summaryrefslogtreecommitdiffstats
path: root/meta/classes/cve-check.bbclass
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-07-16 13:47:21 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-17 09:36:35 +0100
commitc75f0e92473906899950ce6b059fe6ab2cb41b5c (patch)
tree070d1ee88b34660c33fdc18769699e168bd49b43 /meta/classes/cve-check.bbclass
parent0c0a056db8c0f918a0daf9145b162e50f1a44124 (diff)
downloadpoky-c75f0e92473906899950ce6b059fe6ab2cb41b5c.tar.gz
glibc: exclude child recipes from CVE scanning
As glibc will be scanned for CVEs, we don't need to scan glibc-locale, glibc-mtrace, and glibc-scripts which are all separate recipes for technical reasons. Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the global whitelist. (From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
-rw-r--r--meta/classes/cve-check.bbclass4
1 files changed, 1 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5979edf3d1..19ac48cfd4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -37,9 +37,7 @@ CVE_CHECK_COPY_FILES ??= "1"
37CVE_CHECK_CREATE_MANIFEST ??= "1" 37CVE_CHECK_CREATE_MANIFEST ??= "1"
38 38
39# Whitelist for packages (PN) 39# Whitelist for packages (PN)
40CVE_CHECK_PN_WHITELIST = "\ 40CVE_CHECK_PN_WHITELIST ?= ""
41 glibc-locale \
42"
43 41
44# Whitelist for CVE and version of package. If a CVE is found then the PV is 42# Whitelist for CVE and version of package. If a CVE is found then the PV is
45# compared with the version list, and if found the CVE is considered 43# compared with the version list, and if found the CVE is considered