All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check
@ 2021-05-12 22:49 Richard Purdie
  2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
  2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie
  0 siblings, 2 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
  To: openembedded-core

This is included in the release we have, it was the reason for the last rpm
point release.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index 7c03b41fc82..2857cd730c4 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -47,6 +47,10 @@ SRCREV = "3659b8a04f5b8bacf6535e0124e7fe23f15286bd"
 
 S = "${WORKDIR}/git"
 
+# Fix https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21
+# included in 4.16.1.3
+CVE_CHECK_WHIETLIST += "CVE-2021-20271"
+
 DEPENDS = "libgcrypt db file popt xz bzip2 elfutils python3"
 DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH 2/3] coreutils: Exclude CVE-2016-2781 from cve-check
  2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
@ 2021-05-12 22:49 ` Richard Purdie
  2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie
  1 sibling, 0 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
  To: openembedded-core

http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842

"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/coreutils/coreutils_8.32.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-core/coreutils/coreutils_8.32.bb b/meta/recipes-core/coreutils/coreutils_8.32.bb
index c1962ccb909..f3fe31fd3bd 100644
--- a/meta/recipes-core/coreutils/coreutils_8.32.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.32.bb
@@ -26,6 +26,10 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
 SRC_URI[md5sum] = "022042695b7d5bcf1a93559a9735e668"
 SRC_URI[sha256sum] = "4458d8de7849df44ccab15e16b1548b285224dbba5f08fac070c1c0e0bcc4cfa"
 
+# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
+# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
+CVE_CHECK_WHITELIST += "CVE-2016-2781"
+
 EXTRA_OECONF_class-native = "--without-gmp"
 EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
 EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname"
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 from cve-check
  2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
  2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
@ 2021-05-12 22:49 ` Richard Purdie
  1 sibling, 0 replies; 3+ messages in thread
From: Richard Purdie @ 2021-05-12 22:49 UTC (permalink / raw)
  To: openembedded-core

Issue only affects windows.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-gnome/librsvg/librsvg_2.40.21.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
index acdbc1f1b3d..59de80a691d 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
@@ -25,6 +25,9 @@ SRC_URI += "file://gtk-option.patch \
 
 SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"
 
+# Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2018-1000041"
+
 CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
 
 PACKAGECONFIG ??= "gdkpixbuf"
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-12 22:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-12 22:49 [PATCH 1/3] rpm: Exclude CVE-2021-20271 from cve-check Richard Purdie
2021-05-12 22:49 ` [PATCH 2/3] coreutils: Exclude CVE-2016-2781 " Richard Purdie
2021-05-12 22:49 ` [PATCH 3/3] librsvg: Exclude CVE-2018-1000041 " Richard Purdie

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.