Thanks, applied as 304a45f58b04a931fb9e688b8ced3d8ae39587fc. Michael
[sent from post-receive hook] On Mon, 17 Feb 2025 08:24:27 +0100, Roland Hieber <[email protected]> wrote: > Signed-off-by: Roland Hieber <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst > index 358701aab9e2..37748b09820e 100644 > --- a/doc/ref_make_variables.rst > +++ b/doc/ref_make_variables.rst > @@ -256,6 +256,18 @@ Package Definition > UTF-8 files the encoding can be specified with ``encoding=<enc>``. > See the section :ref:`licensing_in_packages` for more information. > > +``<PKG>_CVE_PRODUCT`` > + The product ID in the `CVE Database <https://www.cve.org>`__, used for > + generating SBoM reports. > + It can be of the form ``<vendor>:<product>`` and contain multiple values > + separated by spaces if necessary. > + If not set, it defaults to ``<PKG>``. > + > +``<PKG>_CVE_VERSION`` > + The version number in the `CVE Database <https://www.cve.org>`__, used for > + generating SBoM reports. > + If not set, it defaults to ``$(<PKG>_VERSION)``. > + > For most packages the variables described above are undefined by default. > However, for cross and host packages these variables default to the value > of the corresponding target package if it exists.
