From: Peter Marko <[email protected]> These recipes come from rust sources and CVEs are reported for them under rust-lang:rust vendor:product touple. Especially libstd-rs needs correct CVE_PRODUCT as is it installed on target devices (being statically linked to rust compiled binaries).
before: cargo: CVE_PRODUCT="cargo" cargo-c-native: CVE_PRODUCT="cargo-c" libstd-rs: CVE_PRODUCT="libstd-rs" rust: CVE_PRODUCT="rust" rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>" rust-llvm: CVE_PRODUCT="rust-llvm" after: cargo: CVE_PRODUCT="cargo" cargo-c-native: CVE_PRODUCT="cargo-c" libstd-rs: CVE_PRODUCT="rust" rust: CVE_PRODUCT="rust" rust-cross-canadian-x86-64: CVE_PRODUCT="rust" rust-llvm: CVE_PRODUCT="rust-llvm" Product for rust-llvm is uncertain and, should be handled in another commit if it is desired to align it, too. sqlite> select vendor, product, count(product) from products where vendor="rust-lang" group by product; rust-lang|async-h1|2 rust-lang|cargo|5 rust-lang|future-utils|2 rust-lang|futures-task|2 rust-lang|mdbook|1 rust-lang|regex|2 rust-lang|rsa|2 rust-lang|rust|45 rust-lang|socket2|1 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit e8cf1df16a6ec2785cacaf608bec5cd8496103af) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-devtools/rust/libstd-rs_1.75.0.bb | 2 ++ meta/recipes-devtools/rust/rust-cross-canadian.inc | 1 + 2 files changed, 3 insertions(+) diff --git a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb index d2bf266f9d..fe016e72d4 100644 --- a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb +++ b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb @@ -15,6 +15,8 @@ S = "${RUSTSRC}/library/sysroot" RUSTLIB_DEP = "" inherit cargo +CVE_PRODUCT = "rust" + DEPENDS:append:libc-musl = " libunwind" # rv32 does not have libunwind ported yet DEPENDS:remove:riscv32 = "libunwind" diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc b/meta/recipes-devtools/rust/rust-cross-canadian.inc index 7bfef6d175..8a51a02293 100644 --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc @@ -1,5 +1,6 @@ SUMMARY = "Rust compiler and runtime libaries (cross-canadian for ${TARGET_ARCH} target)" PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}" +CVE_PRODUCT = "rust" inherit rust-target-config inherit rust-common -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202960): https://lists.openembedded.org/g/openembedded-core/message/202960 Mute This Topic: https://lists.openembedded.org/mt/107718212/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
