* [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
@ 2023-05-15 13:15 Sanjay Chitroda
2023-05-30 9:28 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
0 siblings, 1 reply; 3+ messages in thread
From: Sanjay Chitroda @ 2023-05-15 13:15 UTC (permalink / raw)
To: yocto; +Cc: Sanjay Chitroda
The CVE product name for selinux-* package is (usually) the selinux
(and not our recipe name), so use selinux as the default.
See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
---
recipes-security/selinux/selinux_common.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
SHLIBDIR="${base_libdir}" \
SYSTEMDDIR="${systemd_unitdir}"
}
+
+CVE_PRODUCT ?= "kernel:selinux"
--
2.35.6
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
2023-05-15 13:15 [meta-selinux][PATCH] selinux: Set CVE_PRODUCT Sanjay Chitroda
@ 2023-05-30 9:28 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
0 siblings, 0 replies; 3+ messages in thread
From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-05-30 9:28 UTC (permalink / raw)
To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC
at Cisco),
yocto
Hi all,
Any update/comment ?
Thanks,
Sanjay
-----Original Message-----
From: Sanjay Chitroda <schitrod@cisco.com>
Sent: Monday, May 15, 2023 6:45 PM
To: yocto@lists.yoctoproject.org
Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <schitrod@cisco.com>
Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default.
See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages."
Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
---
recipes-security/selinux/selinux_common.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
SHLIBDIR="${base_libdir}" \
SYSTEMDDIR="${systemd_unitdir}"
}
+
+CVE_PRODUCT ?= "kernel:selinux"
--
2.35.6
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
[not found] <20230512134151.2978644-1-schitrod@cisco.com>
@ 2023-05-27 2:53 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
0 siblings, 0 replies; 3+ messages in thread
From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-05-27 2:53 UTC (permalink / raw)
To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC
at Cisco),
yocto
Hi all,
Any update/comment ?
Thanks,
Sanjay
-----Original Message-----
From: Sanjay Chitroda <schitrod@cisco.com>
Sent: Friday, May 12, 2023 7:12 PM
To: yocto@lists.yoctoproject.org
Cc: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <schitrod@cisco.com>
Subject: [meta-selinux][PATCH] selinux: Set CVE_PRODUCT
The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default.
See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages."
Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
---
recipes-security/selinux/selinux_common.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 383f62d..cd51a86 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -15,3 +15,5 @@ do_install() {
SHLIBDIR="${base_libdir}" \
SYSTEMDDIR="${systemd_unitdir}"
}
+
+CVE_PRODUCT ?= "kernel:selinux"
--
2.35.6
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-30 9:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-15 13:15 [meta-selinux][PATCH] selinux: Set CVE_PRODUCT Sanjay Chitroda
2023-05-30 9:28 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
[not found] <20230512134151.2978644-1-schitrod@cisco.com>
2023-05-27 2:53 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).