aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsaloni <saloni.jain@kpit.com>2021-02-05 21:07:12 +0530
committerSteve Sakoman <steve@sakoman.com>2021-02-11 04:27:21 -1000
commit2ebd235bc86032e388fb7e565834f3200e09d081 (patch)
tree78fa934f70700ad3f9c4ff45aad202e06558eb7a
parentdfa4b0e6cabb870a33627ff5a0b5f413f6edb1e2 (diff)
downloadopenembedded-core-contrib-2ebd235bc86032e388fb7e565834f3200e09d081.tar.gz
openembedded-core-contrib-2ebd235bc86032e388fb7e565834f3200e09d081.tar.bz2
openembedded-core-contrib-2ebd235bc86032e388fb7e565834f3200e09d081.zip
libgcrypt: Whitelisted CVEs
Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288) Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 4e0eb0a1697..9fd3b7c8c96 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -29,6 +29,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
+# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
BINCONFIG = "${bindir}/libgcrypt-config"
inherit autotools texinfo binconfig-disabled pkgconfig