From patchwork Wed Dec 31 07:54:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B5F1EE57D4 for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81865.1767167680367158317 for ; Tue, 30 Dec 2025 23:54:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KdtWiEHs; spf=pass (domain: gmail.com, ip: 209.85.128.67, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so81194105e9.1 for ; Tue, 30 Dec 2025 23:54:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167679; x=1767772479; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=3zCHW6q/C7fUzean9kzGm5jCqNb2WJxostlxHsTSf0Y=; b=KdtWiEHs15ZC94BTeZ8vEGGS8UnOyuMeU/SDfrQKZmGmazWVgdgbmjDrDnZgHsPSXs tD46wt+iZ/p4EoNTpy4fITCnR4qL4Aj0oQWW3wQgCfTB+nZp+TRXXb9OHAek2H6EvGDV JDiHct/uiJDlp1nrAgoys+STQVNxSQjfn/FPgVB9pzCMottx+8bvMOaqUjVWbRMcxeW1 XutafF0j0nHbNU1MsIxgEWaYLmoDZ+tomwaTRU4+Lnht3UhH/KS4sqiOnrD71OE5vjHx BJylBJSnevNxvPx4K+fKRW6tfigqKmFedEkUX/z+gs5aXIKYtSTLL5enu2IJgoItC/fz JHOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167679; x=1767772479; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3zCHW6q/C7fUzean9kzGm5jCqNb2WJxostlxHsTSf0Y=; b=fD7MuxI6bAVgSTgJtgzcgpU3pwp4xQOZtXmzvOPLofGr9+V4WjxArnjy1vq9pbNI2A K32A9k9VkEz63VqE3TjQiPf0bgxnprCUrzyjGRSsxmU9KdxNSVG0agRzoP7LQLr/y0wU rAVY8DUNtOufkfdjKqC+h/7ShYBX6UMZe7V8TCP2l2CekpnAMHk5vDMZtprltVuAcoWQ f/Vp6YaORPadRPWkFZfwIsddIRGD3yAegrGeFjx3Yml5sXL+0vg42/iVAFTo4Z4r+t58 PBVLXWj3Glvzlp4xvP3h1Yy/Dijk4/DNED5Pk80gKMluCH+Ar81uY6HlvIAnJLZuYL6u SkXA== X-Gm-Message-State: AOJu0YyASpkueC6C/tPX5I/qt+Ru5EAWSBO20YfH6ZNSmYUtmJF6/MNc /JshjFgphseQSHylxBHANr1QWeTCOcnWWwCW/uNcPbeg4z2kQZdySJgktt//aJ1G X-Gm-Gg: AY/fxX5yw4TeO0a03pupGQvLE5xhIwfWTUkb7p0JtSRd+YC560vjPpatb+tYkNgOw6P 2boTXVpsDlbq16iqFRn5kiK5/u2enFVot5NnVnmTTbkQ5xCWMhAR3G79QkakHSLrlRTr40QNKhN nrvLUh5CUZyNU4R/3BDLDWC6AP9VZ/4UvSrXFVZfofQ1ms7c6ApkzzffYj8nZqpGhEgjo6rOb8B AidVfbvDmjYMXGKzQvSOuWZHk4ScXik6EPBiKQTlzFnJ+c4PoO8eENDE5d1F8T8lRfmIhx1m5vI wr+/GVsi9jgeklJFLNS+10KXgIkZJUJRyCFT04ha53jmI8SP8uhuOMPghGV/fXQG/SGNLb2OKgC 0mIr4iAhGvWYiQTDgmO1dlowFuHjmDbed315J5g/Qn2o2V0o3Fok7ouhl4nTvO26Ul1loLgNCtL jKs3GOX3Lw2+OqewQ1vms= X-Google-Smtp-Source: AGHT+IFzAiMgxkHbuF8tQ3ntEIWUFlH5AVmjWHOgjVFlKq3Hmd6MRtSNiaJf6Ez2s9x6RivFgYcJDw== X-Received: by 2002:a05:600c:1d0e:b0:47d:18b0:bb9a with SMTP id 5b1f17b1804b1-47d195a87b6mr441768235e9.33.1767167678474; Tue, 30 Dec 2025 23:54:38 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:38 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 01/34] python3-pandas: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:03 +0100 Message-ID: <20251231075436.771395-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123041 Currently there is only one CVE associated with pandas, and it is tracked using numfocus:pandas CPE by NIST instead of the default python:pandas from pypi.bbclass. See CVE db query: sqlite> select * from products where product like 'pandas'; CVE-2020-13091|numfocus|pandas|||1.0.3|<= Set the CVE_PRODUCT accodingly. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb b/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb index 60cc01800f..91333d129d 100644 --- a/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb +++ b/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb @@ -15,6 +15,8 @@ SRC_URI:append:class-target = " file://0001-BLD-add-option-to-specify-numpy-head SRC_URI[sha256sum] = "4f18ba62b61d7e192368b84517265a99b4d7ee8912f8708660fb4a366cc82667" +CVE_PRODUCT = "pandas" + inherit pkgconfig pypi python_mesonpy cython DEPENDS += " \ From patchwork Wed Dec 31 07:54:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77807 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE40DEE6420 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81797.1767167680853523257 for ; Tue, 30 Dec 2025 23:54:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mvSDheYj; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-47775fb6cb4so60954195e9.0 for ; Tue, 30 Dec 2025 23:54:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167679; x=1767772479; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Fxn/RzTRVWkPMNWwYsAv6EZi61pWsXKcFtAB+d+/NAY=; b=mvSDheYjQ3FN1+RjXCNk2R7/XP8hPNEpAq5R2YOkfxL8NqYjeSXigSTDdo/MmnUFQ1 aFr5xDnU4GHC91Q5WuxaLCDtLY8RynbD9hIE/3T6A1jfAF8uKyRwN5t5yJDDFJET0z/t G4K75se8IoFwfZ8px/2OqiUTHuutGilLDPKBfzAVaGvvRBZYOozrzNQsdD3XTxMEYyZZ JjFzPfVtddvgBHYIuI7gfUwjOgx28Y2WFZI9tCRSAaOwqJzDU0FNO9AhZ/Tj2+WIGNVq KPPhhE5zqxjtoBzgyyDiANwRaV1tjkpUHIuOainQ0G5TVRh/lgHXBz/QcSWWumtDtVdP VEQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167679; x=1767772479; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Fxn/RzTRVWkPMNWwYsAv6EZi61pWsXKcFtAB+d+/NAY=; b=rJfuP1BPQKD1mZ25O5jVF4Np9MgWovrflJGvM3GwT1oKpB8F5n9InIVKEMVI37bJWH zesN4UDMakgXiXJ6fZpsG0gUNwwuC6o5Qxz/vQPXoOx4o9VU+u2Q+gqRSQrHtqPumLkH ZHWMYDq8bkG1haTvXNCpYT42E6A6F0fLvNkIyVZhRfy1szjy9g5GpyUy1JuQQ1A3DrD8 BhQNoIykWQD6gxUtZytmSdhJtQa9KVkm2AjHUobSUmLDQYcdT/eRKCn2vtMMwJ7Oqf1R V2D56toFjQvEhILpuTSylnquTwcc8SOTP17qwjWyKYLpXK+K0hTJYDqpCuJFyif3U5Xv XFaQ== X-Gm-Message-State: AOJu0Yxb3wZMfzIeB3kUPqBzVHFcuREwDAVy6fENc2sa25xGMJexOsvb yRGt6XjrzC4uHlxCNFDQW03Tcc2+38LE1JNw8OhrlGlhHoKtsFJb1ai9oGMGWA== X-Gm-Gg: AY/fxX7AKtl3NCGHZDB8+M/sRpTuWdbc0m1MhT1mDmefQDU9NTjcQ1VlKfgYaOeXRPJ T3wTcwVHYU0XPJ+kT4NQAcfSWLElfwvJjRw7twy7Asr51oPCVPYqMX0omp51vIrrqCiyEMUUqLZ nRTVR9Rna0+ci0AWmAOypNv+MwCJ5nXaa865YOJ65ALEfrYD9Q7hZPyFGApGhLwUi7TVZXxYOBY 5verxwju9JIHM4RmOGiY4VXk75j0SupY7vuSdy198VxZTizG1a0AK4xbLf+iBSvJGaHyFsO3qJV rV2ltMCrXz7oV4dgZJ2jjasnPAhEx0bUVt8yWmvsdF6xruWFo3fe+hkPvRfV5caVcoXQDYOOWaR wnu65oEkyp/z3XhNs658FoJOawOcqvr6pzZ0z0d/Qttynq9vVIC7IXx7pX0boQdGIjMh+qw/a9z qmUpmbo87P X-Google-Smtp-Source: AGHT+IHMrsm0AhKZ4mxrKq0whnPbOMtn+oYbW1kyLfNZfETx3aDUo9Yw7egcT4xWVxHT4REaGRA6rg== X-Received: by 2002:a05:600c:8718:b0:477:63b5:6f3a with SMTP id 5b1f17b1804b1-47d19586ae0mr407394515e9.27.1767167679131; Tue, 30 Dec 2025 23:54:39 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:38 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 02/34] python3-flask-cors: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:04 +0100 Message-ID: <20251231075436.771395-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123042 The related CVEs are tracked under multiple vendor IDs (but none of them are associated with the default "python" vendor). Query from CVE db: sqlite> select * from products where product like 'flask-cors'; CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|< CVE-2024-1681|corydolphin|flask-cors|4.0.0|=|| CVE-2024-6221|corydolphin|flask-cors|4.0.1|=|| CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=|| CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=|| CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=|| Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb b/meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb index 6606b3037a..d3e97dad9b 100644 --- a/meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb @@ -16,6 +16,8 @@ SRC_URI += " \ SRC_URI[sha256sum] = "f268522fcb2f73e2ecdde1ef45e2fd5c71cc48fe03cffb4b441c6d1b40684eb0" +CVE_PRODUCT = "flask-cors" + inherit pypi setuptools3 RDEPENDS:${PN} += "python3-flask" From patchwork Wed Dec 31 07:54:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D1F6EE57DB for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81866.1767167681636629947 for ; Tue, 30 Dec 2025 23:54:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Hhvn8RJM; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-477bf34f5f5so77326085e9.0 for ; Tue, 30 Dec 2025 23:54:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167680; x=1767772480; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=v+MR6FfbRJzGMLmOLU82ARapZae5QMTWMbz3Q21ftuw=; b=Hhvn8RJMWRjrkc6KnSmWYo2CEsvi0dPjNG8abyxhPZPZvVf8CRCzmxxYRMUcU7IH9d loW/tDSHVZzTi1hV6lrD5qqdqNws/3+1MQVuYTN7vamSIGT4z+r2dwTUv5rFU+XPGaRp Yu2YPDNyU26fVLuJ8m/m4anHQfMOw2c9NlrauoGJrRsYzVW30Mj8o3mEsTgrw4cJMfua cDha5KLRCEn99yw424JVeE7lnp1xRO7W4nDrEXVSo7sQ6B3Z8/UjJPaGWgUkta1t2oQs 23f9DMzxXfnHmIJMnKkazrapOvkch1UFIBhZPnVTUQ2++Uq2W7dCnJ0IkIy9ur7GeFYn pYHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167680; x=1767772480; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=v+MR6FfbRJzGMLmOLU82ARapZae5QMTWMbz3Q21ftuw=; b=SX/7PaDC/g1BpJLsRy4UjYFbVzR5LHlA1wH70QHmwrLLOID+Yx0ldEMutfW8+r++n/ BH0ciXisZftseotOWec2oBpQuhbo1dx09TTu308rJaOdOqOLJcP8o/pvE++B/0SPenIQ TwqlST6XEjC8Bd3kLacFjMAt4OMFQ/qR71IAZiQOYlESdgc4PKkgubW4YPec4BrcZojg iBp/k2sdrQnLIgUcmvoxCG1brQjS8raN9m2uDR8sqDblp2jiHhgGSqBjNM2V3At7wldf Zzl3YD4DmVN2/DDKA+zXl4PRGWlg8MtrJrIn+csn5OUyCCHrSDjyHOA2aHt4iCSBkpoJ Q0UA== X-Gm-Message-State: AOJu0Yw1aIyvM0DWmokAN2ctVvD56xaXvEH7qw0STBdyI/fY6zVp2ijK U///pJ63M1oIh/GbAEwPoPVABNXimEThIyuYIul3qJUrqcl6e+KEqk8r8fBQHw== X-Gm-Gg: AY/fxX5JcmIU50lBK+6VE072QOCNUoGMl/cR9lqpU8mAx3YRedPZ/yvanSOiS21X6WH ZoZFlYHHi5JOlk7qV+bs5NcnnOPIGl8ukEHrN0AAEieItQ1gKE7GP/4oDB1EntsXoqT1ze6DvJZ Npy4fNN1hKaIGD1KpFIoywE+7ug1rRkhywiKlUk0FJsPJ6VHO0lHkQzC2QQ9zHFr+PrD2OdZJAQ HdjApv9UPs9bGH6VLv+i5Q4f6uRPrG52oItB1WnX0o8S78NW9X29m/0zD5xnedpH0hb+acXtdqp HKiX6IvhX0EPtERfR1+JY8ZwSo+6tYO7r4qQIQlELIRgGxTPqcCZovmLCMLcXWVd9h0t1jJcDLw lmilvKHiU4SqHHYrLeI+6AauiLjrht2avj2Yy2iN/mWQZzA+LvQUuqHeqmZy6kBrFVNqqtHlZ0G qZ7FHkJK5F4elRuh+v2Tc= X-Google-Smtp-Source: AGHT+IHdUhZW/Ictjwr3agXjrjS4I8fOv59Ub0ugPz6ifV3XOg5SeyPd3ZNz4+nRrFPwAT7CPLCedA== X-Received: by 2002:a05:600d:4453:10b0:47d:2093:649f with SMTP id 5b1f17b1804b1-47d2093660fmr283989935e9.8.1767167679890; Tue, 30 Dec 2025 23:54:39 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:39 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 03/34] python3-py: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:05 +0100 Message-ID: <20251231075436.771395-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123043 The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT accordingly instead of the default python:py. See CVE db query: sqlite> select * from products where product like 'py'; CVE-2020-29651|pytest|py|||1.9.0|<= CVE-2022-42969|pytest|py|||1.11.0|<= Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-py_1.11.