[Buildroot] [PATCH] package/lightning: stop spam!
Paul Cercueil
paul at crapouillou.net
Fri Oct 15 21:50:03 UTC 2021
Every week I receive an automated email that tells me about the
CVE-2020-7747 vulnerability in Lightning. This vulnerability however
applies to the Javascript lightning-server project, and not to the
GNU Lightning project.
Ignore this CVE in the Lightning package to reduce my stress levels.
Signed-off-by: Paul Cercueil <paul at crapouillou.net>
---
package/lightning/lightning.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/lightning/lightning.mk b/package/lightning/lightning.mk
index 3bd17bef56..38b132e082 100644
--- a/package/lightning/lightning.mk
+++ b/package/lightning/lightning.mk
@@ -12,6 +12,10 @@ LIGHTNING_INSTALL_STAGING = YES
# We're patching include/Makefile.am
LIGHTNING_AUTORECONF = YES
+# CVE-2020-7747 is for the Javascript lightning-server project, and not for
+# GNU Lightning.
+LIGHTNING_IGNORE_CVES = CVE-2020-7747
+
ifeq ($(BR2_PACKAGE_LIGHTNING_DISASSEMBLER),y)
LIGHTNING_DEPENDENCIES += binutils zlib
LIGHTNING_CONF_OPTS += --enable-disassembler
--
2.33.0
More information about the buildroot
mailing list