[kirkstone,16/26] create-spdx: Fix supplier field

Message ID	504b50aec662f177fea452e05e29af8b36ca69fc.1660876844.git.steve@sakoman.com
State	Accepted, archived
Commit	504b50aec662f177fea452e05e29af8b36ca69fc
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.44, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/26] create-spdx: Fix supplier field Date: Thu, 18 Aug 2022 16:42:38 -1000 Message-Id: <504b50aec662f177fea452e05e29af8b36ca69fc.1660876844.git.steve@sakoman.com> In-Reply-To: <cover.1660876844.git.steve@sakoman.com> References: <cover.1660876844.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/26] gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow \| expand [kirkstone,01/26] gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow [kirkstone,02/26] qemu: fix CVE-2021-3507 [kirkstone,03/26] qemu: fix CVE-2021-3929 [kirkstone,04/26] qemu: fix CVE-2021-4158 [kirkstone,05/26] qemu: fix CVE-2022-0358 [kirkstone,06/26] qemu: fix CVE-2022-0216 [kirkstone,07/26] u-boot: fix CVE-2022-33103 [kirkstone,08/26] gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify [kirkstone,09/26] zlib: CVE-2022-37434 a heap-based buffer over-read [kirkstone,10/26] vim: update from 9.0.0063 to 9.0.0115 [kirkstone,11/26] devtool: error out when workspace is using old override syntax [kirkstone,12/26] devtool/upgrade: correctly clean up when recipe filename isn't yet known [kirkstone,13/26] devtool/upgrade: catch bb.fetch2.decodeurl errors [kirkstone,14/26] runqemu: Add missing space on default display option [kirkstone,15/26] archiver.bbclass: remove unsed do_deploy_archives[dirs] [kirkstone,16/26] create-spdx: Fix supplier field [kirkstone,17/26] create-spdx: ignore packing control files from ipk and deb [kirkstone,18/26] boost: fix install of fiber shared libraries [kirkstone,19/26] cmake: remove CMAKE_ASM_FLAGS variable in toolchain file [kirkstone,20/26] scripts/oe-setup-builddir: make it known where configurations come from [kirkstone,21/26] nativesdk: Clear TUNE_FEATURES [kirkstone,22/26] relocate_sdk.py: ensure interpreter size error causes relocation to fail [kirkstone,23/26] selftest/wic: Tweak test case to not depend on kernel size [kirkstone,24/26] lttng-modules: fix 5.19+ build [kirkstone,25/26] lttng-modules: fix build against mips and v5.19 kernel [kirkstone,26/26] lttng-modules: replace mips compaction fix with upstream change

Message ID

504b50aec662f177fea452e05e29af8b36ca69fc.1660876844.git.steve@sakoman.com

State

Accepted, archived

Commit

504b50aec662f177fea452e05e29af8b36ca69fc

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 16/26] create-spdx: Fix supplier field
Date: Thu, 18 Aug 2022 16:42:38 -1000
Message-Id: 
 <504b50aec662f177fea452e05e29af8b36ca69fc.1660876844.git.steve@sakoman.com>
In-Reply-To: <cover.1660876844.git.steve@sakoman.com>
References: <cover.1660876844.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/26] gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow | expand

Commit Message

Steve Sakoman Aug. 19, 2022, 2:42 a.m. UTC

From: Mihai Lindner <mihai.lindner@gmail.com>

The correct field name is "supplier" according to SPDX schema.
The "supplier" field translates to "PackageSupplier", but that's for
tag-value format.

Signed-off-by: Mihai Lindner <mihai.lindner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ca8db0e0a2860ac1e3f537471fa71b43c3be0a58)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/create-spdx.bbclass | 6 +++---
 meta/lib/oe/spdx.py              | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 37b6b569a1..f6827fccf7 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -445,7 +445,7 @@  python do_create_spdx() {
     recipe.name = d.getVar("PN")
     recipe.versionInfo = d.getVar("PV")
     recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
-    recipe.packageSupplier = d.getVar("SPDX_SUPPLIER")
+    recipe.supplier = d.getVar("SPDX_SUPPLIER")
     if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
         recipe.annotations.append(create_annotation(d, "isNative"))
 
@@ -555,7 +555,7 @@  python do_create_spdx() {
             spdx_package.name = pkg_name
             spdx_package.versionInfo = d.getVar("PV")
             spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
-            spdx_package.packageSupplier = d.getVar("SPDX_SUPPLIER")
+            spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
 
             package_doc.packages.append(spdx_package)
 
@@ -895,7 +895,7 @@  def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
     image.name = d.getVar("PN")
     image.versionInfo = d.getVar("PV")
     image.SPDXID = rootfs_spdxid
-    image.packageSupplier = d.getVar("SPDX_SUPPLIER")
+    image.supplier = d.getVar("SPDX_SUPPLIER")
 
     doc.packages.append(image)
 
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
index 14ca706895..6d56ed90df 100644
--- a/meta/lib/oe/spdx.py
+++ b/meta/lib/oe/spdx.py
@@ -218,7 +218,7 @@  class SPDXPackage(SPDXObject):
     SPDXID = _String()
     versionInfo = _String()
     downloadLocation = _String(default="NOASSERTION")
-    packageSupplier = _String(default="NOASSERTION")
+    supplier = _String(default="NOASSERTION")
     homepage = _String()
     licenseConcluded = _String(default="NOASSERTION")
     licenseDeclared = _String(default="NOASSERTION")

[kirkstone,16/26] create-spdx: Fix supplier field

Commit Message

Patch