aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb')
-rw-r--r--meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb12
1 files changed, 11 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 2cd00cb578..838046146f 100644
--- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -5,7 +5,13 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
-SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
+ file://CVE-2022-4904.patch \
+ file://CVE-2023-31130.patch \
+ file://CVE-2023-32067.patch \
+ file://CVE-2023-31147.patch \
+ file://CVE-2024-25629.patch \
+ "
SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
@@ -19,3 +25,7 @@ PACKAGES =+ "${PN}-utils"
FILES:${PN}-utils = "${bindir}"
BBCLASSEXTEND = "native nativesdk"
+
+# this vulneribility applies only when cross-compiling using autotools
+# yocto cross-compiles via cmake which is also listed as official workaround
+CVE_CHECK_IGNORE += "CVE-2023-31124"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-01 03:22:54 +0000