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb index e0ef71df83..143f7ec555 100644 --- a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb +++ b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a6bb0320b04a0a503f12f69fea479de9" SRC_URI[sha256sum] = "51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719" +CVE_PRODUCT = "py" + DEPENDS += "python3-setuptools-scm-native" inherit pypi python_setuptools_build_meta From patchwork Wed Dec 31 07:54:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77788 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D405EE57DF for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81867.1767167682204215589 for ; Tue, 30 Dec 2025 23:54:42 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=X+fzOuey; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-477770019e4so89200295e9.3 for ; Tue, 30 Dec 2025 23:54:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167681; x=1767772481; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hXZa8q/pUHZ5KFTolE7yRKke48iKzA970L3C07Ji+nY=; b=X+fzOuey0hljphCVcOEkM+oUEl/T05GrVi2lCaB0ZR+jHXRt1tD+1L7FSd89M4HbC1 1t42Tw44SUgbe0SCUSaPOrMXQtv+u15hr+BFlGBBgk81bMgVDcq0kAPY5cecwEiwIDtc fT+wQnbB1qRjMrsJRbra7TJUzOmid2YslyET63mLX5tW1mKI5hL71IcvwudmXeTHKx7m YJV6YC2P1PaNumsajyyZ62T59ohxokv5iH7+A0G+SK/oVavDZoveXjTF3JWzAMblQtEW 8IjZsGbqegZcnHL8i33Gw4o1a9zAAJ1taOt3TvwPCOVUQPJnfLETT3sodVRxUKNbo4uZ lWLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167681; x=1767772481; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hXZa8q/pUHZ5KFTolE7yRKke48iKzA970L3C07Ji+nY=; b=gvr/yoU+cyzVOJ5zyx6Y/gwf/CmFRpFxO3yFo4SUKX01BxeFKq20/tTk2xzCDMmaJv 01EGeeGUp/8uVeI169cSCl4mIBFRNzulYbeFxpz0+sFrH/SBpGgx0hauHh09oAbNk4Wx B10Th/+Asvs1X+hq3uVxJid1066Fs1uCqoakkGmSPf/hfu9V1i1HIHtasM4nX1URZnB1 t8tV95Vyl/gMMuJjjFB1xxFDse1jv6W2XX4sb1lovnANC0t0Lk+Bh//Frq99A52OW/ap Pyf9xF1iUVU4b+8S5QIS3Bw0jvVr69r5IS6dOWoomF05D/J5tyNZ3KZmUCYLSL3akvPV zzHA== X-Gm-Message-State: AOJu0Yxz42aTCi5KOeT3iupdYj6Y2Lp4XNBPXSoYlnDnHrX5Z6ZXoaMi lNO9n8bipQBOLzeRVzwgPKf66GgWmgx29ifEKIaUpaGKBpSih/1yfD/ofBEExg== X-Gm-Gg: AY/fxX4TpAFRkS4/DyH337+xzEL6CdtaXi/imUp/B/5Qz7Fgs0WbwXQk+7fO4fMYLTw iYz7pnXgQE3qPcT3LV0BvyhxSTlVWzTvq+n1Zl1NL6BwTIEw3n9sAjlN1fzHPDQ3wkdRn6u1xc+ h7kZVi7y68kHIwbjqGGu5Bl3LpGHZAOTCsUgmjzA7fDf/RiN9VEeaIZsYO1md7WeKuyV3U+YNG7 iUp/9tJb8IDJKBtO9SiAfMyfPgbqjHgkGDebZRt/+NkG7q5/SpVHAKm0asQWVi+sWQw1AFhoJDJ VT8RzKRTVJeM0fh+DYReER8qo8FWVuJu6sjlnEKMNBHbLeNrVYA9FFO2p1obRtQTZTwZl28b/zp XIdPZW6Za8wCZ9WE837c/NWs/ejEQZfl4Mk9FjS4ssWyWlwsF4RlVuw/k/ScEhMp7XKUvOS9lNO 1dBWE3PWDz4m1NUtNkwds= X-Google-Smtp-Source: AGHT+IGoxB4CAwnPP1gtlRFvQu0kfv6yS3GgB3xHOjgh/DcJs3z981YLPWKXD4MJ7C/JHypnXJg8qg== X-Received: by 2002:a05:600c:3b12:b0:47a:80f8:82ab with SMTP id 5b1f17b1804b1-47d244d4ab0mr383806985e9.24.1767167680488; Tue, 30 Dec 2025 23:54:40 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:40 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 04/34] python3-autobahn: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:06 +0100 Message-ID: <20251231075436.771395-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123044 The only CVE stored in the CVE db is tracked with "crossbar" vendor, which makes the default python:autobahn CPE to not match. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'autobahn'; CVE-2020-35678|crossbar|autobahn|||20.12.3|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-autobahn_25.11.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-autobahn_25.11.1.bb b/meta-python/recipes-devtools/python/python3-autobahn_25.11.1.bb index 45d2fd5e8c..922252e83d 100644 --- a/meta-python/recipes-devtools/python/python3-autobahn_25.11.1.bb +++ b/meta-python/recipes-devtools/python/python3-autobahn_25.11.1.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=588502cb4ffc65da2b26780d6baa5a40" SRC_URI[sha256sum] = "52e62b9cc80c3e989b182952a60fd25c9a69afb00854a925a2b185f7b1f73cf1" +CVE_PRODUCT = "autobahn" + inherit pypi python_setuptools_build_meta DEPENDS += " \ From patchwork Wed Dec 31 07:54:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77805 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3309EE57FD for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81798.1767167682814801248 for ; Tue, 30 Dec 2025 23:54:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JCSuKXcU; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47795f6f5c0so56997605e9.1 for ; Tue, 30 Dec 2025 23:54:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167681; x=1767772481; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=86OnqDPRW0ZfRoOjrmJT3+mIcpiSbk+KVOpXF9/Sf+0=; b=JCSuKXcUBdBH00GrmzbTWxUanF0ebictU32ZO1Fw19FPXcCrCq+p3ipghveo8/BeXe 6MaYN24NQQCKRpPbBXy9dwKdzM0Dx3wiFELt6KVAP+jaLPU0y++GQXZLnlqFswY8Bw0z UEqENrvcsEnbtSN+QHRjZOTr6navwV74BOxEtaaE34jCglofVbd2TiCrwxbfE+nXTcs5 HFicMfE8nvkfKX81W13qJ6vM+iQpRA2V0Q9M4iO9qKapKaN406oPg5ncCjYEj+nuPp4C IqKZl5HxNBa7Ru6tKI16gEwX064TfONB0g1jAWt+we2uPENckMaGgzHPezBt6nWU+VA+ JnRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167681; x=1767772481; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=86OnqDPRW0ZfRoOjrmJT3+mIcpiSbk+KVOpXF9/Sf+0=; b=WyeRdK9KR7Q31pGLAe/OyQO9IMBV/eHNq0u3ixDogMZVLIYkZF7hRSbn25JCJ0mniu oHtkyiJdPOgI+fOlaf/HfEkqAGondkHpMzoD4AjrK2JKyHsYU+vjjE3E28sLyOhOTT2O vjoUYpRYSGb7/TEcX2WrHpHX129zvTA5GUYYz7MQyry03JGaXJVUqmlDqfm+n+YrDjIC qL2d2OeEP+vqjffmDiNkWMiR0YasmRLQ1QqlIOqG4GLDS0WCzAJuWJlb7zv1ZuqHipy+ 2e0IpdRTT1o+1bbWhTnkAPXuTnhAsDdZKRrhvQx//2S+s9F6+DieuEy2R7CP3OZBsltB CYxg== X-Gm-Message-State: AOJu0YxLN4xZLX6O0Incf1tQd5We5awYlh1YBQNzet3ytC1kLx+zLrVH oOI9CMnNCF+ekEb8qmKRVtlgwm7UO4++G4ZSZyyOULWCCklbghzgHF6Dn2HaOA== X-Gm-Gg: AY/fxX4UbiUMFqtynta2tHsb3m/09k5XQvM74QVI0DWBpkYw6OofBeEEnUihKWtH6wT 5kJHlZamGdS+MPI7I5PBoyt2S/sim5cpbhw5EsLdqdotgudiFheEwJRdnQZBXcWulUGfjTRYErM uyI5/2LQkMX1CZOIwJCS3APHGDiTdDQjmuJH4TiSjPmdaaHGPssjIwakxqlGd4Ud51zcmDDHxBw eFAc4oi0h+G8BGIg6Sn3pZ1NmZSSvj6vdZUZ9/bePN4s04Y18BTabfDsFFRajsoBilPoY9DIhmI EUWrMsNliW+uYxQZNNl/5fTEPymCleOwM2Gz9T2seLrMjUNd8aS40/RhJBRrZ7cifNXeeHiEeN3 DgBWtlHTgMK/Vpf6B3O2v86FRof/lUnVYF8TX52gzxfOphH+eI3N7x25P8qFPgpLjLSHExR4nGL ssVc3ZNeo6 X-Google-Smtp-Source: AGHT+IHGng1K/NiVkbqGdLiLB1qOvOBgYjlmYnWczmkSlznTElQPZnPG5JU1CtHQVaBZJvKD52gc/A== X-Received: by 2002:a05:600c:818f:b0:477:a0dd:b2af with SMTP id 5b1f17b1804b1-47d195920damr432911545e9.33.1767167681127; Tue, 30 Dec 2025 23:54:41 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:40 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 05/34] python3-uvicorn: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:07 +0100 Message-ID: <20251231075436.771395-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123045 The default python:uvicorn CPE is not correct, the CVEs are tracked under encode:uvicorn. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'uvicorn'; CVE-2020-7694|encode|uvicorn|-||| CVE-2020-7695|encode|uvicorn|||0.11.7|< CVE-2025-55526|n8n|uvicorn|0.35.0|=|| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb b/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb index 56d58ded0a..3013ff50d0 100644 --- a/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb +++ b/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb @@ -11,6 +11,7 @@ SRC_URI += "file://0001-ptest-disable-failing-tests.patch" inherit pypi python_hatchling ptest-python-pytest PYPI_PACKAGE = "uvicorn" +CVE_PRODUCT = "encode:uvicorn" RDEPENDS:${PN} = "\ python3-click \ From patchwork Wed Dec 31 07:54:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77804 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6D8AEE57FB for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81799.1767167683410287443 for ; Tue, 30 Dec 2025 23:54:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MIchq235; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4779cb0a33fso108773125e9.0 for ; Tue, 30 Dec 2025 23:54:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167682; x=1767772482; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OCiy6Fwfs41YX9XtzIX5Sc3aCF1SVM8nqZw7lEYd28w=; b=MIchq235U4xHsrWeV2dvf0M9BfCQAYzEONgXS/t/oGwJfRVfVb1jp+QI6aU9IZcvMb qlGjDNKnsL0Hq/uCetWDwa3WrcHbrpzKryZNx5Gej4lj285Q6XX7xxulZ5PnOsYwYyVS Y+biM1xneHaqyOFo9qKJfxU97tMBc00l15vBXkegHYViiodoWZ2k/v1PFzEjo/3u0Hx8 kj45sdjQOY69cfwSWO/sfuicE20XIo4PlM2tDlLFxURxdwDzFF900jkjfpdOVFF3RA2E AmVAczRw8rhwJCVB/na4I6/ygYsnO84zlbW0LV4tsnxGJ7b8108Z2DsgwbcjkTOD4l+u 2dWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167682; x=1767772482; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OCiy6Fwfs41YX9XtzIX5Sc3aCF1SVM8nqZw7lEYd28w=; b=scJTQUimKYTD/I5+3QHG16U+UMYLzZE+lJOpp/SX4fTA7dMPTV9ehoslhxVPpHDAWc oyFvJ0GlFPwAQaSXYug8xc7rKG3yra8mXHVjkU4uRD8cg/4FybqOCHfglDjdAEq3FuUQ IaGy73E4SmGxlKDlYjzb7YfmWMTGgpp4w3W4ETVob+JcfJuJKsSRc38SBcUhCs7R5+Pw