Date
1 - 2 of 2
[meta-filesystems][dunfell][PATCH] fuse: Set CVE_PRODUCT
|
omkar
From: Omkar Patil <omkar.patil@...>
set CVE_PRODUCT to avoid wrongly reported CVEs Signed-off-by: Omkar Patil <omkar.patil@...> Signed-off-by: Omkar Patil <omkarpatil10.93@...> --- meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 3 +++ meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 6 ++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb index 24b17fc93..b15bcd228 100644 --- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb +++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb @@ -22,6 +22,9 @@ UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz" inherit meson pkgconfig +# set vendor along with fuse to fix wrongly reported CVEs +CVE_PRODUCT = "fuse_project:fuse" + DEPENDS = "udev" PACKAGES =+ "fuse3-utils" diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb index 49682b3cd..cfd9650c9 100644 --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb @@ -19,10 +19,8 @@ SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar. SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" -# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. -# REDHAT has also released the fix and updated their security advisories after significant releases. -CVE_PRODUCT = "fuse" -CVE_CHECK_WHITELIST += "CVE-2019-14860" +# set vendor along with fuse to fix wrongly reported CVEs +CVE_PRODUCT = "fuse_project:fuse" UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases" UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz" -- 2.17.1 |
|
|
|
Ranjitsinh Rathod
Hi Armin,
We have sent this patch for dunfell so you can take this.
This will get applied without any conflicts.
Thanks,
Best Regards,
Ranjitsinh Rathod
From: openembedded-devel@... <openembedded-devel@...> on behalf of omkar via lists.openembedded.org <omkarpatil10.93=gmail.com@...>
Sent: Thursday, May 26, 2022 3:14 PM To: openembedded-devel@... <openembedded-devel@...>; omkarpatil10.93@... <omkarpatil10.93@...> Cc: Ranjitsinh Rathod <Ranjitsinh.Rathod@...>; Omkar Patil <Omkar.Patil@...> Subject: [oe][meta-filesystems][dunfell][PATCH] fuse: Set CVE_PRODUCT Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.
From: Omkar Patil <omkar.patil@...> set CVE_PRODUCT to avoid wrongly reported CVEs Signed-off-by: Omkar Patil <omkar.patil@...> Signed-off-by: Omkar Patil <omkarpatil10.93@...> --- meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 3 +++ meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 6 ++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb index 24b17fc93..b15bcd228 100644 --- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb +++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb @@ -22,6 +22,9 @@ UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz" inherit meson pkgconfig +# set vendor along with fuse to fix wrongly reported CVEs +CVE_PRODUCT = "fuse_project:fuse" + DEPENDS = "udev" PACKAGES =+ "fuse3-utils" diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb index 49682b3cd..cfd9650c9 100644 --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb @@ -19,10 +19,8 @@ SRC_URI = "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases%2Fdownload%2F%24&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C83b651494f5444d27b7408da3efc9091%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637891551789489516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8ioNpnZj3C%2BoQR0JYG3ug7T23KvkRXMX9ST3YUwhzQM%3D&reserved=0{BP}/${BP}.tar. SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" -# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. -# REDHAT has also released the fix and updated their security advisories after significant releases. -CVE_PRODUCT = "fuse" -CVE_CHECK_WHITELIST += "CVE-2019-14860" +# set vendor along with fuse to fix wrongly reported CVEs +CVE_PRODUCT = "fuse_project:fuse" UPSTREAM_CHECK_URI = "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C83b651494f5444d27b7408da3efc9091%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637891551789489516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o2sHG5VW6H%2BXEqkBThXg81ziwC6%2FaTFcbSYtVSpxrQ4%3D&reserved=0" UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz" -- 2.17.1 |
|
|
