diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-11 13:44:09 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2021-05-14 07:16:37 -1000 |
commit | 829296767ecfbd443d738367b7146a91506e25f2 (patch) | |
tree | cce7fd939d9dc08b27aaed39253241200419f540 | |
parent | 0f759992b7713e9664a4276a068a65f5e638fe33 (diff) | |
download | openembedded-core-829296767ecfbd443d738367b7146a91506e25f2.tar.gz |
ghostscript: Exclude CVE-2013-6629 from cve-check
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.52.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 65135f5821..32346e6811 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" +# The jpeg issue in the CVE is present in the gs jpeg sources +# however we use an external jpeg which doesn't have the issue. +CVE_CHECK_WHITELIST += "CVE-2013-6629" + def gs_verdir(v): return "".join(v.split(".")) |