From patchwork Wed Jul 31 09:53:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47043 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D07FC3DA7F for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.157.48]) by mx.groups.io with SMTP id smtpd.web10.39080.1722419601517681219 for ; Wed, 31 Jul 2024 02:53:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=f3MbyKxr; spf=pass (domain: gehealthcare.com, ip: 67.231.157.48, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048300.ppops.net [127.0.0.1]) by m0048300.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V9dbQ7012138 for ; Wed, 31 Jul 2024 05:53:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=tBdwAiYAjHhNCVGwCxWKkoWIczvND5lBPyvKTPFlc3I=; b=f3M byKxrHT0rx4mqsO+diFP2dnChqZvZCN9BSQ6deyLZh/QKP0psSlgUoa3ZhBwK2XH VGmbAiqzml7C7CkEnARwqW3B/4gGb3957oEfj+ztrn+6JxqBAtfRo6ljjnYuJ+Ys 6txLrZ6WfFYSddb2ZKFo5d3TnFS6jMZ/0kSPTEBEjfHmreNtbXwA892NomoYhOza yHep0pH/Kjb4Xid80lwFQj7s/gDQ3avDw59h8Ump0PuH1yieDf6MHuqpB4IK8i3c 0lTlZu9rxL/cCsnzhxsKwnri1s15lTqOn6F1yeS0y092ebdcXFISG0aH0aB01cCr mZ3myNHzJghQZpKg+xQ== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 1/7] alsa-plugins: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:03 +0300 Message-Id: <20240731095309.95-2-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: shah7RJEx_WfWDpB9y_oa38Fnii_B5_W X-Proofpoint-GUID: shah7RJEx_WfWDpB9y_oa38Fnii_B5_W X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_06,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 adultscore=0 impostorscore=0 mlxlogscore=550 clxscore=1015 priorityscore=1501 mlxscore=0 lowpriorityscore=0 phishscore=0 suspectscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202695 From: Intaek Hwang Set CVE_PRODUCT of alsa-plugins to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- meta/recipes-multimedia/alsa/alsa-plugins_1.2.12.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-multimedia/alsa/alsa-plugins_1.2.12.bb b/meta/recipes-multimedia/alsa/alsa-plugins_1.2.12.bb index 819cdf8e7b..7db0c4d677 100644 --- a/meta/recipes-multimedia/alsa/alsa-plugins_1.2.12.bb +++ b/meta/recipes-multimedia/alsa/alsa-plugins_1.2.12.bb @@ -5,6 +5,7 @@ They are used while configuring ALSA in the .asoundrc file." HOMEPAGE = "http://alsa-project.org" BUGTRACKER = "http://alsa-project.org/main/index.php/Bug_Tracking" SECTION = "multimedia" +CVE_PRODUCT = "alsa" # The primary license of alsa-plugins is LGPL-2.1-only. # From patchwork Wed Jul 31 09:53:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47047 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A171C52D54 for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.157.48]) by mx.groups.io with SMTP id smtpd.web11.39372.1722419602337588870 for ; Wed, 31 Jul 2024 02:53:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=WtFFvMxB; spf=pass (domain: gehealthcare.com, ip: 67.231.157.48, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048205.ppops.net [127.0.0.1]) by m0048205.