Re: [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
On Wed, 2024-03-27 at 11:47 +0800, Chen Qi via lists.openembedded.org
wrote:
> ping
>
> On 3/6/24 14:54, Chen Qi via lists.openembedded.org wrote:
> > From: Chen Qi
> >
> > Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
> > version should be the date only. Here's an example:
> > https://nvd.nist.gov/vuln/detail/CVE-2023-45232
> >
> > Signed-off-by: Chen Qi
> > ---
> > meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-
> > core/ovmf/ovmf_git.bb
> > index 3dc031d3b6..5b1353b8e8 100644
> > --- a/meta/recipes-core/ovmf/ovmf_git.bb
> > +++ b/meta/recipes-core/ovmf/ovmf_git.bb
> > @@ -30,6 +30,9 @@ PV = "edk2-stable202308"
> > SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
> > UPSTREAM_CHECK_GITTAGREGEX = "(?Pedk2-stable.*)"
> >
> > +CVE_PRODUCT = "edk2"
> > +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
> > +
> > inherit deploy
I did merge this but it breaks the cve checks:
https://autobuilder.yoctoproject.org/typhoon/#/builders/138/builds/1443/steps/15/logs/warnings
This needs to be fixed ASAP.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197977):
https://lists.openembedded.org/g/openembedded-core/message/197977
Mute This Topic: https://lists.openembedded.org/mt/104761710/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
ping
On 3/6/24 14:54, Chen Qi via lists.openembedded.org wrote:
From: Chen Qi
Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
version should be the date only. Here's an example:
https://nvd.nist.gov/vuln/detail/CVE-2023-45232
Signed-off-by: Chen Qi
---
meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb
b/meta/recipes-core/ovmf/ovmf_git.bb
index 3dc031d3b6..5b1353b8e8 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -30,6 +30,9 @@ PV = "edk2-stable202308"
SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
UPSTREAM_CHECK_GITTAGREGEX = "(?Pedk2-stable.*)"
+CVE_PRODUCT = "edk2"
+CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
+
inherit deploy
PARALLEL_MAKE = ""
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197547):
https://lists.openembedded.org/g/openembedded-core/message/197547
Mute This Topic: https://lists.openembedded.org/mt/104761710/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
From: Chen Qi
Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
version should be the date only. Here's an example:
https://nvd.nist.gov/vuln/detail/CVE-2023-45232
Signed-off-by: Chen Qi
---
meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb
b/meta/recipes-core/ovmf/ovmf_git.bb
index 3dc031d3b6..5b1353b8e8 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -30,6 +30,9 @@ PV = "edk2-stable202308"
SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
UPSTREAM_CHECK_GITTAGREGEX = "(?Pedk2-stable.*)"
+CVE_PRODUCT = "edk2"
+CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
+
inherit deploy
PARALLEL_MAKE = ""
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196659):
https://lists.openembedded.org/g/openembedded-core/message/196659
Mute This Topic: https://lists.openembedded.org/mt/104761710/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
