[kirkstone,02/10] perl: ignore CVE-2023-47100

Message ID	8df158f39f1eed1e3ae88ddf935c67e067b72525.1713268959.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.180, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100 Date: Tue, 16 Apr 2024 05:06:49 -0700 Message-Id: <8df158f39f1eed1e3ae88ddf935c67e067b72525.1713268959.git.steve@sakoman.com> In-Reply-To: <cover.1713268959.git.steve@sakoman.com> References: <cover.1713268959.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/10] cups: fix typo in CVE-2023-32360 backport patch \| expand [kirkstone,01/10] cups: fix typo in CVE-2023-32360 backport patch [kirkstone,02/10] perl: ignore CVE-2023-47100 [kirkstone,03/10] openssh: Add CVE-2023-51767 to CVE_CHECK_IGNORE [kirkstone,04/10] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081 [kirkstone,05/10] openssl: patch CVE-2024-2511 [kirkstone,06/10] ncurses: patch CVE-2023-50495 [kirkstone,07/10] Revert "expat: fix CVE-2023-52425" [kirkstone,08/10] tcl: Add a way to skip ptests [kirkstone,09/10] tcl: skip timing-dependent tests in run-ptest [kirkstone,10/10] tcl: skip async and event tests in run-ptest

Message ID

8df158f39f1eed1e3ae88ddf935c67e067b72525.1713268959.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/10] perl: ignore CVE-2023-47100
Date: Tue, 16 Apr 2024 05:06:49 -0700
Message-Id: 
 <8df158f39f1eed1e3ae88ddf935c67e067b72525.1713268959.git.steve@sakoman.com>
In-Reply-To: <cover.1713268959.git.steve@sakoman.com>
References: <cover.1713268959.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/10] cups: fix typo in CVE-2023-32360 backport patch | expand

Commit Message

Steve Sakoman April 16, 2024, 12:06 p.m. UTC

From: Alex Stewart <alex.stewart@ni.com>

CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/perl/perl_5.34.3.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb
index e8b518adc9..215990c8fa 100644
--- a/meta/recipes-devtools/perl/perl_5.34.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.3.bb
@@ -48,6 +48,9 @@  PACKAGECONFIG[gdbm] = ",-Ui_gdbm,gdbm"
 # Don't generate comments in enc2xs output files. They are not reproducible
 export ENC2XS_NO_COMMENTS = "1"
 
+# Duplicate of CVE-2023-47038, which has already been patched as of perl_5.34.3
+CVE_CHECK_IGNORE:append = " CVE-2023-47100"
+
 do_configure:prepend() {
     cp -rfp ${STAGING_DATADIR_NATIVE}/perl-cross/* ${S}
 }

[kirkstone,02/10] perl: ignore CVE-2023-47100

Commit Message

Patch