curl: add vendors to CVE_PRODUCT to exclude false positives

To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used. (From OE-Core rev: bb265122cccea9466405fdd924ad10ce8cda0dec) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross@burtonini.com> 2020-09-08 13:23:24 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-08 16:43:40 +0100
commit: 12f23b06fc3322432d45fbb38d80d72181924194 (patch)
tree: c3977a52d534284df0803c1276404ec5ab8f0d62 /meta
parent: 260f490c28a7df7ae11d21d53578c948b7a4020b (diff)
download: poky-12f23b06fc3322432d45fbb38d80d72181924194.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-support/curl/curl_7.72.0.bb b/meta/recipes-support/curl/curl_7.72.0.bb
index e7f5492694..a2ae0b6901 100644
--- a/meta/recipes-support/curl/curl_7.72.0.bb
+++ b/meta/recipes-support/curl/curl_7.72.0.bb
@@ -11,7 +11,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
 SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef"
-CVE_PRODUCT = "curl libcurl"
+# Curl has used many names over the years...
+CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 inherit autotools pkgconfig binconfig multilib_header
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
author	Ross Burton <ross@burtonini.com>	2020-09-08 13:23:24 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-09-08 16:43:40 +0100
commit	12f23b06fc3322432d45fbb38d80d72181924194 (patch)
tree	c3977a52d534284df0803c1276404ec5ab8f0d62 /meta
parent	260f490c28a7df7ae11d21d53578c948b7a4020b (diff)
download	poky-12f23b06fc3322432d45fbb38d80d72181924194.tar.gz

diff --git a/meta/recipes-support/curl/curl_7.72.0.bb b/meta/recipes-support/curl/curl_7.72.0.bb index e7f5492694..a2ae0b6901 100644 --- a/meta/recipes-support/curl/curl_7.72.0.bb +++ b/meta/recipes-support/curl/curl_7.72.0.bb
@@ -11,7 +11,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
11		11
12	SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef"	12	SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef"
13		13
14	CVE_PRODUCT = "curl libcurl"	14	# Curl has used many names over the years...
		15	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
		16
15	inherit autotools pkgconfig binconfig multilib_header	17	inherit autotools pkgconfig binconfig multilib_header
16		18
17	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"	19	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"