[PATCH] systemd: set CVE

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH] systemd: set CVE_PRODUCT
@ 2024-12-13 12:02 Mikko Rapeli
  2024-12-13 12:14 ` [OE-core] " Marko, Peter
  0 siblings, 1 reply; 3+ messages in thread
From: Mikko Rapeli @ 2024-12-13 12:02 UTC (permalink / raw)
  To: openembedded-core; +Cc: Mikko Rapeli

systemd.inc is used by systemd, systemd-boot and
systemd-tools-native recipes so make sure all
match to "systemd_project:systemd" vendor and product
in CVE database. The split between systemd, systemd-boot
and systemd-tools-native is specific to oe-core and
upstream just refers to systemd.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/recipes-core/systemd/systemd.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 989ca667b7..288d49e007 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -20,3 +20,5 @@ SRCBRANCH = "v256-stable"
 SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}"
 
 S = "${WORKDIR}/git"
+
+CVE_PRODUCT = "systemd_project:systemd"
-- 
2.43.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [OE-core] [PATCH] systemd: set CVE_PRODUCT
  2024-12-13 12:02 [PATCH] systemd: set CVE_PRODUCT Mikko Rapeli
@ 2024-12-13 12:14 ` Marko, Peter
  2024-12-13 12:32   ` Mikko Rapeli
  0 siblings, 1 reply; 3+ messages in thread
From: Marko, Peter @ 2024-12-13 12:14 UTC (permalink / raw)
  To: mikko.rapeli@linaro.org, openembedded-core@lists.openembedded.org

For historical reasons, we should not limit the check to systemd_project vendor.

sqlite> select vendor, product, count(*) from products where product = 'systemd' group by vendor, product;
linux|systemd|1
systemd_project|systemd|106
sqlite> select * from products where vendor = 'linux' and product = 'systemd';
CVE-2012-1174|linux|systemd|43|=||

Peter

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Mikko Rapeli via
> lists.openembedded.org
> Sent: Friday, December 13, 2024 13:03
> To: openembedded-core@lists.openembedded.org
> Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
> Subject: [OE-core] [PATCH] systemd: set CVE_PRODUCT
> 
> systemd.inc is used by systemd, systemd-boot and
> systemd-tools-native recipes so make sure all
> match to "systemd_project:systemd" vendor and product
> in CVE database. The split between systemd, systemd-boot
> and systemd-tools-native is specific to oe-core and
> upstream just refers to systemd.
> 
> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
> ---
>  meta/recipes-core/systemd/systemd.inc | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-
> core/systemd/systemd.inc
> index 989ca667b7..288d49e007 100644
> --- a/meta/recipes-core/systemd/systemd.inc
> +++ b/meta/recipes-core/systemd/systemd.inc
> @@ -20,3 +20,5 @@ SRCBRANCH = "v256-stable"
>  SRC_URI =
> "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANC
> H}"
> 
>  S = "${WORKDIR}/git"
> +
> +CVE_PRODUCT = "systemd_project:systemd"
> --
> 2.43.0



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [OE-core] [PATCH] systemd: set CVE_PRODUCT
  2024-12-13 12:14 ` [OE-core] " Marko, Peter
@ 2024-12-13 12:32   ` Mikko Rapeli
  0 siblings, 0 replies; 3+ messages in thread
From: Mikko Rapeli @ 2024-12-13 12:32 UTC (permalink / raw)
  To: Marko, Peter; +Cc: openembedded-core@lists.openembedded.org

Hi,

On Fri, Dec 13, 2024 at 12:14:54PM +0000, Marko, Peter wrote:
> For historical reasons, we should not limit the check to systemd_project vendor.
> 
> sqlite> select vendor, product, count(*) from products where product = 'systemd' group by vendor, product;
> linux|systemd|1
> systemd_project|systemd|106
> sqlite> select * from products where vendor = 'linux' and product = 'systemd';
> CVE-2012-1174|linux|systemd|43|=||

Ok, will limit to just "systemd" product name in v2.

Cheers,

-Mikko


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-12-13 12:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-13 12:02 [PATCH] systemd: set CVE_PRODUCT Mikko Rapeli
2024-12-13 12:14 ` [OE-core] " Marko, Peter
2024-12-13 12:32   ` Mikko Rapeli

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox