From c8c6508c22c59a09b7acce63bed28947788a46d4 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 20 Dec 2022 20:04:53 +0200 Subject: [PATCH 1/2] trusted-firmware-a.mk: use correct CPE ID There are 2 different CPE IDs on the NVD website: cpe:/a:arm:trusted_firmware-a cpe:/o:arm:arm_trusted_firmware The ID as currently used in trusted-firmware-a.mk does not exist. The CPE ID using the arm_trusted_firmware product name only lists a few records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the trusted_firmware-a product name lists many more records, and actually has a CVE linked to it. Therefore, use the CPE ID using the trusted_firmware-a product name. Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID") Signed-off-by: Stijn Tintel --- include/trusted-firmware-a.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/trusted-firmware-a.mk b/include/trusted-firmware-a.mk index 0b37c0f9438..082ada269c8 100644 --- a/include/trusted-firmware-a.mk +++ b/include/trusted-firmware-a.mk @@ -1,5 +1,5 @@ PKG_NAME ?= trusted-firmware-a -PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware +PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a ifndef PKG_SOURCE_PROTO PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz From 9ed1830bdc1e58efb3e5b17c0e484e1a2655b550 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 20 Dec 2022 20:04:54 +0200 Subject: [PATCH 2/2] arm-trusted-firmware-sunxi: drop CPE ID The CPE ID is already set in trusted-firmware-a.mk. Signed-off-by: Stijn Tintel --- package/boot/arm-trusted-firmware-sunxi/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/package/boot/arm-trusted-firmware-sunxi/Makefile b/package/boot/arm-trusted-firmware-sunxi/Makefile index 430d78f7a31..178b3958b82 100644 --- a/package/boot/arm-trusted-firmware-sunxi/Makefile +++ b/package/boot/arm-trusted-firmware-sunxi/Makefile @@ -8,7 +8,6 @@ include $(TOPDIR)/rules.mk PKG_NAME:=arm-trusted-firmware-sunxi -PKG_CPE_ID:=cpe:/o:arm:arm_trusted_firmware PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git