Message ID | 20240228145129.416828-1-christian@klarinett.li |
---|---|
State | Rejected |
Headers | show |
Series | package/arm-trusted-firmware: add ARM_TRUSTED_FIRMWARE_CPE_ID_* | expand |
On 28/02/2024 15:51, Christian Hitz via buildroot wrote: > From: Christian Hitz <christian.hitz@bbv.ch> > > cpe:2.3:o:arm:arm-trusted-firmware:2.4:-:*:*:*:*:*:* is a valid CPE > identifier for this package: > > https://nvd.nist.gov/products/cpe/detail/78601535-610A-45A5-A5F0-AFC6A27A7F83 This entry is from 2021, and they haven't added any entries for later versions (it's now at version 2.10). So I think this CPE entry is not relevant for any current version. If we add the CPE ID now, we will not notice if later they in fact name it e.g. trusted-firmware-arm. Note that the upstream repository is called trustedfirmware-a, and that there is a CPE entry for trusted_firmware-m [1] although that one also hasn't been updated for recent releases... So I don't think we should merge this. Regards, Arnout [1] https://nvd.nist.gov/products/cpe/detail/2AF395D6-6367-4EFF-A0D0-C0CB6CA99E3E > > Signed-off-by: Christian Hitz <christian.hitz@bbv.ch> > --- > boot/arm-trusted-firmware/arm-trusted-firmware.mk | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk > index 2d554c1da8..ebb9b8e9f6 100644 > --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk > +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk > @@ -24,6 +24,8 @@ ARM_TRUSTED_FIRMWARE_LICENSE = BSD-3-Clause > ARM_TRUSTED_FIRMWARE_LICENSE_FILES = docs/license.rst > endif > endif > +ARM_TRUSTED_FIRMWARE_CPE_ID_VENDOR = arm > +ARM_TRUSTED_FIRMWARE_CPE_ID_PREFIX = cpe:2.3:o > > ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE):$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT),y:y) > BR_NO_CHECK_HASH_FOR += $(ARM_TRUSTED_FIRMWARE_SOURCE)
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk index 2d554c1da8..ebb9b8e9f6 100644 --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk @@ -24,6 +24,8 @@ ARM_TRUSTED_FIRMWARE_LICENSE = BSD-3-Clause ARM_TRUSTED_FIRMWARE_LICENSE_FILES = docs/license.rst endif endif +ARM_TRUSTED_FIRMWARE_CPE_ID_VENDOR = arm +ARM_TRUSTED_FIRMWARE_CPE_ID_PREFIX = cpe:2.3:o ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE):$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT),y:y) BR_NO_CHECK_HASH_FOR += $(ARM_TRUSTED_FIRMWARE_SOURCE)