw-r--r--meta/recipes-devtools/tcltk/tcl_8.6.13.bb4
10 files changed, 18 insertions, 46 deletions
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 7788a5c45a..f57a77c7bb 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -23,6 +23,4 @@ SRC_URI[sha256sum] = "313b6880c291bd4fe31c0aa51d6e62659282a521e695f30d5cc0d25abb
23 23
24UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" 24UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
25 25
26# This is specific to the npm package that installs cmake, so isn't 26CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded"
27# relevant to OpenEmbedded
28CVE_CHECK_IGNORE += "CVE-2016-10642"
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb
index 15cf6f5cca..1ac88d65ef 100644
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,10 +26,10 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
26 26
27GITHUB_BASE_URI = "https://github.com/westes/flex/releases" 27GITHUB_BASE_URI = "https://github.com/westes/flex/releases"
28 28
29# Disputed - yes there is stack exhaustion but no bug and it is building the
30# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
31# https://github.com/westes/flex/issues/414 29# https://github.com/westes/flex/issues/414
32CVE_CHECK_IGNORE += "CVE-2019-6293" 30CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \
31there is stack exhaustion but no bug and it is building the \
32parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this."
33 33
34inherit autotools gettext texinfo ptest github-releases 34inherit autotools gettext texinfo ptest github-releases
35 35
diff --git a/meta/recipes-devtools/gcc/gcc-13.1.inc b/meta/recipes-devtools/gcc/gcc-13.1.inc
index 4da703db52..e94753eed0 100644
--- a/meta/recipes-devtools/gcc/gcc-13.1.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.1.inc
@@ -111,5 +111,4 @@ EXTRA_OECONF_PATHS = "\
111 --with-build-sysroot=${STAGING_DIR_TARGET} \ 111 --with-build-sysroot=${STAGING_DIR_TARGET} \
112" 112"
113 113
114# Is a binutils 2.26 issue, not gcc 114CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
115CVE_CHECK_IGNORE += "CVE-2021-37322"
diff --git a/meta/recipes-devtools/git/git_2.39.3.bb b/meta/recipes-devtools/git/git_2.39.3.bb
index 54a863acd2..3393550c85 100644
--- a/meta/recipes-devtools/git/git_2.39.3.bb
+++ b/meta/recipes-devtools/git/git_2.39.3.bb
@@ -27,13 +27,6 @@ LIC_FILES_CHKSUM = "\
27 27
28CVE_PRODUCT = "git-scm:git" 28CVE_PRODUCT = "git-scm:git"
29 29
30# This is about a manpage not mentioning --mirror may "leak" information
31# in mirrored git repos. Most OE users wouldn't build the docs and
32# we don't see this as a major issue for our general users/usecases.
33CVE_CHECK_IGNORE += "CVE-2022-24975"
34# This is specific to Git-for-Windows
35CVE_CHECK_IGNORE += "CVE-2022-41953"
36
37PACKAGECONFIG ??= "expat curl" 30PACKAGECONFIG ??= "expat curl"
38PACKAGECONFIG[cvsserver] = "" 31PACKAGECONFIG[cvsserver] = ""
39PACKAGECONFIG[svn] = "" 32PACKAGECONFIG[svn] = ""
diff --git a/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/meta/recipes-devtools/jquery/jquery_3.6.3.bb
index 93f87f730d..db4745ad7a 100644
--- a/meta/recipes-devtools/jquery/jquery_3.6.3.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.6.3.bb
@@ -20,9 +20,8 @@ SRC_URI[map.sha256sum] = "156b740931ade6c1a98d99713eeb186f93847ffc56057e973becab
20UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" 20UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
21 21
22# https://github.com/jquery/jquery/issues/3927 22# https://github.com/jquery/jquery/issues/3927
23# There are ways jquery can expose security issues but any issues are in the apps exposing them 23CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \
24# and there is little we can directly do 24are in the apps exposing them and there is little we can directly do."
