From: Ross Burton <r...@burtonini.com>
This CVE relates to bad ownership of /var/log/cups, which we don't have.
Signed-off-by: Ross Burton <ross.bur...@arm.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit 0792312f3637ec160d2ef90781a8cb1f75b84940)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/recipes-extended/cups/cups.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-extended/cups/cups.inc
b/meta/recipes-extended/cups/cups.inc
index acad3c98c1..151ef065fe 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -116,3 +116,7 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess"
cups_sysroot_preprocess () {
sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e
's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e
's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
}
+
+# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is
+# root:root, so this doesn't apply.
+CVE_CHECK_WHITELIST += "CVE-2021-25317"
\ No newline at end of file
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152495):
https://lists.openembedded.org/g/openembedded-core/message/152495
Mute This Topic: https://lists.openembedded.org/mt/83233798/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
