diff mbox series

[meta-python] python-grpcio(-tools): add grpc:grpc to cve product

Message ID 20250214174154.13911-1-peter.marko@siemens.com
State Accepted
Headers show
Series [meta-python] python-grpcio(-tools): add grpc:grpc to cve product | expand

Commit Message

Peter Marko Feb. 14, 2025, 5:41 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

These grpc python modules contain parts of grpc core.
Each CVE needs to be assessed if the patch applies also to core parts
included in each module.

Note that so far there was never a CVE specific for python module, only
for grpc:grpc and many of those needed to be fixed at leasts in grpcio:

sqlite> select vendor, product, count(*) from products where product like '%grpc%' group by vendor, product;
grpc|grpc|21
grpck|grpck|1
linuxfoundation|grpc_swift|9
microsoft|grpconv|1
opentelemetry|configgrpc|1

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../recipes-devtools/python/python3-grpcio-tools_1.70.0.bb      | 2 ++
 meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb    | 2 ++
 2 files changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb b/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
index e295e0329e..8af6bb5714 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
@@ -20,3 +20,5 @@  SRC_URI[sha256sum] = "e578fee7c1c213c8e471750d92631d00f178a15479fb2cb3b939a07fc1
 RDEPENDS:${PN} = "python3-grpcio"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT += "grpc:grpc"
diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
index bebfa51be1..c9edc1d541 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
@@ -35,3 +35,5 @@  CLEANBROKEN = "1"
 BBCLASSEXTEND = "native nativesdk"
 
 CCACHE_DISABLE = "1"
+
+CVE_PRODUCT += "grpc:grpc"