From patchwork Tue Dec 30 12:24:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77686 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BAE9E95A7D for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63169.1767097497603742463 for ; Tue, 30 Dec 2025 04:24:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VKmIY14g; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-432777da980so2021348f8f.0 for ; Tue, 30 Dec 2025 04:24:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097496; x=1767702296; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=0W6WNKG4GU/UPiiFm3OPbGY1G8540rE9Eqp6enl0ep4=; b=VKmIY14gLT0/2GcWLi/0LQQTnk5TSwliRzaFOTVhA9CHJsAtHtOeCIJbV0lAQrSBmF qaZIfRmXcMyojMfKDMcf7w1t8wj21boOtr6tIqd8W0YMfjT85JTzdEBFbPKzaRC7BCIr o+vciNgBKRYv5NKQ16Vre6qnUjuasaqvJ2zJeQdko+jb5CP+ncenGaylOUxSk6AcUXpF ETCpvnlP6ojFMvVydfMqeShTLAwMoCz7NnBQCNdJCYeFJOJQbtAsFdzjV2gW3WVk7zQl JIARq3voKiu+oNSVT+gLC1YcCaRymDFVN2tXyVebS6scfO82h9U0Ala180FIa8sJk2/N pQeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097496; x=1767702296; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0W6WNKG4GU/UPiiFm3OPbGY1G8540rE9Eqp6enl0ep4=; b=ZrUQE/37FcOawxdKp4PR91uMS0ZwD5VQ8jerRFSQjXBc/zm8ZzCm8ESQYB5udshi37 Y1Wufz1sCfiHv4+uDBsURMOPfYxSPwJggMfJnAvo1AtLlYiaR+0DVndCr1TLWPTCk/eS SZStfP1VcMcI3+Jid9BQ9KbGexSniJ0lHgQ308mhsRhmpOKJrfGm1TZ4GB2L3Z6hO7ty RCRw7SQhIwFo6yDaegj6sbrORDEQQdptd1Gfh2brBlYRSdJGb7Fz/oXjwKWDD7DQa/dk pZr9wEgxUFq+vH0SC2WsftCChxjCwXS01qIEp62va1g/bQ0Pxt9WmZ/ds35hwJb5aczP uGRg== X-Gm-Message-State: AOJu0YzcT3PnnRtNk9fu+A0a9VZ9EBYOUOpcRMjr+9iGX9cdJh1c7w5L N+R3b3Uo73HfwNAjT4DxjJbP9AP53geq2xo2K08jmRqg+Di/ffG8D6wHkMjy6w== X-Gm-Gg: AY/fxX4tkqI3y0KlxTadE9vQbZfX7Fj+SP/71PIyVtmmRxqpRAKeemShhTcX5Ya/tan fX/pV+80Fsi01zZh4hP6Msp3IDapccMW0eaqp1X40HPVSfBj7+BBI7FZJRmI5ihCPdwA4iJ6RIU 4u64/nrwW0emdc50JZTDfNFAsJGgLUW0+vIpCv+xKt0cjO8vtFZnwhlBBSA+boKjZOxg6jeDvTZ zsUeenBtp3FUz+VzU/Kt9C7yfNOfrwbuXJndJY8tUSiskDAnqbhnot6fUgypgPTUgEcT69DKSDw TnzXdzttL1kYUZVG1beB73Z3FdNXv1nQdyLoCzuf2fP5sUJe98GUt0dDjN/VwcJu+lZ5ZJKnB7Y V7gPH2wpDYI2KjMNv15LgfBHzZzy94jfb3+DcAeXc0z8iHDyPE/PMo6xWypLGnNV/LQKNEzwSfj HbT7dBbj2P X-Google-Smtp-Source: AGHT+IEYnjAWBo36e3wZDVscg2mE6tAEpxO5J3MT+6vdOVJg8msVLswB6XJlA/2v2q4U0RnHaEB/tQ== X-Received: by 2002:a05:6000:24c2:b0:430:f325:435e with SMTP id ffacd0b85a97d-4324e4c9ddcmr37209311f8f.16.1767097495773; Tue, 30 Dec 2025 04:24:55 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:55 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 01/10] python3-tornado: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:45 +0100 Message-ID: <20251230122454.721515-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123007 The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374|tornadoweb|tornado|||2.2|<= CVE-2012-2374|tornadoweb|tornado|1.0|=|| CVE-2012-2374|tornadoweb|tornado|1.0.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.2|=|| CVE-2012-2374|tornadoweb|tornado|1.2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.0|=|| CVE-2012-2374|tornadoweb|tornado|2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.1.1|=|| CVE-2014-9720|tornadoweb|tornado|||3.2.2|< CVE-2023-25264|docmosis|tornado|||2.9.5|< CVE-2023-25265|docmosis|tornado|||2.9.5|< CVE-2023-25266|docmosis|tornado|||2.9.5|< CVE-2023-28370|tornadoweb|tornado|||6.3.2|< CVE-2024-42733|docmosis|tornado|||2.9.7|<= CVE-2024-52804|tornadoweb|tornado|||6.4.2|< CVE-2025-47287|tornadoweb|tornado|||6.5.0|< CVE-2025-67724|tornadoweb|tornado|||6.5.3|< CVE-2025-67725|tornadoweb|tornado|||6.5.3|< CVE-2025-67726|tornadoweb|tornado|||6.5.3|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb b/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb index 9b43d98e1c..661ec039ce 100644 --- a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb +++ b/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb @@ -38,4 +38,6 @@ FILES:${PN}-test = " \ ${PYTHON_SITEPACKAGES_DIR}/*/test \ " +CVE_PRODUCT = "tornadoweb:tornado" + BBCLASSEXTEND += "native nativesdk" From patchwork Tue Dec 30 12:24:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77687 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C47DE95A81 for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63170.1767097498292278893 for ; Tue, 30 Dec 2025 04:24:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CUGAODi4; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-432755545fcso2147318f8f.1 for ; Tue, 30 Dec 2025 04:24:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097496; x=1767702296; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=twltbS2jKLBlgoYlQ31QdQnPGvZ7qLZBuDcKvb8XXn8=; b=CUGAODi4RHIZJgcw+VM+bRye6HcTqtULglulNHXz6xY78XKE4aL9EB+NVfN2u5Kgmw wElAVgLBrWLF68TGTQnru+0GhFjcYnyYG9cxlk+sEDSHzd12fh07/f/5EcoCyg3Q6y/1 olJKBcDJKG9vs+2kQEo5fN2iYbunLv7WgHUNgJzT9TTl+7ooKfFOq8fj4y2NS9s82gCO c+Wvgvt/9bGt1wN4YgtYuxA5VNjIOMr/URkOicKk2FTKMAdAUuMMGVe3m5fJzvoIW+ZR rruLL0NM38Ixmr0sG7eVIQ7Z8Y3wWzd0e3pXq648CDgkkIsDC/FyPHepRQJPs8I45Oar 6Zzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097496; x=1767702296; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=twltbS2jKLBlgoYlQ31QdQnPGvZ7qLZBuDcKvb8XXn8=; b=YAtQb8a3dE5Jq6WYeyqlFPHPd1EA4CshmhZk/nI4/OToVwK8UPQGiZCHJXEfdr4r0W Z7Or+LZGb5HmkbBAl4PnUoLV7w8ojlgOOJycy4mb5wP12KhtAMxzrBB3DLtlY0IhodmQ 4WUzKdV1WHAMhRgtuG0VIqa02S4pMDxsyGk1y5NVDry8VwWnHexOUorWH2Bc3H3OZsq6 WM961rm1KinlD9+ug24r5CqNkVSXg8qx04xyOQUk5ds8lemyYxxkHulDXWnnNft32yni tv4KXRPT/s/Oqm3Dflv5hqwCQ5XlYaZsGayMfK/F5XE6NsPPwncxdcfsmKHy8iuPD/C2 6z4w== X-Gm-Message-State: AOJu0YyQfTOlvQjqjcwcZ65nvywMtFypzFMLBKBgBbzQvsC5dvaXnunM vqwF06AV+JxtbTDJ4lW09HMaVaY1K58v9LxTyrEsHX1UGC3GyX4KQTwtn/Mc/Q== X-Gm-Gg: AY/fxX5wOz4P3B9B3lcdSGWKnZpikrX8hP7KwF74o1WQzViJA3cG+RZpvcSJXMdcZZf ajaRp+FjPDyU0kjRMU2YUyUwx2tA24VbxB6MRqAW4YJ64xuwMqt8Azxm6HB1WAvnhsavjOVizux 3L2VnzFzn0Jq+tLviGSwIHPQvxQmugtLonE7mNz5kKZnVVUaLBMteCgqEilQtkY5NVM815g2f+Z KN6tc0sCKTYhdV1pVeJzqyEl4esmXOBcg2thZQ3TQKhs9ho7hC1K18WeQJYAhN0JSXIQXKMSPTs 5UKaBKG8TV/3Iw5mYO8OSypLAK57xjdbKyzx7yLOncjMAFWcPa53iTOmXXLE4PdEOPDLb+aWTc6 f/o69eueXXlNVbQrXGcBjMuKE/VJX33Fs45PGWHIMIMo/j8DBkVSjb9wA0YQMDs0k/V4KSfgHqV iBfgLqEwi3 X-Google-Smtp-Source: AGHT+IHQZwbnzS8F9eXRooAY+5iHT5/V8ahkoWEk1+i56yxbYtqelBjoE7fvjVsbHXWTXZEfulMitw== X-Received: by 2002:a05:6000:250e:b0:431:266:d142 with SMTP id ffacd0b85a97d-4324e4c90b9mr41575045f8f.26.1767097496491; Tue, 30 Dec 2025 04:24:56 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:56 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 02/10] python3-paramiko: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:46 +0100 Message-ID: <20251230122454.721515-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123008 Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=|| CVE-2018-1000805|paramiko|paramiko|1.17.6|=|| CVE-2018-1000805|paramiko|paramiko|1.18.5|=|| CVE-2018-1000805|paramiko|paramiko|2.0.8|=|| CVE-2018-1000805|paramiko|paramiko|2.1.5|=|| CVE-2018-1000805|paramiko|paramiko|2.2.3|=|| CVE-2018-1000805|paramiko|paramiko|2.3.2|=|| CVE-2018-1000805|paramiko|paramiko|2.4.1|=|| CVE-2018-7750|paramiko|paramiko|||1.17.6|< CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|< CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|< CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|< CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|< CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|< CVE-2018-7750|paramiko|paramiko|2.4.0|=|| CVE-2022-24302|paramiko|paramiko|||2.10.1|< CVE-2023-48795|paramiko|paramiko|||3.4.0|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb b/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb index a69ed72804..daf6386888 100644 --- a/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb +++ b/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb @@ -18,3 +18,5 @@ RDEPENDS:${PN} += " \ python3-pynacl \ python3-unixadmin \ " + +CVE_PRODUCT = "paramiko:paramiko python_software_foundation:paramiko" From patchwork Tue Dec 30 12:24:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77688 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4144BE95A7F for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.63146.1767097498836016771 for ; Tue, 30 Dec 2025 04:24:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=g2i1kBd5; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-42fbc305914so6657156f8f.0 for ; Tue, 30 Dec 2025 04:24:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097497; x=1767702297; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=72BoSLloO+dX8vRbNldeJSCoDL/FLW675FmUPFegoQk=; b=g2i1kBd5wFunCP9xy98TN/BO/xca0K2HlEQoHeIu8cDi4YHAYpt3BjgBgKMHGe7OQy kED4yPph/HYByMA3bBN/VCLmotRS+ZvHwsPqfY/ND7R9JaZjECFl1TnJAdvqejB+csuM GsZkaff4bNQyCcUhJYTBP5ZIESXSwghLFHwl+4l2W9AbRrvTWz0M+TKzct3ydks7e46s rwVC+wZyIYjmcjsMj5sqTO1a65iF8YXv+A1Dgggt0K8Hqg9O6zWOaeb3IFFWUDXyrFB4 oz8kn5nk5XZ/8DFhqiS7nZtrxfpoT4sTjFt5nX4JwSspLgvOVkirfSkS1f5xihYcDER+ GHIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097497; x=1767702297; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=72BoSLloO+dX8vRbNldeJSCoDL/FLW675FmUPFegoQk=; b=w30CXfUXcx6O/g9dq/DDcqJO74RNvOHVnjdphfgB9PiSBKgucTzvTK/SWIWiza6fDq