summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/tar/tar_1.32.bb
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/tar/tar_1.32.bb')
-rw-r--r--meta/recipes-extended/tar/tar_1.32.bb9
1 files changed, 9 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb
index ebe6cb0dbd..9297480e85 100644
--- a/meta/recipes-extended/tar/tar_1.32.bb
+++ b/meta/recipes-extended/tar/tar_1.32.bb
@@ -6,8 +6,13 @@ SECTION = "base"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+PR = "r1"
+
SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
file://musl_dirent.patch \
+ file://CVE-2021-20193.patch \
+ file://CVE-2022-48303.patch \
+ file://CVE-2023-39804.patch \
"
SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05"
@@ -64,3 +69,7 @@ PROVIDES_append_class-native = " tar-replacement-native"
NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}"
BBCLASSEXTEND = "native nativesdk"
+
+# Avoid false positives from CVEs in node-tar package
+# For example CVE-2021-{32803,32804,37701,37712,37713}
+CVE_PRODUCT = "gnu:tar"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-03 00:03:45 +0000