diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-11-06 17:37:30 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-11-07 19:47:26 +0000 |
| commit | 7297cbd01ffe31a024b13a3ff2450f70df6aa7d1 (patch) | |
| tree | 1f2b921076e20a7fb6e434f93a42d77f7ee34d15 /meta/classes | |
| parent | 054d2fb421bc894ea7d96316087b91b579374531 (diff) | |
| download | poky-7297cbd01ffe31a024b13a3ff2450f70df6aa7d1.tar.gz | |
glibc: exclude child recipes from CVE scanning
As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.
Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.
(From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17)
(From OE-Core rev: 2b9f1b654c726e7c7b2fe8710d60ca10212295f5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/cve-check.bbclass | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5979edf3d1..19ac48cfd4 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
| @@ -37,9 +37,7 @@ CVE_CHECK_COPY_FILES ??= "1" | |||
| 37 | CVE_CHECK_CREATE_MANIFEST ??= "1" | 37 | CVE_CHECK_CREATE_MANIFEST ??= "1" |
| 38 | 38 | ||
| 39 | # Whitelist for packages (PN) | 39 | # Whitelist for packages (PN) |
| 40 | CVE_CHECK_PN_WHITELIST = "\ | 40 | CVE_CHECK_PN_WHITELIST ?= "" |
| 41 | glibc-locale \ | ||
| 42 | " | ||
| 43 | 41 | ||
| 44 | # Whitelist for CVE and version of package. If a CVE is found then the PV is | 42 | # Whitelist for CVE and version of package. If a CVE is found then the PV is |
| 45 | # compared with the version list, and if found the CVE is considered | 43 | # compared with the version list, and if found the CVE is considered |