WnymqNaWRP1GLlM9mRdXb5ZYqZ6q32YplQvoqodOxp+KlMFPnz24G5BU+8C/IvPcxN/q 7YkPWRqhkuFae0sIIgPOrUmfSDarpPRIFp/N/BlamOVl58n3+RlgKVrcGjrWh1xDauo1 212nDwNiu/z9gx4JwyTBmS6GvRqaM6hivITCK4ivXt4tGe5I5bitwPvdQWWvazWzjWN3 mgEFZQ1XdWgMQHaMRGa93UPON+unNrmcu78GVgUhuubnwPvuoCD2fyWsMgM6dQeVCdNd yelA== X-Gm-Message-State: AOJu0Yxdzz+UiJCnQloI7kVxwS7broJgsNCi4nnTuN8cDsozJwTm1RRA ZigmwXpRuPr0Zc7G42CHDNavp0iEM5K6ZIawfcrK41bypIX9lAcm5qA+jKXikQ== X-Gm-Gg: AY/fxX5J9571QwtUre6/Xa8G9WvyQqf+G91EhrH/vnXaY+U+XT5ZbUz1y835UPptqcD eJsTiNQ0YXCpZoZq0scSGc0g4f+/kPGPvdIo/v4KsgUSJmVRRMh9kIqLBPKxtqMj5ZGFEMgR6FE dWO4xI8lvbRL20WxSdbaIqj2HoAGLdQ+yZMT9BOe1E6nTC5zFsM35cc02QcwoqX5dIg2XeOktVE E1wpjDWqAsuRXAj09skYh5bAgTGxL1Ucv5Lv40NDeXZBxbgln6AdsM2/So5K/0bxSsQD8IHS+YA GDL7+pYQL7z+ww3D5/SqeVg28GffGgFQZBGNQECsNZ9zjWi91FMcIRAknZm7pyPNJWvA+C9ZeiG dyuslrAifZTRov8v6KgA/eWs+u6ftrDzYA3OzfbXCny8CFUbLoeW1FnEl74nUxmUB7nOy8Wpmky heTmuR1X31GMtdTmC5X5I= X-Google-Smtp-Source: AGHT+IHrrdl6QEbk1xofvkpPYw4pMxwmoXmZk5wzCs/kISbDWLtArgx2/vjbF3s5wO5nTAY+0cOIkA== X-Received: by 2002:a05:6000:25c1:b0:431:a50:6e98 with SMTP id ffacd0b85a97d-4324e5061e4mr37086745f8f.30.1767097497110; Tue, 30 Dec 2025 04:24:57 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:56 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 03/10] python3-sqlalchemy: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:47 +0100 Message-ID: <20251230122454.721515-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123009 The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<= CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<= CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=|| CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=|| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-sqlalchemy_2.0.45.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb index 6c6b95ceaa..f7d8f383f2 100644 --- a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb +++ b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb @@ -21,4 +21,6 @@ RDEPENDS:${PN} += " \ python3-typing-extensions \ " +CVE_PRODUCT = "sqlalchemy" + BBCLASSEXTEND = "native nativesdk" From patchwork Tue Dec 30 12:24:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D181E95A86 for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63171.1767097499469896745 for ; Tue, 30 Dec 2025 04:24:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fTAqyhjb; spf=pass (domain: gmail.com, ip: 209.85.221.47, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-42fbc305552so7842222f8f.0 for ; Tue, 30 Dec 2025 04:24:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097498; x=1767702298; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=G+jI+NLjExMijdgxIuQsiRKc9BT2MiHXa9KZozro1Fo=; b=fTAqyhjbrBkQfRmHh3hGv2mg/HNyTCPt9m6/d03RDdB6iLJxusqEMubkvOwc9iKaSB p4zZyPdu+NiJKwChHozoRzYnWzAEL9mJlcC61k9BupuUMXrQc0uKC+8NSjXNpmK1fVa8 ZH6awQGNl1lZM6ROneAR+LLUYjp7F7J7HCB0Ar97Oup8Mkr1NGoHwWcXbymGJ/trLHCp ApGt7YhAjWpxwB2Tckcy8yMaNnHytMLP1c0s8TXe3mSkrH66AoHb51fd7ZDTrb48quoK UKSoApsBhXD56wI+R0UyA4Ri+uLyjKNoqhts1qGmJP6U2HbOTHw58oeP5BzZ/c090xhC Ft5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097498; x=1767702298; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=G+jI+NLjExMijdgxIuQsiRKc9BT2MiHXa9KZozro1Fo=; b=gXIzcuSO29Iq8LmLLA/cZXaCO85CPrwGwwGwP9H8xg97Ar22iijsOq0K90LgJdf+Bi beYfmkbarTYpCiVIxgFsd+SENl3BnGtdzC8dHeFbfmYT+vpyVjM+bvSY+grwk6Su88Hj s7fOusAV8PFwKJCq4sFxD/jj5wveI16qg/nOM7bgBmh63IJzF3DCbKAz6F2gAlaFnWQs oodf4O8xiPFfZ1VoZFROO28eWTmOhvpM99GGLuuKENqso+oQTofKirTNRyJH3JG8pQbK C0FFxGVuRCXKviIlQ25gI4eKaMNfx8+Zxa53FMzmAT/K9i0DUYm/yh1Izy7N04n612KT yFNQ== X-Gm-Message-State: AOJu0Yzq1lZ3elLCsvhlXqB8xl2BvNKwGvRzTVuB8Lcga1iib/Fd5258 KXOodRhsWsmyVRZ54zXSJc3hdlUzUsgTQEl3I4DQ1/XGg58ewnDMlRwI2qQOUg== X-Gm-Gg: AY/fxX6C5qtwdoCrnXzFdMYF0ukn7tLZrZmH6lqOv1084F+cxo52zD6wgs8VGeRp6wI glITs4LA43ny5SIrU02+9mMmwWjqvThBOfWGZsUXx1AgsbbJfFo3IbcEOj0u4O4CSx1Kc+1OOpI 81dKp8LvhrbmAzQWqWosfij8Tn31O3rcyYRN9mJjmLsEW6h+Z6BZRf+cVg4B/BIY+FxUZ9hbYjU FffGmkRuSWCWklyjXVErpfbnJgjE3h77sNZq/BTZDHdduXZbxVBo4HssbOrRgDWCeQmnXL+ev3j Ti95+2dcftTj5G5Nkye4V6YbNe3rhLBQtDdXyxgAfZvH1l0ujHSS1LNKhmygw/OOZUsNMO81K6A YlvFKttJvy0vxBUH/OvIneKrynj0T5hhuLA9RolT+iTpJExO1SiMywtln6L6xQ2xvLZUk1hUCgT ccGnXxgauK X-Google-Smtp-Source: AGHT+IGdYvwl1qKH11N1nuSmQbwWHCh+dCTwaJzD3O30wJLKN70uQ9v/d27MWehADkvMOI32p8Aj4A== X-Received: by 2002:a05:6000:2906:b0:431:9b2:61b0 with SMTP id ffacd0b85a97d-4324e4d2d24mr38713267f8f.25.1767097497810; Tue, 30 Dec 2025 04:24:57 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:57 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 04/10] python3-twitter: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:48 +0100 Message-ID: <20251230122454.721515-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123010 The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where PRODUCT = 'tweepy'; CVE-2012-5825|tweepy|tweepy|-||| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-twitter_4.16.