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V8r2OL009309 for ; Wed, 31 Jul 2024 05:53:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=Nl4JUKsOn45uU3O9CZqIPM3k+JyrRP1s3CO0yoJU7A0=; b=WtF FvMxB2H0aRVUuLolZ8SPYcJ2t5vL6o04clK1IVxt9zhClDX+boN6czcojQqlMrz2 gWEK2iAq7j8LhtKk4wf2eKSXZrE5K9cKD0/lGNxCpxwI5HlOBjM/RD7LzP2uk2Ri YrB56iua9WmyDLeQ4EoKb+/KUZ0ST2h5ywhIZy4wb0rBSby6KKNaYnjiN5Zr7TqF cQ7ptQVyUcu57D55kw+Et3Wx+WYuNMk0ohkPF8yudEbqpydX5VtcqUMun21zQ0/l qlMIaetxfcvp/ZGQ3l+mRSGFdFFtvnnmhvPBlhYVroyewdxOc0H3vEpw5THHkQno rlK36TxlpUc3U0tZK7Q== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 2/7] mpfr: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:04 +0300 Message-Id: <20240731095309.95-3-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 3VYM_r_yAFQjS44dVG2jvRVGBXC9krHR X-Proofpoint-GUID: 3VYM_r_yAFQjS44dVG2jvRVGBXC9krHR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_06,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 suspectscore=0 malwarescore=0 clxscore=1015 bulkscore=0 mlxlogscore=741 priorityscore=1501 impostorscore=0 adultscore=0 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202699 From: Intaek Hwang Set CVE_PRODUCT of mpfr as gnu_mpfr to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- meta/recipes-support/mpfr/mpfr_4.2.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/mpfr/mpfr_4.2.1.bb b/meta/recipes-support/mpfr/mpfr_4.2.1.bb index a2067e1036..9558eab828 100644 --- a/meta/recipes-support/mpfr/mpfr_4.2.1.bb +++ b/meta/recipes-support/mpfr/mpfr_4.2.1.bb @@ -9,6 +9,8 @@ inherit autotools texinfo LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ file://COPYING.LESSER;md5=3000208d539ec061b899bce1d9ce9404 \ " +CVE_PRODUCT = "gnu_mpfr" + DEPENDS = "gmp autoconf-archive-native" SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz" From patchwork Wed Jul 31 09:53:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47048 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E3A5C52D71 for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.149.52]) by mx.groups.io with SMTP id smtpd.web11.39370.1722419601974583455 for ; Wed, 31 Jul 2024 02:53:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=BhFOUBqX; spf=pass (domain: gehealthcare.com, ip: 67.231.149.52, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048274.ppops.net [127.0.0.1]) by m0048274.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V9N8ZT023385 for ; Wed, 31 Jul 2024 05:53:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=oWztl8nNfVBgocyNwSogs5ecH++fsCRQGevVhDByNeo=; b=BhF OUBqXEzDjaLglF+C9wOpdyRIbYUmadFULxcAJpDYFwBWK6FCtvI5M1oq3/BSvOLb rbupCfXZgUzvwGxPloUMEWqWI/Osc6XmBLnx7RJEjkaYIsAifoxQGNK9MwRzTWC0 xI3aYwY2SYGaMOksNBGH8uFPGCqqZybJ2jsxswcpSEjpAHLVRW+9t7fyZ6oaTG3W 9sQOg7xUE0skbf3W5qBe2BgaMoyvExsyoDNXqwAJ07SPajPbdgOvwzXZS9hOutsu Xt6jj0/fWOmUZTSWPbcuLACufPBGEP12juLvy4sBNAGL8K1WbeA9krRhkfIJdOct G3EygFcsGaQu1iSvkcg== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 3/7] libatomic-ops: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:05 +0300 Message-Id: <20240731095309.95-4-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-GUID: XPORl_T74CBkGsVp-aockjrI1eZ2ixqH X-Proofpoint-ORIG-GUID: XPORl_T74CBkGsVp-aockjrI1eZ2ixqH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_07,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 clxscore=1015 mlxlogscore=774 spamscore=0 phishscore=0 malwarescore=0 suspectscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310073 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202696 From: Intaek Hwang Set CVE_PRODUCT of libatomic-ops to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb b/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb index 824400e743..39d761abdd 100644 --- a/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb +++ b/meta/recipes-support/libatomic-ops/libatomic-ops_7.8.2.bb @@ -13,6 +13,8 @@ GITHUB_BASE_URI = "https://github.com/ivmai/libatomic_ops/releases" SRC_URI[sha256sum] = "d305207fe207f2b3fb5cb4c019da12b44ce3fcbc593dfd5080d867b1a2419b51" +CVE_PRODUCT = "libatomic_ops" + S = "${WORKDIR}/libatomic_ops-${PV}" ALLOW_EMPTY:${PN} = "1" From patchwork Wed Jul 31 09:53:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47042 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2051DC3DA64 for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.157.48]) by mx.groups.io with SMTP id smtpd.web11.39374.1722419603509745442 for ; Wed, 31 Jul 2024 02:53:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=L5YW8BQb; spf=pass (domain: gehealthcare.com, ip: 67.231.157.48, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048204.ppops.net [127.0.0.1]) by m0048204.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V9qVl5027861 for ; Wed, 31 Jul 2024 05:53:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=pbHNhxnuLnVkr21YGjTUgNyKwwnJWYGSmoADiIBB+yg=; b=L5Y W8BQb8CMuetVgmGETN076ba2MhKbyls8DqsVXCX1KKyzmch9O/kZbNglSUPbIiR+ ULD7XdfsPZzQlYybITnZmaQ1vPvV/i8J8jkyGD13UpZgkVjbq2IvW2D9mkSnApjS IXDLvQbendFaNUv1JZ/HWlWWZzNDtVjM96PpEgsqrHNpnh+q0LXdYU1T3X1VfuoG l5Mo/+wtidMyusMs4Az6QN3QMMye8lBOfOSq4x5esu9qkbqOAkoc68BjLh9dxY9M RsRMOnP9xu+AFYJvo+zm6bF7YLL+0dYGAzrpdYzEZ2eN8owfnH8E7UqwKS+AZghG O6JqGbQjlwqMxuTIHww== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 4/7] gstreamer1.0-plugins-bad: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:06 +0300 Message-Id: <20240731095309.95-5-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-GUID: oCWtO6jgGDzDjvO8O2Fx8YPZQQGZhe4G X-Proofpoint-ORIG-GUID: oCWtO6jgGDzDjvO8O2Fx8YPZQQGZhe4G X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_06,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 clxscore=1015 malwarescore=0 impostorscore=0 phishscore=0 adultscore=0 bulkscore=0 mlxlogscore=579 suspectscore=0 mlxscore=0 spamscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202702 From: Intaek Hwang Set CVE_PRODUCT of gstreamer1.0-plugins-bad to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- .../gstreamer/gstreamer1.0-plugins-bad_1.24.5.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.24.5.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.24.5.bb index 6766a8c19a..75efbad49c 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.24.5.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.24.5.bb @@ -159,6 +159,8 @@ export OPENCV_PREFIX = "${STAGING_DIR_TARGET}${prefix}" ARM_INSTRUCTION_SET:armv4 = "arm" ARM_INSTRUCTION_SET:armv5 = "arm" +CVE_PRODUCT = "gst-plugins-bad" + FILES:${PN}-freeverb += "${datadir}/gstreamer-1.0/presets/GstFreeverb.prs" FILES:${PN}-opencv += "${datadir}/gst-plugins-bad/1.0/opencv*" FILES:${PN}-transcode += "${datadir}/gstreamer-1.0/encoding-profiles" From patchwork Wed Jul 31 09:53:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47044 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 480E9C52D70 for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.149.52]) by mx.groups.io with SMTP id smtpd.web11.39373.1722419603216374996 for ; Wed, 31 Jul 2024 02:53:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=eshH6Vqu; spf=pass (domain: gehealthcare.com, ip: 67.231.149.52, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048274.ppops.net [127.0.0.1]) by m0048274.