These recipes come from rust sources and CVEs are reported for them
under rust-lang:rust vendor:product touple.
Especially libstd-rs needs correct CVE_PRODUCT as is it installed on
target devices (being statically linked to rust compiled binaries).
before:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="libstd-rs"
rust: CVE_PRODUCT="rust"
rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>"
rust-llvm: CVE_PRODUCT="rust-llvm"
after:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="rust"
rust: CVE_PRODUCT="rust"
rust-cross-canadian-x86-64: CVE_PRODUCT="rust"
rust-llvm: CVE_PRODUCT="rust-llvm"
Product for rust-llvm is uncertain and, should be handled in another
commit if it is desired to align it, too.
sqlite> select vendor, product, count(product) from products where vendor="rust-lang" group by product;
rust-lang|async-h1|2
rust-lang|cargo|5
rust-lang|future-utils|2
rust-lang|futures-task|2
rust-lang|mdbook|1
rust-lang|regex|2
rust-lang|rsa|2
rust-lang|rust|45
rust-lang|socket2|1
(From OE-Core rev: 91bfe1f64ee3e2b8534baa8a3eb2fb7fa3521657)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e8cf1df16a6ec2785cacaf608bec5cd8496103af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* Drop backported musl fixes.
* Set `change-id` rather than `changelog-seen`
to fix build warning.
* Add fixes for 4b7e0a0b56aa24 ("Handle vendored sources
when remapping paths") which otherwise cause build failures:
| thread 'main' panicked at src/core/builder.rs:1795:26:
| std::fs::read_dir(registry_src) failed with No such file or directory (os=
error 2)
https://blog.rust-lang.org/2023/12/28/Rust-1.75.0.html
(From OE-Core rev: 9aec2c6c777388bb3129aa4c4f27a40f912522b4)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
