diff mbox series

[meta-filesystems,dunfell] fuse: Set CVE_PRODUCT

Message ID 20220526094431.19582-1-omkarpatil10.93@gmail.com
State New
Headers show
Series [meta-filesystems,dunfell] fuse: Set CVE_PRODUCT | expand

Commit Message

Omkar Patil May 26, 2022, 9:44 a.m. UTC 
From: Omkar Patil <omkar.patil@kpit.com>

set CVE_PRODUCT to avoid wrongly reported CVEs

Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
---
 meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb | 3 +++
 meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb  | 6 ++----
 2 files changed, 5 insertions(+), 4 deletions(-)

Comments

Ranjitsinh Rathod May 26, 2022, 9:54 a.m. UTC | #1 
Hi Armin,

We have sent this patch for dunfell so you can take this.
This will get applied without any conflicts.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
diff mbox series

Patch

diff --git a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
index 24b17fc93..b15bcd228 100644
--- a/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse3_3.9.2.bb
@@ -22,6 +22,9 @@  UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>3(\.\d+)+).tar.xz"
 
 inherit meson pkgconfig
 
+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"
+
 DEPENDS = "udev"
 
 PACKAGES =+ "fuse3-utils"
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 49682b3cd..cfd9650c9 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,10 +19,8 @@  SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
 SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
 SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"
 
-# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
-# REDHAT has also released the fix and updated their security advisories after significant releases.
-CVE_PRODUCT = "fuse"
-CVE_CHECK_WHITELIST += "CVE-2019-14860"
+# set vendor along with fuse to fix wrongly reported CVEs
+CVE_PRODUCT = "fuse_project:fuse"
 
 UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases"
 UPSTREAM_CHECK_REGEX = "fuse\-(?P<pver>2(\.\d+)+).tar.gz"