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V7nge5024583 for ; Wed, 31 Jul 2024 05:53:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=Vj66yAuojYWdta0g5P7c9HFbLqNRtYhX+kt/QFulSms=; b=esh H6Vqu96TIN+1C/QJaQd8Xc+iBMilbdBSjUdZ1M0TRlnWcOHwdjgPuf3zvBEirStc U9ju3ihcMInbXY0wGNypY0SbZe7ltY/1dFC/6KMGegN3eVEfszVvqxueLSu8mbOJ V3DqOTCV5yS7Twb1RTwazsUeiW6YTqinXXrFrEJtrgV4GCHznWiSBW6jmBMlaoE4 OYzFhhqPl5keALInHDCPLzHrCevjPR5DqKysn+BZueT689FYE8FvjL4E2ge0AVjh tLN2ld1VikFs/+np4JEpk08XT3As8O0SVaFJ3JQAHXfaQM1+MpCldUd3jhiyDjxQ /KUl60HWEkhOtNG7Mnw== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 5/7] python3-lxml: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:07 +0300 Message-Id: <20240731095309.95-6-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-GUID: HFmcWTFXQYYLV5zpjpVarvBAW7vYfkxn X-Proofpoint-ORIG-GUID: HFmcWTFXQYYLV5zpjpVarvBAW7vYfkxn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_07,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 clxscore=1015 mlxlogscore=590 spamscore=0 phishscore=0 malwarescore=0 suspectscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310073 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202701 From: Intaek Hwang Set CVE_PRODUCT of python3-lxml to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- meta/recipes-devtools/python/python3-lxml_5.2.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-lxml_5.2.2.bb b/meta/recipes-devtools/python/python3-lxml_5.2.2.bb index e5a22e7090..b114c18763 100644 --- a/meta/recipes-devtools/python/python3-lxml_5.2.2.bb +++ b/meta/recipes-devtools/python/python3-lxml_5.2.2.bb @@ -39,4 +39,6 @@ BBCLASSEXTEND = "native nativesdk" RDEPENDS:${PN} += "libxml2 libxslt python3-compression" +CVE_PRODUCT = "lxml" + CLEANBROKEN = "1" From patchwork Wed Jul 31 09:53:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47046 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 490A0C52D6D for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.157.48]) by mx.groups.io with SMTP id smtpd.web11.39371.1722419602024170886 for ; Wed, 31 Jul 2024 02:53:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=HyIGocV0; spf=pass (domain: gehealthcare.com, ip: 67.231.157.48, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048300.ppops.net [127.0.0.1]) by m0048300.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V9dbQ8012138 for ; Wed, 31 Jul 2024 05:53:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=9qiKzezcO0NvnEVY9R73lXavEigY1vWDgS0oqjkGZVs=; b=HyI GocV0+2VQTAbdtfJmLMndT9RI/2c3MjQHm+Y7thI5QxkPMdEegWGwNCsHxMfyktM nE00Z5aGieTSPTy2VbeFCl5P6suJwF5rD/rrkTkSHiwOBTBfp1AsrKDKPh90K1yW QgALRcfPq/bOe+8Hl4JFOrjRx9RrNLACSr0nVjgkelig/pEFJ61i86ZomDMvSTJC B8r/5gCSI+ipDNvu9N3FrrTpBtZcA5Tu9mqHzEHov0LwkaXk+i2kjF9YIDNNYpXL 7rjQlgLUbw/20jliGCdz4Aa7DSmPcxRUdafcuOtvftYbtxRdRBh4KrO5Oy9ZhzVp 6+BOchYlMJVD1uup27Q== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Intaek Hwang Subject: [PATCH 6/7] python3-psutil: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:08 +0300 Message-Id: <20240731095309.95-7-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: pdR_aWXu3jGs7Kw3cEX16_n4g2ptrpX2 X-Proofpoint-GUID: pdR_aWXu3jGs7Kw3cEX16_n4g2ptrpX2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_06,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 adultscore=0 impostorscore=0 mlxlogscore=610 clxscore=1015 priorityscore=1501 mlxscore=0 lowpriorityscore=0 phishscore=0 suspectscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202698 From: Intaek Hwang Set CVE_PRODUCT of python3-psutil to match NVD entries. Signed-off-by: Intaek Hwang Signed-off-by: Maxin John --- meta/recipes-devtools/python/python3-psutil_6.0.