From 7297cbd01ffe31a024b13a3ff2450f70df6aa7d1 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 6 Nov 2019 17:37:30 +0200
Subject: glibc: exclude child recipes from CVE scanning

As glibc will be scanned for CVEs, we don't need to scan glibc-locale,
glibc-mtrace, and glibc-scripts which are all separate recipes for technical
reasons.

Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the
global whitelist.

(From OE-Core rev: 1f9a963b9ff7ebe052ba54b9fcbdf7d09478dd17)

(From OE-Core rev: 2b9f1b654c726e7c7b2fe8710d60ca10212295f5)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/cve-check.bbclass | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'meta/classes/cve-check.bbclass')

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5979edf3d1..19ac48cfd4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -37,9 +37,7 @@ CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
 
 # Whitelist for packages (PN)
-CVE_CHECK_PN_WHITELIST = "\
-    glibc-locale \
-"
+CVE_CHECK_PN_WHITELIST ?= ""
 
 # Whitelist for CVE and version of package. If a CVE is found then the PV is
 # compared with the version list, and if found the CVE is considered
-- 
cgit v1.2.3-54-g00ecf