From da9b588be42ff7e00eda89d228ee1aa4125590ab Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sun, 1 Dec 2024 19:53:33 +0100 Subject: [PATCH] cpio: ignore CVE-2023-7216 Same was done in newer Yocto releases. See commit See commit 0f2cd2bbaddba3b8c80d71db274bbcd941d0e60e (From OE-Core rev: 50d8a653104abb9b5cd8a708a7bd97446e894bcf) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/cpio/cpio_2.14.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/cpio/cpio_2.14.bb b/meta/recipes-extended/cpio/cpio_2.14.bb index c0b97ee166..0fbab82cca 100644 --- a/meta/recipes-extended/cpio/cpio_2.14.bb +++ b/meta/recipes-extended/cpio/cpio_2.14.bb @@ -16,6 +16,8 @@ inherit autotools gettext texinfo # Issue applies to use of cpio in SUSE/OBS, doesn't apply to us CVE_CHECK_IGNORE += "CVE-2010-4226" +# disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html +CVE_CHECK_IGNORE += "CVE-2023-7216" EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"