diff mbox series

[dunfell] bluez5: Exclude CVE-2022-39177 from cve-check

Message ID PR3P192MB071469B386531AC4342395CFDAA59@PR3P192MB0714.EURP192.PROD.OUTLOOK.COM
State New, archived
Headers show
Series [dunfell] bluez5: Exclude CVE-2022-39177 from cve-check | expand

Commit Message

Hugo Simeliere Feb. 21, 2023, 4:58 p.m. UTC 
CVE already fixed in CVE-2022-39176.patch

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
---
meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++
1 file changed, 7 insertions(+)

Comments

Steve Sakoman Feb. 24, 2023, 7:39 p.m. UTC | #1 
On Tue, Feb 21, 2023 at 6:58 AM Hugo Simeliere via
lists.openembedded.org
<hsimeliere.opensource=witekio.com@lists.openembedded.org> wrote:
>
> CVE already fixed in CVE-2022-39176.patch
>
>
>
> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
>
> ---
>
> meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++
>
> 1 file changed, 7 insertions(+)
>
>
>
> diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
>
> index e5353bd815..be74a35e0a 100644
>
> --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
>
> +++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
>
> @@ -6,6 +6,13 @@ SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089
>
 Your mailer seems to be corrupting the patch:

Applying: bluez5: Exclude CVE-2022-39177 from cve-check
error: corrupt patch at line 10
error: could not build fake ancestor
Patch failed at 0001 bluez5: Exclude CVE-2022-39177 from cve-check

Please correct and send a V2.

Thanks!

Steve

> # These issues have kernel fixes rather than bluez fixes so exclude here
>
> CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490"
>
> +# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b
>
> +# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177
>
> +# already backport in CVE-2022-39176.patch
>
> +# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
>
> +
>
> +CVE_CHECK_WHITELIST += "CVE-2022-39177"
>
> +
>
> # noinst programs in Makefile.tools that are conditional on READLINE
>
> # support
>
> NOINST_TOOLS_READLINE ?= " \
>
> --
>
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#177529): https://lists.openembedded.org/g/openembedded-core/message/177529
> Mute This Topic: https://lists.openembedded.org/mt/97113394/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
index e5353bd815..be74a35e0a 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
@@ -6,6 +6,13 @@  SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089
# These issues have kernel fixes rather than bluez fixes so exclude here
CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490"
+# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b
+# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177
+# already backport in CVE-2022-39176.patch
+# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
+
+CVE_CHECK_WHITELIST += "CVE-2022-39177"
+
# noinst programs in Makefile.tools that are conditional on READLINE
# support
NOINST_TOOLS_READLINE ?= " \
--
2.25.1