summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-07-16 13:47:21 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-17 09:36:35 +0100
commitc75f0e92473906899950ce6b059fe6ab2cb41b5c (patch)
tree070d1ee88b34660c33fdc18769699e168bd49b43
parent0c0a056db8c0f918a0daf9145b162e50f1a44124 (diff)
downloadpoky-c75f0e92473906899950ce6b059fe6ab2cb41b5c.tar.gz
glibc: exclude child recipes from CVE scanning
As glibc will be scanned for CVEs, we don't need to scan glibc-locale, glibc-mtrace, and glibc-scripts which are all separate recipes for technical reasons. Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the global whitelist. (From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/classes/cve-check.bbclass4
-rw-r--r--meta/recipes-core/glibc/glibc-locale.inc3
-rw-r--r--meta/recipes-core/glibc/glibc-mtrace.inc3
-rw-r--r--meta/recipes-core/glibc/glibc-scripts.inc3
4 files changed, 10 insertions, 3 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5979edf3d1..19ac48cfd4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -37,9 +37,7 @@ CVE_CHECK_COPY_FILES ??= "1"
37CVE_CHECK_CREATE_MANIFEST ??= "1" 37CVE_CHECK_CREATE_MANIFEST ??= "1"
38 38
39# Whitelist for packages (PN) 39# Whitelist for packages (PN)
40CVE_CHECK_PN_WHITELIST = "\ 40CVE_CHECK_PN_WHITELIST ?= ""
41 glibc-locale \
42"
43 41
44# Whitelist for CVE and version of package. If a CVE is found then the PV is 42# Whitelist for CVE and version of package. If a CVE is found then the PV is
45# compared with the version list, and if found the CVE is considered 43# compared with the version list, and if found the CVE is considered
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index bf5eaee938..ef06389ff9 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -98,3 +98,6 @@ do_install() {
98inherit libc-package 98inherit libc-package
99 99
100BBCLASSEXTEND = "nativesdk" 100BBCLASSEXTEND = "nativesdk"
101
102# Don't scan for CVEs as glibc will be scanned
103CVE_PRODUCT = ""
diff --git a/meta/recipes-core/glibc/glibc-mtrace.inc b/meta/recipes-core/glibc/glibc-mtrace.inc
index d703c14bdc..ef9d60ec23 100644
--- a/meta/recipes-core/glibc/glibc-mtrace.inc
+++ b/meta/recipes-core/glibc/glibc-mtrace.inc
@@ -11,3 +11,6 @@ do_install() {
11 install -d -m 0755 ${D}${bindir} 11 install -d -m 0755 ${D}${bindir}
12 install -m 0755 ${SRC}/mtrace ${D}${bindir}/ 12 install -m 0755 ${SRC}/mtrace ${D}${bindir}/
13} 13}
14
15# Don't scan for CVEs as glibc will be scanned
16CVE_PRODUCT = ""
diff --git a/meta/recipes-core/glibc/glibc-scripts.inc b/meta/recipes-core/glibc/glibc-scripts.inc
index 2a2b41507e..14a14e4512 100644
--- a/meta/recipes-core/glibc/glibc-scripts.inc
+++ b/meta/recipes-core/glibc/glibc-scripts.inc
@@ -18,3 +18,6 @@ do_install() {
18# sotruss script requires sotruss-lib.so (given by libsotruss package), 18# sotruss script requires sotruss-lib.so (given by libsotruss package),
19# to produce trace of the library calls. 19# to produce trace of the library calls.
20RDEPENDS_${PN} += "libsotruss" 20RDEPENDS_${PN} += "libsotruss"
21
22# Don't scan for CVEs as glibc will be scanned
23CVE_PRODUCT = ""
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-13 05:25:10 +0000