* [PATCH] openssh: Exclude CVE-2007-2768 from cve-check
@ 2021-05-10 15:56 Richard Purdie
2021-05-11 13:07 ` [OE-core] " Armin Kuster
0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2021-05-10 15:56 UTC (permalink / raw)
To: openembedded-core
We don't build/use the OPIE PAM module, exclude the CVE from this recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-connectivity/openssh/openssh_8.6p1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
index be56fe43b9e..57ad5e841ca 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
@@ -27,6 +27,9 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
"
SRC_URI[sha256sum] = "c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae"
+# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
+CVE_CHECK_WHITELIST += "CVE-2007-2768"
+
# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
CVE_CHECK_WHITELIST += "CVE-2014-9278"
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] openssh: Exclude CVE-2007-2768 from cve-check
2021-05-10 15:56 [PATCH] openssh: Exclude CVE-2007-2768 from cve-check Richard Purdie
@ 2021-05-11 13:07 ` Armin Kuster
0 siblings, 0 replies; 2+ messages in thread
From: Armin Kuster @ 2021-05-11 13:07 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
On 5/10/21 8:56 AM, Richard Purdie wrote:
> We don't build/use the OPIE PAM module, exclude the CVE from this recipe.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
> meta/recipes-connectivity/openssh/openssh_8.6p1.bb | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
> index be56fe43b9e..57ad5e841ca 100644
> --- a/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
> @@ -27,6 +27,9 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
> "
> SRC_URI[sha256sum] = "c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae"
>
> +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
> +CVE_CHECK_WHITELIST += "CVE-2007-2768"
> +
That sounds like what a distro says when it provides you with binaries
where they control most things. I thought this was a framework to build
a distro so what I select , you don't know.
Too bad there isn't a var like CVE_CHECK_NO_UPSTREAM_FIX and have a
cve-check level to exclude those at will.
-armin
> # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
> # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
> CVE_CHECK_WHITELIST += "CVE-2014-9278"
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-11 13:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-10 15:56 [PATCH] openssh: Exclude CVE-2007-2768 from cve-check Richard Purdie
2021-05-11 13:07 ` [OE-core] " Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.