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-twitter_4.16.0.bb b/meta-python/recipes-devtools/python/python3-twitter_4.16.0.bb index 54379673c0..9bbbc9e8c5 100644 --- a/meta-python/recipes-devtools/python/python3-twitter_4.16.0.bb +++ b/meta-python/recipes-devtools/python/python3-twitter_4.16.0.bb @@ -17,3 +17,5 @@ RDEPENDS:${PN} += "\ python3-requests-oauthlib \ python3-six \ " + +CVE_PRODUCT = "tweepy" From patchwork Tue Dec 30 12:24:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77685 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CB53E95A7E for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.63148.1767097500109329174 for ; Tue, 30 Dec 2025 04:25:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jQ5XLfL9; spf=pass (domain: gmail.com, ip: 209.85.221.47, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-42fb0fc5aa9so4079877f8f.1 for ; Tue, 30 Dec 2025 04:24:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097498; x=1767702298; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=K/g3DaeLX11NpZYYlPib9Ad2aUl879OY0vhWmYVgX4c=; b=jQ5XLfL9Q6t6QFt2tTaSxLfkUoaeOkJKB3pauILcqaAbY2QVBIt0z6itAtbj47FZGQ SQK5NHbourXH1dKy8uaLsxm2xDI3JWrc2uMvJhyXEj8Co2DRaJ+3ypKOUSpM8WDsXyuD is9MS7nZLXyYtJ6u/WoAhBQbxwEvmTGaluwVKOYl5CX/0CV5T50F/2//+iADGT1hWI2Z p27daT8d4LqQvbN8Wdj8Wi6GgGc6I5S7R+ph0LaknEWsbI+IBbBSso263MSai8lmJoQ2 tanO3OzgPUpwvwhkECiB9yachZYvXpdr+SP6FsO4xtKsgsuWPR1ZG3P44O1Y0YWGWhDP BSVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097498; x=1767702298; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=K/g3DaeLX11NpZYYlPib9Ad2aUl879OY0vhWmYVgX4c=; b=Q/fA720bTVetoZcCqHAl08Q3EDlAzN+X1Zc8AfPkqVQxQRUbpDh9oJQ3/TWNiZEYyr zO14a8aXaRe5uyV5GXCSp0NWvHNI8KEnU/p/fWE2B40oaDi8qrGCtLH5zp5wnZob+Kpn ncCkr9CpRIqMABGI0ipIJVouzJcThHCOVA8FET0QtWj5/NIvkBVoEQHKmB4us2ZiFRDc mHbQXW6A+PWSForserupO/IDwCPMMWp+U6l0SoMlOf2BVbQNBvO9dA5eZI4UXZlrj83v A6zZChSpFfUAuztwAxOMQHxzfhV/E55rdc4E0UuQjPRe4QM97YFsuN1DXTvJjFobok1Z 7Z6A== X-Gm-Message-State: AOJu0YwokHAyoNx1oF4oYHytOJ60NLIQKnuHbX0cCwPJheLpzDj+Gb/R tTdSqCfkjaJ416OroStuAAOaW4MrvgivxXqyda8IgpcfJ3Poa1rdxXuMKWUicQ== X-Gm-Gg: AY/fxX4Gm9ywhrIpwu5lm3DAeXeqRX5qbzpzysVpV721jtyaC9vZz3Lcl8PWJy02l9G 0jp0f7/FenT39DgP2YSLkqMBAxmiOCrMzbUrOCn35xY72HiXSK8UJ/++SkJKcTxwXNrHJkn7NWC ky8u2Qhr8/HNmlKEJ+3/WB0schrBFVbPIC3+qbRnMFGhDVd60X4n2ACvvlhLKZih6Ff0/21c+du aEWyt9boN8CUM1qYQnG50ZLRgUlSfepw68uC0fIsplngJzrkJVS9Z0Pb/z/b3rX5Cy6MB3pj61H s+4wxjAJeN+GucN9lao9Fc1hQh11dYz/suu+SsSAp8qhv8qTszx9rRx8cmXXeCyiliOHqPeiIn3 R8txdlmxG7zI/fEWXlXBXJ+kW9qdJVmlAc/hx5j1e68eEv2heICpa5Yra4BtxhyvvMz2XzxWP14 nN9ZNutKAq X-Google-Smtp-Source: AGHT+IH123XwffGk4petTbPRwUPia1cmf3HnIDl7rji1KqgoyoltSifd2g5OiguccQC0bp1MCdDPzg== X-Received: by 2002:a05:6000:2dc1:b0:432:857d:e420 with SMTP id ffacd0b85a97d-432857de48cmr13056213f8f.55.1767097498436; Tue, 30 Dec 2025 04:24:58 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:58 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 05/10] python3-redis: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:49 +0100 Message-ID: <20251230122454.721515-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123011 Set the correct CVE_PRODUCT for the recipe. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-redis_5.2.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-redis_5.2.1.bb b/meta-python/recipes-devtools/python/python3-redis_5.2.1.bb index 702e9d9db5..ba214f5869 100644 --- a/meta-python/recipes-devtools/python/python3-redis_5.2.1.bb +++ b/meta-python/recipes-devtools/python/python3-redis_5.2.1.bb @@ -19,3 +19,5 @@ RDEPENDS:${PN} += " \ python3-json \ python3-packaging \ " + +CVE_PRODUCT = "redis-py" From patchwork Tue Dec 30 12:24:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77690 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A362E95A89 for ; Tue, 30 Dec 2025 12:25:01 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63172.1767097500819649037 for ; Tue, 30 Dec 2025 04:25:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dy/yZUHd; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-42fb2314f52so5537755f8f.0 for ; Tue, 30 Dec 2025 