diff options
| author |   Ross Burton <ross@burtonini.com> | 2020-09-08 13:23:24 +0100 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2020-09-14 04:26:37 -1000 |
| commit | 3c0029c9cf22b6983020edf9ce2aeb7b326d8c12 (patch) | |
| tree | 374abae937e983deb93a8cdff6386996ed31a4b9 | |
| parent | deb77c59b9c11738a93fc80c1b256b3df8e14827 (diff) | |
| download | openembedded-core-contrib-3c0029c9cf22b6983020edf9ce2aeb7b326d8c12.tar.gz | |
curl: add vendors to CVE_PRODUCT to exclude false positives
To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand
the CVE_PRODUCT list to include all the vendors that have been used.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb265122cccea9466405fdd924ad10ce8cda0dec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/curl/curl_7.69.1.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 8b5170f021..dfcd533c80 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -14,7 +14,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8" -CVE_PRODUCT = "curl libcurl" +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" |