[kirkstone,02/14] builder: set CVE_PRODUCT

Message ID	941a645b3b18418e020ada9ebdd19f425f03dfc8.1732733274.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT Date: Wed, 27 Nov 2024 10:49:55 -0800 Message-Id: <941a645b3b18418e020ada9ebdd19f425f03dfc8.1732733274.git.steve@sakoman.com> In-Reply-To: <cover.1732733274.git.steve@sakoman.com> References: <cover.1732733274.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/14] python3-pip: fix CVE-2023-5752 \| expand [kirkstone,01/14] python3-pip: fix CVE-2023-5752 [kirkstone,02/14] builder: set CVE_PRODUCT [kirkstone,03/14] coreutils: fix CVE-2024-0684 [kirkstone,04/14] libsndfile: fix CVE-2024-50612 [kirkstone,05/14] ffmpeg: fix CVE-2023-51798 [kirkstone,06/14] ffmpeg: fix CVE-2023-47342 [kirkstone,07/14] ffmpeg: fix CVE-2023-50007 [kirkstone,08/14] ffmpeg: fix CVE-2023-51796 [kirkstone,09/14] ffmpeg: fix CVE-2024-7055 [kirkstone,10/14] tzdata&tzcode-native: upgrade 2024a -> 2024b [kirkstone,11/14] package_rpm: use zstd's default compression level [kirkstone,12/14] package_rpm: restrict rpm to 4 threads [kirkstone,13/14] ninja: fix build with python 3.13 [kirkstone,14/14] gstreamer1.0: improve test reliability

Message ID

941a645b3b18418e020ada9ebdd19f425f03dfc8.1732733274.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/14] builder: set CVE_PRODUCT
Date: Wed, 27 Nov 2024 10:49:55 -0800
Message-Id: 
 <941a645b3b18418e020ada9ebdd19f425f03dfc8.1732733274.git.steve@sakoman.com>
In-Reply-To: <cover.1732733274.git.steve@sakoman.com>
References: <cover.1732733274.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/14] python3-pip: fix CVE-2023-5752 | expand

Commit Message

Steve Sakoman Nov. 27, 2024, 6:49 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.

Instead, set product to yocto to filter them.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/builder/builder_0.1.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 39be3bd63f..719db90530 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,5 +29,5 @@  do_install () {
 	chown  builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
 }
 
-# -4178 is an unrelated 'builder'
-CVE_CHECK_IGNORE = "CVE-2008-4178"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"

[kirkstone,02/14] builder: set CVE_PRODUCT

Commit Message

Patch