[kirkstone,02/10] orc: set CVE_PRODUCT

Message ID	c31dec7b32fe34fafd61dd593a2884eee13084fb.1753646578.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.177, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] orc: set CVE_PRODUCT Date: Sun, 27 Jul 2025 13:04:34 -0700 Message-ID: <c31dec7b32fe34fafd61dd593a2884eee13084fb.1753646578.git.steve@sakoman.com> In-Reply-To: <cover.1753646578.git.steve@sakoman.com> References: <cover.1753646578.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/10] binutils: Fix CVE-2025-7546 \| expand [kirkstone,01/10] binutils: Fix CVE-2025-7546 [kirkstone,02/10] orc: set CVE_PRODUCT [kirkstone,03/10] gnupg: fix CVE-2025-30258 [kirkstone,04/10] ffmpeg: Ignore two CVEs fixed in 5.0.3 [kirkstone,05/10] libpam: fix CVE-2025-6020 [kirkstone,06/10] ruby: correct fix for CVE-2024-43398 [kirkstone,07/10] ncurses: patch CVE-2025-6141 [kirkstone,08/10] glibc: stable 2.35 branch updates [kirkstone,09/10] scripts/install-buildtools: Update to 4.0.28 [kirkstone,10/10] db: ignore implicit-int and implicit-function-declaration issues fatal with gcc-14

Message ID

c31dec7b32fe34fafd61dd593a2884eee13084fb.1753646578.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/10] orc: set CVE_PRODUCT
Date: Sun, 27 Jul 2025 13:04:34 -0700
Message-ID: 
 <c31dec7b32fe34fafd61dd593a2884eee13084fb.1753646578.git.steve@sakoman.com>
In-Reply-To: <cover.1753646578.git.steve@sakoman.com>
References: <cover.1753646578.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/10] binutils: Fix CVE-2025-7546 | expand

Commit Message

Steve Sakoman July 27, 2025, 8:04 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

There are new CVEs reported for this recipe which are not for this
componene, but for a component with same name from apache.

sqlite> select vendor, product, id, count(*) from products where product like 'orc' group by vendor, product, id;
apache|orc|CVE-2018-8015|1
apache|orc|CVE-2025-47436|4
gstreamer|orc|CVE-2024-40897|1

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/orc/orc_0.4.40.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/orc/orc_0.4.40.bb b/meta/recipes-devtools/orc/orc_0.4.40.bb
index e437831cd7..ee96ca0a4c 100644
--- a/meta/recipes-devtools/orc/orc_0.4.40.bb
+++ b/meta/recipes-devtools/orc/orc_0.4.40.bb
@@ -9,6 +9,9 @@  SRC_URI[sha256sum] = "3fc2bee78dfb7c41fd9605061fc69138db7df007eae2f669a1f56e8bac
 
 inherit meson pkgconfig gtk-doc
 
+# distinguish from apache:orc
+CVE_PRODUCT = "gstreamer:orc"
+
 GTKDOC_MESON_OPTION = "gtk_doc"
 GTKDOC_MESON_ENABLE_FLAG = "enabled"
 GTKDOC_MESON_DISABLE_FLAG = "disabled"

[kirkstone,02/10] orc: set CVE_PRODUCT

Commit Message

Patch