04:25:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097499; x=1767702299; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yFB8RZWgFcIU97vdjicuSlzZY+wgKSw5qk8Hp4nSEW0=; b=Dy/yZUHdR5zgE638E/GDvUQjAcOh8xYfgXRc+YpDg7SjbILzq3WZ0gBJeYVT0cyFXl q2H6o1vstfj4lyrc5YaXocBaztR6GItuZNqvAIh2COrB3cj5cLYdUj2A5+POJWygeQMy FmCWo2pxtsilLQAhwO1me67z1WVttbdxwiDW7SQltHMFO2C+pUjM2qIgY/N+PuWVKpcg xJoj724E3GDoSNzHWr7WnyrDxnCC9UZ9zBv/Z0P82IAi0DIJNDPuKSaLkcRifumSDbaw Y9kUaQVhMYAl73I0TlcblNkPxYopJwltgHKtwn6hbFjV2VZEHx/BeCr6FgR2FNIPPAoJ exvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097499; x=1767702299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=yFB8RZWgFcIU97vdjicuSlzZY+wgKSw5qk8Hp4nSEW0=; b=vFSjXu0GsQWWJzSqCThaLmXwVj/U9y+kO57fnYh2/zFQyrgBGXtPfR/KpgH6yGVw6/ 1Dp1a2AmrwYM7t5+Kse2k2i/dqrrbqhyaiU+nONMaQj6Kbc6Z2BZ6LUXz+ecTOPN5IUa rfi1naKAqImdXZl7/xQ7LQPRAfvAmYp2+8IAq7MCPmqwtyJwVkWJWEFR91aGFW12dnKB dXGvAM5hLNcKQuVhje35Oj3PzWYGTiGKyROrGfvAxRRfRomvh0vtStMQdFwqvq1wyCPt hIN5m/V/Z3P6zvZsgPVSaPi4WiFt9SqoE2pQYoE1R6qZfvxCRfmdiIVh/GrJTp3xqkIO RSxA== X-Gm-Message-State: AOJu0Ywpxned+JAiAOEvt+te1dIXCAltVWcbCB3f7bVshMuYsAoKQ7AU Ho2lpv6RXD1IS4wxkCxF+EXoUBMqW5lwS0CJcnuwoUvcxqSTX7DXWGAIck4Kcg== X-Gm-Gg: AY/fxX5LBqbB3goXsZi4AcNK1VbJVs46X/VomSbo+5gYbVcxMQBybucOLlJs8XOy2Gn YY3moyQYFKfOSLsLIj5TvrAsgUjucBoFsuQ2emibuCNRhjJOWrBFIiitcANbzeu+mXRZrdDSYdw pqmnuOPZzFQPAE3NsMsRRmTK4gCD79Si6JVp0bPsvB1qgYe3kbEZ+x8sZYzwCi6f6x1UB6sXUQ9 o+I/P/oT79ly6TaeWqdnEkSaptOHTv7PVRLa+jSGlYfhX3qjivi40SpSorvoEM7HxJQGxCwzGN9 Up8Gxa5nGlWsRqx6ZiHgx1DOR3QTm6A+wGHPfLRpQvwP57JuFl+TXsn/7qAAjyBTKygA6lBn+BU wQIA0FfG8VM/Zu9Y8qN/5izgNnppSRNGsax7blh9vKRaNS5E+bQsHbS4pqFQ2Gl83wo3m2x29Ha jndaXagrem X-Google-Smtp-Source: AGHT+IEZ2Fuk1L4Rvv+ru1W2F9qVmVINDRPkc1p5mzA96utx4t7bLUh8F+EYpmk5LeV7+ivX+PcXGg== X-Received: by 2002:a05:6000:2886:b0:42b:4247:b077 with SMTP id ffacd0b85a97d-4324e501629mr42234267f8f.41.1767097499060; Tue, 30 Dec 2025 04:24:59 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:58 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 06/10] python3-pyrad: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:50 +0100 Message-ID: <20251230122454.721515-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123012 NIST tracks related CVEs with pyrad_project CPE vendor instead of "python". Set the CVE_PRODUCT to pyrad, so both can be matched. See CVE db query: sqlite> select * from products where PRODUCT = 'pyrad'; CVE-2013-0294|pyrad_project|pyrad|||2.1|< CVE-2013-0342|pyrad_project|pyrad|||2.1|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pyrad_2.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pyrad_2.4.bb b/meta-python/recipes-devtools/python/python3-pyrad_2.4.bb index fbe7a0924a..e8cfffc9cc 100644 --- a/meta-python/recipes-devtools/python/python3-pyrad_2.4.bb +++ b/meta-python/recipes-devtools/python/python3-pyrad_2.4.bb @@ -19,3 +19,5 @@ RDEPENDS:${PN} += " \ python3-netaddr \ python3-six \ " + +CVE_PRODUCT = "pyrad" From patchwork Tue Dec 30 12:24:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51690E95A86 for ; Tue, 30 Dec 2025 12:25:11 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.63150.1767097501349799338 for ; Tue, 30 Dec 2025 04:25:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lK7hjNev; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-42b3d7c1321so5844187f8f.3 for ; Tue, 30 Dec 2025 04:25:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097500; x=1767702300; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3nHulfxIaFp0eLnWLsc4jYd5JbBPSzuVnUMOmRQp42o=; b=lK7hjNevJZ7MvNUVpjmmKITqdURrBC/ZT9mXhjA/NkzZjrnYDydaGULGepEVwY9MLV o+QWlo5iIpz7FyWZ/wsP2ZIpXdgM7VytUGxORgRBWK08SoJZp0HCdXazxlK5QJoNunN4 /yKe+MaoR/N/CvKJJsx9JY28nj26M9UAto91b0ds3j22xW1TqQsXkKrhKvg0iiCxlMKP 4l/+/UiStGyS0TwcH1SnSpFQGLYXJvaOIoNakLOGkPmwdaHoj1pOlZBubt2BaWDnvNK9 w0diLA0P0CRjjxcv9sHP4qgtPsQ3fBHRv5jiQ0Z0lTVVPYO7J6UQk6432eM8AkoJFYCs fiCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097500; x=1767702300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3nHulfxIaFp0eLnWLsc4jYd5JbBPSzuVnUMOmRQp42o=; b=H4WJcpLXJh1Or2XIIn72B/0TlaChAN8EdOyAtaIH6IR7qEIy8cZRYpqjeiNpeo+NCM b9Q/qN1x3enmvQXnsjEm/54AE13JSj6QToWaNjEe+0NXrp7ZhXnz/Emdue6KTUODNXXt M4Xt55MipoXTK0VJ0g7VyomoPIzfjmLyjmHQVP/3ImnDwj0fGsjv1nQclayAPThd/Y5c o8gAFghopC+IPsta+/Q+woUH1VRMvucFqMcBzGxfMdm2GgtiLgv+XHOBsj3iEQ/5Sd5Z ahfTHtEfscvUBulhw/MPlWh6lpUSR/2a6g7rZxVDrhCNC47gsD4HRKsYfdWGyolS+nxw 7atg== X-Gm-Message-State: AOJu0YzzNHp8GMKNLKNYG7N5XJ7F/F8HU5Guav0jNZ9icQqWcKTRnD3n Mo15laGRTwdpizbyBhllBuQWSxoCtU6Hvhykoc2ei3T3YMEp/Gd3w0PSVwmycA== X-Gm-Gg: AY/fxX6WIaMOSFqnL77bVrewxV4EIMI/xOpyf/fFTeb2jdX8nvGj7zZnC5OdR7G6Ttd JzMmNVsKYC1kXTs3sBtknIcnWA0qwH21Ew25Fazi9mD9ty+fShTDuhaP7EL5r/w7YqTnXTj0BcK