From 8e74ed809ec4c1f61264ecf5be4bc319e5e07766 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 8 Sep 2020 17:47:44 +0100 Subject: cmake: whitelist CVE-2016-10642 This CVE is specific to the npm package that can install cmake, so isn't relevant to our cmake recipe. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- meta/recipes-devtools/cmake/cmake.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta/recipes-devtools/cmake') diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc index 1334977225..fa1b818ae4 100644 --- a/meta/recipes-devtools/cmake/cmake.inc +++ b/meta/recipes-devtools/cmake/cmake.inc @@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e" UPSTREAM_CHECK_REGEX = "cmake-(?P\d+(\.\d+)+)\.tar" + +# This is specific to the npm package that installs cmake, so isn't +# relevant to OpenEmbedded +CVE_CHECK_WHITELIST += "CVE-2016-10642" -- cgit 1.2.3-korg