diff options
| author |   Davide Gardenal <davidegarde2000@gmail.com> | 2022-07-18 13:07:06 +0200 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2022-07-21 07:17:15 -0700 |
| commit | bd8f5fa080beba824b5d08c34df53768224857eb (patch) | |
| tree | 6afc271f1a71b22ff1c67c1f10f66f12802faf41 | |
| parent | cd54a3b37d31d2e293235dfee8acc1b99fe2f794 (diff) | |
| download | meta-openembedded-contrib-bd8f5fa080beba824b5d08c34df53768224857eb.tar.gz | |
meta-oe: ignore patched CVEs
Some old CVEs don't have a vulnerable version range in the NVD database,
this causes come mismatch with cve-check. Ignore many CVEs that are
picked up by the class but are patched in our products.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit efa12676dd0676fd0aa63457d7ba360fe8a6fae2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
9 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb index 2fa24b29b3..28a3e1e77a 100644 --- a/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb +++ b/meta-oe/recipes-connectivity/libtorrent/libtorrent_git.bb @@ -11,6 +11,10 @@ SRC_URI = "git://github.com/rakshasa/libtorrent;branch=master;protocol=https \ " SRCREV = "756f70010779927dc0691e1e722ed433d5d295e1" +CVE_CHECK_IGNORE += "\ + CVE-2009-1760 \ +" + PV = "0.13.8" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index e9cb7adb81..df90b629a9 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -18,6 +18,10 @@ SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520 S = "${WORKDIR}/imap-${PV}" +CVE_CHECK_IGNORE += "\ + CVE-2005-0198 \ +" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" PACKAGECONFIG[pam] = ",,libpam" diff --git a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb index ecbfad394d..a59a5c41df 100644 --- a/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb +++ b/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb @@ -21,6 +21,10 @@ SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823" S = "${WORKDIR}/git" +CVE_CHECK_IGNORE += "\ + CVE-2012-5638 \ +" + DEPENDS = "libaio util-linux" inherit setuptools3 useradd diff --git a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb index 7e00f150d3..4b9ae4758f 100644 --- a/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb +++ b/meta-oe/recipes-extended/sblim-sfcb/sblim-sfcb_1.4.9.bb @@ -32,6 +32,10 @@ SRC_URI = "http://downloads.sourceforge.net/sblim/${BP}.tar.bz2 \ SRC_URI[md5sum] = "28021cdabc73690a94f4f9d57254ce30" SRC_URI[sha256sum] = "634a67b2f7ac3b386a79160eb44413d618e33e4e7fc74ae68b0240484af149dd" +CVE_CHECK_IGNORE += "\ + CVE-2012-3381 \ +" + inherit autotools inherit systemd diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index aa597cd8e4..4c51af669c 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -31,6 +31,10 @@ SRC_URI:append:class-nativesdk = "\ SRC_URI[sha256sum] = "6b16bf990df114195be669773a1dae975dbbffada45e1de2849ddeb5851bb9a8" +CVE_CHECK_IGNORE += "\ + CVE-2014-9157 \ +" + PACKAGECONFIG ??= "librsvg" PACKAGECONFIG[librsvg] = "--with-librsvg,--without-librsvg,librsvg" diff --git a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb index 4c17105a99..27dff82df5 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_2.0.33.bb @@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973" +CVE_CHECK_IGNORE += "\ + CVE-2015-8751 \ +" + S = "${WORKDIR}/git" inherit cmake diff --git a/meta-oe/recipes-support/atop/atop_2.4.0.bb b/meta-oe/recipes-support/atop/atop_2.4.0.bb index 35540b3b8f..b1d2abde73 100644 --- a/meta-oe/recipes-support/atop/atop_2.4.0.bb +++ b/meta-oe/recipes-support/atop/atop_2.4.0.bb @@ -24,6 +24,10 @@ SRC_URI = "http://www.atoptool.nl/download/${BP}.tar.gz \ SRC_URI[md5sum] = "1077da884ed94f2bc3c81ac3ab970436" SRC_URI[sha256sum] = "be1c010a77086b7d98376fce96514afcd73c3f20a8d1fe01520899ff69a73d69" +CVE_CHECK_IGNORE += "\ + CVE-2011-3618 \ +" + do_compile() { oe_runmake all } diff --git a/meta-oe/recipes-support/emacs/emacs_27.2.bb b/meta-oe/recipes-support/emacs/emacs_27.2.bb index b78dc5e450..4a7e7aba5c 100644 --- a/meta-oe/recipes-support/emacs/emacs_27.2.bb +++ b/meta-oe/recipes-support/emacs/emacs_27.2.bb @@ -11,6 +11,10 @@ SRC_URI:append:class-target = " file://usemake-docfile-native.patch" SRC_URI[sha256sum] = "b4a7cc4e78e63f378624e0919215b910af5bb2a0afc819fad298272e9f40c1b9" +CVE_CHECK_IGNORE = "\ + CVE-2007-6109 \ +" + PACKAGECONFIG[gnutls] = "--with-gnutls=yes,--with-gnutls=no,gnutls" PACKAGECONFIG[kerberos] = "--with-kerberos=yes,--with-kerberos=no,krb5" PACKAGECONFIG[libgmp] = "--with-libgmp=yes,--with-libgmp=no,gmp" diff --git a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb index 14b1aaf01c..3d8a45786d 100644 --- a/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb +++ b/meta-oe/recipes-support/pidgin/pidgin_2.14.2.bb @@ -15,6 +15,11 @@ SRC_URI = "\ SRC_URI[sha256sum] = "19654ad276b149646371fbdac21bc7620742f2975f7399fed0ffc1a18fbaf603" +CVE_CHECK_IGNORE += "\ + CVE-2010-1624 \ + CVE-2011-3594 \ +" + PACKAGECONFIG ??= "gnutls consoleui avahi dbus idn nss \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtk startup-notification', '', d)} \ " |