From: Omkar Patil <omkar.patil@...>

set CVE_PRODUCT to avoid wrongly reported CVEs

Signed-off-by: Omkar Patil <omkar.patil@...>
Signed-off-by: Omkar Patil <omkarpatil10.93@...>
---
meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 3 +++
meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 6 ++----
2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
index 24b17fc93..b15bcd228 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
@@ -22,6 +22,9 @@ UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"

inherit meson pkgconfig

+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"
+
DEPENDS = "udev"

PACKAGES =+ "fuse3-utils"
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 49682b3cd..cfd9650c9 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,10 +19,8 @@ SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"

-# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
-# REDHAT has also released the fix and updated their security advisories after significant releases.
-CVE_PRODUCT = "fuse"
-CVE_CHECK_WHITELIST += "CVE-2019-14860"
+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"

UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"
--
2.17.1