Hi, On Tue, May 17, 2022 at 04:45:00PM +0530, Ranjitsinh Rathod wrote: > Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell > branch
Good finding, thanks. I think it makes sence to support both CVE_CHECK_WHITELIST and CVE_CHECK_IGNORE variables in dunfell as patches will be cherry-picked and this issue may creep in again silently. Other opinions? Cheers, -Mikko > Signed-off-by: Ranjitsinh Rathod <[email protected]> > --- > meta/recipes-devtools/git/git.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-devtools/git/git.inc > b/meta/recipes-devtools/git/git.inc > index 879920d97e..b5d0004712 100644 > --- a/meta/recipes-devtools/git/git.inc > +++ b/meta/recipes-devtools/git/git.inc > @@ -22,7 +22,7 @@ CVE_PRODUCT = "git-scm:git" > # This is about a manpage not mentioning --mirror may "leak" information > # in mirrored git repos. Most OE users wouldn't build the docs and > # we don't see this as a major issue for our general users/usecases. > -CVE_CHECK_IGNORE += "CVE-2022-24975" > +CVE_CHECK_WHITELIST += "CVE-2022-24975" > > PACKAGECONFIG ??= "" > PACKAGECONFIG[cvsserver] = "" > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165728): https://lists.openembedded.org/g/openembedded-core/message/165728 Mute This Topic: https://lists.openembedded.org/mt/91160955/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
