aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2021-05-11 13:44:09 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-05-22 10:00:45 +0100
commite19caff111bcbd70e5e7507388a4aaea2d10f7e0 (patch)
tree743f69ff2efd3ccd308db3e9ca4e97e5cae71209 /meta/recipes-extended
parenta175059e678bf9a5e843d00ac1bbf65b49f97f32 (diff)
downloadopenembedded-core-contrib-e19caff111bcbd70e5e7507388a4aaea2d10f7e0.tar.gz
ghostscript: Exclude CVE-2013-6629 from cve-check
The CVE is in the jpeg sources included with ghostscript. We use our own external jpeg library so this doesn't affect us. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb4
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
index cbf60c8c85..35826c2549 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
@@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native"
UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
+# As of ghostscript 9.54.0 the jpeg issue in the CVE is present in the gs jpeg sources
+# however we use an external jpeg which doesn't have the issue.
+CVE_CHECK_WHITELIST += "CVE-2013-6629"
+
def gs_verdir(v):
return "".join(v.split("."))