[styhead,01/12] builder: set CVE_PRODUCT

Message ID	18773170492fc01ce7123ba0fac88e58750a3b93.1734012352.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][styhead 01/12] builder: set CVE_PRODUCT Date: Thu, 12 Dec 2024 06:07:47 -0800 Message-Id: <18773170492fc01ce7123ba0fac88e58750a3b93.1734012352.git.steve@sakoman.com> In-Reply-To: <cover.1734012352.git.steve@sakoman.com> References: <cover.1734012352.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[styhead,01/12] builder: set CVE_PRODUCT \| expand [styhead,01/12] builder: set CVE_PRODUCT [styhead,02/12] qemu: patch CVE-2024-6505 [styhead,03/12] libarchive: fix CVE-2024-48957 & CVE-2024-48958 [styhead,04/12] libsndfile1: backport the fix for CVE-2024-50612 [styhead,05/12] rust: ignore CVE-2024-43402 [styhead,06/12] curl: patch CVE-2024-9681 [styhead,07/12] ghostscript: upgrade 10.03.1 -> 10.04.0 [styhead,08/12] systemd: drop intltool-native from DEPENDS [styhead,09/12] systemd-boot: drop intltool-native from DEPENDS [styhead,10/12] python3-poetry-core: drop python3-six from RDEPENDS [styhead,11/12] dnf: drop python3-iniparse from DEPENDS and RDEPENDS [styhead,12/12] shadow: use update-alternatives to handle su.1 and nologin.8

Message ID

18773170492fc01ce7123ba0fac88e58750a3b93.1734012352.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 01/12] builder: set CVE_PRODUCT
Date: Thu, 12 Dec 2024 06:07:47 -0800
Message-Id: 
 <18773170492fc01ce7123ba0fac88e58750a3b93.1734012352.git.steve@sakoman.com>
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[styhead,01/12] builder: set CVE_PRODUCT | expand

Commit Message

Steve Sakoman Dec. 12, 2024, 2:07 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.

Instead, set product to yocto to filter them.

(From OE-Core rev: fd4ec5a5318b36af0a9a0a097a5b1f1de44a8edf)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/builder/builder_0.1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 7719b783c2..39abaf31ce 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,4 +29,5 @@  do_install () {
 	chown  builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
 }
 
-CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"

[styhead,01/12] builder: set CVE_PRODUCT

Commit Message

Patch