P9T+LTs9s36TxAYygBrjGlkJ1rU+uBlGDDa7/MGumFaXLyz06eB/GcU38Y9ZEAT53EJb TX7FRcJkI7TDrDEi4wbW7blQQeRg6L1JPBoPYyLsW29dzlPSYyKWLx+0F8M5uEwnDPSP vBDA== X-Gm-Message-State: AOJu0YwUOFbPkeb7dzKE2ycf+hGHX7zTs+s+szu/E4/OBe35Mke7PcQ8 USiIP/Jxv7VqQzAC5iW3bCtsRqLkBueIgHhBb/JuD/0bP8d0QB9Ur/hMM5cdWg== X-Gm-Gg: AY/fxX4lK0/iJNdH7LUh9pdeJpozuV4vSfI5faC7GRji6ztu7X4dxwfg7cNRWYkL0Sa 1EDW6zCpSurhqNjKQAZI3vIHJfIvRvgeR6Xs9lIOSHAeMgOku4CkqxvXJGAf9B/mfFIXe4qmZaV S5SL/iTt4JrkKQmP5sOdW7sAozf4wm1yojgqoiIfB1JRYp3bSbwieCy9U+4/9qA55zWwNrr30e/ cZ1K7uaQ5NiQ/0s1BrQANw945xt/GkuQdB6nxFIqMUMG9fWeyR2O4Un7jXVq92YedjOvQ4pRTRK e2+ylYYs99C0S54Usxw0RSpk0e++gWGBE1r/zm+YnQxkCwzHQ5lYNMWL0wb6dhomnXFnkMmcM65 I6Gx7fMfokprRc5VrKW4zYNlsKu4+H8G0ePPH+9pzPmYD8MD83d2qCuf0FvCrmMk/OluIsznUEY Nd/UoWlg/z X-Google-Smtp-Source: AGHT+IEgw8ah02qXyICQ1+bwLNigbtLohtAWdZ9Tz+WzNXsFO/im9h/Yv5npin1UHETPLyjtil41Pg== X-Received: by 2002:a05:600c:5493:b0:46e:7247:cbc0 with SMTP id 5b1f17b1804b1-47d19595fa9mr377242495e9.18.1767167681715; Tue, 30 Dec 2025 23:54:41 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:41 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 06/34] python3-brotli: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:08 +0100 Message-ID: <20251231075436.771395-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123046 There is one brotli repository for all language bindings, and the same CPE is used for all: google:brotli (instead of the expected default of python:brotli, in case of the Python package). Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'brotli'; CVE-2020-8927|google|brotli|||1.0.8|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-brotli_1.1.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-brotli_1.1.0.bb b/meta-python/recipes-devtools/python/python3-brotli_1.1.0.bb index 2f7016a546..5676d4ef97 100644 --- a/meta-python/recipes-devtools/python/python3-brotli_1.1.0.bb +++ b/meta-python/recipes-devtools/python/python3-brotli_1.1.0.bb @@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=941ee9cd1609382f946352712a319b4b" PYPI_PACKAGE = "Brotli" UPSTREAM_CHECK_PYPI_PACKAGE = "${PYPI_PACKAGE}" +CVE_PRODUCT = "brotli" + SRC_URI[sha256sum] = "81de08ac11bcb85841e440c13611c00b67d3bf82698314928d0b676362546724" inherit pypi python_setuptools_build_meta From patchwork Wed Dec 31 07:54:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77806 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01F4DEE6421 for ; Wed, 31 Dec 2025 07:55:00 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81800.1767167684073455066 for ; Tue, 30 Dec 2025 23:54:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Y1K8rP2f; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4775ae77516so106711595e9.1 for ; Tue, 30 Dec 2025 23:54:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167682; x=1767772482; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=d3St2B7oiC4i6HWNd9wch3N1L29772945MX/osYt6aM=; b=Y1K8rP2fS82nww1cESy8PaYkzW+UkFkjmNYDaos0KuyD+hwTKkvOOAMbl0xwrQag2F cnUvcihKtgUtJRrosZf8kuUXapwT//NSNFzPoLr2Jrb5unWC8t69fQ6SZ+KTVfKN8MNU epd7JoDWypQ1FWaGupq4BTz1QKoMZT/dTqEwwV0pEibqIFf/y3wlb5yQnJ/6ZBW5nxC8 W9hkZ3Ou8iY2bOai0JfWIeNzoJGg1UYsesPPvqMMB/johDgrsWDBealzxw1P2lVUAHYY TK3bMfj+/fRX7aTVGp2tDGqiPrzHHjyaiBbHXv5gIzQ9WbD1OrZyKMhfmSj+b8Yys/ZF DU8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167682; x=1767772482; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=d3St2B7oiC4i6HWNd9wch3N1L29772945MX/osYt6aM=; b=Hu4G3/djdlsfmZ0kJHlJUHRCliZCcpiXCfT394SRnhiGP7IhbYfVXwWq1yeastnNVS GS4X0QOk7F9UECBTbDnP/l/Jlyg8pTQumq9y4KZ6mVK5StwzmzqbhuBDJ5zEfND7cHyW jFxc/k/FScCWV9P0cOWVm38EWTQKESGjZ3SYuTOIs6rt9/tcAmcoCnF4MK00go94gqeV GYCBzTl4nmukhz2iPNXzdTPJxNAq3FK8k4M0C5S5hKpY//uzgPpkLseVmsQ8RqXuB80U AkyLinKFwMGk8x4FruvOqpMgglnP2vRgQoY2fYD/BdekYH4t3ZDZZWyXu9ik2t7Jacnb h15w== X-Gm-Message-State: AOJu0YwdUY3FYD6HTeZY512cYv0s04+PtXL0vK6c+uYYnFsUrclUFLl8 ufQqw+ee7xIgdHhMFXizB4HJ2mKe/hlsokBX/oFIP7pRhEzRpNV/WKbXFO47AA== X-Gm-Gg: AY/fxX5uZYchv+qZR+uRh4aGQJigDdqvLD5TaxfvnWJc9YhoPUCnLxV0CpHi8M8D/F6 WzLlsaj0SAUZkxpaM+2akLx10kxLpctUoGcU+MRvmkMSy2Un71GSx75S/vk5qUPdLOX/0mMgg1J XfsrTTO2MJ4IpOBCDZ1sGp1fIUHOJ+BWZ6jAR9Gqz3oqWLOC6ryqxgaZF5KMhgF1pN65Ky2rtl1 JvzwYBhD5DBIiPL030okjevjzs/4/0xORo2qmnaKNsAFXZ+JrztMaW1dtFAr1DAdeGj91eu8Kyb 5msG/jg3TUAjPiMFIUrhxtmgJxfpzWV7sV+kFVxomKTlTUO1lBGhVyYm2qrZpY/HdaXkkZGY+E+ FzFrmY4Ut1IS8HZXpoVwwU56eCz/I/0xa0A54eEBSP0mCvKUPK8+jWW9cOch6cEav0872iGxxxx nkEF4fC/5P X-Google-Smtp-Source: AGHT+IFxFXVJs/Ffo82pukLigadyhwCEChzrxIwbcnD7HTa4kKDCt80AI+5tyRYchHjiZlOqwELRPg== X-Received: by 2002:a05:600c:310e:b0:479:2a3c:f31a with SMTP id 5b1f17b1804b1-47d1956eb70mr434427095e9.1.1767167682334; Tue, 30 Dec 2025 23:54:42 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:41 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 07/34] python3-aiohttp: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:09 +0100 Message-ID: <20251231075436.771395-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123047 The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330|aiohttp|aiohttp|||3.7.4|< CVE-2022-33124|aiohttp|aiohttp|3.8.1|=|| CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<= CVE-2023-47627|aiohttp|aiohttp|||3.8.6|< CVE-2023-47641|aiohttp|aiohttp|||3.8.0|< CVE-2023-49081|aiohttp|aiohttp|||3.9.0|< CVE-2023-49082|aiohttp|aiohttp|||3.9.0|< CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|< CVE-2024-23829|aiohttp|aiohttp|||3.9.2|< CVE-2024-27306|aiohttp|aiohttp|||3.9.4|< CVE-2024-30251|aiohttp|aiohttp|||3.9.4|< CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|< CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|< CVE-2024-52304|aiohttp|aiohttp|||3.10.11|< CVE-2025-53643|aiohttp|aiohttp|||3.12.14|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb index e249f99860..df5d674a3d 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41" SRC_URI[sha256sum] = "40176a52c186aefef6eb3cad2cdd30cd06e3afbe88fe8ab2af9c0b90f228daca" +CVE_PRODUCT = "aiohttp" + inherit python_setuptools_build_meta pypi DEPENDS = "python3-pkgconfig-native" From patchwork Wed Dec 31 07:54:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7160EE57F7 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81801.1767167684687887527 for ; Tue, 30 Dec 2025 23:54:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CDwEXtfA; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-477632b0621so65886855e9.2 for ; Tue, 30 Dec 2025 23:54:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167683; x=1767772483; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eFvnhoiDq02ErW2BojiPcDu59WqRTKQtxFWcMtO8lfI=; b=CDwEXtfAqAjSGvcXWlU30mUYvnnx+VLVw6DG+utHYUkkxQueXfBGS4bScYejaurVME Crne4cw30wnhq5T8GLCJOGBDKJdgkPI28ESIj/+g8NBG+Fkgha7kLcjvPSHgiHb96LR2 SFvD0BNw75D6F0k/XARcv1+HIgRJNg8mFcFrldu0z4ZvLycfHUcasOigXaCkX6k2zBRF Jn1Vhbc8T+Ar2496NUv4f9ndgIOzuhsvA3vv4pspgCe08qQaqWebTjK0Gl0BnFXvP40y XJIdF/RENSo7onQzlUY8rrYVatAeGGixVkiSLmESRd7C1pMcG9iu/xJ9sBkhB3GOicyK 1QuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167683; x=1767772483; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eFvnhoiDq02ErW2BojiPcDu59WqRTKQtxFWcMtO8lfI=; b=KzYgtTXxPrEW6QNozR4H3vkBwTJESCak8h0+UwsEwqk/aiDf9H3Rprh4cn9KNOOROI ERE4DbgnbfZBJGx/CW/Lp5Y5rl4tVmnVzpRBhNpp76Ehi1dXRpAYp0NDrISP7diJC3Mg tgkOnhb0WTEbmDAE4vBWrraEmuCpNVrE5aiCS3sr1cZZOgVUXRZm2SPF1vEWQn6auuCv S/Vm3l+/3cG2AO4STy3ezHJHUI4eQVqP6j507wuoxMSx2XmNt1OehpqMpvAVK1pK4ULr ndib92GWyMu+wWqmiMjf+93kpwlM/QZ83AxN+0NexxU08oH+feHgxKTcuCX8AqkdM18c 2TNg== X-Gm-Message-State: AOJu0Yy+qPLqb9idITrgDnVbBtLTINxBx1IWQVtfJ3TkUFXkXMbdR9in PRp9Ft4kmm86gVNwgQW+/UvdcacmPBnzjqyBpEb/7rSyK+R0F1kV/MDGEu5s3w== X-Gm-Gg: AY/fxX63gSF/zeuCOlxMAiTBl30Ec7PuDnhfhd8Le9sV5dItEguvO1BGyWguHZRD4pn hCi0/AQooOj4mYJ3w9N0Z/qYGaYLPsbXbzzf161xEsw1Rhod09WbU4UDw3q4jrCRLEmY+JzWs5m DMD3O62a36Oa8olB89dAb993yGC1RDEN+Wf4IcfWhxaIq5D0TRMiPH85BRMlOdcX6qRkBScOu4M dxRclKjV6J+yj5d1TOYzpUtTlYr/1ZyAE8FZudyXVG2ejDVZg49cfqRqN+ljVDaAES0aQTNjb/1 Ec/BjpbYmiEgLfb7N59GyJpF3rNO2dCfqDGWD7BSDNYtvoR84Z5FmuN1/YLFiLvkLQjc/3u1avQ +5cAyFw8yDE7N2WkAiE2vPwgCM5blROSFxXUefnHnoxD+hVfWYmQ62KhbS56a04p6dKjVC+cncB 33Hx71N1eP X-Google-Smtp-Source: AGHT+IHH8AfV7GxC4wPQp6ai6AQ43iy+9a1lRgaJz6FgCsJXVcaIQYWZmaCGbamrt5EuNTgl0VDCUQ== X-Received: by 2002:a05:600c:1c1a:b0:477:5cc6:7e44 with SMTP id 5b1f17b1804b1-47d195780eemr472522775e9.11.1767167683006; Tue, 30 Dec 2025 23:54:43 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:42 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 08/34] python3-eventlet: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:10 +0100 Message-ID: <20251231075436.771395-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123048 The relevant CVEs are tracked using eventlet:eventlet CPE, and the default python:eventlet CPE doesn't match relevant CVEs. Set the correct CVE_PRODUCT. See CVE db query: sqlite> select * from products where product like 'eventlet'; CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|< CVE-2023-29483|eventlet|eventlet|||0.35.2|< CVE-2025-58068|eventlet|eventlet|||0.40.3|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-eventlet_0.40.