Message ID | 20211229013456.474188-1-anuj.mittal@intel.com |
---|---|
State | Accepted, archived |
Commit | 4d5d63cf8605515bb659b6b732683d7fe6540728 |
Headers | show |
Series | xserver-xorg: update CVE_PRODUCT | expand |
On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote: > Some of the CVEs have x_server as the product name. > > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> > --- > meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > index 7d1f17e7777..4e88cf26f72 100644 > --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" > > UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" > > -CVE_PRODUCT = "xorg-server" > +CVE_PRODUCT = "xorg-server x_server" > > S = "${WORKDIR}/${XORG_PN}-${PV}" > This does add a number of CVEs for master. Do you have updates for those? They mostly look like things we probably would add to the ignore list at a quick glance? Cheers, Richard
I sent a patch to whitelist two, and the other will be dealt with via a CPE update. Ross On Mon, 10 Jan 2022 at 11:59, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Wed, 2021-12-29 at 09:34 +0800, Anuj Mittal wrote: > > Some of the CVEs have x_server as the product name. > > > > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> > > --- > > meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > > index 7d1f17e7777..4e88cf26f72 100644 > > --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > > +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc > > @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" > > > > UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" > > > > -CVE_PRODUCT = "xorg-server" > > +CVE_PRODUCT = "xorg-server x_server" > > > > S = "${WORKDIR}/${XORG_PN}-${PV}" > > > > This does add a number of CVEs for master. Do you have updates for those? They > mostly look like things we probably would add to the ignore list at a quick > glance? > > Cheers, > > Richard > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#160344): https://lists.openembedded.org/g/openembedded-core/message/160344 > Mute This Topic: https://lists.openembedded.org/mt/88007560/1676615 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross@burtonini.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 7d1f17e7777..4e88cf26f72 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" -CVE_PRODUCT = "xorg-server" +CVE_PRODUCT = "xorg-server x_server" S = "${WORKDIR}/${XORG_PN}-${PV}"
Some of the CVEs have x_server as the product name. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)