diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2023-07-26 11:50:09 +0200 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2023-07-27 08:54:40 -0700 |
commit | 8af2f17a6fa8bf282c4c27054adbea1bf0873069 (patch) | |
tree | 22b6484379a0f3d3e2b89f958dda0fd45f2a1880 /meta-networking/recipes-connectivity | |
parent | 4c201ede939610946847ccd4221320ed776224aa (diff) | |
download | meta-openembedded-8af2f17a6fa8bf282c4c27054adbea1bf0873069.tar.gz |
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-connectivity')
5 files changed, 8 insertions, 25 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb index 9a2bbab39f..35733c5307 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb @@ -43,10 +43,8 @@ SRCREV = "d956f683d37ea40e7977cc5907361f3e6988a439" UPSTREAM_CHECK_GITTAGREGEX = "release_(?P<pver>\d+(\_\d+)+)" -CVE_CHECK_IGNORE = "\ - CVE-2002-0318 \ - CVE-2011-4966 \ -" +CVE_CHECK_STATUS[CVE-2002-0318] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_CHECK_STATUS[CVE-2011-4966] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." PARALLEL_MAKE = "" diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb index ce094d5afb..fff320afd8 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.3.bb @@ -57,10 +57,8 @@ BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "mbed_tls" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 -CVE_CHECK_IGNORE += "CVE-2021-43666" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c -CVE_CHECK_IGNORE += "CVE-2021-45451" +CVE_STATUS[CVE-2021-43666] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310" +CVE_STATUS[CVE-2021-43666] = "backported-patch: Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c" # Strip host paths from autogenerated test files do_compile:append() { diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb index b8c9662de7..10fb7de8ca 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb @@ -58,11 +58,6 @@ BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "mbed_tls" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 -CVE_CHECK_IGNORE += "CVE-2021-43666" -# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c -CVE_CHECK_IGNORE += "CVE-2021-45451" - # Strip host paths from autogenerated test files do_compile:append() { sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : diff --git a/meta-networking/recipes-connectivity/openthread/wpantund_git.bb b/meta-networking/recipes-connectivity/openthread/wpantund_git.bb index a7fcc202a4..ebb3fc3c1c 100644 --- a/meta-networking/recipes-connectivity/openthread/wpantund_git.bb +++ b/meta-networking/recipes-connectivity/openthread/wpantund_git.bb @@ -22,11 +22,8 @@ S = "${WORKDIR}/git" inherit pkgconfig perlnative autotools -# CVE-2020-8916 has been fixed in commit -# 3f108441e23e033b936e85be5b6877dd0a1fbf1c which is included in the SRCREV -# CVE-2021-33889 has been fixed in commit -# a8f3f761f6753b567d1e5ad22cbe6b0ceb6f2649 which is included in the SRCREV # There has not been a wpantund release as of yet that includes these fixes. # That means cve-check can not match them. Once a new release comes we can -# remove the ignore statement. -CVE_CHECK_IGNORE = "CVE-2020-8916 CVE-2021-33889" +# remove the statement. +CVE_STATUS[CVE-2020-8916] = "backported-patch: fixed via 3f108441e23e033b936e85be5b6877dd0a1fbf1c" +CVE_STATUS[CVE-2021-33889] = "backported-patch: fixed via 3f108441e23e033b936e85be5b6877dd0a1fbf1c" diff --git a/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb b/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb index 66089edad5..3386b93b5e 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.18.4.bb @@ -38,12 +38,7 @@ UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.18(\.\d+)+).tar.gz" inherit systemd waf-samba cpan-base perlnative update-rc.d perl-version pkgconfig -# CVE-2011-2411 is valnerble only on HP NonStop Servers. -CVE_CHECK_IGNORE += "CVE-2011-2411" -# Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5. -CVE_CHECK_IGNORE += "CVE-2018-1050" -# Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16. -CVE_CHECK_IGNORE += "CVE-2018-1057" +CVE_STATUS[CVE-2011-2411] = "not-applicable-platform: vulnerable only on HP NonStop Servers" # remove default added RDEPENDS on perl RDEPENDS:${PN}:remove = "perl" |