| Message ID | 20241213120250.704778-1-mikko.rapeli@linaro.org |
|---|---|
| State | Accepted, archived |
| Commit | eb46ad379170f0a80ac2d061fa02c118f5ed1d31 |
| Headers | show |
| Series | systemd: set CVE_PRODUCT | expand |
For historical reasons, we should not limit the check to systemd_project vendor. sqlite> select vendor, product, count(*) from products where product = 'systemd' group by vendor, product; linux|systemd|1 systemd_project|systemd|106 sqlite> select * from products where vendor = 'linux' and product = 'systemd'; CVE-2012-1174|linux|systemd|43|=|| Peter > -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Mikko Rapeli via > lists.openembedded.org > Sent: Friday, December 13, 2024 13:03 > To: openembedded-core@lists.openembedded.org > Cc: Mikko Rapeli <mikko.rapeli@linaro.org> > Subject: [OE-core] [PATCH] systemd: set CVE_PRODUCT > > systemd.inc is used by systemd, systemd-boot and > systemd-tools-native recipes so make sure all > match to "systemd_project:systemd" vendor and product > in CVE database. The split between systemd, systemd-boot > and systemd-tools-native is specific to oe-core and > upstream just refers to systemd. > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > meta/recipes-core/systemd/systemd.inc | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes- > core/systemd/systemd.inc > index 989ca667b7..288d49e007 100644 > --- a/meta/recipes-core/systemd/systemd.inc > +++ b/meta/recipes-core/systemd/systemd.inc > @@ -20,3 +20,5 @@ SRCBRANCH = "v256-stable" > SRC_URI = > "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANC > H}" > > S = "${WORKDIR}/git" > + > +CVE_PRODUCT = "systemd_project:systemd" > -- > 2.43.0
Hi, On Fri, Dec 13, 2024 at 12:14:54PM +0000, Marko, Peter wrote: > For historical reasons, we should not limit the check to systemd_project vendor. > > sqlite> select vendor, product, count(*) from products where product = 'systemd' group by vendor, product; > linux|systemd|1 > systemd_project|systemd|106 > sqlite> select * from products where vendor = 'linux' and product = 'systemd'; > CVE-2012-1174|linux|systemd|43|=|| Ok, will limit to just "systemd" product name in v2. Cheers, -Mikko
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 989ca667b7..288d49e007 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -20,3 +20,5 @@ SRCBRANCH = "v256-stable" SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}" S = "${WORKDIR}/git" + +CVE_PRODUCT = "systemd_project:systemd"
systemd.inc is used by systemd, systemd-boot and systemd-tools-native recipes so make sure all match to "systemd_project:systemd" vendor and product in CVE database. The split between systemd, systemd-boot and systemd-tools-native is specific to oe-core and upstream just refers to systemd. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- meta/recipes-core/systemd/systemd.inc | 2 ++ 1 file changed, 2 insertions(+)