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-eventlet_0.40.4.bb b/meta-python/recipes-devtools/python/python3-eventlet_0.40.4.bb index 21b1e095eb..213460dc70 100644 --- a/meta-python/recipes-devtools/python/python3-eventlet_0.40.4.bb +++ b/meta-python/recipes-devtools/python/python3-eventlet_0.40.4.bb @@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=56472ad6de4caf50e05332a34b66e778" SRC_URI += "file://d19ad6cc086684ee74db250f5fd35227c98e678a.patch" SRC_URI[sha256sum] = "69bef712b1be18b4930df6f0c495d2a882bf7b63aa111e7b6eeff461cfcaf26f" +CVE_PRODUCT = "eventlet" + inherit pypi python_hatchling DEPENDS += "python3-hatch-vcs-native" From patchwork Wed Dec 31 07:54:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77802 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAEE9EE57F5 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81802.1767167685244589240 for ; Tue, 30 Dec 2025 23:54:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Reic/3LZ; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4775ae5684fso34445065e9.1 for ; Tue, 30 Dec 2025 23:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167684; x=1767772484; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FLA5XBTUtqR6mlOdHvmbGBPmPcdbXIk8f62rODYGF/E=; b=Reic/3LZw0U8uB/6465nVZFDWp1c31o1o61cgiqOh/U700VC/xLtctMPxrLGtNsFu/ bqik57bMXUHtWp+pjTLdi3Lj/gw+4w1SWIga6hcHI5OvR8iWsSXckLm5VchCOORedAD9 RnAlRdGQFqknDNrHzLQuY+zdeZ3BloS8qf5RV4i0AcX97C+6PFWB6XQAQGzOqxgKxbZu 6Lq/a08OxZG5Dl7ZS2hMbwmf3y4vOJ/H37gjXTrnOQgu1KYV7R1nlTf+WqaXV2+CEsaU VcO20Ea+cGn7eO5iqfPfKBZcseV5FuA916Tjsk64EZACRW5dsLFbc+vAX2M9AP0RI/8+ HPKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167684; x=1767772484; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FLA5XBTUtqR6mlOdHvmbGBPmPcdbXIk8f62rODYGF/E=; b=lXBW8Ru8mOBiscUC1YWxL/yDQEJUgFUfbc72USGrItfpp1claEsoquNzIzZsBKUNRc 5lwTEX67+bDa8BHPxEnqAW+5fccAGd8AmEiv2I5ktnb61WQqkXgXlWa2nZ18bBWcsB+0 3YEYmk++gaI4YVkqjyO9zYwpCE5pe0xe6LUrOnKdlE/HsgT4JdGJmFGn6kSti0lspnWc r4nGPxi0iOWvYz2Kms3CSupbmydujZ6g42BBG+LYpV7iVW1MW2R+3+/Jmt40lD7bAmEH 0ef86ZYr1CAROL7tymgmSw4YaoR+WE8iMt0/Cld20FQtDFXqmy9KzhrtCKTv1f1lQ3wE cOXA== X-Gm-Message-State: AOJu0Yy+bDqG267KN6oPSDs840WRC72Bvt5H6gNQoL7WLaFzCNxRZRQn U5uNmfTc+zQb2PPsD3GPWLRaSiAdOKVqc4k1G/0QUQKjFYMov3lfMwupk9WluQ== X-Gm-Gg: AY/fxX5AaVZbIv8odRzo3UVae7b+CjyVBC9gsPvEDn+deCE9vzVZMaL5nJR7vKAU0fS 0EO9dSskBrM4vdxy76inbx5Dk9CVY89DHnIm/ZKwAziL9Bz/G+QDSJgP578HwO1ArE4lns9UsC6 wmmvtm6/wJQAzPquPl/bk3aLvtwrZMN9i2NjmOgu1aF5Vs89jP31naBtjNM9WyRRx9WvRAsByUx gs9G9c31anLlL/Dn11DQP3Z5qW7AzMioxhC6lcHqvJQksBClRXzhlTU2WXzRcPK97ME5eoqD2Qy GslGTCGNKvrkEwz3/qJLM3YvMeg05UyybxgkNrzX54D5RfnZMMfxjmJumqcnGbmCBhWVt05EHGy 0YRM7QfrEXVmbaFKeg1Z0OuK5mugWiF6ikwoKLZVIE34OR5Gz8Fubps+DpBpDcSZtvH/nIP+QSg n5tiFBuqvt X-Google-Smtp-Source: AGHT+IHUtPSWBpM/AFI17gwOj2fNAXtfLzbSeTdZQRmfNReOB+mPXjG9UP4FDXhmMDXkNwKGXemlDg== X-Received: by 2002:a05:600c:4511:b0:477:af74:ed64 with SMTP id 5b1f17b1804b1-47d19593992mr403757115e9.27.1767167683613; Tue, 30 Dec 2025 23:54:43 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:43 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 09/34] python3-flask-user: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:11 +0100 Message-ID: <20251231075436.771395-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123049 The relevant CVE is tracked using flask-user_project:flask-user CPE, so the default python:flask-user value doesn't match it. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'flask-user'; CVE-2021-23401|flask-user_project|flask-user|-||| Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-flask-user_0.6.19.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-flask-user_0.6.19.bb b/meta-python/recipes-devtools/python/python3-flask-user_0.6.19.bb index fadfabd0c0..68d7361519 100644 --- a/meta-python/recipes-devtools/python/python3-flask-user_0.6.19.bb +++ b/meta-python/recipes-devtools/python/python3-flask-user_0.6.19.bb @@ -11,6 +11,8 @@ SRC_URI[sha256sum] = "601abcc0343dfbae0c56273d98362d5cdc266ac84d20b3f65a212e4a2c PYPI_PACKAGE = "Flask-User" UPSTREAM_CHECK_PYPI_PACKAGE = "${PYPI_PACKAGE}" +CVE_PRODUCT = "flask-user" + inherit pypi setuptools3 RDEPENDS:${PN} = " \ From patchwork Wed Dec 31 07:54:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A4CFEE57E1 for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81868.1767167685799128893 for ; Tue, 30 Dec 2025 23:54:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ZxuopbCQ; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4779cb0a33fso108773295e9.0 for ; Tue, 30 Dec 2025 23:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167684; x=1767772484; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/NkoHMc4R+SK5Wa7Zt5aatuNwuPvl4C0htaaFGVTIcc=; b=ZxuopbCQapU2vFSerbd5dDK49ygMtzk+JCTBF3zqspyLlalO7VPe8IXMLit9T545lL Nm540F3HExZgGMzaZH3UCHyqZNREoESyB4Ja01QGVZjR3X98hms3dYSK9EFzaEvPF4CO IHhQTGZG7ZKCnRb3QSyeWRp/Q6EdHNh6UIFv8ythpyS4W2sgAyoAjjQVh9G/J4r9lh3w QZGl+6MrXK8++tmGYKUeQuzOWwkpONI79Kya+hKJ0S/bBfcZ4zcrO3yj34w1339FiVRv xrMOcQc7PQOP0j7I1C6HLscPHRV6O7h1OV95N/vuXEw533zAuS82n9mMS5H175jfL3dJ HuCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167684; x=1767772484; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/NkoHMc4R+SK5Wa7Zt5aatuNwuPvl4C0htaaFGVTIcc=; b=Z7bE2NLajRAwu030lpvA0apOQsTN/9QWf+rl2e62BqRsvorTuLIO7w9vYp7iuvTYkp iNXb8vct+U6Xi0lAHTymcug4GeziNHnHZJmwDG2MXG1SzizdqxeanSplpNBEvgdgPTiG 25l8srcGKINkNDN1UeJHIAuBhM0ZYQUL/DTcRvtreYXP5p+R5tBigHNBnIPD/t4FTxIg iVExvnW1K/Sp7y3drw1hM8lvCdk31zv4Yrcbu/cJ6y6VSvUCRLy8cdI3U60SjdirzBAY UUGgTa7UHJ+dRJQvDLh2zhgp/n6UW8OmEnbiPnnvsLsFPa7F3HZ81h6pYASEmpuzeG4S yMQg== X-Gm-Message-State: AOJu0Yw7aaoE4e9nzrxx3/HxXKhe8Zu2utsBKHprOZVSubj9ZHrcC/kZ 5D0QOQera7DqLbRUra1zvbj+nTuxv/XGJ6zDoXoV/21MSa80zc1pPsUKFw/TMA== X-Gm-Gg: AY/fxX6rLlXbLWEW1fCBWkzK90IUHth1a0PGZdsYai8vdsqc279VVIApPjWdkWP77XJ 4qvEi7poDk6ocPiVuFiU1WMpDW+7B7lAV0LPd/7e0Mqz3FAcu08bakBgLrca7sOoX00ckIGR5qI dVlrBCYN/6gEnv14Btn5e2Oj2SIjrqyqVeSzSG16+MrBG8NSiecPWjwZ3LWG9b4zV4DNJia3HE6 6M5U4xelWFxVMzMUI+xwA6bOjCzlkSvSyR0jplrH2ppgsjcmVgSGv8RDVO7zRbnIrmpCL4WTfTm qWRs7B8/8xsPVMDnBAW1i6XhzkyYts7dV5/dX0ACXX0WDWRKooq18AptLTAdrK30czaytjf6Wci s8T9FqBHnis6dMvDE5Ee79YTREkMJiHxPv2XmQoMjqh/umca1j8jJVXUBXNvnuIkw+SWssYQMqA zWYeneDvo7 X-Google-Smtp-Source: AGHT+IE4qCLryhVFLeTkrK8hry1GjfJ/lQBNznL2OjsTMKw1Y5sFJQPFnThxTwAFuMHYfPl+Pkdxzg== X-Received: by 2002:a05:600c:1d29:b0:477:df3:1453 with SMTP id 5b1f17b1804b1-47d195a06abmr422647655e9.28.1767167684181; Tue, 30 Dec 2025 23:54:44 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:43 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 10/34] python3-mpmath: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:12 +0100 Message-ID: <20251231075436.771395-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123050 The CVE database tracks relevant CVEs with mpmath:mpmath CPE. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'mpmath'; CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<= Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-mpmath_1.3.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-mpmath_1.3.0.bb b/meta-python/recipes-devtools/python/python3-mpmath_1.3.0.bb index 236fbd85bc..21bae9778c 100644 --- a/meta-python/recipes-devtools/python/python3-mpmath_1.3.0.bb +++ b/meta-python/recipes-devtools/python/python3-mpmath_1.3.0.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=bde3c575382996b75d85702949512751" SRC_URI[sha256sum] = "7a28eb2a9774d00c7bc92411c19a89209d5da7c4c9a9e227be8330a23a25b91f" +CVE_PRODUCT = "mpmath" + inherit pypi setuptools3 DEPENDS += "python3-setuptools-scm-native" From patchwork Wed Dec 31 07:54:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FE6FEE57D9 for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81869.1767167686535686217 for ; Tue, 30 Dec 2025 23:54:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Ma09Yp5n; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-47795f6f5c0so56997785e9.1 for ; Tue, 30 Dec 2025 23:54:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167685; x=1767772485; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eNKnbyurPxZl44wcFGBlwj9rtKokMwPcrDluej0WCu0=; b=Ma09Yp5nrlwek4FYxeyqB+GdyPToSEH5sDafgy84N0DfJJbSFcyZ5KQ9DtJTIQVXNz 4eLPc/IwV+w4dIGUgVROSOL0/GC8MJoVMfmVs+OiUvJu3GA1ZlfYZKOfSc5JGIJwGGV3 7UgSDhVuP0LXERY6NdogqBbHYu4hc4E5tplP/TKd28SWIw2eMHa2xxd5CNnHEm1WRF3N PreUpXvsMWMBT/rDePDEvH/hHSLwFAwHEw71H0P8gsd5Fut096fpPZPFSWd0gFXSTROe Nxr0VlQOwjGuHXwWII/cScdBjgwaeEikaSWHKBBM2vSvEHG4plX+MYrtr1sPQ/iJAPZU zZcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167685; x=1767772485; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eNKnbyurPxZl44wcFGBlwj9rtKokMwPcrDluej0WCu0=; b=KySr5dBnQ70hxAOCSZsNDLenVCZNoa+1g6u2GpVx2GhUdwI9rTuL5sEcDwrA94qnG9 0h/Vrc/MOA4HhdYX8z/FvpnZGWyuyIuLtRprMioADxIqV/DhYhmOBdBfePhSsBpQix60 yQ19KGQ8fEMU8mJOQ9inWYr1g9T34zwd/Z7BSg3qnFz2FAzIjKcbQZeSrjNUzS04pBxf eJAwTNfsPSPmMejPq8Gp88HxMTf/qW9zb417HmR2Gttl0tZlcFhgfFg8wGpw2rKwYEth tkY+5317Iy6zpmDzK2G9X+mx7amWxub8ajtgwSDhmGQ7+0an4YhJPF/PR+76Pqe/AFLK QfkA== X-Gm-Message-State: AOJu0YxlIQL0oYhHHWoGGgt+1wZIWofctpd7jBevPKCoXZK6vj5uCbKz iNSqB8COR/cDwV6KxHeHJdwW7DEQQodR5h+Bc0EMXbdTWy66Q0+OhtniMLinsQ== X-Gm-Gg: AY/fxX41bA4Tqdw7zkIyp0wcuMut9CHdDVc9UAJEa9gDy7zdIr5li1SjWRXzFVDfumK pnTkFjZgN8oBmcXva27bjfsyXisnfpxi0XK59V6oVfs0qG6Wr6kQR3weB4OGQj0P4WGN1X7JQ6o sRWVGIWlAWJFQbRflgBmIAn+akjV7VpyDeSU4RhRertzQSciyBbyhcNa9MKjbvWO7Ckj8vMf3C3 ZOCZl6L2VNKk7z4Hh5Vp/Cv2Ll6VVmTaRlsEslbbii75oErQR5yYSNHUt3jllo2P1qCFphq09aS H7eBgP1ki5ptaz+I6YKVGnMLlsmS1hhTH+eWXq+jFWm9qxc9g34rHwGd/8sCPUh7o6+4mpXBBy2 DYRtbRVn34IiRd1OyHsZN51RuLy0VK/FRvgCcRYdL1K60/b6NqA2l1oD2jNZN4ODvL+df9xDJJS LoY5IjgVkn X-Google-Smtp-Source: AGHT+IG0BZCS9ac9f98JYjldgXfvMYyZdxhySS4FxP1ULxzndgkE4oR0uxdwFN0Svy8QoQyOvwNvAA== X-Received: by 2002:a05:600c:c0d2:20b0:477:89d5:fdb2 with SMTP id 5b1f17b1804b1-47d1c4d78b4mr283331305e9.14.1767167684768; Tue, 30 Dec 2025 23:54:44 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:44 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 11/34] python3-pikepdf: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:13 +0100 Message-ID: <20251231075436.771395-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123051 The relevant CVEs are tracked with pikepdf_project:pikepdf CPE, and the default python:pikepdf doesn't match CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'pikepdf'; CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<= Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pikepdf_10.0.