Looks like various smaller enhancements and fixes.
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.43
https://github.com/PCRE2Project/pcre2/blob/pcre2-10.43/NEWS
https://github.com/PCRE2Project/pcre2/blob/pcre2-10.43/ChangeLog
* License hash update. Copyright year changes.
Back to back bump. Apparently some regression.
Doesn't look very important to me. Oh well.
https://github.com/libffi/libffi/releases/tag/v3.4.6
* Forward patches, no changes.
Signed-off-by: Christian Melki
---
...libffi-Fix-location-of-libraries-for-multilib-toolch.patch | 0
This provides support for building SBOMs in CycloneDX format.
A target is added alongside the other reports, that (based on the
fast-bsp-report) extracts name, version, cpe and license of each target
package, and puts these into a final sbom-report in CycloneDX/JSON
format.
This requires a
Just to see how this could look for a handful of packages. Note that all
of these have a different way of specifying the vendor ID (one is
$PACKAGE_project, one is just $PACKAGE, one is something completely
different).
---
rules/acl.make| 1 +
rules/busybox.make| 2 ++
If a package specifies a CPE or CPE_VENDOR and CPE_PRODUCT, this is
extracted into the fast report for that package. If no CPE is
specified, or not both of CPE_VENDOR and CPE_PRODUCT, then no value is
added.
By default, the existing VERSION is used, but can be overridden with
CPE_VERSION.
Hi,
> I'd be happy to get a bit of initial feedback on the approach. I'll have a
> look at putting up some initial patches in the coming days too.
>
> Thanks in advance and best regards,
Sorry for the silence around this, but I've been busy with other things in
the last months.
Finally managed