diff options
author | Ross Burton <ross.burton@intel.com> | 2019-11-06 17:37:30 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-11-07 19:47:26 +0000 |
commit | 7297cbd01ffe31a024b13a3ff2450f70df6aa7d1 (patch) | |
tree | 1f2b921076e20a7fb6e434f93a42d77f7ee34d15 /meta/recipes-core | |
parent | 054d2fb421bc894ea7d96316087b91b579374531 (diff) | |
download | poky-7297cbd01ffe31a024b13a3ff2450f70df6aa7d1.tar.gz |
glibc: exclude child recipes from CVE scanning
As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.
Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.
(From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17)
(From OE-Core rev: 2b9f1b654c726e7c7b2fe8710d60ca10212295f5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/glibc/glibc-locale.inc | 3 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc-mtrace.inc | 3 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc-scripts.inc | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc index e50e5cf5e3..06edcfeaee 100644 --- a/meta/recipes-core/glibc/glibc-locale.inc +++ b/meta/recipes-core/glibc/glibc-locale.inc | |||
@@ -95,3 +95,6 @@ do_install () { | |||
95 | inherit libc-package | 95 | inherit libc-package |
96 | 96 | ||
97 | BBCLASSEXTEND = "nativesdk" | 97 | BBCLASSEXTEND = "nativesdk" |
98 | |||
99 | # Don't scan for CVEs as glibc will be scanned | ||
100 | CVE_PRODUCT = "" | ||
diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc index d703c14bdc..ef9d60ec23 100644 --- a/meta/recipes-core/glibc/glibc-mtrace.inc +++ b/meta/recipes-core/glibc/glibc-mtrace.inc | |||
@@ -11,3 +11,6 @@ do_install() { | |||
11 | install -d -m 0755 ${D}${bindir} | 11 | install -d -m 0755 ${D}${bindir} |
12 | install -m 0755 ${SRC}/mtrace ${D}${bindir}/ | 12 | install -m 0755 ${SRC}/mtrace ${D}${bindir}/ |
13 | } | 13 | } |
14 | |||
15 | # Don't scan for CVEs as glibc will be scanned | ||
16 | CVE_PRODUCT = "" | ||
diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc index 2a2b41507e..14a14e4512 100644 --- a/meta/recipes-core/glibc/glibc-scripts.inc +++ b/meta/recipes-core/glibc/glibc-scripts.inc | |||
@@ -18,3 +18,6 @@ do_install() { | |||
18 | # sotruss script requires sotruss-lib.so (given by libsotruss package), | 18 | # sotruss script requires sotruss-lib.so (given by libsotruss package), |
19 | # to produce trace of the library calls. | 19 | # to produce trace of the library calls. |
20 | RDEPENDS_${PN} += "libsotruss" | 20 | RDEPENDS_${PN} += "libsotruss" |
21 | |||
22 | # Don't scan for CVEs as glibc will be scanned | ||
23 | CVE_PRODUCT = "" | ||