On Wed, 2024-03-27 at 11:47 +0800, Chen Qi via lists.openembedded.org wrote: > ping > > On 3/6/24 14:54, Chen Qi via lists.openembedded.org wrote: > > From: Chen Qi <[email protected]> > > > > Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the > > version should be the date only. Here's an example: > > https://nvd.nist.gov/vuln/detail/CVE-2023-45232 > > > > Signed-off-by: Chen Qi <[email protected]> > > --- > > meta/recipes-core/ovmf/ovmf_git.bb | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes- > > core/ovmf/ovmf_git.bb > > index 3dc031d3b6..5b1353b8e8 100644 > > --- a/meta/recipes-core/ovmf/ovmf_git.bb > > +++ b/meta/recipes-core/ovmf/ovmf_git.bb > > @@ -30,6 +30,9 @@ PV = "edk2-stable202308" > > SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e" > > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" > > > > +CVE_PRODUCT = "edk2" > > +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}" > > + > > inherit deploy
I did merge this but it breaks the cve checks: https://autobuilder.yoctoproject.org/typhoon/#/builders/138/builds/1443/steps/15/logs/warnings This needs to be fixed ASAP. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197977): https://lists.openembedded.org/g/openembedded-core/message/197977 Mute This Topic: https://lists.openembedded.org/mt/104761710/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