bCQH66faYcCZf5sWXPtiF6tApfH9lzTYxBQds3GoLbPKzKI9O6szs/X+fskmQgPzkrdvn+0zTof Fq79Cewplkv/GLlr2uWb/w17hABMH5Xh3574Wdtb/PSys4SwvFa0bbRcALkcMni22RMwZEOFhAQ OTHpm9XmFADXM5PtkHAjce953cPB/gK35P+9jOVWgLwd6paWVaTZZHpHttCv8PH8NkUkezM0KT8 McstiPn5d4SbORd0hhfjpK80b3E7t6dH7ARTRAPmwJ2l/Fn/C3JeNyFexm+57+XBPofl5xUTxLq 160btlKXKy X-Google-Smtp-Source: AGHT+IH0wdg1ozZnWiuizvMDrybZJQxcrgvTHEDAZ+GbTI3DjwM9rrV9n2JTgoICMqX+NYA5P4XwwQ== X-Received: by 2002:a05:6000:25c1:b0:431:a50:6e98 with SMTP id ffacd0b85a97d-4324e5061e4mr37086920f8f.30.1767097499692; Tue, 30 Dec 2025 04:24:59 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:59 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 07/10] python3-matplotlib: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:51 +0100 Message-ID: <20251230122454.721515-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123013 At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are tracked by the defaul python:matplotlib CPE). See CVE db query: sqlite> select * from products where PRODUCT = 'matplotlib'; CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-matplotlib_3.10.8.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-matplotlib_3.10.8.bb b/meta-python/recipes-devtools/python/python3-matplotlib_3.10.8.bb index c92af94732..ce8c7a276a 100644 --- a/meta-python/recipes-devtools/python/python3-matplotlib_3.10.8.bb +++ b/meta-python/recipes-devtools/python/python3-matplotlib_3.10.8.bb @@ -47,4 +47,6 @@ RDEPENDS:${PN} = "\ python3-packaging \ " +CVE_PRODUCT = "matplotlib" + BBCLASSEXTEND = "native" From patchwork Tue Dec 30 12:24:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77694 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51645E95A81 for ; Tue, 30 Dec 2025 12:25:11 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63173.1767097502129724678 for ; Tue, 30 Dec 2025 04:25:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ICo4MtDh; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-477bf34f5f5so72301035e9.0 for ; Tue, 30 Dec 2025 04:25:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097500; x=1767702300; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PNxyiVRj1gZgzDnZqm0XmnzjHGniDUj0sCqz4ObYrvU=; b=ICo4MtDhpfYt4wEbq/PtPNGliqa/INcaP9IrHwiRx2LkJLyulEmr8FimAf15VKXWEd SI8E3ACWHovmLk3/D0pyNgi4dxGCE+2XF0EdillFyrue/747kohcekg6ypbQV9hDo1c7 wQGS5yA4fBTjSiMd0oWBx4iywXIp1P14c+fmbQbddkg9SKW8pdGTh8nDkp/z8A4Rluac KpT9wLjE2DuKSKRzPyGTwiQqHWdcvc8zD0ags0mg7jacc7aOA6JZpSsjjQbs6zLy3lU1 ychr7LUN6WRMjSUxO4zaOZkoIFxOTKfqzDrDRdEVyJ24gd30ZEvXRCHZwgsw35qnRUOb Nfpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097500; x=1767702300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PNxyiVRj1gZgzDnZqm0XmnzjHGniDUj0sCqz4ObYrvU=; b=S1ShAybOMBXSIG10yycN+J3e1iYtKFu3kAWDDr0XDEC3uLPXPU9+BFBUUIQPa9uilR ZweLWZ0PrVb8GaPKnLcEgOmfeC1i/eE0Vsl2wYDhI/jCAR8abiERoYzaWqTiVAZHQgIR re6p8Pk3CywOE5yXJD+YIkk03X4dDl6SvpplirPi8Lr14tFdBuIc9Au22MDafrYrISw0 T/usVi1Bs6MAiVAd+Stqi6pJkI2fkNeVcDGE4e4uOWEK84kKQ6OIxtcbl6aJOLXZf8jr iWx4KeuIxI3C383QjnN1G3cnrlZWGYGxPwSaqzxKC5qMhYRQ8+wY8xXJnzjOQIMQnoF6 IGmg== X-Gm-Message-State: AOJu0Yw4Uvn1gL4ihqB/y/PlC47hsz0Jx0xmmCSmRoQaHHQjjDHGYT99 4uOn8IS8sAUetC8RdlCeCkYtBtQpPmnmUhulTweduhG73XVQ7QMIc0tTPtSjmw== X-Gm-Gg: AY/fxX6YV0ws1ABw7FensLvRfH0CM1KZeMgR7xTN9a7EgHBoaXYNW4HGG8O5vCBrOUd P+C34i+hb2n5x9P7if+XkwC/w0w+ytGM/y7ui3n6/tDIcjT0sMFLd0s4dPYJiI0sgwRfJ+HTPzM lHoMlhqCmHygnOam7C+bzc5Pv6sHrTS6jYC4LjvLJ1raI+WfhJcjRTpVhbsSwc4Db5NmYW0Y7nR +bXRXUGTO4JW7I6EjVqOZJFvNB9/NNihAxiueEPdel0eE/mKGliqgV8eBmBjFV5XwddJTnHjNz4 fc7jS9RcZne0aEwCMLyVOGvmijTIoTJArqcZHR1MhjdJwDTHR3/XXXg7ARfXDGkc4Acl8MgHLOc R3vwTbipvRlldmw/4Y/UNOuyUT6Ryby38Euu1svGgzpv0U6O+skNXHI5itxvP7DSrGmDz5cjrvd sygvtjTbSh X-Google-Smtp-Source: AGHT+IH102TK+23DPUTehxbIp66PxP0EWOih+/zYSYKxhwbM5gdkM8WZsn89BGYcAs3bvdV1XBy2EQ== X-Received: by 2002:a05:600c:4ed2:b0:475:e067:f23d with SMTP id 5b1f17b1804b1-47d1959eaaemr410022145e9.25.1767097500325; Tue, 30 Dec 2025 04:25:00 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.24.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:24:59 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 08/10] python3-httplib2: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:52 +0100 Message-ID: <20251230122454.721515-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123014 There are no CVEs tracked with python:httplib2 CPE, but there are multiple ones tracked under httplib2_project:hgttplib2 CPE (and they are related to this recipe). See CVE db query: sqlite> select * from products where PRODUCT = 'httplib2'; CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<= CVE-2013-2037|httplib2_project|httplib2|0.8|=|| CVE-2020-11078|httplib2_project|httplib2|||0.18.0|< CVE-2021-21240|httplib2_project|httplib2|||0.19.0|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-httplib2_0.31.