* [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse"
@ 2021-01-15 10:50 Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems][gatesgarth] " Mikko Rapeli
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Mikko Rapeli @ 2021-01-15 10:50 UTC (permalink / raw)
To: openembedded-devel; +Cc: Mikko Rapeli
Other products like "RedHat:fuse" introduce false CVE findings like:
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
https://nvd.nist.gov/vuln/detail/CVE-2019-14860
https://nvd.nist.gov/vuln/detail/CVE-2020-25689
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
---
meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 2 ++
meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 2 ++
2 files changed, 4 insertions(+)
diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
index 24b17fc93..23028c605 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
@@ -20,6 +20,8 @@ S = "${WORKDIR}/fuse-${PV}"
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit meson pkgconfig
DEPENDS = "udev"
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 95e870691..2c272d452 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -22,6 +22,8 @@ SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit autotools pkgconfig update-rc.d systemd
INITSCRIPT_NAME = "fuse"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH][meta-filesystems][gatesgarth] fuse: set CVE_PRODUCT to "fuse_project:fuse"
2021-01-15 10:50 [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse" Mikko Rapeli
@ 2021-01-15 10:50 ` Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems] " Mikko Rapeli
2022-05-24 15:23 ` [PATCH][meta-filesystems][dunfell] " Ranjitsinh Rathod
2 siblings, 0 replies; 4+ messages in thread
From: Mikko Rapeli @ 2021-01-15 10:50 UTC (permalink / raw)
To: openembedded-devel; +Cc: Mikko Rapeli
Other products like "RedHat:fuse" introduce false CVE findings like:
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
https://nvd.nist.gov/vuln/detail/CVE-2019-14860
https://nvd.nist.gov/vuln/detail/CVE-2020-25689
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
---
meta-filesystems/recipes-support/fuse/fuse3_3.9.3.bb | 2 ++
meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 2 ++
2 files changed, 4 insertions(+)
diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.3.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.3.bb
index 8ef9ee12c..e80b3f553 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.3.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.3.bb
@@ -20,6 +20,8 @@ S = "${WORKDIR}/fuse-${PV}"
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit meson pkgconfig ptest
SRC_URI += " \
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 95e870691..2c272d452 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -22,6 +22,8 @@ SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit autotools pkgconfig update-rc.d systemd
INITSCRIPT_NAME = "fuse"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH][meta-filesystems] fuse: set CVE_PRODUCT to "fuse_project:fuse"
2021-01-15 10:50 [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse" Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems][gatesgarth] " Mikko Rapeli
@ 2021-01-15 10:50 ` Mikko Rapeli
2022-05-24 15:23 ` [PATCH][meta-filesystems][dunfell] " Ranjitsinh Rathod
2 siblings, 0 replies; 4+ messages in thread
From: Mikko Rapeli @ 2021-01-15 10:50 UTC (permalink / raw)
To: openembedded-devel; +Cc: Mikko Rapeli
Other products like "RedHat:fuse" introduce false CVE findings like:
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
https://nvd.nist.gov/vuln/detail/CVE-2019-14860
https://nvd.nist.gov/vuln/detail/CVE-2020-25689
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
---
meta-filesystems/recipes-support/fuse/fuse3_3.10.1.bb | 2 ++
meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 2 ++
2 files changed, 4 insertions(+)
diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.10.1.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.10.1.bb
index 80ce02872..49d6c15da 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.10.1.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.10.1.bb
@@ -20,6 +20,8 @@ S = "${WORKDIR}/fuse-${PV}"
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit meson pkgconfig ptest
SRC_URI += " \
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 95e870691..2c272d452 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -22,6 +22,8 @@ SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7
UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"
+CVE_PRODUCT = "fuse_project:fuse"
+
inherit autotools pkgconfig update-rc.d systemd
INITSCRIPT_NAME = "fuse"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse"
2021-01-15 10:50 [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse" Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems][gatesgarth] " Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems] " Mikko Rapeli
@ 2022-05-24 15:23 ` Ranjitsinh Rathod
2 siblings, 0 replies; 4+ messages in thread
From: Ranjitsinh Rathod @ 2022-05-24 15:23 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 145 bytes --]
Hi Armin,
May I know why this was not taken into dunfell branch?
This will fix the wrong CVE for the fuse component.
Thanks,
Ranjitsinh
[-- Attachment #2: Type: text/html, Size: 169 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-24 15:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-15 10:50 [PATCH][meta-filesystems][dunfell] fuse: set CVE_PRODUCT to "fuse_project:fuse" Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems][gatesgarth] " Mikko Rapeli
2021-01-15 10:50 ` [PATCH][meta-filesystems] " Mikko Rapeli
2022-05-24 15:23 ` [PATCH][meta-filesystems][dunfell] " Ranjitsinh Rathod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.