summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-11-05 23:38:11 +0200
committerArmin Kuster <akuster808@gmail.com>2019-11-10 13:54:34 -0800
commit16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d (patch)
treeb0f82b49e4d5b6b9bb2f79b4d41af7d68da2815a
parenta10b6e0e8d4e6b5778b5ca4db60e96ea025ea475 (diff)
downloadopenembedded-core-contrib-16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d.tar.gz
openembedded-core-contrib-16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d.tar.bz2
openembedded-core-contrib-16b98e759a33d9f20e5b40aa1cff5b1c27dbee9d.zip
procps: whitelist CVE-2018-1121
This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r--meta/recipes-extended/procps/procps_3.3.15.bb9
1 files changed, 6 insertions, 3 deletions
diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb
index 9756db0e7b..f240e54fd8 100644
--- a/meta/recipes-extended/procps/procps_3.3.15.bb
+++ b/meta/recipes-extended/procps/procps_3.3.15.bb
@@ -4,9 +4,9 @@ the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill
HOMEPAGE = "https://gitlab.com/procps-ng/procps"
SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
- "
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
+ "
DEPENDS = "ncurses"
@@ -64,3 +64,6 @@ python __anonymous() {
d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"