Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.
From: Omkar Patil <omkar.patil@kpit.com>
set CVE_PRODUCT to avoid wrongly reported CVEs
Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
---
meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 3 +++
meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 6 ++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
index 24b17fc93..b15bcd228 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
@@ -22,6 +22,9 @@ UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"
inherit meson pkgconfig
+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"
+
DEPENDS = "udev"
PACKAGES =+ "fuse3-utils"
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 49682b3cd..cfd9650c9 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,10 +19,8 @@ SRC_URI = "
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases%2Fdownload%2F%24&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C83b651494f5444d27b7408da3efc9091%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637891551789489516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8ioNpnZj3C%2BoQR0JYG3ug7T23KvkRXMX9ST3YUwhzQM%3D&reserved=0{BP}/${BP}.tar.
SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"
-# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
-# REDHAT has also released the fix and updated their security advisories after significant releases.
-CVE_PRODUCT = "fuse"
-CVE_CHECK_WHITELIST += "CVE-2019-14860"
+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"
UPSTREAM_CHECK_URI = "
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C83b651494f5444d27b7408da3efc9091%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637891551789489516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o2sHG5VW6H%2BXEqkBThXg81ziwC6%2FaTFcbSYtVSpxrQ4%3D&reserved=0"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"
--
2.17.1