mirror of
https://git.yoctoproject.org/poky
synced 2026-03-09 00:39:39 +01:00
da07e6ee34
This is similar CVE as the previous ones from the same author. https://github.com/yaml/libyaml/issues/303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
27 lines
1.0 KiB
BlitzBasic
27 lines
1.0 KiB
BlitzBasic
SUMMARY = "LibYAML is a YAML 1.1 parser and emitter written in C."
|
|
DESCRIPTION = "LibYAML is a C library for parsing and emitting data in YAML 1.1, \
|
|
a human-readable data serialization format. "
|
|
HOMEPAGE = "https://pyyaml.org/wiki/LibYAML"
|
|
SECTION = "libs/devel"
|
|
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://License;md5=7bbd28caa69f81f5cd5f48647236663d"
|
|
|
|
SRC_URI = "https://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz"
|
|
SRC_URI[md5sum] = "bb15429d8fb787e7d3f1c83ae129a999"
|
|
SRC_URI[sha256sum] = "c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4"
|
|
|
|
S = "${WORKDIR}/yaml-${PV}"
|
|
|
|
inherit autotools
|
|
|
|
DISABLE_STATIC:class-nativesdk = ""
|
|
DISABLE_STATIC:class-native = ""
|
|
|
|
# upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
|
|
CVE_CHECK_IGNORE += "CVE-2024-35326 CVE-2024-35328"
|
|
# upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
|
|
CVE_CHECK_IGNORE += "CVE-2024-35325"
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|