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pikepdf_10.0.3.bb b/meta-python/recipes-devtools/python/python3-pikepdf_10.0.3.bb index f047969033..28983417f0 100644 --- a/meta-python/recipes-devtools/python/python3-pikepdf_10.0.3.bb +++ b/meta-python/recipes-devtools/python/python3-pikepdf_10.0.3.bb @@ -9,6 +9,8 @@ inherit pypi python_setuptools_build_meta PYPI_PACKAGE = "pikepdf" +CVE_PRODUCT = "pikepdf" + DEPENDS += " \ python3-pybind11-native \ qpdf \ From patchwork Wed Dec 31 07:54:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C82FEE57DA for ; Wed, 31 Dec 2025 07:54:49 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81872.1767167687052034142 for ; Tue, 30 Dec 2025 23:54:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nFQgJtWk; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4779adb38d3so69211335e9.2 for ; Tue, 30 Dec 2025 23:54:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167685; x=1767772485; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3IXZU6Z4Ls3AcNVqt2y/uR1d9R0uadTGgDDyFTr6Jhw=; b=nFQgJtWkRcp6tBy4f2yJ2lETyU1geKYbM/pVvJTRl3huUgZsEII1EXGNofsNuX/GxJ /IL9r6vJBQqsaD7Xs0gEY3ic3Dp4VZjT3ENFIhuEjAUBEQtn8cj/TLJ5KA38Ip9futP6 k6hcqdFGviSUMsZnTsEbEgrrX3EqIPOvWzi2oGjbdtOORirIU23CNun7eJMPQeJY6kC+ eyTo+3yhJ6Z8G7wUFmSsRbZ3HT1yO/IWb+4DucGA0LFzrTPmAE/2jVpSFKYzFqGWEWPS 3jYo50i35I77GDjjKwJyyfApS3lwYd5Dyjtzz8IB5M70E6Dx5XFSgc7l74zEzu2uAp7/ m1Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167685; x=1767772485; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3IXZU6Z4Ls3AcNVqt2y/uR1d9R0uadTGgDDyFTr6Jhw=; b=K51IM2rtkrNzi42GRX5ohgTqH8kfLJTQ/dsQUG+Jj0Qx5XeWx9albjattmoduwtztJ Zlq05xy8oAnmujbxTdz3GLuiok9bkUPwCw+0AZxwr8INvlucxp3brg72Luf9ywC6n9Mi gxcTWwlVV+bbGXVpJGVGOCLvLqr+jku//OL7bpwH5kd995HQxYD+jKt/1yp7iDfM6Woc 8C2/DrAuJ4C0O0TVpbSGIy8s2aaRz7LaQZB792JfrYqG0S8GMfxUZEa9YqYe3yW+jlMI Y3zPnDrOptTA7JIVzFeDOFe/lUd8Mlm5mNTFaYFwjciuDFTwIdJnCdRN8Rdo7RXoOYyu RZsw== X-Gm-Message-State: AOJu0YzN6OZKcNgs5s5YLKaRTdYhg6iuZALK2kGTZSyWLva17TUxW+3r OdtjbEG7/9xBvpiLaMaudExDWyjTAdyaGKsFLx1pov9o4kioNgdjlDMAI18M5w== X-Gm-Gg: AY/fxX6yuGGkLw8DMq8u6mkFmqUFwGYeUXsS+Cz52FLeJEWlOoOwTTcPfcpQCc+2YUQ 0VJGuqjkmjGbvjkBT3umAoy9chDa8/J0CI4JsXH8aPHEp4bh+cucdcWFXFQ4PT2AdsaDUZ9Ngw9 vW7apXn9RImrl+GFYTBBcYodzDB3qbAOGN/HFnMBIVD+0Tn2QwLU8u+JrZN0L4q+AwCWAgkYook 6KM4XCYp8Y9tDP6bWi1KEfwbfoAMn9S0T2vcetaRAtQDvJot+K8CFqAfdzswXiL321lplRb6/5N F3/DmIXzOA2CEN9tDwerlYK7BLC+JYWzoP4RaSaJbcGZjesMT5N0UieOQej1NJlcTr1oXZLdWzK dYKVKO2WfU8nrCoUeU39isoiKd42Ri4m7aUcb0GXG2yNSaJqgwIaNFbmlDAiWyaXbYL9Fr96zJ3 fDJ2WNL6APwYGr1XZhEiU= X-Google-Smtp-Source: AGHT+IHr9Ouakqnp5a4glRj9296uOp3k/8nQZO9ZxMe0fxPqdWFjYbz6Zl+o4gzZxwQqCM8yWBaarQ== X-Received: by 2002:a05:600c:4e42:b0:477:7d94:5d0e with SMTP id 5b1f17b1804b1-47d1958fcbcmr406240255e9.27.1767167685414; Tue, 30 Dec 2025 23:54:45 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:45 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 12/34] python3-pydantic: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:14 +0100 Message-ID: <20251231075436.771395-12-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123052 Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant CVEs. See CVE query (n8n vendor is not relevant): sqlite> select * from products where product like '%pydantic%'; CVE-2021-29510|pydantic|pydantic|||1.6.2|< CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|< CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|< CVE-2024-3772|pydantic|pydantic|||1.10.13|< CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|< CVE-2025-55526|n8n|pydantic|2.11.7|=|| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pydantic_2.12.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pydantic_2.12.4.bb b/meta-python/recipes-devtools/python/python3-pydantic_2.12.4.bb index 13035f4808..8793e76aef 100644 --- a/meta-python/recipes-devtools/python/python3-pydantic_2.12.4.bb +++ b/meta-python/recipes-devtools/python/python3-pydantic_2.12.4.bb @@ -16,6 +16,8 @@ PV .= "+git" SRC_URI = "git://github.com/pydantic/pydantic;protocol=https;branch=v2.12-fixes" DEPENDS += "python3-hatch-fancy-pypi-readme-native" +CVE_PRODUCT = "pydantic:pydantic" + RECIPE_NO_UPDATE_REASON = "Must be updated in sync with python3-pydantic-core." RDEPENDS:${PN} += "\ From patchwork Wed Dec 31 07:54:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6A7EEE57F0 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81804.1767167687626392572 for ; Tue, 30 Dec 2025 23:54:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KA1VHJmJ; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47775fb6cb4so60954365e9.0 for ; Tue, 30 Dec 2025 23:54:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167686; x=1767772486; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=K5auHq0rcVblAmFC84/8sogp3MyocC2WnmMe41gSsQY=; b=KA1VHJmJjXusHSortypAZ51BZz25pVGbsut36NG7FZ+6kCWSqgnoK5hTZnFBGR8ATI wfy3ynJ+jaV2zZzs4MM/e/1A6bcW4xxh2DrYebCJaj/PVrbcSzieV0XBDaxyDmFNJ9bm YRQeZbzdJSAn2V2sgVciIqm9fNku21hZBwqSYkO2sIjPb3RB00xNDNK9uB/tXrETAS1r gwHtY5J5SJ3GxhvAiD3SjYLVKe/yyK5Q7B++UpwSEWDd28sHItnBP+1aX//a0aG5KKx5 tCp1PeDQNA4Mtd64x+jWZI4pnXChohDpGRBgCLXo4+Hzj+8/o4qDbZGmfiNzTJAg06Yb +BbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167686; x=1767772486; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=K5auHq0rcVblAmFC84/8sogp3MyocC2WnmMe41gSsQY=; b=blrQ/H9xDDOGMdUIk5sURgnwd0G/4frJj4M5xFo3SERHtCkDHZbXLEvy1kg7I2cF2W wUKRybb+/vAf6LkcAf/vl6C/tpC78KMs2ziVbsSuzs47YAfhzDGxBbhj3L+CZcIGjejN UmbKKqApTIkF4Ps3oAF9Pzi9RAvN+It1PBPnYZ0geBDO+QbJULt3Un9/ZTy43sjB69QB WEHG8xoaqtoyoxL2x+2ZroHUxU5gSuDB3EpWaKToZ3YYV+zd3rfAV5dCx0PUlEk8PAIX fyfzqRprjtABy45ivuTiTz0AfSrthABZSs2FXZDPGCYJ5PvNd816+ki9YAOqlpnDCKNL A7RQ== X-Gm-Message-State: AOJu0YzUd+8TTOwjQnU4H53KD2nkoJAAdAjdWG66c7HGcx6tAfmHKesT ADlL3zXfgC6P8yANbb+xnQ9PdVhlYv6GHkU1Zl/VnGKpVhfyxHWNhgVCjByz0A== X-Gm-Gg: AY/fxX5C9aUFRqSIinuw2QC/J00FZWqtyjgX/dOm9ArFcneu/9raTHFsY5Q0a6dhW/n +B6HzAc/T4VQUhW4ICsvrQMxiQGwhfcK4pNvhFdSX3hXWOGODtV6kv3+hM/DBqFoKl8xVRwXo9Q FY6Mxa36OrtSTpcI+mv/s0qxZHr0WsoAYWfXRay7gj13X4mQQc/ARJZ6HJprl9mogB+lgG7gGS+ 5Lb4CiMs5VBQYk96/hZSn4qOeGBhcfIZKIS96ixd/NPxa3LifzVqDL2kp805e9W5Bd8Zf4ocs4N Tv0HNoVQ9xyCEVfwRH8uOSc3PbZe4q2bUpPPHgrCO3f5NBoETHr5VLZSzukRF2b8F7c4yUpj1ce PGFd88WhhuGglP7v2Uxs2RyAJAr+i17WR1+9sQFmDQ97VsSCCmel6uuDPFGYz2tds8w8URK0pnv rIGfViGcvj0HcFYag/GHw= X-Google-Smtp-Source: AGHT+IGNcoZRe7SpXekUu3qDMfTssdxpKSlwUQjtETrWbsS9soKwFJz4HGM+68i/c3h4nSuJfwpV+Q== X-Received: by 2002:a05:600c:35c4:b0:475:dd9a:f791 with SMTP id 5b1f17b1804b1-47d195869e7mr484571185e9.28.1767167686003; Tue, 30 Dec 2025 23:54:46 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:45 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 13/34] python3-lief: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:15 +0100 Message-ID: <20251231075436.771395-13-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123053 The correct CVE_PRODUCT is "lief" for this recipe instead of the default ${PN}, that doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like 'lief'; CVE-2021-32297|lief-project|lief|||0.11.4|<= CVE-2022-38306|lief-project|lief|||0.12.1|< CVE-2022-38307|lief-project|lief|||0.12.1|< CVE-2022-38495|lief-project|lief|||0.12.1|<= CVE-2022-38496|lief-project|lief|||0.12.1|<= CVE-2022-38497|lief-project|lief|||0.12.1|<= CVE-2022-40922|lief-project|lief|0.12.1|=|| CVE-2022-40923|lief-project|lief|0.12.1|=|| CVE-2022-43171|lief-project|lief|0.12.1|=|| CVE-2024-31636|lief-project|lief|0.14.1|=|| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-lief_0.17.