Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Dimi Tomov <dimi@tpm.dev>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Buildroot Mailing List <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH 2/2] package/wolftpm: drop WOLFTPM_CPE_ID_VENDOR
Date: Sat, 11 Jun 2022 23:58:48 +0300	[thread overview]
Message-ID: <c9962256fbb1953ca91d02a16bf2cfe7@tpm.dev> (raw)
In-Reply-To: <CAPi7W81ydL4GF9YT4fndgthxFnhQ17yXCAugF=gqQDJ-UxYnNA@mail.gmail.com>

Hello Fabrice,

Now I understand the motivation behind your second patch. I also believe 
that there has been no CVE (yet) in wolfTPM. This patch makes sense.

Thank you for the contribution.

Dimi
-- 
Founder of TPM.dev


On 2022-06-11 11:38 PM, Fabrice Fontaine wrote:
> Le sam. 11 juin 2022 à 22:24, Dimi Tomov <dimi@tpm.dev> a écrit :
>> 
>> wolfssl[1] and wolfTPM[2] are open-source products of the same 
>> company,
>> wolfSSL Inc. [3]
>> 
>> Therefore, the wolfssl and wolftpm package share the same
>> WOLFTPM_CPE_ID_VENDOR.
>> 
>> In case that the CPE_ID_VENDOR is incorrect then this is true also for
>> the wolfssl package where the value originated.
> 
> wolfssl's CPE ID is correct as it is registered in the NVD NIST 
> database [1].
> 
> However, wolftpm product has not been registered to the NVD NIST
> database (presumably because no CVEs were found yet in wolftpm).
> So, this patch is correct.
> If you want to put back WOLFTPM_CPE_ID_VENDOR, I would advise to first
> send an email to cpe_dictionary@nist.gov [2] to register wolftpm
> product.
> 
> [1] 
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolfssl
> [2] https://nvd.nist.gov/products/cpe
>> 
>> Thank you for bringing this topic up for discussion.
>> 
>> [1] https://www.wolfssl.com/products/wolfssl/
>> [2] https://www.wolfssl.com/products/wolftpm/
>> [3] https://www.wolfssl.com/
>> 
>> Regards,
>> Dimi
>> --
>> Founder of TPM.dev
>> 
>> On 2022-06-11 05:35 PM, Fabrice Fontaine wrote:
>> > cpe:2.3:a:wolfssl:wolftpm has never been a valid CPE identifier for
>> > this
>> > package:
>> >
>> >
>> > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolftpm
>> >
>> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> > ---
>> >  package/wolftpm/wolftpm.mk | 1 -
>> >  1 file changed, 1 deletion(-)
>> >
>> > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk
>> > index f0cf0df0d3..042ccd22e1 100644
>> > --- a/package/wolftpm/wolftpm.mk
>> > +++ b/package/wolftpm/wolftpm.mk
>> > @@ -9,7 +9,6 @@ WOLFTPM_SITE = $(call
>> > github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION))
>> >  WOLFTPM_INSTALL_STAGING = YES
>> >  WOLFTPM_LICENSE = GPL-2.0+
>> >  WOLFTPM_LICENSE_FILES = LICENSE
>> > -WOLFTPM_CPE_ID_VENDOR = wolfssl
>> >  WOLFTPM_CONFIG_SCRIPTS = wolftpm-config
>> >
>> >  # wolfTPM's source code is released without a configure script,
> Best Regards,
> 
> Fabrice

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-06-11 20:59 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-11 14:35 [Buildroot] [PATCH 1/2] package/wolftpm: fix dependencies Fabrice Fontaine
2022-06-11 14:35 ` [Buildroot] [PATCH 2/2] package/wolftpm: drop WOLFTPM_CPE_ID_VENDOR Fabrice Fontaine
2022-06-11 20:24   ` Dimi Tomov
2022-06-11 20:38     ` Fabrice Fontaine
2022-06-11 20:58       ` Dimi Tomov [this message]
2022-06-11 20:19 ` [Buildroot] [PATCH 1/2] package/wolftpm: fix dependencies Dimi Tomov
2022-06-11 21:24   ` Fabrice Fontaine
2022-06-12  4:13     ` Dimi Tomov
2022-06-12  8:44       ` Fabrice Fontaine

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c9962256fbb1953ca91d02a16bf2cfe7@tpm.dev \
    --to=dimi@tpm.dev \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox