diff mbox series

[meta-oe,styhead,39/90] audit: Fix CVE_PRODUCT

Message ID	20241105143638.2301245-40-akuster808@gmail.com
State	New
Headers	show Return-Path: <akuster808@gmail.com> ip: 209.85.128.181, mailfrom: akuster808@gmail.com) From: Armin Kuster <akuster808@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: Shinji Matsunaga <shin.matsunaga@fujitsu.com>, Khem Raj <raj.khem@gmail.com> Subject: [meta-oe][styhead][PATCH 39/90] audit: Fix CVE_PRODUCT Date: Tue, 5 Nov 2024 09:35:04 -0500 Message-ID: <20241105143638.2301245-40-akuster808@gmail.com> In-Reply-To: <20241105143638.2301245-1-akuster808@gmail.com> References: <20241105143638.2301245-1-akuster808@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Patch review \| expand [meta-oe,styhead,00/90] Patch review [meta-oe,styhead,01/90] bdwgc: upgrade 8.2.6 -> 8.2.8 [meta-oe,styhead,02/90] ctags: upgrade 6.1.20240908.0 -> 6.1.20240915.0 [meta-oe,styhead,03/90] gnome-backgrounds: upgrade 46.0 -> 47.0 [meta-oe,styhead,04/90] gnome-chess: upgrade 46.0 -> 47.0 [meta-oe,styhead,05/90] gnome-font-viewer: upgrade 46.0 -> 47.0 [meta-oe,styhead,06/90] libmanette: upgrade 0.2.7 -> 0.2.9 [meta-oe,styhead,07/90] pegtl: upgrade 3.2.7 -> 3.2.8 [meta-oe,styhead,08/90] python3-elementpath: upgrade 4.4.0 -> 4.5.0 [meta-oe,styhead,09/90] python3-eventlet: upgrade 0.36.1 -> 0.37.0 [meta-oe,styhead,10/90] python3-filelock: upgrade 3.16.0 -> 3.16.1 [meta-oe,styhead,11/90] python3-greenlet: upgrade 3.0.3 -> 3.1.0 [meta-oe,styhead,12/90] python3-nmap: upgrade 1.6.0 -> 1.9.1 [meta-oe,styhead,13/90] python3-paramiko: upgrade 3.4.1 -> 3.5.0 [meta-oe,styhead,14/90] python3-platformdirs: upgrade 4.3.1 -> 4.3.6 [meta-oe,styhead,15/90] python3-psycopg: upgrade 3.2.1 -> 3.2.2 [meta-oe,styhead,16/90] python3-pyasn1-modules: upgrade 0.4.0 -> 0.4.1 [meta-oe,styhead,17/90] python3-pymisp: upgrade 2.4.197 -> 2.4.198 [meta-oe,styhead,18/90] python3-pyproject-api: upgrade 1.7.1 -> 1.7.2 [meta-oe,styhead,19/90] python3-pyunormalize: upgrade 15.1.0 -> 16.0.0 [meta-oe,styhead,20/90] python3-regex: upgrade 2024.7.24 -> 2024.9.11 [meta-oe,styhead,21/90] python3-rich: upgrade 13.8.0 -> 13.8.1 [meta-oe,styhead,22/90] python3-robotframework: upgrade 7.0.1 -> 7.1 [meta-oe,styhead,23/90] python3-virtualenv: upgrade 20.26.4 -> 20.26.5 [meta-oe,styhead,24/90] python3-xmlschema: upgrade 3.3.2 -> 3.4.1 [meta-oe,styhead,25/90] python3-yarl: upgrade 1.10.0 -> 1.11.1 [meta-oe,styhead,26/90] stunnel: upgrade 5.72 -> 5.73 [meta-oe,styhead,27/90] tecla: upgrade 46.0 -> 47.0 [meta-oe,styhead,28/90] traceroute: upgrade 2.1.5 -> 2.1.6 [meta-oe,styhead,29/90] opencv: upgrade 4.9.0 -> 4.10.0 [meta-oe,styhead,30/90] abseil-cpp: upgrade 20240116.2 -> 20240722.0 [meta-oe,styhead,31/90] protobuf: add abseil-cpp to RDEPENDS [meta-oe,styhead,32/90] protobuf: upgrade 4.25.4 -> 4.25.5 [meta-oe,styhead,33/90] non-repro-meta-networking: update known non-reproducible list [meta-oe,styhead,34/90] lksctp-tools: upgrade 1.0.19 -> 1.0.20 [meta-oe,styhead,35/90] gnome-shell: add gnome-control-center dependency [meta-oe,styhead,36/90] gnome-desktop: update 44.0 -> 44.1 [meta-oe,styhead,37/90] gpsd: make the meta-python dependency conditionally [meta-oe,styhead,38/90] tcpslice: upgrade 1.7 -> 1.8 [meta-oe,styhead,39/90] audit: Fix CVE_PRODUCT [meta-oe,styhead,40/90] python3-typer: Disable test_rich_markup_mode tests [meta-oe,styhead,41/90] perfetto: upgrade 31.0 -> 47.0 [meta-oe,styhead,42/90] python3-pydbus: Add missing rdep on xml module for ptests [meta-oe,styhead,43/90] python3-ujson: Add python misc modules to ptest rdeps [meta-oe,styhead,44/90] python3-gunicorn: Add missing rdeps for ptests [meta-oe,styhead,45/90] python3-eth-hash: Add packageconfigs and switch to pep517-backend [meta-oe,styhead,46/90] python3-validators: Add missing rdeps for ptests [meta-oe,styhead,47/90] syslog-ng: upgrade 4.6.0 -> 4.7.0 [meta-oe,styhead,48/90] polkit: Update Upstream-Status of a merged patch [meta-oe,styhead,49/90] capnproto: Add "capnp" to CVE_PRODUCT [meta-oe,styhead,50/90] fuse: Add "fuse:fuse" to CVE_PRODUCT [meta-oe,styhead,51/90] python3-pint: Upgrade to 0.24.3 [meta-oe,styhead,52/90] python3-pytest-mock: Fix ptests [meta-oe,styhead,53/90] python3-sqlparse: Add missing rdep on mypy module for ptests [meta-oe,styhead,54/90] Revert "gpsd: make the meta-python dependency conditionally" [meta-oe,styhead,55/90] gpsd: condition the runtime dependence of pyserial on the pygps [meta-oe,styhead,56/90] xfce4-panel: upgrade 4.18.3 -> 4.18.4 [meta-oe,styhead,57/90] softhsm: add destroyed global access prevention patch [meta-oe,styhead,58/90] audit: fix build when systemd is enabled. [meta-oe,styhead,59/90] python3-sqlalchemy: Upgrade 2.0.32 -> 2.0.35 and switch to PEP-517 build ba… [meta-oe,styhead,60/90] python3-alembic: switch to PEP-517 build backend [meta-oe,styhead,61/90] python3-inflate64: switch to PEP-517 build backend [meta-oe,styhead,62/90] python3-spidev: switch to PEP-517 build backend [meta-oe,styhead,63/90] python3-pastedeploy: switch to PEP-517 build backend [meta-oe,styhead,64/90] python3-reedsolo: switch to PEP-517 build backend [meta-oe,styhead,65/90] libtar: patch CVEs [meta-oe,styhead,66/90] curlpp: Fix build issue [meta-oe,styhead,67/90] libhugetlbfs: upgrade 2.23 -> 2.24 [meta-oe,styhead,68/90] libhugetlbfs: Use linker wrapper during build [meta-oe,styhead,69/90] libhugetlbfs: Fix contains reference to TMPDIR [buildpaths] error [meta-oe,styhead,70/90] wireshark: fix typo in PACKAGECONFIG[zstd] [meta-oe,styhead,71/90] webkitgtk3: Always use -g1 for debug flags [meta-oe,styhead,72/90] webkitgtk3: Fix build break with latest gir [meta-oe,styhead,73/90] nodejs: upgrade 20.17.0 -> 20.18.0 [meta-oe,styhead,74/90] xfce4-panel: upgrade 4.18.4 -> 4.18.5 [meta-oe,styhead,75/90] apache2: do not depend on zlib header and libs from host [meta-oe,styhead,76/90] wtmpdb: fix installed-vs-shipped build error [meta-oe,styhead,77/90] jansson: add JSON_INTEGER_IS_LONG_LONG for cmake [meta-oe,styhead,78/90] ndisc6: Fix reproducible build [meta-oe,styhead,79/90] cryptsetup: fix udev PACKAGECONFIG [meta-oe,styhead,80/90] sound-theme-freedesktop: Update SRC_URI [meta-oe,styhead,81/90] rsyslog: Enable 64bit atomics check [meta-oe,styhead,82/90] minidlna: fix reproducibility [meta-oe,styhead,83/90] kernel-selftest: Update to allow for turning on all tests [meta-oe,styhead,84/90] xmlrpc-c: update SRCREV [meta-oe,styhead,85/90] nodejs: cleanup [meta-oe,styhead,86/90] nmap: Fix off-by-one overflow in the IP protocol table. [meta-oe,styhead,87/90] wireguard-tools: fix do_fetch error [meta-oe,styhead,88/90] vlock: fix do_fetch error [meta-oe,styhead,89/90] xmlsec1: Switch SRC_URI to use github release [meta-oe,styhead,90/90] nng: Rename default branch of github.com:nanomsg/nng.git

Commit Message

akuster808 Nov. 5, 2024, 2:35 p.m. UTC

From: Shinji Matsunaga <shin.matsunaga@fujitsu.com>

Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".

Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit

In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".

Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-security/audit/audit_4.0.2.bb | 2 ++
 1 file changed, 2 insertions(+)

diff mbox series

Patch

diff --git a/meta-oe/recipes-security/audit/audit_4.0.2.bb b/meta-oe/recipes-security/audit/audit_4.0.2.bb
index d6742c9eb0..6bb8a2c703 100644
--- a/meta-oe/recipes-security/audit/audit_4.0.2.bb
+++ b/meta-oe/recipes-security/audit/audit_4.0.2.bb
@@ -99,3 +99,5 @@  do_install:append() {
     # Create /var/spool/audit directory for audisp-remote
     install -d -m 0700 ${D}${localstatedir}/spool/audit
 }
+
+CVE_PRODUCT = "linux:audit"