25CVE_CHECK_IGNORE += "CVE-2007-2379"
26 25
27inherit allarch 26inherit allarch
28 27
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 83d2f01263..8e297ec4d4 100644
--- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -30,5 +30,4 @@ do_install() {
30 30
31BBCLASSEXTEND = "native nativesdk" 31BBCLASSEXTEND = "native nativesdk"
32 32
33# This is a different Ninja 33CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja"
34CVE_CHECK_IGNORE += "CVE-2021-4336"
diff --git a/meta/recipes-devtools/python/python3_3.11.4.bb b/meta/recipes-devtools/python/python3_3.11.4.bb
index 7a277facf7..b3534ad678 100644
--- a/meta/recipes-devtools/python/python3_3.11.4.bb
+++ b/meta/recipes-devtools/python/python3_3.11.4.bb
@@ -47,17 +47,13 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
47 47
48CVE_PRODUCT = "python" 48CVE_PRODUCT = "python"
49 49
50# Upstream consider this expected behaviour 50CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
51CVE_CHECK_IGNORE += "CVE-2007-4559" 51CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
52# This is not exploitable when glibc has CVE-2016-10739 fixed. 52CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
53CVE_CHECK_IGNORE += "CVE-2019-18348" 53CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows"
54# These are specific to Microsoft Windows
55CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
56# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
57# The module will be removed in the future and flaws documented. 54# The module will be removed in the future and flaws documented.
58CVE_CHECK_IGNORE += "CVE-2015-20107" 55CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way"
59# Not an issue, in fact expected behaviour 56# CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour"
60CVE_CHECK_IGNORE += "CVE-2023-36632"
61 57
62PYTHON_MAJMIN = "3.11" 58PYTHON_MAJMIN = "3.11"
63 59
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 16581db69d..64bade86aa 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -38,21 +38,16 @@ SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a
38SRC_URI:append:class-target = " file://cross.patch" 38SRC_URI:append:class-target = " file://cross.patch"
39SRC_URI:append:class-nativesdk = " file://cross.patch" 39SRC_URI:append:class-nativesdk = " file://cross.patch"
40 40
41# Applies against virglrender < 0.6.0 and not qemu itself 41CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself"
42CVE_CHECK_IGNORE += "CVE-2017-5957"
43 42
44# The VNC server can expose host files uder some circumstances. We don't 43CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
45# enable it by default.
46CVE_CHECK_IGNORE += "CVE-2007-0998"
47 44
48# 'The issues identified by this CVE were determined to not constitute a vulnerability.'
49# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 45# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
50CVE_CHECK_IGNORE += "CVE-2018-18438" 46CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
51 47
52# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 48# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
53# https://bugzilla.redhat.com/show_bug.cgi?id=2167423 49# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
54# this bug related to windows specific. 50CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
55CVE_CHECK_IGNORE += "CVE-2023-0664"
56 51
57COMPATIBLE_HOST:mipsarchn32 = "null" 52COMPATIBLE_HOST:mipsarchn32 = "null"
58COMPATIBLE_HOST:mipsarchn64 = "null" 53COMPATIBLE_HOST:mipsarchn64 = "null"
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 19574bcb1c..130581a785 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,9 +18,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
18 " 18 "
19SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" 19SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
20 20
21# -16548 required for v3.1.3pre1. Already in v3.1.3.
22CVE_CHECK_IGNORE += " CVE-2017-16548 "
23
24inherit autotools-brokensep 21inherit autotools-brokensep
25 22
26PACKAGECONFIG ??= "acl attr \ 23PACKAGECONFIG ??= "acl attr \
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
index 982f370edb..91fc81352e 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
@@ -29,10 +29,6 @@ SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f
29 29
30SRC_URI:class-native = "${BASE_SRC_URI}" 30SRC_URI:class-native = "${BASE_SRC_URI}"
31 31
32# Upstream don't believe this is an exploitable issue
33# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
34CVE_CHECK_IGNORE += "CVE-2021-35331"
35
36UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html" 32UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html"
37UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src" 33UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"
38 34
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-20 06:13:40 +0000