Re: [OE-core][master][scarthgap][PATCH] libstd-rs,rust-cross-canadian: set CVE_PRODUCT to rust

Tue, 30 Jul 2024 23:33:42 -0700 

Gentle ping for scrathgap

> -----Original Message-----
> From: Marko, Peter (ADV D EU SK BFS1) <peter.ma...@siemens.com>
> Sent: Sunday, July 14, 2024 11:36
> To: openembedded-core@lists.openembedded.org
> Cc: Marko, Peter (ADV D EU SK BFS1) <peter.ma...@siemens.com>
> Subject: [OE-core][master][scarthgap][PATCH] libstd-rs,rust-cross-canadian:
> set CVE_PRODUCT to rust
> 
> From: Peter Marko <peter.ma...@siemens.com>
> 
> These recipes come from rust sources and CVEs are reported for them under
> rust-lang:rust vendor:product touple.
> Especially libstd-rs needs correct CVE_PRODUCT as is it installed on target
> devices (being statically linked to rust compiled binaries).
> 
> before:
> cargo: CVE_PRODUCT="cargo"
> cargo-c-native: CVE_PRODUCT="cargo-c"
> libstd-rs: CVE_PRODUCT="libstd-rs"
> rust: CVE_PRODUCT="rust"
> rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>"
> rust-llvm: CVE_PRODUCT="rust-llvm"
> 
> after:
> cargo: CVE_PRODUCT="cargo"
> cargo-c-native: CVE_PRODUCT="cargo-c"
> libstd-rs: CVE_PRODUCT="rust"
> rust: CVE_PRODUCT="rust"
> rust-cross-canadian-x86-64: CVE_PRODUCT="rust"
> rust-llvm: CVE_PRODUCT="rust-llvm"
> 
> Product for rust-llvm is uncertain and, should be handled in another commit if
> it is desired to align it, too.
> 
> sqlite> select vendor, product, count(product) from products where
> sqlite> vendor="rust-lang" group by product;
> rust-lang|async-h1|2
> rust-lang|cargo|5
> rust-lang|future-utils|2
> rust-lang|futures-task|2
> rust-lang|mdbook|1
> rust-lang|regex|2
> rust-lang|rsa|2
> rust-lang|rust|45
> rust-lang|socket2|1
> 
> Signed-off-by: Peter Marko <peter.ma...@siemens.com>
> ---
>  meta/recipes-devtools/rust/libstd-rs_1.75.0.bb     | 2 ++
>  meta/recipes-devtools/rust/rust-cross-canadian.inc | 1 +
>  2 files changed, 3 insertions(+)
> 
> diff --git a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb b/meta/recipes-
> devtools/rust/libstd-rs_1.75.0.bb
> index 5fc6fb97bb..14161714f2 100644
> --- a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb
> +++ b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb
> @@ -15,6 +15,8 @@ S = "${RUSTSRC}/library/sysroot"
>  RUSTLIB_DEP = ""
>  inherit cargo
> 
> +CVE_PRODUCT = "rust"
> +
>  DEPENDS:append:libc-musl = " libunwind"
>  # rv32 does not have libunwind ported yet
>  DEPENDS:remove:riscv32 = "libunwind"
> diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc
> b/meta/recipes-devtools/rust/rust-cross-canadian.inc
> index f962437d6b..c34b839d15 100644
> --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc
> +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc
> @@ -1,5 +1,6 @@
>  SUMMARY = "Rust compiler and runtime libaries (cross-canadian for
> ${TARGET_ARCH} target)"
>  PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}"
> +CVE_PRODUCT = "rust"
> 
>  inherit rust-target-config
>  inherit rust-common
> --
> 2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#202692): 
https://lists.openembedded.org/g/openembedded-core/message/202692
Mute This Topic: https://lists.openembedded.org/mt/107211812/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to