[Buildroot] [PATCH 2/2] package/wolftpm: drop WOLFTPM_CPE_ID_VENDOR
Fabrice Fontaine
fontaine.fabrice at gmail.com
Sat Jun 11 20:38:42 UTC 2022
Le sam. 11 juin 2022 à 22:24, Dimi Tomov <dimi at tpm.dev> a écrit :
>
> wolfssl[1] and wolfTPM[2] are open-source products of the same company,
> wolfSSL Inc. [3]
>
> Therefore, the wolfssl and wolftpm package share the same
> WOLFTPM_CPE_ID_VENDOR.
>
> In case that the CPE_ID_VENDOR is incorrect then this is true also for
> the wolfssl package where the value originated.
wolfssl's CPE ID is correct as it is registered in the NVD NIST database [1].
However, wolftpm product has not been registered to the NVD NIST
database (presumably because no CVEs were found yet in wolftpm).
So, this patch is correct.
If you want to put back WOLFTPM_CPE_ID_VENDOR, I would advise to first
send an email to cpe_dictionary at nist.gov [2] to register wolftpm
product.
[1] https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolfssl
[2] https://nvd.nist.gov/products/cpe
>
> Thank you for bringing this topic up for discussion.
>
> [1] https://www.wolfssl.com/products/wolfssl/
> [2] https://www.wolfssl.com/products/wolftpm/
> [3] https://www.wolfssl.com/
>
> Regards,
> Dimi
> --
> Founder of TPM.dev
>
> On 2022-06-11 05:35 PM, Fabrice Fontaine wrote:
> > cpe:2.3:a:wolfssl:wolftpm has never been a valid CPE identifier for
> > this
> > package:
> >
> >
> > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awolfssl%3Awolftpm
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > ---
> > package/wolftpm/wolftpm.mk | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk
> > index f0cf0df0d3..042ccd22e1 100644
> > --- a/package/wolftpm/wolftpm.mk
> > +++ b/package/wolftpm/wolftpm.mk
> > @@ -9,7 +9,6 @@ WOLFTPM_SITE = $(call
> > github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION))
> > WOLFTPM_INSTALL_STAGING = YES
> > WOLFTPM_LICENSE = GPL-2.0+
> > WOLFTPM_LICENSE_FILES = LICENSE
> > -WOLFTPM_CPE_ID_VENDOR = wolfssl
> > WOLFTPM_CONFIG_SCRIPTS = wolftpm-config
> >
> > # wolfTPM's source code is released without a configure script,
Best Regards,
Fabrice
More information about the buildroot
mailing list