json-c: define CVE_VERSION

Message ID	20230927210632.15296-1-peter.marko@siemens.com
State	Accepted, archived
Commit	190dec283b7deeb7ff898d1811924db806509e4a
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.227, mailfrom: fm-256628-2023092721071056bb25fad56143db6d-n_b3rq@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][PATCH] json-c: define CVE_VERSION Date: Wed, 27 Sep 2023 23:06:32 +0200 Message-Id: <20230927210632.15296-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	json-c: define CVE_VERSION \| expand json-c: define CVE_VERSION

Message ID

20230927210632.15296-1-peter.marko@siemens.com

State

Accepted, archived

Commit

190dec283b7deeb7ff898d1811924db806509e4a

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][PATCH] json-c: define CVE_VERSION
Date: Wed, 27 Sep 2023 23:06:32 +0200
Message-Id: <20230927210632.15296-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

json-c: define CVE_VERSION | expand

Commit Message

Peter Marko Sept. 27, 2023, 9:06 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Recently NVD updated all CVEs for json-c and old fixed
cves are reported in some older yocto branches.
NVD match clause now includes full tag name including
date which is "greater" than tag without additional numbers.

Define CVE_VERSION identical to full tag also on master to
avoid future CVEs to be reported incorrectly.
Put it close to hash so recipe update patch includes this line.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/json-c/json-c_0.17.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/json-c/json-c_0.17.bb b/meta/recipes-devtools/json-c/json-c_0.17.bb
index b7b596212f..f4b7a32cea 100644
--- a/meta/recipes-devtools/json-c/json-c_0.17.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.17.bb
@@ -9,6 +9,9 @@  SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
            "
 SRC_URI[sha256sum] = "7550914d58fb63b2c3546f3ccfbe11f1c094147bd31a69dcd23714d7956159e6"
 
+# NVD uses full tag name including date
+CVE_VERSION = "0.17-20230812"
+
 UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags"
 UPSTREAM_CHECK_REGEX = "json-c-(?P<pver>\d+(\.\d+)+)-\d+"

json-c: define CVE_VERSION

Commit Message

Patch