curl: add vendors to CVE_PRODUCT to exclude false positives

To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used. (From OE-Core rev: 3c0029c9cf22b6983020edf9ce2aeb7b326d8c12) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bb265122cccea9466405fdd924ad10ce8cda0dec) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross@burtonini.com> 2020-09-08 13:23:24 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-17 12:51:24 +0100
commit: 6110dcd60f31bcfc8f20df26651dd1807118be05 (patch)
tree: 0bc2a7aae146d249637e43491a81660bed658fd0 /meta
parent: 59b9e3c0ef95fb8176970802067392516e83b5b6 (diff)
download: poky-6110dcd60f31bcfc8f20df26651dd1807118be05.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 8b5170f021..dfcd533c80 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -14,7 +14,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
 SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8"
-CVE_PRODUCT = "curl libcurl"
+# Curl has used many names over the years...
+CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 inherit autotools pkgconfig binconfig multilib_header
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
author	Ross Burton <ross@burtonini.com>	2020-09-08 13:23:24 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-09-17 12:51:24 +0100
commit	6110dcd60f31bcfc8f20df26651dd1807118be05 (patch)
tree	0bc2a7aae146d249637e43491a81660bed658fd0 /meta
parent	59b9e3c0ef95fb8176970802067392516e83b5b6 (diff)
download	poky-6110dcd60f31bcfc8f20df26651dd1807118be05.tar.gz

diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 8b5170f021..dfcd533c80 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -14,7 +14,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
14	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"	14	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
15	SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8"	15	SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8"
16		16
17	CVE_PRODUCT = "curl libcurl"	17	# Curl has used many names over the years...
		18	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
		19
18	inherit autotools pkgconfig binconfig multilib_header	20	inherit autotools pkgconfig binconfig multilib_header
19		21
20	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"	22	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"