From: Peter Marko <[email protected]> Introduce new packageconfig to explicitly avoid compilation of experimental code. Note that the code was not compiled by default also before this patch, this now makes it explicit and makes it possible to check for the flags in cve-check code.
This is less intrusive change than a patch removing the code which was rejected in patch review. This will solve CVE-2025-59777 and CVE-2025-62689 as the vulnerable code is not compiled by default. Set appropriate CVE status for these CVEs based on new packageconfig. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb b/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb index 0628ee71b5..a22b0c9342 100644 --- a/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb +++ b/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb @@ -19,9 +19,13 @@ PACKAGECONFIG ?= "curl https" PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," PACKAGECONFIG[https] = "--enable-https,--disable-https,libgcrypt gnutls," +PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental," do_compile:append() { sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc } BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2025-59777] = "${@bb.utils.contains('PACKAGECONFIG', 'experimental', 'unpatched', 'not-applicable-config: experimental code not compiled', d)}" +CVE_STATUS[CVE-2025-62689] = "${@bb.utils.contains('PACKAGECONFIG', 'experimental', 'unpatched', 'not-applicable-config: experimental code not compiled', d)}" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#227604): https://lists.openembedded.org/g/openembedded-core/message/227604 Mute This Topic: https://lists.openembedded.org/mt/116747775/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
