From patchwork Tue Aug 22 17:41:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jasper Orschulko X-Patchwork-Id: 29265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B17BEE49B0 for ; Tue, 22 Aug 2023 17:43:55 +0000 (UTC) Received: from mx.walter.deinstapel.de (mx.walter.deinstapel.de [62.176.232.100]) by mx.groups.io with SMTP id smtpd.web10.2662.1692726226578565949 for ; Tue, 22 Aug 2023 10:43:47 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@fancydomain.eu header.s=mail header.b=nX+3sFp2; spf=pass (domain: fancydomain.eu, ip: 62.176.232.100, mailfrom: jasper@fancydomain.eu) From: jasper@fancydomain.eu DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fancydomain.eu; s=mail; t=1692726223; bh=SzFEjrqmCJyrfjQvpEgarJUtTRctCnwnJy69QfiHbh0=; h=From:To:Cc:Subject; b=nX+3sFp2c7Saw9XE2rfldWWzICH/wlt0ygnUTwxQCaMCZB100AKmhiohv6cuNr4Ko X/m4GGwWwCxzWk7S7bZ7lgk/4lWuJ3iSVP1XeDI/oFKKAty+h8iGPG2tlHEOBJmKDS eAa0KrdyrYNiDarkZS6lOhcp8qlfLVg0G5gsVNj7gHxc9QEw0OUj/1o3xzNs5t3gbW 6ZqFDe//WK8zcEZ/GeRt5hMrvYfK4dQy2JLCUz1593/Dvb4C9r/UyIcjqInw1Use/5 jCllgn9TcnRXl4ZP1ZHbxvf2IAMEGi6EOBVwDM7wGMjWJk1QCSDq0yVQGG0EU3JI9s /piE1M4j/dIig== To: openembedded-core@lists.openembedded.org Cc: Jasper Orschulko , Luca Ceresoli , Richard Purdie Subject: [kirkstone][PATCH] cve_check: Fix cpe_id generation Date: Tue, 22 Aug 2023 19:41:04 +0200 Message-ID: <20230822174104.70321-1-jasper@fancydomain.eu> Mime-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 22 Aug 2023 17:43:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186519 From: Jasper Orschulko Use "*" (wildcard) instead of "a" (application)in cpe_id generation, as the product is not necessarily of type application, e.g. linux_kernel, which is of type "o" (operating system). (From OE-Core rev: cae9528b002c06143bf048b991b9d7e93968cb6b) Signed-off-by: Jasper Orschulko Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie --- meta/lib/oe/cve_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index 42a77872e9..06d3c6dbda 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -143,7 +143,7 @@ def get_cpe_ids(cve_product, version): else: vendor = "*" - cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version) + cpe_id = 'cpe:2.3:*:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version) cpe_ids.append(cpe_id) return cpe_ids