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-lief_0.17.1.bb b/meta-python/recipes-devtools/python/python3-lief_0.17.1.bb index de54d45ef2..de6390d210 100644 --- a/meta-python/recipes-devtools/python/python3-lief_0.17.1.bb +++ b/meta-python/recipes-devtools/python/python3-lief_0.17.1.bb @@ -12,6 +12,8 @@ SRC_URI = " \ file://0002-api-python-config-default.toml-Debug.patch \ " +CVE_PRODUCT = "lief" + PEP517_SOURCE_PATH = "${S}/api/python" export LIEF_BUILD_DIR = "${B}" From patchwork Wed Dec 31 07:54:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA4A5EE57F1 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81805.1767167688302592104 for ; Tue, 30 Dec 2025 23:54:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kcpqgGCl; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-477563e28a3so64658155e9.1 for ; Tue, 30 Dec 2025 23:54:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167687; x=1767772487; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=e2Bt7MiJ3Kot1olTl2f0A8HbTRHMeU6isyVN891o18o=; b=kcpqgGClV2E9MExGB09CYwlPktRdIOk/1TjntHY1sk7XTopTI6wpSJX/MfNeoKZjS9 P28tNkFNrRfY9jSWYqV1jQsCI0hwWGF6AgFu5Tc6qA6nQcJS4hEbtyqmtnlnF3fB9uIM KJCZXenRyarscH0wwj8tQWSQl7Hs1EaymejYpUvmo0nzXpOMw7a3RIf82ZLrF28gNC45 ZAKlJm1FqWFWfEj0w75LXXmU8rkwvi30krPF6FBDGk67T2vmnXOnEVyySTYyXJH8s94a 9VTG74oLIBRQ5vt74yUQcoSDtM/n+UseG3oFf1Gjr5XeNJPQpYk+PX4BQFkalM6YPAlp a65w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167687; x=1767772487; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=e2Bt7MiJ3Kot1olTl2f0A8HbTRHMeU6isyVN891o18o=; b=Y7o3Kg5TV7UTjmpWvD8SEganddgZI6VYQf3yVcqu6o6kL+E5Rz7qmTst39nRk0YvXc 5yMwn2kaudkZAbr9LjMEf262+vBe31ga4kL4fAY0nExkQfFaYn4nI20au6g3rNqI0Yit 6ON96L+amcftAZz9uVlNyAipGjbY9jzWmFZi0taUKyzaq84rHuKXte2oYUTBpI+p/v8F hYqEQ2QB+vchVKzHn9oCkiK/T6uUGbHfAPxxYPfd7YVdsFRtZ31CRA5sTX2MuFbb2wFn uyLBioQwbRDQ+ViTVxxNyrbfqZW+5y3nlW81/atVy8+eHzX8kZC6jr3bpm21PHppjkFO cJog== X-Gm-Message-State: AOJu0Yym8tEbGS2Ri1AN9ukIAqHKhymyQ9Kt2N1nXEWZUpIIKrgKapTh LOIBhWlOIT5x7bjpCAHNA6cSa2dUCLBQgnaNIwdR3pXw7D68gWd8dX6lxY0h9g== X-Gm-Gg: AY/fxX7GmugbOYgvr/9U3AePL0jgF8+/6VTDJAVTkx6wm3jEocXsMXxai9oBiYEeGKv 3rj1oXPfr1Qqjl0AZxS9x0FXxDGB9IOqaoWGDti72ck84eRvPrBRYaQKs8/48Wc42/C/+GCnS7O ojf98ezAoJk8jeD4IVAn+MV4OZTAY0r/2haD/xQE3vwmKjvI7mlGSdd3XnrXQJ9OBdQY/mJEvBV t7aeeOTeEixH1yA9+ilC0RLvbtszk0G3ctUkumLmdcY3tSEmPrtEiDQobJdDwPSGQFu+59VAmiK 28VylrHRnDLLb+rP6LTKJFCr7Wms9Ok2H9gvtv23mdm6fVpMmlfci3XZfpIRYt6wYuQV0LY2FNY SYpbDiLT6uZQ54Mc3ujn7vmcYQSWZwUKPjP+bJ0RPi0V8Y62pawnWwOgbZO1mDPoZCXiRgIA11k 8i3fVc+5V8 X-Google-Smtp-Source: AGHT+IGDtM+wYoUn55/mLlByddIAKTBpadw4w+HSj7w9TrT/wRP3yWcLS9NsHWwnss6J5kHySwr/ZA== X-Received: by 2002:a05:600c:5489:b0:46e:59bd:f7e2 with SMTP id 5b1f17b1804b1-47d18bd5651mr433998325e9.11.1767167686589; Tue, 30 Dec 2025 23:54:46 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:46 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 14/34] python3-fastapi: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:16 +0100 Message-ID: <20251231075436.771395-14-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123054 Set correct CVE_PRODUCT - the default (python:fastapi) is not the one that is used to track CVEs. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'fastapi'; CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0 CVE-2025-55526|n8n|fastapi|0.115.14|=|||0 Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-fastapi_0.124.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-fastapi_0.124.4.bb b/meta-python/recipes-devtools/python/python3-fastapi_0.124.4.bb index bfcdaa41ab..63f762f220 100644 --- a/meta-python/recipes-devtools/python/python3-fastapi_0.124.4.bb +++ b/meta-python/recipes-devtools/python/python3-fastapi_0.124.4.bb @@ -7,6 +7,8 @@ SRC_URI[sha256sum] = "0e9422e8d6b797515f33f500309f6e1c98ee4e85563ba0f2debb282df6 SRC_URI += "file://run-ptest" +CVE_PRODUCT = "tiangolo:fastapi" + inherit pypi python_pdm ptest-python-pytest PACKAGECONFIG ?= "" From patchwork Wed Dec 31 07:54:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77798 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DFC8EE57EC for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81807.1767167689047253920 for ; Tue, 30 Dec 2025 23:54:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ayRIAqzV; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47bdbc90dcaso65952165e9.1 for ; Tue, 30 Dec 2025 23:54:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167687; x=1767772487; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VJIUfZDPH8QFwpmlNEtj+ritJJVT4M4JEjt5lM2/aBE=; b=ayRIAqzV2FY4RqY2z525jx6E7Cg8NB7YdD/kmLzHwrEPUf6Z84H5qnkPWNdivSKS48 MuEc/IotNI5gPeGan2XXrCOcUNiojTh5VeYp0vsoVX0vfNtPtU3Ty7uilaimGO4pqN6W XmttL7jWbbPf2JJV8obedCKGz8ziAbVGXxwm9wfQXQWjHUD2mdxcwd4soaOxFr6yCG3F K/F8Yuood/ZWv45m2QhmtZwQl03ncmw+KjIdhOeKLRi4K2hIm/Vr19PXjcynHCw5zlCo bywg9G5YocBTARyguxUqgoaYscALLCLwRvTIlRAAW30HZ9XjOHgXNDVHAiZ1eN32PCR9 AefQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167687; x=1767772487; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VJIUfZDPH8QFwpmlNEtj+ritJJVT4M4JEjt5lM2/aBE=; b=RJRpueMsmnPMW9Oz+ksE2Q23meZNFjFsbI5AbDk4FaR8EmRCs2l0ED/cBh7eqSRRqy TpYiZLT82izeYMptOosxqsfWEhtIn8+aknq/Gu3jsHu66k0P3sKOLNZ51LKF1R9l/h4C oxcg1HnBXFMoTVdWQC/1aCMq/AZtjNn9PvaO/B16NjAv5hcsRdfTBoAIuK66fS2e162g YVpoXPxuVccgR899T5J4s631zsK5vpcAMdQdKBAlTjnI7rVj3KQOmfx0hbojMwc9GJ5u jS7sHH06IJ5/dAat3MjM9RJrCyW6XS/YwOAf8wkFaACEBmAjDfjylrMEyfszivhmtqNG 9EQA== X-Gm-Message-State: AOJu0YwL1wNWUWbM/fF/YKF85RnkeRTTooM/f6/OjPUQj/Xm+Oj+PGmd jLiuLs3kwQ03RtT6NIEP05jGkkWwfs2uDNoJx5DQN4FBEL3TL0pjaP1j/ecYXw== X-Gm-Gg: AY/fxX69iethEu8SCzTiKhUWrovu84MldFjrHmU1vGQzXnnNGwRwK83ur+Ad+haTxL6 FRwU1QvKi0xdAiCFA4TTu4DbEgMFB+HmFIM8SSQC4bMCfg3AfXQQx6xwgud1g7ygZ6t5gJhVk0g 2YUuVf+pUiNTwYdVlMSJIh0G9iBkCO7QRQZ2AYcZMyxXM0LwVpN8nxxGKNEqCCSjcTkSAvO12n+ x2ZX7aV7PAaUlpHkdaHdPiKv6qSrJ02xfIwINghES9tkKvnGJ+zZ2PGUtXXxhL0TpimZae0I7Ed ngLE3qsqm2J/IcfhOMMyC3wOkaiYSFu+A9c6g/LudFXRr2//Vcfkac5RIJ1LzeFFU0dlVPxCjbT paNTSvZOQ0U3MoRsYdGhZOd5kS7pNzAAHD6lTpQqVJ+2wvIKnJHFFD9a8jVfcl1IiYPFsM5DakM e/F2NhFwb4 X-Google-Smtp-Source: AGHT+IGHOwrk7Jr4dcKjF6ZFGnfHvsdh5QsdGfue1MtZUi9ZjUHFbKE0aPN9cHDumxqb7NVkU3QKVg== X-Received: by 2002:a05:600c:4fd3:b0:477:9cdb:e337 with SMTP id 5b1f17b1804b1-47d19532e14mr361108985e9.7.1767167687330; Tue, 30 Dec 2025 23:54:47 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:46 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 15/34] python3-flask-restx: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:17 +0100 Message-ID: <20251231075436.771395-15-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123055 The relevant CVEs are tracked using flask-restx_project:flask-restx CPE, which makes the default python:flask-restx CPE to not match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%flask-restx%'; CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|< Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-flask-restx_1.3.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-flask-restx_1.3.2.bb b/meta-python/recipes-devtools/python/python3-flask-restx_1.3.2.bb index 87353a50a6..bf0f3b374a 100644 --- a/meta-python/recipes-devtools/python/python3-flask-restx_1.3.2.bb +++ b/meta-python/recipes-devtools/python/python3-flask-restx_1.3.2.bb @@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c96dd911c6d9e32868b6bc667a38a3e2" SRC_URI[sha256sum] = "0ae13d77e7d7e4dce513970cfa9db45364aef210e99022de26d2b73eb4dbced5" +CVE_PRODUCT = "flask-restx" + inherit pypi setuptools3 RDEPENDS:${PN} += " \ From patchwork Wed Dec 31 07:54:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54A08EE57D4 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81874.1767167689664080291 for ; Tue, 30 Dec 2025 23:54:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=J8mF/HcI; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47774d3536dso84936015e9.0 for ; Tue, 30 Dec 2025 23:54:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167688; x=1767772488; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=B/gBldvRSwLn4Qvir/HX0Y6BwmViA/eaYdcllOcxAok=; b=J8mF/HcIvO9B7CKNhUu5X5xflDYro6/KdaiWKRcJMIFqWF4Ox0yI8L8AraV3ITk48j 9+pRjTY+Wfz0t3Py1qZYoZlusqZNp+bCTed+j85wrvWw+8K8S0d/ti5QeFV9NfWoo6Ss tMq5Zt4iyTXON1pJEPJqJtgq1mNzZxkYGiuJbasiAkYZe/pFM/a55EYs9eZDT4I3A4xv 4JWoxav2Afa6qH4ug+fWkL9KYs5wS+4/sIY3vrns/GCXs3rzfqd/aDshaVN/z8WCimaf iwuX6a4YAT0cqM1yxu5lxjJbNjhkDbnw+C5D+Rjcfwsow/lxhe1xjJcMFOeBI8e8urXN AVhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167688; x=1767772488; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B/gBldvRSwLn4Qvir/HX0Y6BwmViA/eaYdcllOcxAok=; b=FqFUj5MWtXjb1ggFeyZATwnJBBlUbHtkgRc6UUgdLz9QZnAxoBfCvfZeuBBcZoSNlp IovDFnmqrxP66T65HJdxMEKclLvk3nNEppaukiacHKKA++p+53+La9IhUinavutGsR/J /Zo33m9MUfFyB/Zs+iV/1gR39arSeTOX5CZ+DHnKosefi4y9jJjaXeyDxDK4UDr7SvZr Mfs899zlW+mNEnTVRX9F00QbDnw44qX9A4/F/bw9+n3mL6IU7U9LY2VNIDZOGgF/HXVh qoVRM2giHsLgTR/0gLBsPOYvavbLSllGqv2+1/6XV3NX+fEOdMhBNN+v7G/1gfMqY/M8 WAzA== X-Gm-Message-State: AOJu0YzJ4WPWCYpwnG2HZnDv2ntIgHG1BQXtREEIntuLnhXwWeRuO69X PPKHNSDnruTXw+a50AVZyUjPxl90Skv1S4RW7tBCHfLMg30Gi0tLtcJdoGDFMA== X-Gm-Gg: AY/fxX66z4W1ShXPjGa1fnHaaTBb+O0SZjU/Z5TIUtceuAzmm9Sf0DeHmDWRlURaEZI IvO0ZOI21wEcD9BetC3aHcTNwG4QleB0K0XnywJdH+dQFQy5y3+QTXEs0dJw5Z+MkeAVX5QzjJk boYJBied0uJfNGpIWvmJpJz7fi78h3MUA5+gCh6nacmfIHrUrVYTGy39RFBxEUiB7JLsEg+xa5f MZ1gdvtEPMWK5ArSRqRX1HNskZ1SyLplkwvGSxwi03Jfvc4XA6CVprVoicr23OfO27kEobHv/OL r3XA63kIuqANpHmt7GlgAMLAwWVfe/zk2etk7eRK3ZmI/JLz8MdubQr8tFvitdZrth19TQUZqbi zEXBdN95gJ8wsSLKNQYAVterKN6Frtsh+5Vd6eQT9bDn5eNc6q595kMyZspPxx7Yj950bPeu8f5 gEbSUbPqUf X-Google-Smtp-Source: AGHT+IH3L8k/OJ/s2fifWJ2HFHxFNMePM1LsuYDMv0FgNgNP3R9SAVIvRZoJx/UE1xez4i0++0gwwQ== X-Received: by 2002:a05:600c:4746:b0:477:9fa0:7495 with SMTP id 5b1f17b1804b1-47d18be144fmr372656795e9.14.1767167687962; Tue, 30 Dec 2025 23:54:47 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:47 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 16/34] python3-sqlparse: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:18 +0100 Message-ID: <20251231075436.771395-16-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123056 The relevant CVEs are tracked with sqlparse_project:sqlparse CPE, and the default python:sqlparse CPE doesn't match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%sqlparse%'; CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|< CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-sqlparse_0.5.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.5.4.