diff options
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/cmake/cmake.inc | 4 | ||||
-rw-r--r-- | meta/recipes-devtools/flex/flex_2.6.4.bb | 6 | ||||
-rw-r--r-- | meta/recipes-devtools/gcc/gcc-13.1.inc | 3 | ||||
-rw-r--r-- | meta/recipes-devtools/git/git_2.39.3.bb | 7 | ||||
-rw-r--r-- | meta/recipes-devtools/jquery/jquery_3.6.3.bb | 5 | ||||
-rw-r--r-- | meta/recipes-devtools/ninja/ninja_1.11.1.bb | 3 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3_3.11.4.bb | 16 | ||||
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 13 | ||||
-rw-r--r-- | meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 | ||||
-rw-r--r-- | meta/recipes-devtools/tcltk/tcl_8.6.13.bb | 4 |
10 files changed, 18 insertions, 46 deletions
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc index 7788a5c45a..f57a77c7bb 100644 --- a/meta/recipes-devtools/cmake/cmake.inc +++ b/meta/recipes-devtools/cmake/cmake.inc | |||
@@ -23,6 +23,4 @@ SRC_URI[sha256sum] = "313b6880c291bd4fe31c0aa51d6e62659282a521e695f30d5cc0d25abb | |||
23 | 23 | ||
24 | UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" | 24 | UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" |
25 | 25 | ||
26 | # This is specific to the npm package that installs cmake, so isn't | 26 | CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded" |
27 | # relevant to OpenEmbedded | ||
28 | CVE_CHECK_IGNORE += "CVE-2016-10642" | ||
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb index 15cf6f5cca..1ac88d65ef 100644 --- a/meta/recipes-devtools/flex/flex_2.6.4.bb +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb | |||
@@ -26,10 +26,10 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4 | |||
26 | 26 | ||
27 | GITHUB_BASE_URI = "https://github.com/westes/flex/releases" | 27 | GITHUB_BASE_URI = "https://github.com/westes/flex/releases" |
28 | 28 | ||
29 | # Disputed - yes there is stack exhaustion but no bug and it is building the | ||
30 | # parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address | ||
31 | # https://github.com/westes/flex/issues/414 | 29 | # https://github.com/westes/flex/issues/414 |
32 | CVE_CHECK_IGNORE += "CVE-2019-6293" | 30 | CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ |
31 | there is stack exhaustion but no bug and it is building the \ | ||
32 | parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this." | ||
33 | 33 | ||
34 | inherit autotools gettext texinfo ptest github-releases | 34 | inherit autotools gettext texinfo ptest github-releases |
35 | 35 | ||
diff --git a/meta/recipes-devtools/gcc/gcc-13.1.inc b/meta/recipes-devtools/gcc/gcc-13.1.inc index 4da703db52..e94753eed0 100644 --- a/meta/recipes-devtools/gcc/gcc-13.1.inc +++ b/meta/recipes-devtools/gcc/gcc-13.1.inc | |||
@@ -111,5 +111,4 @@ EXTRA_OECONF_PATHS = "\ | |||
111 | --with-build-sysroot=${STAGING_DIR_TARGET} \ | 111 | --with-build-sysroot=${STAGING_DIR_TARGET} \ |
112 | " | 112 | " |
113 | 113 | ||
114 | # Is a binutils 2.26 issue, not gcc | 114 | CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc" |
115 | CVE_CHECK_IGNORE += "CVE-2021-37322" | ||
diff --git a/meta/recipes-devtools/git/git_2.39.3.bb b/meta/recipes-devtools/git/git_2.39.3.bb index 54a863acd2..3393550c85 100644 --- a/meta/recipes-devtools/git/git_2.39.3.bb +++ b/meta/recipes-devtools/git/git_2.39.3.bb | |||
@@ -27,13 +27,6 @@ LIC_FILES_CHKSUM = "\ | |||
27 | 27 | ||
28 | CVE_PRODUCT = "git-scm:git" | 28 | CVE_PRODUCT = "git-scm:git" |
29 | 29 | ||
30 | # This is about a manpage not mentioning --mirror may "leak" information | ||
31 | # in mirrored git repos. Most OE users wouldn't build the docs and | ||
32 | # we don't see this as a major issue for our general users/usecases. | ||
33 | CVE_CHECK_IGNORE += "CVE-2022-24975" | ||
34 | # This is specific to Git-for-Windows | ||
35 | CVE_CHECK_IGNORE += "CVE-2022-41953" | ||
36 | |||
37 | PACKAGECONFIG ??= "expat curl" | 30 | PACKAGECONFIG ??= "expat curl" |
38 | PACKAGECONFIG[cvsserver] = "" | 31 | PACKAGECONFIG[cvsserver] = "" |
39 | PACKAGECONFIG[svn] = "" | 32 | PACKAGECONFIG[svn] = "" |
diff --git a/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/meta/recipes-devtools/jquery/jquery_3.6.3.bb index 93f87f730d..db4745ad7a 100644 --- a/meta/recipes-devtools/jquery/jquery_3.6.3.bb +++ b/meta/recipes-devtools/jquery/jquery_3.6.3.bb | |||
@@ -20,9 +20,8 @@ SRC_URI[map.sha256sum] = "156b740931ade6c1a98d99713eeb186f93847ffc56057e973becab | |||
20 | UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" | 20 | UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" |
21 | 21 | ||
22 | # https://github.com/jquery/jquery/issues/3927 | 22 | # https://github.com/jquery/jquery/issues/3927 |
23 | # There are ways jquery can expose security issues but any issues are in the apps exposing them | 23 | CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \ |
24 | # and there is little we can directly do | 24 | are in the apps exposing them and there is little we can directly do." |
25 | CVE_CHECK_IGNORE += "CVE-2007-2379" | ||
26 | 25 | ||
27 | inherit allarch | 26 | inherit allarch |
28 | 27 | ||
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb index 83d2f01263..8e297ec4d4 100644 --- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb +++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb | |||
