From: Jasper Orschulko <jasper@fancydomain.eu>
Date: Mon, 21 Aug 2023 12:02:30 +0000 (+0200)
Subject: cve_check: Fix cpe_id generation
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7c1def3c3c3a72249802ef6fb64292277a7a53e;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

cve_check: Fix cpe_id generation

Use "*" (wildcard) instead of "a" (application)in cpe_id generation,
as the product is not necessarily of type application, e.g.
linux_kernel, which is of type "o" (operating system).

(From OE-Core rev: cae9528b002c06143bf048b991b9d7e93968cb6b)

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 5bf3caac477..3979d521d10 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -156,7 +156,7 @@ def get_cpe_ids(cve_product, version):
         else:
             vendor = "*"
 
-        cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
+        cpe_id = 'cpe:2.3:*:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
         cpe_ids.append(cpe_id)
 
     return cpe_ids