summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2021-05-12 23:41:24 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-05-22 10:01:03 +0100
commit074d7736e8a593afbd05dbbddf5429e41bcd82b7 (patch)
tree59de622a051178cf1f39816ef688b51b8cc6f6b7
parentb1bdeda784574bf2b20862b71e5ff75897e0079a (diff)
downloadpoky-074d7736e8a593afbd05dbbddf5429e41bcd82b7.tar.gz
poky-074d7736e8a593afbd05dbbddf5429e41bcd82b7.tar.bz2
poky-074d7736e8a593afbd05dbbddf5429e41bcd82b7.zip
coreutils: Exclude CVE-2016-2781 from cve-check
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 "Given runcon is not really a sandbox command, the advice is to use `runcon ... setsid ...` to avoid this particular issue. (From OE-Core rev: c5d07dcba0762ccc000f8466b710a8ed8b7aa356) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/coreutils/coreutils_8.32.bb4
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils_8.32.bb b/meta/recipes-core/coreutils/coreutils_8.32.bb
index c1962ccb90..f3fe31fd3b 100644
--- a/meta/recipes-core/coreutils/coreutils_8.32.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.32.bb
@@ -26,6 +26,10 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
SRC_URI[md5sum] = "022042695b7d5bcf1a93559a9735e668"
SRC_URI[sha256sum] = "4458d8de7849df44ccab15e16b1548b285224dbba5f08fac070c1c0e0bcc4cfa"
+# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
+# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue.
+CVE_CHECK_WHITELIST += "CVE-2016-2781"
+
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname"