From: Peter Marko Date: Wed, 27 Sep 2023 21:06:32 +0000 (+0200) Subject: json-c: define CVE_VERSION X-Git-Tag: yocto-4.3~134 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=190dec283b7deeb7ff898d1811924db806509e4a;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git json-c: define CVE_VERSION Recently NVD updated all CVEs for json-c and old fixed cves are reported in some older yocto branches. NVD match clause now includes full tag name including date which is "greater" than tag without additional numbers. Define CVE_VERSION identical to full tag also on master to avoid future CVEs to be reported incorrectly. Put it close to hash so recipe update patch includes this line. Signed-off-by: Peter Marko Signed-off-by: Alexandre Belloni --- diff --git a/meta/recipes-devtools/json-c/json-c_0.17.bb b/meta/recipes-devtools/json-c/json-c_0.17.bb index b7b596212f8..f4b7a32cea0 100644 --- a/meta/recipes-devtools/json-c/json-c_0.17.bb +++ b/meta/recipes-devtools/json-c/json-c_0.17.bb @@ -9,6 +9,9 @@ SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \ " SRC_URI[sha256sum] = "7550914d58fb63b2c3546f3ccfbe11f1c094147bd31a69dcd23714d7956159e6" +# NVD uses full tag name including date +CVE_VERSION = "0.17-20230812" + UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags" UPSTREAM_CHECK_REGEX = "json-c-(?P\d+(\.\d+)+)-\d+"