On 08/04/2024 11:59:04+0200, Alexandre Belloni wrote: > Since this merged, we have: > > WARNING: ovmf-native-edk2-stable202308-r0 do_cve_check: edk2: Failed to > compare 202308 < svn_16280 for CVE-2014-8271
This is because the second patch wasn't merged > > On 06/04/2024 12:41:28+0800, Chen Qi via lists.openembedded.org wrote: > > From: Chen Qi <qi.c...@windriver.com> > > > > Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the > > version should be the date only. Here's an example: > > https://nvd.nist.gov/vuln/detail/CVE-2023-45232 > > > > Signed-off-by: Chen Qi <qi.c...@windriver.com> > > --- > > meta/recipes-core/ovmf/ovmf_git.bb | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/meta/recipes-core/ovmf/ovmf_git.bb > > b/meta/recipes-core/ovmf/ovmf_git.bb > > index 3dc031d3b6..5b1353b8e8 100644 > > --- a/meta/recipes-core/ovmf/ovmf_git.bb > > +++ b/meta/recipes-core/ovmf/ovmf_git.bb > > @@ -30,6 +30,9 @@ PV = "edk2-stable202308" > > SRCREV = "819cfc6b42a68790a23509e4fcc58ceb70e1965e" > > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" > > > > +CVE_PRODUCT = "edk2" > > +CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}" > > + > > inherit deploy > > > > PARALLEL_MAKE = "" > > -- > > 2.34.1 > > > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198007): https://lists.openembedded.org/g/openembedded-core/message/198007 Mute This Topic: https://lists.openembedded.org/mt/105362148/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-