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.5.4.bb index d8c3bc0ed7..9f358d40f1 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse_0.5.4.bb +++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.5.4.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc" SRC_URI[sha256sum] = "4396a7d3cf1cd679c1be976cf3dc6e0a51d0111e87787e7a8d780e7d5a998f9e" +CVE_PRODUCT = "sqlparse" + export BUILD_SYS export HOST_SYS From patchwork Wed Dec 31 07:54:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77794 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F885EE57E9 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81875.1767167690515545936 for ; Tue, 30 Dec 2025 23:54:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HonvbKeW; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47796a837c7so68190555e9.0 for ; Tue, 30 Dec 2025 23:54:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167689; x=1767772489; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jMvsw9P6MIKDqhrhw33gzDfroxCn+whAxqk2Qvy65rE=; b=HonvbKeWW7r4kcG0v8ETDokMS7H1dztkhmapXAeQQZMVYF5KnfaMYClBm/YlCHmXL2 ENol86LpBwgYpjxcTo/s/tFHc7MSHMVwMVMVEANlpZXLzr0WZXIkIow/BavvgFcZoaZF GXKlFQeuL2FdGPhFitDom1A8NwTKPW8ergTxETjw1iC8y7TBkLXmWauzc7oLors+dukP s+F73/toqWyIUueQ1MpjwVeTC5xGXcfFjkjiLq2SYX4pCq6efoWYPOVk3lL96TU1Blcb 195SVYzTCtGV4LIKw9GWiDlPDeGtJLNDlv4xWWOUPexsin7/dzR5dOFQ2SqrVXAT3H6B Rkng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167689; x=1767772489; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jMvsw9P6MIKDqhrhw33gzDfroxCn+whAxqk2Qvy65rE=; b=uir0i9Tcoh8u/o0rSfcixQ+niN6SVB8Cz6Gi3QvcUtjaRA5FvO1YOgEIDP0jpEy+Gw T7lycmfS8ZedFcu0nWkW4ibY1bVR9BV3eUwh4NugAxpVprnyUpGWDGCcx7P36QjHbsrZ YxFMtIiBAWFjcWFxlYkrBlZndaDHn6Mi4rmPZ0D754ZUj8VdcxBU3dtkim6UuF9q0q9J YtBOtZX9eZJjBJA1Al+zi0kg7eFb9aq2JJS3rnGfUoMEwjy3xBoSSg5zDCcv2v0eGT3u qgAQW6iZOX8Tx97oi1jOF8UiUku5LclM4gvB1Dr72CosyTUrDdd7ku2IGArN45O/2F36 LLOA== X-Gm-Message-State: AOJu0YzMoWYFrBeKfYDno6grf6umObH8UCInZvUPptFwUBgnI+ZqpCbb KeWIPXlk6RjV4X6F+HRo2i3dZ4MFkX/7ELldvTqrJEcbbUCDv9Yu6lVVq+QraA== X-Gm-Gg: AY/fxX4wj/+rzdqFoEL2/uSkQAryu6xyyKJIUQddo6yBMIYv4VeH1Eg0tlgBzsBOPHg FCCjfMTvtseyNJZo8f98TjjjtUiYcQjgO0sb2WtWVF20v3OOcTG+Tiu2Qu+j4sEOCEkaFCShyqC MjxzQ1FF7EGcOJ4cLq4H13//jMnVQ2znUNZbqbt0wQrG3ei+IAUYOzl8XDv5WQ0KGtz14EV1oJQ CRy0uMYFU5Z066L/xQBw6t3B5EX1a26Wp6zpWjHXeuJizG/DiOQjKuLjjBZHjKJYrarcwsX6zhq 88JJTIzdeSOhuTKVTOQLRI8i80E0ocwXc1dwxHV9ARhssaPP8y0RiNyiXLSNt8+N1t1aNGNpURW nJwJU88PQl9V6TDIGRhTlcTV4ZKTjIRqAjeYGIR3VXouDpTwz7ReAmIrMvX68GqtI/Zo9nMxCwl 6/JO7GST3PRcSoPIJ5oVQ= X-Google-Smtp-Source: AGHT+IEQGN4jZPz/dlpJe0cxLR+nfZsy1llCdMtRI2MjO0WYsIEHqiF4E2wSfWQrpqT91YETPBtGoA== X-Received: by 2002:a05:600c:4fc6:b0:477:7b16:5fa6 with SMTP id 5b1f17b1804b1-47d1953b3bemr392233065e9.3.1767167688778; Tue, 30 Dec 2025 23:54:48 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:48 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 17/34] python3-cvxopt: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:19 +0100 Message-ID: <20251231075436.771395-17-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123057 Set correct CVE_PRODUCT to be used instead of ${PN}. See CVE db query: sqlite> select * from products where product like '%cvxopt%'; CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<= Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-cvxopt_1.3.2.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-cvxopt_1.3.2.bb b/meta-python/recipes-devtools/python/python3-cvxopt_1.3.2.bb index 78402d50f4..3573d7719f 100644 --- a/meta-python/recipes-devtools/python/python3-cvxopt_1.3.2.bb +++ b/meta-python/recipes-devtools/python/python3-cvxopt_1.3.2.bb @@ -7,6 +7,7 @@ SRC_URI = "git://github.com/cvxopt/cvxopt;protocol=https;branch=master" SRCREV = "3b718ee560b3b97d6255c55f0ed7f64cb4b72082" +CVE_PRODUCT = "cvxopt" RDEPENDS:${PN} += "lapack suitesparse" DEPENDS += "lapack suitesparse" From patchwork Wed Dec 31 07:54:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77810 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A656EE6423 for ; Wed, 31 Dec 2025 07:55:00 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81876.1767167691289736156 for ; Tue, 30 Dec 2025 23:54:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hPmuQiF+; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47a80d4a065so52927985e9.2 for ; Tue, 30 Dec 2025 23:54:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167690; x=1767772490; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=K95N90D3YLXNoWXMyKZ6sxYaoq5dp7UFGWyBIn9kCTU=; b=hPmuQiF+J8mtASHG5tDwFchVCSzyQuC3VWiZG4c0PpgQin6s526D8Pew7zIRB+B+wx mrJbsgwNlbhJKX3nJ0v7XfDCKHob/VRtaWKAyk1G5ZIs0CGb8puDQ2TrKbWINfZXbY+n Idb+SN20Kgj2L8aRa1zz6TApxSyZmdnHbFNSu9vZGKqMhFJN1lfJ3YJaBxdMJI4b0H+E X5p5Rq2n2cBoczk5JyYeyWBwRbux1N0ISEyX0qAGeiJplXNIz8Kr+bsOjzeOg4ZKDdaX DOig7cfolgwgj/cFcBTXPnBeWA3XKfT22ZaetStcKI/m6qa1z2aX+6rdvbpdhl+ZiX4y k7Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167690; x=1767772490; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=K95N90D3YLXNoWXMyKZ6sxYaoq5dp7UFGWyBIn9kCTU=; b=BQXtUh1dJpJRDmNudfrECDPcxCGguqmTv9ncxHpGBGygt15nHX8KJHaxYIHG9VBouj 3Xjqcf+lpbbrJOZAsv9oUsl8Z4J9+OzePoUCkV9royxF79WcDz4/pVhwtlCzXLOe5zUD exiv15BkRNajgIPRqzrZdTgoeN8OxU+xwwl7LNUF35rxaLaHuE3RqDZk0bVDuHxvXAZw AfAYqLqpXJCe9b68QGaza+mriDZH940y9sgfU3MzpK1r2DuzZrH85O4nTB9onScwUaKK AmbdYIqEH4BgOxLjEtETxt8Ow6mJKEZVYEVXvvSbmRHy8rVljozs0Ii/phVW1+g/yIGl dMXg== X-Gm-Message-State: AOJu0YwAUhgmUDxpPYpdxLEOa+HBJsBUpA8sCEYo+9urVtwBkpEbRL2K IQLIK8+VArlHYMKFtSgw0WS+mjMyUudmxPNlgS/3VPJHd+U7WWl97As2J1roaw== X-Gm-Gg: AY/fxX4k7z0fcXrZvZUAeD/beA9Ioz75DNotamw+24hP5ziPEw0eQisyO/TUW4PbXDE MDWeRS2jc2w0yjIQTjmulyQBqisT3ePrZFwPjOEH2KtkOLroXao+yVX1fo+AAasqKTJMOANxmYh tuDo1Hvm+oTLQkjwfBXOsOrHs703l59a0MLsiU1QirfPC9mC5z1uaA7+kSrxS8Is3lbU/4sVrq4 r5w9dweoBq/GoruAS9a7FujpzHzj2VNc7LhKXW7VLaUwEwLA6yYtVtTMXC0TUwlFrZa+PRhx88n fUPojC36Gd33PhLvXOJRsRWatTLniLbwL8dYbyXw3TiCtldGePZ0mKS965zb22+ZVHCwWvpC+Lh sQCvkITKxUywoq+3o815M23K2Su9s1SVV9druMVn7RlrECkRystnzVoyYS59lRjQla3d/hlxb3B bwJ/M3C2e6R3TipcMxweM= X-Google-Smtp-Source: AGHT+IFs5gKt77IjcXb1jFi96CHkpmt8g2hs/6y4vC7xFjZlxBd+9rrZXj7f6q8aV6IVIpklKhAUVw== X-Received: by 2002:a05:600c:468f:b0:45c:4470:271c with SMTP id 5b1f17b1804b1-47d269c7019mr385092055e9.18.1767167689588; Tue, 30 Dec 2025 23:54:49 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:49 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 18/34] python3-httpx: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:20 +0100 Message-ID: <20251231075436.771395-18-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123058 The relevant CVEs are tracked in the CVE db with encode:httpx CPE instead of the default python:httpx. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%httpx%'; CVE-2021-41945|encode|httpx|||0.23.0|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-httpx_0.28.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-httpx_0.28.1.bb b/meta-python/recipes-devtools/python/python3-httpx_0.28.1.bb index fc41d7d2b2..5bbf7475b6 100644 --- a/meta-python/recipes-devtools/python/python3-httpx_0.28.1.bb +++ b/meta-python/recipes-devtools/python/python3-httpx_0.28.1.bb @@ -7,6 +7,8 @@ inherit pypi python_hatchling SRC_URI[sha256sum] = "75e98c5f16b0f35b567856f597f06ff2270a374470a5c2392242528e3e3e42fc" +CVE_PRODUCT = "encode:httpx" + DEPENDS += "\ python3-hatch-fancy-pypi-readme-native \ " From patchwork Wed Dec 31 07:54:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77797 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98FD5EE57ED for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81808.1767167692107233452 for ; Tue, 30 Dec 2025 23:54:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hqakOT+m; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47d63594f7eso797685e9.0 for ; Tue, 30 Dec 2025 23:54:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167690; x=1767772490; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=knDQopk9CildZER8cwxl00zdhY6ZRqZTDKWSzZ/0gVA=; b=hqakOT+mnE4GqrPLmLitPkQlXcTyeHbdtnaHDnhDBK6597o7k+T0fRkk8XRx0gmbyj 14tkYO3rjBvEs4/LzOoGz70x7a7Es+K5OMrRuCD7Jz/vKiRbPuIAAOFBueO0BDoHGOvh kPPiSv3nWFS4kpgyEkr7gbRyBR/XuHe3VaZzYhTXJndW8ZURmAeZeB2Oj8hF/aY+zJG6 TkexpNXBf9m4xHt5XGzYgH+6iyYGiagJpb6CrRtrhNZU5v2DSxvtI2OHUzT0SXQbVsO/ AiR/V8+6N/XLxyXkyVqYTEP8lKF4eKTRCkucWXiX9edK2JnY5YFoCl1n3LHnDuZUaPpN 1rOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167690; x=1767772490; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=knDQopk9CildZER8cwxl00zdhY6ZRqZTDKWSzZ/0gVA=; b=WYhQqrOol1PHSLZh0eLJb2n6FEHIbSfEUxN20fesjIauA37MUBqYjrFkRVVHP4wd/j KXlpTzRgGw2PnhfEAQp9z9JnKmm58lWLTINItaD7eGODRY6XTIehMMrf+bjxXuRJd31C tIFTUor3ng+6/wGq/8xnB2rJnrzsqzVEssh2SEKvFXf+LU18/bcjJnPH4deOg2w1BnjP Ib01SYaMUroXmEjpd1J4C12vTdVhV4qGaBJRQvS50WVw3TDzauaTtbxCU4mbJB0pcfkD 0Kj/OwAvz7EvgD4UjRjWTDcPPHnzHHsvoyHj+xdn5E5PcHcLra1tLDMzeqQKA/mXL2r1 HfbA== X-Gm-Message-State: AOJu0YxWms7YFQ8cRCZsPBj8BjAjzPGuRliEx6LKcSVtl4ABpdWrnO+K c5le3LL12HIUd6hmTsHWBaOEgNgmD0aYp0jZynJttm338wi03P71MLIWlnKfLA== X-Gm-Gg: AY/fxX6KutDtsh78MPJ4exRLCk0dtNoZKznl/k7DAqt1WiRdUUuMV6Ly590S9cK45Fd jOP5kP9E/SqfetPf44kXtycYhKFcplIk2ip/3MEZSOuHBTZfro1mDBWBnwtOjNqTAkpjn2neLGF XjwKuOTWchWJdVzFsuH4Ld++kexVNVgbqtHsK8u79mMTzEHYhuaN9G1W1rZrzctg2Vshaycj2d7 vekuJBeoy6RL7Jmtzm5mN44qfX1oTNO97HcXInAUe8ck7dD4/Q014YPtxFB7qnxGxl4weMnuMn4 ZKXR98sF6Tnf6o7o05VUueJsHDQge58T4rO0SE5vuk6TxwqNUOfcfH7dCySMi1nLeibyLL//Fmu pLxzz+wsliL3iZ1qSPlHb5pCdplodwDNxAflL02k/hjq57lrO+yBQzpVD45O2W/dUh1sR7QQzZo thxgdVNcX0 X-Google-Smtp-Source: AGHT+IEdz3kHM8r0pJOf415su92c+c+T1LRe+Q0w0S0I4wkc9MT4Pvr3a+HYh00hZXD141gM3Rqqbg== X-Received: by 2002:a05:600c:608f:b0:477:63b5:6f76 with SMTP id 5b1f17b1804b1-47d19582bfcmr389989695e9.25.1767167690374; Tue, 30 Dec 2025 23:54:50 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:49 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 19/34] python3-binwalk: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:21 +0100 Message-ID: <20251231075436.771395-19-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123059 Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0 CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0 Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-binwalk_2.3.4.