* [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
@ 2024-03-06 6:54 Qi.Chen
0 siblings, 0 replies; 3+ messages in thread
From: Qi.Chen @ 2024-03-06 6:54 UTC (permalink / raw
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
version should be the date only. Here's an example:
https://nvd.nist.gov/vuln/detail/CVE-2023-45232
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 3dc031d3b6..5b1353b8e8 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -30,6 +30,9 @@ PV = "edk2-stable202308"
SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
+CVE_PRODUCT = "edk2"
+CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
+
inherit deploy
PARALLEL_MAKE = ""
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
[not found] <17BA1A717836D800.29618@lists.openembedded.org>
@ 2024-03-27 3:47 ` ChenQi
2024-04-05 8:18 ` Richard Purdie
0 siblings, 1 reply; 3+ messages in thread
From: ChenQi @ 2024-03-27 3:47 UTC (permalink / raw
To: openembedded-core
ping
On 3/6/24 14:54, Chen Qi via lists.openembedded.org wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
> version should be the date only. Here's an example:
> https://nvd.nist.gov/vuln/detail/CVE-2023-45232
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
> index 3dc031d3b6..5b1353b8e8 100644
> --- a/meta/recipes-core/ovmf/ovmf_git.bb
> +++ b/meta/recipes-core/ovmf/ovmf_git.bb
> @@ -30,6 +30,9 @@ PV = "edk2-stable202308"
> SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
> UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
>
> +CVE_PRODUCT = "edk2"
> +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
> +
> inherit deploy
>
> PARALLEL_MAKE = ""
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#196659): https://lists.openembedded.org/g/openembedded-core/message/196659
> Mute This Topic: https://lists.openembedded.org/mt/104761710/3618072
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Qi.Chen@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION
2024-03-27 3:47 ` [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION ChenQi
@ 2024-04-05 8:18 ` Richard Purdie
0 siblings, 0 replies; 3+ messages in thread
From: Richard Purdie @ 2024-04-05 8:18 UTC (permalink / raw
To: Qi.Chen, openembedded-core
On Wed, 2024-03-27 at 11:47 +0800, Chen Qi via lists.openembedded.org
wrote:
> ping
>
> On 3/6/24 14:54, Chen Qi via lists.openembedded.org wrote:
> > From: Chen Qi <Qi.Chen@windriver.com>
> >
> > Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
> > version should be the date only. Here's an example:
> > https://nvd.nist.gov/vuln/detail/CVE-2023-45232
> >
> > Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> > ---
> > meta/recipes-core/ovmf/ovmf_git.bb | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-
> > core/ovmf/ovmf_git.bb
> > index 3dc031d3b6..5b1353b8e8 100644
> > --- a/meta/recipes-core/ovmf/ovmf_git.bb
> > +++ b/meta/recipes-core/ovmf/ovmf_git.bb
> > @@ -30,6 +30,9 @@ PV = "edk2-stable202308"
> > SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e"
> > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
> >
> > +CVE_PRODUCT = "edk2"
> > +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
> > +
> > inherit deploy
I did merge this but it breaks the cve checks:
https://autobuilder.yoctoproject.org/typhoon/#/builders/138/builds/1443/steps/15/logs/warnings
This needs to be fixed ASAP.
Cheers,
Richard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-05 8:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <17BA1A717836D800.29618@lists.openembedded.org>
2024-03-27 3:47 ` [OE-core][PATCH V2] ovmf: set CVE_PRODUCT and CVE_VERSION ChenQi
2024-04-05 8:18 ` Richard Purdie
2024-03-06 6:54 Qi.Chen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.