* [meta-lts-mixins][kirkstone/rust-1.75][PATCH 0/1] Ignore Windows CVEs
@ 2026-02-06 21:25 Scott Murray
2026-02-06 21:25 ` [meta-lts-mixins][kirkstone/rust-1.75][PATCH 1/1] rust-cross-canadian: " Scott Murray
0 siblings, 1 reply; 2+ messages in thread
From: Scott Murray @ 2026-02-06 21:25 UTC (permalink / raw)
To: yocto-patches; +Cc: Zahir Hussain, Nitin Wankhade, aszh07
This kept falling to the bottom of my TODO list, but I did some testing with
cve-check last week, and decided to update the patch since CVE-2024-24576 was
also showing as unpatched. I intend to merge this to kirkstone/rust-1.75 at
end of day Monday (5 pm Eastern, Feb. 9th) if no issues are pointed out.
Note that I considered applying this to the 1.68 and 1.70 mixin branches, but
it does not seem worth the effort, as they do have other unpatched CVEs that
would require some further investigation into addressing. I would recommend
folks using those mixin layers that are concerned about CVEs take the likely
easier path of moving to at least kirkstone/rust-1.75 instead.
Scott
Changes:
Zahir Hussain (1):
rust-cross-canadian: Ignore Windows CVEs
recipes-devtools/rust/rust-cross-canadian.inc | 2 ++
1 file changed, 2 insertions(+)
--
2.51.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* [meta-lts-mixins][kirkstone/rust-1.75][PATCH 1/1] rust-cross-canadian: Ignore Windows CVEs
2026-02-06 21:25 [meta-lts-mixins][kirkstone/rust-1.75][PATCH 0/1] Ignore Windows CVEs Scott Murray
@ 2026-02-06 21:25 ` Scott Murray
0 siblings, 0 replies; 2+ messages in thread
From: Scott Murray @ 2026-02-06 21:25 UTC (permalink / raw)
To: yocto-patches; +Cc: Zahir Hussain, Nitin Wankhade, aszh07
From: Zahir Hussain <zahir.basha@kpit.com>
Ignore CVE-2024-24576 and CVE-2024-43402 as they are not applicable
for Linux; the CVEs are specific to Microsoft Windows.
The previous change to ignore these in rust-source.inc did not cover
rust-cross-canadian, so add them to rust-cross-canadian.inc to fix
this.
CVE: CVE-2024-24576
CVE: CVE-2024-43402
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
(added CVE-2024-24576, updated commit message)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
recipes-devtools/rust/rust-cross-canadian.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-devtools/rust/rust-cross-canadian.inc b/recipes-devtools/rust/rust-cross-canadian.inc
index 45cb402..6d758b7 100644
--- a/recipes-devtools/rust/rust-cross-canadian.inc
+++ b/recipes-devtools/rust/rust-cross-canadian.inc
@@ -90,3 +90,5 @@ do_install () {
FILES:${PN} += "${base_prefix}/environment-setup.d"
+# These CVEs are specific to Microsoft Windows
+CVE_CHECK_IGNORE += "CVE-2024-24576 CVE-2024-43402"
--
2.51.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-02-06 21:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-06 21:25 [meta-lts-mixins][kirkstone/rust-1.75][PATCH 0/1] Ignore Windows CVEs Scott Murray
2026-02-06 21:25 ` [meta-lts-mixins][kirkstone/rust-1.75][PATCH 1/1] rust-cross-canadian: " Scott Murray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.