mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-18 12:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

ghostscript: Exclude CVE-2013-6629 from cve-check

Browse Source 
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.

(From OE-Core rev: 829296767ecfbd443d738367b7146a91506e25f2)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Richard Purdie
2021-05-11 13:44:09 +01:00
parent 2ddbc1b1b9
commit b819be5f6a
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-extended/ghostscript/ghostscript_9.52.bb
View File

@@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native"
UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
# The jpeg issue in the CVE is present in the gs jpeg sources
# however we use an external jpeg which doesn't have the issue.
CVE_CHECK_WHITELIST += "CVE-2013-6629"
def gs_verdir(v):
return "".join(v.split("."))