From: Richard Purdie <[email protected]> http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use `runcon ... setsid ...` to avoid this particular issue. Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 2d273b5aed4a5bd509ec9c68a6f451c17ec17d0c) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-core/coreutils/coreutils_8.31.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/coreutils/coreutils_8.31.bb b/meta/recipes-core/coreutils/coreutils_8.31.bb index 7dd9e41def..aabeee882c 100644 --- a/meta/recipes-core/coreutils/coreutils_8.31.bb +++ b/meta/recipes-core/coreutils/coreutils_8.31.bb @@ -26,6 +26,10 @@ SRC_URI_append_libc-musl = "file://strtod_fix_clash_with_strtold.patch" SRC_URI[md5sum] = "0009a224d8e288e8ec406ef0161f9293" SRC_URI[sha256sum] = "ff7a9c918edce6b4f4b2725e3f9b37b0c4d193531cac49a48b56c4d0d3a9e9fd" +# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 +# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. +CVE_CHECK_WHITELIST += "CVE-2016-2781" + EXTRA_OECONF_class-native = "--without-gmp" EXTRA_OECONF_class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" EXTRA_OECONF_class-nativesdk = "--enable-install-program=arch,hostname" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151961): https://lists.openembedded.org/g/openembedded-core/message/151961 Mute This Topic: https://lists.openembedded.org/mt/82887683/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
