[meta-oe,whinlatter,28/28] xerces-c: set CVE_PRODUCT

Message ID	20260119082752.4120991-28-ankur.tyagi85@gmail.com
State	New
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.214.180, mailfrom: ankur.tyagi85@gmail.com) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari <skandigraun@gmail.com>, Khem Raj <raj.khem@gmail.com>, Ankur Tyagi <ankur.tyagi85@gmail.com> Subject: [oe][meta-oe][whinlatter][PATCH 28/28] xerces-c: set CVE_PRODUCT Date: Mon, 19 Jan 2026 21:27:50 +1300 Message-ID: <20260119082752.4120991-28-ankur.tyagi85@gmail.com> In-Reply-To: <20260119082752.4120991-1-ankur.tyagi85@gmail.com> References: <20260119082752.4120991-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,whinlatter,01/28] python3-psycopg: upgrade 3.2.12 -> 3.2.13 \| expand [meta-oe,whinlatter,01/28] python3-psycopg: upgrade 3.2.12 -> 3.2.13 [meta-oe,whinlatter,02/28] parallel: upgrade 20251022 -> 20251122 [meta-oe,whinlatter,03/28] liblognorm: upgrade 2.0.7 -> 2.0.8 [meta-oe,whinlatter,04/28] libsdl3: upgrade 3.2.26 -> 3.2.28 [meta-oe,whinlatter,05/28] usb-modeswitch-data: upgrade 20191128 -> 20251207 [meta-oe,whinlatter,06/28] usb-modeswitch: upgrade 2.6.1 -> 2.6.2 [meta-oe,whinlatter,07/28] minicoredumper: fix 2038 year problem in timestamp handling [meta-oe,whinlatter,08/28] vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 [meta-oe,whinlatter,09/28] microsoft-gsl: upgrade 4.2.0 -> 4.2.1 [meta-oe,whinlatter,10/28] php: upgrade 8.4.16 -> 8.4.17 [meta-oe,whinlatter,11/28] nodejs: remove extra CVE_PRODUCT [meta-oe,whinlatter,12/28] cryptsetup: upgrade 2.8.1 -> 2.8.3 [meta-oe,whinlatter,13/28] libdecor: upgrade 0.2.4 -> 0.2.5 [meta-oe,whinlatter,14/28] vboxguestdrivers: Upgrade to 7.2.4 [meta-oe,whinlatter,15/28] smarty: extend CVE_PRODUCT [meta-oe,whinlatter,16/28] libsdl3-image: upgrade 3.2.4 -> 3.2.6 [meta-oe,whinlatter,17/28] mozjs-128: Fix build error with arm and musl [meta-oe,whinlatter,18/28] libjxl: Fix build error with arm and musl [meta-oe,whinlatter,19/28] libsdl3: upgrade 3.2.28 -> 3.2.30 [meta-oe,whinlatter,20/28] raptor2: set CVE_PRODUCT [meta-oe,whinlatter,21/28] libcereal: set CVE_PRODUCT [meta-oe,whinlatter,22/28] libsodium: patch CVE-2025-69277 [meta-oe,whinlatter,23/28] asyncmqtt: set CVE_PRODUCT [meta-oe,whinlatter,24/28] boinc-client: set CVE_PRODUCT [meta-oe,whinlatter,25/28] influxdb: ignore CVE-2024-30896 [meta-oe,whinlatter,26/28] boinc-client: mark CVE-2013-2018 patched [meta-oe,whinlatter,27/28] lmdb: patch CVE-2026-22185 [meta-oe,whinlatter,28/28] xerces-c: set CVE_PRODUCT

Message ID

20260119082752.4120991-28-ankur.tyagi85@gmail.com

State

New

Headers

From: ankur.tyagi85@gmail.com
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	Khem Raj <raj.khem@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][whinlatter][PATCH 28/28] xerces-c: set CVE_PRODUCT
Date: Mon, 19 Jan 2026 21:27:50 +1300
Message-ID: <20260119082752.4120991-28-ankur.tyagi85@gmail.com>
In-Reply-To: <20260119082752.4120991-1-ankur.tyagi85@gmail.com>
References: <20260119082752.4120991-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,whinlatter,01/28] python3-psycopg: upgrade 3.2.12 -> 3.2.13 | expand

Commit Message

Ankur Tyagi Jan. 19, 2026, 8:27 a.m. UTC

From: Gyorgy Sarvari <skandigraun@gmail.com>

The related CVEs are tracked with "xerces-c\+\+" (sic).

See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2;
apache|xerces-c\+\+|29
apache|xerces-j|2
apache|xerces2_java|3
redhat|xerces|3

Set CVE_PRODUCT accordingly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 29a272744a314564035ec4a337704eb6d31e879e)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb
index 2819366dc9..102e329878 100644
--- a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb
+++ b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.3.0.bb
@@ -9,6 +9,8 @@  SECTION =  "libs"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
+CVE_PRODUCT = "xerces-c\+\+"
+
 SRC_URI = "http://archive.apache.org/dist/xerces/c/3/sources/${BP}.tar.bz2 \
     file://0001-aclocal.m4-don-t-use-full-path-of-with_curl-in-xerce.patch \
 "

[meta-oe,whinlatter,28/28] xerces-c: set CVE_PRODUCT

Commit Message

Patch