diff options
author | Ross Burton <ross.burton@intel.com> | 2019-07-16 13:46:43 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-17 09:36:29 +0100 |
commit | 07bb8b25e172aa5c8ae96b6e8eb4ac901b835219 (patch) | |
tree | cebd070de92d140e51aec89c25950a0fbad01cf4 /meta/classes/cve-check.bbclass | |
parent | 536d54ab46708ef921dbdcb68d1cf644ec639be8 (diff) | |
download | openembedded-core-contrib-07bb8b25e172aa5c8ae96b6e8eb4ac901b835219.tar.gz |
cve-check: remove redundant readline CVE whitelisting
CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the
tooling wasn't able to detect this version. As we now ship readline 8 we don't
need to manually whitelist it, and if we did then the whitelisting should be in
the readline recipe.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r-- | meta/classes/cve-check.bbclass | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index ffd624333f..5979edf3d1 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\ glibc-locale \ " -# Whitelist for CVE and version of package -CVE_CHECK_CVE_WHITELIST = "{\ - 'CVE-2014-2524': ('6.3','5.2',), \ -}" +# Whitelist for CVE and version of package. If a CVE is found then the PV is +# compared with the version list, and if found the CVE is considered +# patched. +# +# The value should be valid Python in this format: +# { +# 'CVE-2014-2524': ('6.3','5.2') +# } +CVE_CHECK_CVE_WHITELIST ?= "{}" python do_cve_check () { """ |