[Buildroot] [PATCH] package/lightning: stop spam!

Paul Cercueil paul at crapouillou.net
Fri Oct 15 21:50:03 UTC 2021


Every week I receive an automated email that tells me about the
CVE-2020-7747 vulnerability in Lightning. This vulnerability however
applies to the Javascript lightning-server project, and not to the
GNU Lightning project.

Ignore this CVE in the Lightning package to reduce my stress levels.

Signed-off-by: Paul Cercueil <paul at crapouillou.net>
---
 package/lightning/lightning.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/lightning/lightning.mk b/package/lightning/lightning.mk
index 3bd17bef56..38b132e082 100644
--- a/package/lightning/lightning.mk
+++ b/package/lightning/lightning.mk
@@ -12,6 +12,10 @@ LIGHTNING_INSTALL_STAGING = YES
 # We're patching include/Makefile.am
 LIGHTNING_AUTORECONF = YES
 
+# CVE-2020-7747 is for the Javascript lightning-server project, and not for
+# GNU Lightning.
+LIGHTNING_IGNORE_CVES = CVE-2020-7747
+
 ifeq ($(BR2_PACKAGE_LIGHTNING_DISASSEMBLER),y)
 LIGHTNING_DEPENDENCIES += binutils zlib
 LIGHTNING_CONF_OPTS += --enable-disassembler
-- 
2.33.0



More information about the buildroot mailing list