diff mbox series

[v2,4/4] libx11-compose-data: set CVE_PRODUCT to empty value

Message ID 20260713234417.4071754-4-mark.yang@lge.com
State Accepted, archived
Commit 8b1fb9fbe04d4279ee086a2991ee13f3a8704be4
Headers show
Series [v2,1/4] python3-cryptography: set CVE_PRODUCT | expand

Commit Message

mark.yang July 13, 2026, 11:44 p.m. UTC
From: "mark.yang" <mark.yang@lge.com>

This recipe only builds and installs the compose data files (nls/) from
the libX11 sources and contains no compiled libX11 code, so libx11 CVEs
do not apply to it. When the x11 DISTRO_FEATURE is enabled this recipe
is skipped and libx11 itself is built and scanned instead.

Referred glibc-locale case:
https://github.com/openembedded/openembedded-core/commit/1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17

Signed-off-by: mark.yang <mark.yang@lge.com>
---
v2: no changes

 .../recipes-graphics/xorg-lib/libx11-compose-data_1.8.12.bb | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.12.bb b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.12.bb
index 562a8cbf16..4bf9f07aba 100644
--- a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.12.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.12.bb
@@ -29,3 +29,9 @@  do_install() {
 PACKAGES = "${PN}"
 
 FILES:${PN} = "${datadir}/X11/locale ${libdir}/X11/locale"
+
+# This recipe only builds and installs the compose data files (nls/) from
+# the libX11 sources and contains no compiled libX11 code, so libx11 CVEs
+# do not apply to it. When the x11 DISTRO_FEATURE is enabled this recipe
+# is skipped and libx11 itself is built and scanned instead.
+CVE_PRODUCT = ""