* [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check
@ 2021-05-12 22:49 Richard Purdie
2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie
0 siblings, 2 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
To: openembedded-core
This is included in the release we have, it was the reason for the last rpm
point release.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index 7c03b41fc82..2857cd730c4 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -47,6 +47,10 @@ SRCREV = "3659b8a04f5b8bacf6535e0124e7fe23f15286bd"
S = "${WORKDIR}/git"
+# Fix https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21
+# included in 4.16.1.3
+CVE_CHECK_WHIETLIST += "CVE-2021-20271"
+
DEPENDS = "libgcrypt db file popt xz bzip2 elfutils python3"
DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/3] coreutils: Exclude CVE-2016-2781 from cve-check
2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
@ 2021-05-12 22:49 ` Richard Purdie
2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie
1 sibling, 0 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
To: openembedded-core
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-core/coreutils/coreutils_8.32.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-core/coreutils/coreutils_8.32.bb b/meta/recipes-core/coreutils/coreutils_8.32.bb
index c1962ccb909..f3fe31fd3bd 100644
--- a/meta/recipes-core/coreutils/coreutils_8.32.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.32.bb
@@ -26,6 +26,10 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
SRC_URI[md5sum] = "022042695b7d5bcf1a93559a9735e668"
SRC_URI[sha256sum] = "4458d8de7849df44ccab15e16b1548b285224dbba5f08fac070c1c0e0bcc4cfa"
+# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
+# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
+CVE_CHECK_WHITELIST += "CVE-2016-2781"
+
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname"
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 from cve-check
2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
@ 2021-05-12 22:49 ` Richard Purdie
1 sibling, 0 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
To: openembedded-core
Issue only affects windows.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-gnome/librsvg/librsvg_2.40.21.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
index acdbc1f1b3d..59de80a691d 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
@@ -25,6 +25,9 @@ SRC_URI += "file://gtk-option.patch \
SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"
+# Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2018-1000041"
+
CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
PACKAGECONFIG ??= "gdkpixbuf"
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-12 22:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.