cve-check: remove redundant readline CVE whitelisting

CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the tooling wasn't able to detect this version. As we now ship readline 8 we don't need to manually whitelist it, and if we did then the whitelisting should be in the readline recipe. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-07-16 13:46:43 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-17 09:36:29 +0100
commit: 07bb8b25e172aa5c8ae96b6e8eb4ac901b835219 (patch)
tree: cebd070de92d140e51aec89c25950a0fbad01cf4
parent: 536d54ab46708ef921dbdcb68d1cf644ec639be8 (diff)
download: openembedded-core-contrib-07bb8b25e172aa5c8ae96b6e8eb4ac901b835219.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ffd624333f..5979edf3d1 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\
     glibc-locale \
 "
 
-# Whitelist for CVE and version of package
-CVE_CHECK_CVE_WHITELIST = "{\
-    'CVE-2014-2524': ('6.3','5.2',), \
-}"
+# Whitelist for CVE and version of package. If a CVE is found then the PV is
+# compared with the version list, and if found the CVE is considered
+# patched.
+#
+# The value should be valid Python in this format:
+# {
+#   'CVE-2014-2524': ('6.3','5.2')
+# }
+CVE_CHECK_CVE_WHITELIST ?= "{}"
 
 python do_cve_check () {
     """
author	Ross Burton <ross.burton@intel.com>	2019-07-16 13:46:43 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-17 09:36:29 +0100
commit	07bb8b25e172aa5c8ae96b6e8eb4ac901b835219 (patch)
tree	cebd070de92d140e51aec89c25950a0fbad01cf4
parent	536d54ab46708ef921dbdcb68d1cf644ec639be8 (diff)
download	openembedded-core-contrib-07bb8b25e172aa5c8ae96b6e8eb4ac901b835219.tar.gz