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-httplib2_0.31.0.bb b/meta-python/recipes-devtools/python/python3-httplib2_0.31.0.bb index 9cde7acd3a..39f3459320 100644 --- a/meta-python/recipes-devtools/python/python3-httplib2_0.31.0.bb +++ b/meta-python/recipes-devtools/python/python3-httplib2_0.31.0.bb @@ -13,3 +13,5 @@ RDEPENDS:${PN} += "\ python3-netclient \ python3-pyparsing \ " + +CVE_PRODUCT = "httplib2" From patchwork Tue Dec 30 12:24:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 577F0E95A89 for ; Tue, 30 Dec 2025 12:25:11 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.63151.1767097502889303319 for ; Tue, 30 Dec 2025 04:25:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=clA29VgK; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-42fb2314f52so5537772f8f.0 for ; Tue, 30 Dec 2025 04:25:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097501; x=1767702301; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sqltlZ/FDJgeEH/I4Dgv23cyg8gjkm0zqAVstbeEJ0s=; b=clA29VgKyNatBh9/yQ8lqCvfGHTAUGa/1xtflo9mP+hBz1IkQWlURgU6hucKwfpJJD V/OTEjTGg/bGqAFBwIuLOgsalduc/stwE11qTsUyrJUeMsDPN6wP4O3WXAa585SqmW7r YvhPGW3pzb3pPCInoshS2NYc+wTdCAOfCFlIKTtdziYqp7fBR6cow+4YJkEGjU4Lhb4z HCNyRm5t4d6obHDNpcz5teYa/7NjofRBdQC0JaxpgTecZUbs3ZinVoLr+Y8wUheIuh6h FSAknh3qfZWyMY2mCktOzVEpaw6UpcVciR8qpMwKsdghV3CzgyDjyeBa88YiXthmE9NI WvHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097501; x=1767702301; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sqltlZ/FDJgeEH/I4Dgv23cyg8gjkm0zqAVstbeEJ0s=; b=wMFsSYME7JSLvt5OttZZIK5lJGEJWiTOlMlzP5DE2b3N2/pnwlW+rBE7Tc2HTN49mp PxX89qRADjdTGXeJaSAjMu1LbsuPjgCBhVypoTeDHXhQak3fjGDfSMOrEGO1kNG3RyZi xQbKNZn+vDYFLZ6IwvLoWRpYbzZNGEvJ2DWpuQq6Cewvaw/INNu2XgNWmJmOsyyzoMgy GMR34iEmibSE01TlshNw1OvzEQ08/GVtNqvo8V9MeUKWDwq9jzp3h84X2nZAs7X2fIhF OrBeGVnCY7lisv0cnTof9UUCIwqfLUmwkAf5yB8c7wJM7SrKUkn04Jw/CUrye1gxw/Dq iH5A== X-Gm-Message-State: AOJu0YwipmSthWxo+zjtNOBGqRAcNC5de7No7Mz5KIHLk7VRmsqK1vSu cRRDjH+Zo2/4t1XKK5f7Guux28P4JBZ4UekQSHvUtifKroBguqm4Uy8e/4EdiQ== X-Gm-Gg: AY/fxX49JcVTBOSAGMWTJMLzyVKU0camMVUAs5HykqM4R7jORsBguFecDnZMLE6Kxlo RypESlP9hFfl3XN0V46wJ+rpvxa+2i2+kIdYB2rIcSc51Pq2BmQg8DRQnMoZprlrXNZcqBbfuv+ npjcoXgGWwNVL/H3kzyHvEZyQid0adzR1PaDMwKJUeAtaluiLOPaHdMUQSsrpuQKKAgI8MS7qYx HU4NNdZh0oozpFTDOxJtEK603s7P8THX86PGzRQc306KLgYw/Tubveb1r2b3KNaNwV1z9gAUmIK xUrLytlHJn1buKifytX5fXRC9TH42rFNEEI3z766OJaE6HKhV5elvBg7w3LVbJDBNgjTeYfeEn+ YoZzgRODS7onQ9rs0/maysVkIyNvBiWWU6Y6guSWHNuHgGWv3FeaF0izJ2x9LVpBqpGj69O7fOC yFHC/uRBvP0SnzfpHnEIs= X-Google-Smtp-Source: AGHT+IHNYnZtjQVl1pAJxCZRMfUm1G09T4bmgREMBC2npSIOv8DYThLQVi+ANZaFF4ytpNYS+HqhDg== X-Received: by 2002:a05:6000:2203:b0:430:8583:d182 with SMTP id ffacd0b85a97d-4324e5015d9mr43478646f8f.29.1767097501133; Tue, 30 Dec 2025 04:25:01 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.25.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:25:00 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 09/10] python3-virtualenv: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:53 +0100 Message-ID: <20251230122454.721515-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123015 There are relevant CVEs tracked under two different CPEs: python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed). See CVE db query: sqlite> select * from products where PRODUCT = 'virtualenv'; CVE-2011-4617|python|virtualenv|||1.4.9|<= CVE-2011-4617|python|virtualenv|0.8|=|| CVE-2011-4617|python|virtualenv|0.8.1|=|| CVE-2011-4617|python|virtualenv|0.8.2|=|| CVE-2011-4617|python|virtualenv|0.8.3|=|| CVE-2011-4617|python|virtualenv|0.8.4|=|| CVE-2011-4617|python|virtualenv|0.9|=|| CVE-2011-4617|python|virtualenv|0.9.1|=|| CVE-2011-4617|python|virtualenv|0.9.2|=|| CVE-2011-4617|python|virtualenv|1.0|=|| CVE-2011-4617|python|virtualenv|1.1|=|| CVE-2011-4617|python|virtualenv|1.1.1|=|| CVE-2011-4617|python|virtualenv|1.2|=|| CVE-2011-4617|python|virtualenv|1.3|=|| CVE-2011-4617|python|virtualenv|1.3.1|=|| CVE-2011-4617|python|virtualenv|1.3.2|=|| CVE-2011-4617|python|virtualenv|1.3.3|=|| CVE-2011-4617|python|virtualenv|1.3.4|=|| CVE-2011-4617|python|virtualenv|1.4|=|| CVE-2011-4617|python|virtualenv|1.4.1|=|| CVE-2011-4617|python|virtualenv|1.4.2|=|| CVE-2011-4617|python|virtualenv|1.4.3|=|| CVE-2011-4617|python|virtualenv|1.4.4|=|| CVE-2011-4617|python|virtualenv|1.4.5|=|| CVE-2011-4617|python|virtualenv|1.4.6|=|| CVE-2011-4617|python|virtualenv|1.4.7|=|| CVE-2011-4617|python|virtualenv|1.4.8|=|| CVE-2013-5123|virtualenv|virtualenv|12.0.7|=|| CVE-2024-53899|virtualenv|virtualenv|||20.26.6|< Set the CVE_PRODUCT so both are matched. Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-virtualenv_20.35.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-virtualenv_20.35.4.bb b/meta-python/recipes-devtools/python/python3-virtualenv_20.35.4.bb index 28444f12c4..0c50a35be9 100644 --- a/meta-python/recipes-devtools/python/python3-virtualenv_20.35.4.bb +++ b/meta-python/recipes-devtools/python/python3-virtualenv_20.35.4.bb @@ -24,3 +24,5 @@ RDEPENDS:${PN} += " \ python3-modules \ python3-platformdirs \ " + +CVE_PRODUCT = "virtualenv" From patchwork Tue Dec 30 12:24:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DAA2E95A8B for ; Tue, 30 Dec 2025 12:25:11 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.63175.1767097503630952328 for ; Tue, 30 Dec 2025 04:25:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VZVESh58; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-47a95efd2ceso89768095e9.2 for ; Tue, 30 Dec 2025 04:25:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767097502; x=1767702302; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=USRKtRUeJP7hg0nR6VqzEPx53s8Lb6J3qddJWL7ida4=; b=VZVESh58SUTfRiRJnIilUtshE2Tr1BJ5D1GDP5vXGTCFWpkZw3IR7M2eh8Bg6IyHbi G5Jzyru8AgjIkMNke7Hd7MnKBLhd1pzzon8iKcX4YozShn04Ku/4x+pER4g+gA6nCrTL tkO+CBqAQQxI7m9faUm3nBYKk242SefULxFhEtSsGNPZIxK5gKvKYLzWviz3CM9G17Jl cPW7jE6vzB61GEzseZGcRsXoImC2/DL7KgLahkRaU9t1i7isT+B+eAbQkwO2TUYDGaqb Jg5QTgxVnTbxb/Wpi9qS/XKLGhkfs3PlnvFmxWQE7X8BUaNuhKyIWVNSsAAb5PHAgqov SOrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767097502; x=1767702302; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=USRKtRUeJP7hg0nR6VqzEPx53s8Lb6J3qddJWL7ida4=; b=mjMz4Uc9Ku5Atbr+jDrnFae3jyF1woXJBw6Hxay+7D7LxB5G/73NKU2cbDW+V0ADLw hjinT5dZZjEyCVltRj2Q0K+WmmFD9pop/ukIA1GjYTS9cWDZkhuE0Xy4IlKGthK2P6lo iWvEW9LDiSm2AmlljpeRig1QYoT+HH/nKEMrtb8VvR+WR5nk0xBiaKXsI8g3JdZsxNh0 GR/7vwN448vIbAIP40iOW53dO6cSl2OdgcM7FLvmev/sNt/FDAhQfsTIKohuA4MOJliy CS6j/jpwfxmLIjxhda5Rj/zA0ABAYOmoXezZr2hvfE1YvNxFuLgEMX+q+dghMGvR7az+ j+6w== X-Gm-Message-State: AOJu0YxnpXHnsbrPqUDcGDM1gXhxhf6fgbxN8cxHLUyOj+GPqIALN2iH ckHUJqE2UVNFHYPe8Z/ZOkt5aASs0/JY583IbuuODfgE65THs7GyZmZ8wwj3hg== X-Gm-Gg: AY/fxX5BBR+829zeZEUIX32dF/qNa2S5sSJCjIeuLUG52VYb6q00/ZCh+mo6HNYuAA3 B4XxufyBtndtKlFCRbiBZYOE0quuBm6LuR6L8ijzUFEX+2pBEBeGkuDfIPboPu3gGk2bX0OqAHE uw/Yk7bCISPypjMCrHkYG0CvWRiAqGeWmE1A14HVyk8cHuDl3l3Zj84jq9b/Eie4HjMp/SEO9zq YfGZS1AflncegQUAaS8aTEAwf3zBkLjo57Qf20I5bX2N1M9VUWFHFPpwhhv6jkBawTcE+P0tMKP wmoZGtcWP+zH/TFV/CQB699AzopDihl7e+KCVHWtwfqiOv9zKfv6TdXO5zqfNIQgpqcVVfK5YRq s0U8+sHnAIrsO25OC2DpaxYw8Do4CseiuMNSsm/KYCHFhdOvOEDFatJIRfb4VyVBFFdkyPaYKU5 BdTkGrPxUk X-Google-Smtp-Source: AGHT+IFUOh+Fu6wBeJhuz7WsF7aEO4CT/JMar/H4NxLVR//honDe+2ZYR4aLZibysWipWI2asDgVDg== X-Received: by 2002:a05:600c:3b0e:b0:47b:deb9:fbc with SMTP id 5b1f17b1804b1-47d1955b7f4mr309197245e9.2.1767097501785; Tue, 30 Dec 2025 04:25:01 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa477bsm68395060f8f.36.2025.12.30.04.25.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 04:25:01 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 10/10] python3-pywbem: set CVE_PRODUCT Date: Tue, 30 Dec 2025 13:24:54 +0100 Message-ID: <20251230122454.721515-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251230122454.721515-1-skandigraun@gmail.com> References: <20251230122454.721515-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Dec 2025 12:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123016 Relevant CVEs are tracked with pywbem_project:pywbem CPE instead of the (previously) expected python:pywbem. See CVE db query: sqlite> select * from products where PRODUCT = 'pywbem'; CVE-2013-6418|pywbem_project|pywbem|||0.7|<= CVE-2013-6444|pywbem_project|pywbem|||0.7|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-extended/pywbem/python3-pywbem_1.7.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.3.bb b/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.3.bb index 59c9914bc2..6857563079 100644 --- a/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.3.bb +++ b/meta-python/recipes-extended/pywbem/python3-pywbem_1.7.3.bb @@ -49,3 +49,5 @@ ALTERNATIVE:${PN} = "mof_compiler" ALTERNATIVE_TARGET[mof_compiler] = "${bindir}/mof_compiler" ALTERNATIVE_PRIORITY = "60" + +CVE_PRODUCT = "pywbem"