mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-19 13:48:06 +00:00
2ded629864
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Per the CycloneDX 1.4 spec, the `metadata.timestamp` field contains the date/time when the BOM was created [1]. Before the change, the value generated by the package-metadata.pl script would look like this: 2024-06-03T15:51:10 CycloneDX 1.4 relies on the JSON Schema specification version draft-07, which defines the `date-time` format [2] as derived from RFC 3339, section 5.6 [3]. In this format, the `time-offset` component is required, however in the original version of package-metadata.pl it is omitted. This is causing problems with OWASP Dependency-Track version 4.11.0 or newer, where it now validates submitted SBOMs against the JSON schema by default [4]. SBOMs with incorrect timestamp values are rejected with the following error: { "detail": "Schema validation failed", "errors": [ "$.metadata.timestamp: 2024-06-03T15:51:10 is an invalid date-time" ], "status": 400, "title": "The uploaded BOM is invalid" } Add explicit `Z` (UTC) timezone offset in the `timestamp` field to satisfy the CycloneDX schema. [1]: https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L116-L121 [2]: https://json-schema.org/draft-07/draft-handrews-json-schema-validation-01#rfc.section.7.3.1 [3]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6 [4]: https://github.com/DependencyTrack/dependency-track/pull/3522 Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu> |
||
---|---|---|
.. | ||
config | ||
flashing | ||
brcmImage.pl | ||
bundle-libraries.sh | ||
cameo-imghdr.py | ||
cameo-tag.py | ||
cfe-bin-header.py | ||
cfe-partition-tag.py | ||
cfe-wfi-tag.py | ||
check-toolchain-clean.sh | ||
checkpatch.pl | ||
clean-package.sh | ||
cleanfile | ||
cleanpatch | ||
combined-ext-image.sh | ||
combined-image.sh | ||
command_all.sh | ||
config.guess | ||
config.rpath | ||
config.sub | ||
const_structs.checkpatch | ||
deptest.sh | ||
diffconfig.sh | ||
dl_cleanup.py | ||
dl_github_archive.py | ||
download.pl | ||
dump-target-info.pl | ||
env | ||
ext-toolchain.sh | ||
ext-tools.sh | ||
feeds | ||
fixup-makefile.pl | ||
functions.sh | ||
gen_image_generic.sh | ||
gen-dependencies.sh | ||
get_source_date_epoch.sh | ||
getver.sh | ||
ipkg-build | ||
ipkg-make-index.sh | ||
ipkg-remove | ||
json_add_image_info.py | ||
json_overview_image_info.py | ||
kconfig.pl | ||
kernel_bump.sh | ||
make-ipkg-dir.sh | ||
md5sum | ||
metadata.pm | ||
mkhash.c | ||
mkits-qsdk-ipq-image.sh | ||
mkits-zyxel-fit-filogic.sh | ||
mkits-zyxel-fit.sh | ||
mkits.sh | ||
moxa-encode-fw.py | ||
netgear-encrypted-factory.py | ||
noop.sh | ||
om-fwupgradecfg-gen.sh | ||
package-metadata.pl | ||
pad_image | ||
patch-kernel.sh | ||
patch-specs.sh | ||
portable_date.sh | ||
qemustart | ||
redboot-script.pl | ||
relink-lib.sh | ||
remote-gdb | ||
rstrip.sh | ||
sercomm-crypto.py | ||
sercomm-kernel-header.py | ||
sercomm-partition-tag.py | ||
sercomm-payload.py | ||
sercomm-pid.py | ||
sign_images.sh | ||
size_compare.sh | ||
slugimage.pl | ||
spelling.txt | ||
srecimage.pl | ||
strip-kmod.sh | ||
symlink-tree.sh | ||
sysupgrade-tar.sh | ||
target-metadata.pl | ||
time.pl | ||
timestamp.pl | ||
ubinize-image.sh | ||
xxdi.pl |