All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] cmake: whitelist CVE-2016-10642
@ 2020-09-08 16:47 Ross Burton
  2020-09-08 18:25 ` [OE-core] " Steve Sakoman
  0 siblings, 1 reply; 3+ messages in thread
From: Ross Burton @ 2020-09-08 16:47 UTC (permalink / raw)
  To: openembedded-core

This CVE is specific to the npm package that can install cmake, so isn't
relevant to our cmake recipe.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-devtools/cmake/cmake.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 1334977225..fa1b818ae4 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
 SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
+
+# This is specific to the npm package that installs cmake, so isn't
+# relevant to OpenEmbedded
+CVE_CHECK_WHITELIST += "CVE-2016-10642"
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cmake: whitelist CVE-2016-10642
  2020-09-08 16:47 [PATCH] cmake: whitelist CVE-2016-10642 Ross Burton
@ 2020-09-08 18:25 ` Steve Sakoman
  2020-09-09  8:59   ` Ross Burton
  0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2020-09-08 18:25 UTC (permalink / raw)
  To: Ross Burton; +Cc: Patches and discussions about the oe-core layer

Is this also suitable for dunfell?

Steve

On Tue, Sep 8, 2020 at 6:47 AM Ross Burton <ross@burtonini.com> wrote:
>
> This CVE is specific to the npm package that can install cmake, so isn't
> relevant to our cmake recipe.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
>  meta/recipes-devtools/cmake/cmake.inc | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
> index 1334977225..fa1b818ae4 100644
> --- a/meta/recipes-devtools/cmake/cmake.inc
> +++ b/meta/recipes-devtools/cmake/cmake.inc
> @@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
>  SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
>
>  UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
> +
> +# This is specific to the npm package that installs cmake, so isn't
> +# relevant to OpenEmbedded
> +CVE_CHECK_WHITELIST += "CVE-2016-10642"
> --
> 2.28.0
>
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] cmake: whitelist CVE-2016-10642
  2020-09-08 18:25 ` [OE-core] " Steve Sakoman
@ 2020-09-09  8:59   ` Ross Burton
  0 siblings, 0 replies; 3+ messages in thread
From: Ross Burton @ 2020-09-09  8:59 UTC (permalink / raw)
  To: Steve Sakoman; +Cc: Patches and discussions about the oe-core layer

Absolutely.

Ross

On Tue, 8 Sep 2020 at 19:25, Steve Sakoman <steve@sakoman.com> wrote:
>
> Is this also suitable for dunfell?
>
> Steve
>
> On Tue, Sep 8, 2020 at 6:47 AM Ross Burton <ross@burtonini.com> wrote:
> >
> > This CVE is specific to the npm package that can install cmake, so isn't
> > relevant to our cmake recipe.
> >
> > Signed-off-by: Ross Burton <ross.burton@arm.com>
> > ---
> >  meta/recipes-devtools/cmake/cmake.inc | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
> > index 1334977225..fa1b818ae4 100644
> > --- a/meta/recipes-devtools/cmake/cmake.inc
> > +++ b/meta/recipes-devtools/cmake/cmake.inc
> > @@ -25,3 +25,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
> >  SRC_URI[sha256sum] = "5d4e40fc775d3d828c72e5c45906b4d9b59003c9433ff1b36a1cb552bbd51d7e"
> >
> >  UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
> > +
> > +# This is specific to the npm package that installs cmake, so isn't
> > +# relevant to OpenEmbedded
> > +CVE_CHECK_WHITELIST += "CVE-2016-10642"
> > --
> > 2.28.0
> >
> > 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-09  8:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-08 16:47 [PATCH] cmake: whitelist CVE-2016-10642 Ross Burton
2020-09-08 18:25 ` [OE-core] " Steve Sakoman
2020-09-09  8:59   ` Ross Burton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.