apache2: ignore irrelevant CVEs

Ignore a number of CVEs for this recipe (because they are for another software, outdated version, or because they affect only non-Linux platforms). This commit is a backport of a number of commits from the master branch (which uses the same version of the recipe): 0e7733f1b8f51949ec91d82267d5d864ac0be16a 1b86a60f6283b08acadc50914075d93dd362700b 59d3949e3ed673bd049aadfd2238213b550f1461 1b86a60f6283b08acadc50914075d93dd362700b da2b5e8b93c248363581b1bd4ff67ff1d8357c41 0e7733f1b8f51949ec91d82267d5d864ac0be16a Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-04 20:05:51 +0200
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-12 13:08:23 +0200
commit: 49c4e29bc94b60511e4a4bfd27d07e4f601fce04 (patch)
tree: a865e800f093f4027f69001b93f0e74835a66b87 /meta-webserver/recipes-httpd
parent: 5e398bfa67be0d05ee0c62416716b1eb57ca5ae9 (diff)
download: meta-openembedded-49c4e29bc94b60511e4a4bfd27d07e4f601fce04.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
index c05304f96a..e6a40e0239 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -37,6 +37,25 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native "
 CVE_PRODUCT = "apache:http_server"
+# not-applicable-platform: The current version is not affected. It only applies for Windows
+CVE_CHECK_IGNORE += "CVE-1999-0289 CVE-2010-0425"
+# not-applicable-platform: this CVE is for Debian packaging configuration
+CVE_CHECK_IGNORE += "CVE-1999-0678"
+# cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9
+CVE_CHECK_IGNORE += "CVE-1999-1237"
+# not-applicable-platform: this CVE is for MAC OS X specific problem
+CVE_CHECK_IGNORE += "CVE-1999-1412"
+# disputed: this CVE is officially disputed by Redhat
+CVE_CHECK_IGNORE += "CVE-2007-0086"
+# not-applicable-platform: The current version is not affected. It only applies for Windows.
+CVE_CHECK_IGNORE += "CVE-2007-0450"
+# cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)
+CVE_CHECK_IGNORE += "CVE-2007-6421 CVE-2007-6422"
+# cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev
+CVE_CHECK_IGNORE += "CVE-2007-6423"
+# cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)
+CVE_CHECK_IGNORE += "CVE-2008-2168"
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-04 20:05:51 +0200
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-12 13:08:23 +0200
commit	49c4e29bc94b60511e4a4bfd27d07e4f601fce04 (patch)
tree	a865e800f093f4027f69001b93f0e74835a66b87 /meta-webserver/recipes-httpd
parent	5e398bfa67be0d05ee0c62416716b1eb57ca5ae9 (diff)
download	meta-openembedded-49c4e29bc94b60511e4a4bfd27d07e4f601fce04.tar.gz

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index c05304f96a..e6a40e0239 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -37,6 +37,25 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native "
37		37
38	CVE_PRODUCT = "apache:http_server"	38	CVE_PRODUCT = "apache:http_server"
39		39
		40	# not-applicable-platform: The current version is not affected. It only applies for Windows
		41	CVE_CHECK_IGNORE += "CVE-1999-0289 CVE-2010-0425"
		42	# not-applicable-platform: this CVE is for Debian packaging configuration
		43	CVE_CHECK_IGNORE += "CVE-1999-0678"
		44	# cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9
		45	CVE_CHECK_IGNORE += "CVE-1999-1237"
		46	# not-applicable-platform: this CVE is for MAC OS X specific problem
		47	CVE_CHECK_IGNORE += "CVE-1999-1412"
		48	# disputed: this CVE is officially disputed by Redhat
		49	CVE_CHECK_IGNORE += "CVE-2007-0086"
		50	# not-applicable-platform: The current version is not affected. It only applies for Windows.
		51	CVE_CHECK_IGNORE += "CVE-2007-0450"
		52	# cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)
		53	CVE_CHECK_IGNORE += "CVE-2007-6421 CVE-2007-6422"
		54	# cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev
		55	CVE_CHECK_IGNORE += "CVE-2007-6423"
		56	# cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)
		57	CVE_CHECK_IGNORE += "CVE-2008-2168"
		58
40	SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"	59	SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
41		60
42	PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"	61	PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"