From 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7 Mon Sep 17 00:00:00 2001 From: Andrej Valek Date: Thu, 20 Jul 2023 09:19:50 +0200 Subject: cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS - Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version Signed-off-by: Andrej Valek Reviewed-by: Peter Marko Signed-off-by: Alexandre Belloni --- meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb | 4 ++-- meta/recipes-support/libxslt/libxslt_1.1.38.bb | 4 +--- meta/recipes-support/lz4/lz4_1.9.4.bb | 3 +-- meta/recipes-support/sqlite/sqlite3_3.42.0.bb | 6 ------ 4 files changed, 4 insertions(+), 13 deletions(-) (limited to 'meta/recipes-support') diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb index 58f07a116d..524b06ca22 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb @@ -29,8 +29,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" -# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. -CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438" +CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." +CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." BINCONFIG = "${bindir}/libgcrypt-config" diff --git a/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/meta/recipes-support/libxslt/libxslt_1.1.38.bb index bf35a94b7f..ed5b15badd 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.38.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.38.bb @@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e UPSTREAM_CHECK_REGEX = "libxslt-(?P\d+(\.\d+)+)\.tar" -# We have libxml2 2.9.14 and we don't link statically with it anyway -# so this isn't an issue. -CVE_CHECK_IGNORE += "CVE-2022-29824" +CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled." S = "${WORKDIR}/libxslt-${PV}" diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index d2a25fd5b0..51a854d44a 100644 --- a/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -21,8 +21,7 @@ S = "${WORKDIR}/git" inherit ptest -# Fixed in r118, which is larger than the current version. -CVE_CHECK_IGNORE += "CVE-2014-4715" +CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version." EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" diff --git a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb index f60aca63d2..8783f620f4 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb @@ -6,9 +6,3 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz" SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6" -# -19242 is only an issue in specific development branch commits -CVE_CHECK_IGNORE += "CVE-2019-19242" -# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA) -CVE_CHECK_IGNORE += "CVE-2015-3717" -# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f -CVE_CHECK_IGNORE += "CVE-2021-36690" -- cgit 1.2.3-korg