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-psutil_6.0.0.bb b/meta/recipes-devtools/python/python3-psutil_6.0.0.bb index 30b4df6bd0..787bc61e89 100644 --- a/meta/recipes-devtools/python/python3-psutil_6.0.0.bb +++ b/meta/recipes-devtools/python/python3-psutil_6.0.0.bb @@ -38,4 +38,6 @@ RDEPENDS:${PN}-tests += " \ INSANE_SKIP:${PN}-tests += "dev-deps" +CVE_PRODUCT = "psutil" + BBCLASSEXTEND = "native" From patchwork Wed Jul 31 09:53:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxin John X-Patchwork-Id: 47045 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3338FC52D1F for ; Wed, 31 Jul 2024 09:53:27 +0000 (UTC) Received: from mx0a-00176a03.pphosted.com (mx0a-00176a03.pphosted.com [67.231.157.48]) by mx.groups.io with SMTP id smtpd.web10.39083.1722419602577382089 for ; Wed, 31 Jul 2024 02:53:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gehealthcare.com header.s=outbound header.b=Ia2s6EXw; spf=pass (domain: gehealthcare.com, ip: 67.231.157.48, mailfrom: maxin.john@gehealthcare.com) Received: from pps.filterd (m0048206.ppops.net [127.0.0.1]) by m0048206.ppops.net-00176a03. (8.18.1.2/8.18.1.2) with ESMTP id 46V9enQv009189 for ; Wed, 31 Jul 2024 05:53:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= gehealthcare.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= outbound; bh=P9ZsFSyf5iKrdbFbnJ3pEy9c19rYOUbpRWP6dyXmGgc=; b=Ia2 s6EXwBAx70tOeVnPVbauV6CRGsjArCmnbBx7ef/hMY7SkziUugLxJ4VyErJShOH3 faAYamV6NO+wh8s+jrAPHh+EDKOQERoOuROjeky90xpEo3tiRhlLpW8fg8SkC0Ho D91+5PaALXl3dyoQsFxrMFsEJKQyKeroQrktAWldqLaKUhpGkfc3eZOO96J+yNX7 eh+7m/jaLUhJ7kpeHokcAeOW8HCID9K8ygHneDfAoxFG17MoashMMGHy2nCUrfSd fcDnavxZKPUrMe7EXD7GrdqF4vCxm9CSx4W7s9PHXHy1xBHVEOvdFQvPoROkSnYC 9LIMPRN1/YudJJvLDyA== From: Maxin John To: openembedded-core@lists.openembedded.org Cc: Jonas Munsin Subject: [PATCH 7/7] bzip2: set CVE_PRODUCT Date: Wed, 31 Jul 2024 12:53:09 +0300 Message-Id: <20240731095309.95-8-maxin.john@gehealthcare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240731095309.95-1-maxin.john@gehealthcare.com> References: <20240731095309.95-1-maxin.john@gehealthcare.com> MIME-Version: 1.0 X-Proofpoint-GUID: Qt70x7-ou1pZd3Y1Aqb3c5Tk6sHcn-Ov X-Proofpoint-ORIG-GUID: Qt70x7-ou1pZd3Y1Aqb3c5Tk6sHcn-Ov X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-31_06,2024-07-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 malwarescore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 clxscore=1015 mlxscore=0 phishscore=0 bulkscore=0 spamscore=0 mlxlogscore=351 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407310072 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Jul 2024 09:53:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202700 From: Jonas Munsin Add CVE_PRODUCT to bzip2 Signed-off-by: Jonas Munsin Signed-off-by: Maxin John --- meta/recipes-extended/bzip2/bzip2_1.0.8.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb index adb6ded581..324276df70 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb @@ -66,5 +66,7 @@ FILES:libbz2 = "${libdir}/lib*${SOLIBS}" RDEPENDS:${PN}-ptest += "make bash" +CVE_PRODUCT = "bzip:bzip2" + PROVIDES:append:class-native = " bzip2-replacement-native" BBCLASSEXTEND = "native nativesdk"