Message ID | PR3P192MB071469B386531AC4342395CFDAA59@PR3P192MB0714.EURP192.PROD.OUTLOOK.COM |
---|---|
State | New, archived |
Headers | show |
Series | [dunfell] bluez5: Exclude CVE-2022-39177 from cve-check | expand |
On Tue, Feb 21, 2023 at 6:58 AM Hugo Simeliere via lists.openembedded.org <hsimeliere.opensource=witekio.com@lists.openembedded.org> wrote: > > CVE already fixed in CVE-2022-39176.patch > > > > Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> > > --- > > meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > index e5353bd815..be74a35e0a 100644 > > --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > +++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb > > @@ -6,6 +6,13 @@ SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089 > Your mailer seems to be corrupting the patch: Applying: bluez5: Exclude CVE-2022-39177 from cve-check error: corrupt patch at line 10 error: could not build fake ancestor Patch failed at 0001 bluez5: Exclude CVE-2022-39177 from cve-check Please correct and send a V2. Thanks! Steve > # These issues have kernel fixes rather than bluez fixes so exclude here > > CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" > > +# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b > > +# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177 > > +# already backport in CVE-2022-39176.patch > > +# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 > > + > > +CVE_CHECK_WHITELIST += "CVE-2022-39177" > > + > > # noinst programs in Makefile.tools that are conditional on READLINE > > # support > > NOINST_TOOLS_READLINE ?= " \ > > -- > > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#177529): https://lists.openembedded.org/g/openembedded-core/message/177529 > Mute This Topic: https://lists.openembedded.org/mt/97113394/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb index e5353bd815..be74a35e0a 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.55.bb @@ -6,6 +6,13 @@ SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e089 # These issues have kernel fixes rather than bluez fixes so exclude here CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" +# Commit 7a80d2096f1b7125085e21448112aa02f49f5e9a, e2b0f0d8d63e1223bb714a9efb37e2257818268b +# and 0388794dc5fdb73a4ea88bcf148de0a12b4364d4 to fix CVE-2022-39177 +# already backport in CVE-2022-39176.patch +# https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 + +CVE_CHECK_WHITELIST += "CVE-2022-39177" + # noinst programs in Makefile.tools that are conditional on READLINE # support NOINST_TOOLS_READLINE ?= " \ -- 2.25.1
CVE already fixed in CVE-2022-39176.patch Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> --- meta/recipes-connectivity/bluez5/bluez5_5.55.bb | 7 +++++++ 1 file changed, 7 insertions(+)