summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/go/go-common.inc
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2023-12-11 13:49:46 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-12-13 11:34:27 +0000
commit7cf0c30096913f977c1bd0d7e2b167cac6b93aec (patch)
tree020c0f3ca613149abc6ee59c8a6d0b17ae0785c9 /meta/recipes-devtools/go/go-common.inc
parentf32178a2465ad59ec1618f57d2afd2fa9f366710 (diff)
downloadpoky-7cf0c30096913f977c1bd0d7e2b167cac6b93aec.tar.gz
go: set vendor in CVE_PRODUCT
It's not uncommon for specific third party modules to use "go" as the product[1]. However, the canonical CPE for the official Go language/runtime is always golang:go[2], so use that explicitly. [1] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-49292 [2] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-39320 (From OE-Core rev: fc3e9cce9e1a5aa5dc9a5ad4abdd4eb61f868d37) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go/go-common.inc')
-rw-r--r--meta/recipes-devtools/go/go-common.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-devtools/go/go-common.inc b/meta/recipes-devtools/go/go-common.inc
index 96e32eeb97..db165792dc 100644
--- a/meta/recipes-devtools/go/go-common.inc
+++ b/meta/recipes-devtools/go/go-common.inc
@@ -20,7 +20,7 @@ B = "${S}"
20UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar" 20UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
21 21
22# all recipe variants are created from the same product 22# all recipe variants are created from the same product
23CVE_PRODUCT = "go" 23CVE_PRODUCT = "golang:go"
24 24
25INHIBIT_PACKAGE_DEBUG_SPLIT = "1" 25INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
26SSTATE_SCAN_CMD = "true" 26SSTATE_SCAN_CMD = "true"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-19 08:54:25 +0000