[PATCH] cve_check: Fix cpe_id generation

[PATCH] cve_check: Fix cpe_id generation

[Jasper Orschulko]

Use "*" (wildcard) instead of "a" (application)in cpe_id generation,
as the product is not necessarily of type application, e.g.
linux_kernel, which is of type "o" (operating system).

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
---
 meta/lib/oe/cve_check.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 5bf3caac47..3979d521d1 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -156,7 +156,7 @@ def get_cpe_ids(cve_product, version):
         else:
             vendor = "*"
 
-        cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
+        cpe_id = 'cpe:2.3:*:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
         cpe_ids.append(cpe_id)
 
     return cpe_ids
-- 
2.41.0

Re: [OE-core] [PATCH] cve_check: Fix cpe_id generation

[Luca Ceresoli]

Hello Jasper,

On Mon, 21 Aug 2023 14:02:30 +0200
"Jasper Orschulko via lists.openembedded.org"
<jasper=fancydomain.eu@lists.openembedded.org> wrote:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

As you can see your sender address has been mangled, and as a result
the patch is rejected by the the openembedded git server. This is not
your fault, but we need you to modify your git configuration to prevent
this from happening in the future. Have a look at the wiki for more
info and how to solve that:

https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Fixing_your_From_identity

I'm taking your patch for testing on the autobuilders fixing it
manually so you don't need to resend your patch this time.

Luca

-- 
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [OE-core] [PATCH] cve_check: Fix cpe_id generation

[jasper]

Hi Luca,

thanks for the heads-up. That's curious, I assumed this would not be a 
problem as my signing email address is the same as the from address?

(mbox) Adding cc: Jasper Orschulko <jasper@fancydomain.eu> from line 
'From: Jasper Orschulko <jasper@fancydomain.eu>'
(body) Adding cc: Jasper Orschulko <jasper@fancydomain.eu> from line 
'Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>'

Oh well, I added an explicit sendemail.from configuration to my 
gitconfig. I will send backport patches once this is merged in master, 
so we'll see if that had the desired effect.

Jasper

On 2023-08-21 14:10, Luca Ceresoli wrote:
> Hello Jasper,
> 
> On Mon, 21 Aug 2023 14:02:30 +0200
> "Jasper Orschulko via lists.openembedded.org"
> <jasper=fancydomain.eu@lists.openembedded.org> wrote:
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> As you can see your sender address has been mangled, and as a result
> the patch is rejected by the the openembedded git server. This is not
> your fault, but we need you to modify your git configuration to prevent
> this from happening in the future. Have a look at the wiki for more
> info and how to solve that:
> 
> https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Fixing_your_From_identity
> 
> I'm taking your patch for testing on the autobuilders fixing it
> manually so you don't need to resend your patch this time.
> 
> Luca