[oe-commits] [openembedded-core] 01/05: cve-check: remove redundant readline CVE whitelisting
git at git.openembedded.org
git at git.openembedded.org
Tue Jul 16 12:55:53 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 5e53b8187f6042d574884b80d759a36901aecebf
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Tue Jul 16 13:46:43 2019 +0100
cve-check: remove redundant readline CVE whitelisting
CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the
tooling wasn't able to detect this version. As we now ship readline 8 we don't
need to manually whitelist it, and if we did then the whitelisting should be in
the readline recipe.
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/classes/cve-check.bbclass | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ffd6243..5979edf 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -41,10 +41,15 @@ CVE_CHECK_PN_WHITELIST = "\
glibc-locale \
"
-# Whitelist for CVE and version of package
-CVE_CHECK_CVE_WHITELIST = "{\
- 'CVE-2014-2524': ('6.3','5.2',), \
-}"
+# Whitelist for CVE and version of package. If a CVE is found then the PV is
+# compared with the version list, and if found the CVE is considered
+# patched.
+#
+# The value should be valid Python in this format:
+# {
+# 'CVE-2014-2524': ('6.3','5.2')
+# }
+CVE_CHECK_CVE_WHITELIST ?= "{}"
python do_cve_check () {
"""
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list