NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libxml2: properly set LIBXML2_IGNORE_CVES

Browse Source 
The libxml2 package has two patches that fix the two CVEs affecting
libxml2 in version 2.9.10, so let's use LIBXML2_IGNORE_CVES to ensure
these CVEs are no longer reported by pkg-stats.

Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Thomas Petazzoni 2020-02-19 00:36:46 +01:00 committed by Peter Korsgaard
parent 60f2de1f12
commit e1db66f80d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libxml2/libxml2.mk
View File

@ -9,6 +9,10 @@ LIBXML2_SITE = http://xmlsoft.org/sources
LIBXML2_INSTALL_STAGING = YES
LIBXML2_LICENSE = MIT
LIBXML2_LICENSE_FILES = COPYING
# 0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
LIBXML2_IGNORE_CVES += CVE-2020-7595
# 0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
LIBXML2_IGNORE_CVES += CVE-2019-20388
LIBXML2_CONFIG_SCRIPTS = xml2-config
# relocation truncated to fit: R_68K_GOT16O