* [PATCH] cmake: whitelist CVE-2016-10642
@ 2020-09-08 16:47 Ross Burton
2020-09-08 18:25 ` [OE-core] " Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Ross Burton @ 2020-09-08 16:47 UTC (permalink / raw)
To: openembedded-core
This CVE is specific to the npm package that can install cmake, so isn't
relevant to our cmake recipe.
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
meta/recipes-devtools/cmake/cmake.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 1334977225..fa1b818ae4 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
+
+# This is specific to the npm package that installs cmake, so isn't
+# relevant to OpenEmbedded
+CVE_CHECK_WHITELIST += "CVE-2016-10642"
--
2.28.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cmake: whitelist CVE-2016-10642
2020-09-08 16:47 [PATCH] cmake: whitelist CVE-2016-10642 Ross Burton
@ 2020-09-08 18:25 ` Steve Sakoman
2020-09-09 8:59 ` Ross Burton
0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2020-09-08 18:25 UTC (permalink / raw)
To: Ross Burton; +Cc: Patches and discussions about the oe-core layer
Is this also suitable for dunfell?
Steve
On Tue, Sep 8, 2020 at 6:47 AM Ross Burton <ross@burtonini.com> wrote:
>
> This CVE is specific to the npm package that can install cmake, so isn't
> relevant to our cmake recipe.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
> meta/recipes-devtools/cmake/cmake.inc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
> index 1334977225..fa1b818ae4 100644
> --- a/meta/recipes-devtools/cmake/cmake.inc
> +++ b/meta/recipes-devtools/cmake/cmake.inc
> @@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
> SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
>
> UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
> +
> +# This is specific to the npm package that installs cmake, so isn't
> +# relevant to OpenEmbedded
> +CVE_CHECK_WHITELIST += "CVE-2016-10642"
> --
> 2.28.0
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cmake: whitelist CVE-2016-10642
2020-09-08 18:25 ` [OE-core] " Steve Sakoman
@ 2020-09-09 8:59 ` Ross Burton
0 siblings, 0 replies; 3+ messages in thread
From: Ross Burton @ 2020-09-09 8:59 UTC (permalink / raw)
To: Steve Sakoman; +Cc: Patches and discussions about the oe-core layer
Absolutely.
Ross
On Tue, 8 Sep 2020 at 19:25, Steve Sakoman <steve@sakoman.com> wrote:
>
> Is this also suitable for dunfell?
>
> Steve
>
> On Tue, Sep 8, 2020 at 6:47 AM Ross Burton <ross@burtonini.com> wrote:
> >
> > This CVE is specific to the npm package that can install cmake, so isn't
> > relevant to our cmake recipe.
> >
> > Signed-off-by: Ross Burton <ross.burton@arm.com>
> > ---
> > meta/recipes-devtools/cmake/cmake.inc | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
> > index 1334977225..fa1b818ae4 100644
> > --- a/meta/recipes-devtools/cmake/cmake.inc
> > +++ b/meta/recipes-devtools/cmake/cmake.inc
> > @@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
> > SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
> >
> > UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
> > +
> > +# This is specific to the npm package that installs cmake, so isn't
> > +# relevant to OpenEmbedded
> > +CVE_CHECK_WHITELIST += "CVE-2016-10642"
> > --
> > 2.28.0
> >
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-09 8:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-08 16:47 [PATCH] cmake: whitelist CVE-2016-10642 Ross Burton
2020-09-08 18:25 ` [OE-core] " Steve Sakoman
2020-09-09 8:59 ` Ross Burton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.