From 71ef3191938da772b07274165dd3a85c2ed011f1 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 16 Feb 2022 20:33:47 +0000 Subject: meta/scripts: Automated conversion of OE renamed variables (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie --- meta/recipes-core/glibc/glibc_2.35.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'meta/recipes-core/glibc') diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index b785b61154..6ea5b1efb5 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -1,20 +1,20 @@ require glibc.inc require glibc-version.inc -CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2021-27645" +CVE_CHECK_IGNORE += "CVE-2020-10029 CVE-2021-27645" # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 # Upstream glibc maintainers dispute there is any issue and have no plans to address it further. # "this is being treated as a non-security bug and no real threat." -CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" +CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 # Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow # easier access for another. "ASLR bypass itself is not a vulnerability." # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 -CVE_CHECK_WHITELIST += "CVE-2019-1010025" +CVE_CHECK_IGNORE += "CVE-2019-1010025" DEPENDS += "gperf-native bison-native make-native" -- cgit v1.2.3-54-g00ecf