diff options
author | Ross Burton <ross.burton@arm.com> | 2023-12-11 13:49:46 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-13 11:34:07 +0000 |
commit | fc3e9cce9e1a5aa5dc9a5ad4abdd4eb61f868d37 (patch) | |
tree | f5af2ea3660eccb4543d2aa8c5cd91ea29018ee1 /meta/recipes-devtools/go | |
parent | 86164f770032bb66d4497c4e3e7591b7246ac2d9 (diff) | |
download | openembedded-core-fc3e9cce9e1a5aa5dc9a5ad4abdd4eb61f868d37.tar.gz |
go: set vendor in CVE_PRODUCT
It's not uncommon for specific third party modules to use "go" as the
product[1]. However, the canonical CPE for the official Go
language/runtime is always golang:go[2], so use that explicitly.
[1] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-49292
[2] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-39320
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'meta/recipes-devtools/go')
-rw-r--r-- | meta/recipes-devtools/go/go-binary-native_1.20.12.bb | 2 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-common.inc | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.12.bb b/meta/recipes-devtools/go/go-binary-native_1.20.12.bb index e555412a19..41db2ada80 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.20.12.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.20.12.bb @@ -16,7 +16,7 @@ SRC_URI[go_linux_ppc64le.sha256sum] = "2ae0ec3736216dfbd7b01ff679842dc1bed365e53 UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" -CVE_PRODUCT = "go" +CVE_PRODUCT = "golang:go" S = "${WORKDIR}/go" diff --git a/meta/recipes-devtools/go/go-common.inc b/meta/recipes-devtools/go/go-common.inc index 96e32eeb97..db165792dc 100644 --- a/meta/recipes-devtools/go/go-common.inc +++ b/meta/recipes-devtools/go/go-common.inc @@ -20,7 +20,7 @@ B = "${S}" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar" # all recipe variants are created from the same product -CVE_PRODUCT = "go" +CVE_PRODUCT = "golang:go" INHIBIT_PACKAGE_DEBUG_SPLIT = "1" SSTATE_SCAN_CMD = "true" |