mirror of
https://git.yoctoproject.org/poky
synced 2026-04-28 06:32:34 +02:00
179fe25cb7
This CVE is about TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees which had very low severity problem and marked as closed and won't fix. Therefore whitelisted CVE-2013-4235. Master, gatesgarth and dunfell all have shadow version 4.81. Hence, this is applicable for master, gatesgarth and dunfell. Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658 (From OE-Core rev: 8836a56a9f17f238908b7d0e286a6d386f7be290) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b1c6cd87bee6b019619dc5728fd6c36bc87ed696) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
12 lines
424 B
BlitzBasic
12 lines
424 B
BlitzBasic
require shadow.inc
|
|
|
|
# Build falsely assumes that if --enable-libpam is set, we don't need to link against
|
|
# libcrypt. This breaks chsh.
|
|
BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|
|
|
|
# Severity is low and marked as closed and won't fix.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
|
|
CVE_CHECK_WHITELIST += "CVE-2013-4235"
|