@@ -30,5 +30,4 @@ do_install() { | |||
30 | 30 | ||
31 | BBCLASSEXTEND = "native nativesdk" | 31 | BBCLASSEXTEND = "native nativesdk" |
32 | 32 | ||
33 | # This is a different Ninja | 33 | CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja" |
34 | CVE_CHECK_IGNORE += "CVE-2021-4336" | ||
diff --git a/meta/recipes-devtools/python/python3_3.11.4.bb b/meta/recipes-devtools/python/python3_3.11.4.bb index 7a277facf7..b3534ad678 100644 --- a/meta/recipes-devtools/python/python3_3.11.4.bb +++ b/meta/recipes-devtools/python/python3_3.11.4.bb | |||
@@ -47,17 +47,13 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/" | |||
47 | 47 | ||
48 | CVE_PRODUCT = "python" | 48 | CVE_PRODUCT = "python" |
49 | 49 | ||
50 | # Upstream consider this expected behaviour | 50 | CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour" |
51 | CVE_CHECK_IGNORE += "CVE-2007-4559" | 51 | CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed" |
52 | # This is not exploitable when glibc has CVE-2016-10739 fixed. | 52 | CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows" |
53 | CVE_CHECK_IGNORE += "CVE-2019-18348" | 53 | CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows" |
54 | # These are specific to Microsoft Windows | ||
55 | CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488" | ||
56 | # The mailcap module is insecure by design, so this can't be fixed in a meaningful way. | ||
57 | # The module will be removed in the future and flaws documented. | 54 | # The module will be removed in the future and flaws documented. |
58 | CVE_CHECK_IGNORE += "CVE-2015-20107" | 55 | CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way" |
59 | # Not an issue, in fact expected behaviour | 56 | # CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour" |
60 | CVE_CHECK_IGNORE += "CVE-2023-36632" | ||
61 | 57 | ||
62 | PYTHON_MAJMIN = "3.11" | 58 | PYTHON_MAJMIN = "3.11" |
63 | 59 | ||
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 16581db69d..64bade86aa 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -38,21 +38,16 @@ SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a | |||
38 | SRC_URI:append:class-target = " file://cross.patch" | 38 | SRC_URI:append:class-target = " file://cross.patch" |
39 | SRC_URI:append:class-nativesdk = " file://cross.patch" | 39 | SRC_URI:append:class-nativesdk = " file://cross.patch" |
40 | 40 | ||
41 | # Applies against virglrender < 0.6.0 and not qemu itself | 41 | CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself" |
42 | CVE_CHECK_IGNORE += "CVE-2017-5957" | ||
43 | 42 | ||
44 | # The VNC server can expose host files uder some circumstances. We don't | 43 | CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." |
45 | # enable it by default. | ||
46 | CVE_CHECK_IGNORE += "CVE-2007-0998" | ||
47 | 44 | ||
48 | # 'The issues identified by this CVE were determined to not constitute a vulnerability.' | ||
49 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 | 45 | # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 |
50 | CVE_CHECK_IGNORE += "CVE-2018-18438" | 46 | CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability." |
51 | 47 | ||
52 | # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 | 48 | # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 |
53 | # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 | 49 | # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 |
54 | # this bug related to windows specific. | 50 | CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows" |
55 | CVE_CHECK_IGNORE += "CVE-2023-0664" | ||
56 | 51 | ||
57 | COMPATIBLE_HOST:mipsarchn32 = "null" | 52 | COMPATIBLE_HOST:mipsarchn32 = "null" |
58 | COMPATIBLE_HOST:mipsarchn64 = "null" | 53 | COMPATIBLE_HOST:mipsarchn64 = "null" |
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 19574bcb1c..130581a785 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb | |||
@@ -18,9 +18,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ | |||
18 | " | 18 | " |
19 | SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" | 19 | SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" |
20 | 20 | ||
21 | # -16548 required for v3.1.3pre1. Already in v3.1.3. | ||
22 | CVE_CHECK_IGNORE += " CVE-2017-16548 " | ||
23 | |||
24 | inherit autotools-brokensep | 21 | inherit autotools-brokensep |
25 | 22 | ||
26 | PACKAGECONFIG ??= "acl attr \ | 23 | PACKAGECONFIG ??= "acl attr \ |
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb index 982f370edb..91fc81352e 100644 --- a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb +++ b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb | |||
@@ -29,10 +29,6 @@ SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f | |||
29 | 29 | ||
30 | SRC_URI:class-native = "${BASE_SRC_URI}" | 30 | SRC_URI:class-native = "${BASE_SRC_URI}" |
31 | 31 | ||
32 | # Upstream don't believe this is an exploitable issue | ||
33 | # https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7 | ||
34 | CVE_CHECK_IGNORE += "CVE-2021-35331" | ||
35 | |||
36 | UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html" | 32 | UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html" |
37 | UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src" | 33 | UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src" |
38 | 34 | ||