* [meta-oe][PATCH] lzo: add CVE_PRODUCT
@ 2021-08-19 6:33 Marta Rybczynska
2021-08-19 12:53 ` [OE-core] " Ross Burton
0 siblings, 1 reply; 3+ messages in thread
From: Marta Rybczynska @ 2021-08-19 6:33 UTC (permalink / raw)
To: openembedded-core, denis; +Cc: Marta Rybczynska, Marta Rybczynska
lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607) were
not reported.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
meta/recipes-support/lzo/lzo_2.10.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/lzo/lzo_2.10.bb b/meta/recipes-support/lzo/lzo_2.10.bb
index 85b14b3c5c..31a229c7f5 100644
--- a/meta/recipes-support/lzo/lzo_2.10.bb
+++ b/meta/recipes-support/lzo/lzo_2.10.bb
@@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42
inherit autotools ptest
+CVE_PRODUCT = "oberhumer:lzo2"
+
EXTRA_OECONF = "--enable-shared"
do_install_ptest() {
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [meta-oe][PATCH] lzo: add CVE_PRODUCT
2021-08-19 6:33 [meta-oe][PATCH] lzo: add CVE_PRODUCT Marta Rybczynska
@ 2021-08-19 12:53 ` Ross Burton
2021-08-19 15:46 ` Marta Rybczynska
0 siblings, 1 reply; 3+ messages in thread
From: Ross Burton @ 2021-08-19 12:53 UTC (permalink / raw)
To: Marta Rybczynska; +Cc: OE-core
This replaces the default value of 'lzo', it might be safer to use +=
so both this name and just lzo are searched for.
The CVE database isn't very reliable for consistent naming, so I
prefer to cover all bases.
Ross
On Thu, 19 Aug 2021 at 07:33, Marta Rybczynska <rybczynska@gmail.com> wrote:
>
> lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607) were
> not reported.
>
> Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
> ---
> meta/recipes-support/lzo/lzo_2.10.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-support/lzo/lzo_2.10.bb b/meta/recipes-support/lzo/lzo_2.10.bb
> index 85b14b3c5c..31a229c7f5 100644
> --- a/meta/recipes-support/lzo/lzo_2.10.bb
> +++ b/meta/recipes-support/lzo/lzo_2.10.bb
> @@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42
>
> inherit autotools ptest
>
> +CVE_PRODUCT = "oberhumer:lzo2"
> +
> EXTRA_OECONF = "--enable-shared"
>
> do_install_ptest() {
> --
> 2.30.2
>
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [meta-oe][PATCH] lzo: add CVE_PRODUCT
2021-08-19 12:53 ` [OE-core] " Ross Burton
@ 2021-08-19 15:46 ` Marta Rybczynska
0 siblings, 0 replies; 3+ messages in thread
From: Marta Rybczynska @ 2021-08-19 15:46 UTC (permalink / raw)
To: Ross Burton; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 1492 bytes --]
Thanks for looking into this. I've used the cve_check pass from
https://lists.openembedded.org/g/openembedded-core/message/154677
and just with 'lzo' there are no results. I can add both if that seems
safer, fine for me. Will submit a new version.
Regards,
Marta
On Thu, Aug 19, 2021 at 2:54 PM Ross Burton <ross@burtonini.com> wrote:
> This replaces the default value of 'lzo', it might be safer to use +=
> so both this name and just lzo are searched for.
>
> The CVE database isn't very reliable for consistent naming, so I
> prefer to cover all bases.
>
> Ross
>
> On Thu, 19 Aug 2021 at 07:33, Marta Rybczynska <rybczynska@gmail.com>
> wrote:
> >
> > lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607)
> were
> > not reported.
> >
> > Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
> > ---
> > meta/recipes-support/lzo/lzo_2.10.bb | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/meta/recipes-support/lzo/lzo_2.10.bb
> b/meta/recipes-support/lzo/lzo_2.10.bb
> > index 85b14b3c5c..31a229c7f5 100644
> > --- a/meta/recipes-support/lzo/lzo_2.10.bb
> > +++ b/meta/recipes-support/lzo/lzo_2.10.bb
> > @@ -18,6 +18,8 @@ SRC_URI[sha256sum] =
> "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42
> >
> > inherit autotools ptest
> >
> > +CVE_PRODUCT = "oberhumer:lzo2"
> > +
> > EXTRA_OECONF = "--enable-shared"
> >
> > do_install_ptest() {
> > --
> > 2.30.2
> >
> >
> >
> >
>
[-- Attachment #2: Type: text/html, Size: 2584 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-19 15:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-19 6:33 [meta-oe][PATCH] lzo: add CVE_PRODUCT Marta Rybczynska
2021-08-19 12:53 ` [OE-core] " Ross Burton
2021-08-19 15:46 ` Marta Rybczynska
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.