diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2023-07-20 09:19:50 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-21 11:47:45 +0100 |
commit | 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7 (patch) | |
tree | bc385bd5f0997ff793f29f280af7e16be79a3f78 /meta/recipes-support | |
parent | 176c814f8a103a338da3955e69745f81bc9b70a1 (diff) | |
download | openembedded-core-1634ed4048cf56788cd5c2c1bdc979b70afcdcd7.tar.gz |
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Reviewed-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb | 4 | ||||
-rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.38.bb | 4 | ||||
-rw-r--r-- | meta/recipes-support/lz4/lz4_1.9.4.bb | 3 | ||||
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.42.0.bb | 6 |
4 files changed, 4 insertions, 13 deletions
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb index 58f07a116d..524b06ca22 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb @@ -29,8 +29,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" -# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. -CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438" +CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." +CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." BINCONFIG = "${bindir}/libgcrypt-config" diff --git a/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/meta/recipes-support/libxslt/libxslt_1.1.38.bb index bf35a94b7f..ed5b15badd 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.38.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.38.bb @@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" -# We have libxml2 2.9.14 and we don't link statically with it anyway -# so this isn't an issue. -CVE_CHECK_IGNORE += "CVE-2022-29824" +CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled." S = "${WORKDIR}/libxslt-${PV}" diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index d2a25fd5b0..51a854d44a 100644 --- a/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -21,8 +21,7 @@ S = "${WORKDIR}/git" inherit ptest -# Fixed in r118, which is larger than the current version. -CVE_CHECK_IGNORE += "CVE-2014-4715" +CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version." EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" diff --git a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb index f60aca63d2..8783f620f4 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb @@ -6,9 +6,3 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz" SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6" -# -19242 is only an issue in specific development branch commits -CVE_CHECK_IGNORE += "CVE-2019-19242" -# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA) -CVE_CHECK_IGNORE += "CVE-2015-3717" -# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f -CVE_CHECK_IGNORE += "CVE-2021-36690" |