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-binwalk_2.3.4.bb b/meta-python/recipes-devtools/python/python3-binwalk_2.3.4.bb index 288c4068cd..e2d6b24acb 100644 --- a/meta-python/recipes-devtools/python/python3-binwalk_2.3.4.bb +++ b/meta-python/recipes-devtools/python/python3-binwalk_2.3.4.bb @@ -10,6 +10,7 @@ SRC_URI = "git://github.com/ReFirmLabs/binwalk;protocol=https;branch=master" SRCREV = "cddfede795971045d99422bd7a9676c8803ec5ee" +CVE_PRODUCT = "binwalk" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" From patchwork Wed Dec 31 07:54:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2561EE57FA for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81877.1767167692877766126 for ; Tue, 30 Dec 2025 23:54:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Q4ikSEbh; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so81194895e9.1 for ; Tue, 30 Dec 2025 23:54:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167691; x=1767772491; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vwhDFrZ0Ez6DCSx7aN6Ppm5q0p0j6R+iLfn9ZlmB45o=; b=Q4ikSEbhOM9h1AXKEsPjbGV64am1YCwp+xjfhuHU/g7Mk8Yu6RMX4kGZ7ZHXYU0nGw hXEeQJGTkrVPoiKN0Sxc4VyGqZY2/XudSLS/ArNVPBMIJHf59j6JnMi5B7riwdrVXT7O qd12JWVHGXe4LQP4QKrKj8LCd9P83ZE/rsCuXhFhzTXf3YS3+A2fqZUsNuKaAMmbGUSo 7eKgoobA5Nc8//iGjezyBOFPpf6qTuji/hJQ7Fxfu7nYTq1EpU5/0braN+7XQHcpPq2a mBYXXW/z8vldC6Jv+VWUKpL+vWpbHKsaltIHdBfohwOiaiVgoMP1povegpwQyN7RF8su 9r0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167691; x=1767772491; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vwhDFrZ0Ez6DCSx7aN6Ppm5q0p0j6R+iLfn9ZlmB45o=; b=RsNl3S2pHDa8W8lN5L/Ocd/xGWCi/8jFF757PW305gtE4brh5DXetnTvNFLQprYH0u jWebkp4YLvWDaRFFfVQSjvuN+aGbXsnAEk8TuJTlbuV8ZJaQCsicy8jZ/wOv9QL5Iol4 sAj5SK8AlbgEwMayH8IahhnWMqPqMtxgt7Mc5Svfyrg8eYMofG8ET7idzYbl4NZyvSFz IXfQA4reTN+si5/2ohUFRAtbSUXXQMVzEl+SGmDF+MnflOui6khCmIqbGPJtekQEvzVF 2raSvlcq0InbrzPQOYXOtaa/EEO/v0D0VoxyA/4QESmLibDQpHqs+2vH1pLwhyw46Y3X ibQw== X-Gm-Message-State: AOJu0Yy5SBvsYjHkDTNix6VUpp3e/BOAaVz5PX01ZgeORm/AVauXeQPX QMzrCQqSRNUVySoxid9K9T+nmquA5U/R+xFdWUH7FOvk6zRfP6ylLDlrVYg5mA== X-Gm-Gg: AY/fxX422pRpfg+7W3m4zAaCGIKx5QQKkUTwCs6nFSRZ8Qxzf+7EE8oNtHAkRBAbzu/ mln4KuzYudMPngwXyeDudvn9EmFkDk/dWe81HajgSf81xgtV8wnQMcGzVg2c+H8Hg+rzdASxI09 Rx+yP+2CQLEk4GJ0EEFUirlPoDBjW1cnhAGZUe88+GlF0eqs89jXm4bkOK3q0oOVnoHluJI5/7K 9yCXhz68GnSG59a9NKsBERtrXVteo/QU4taVlWl/a7IlMJx+6I6c8N63++cTyA8705rR4JbGw6m Z2ZiJquiy2uXDpPZ0Kthn+DxO032SL4BcncLhil9alLSW7SAa0DWLWUl0UQiCtSfj+5ef0yNl0p sgJySk9Q+I/I7szjeJNM/VnX3zEPwXwWMzJexgtbAVP63/99gTzWO54dPnSlUzIRTxi82Cgiobl cgaVKppQLj X-Google-Smtp-Source: AGHT+IG9+ND97TqvWeVeyE/MQKgLB1aZO8/axVO7HqcDWAElzfD5YODT1hkyQeKJasjOLWdBPoVEhg== X-Received: by 2002:a05:600c:4e90:b0:471:989:9d7b with SMTP id 5b1f17b1804b1-47d19594b70mr475575235e9.21.1767167691221; Tue, 30 Dec 2025 23:54:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 20/34] python3-eth-account: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:22 +0100 Message-ID: <20251231075436.771395-20-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123060 The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930|ethereum|eth-account|||0.5.9|< Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-eth-account_0.13.7.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-eth-account_0.13.7.bb b/meta-python/recipes-devtools/python/python3-eth-account_0.13.7.bb index a3ae8a7802..00deb53c88 100644 --- a/meta-python/recipes-devtools/python/python3-eth-account_0.13.7.bb +++ b/meta-python/recipes-devtools/python/python3-eth-account_0.13.7.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a26e64020156e806cf0054a6d504b301" SRC_URI[sha256sum] = "5853ecbcbb22e65411176f121f5f24b8afeeaf13492359d254b16d8b18c77a46" PYPI_PACKAGE = "eth_account" +CVE_PRODUCT = "eth-account" inherit pypi setuptools3 From patchwork Wed Dec 31 07:54:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77796 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C9FCEE57EB for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81809.1767167693916586405 for ; Tue, 30 Dec 2025 23:54:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IcMB6t3z; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-47d3ffa6720so46450605e9.0 for ; Tue, 30 Dec 2025 23:54:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167692; x=1767772492; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KOXyNbU/8XH11f5lBnyiJ0eHxtA2g6xWlY1TjkbZlyk=; b=IcMB6t3zgyIvdL1qfazs7fvKf2zs57jLOBY0+Qoi/E0VBRRPyVuLvqHNLQQorjrEpa yWJ0UDGTPpG2wqwYjBQZVlNJsFfIT9Kd80vlZI1LqYZvjN1uNOQGfRJyaXN5tcIMOrac wuLgzwV6zObr3ul6zf70r3ckNYVEG6/r08MXEKeGRAMzC3SScpidZ6Y7T9kdeY0qypT7 EEO7qpOdExjsmspHFS7SMImpXKRWVHDS5jz8X98hMXhS4Ivc61ja+kb/3WZ+fGe0W7vP GZcY04pNh3nT5j49vkvOzGYuDU1793175fcu6Ey7BnEhuSqCGPZAiWTjn08wINT/DplQ VwbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167692; x=1767772492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KOXyNbU/8XH11f5lBnyiJ0eHxtA2g6xWlY1TjkbZlyk=; b=wEJ8cqql502joMWl3eDpSx/oOWZ+k5alBtUwLqOWis7ghwWMyMOEvLhm2LkMWKP4Aa ZiK/TSLavtJ8hccNcM0VJiY75j0AjDfhmVnyvhNMOtW83lhyjkhNr6EvEbSwtjfAQPxa z7F2pXHN5HjoJ+7cCCt6leE2g5/R+GuSzr40k8/BWjNhpKNffUoj80cHmt+aLwlYX5uz DqHZ5HCkHq8UHHXbygYwnIKtab2V1+2bjpLJCbvJBpYAAb+CdXqqzQc5veHOR3ZATJM7 k3lk3uVzdnGgSsVt2RkRHyLAm3PkayHBR/znlOd9eQcjo+2wTtQRn04YYdS/CxAqwbby 9ICA== X-Gm-Message-State: AOJu0Yyb4+ruKAE+GKua2vSSeFUOO15A0+XeBc0m0c1aQ3HgmRmhOVEC hBdFCTOWzS+rLb5ysaVN5bBYuezHcu+sOUJpaIAKNR0sb28fy1Ihdaot1/EdeQ== X-Gm-Gg: AY/fxX6sL9wq8Ny8jh1J+dn4V4CjQjtMLcwGD9UjUyVeS5W8Zi317HPrranxWb2vJl/ +/tRMJ9IBT/2EYzg5/EQceiI7I0PFIWGHMtFqbJntSlHxEjfIo3O80T1jhAcGIefoMec/1pvL3B lh0ML34Y3LLr984eTxjA2W4DOlBMMYfBoXDmUO6zprBsgmxHBLIEuUwDkPU/7fC2VAP+RHNk8Zu kSMit1PNtu0/ucNGSVN7/tQsk7iX+7489ZRICAggMfDrkYfvJnWWwDyQrBvHOC0MI2Ong7z5H8Y aa4PHd8vPaB+ApihWnb4P4cIugQFjGwK4Gvk9hBlDFBkN3Z+uOlwx4f6nyH5TO646wUH3LAqEUd z2+AWacF10TUctjZnOgZ/RYe9C5IcjatmR9c6z9UFXndFIYGPg6ysPgxQlTNMhW4BfITIhOruuc jTskNCgL67 X-Google-Smtp-Source: AGHT+IEo5y1pXndkeLNc6jRUUAPa8Q31coN3vuSwWjt1jU+pZWwPNiPpn9I740N+h4anB7irKgS4hA== X-Received: by 2002:a05:600c:5250:b0:479:3a86:dc1b with SMTP id 5b1f17b1804b1-47d36243a0bmr265810515e9.37.1767167692198; Tue, 30 Dec 2025 23:54:52 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:51 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 21/34] python3-joblib: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:23 +0100 Message-ID: <20251231075436.771395-21-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123061 The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb b/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb index 3dd1b57aaa..46b89ba267 100644 --- a/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb +++ b/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb @@ -6,6 +6,8 @@ inherit python_setuptools_build_meta pypi SRC_URI[sha256sum] = "8561a3269e6801106863fd0d6d84bb737be9e7631e33aaed3fb9ce5953688da3" +CVE_PRODUCT = "joblib" + RDEPENDS:${PN} += " \ python3-asyncio \ python3-json \ From patchwork Wed Dec 31 07:54:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77808 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 154BCEE6425 for ; Wed, 31 Dec 2025 07:55:00 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81879.1767167694726565557 for ; Tue, 30 Dec 2025 23:54:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DPT8zFAz; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-47a8195e515so64804625e9.0 for ; Tue, 30 Dec 2025 23:54:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167693; x=1767772493; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WB2KFhNWp/LPVEz2+xehckViFeFFRBsPEGPUKqSHaC8=; b=DPT8zFAzIPx79QgZvQhkf3ZFO1fbZ45UIKXBqumMo6h0InWmKbxGPwArlD8InADm1A v3SLmR3P2c1vakqFT3BQcaxlA2JIOkq2L+77Jj/yqLxX4Q5NQnoC/Dk4hIxasI438D1J YWRQgAyCdKjmC3N5O1jHM2pv7lb+1AtjE+fP9dJcHKPjL6jG55fP2og4umlPuB/V+jx+ JJx4IQNDeroQcNDsOmMT0+drOtZEOc6XZEb/U/563xqTxRbEZ5V8PgJ1AjIknJc7EsaE laqx3clCtuexZ9LjjNYltWDi7MPXuu3g0aG7lHzPcWnGRN8ouadCNc53Du/ifu4uXViS arOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167693; x=1767772493; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WB2KFhNWp/LPVEz2+xehckViFeFFRBsPEGPUKqSHaC8=; b=VOLqQYnoBMRdQycHrqVy+s/Xyw56Z8YTlzukMTZx2DsAGZUbFqKly8gLVSNMbdGzlt 1QmCuhSn65DxPlstJqqq50UAZFpLhhjCLOZLJBdVoCqA6EWE15CM5Bqd5TXASvrJcZHj FMz4HpJwSfKUMtuXL6ASt6VdWe4q7Uu9SHEyl3maZUdT9+vRxgvROJsIR+0Swu0llFfI LUp6Br+f/A9UW4pVULffgdb16CgE+ultPsEQcs+74dol3pII3QFTwyV2YyD97iZq+kcu qJk86Xe3BT4YVWaqTL2WNRlSMdBB3py6ay2GpMPsStPvYdXruDBwDjbZh2Sp//H+hSaz HKTw== X-Gm-Message-State: AOJu0YyqNSWz9gAXVgaHkMxpL3QqOK3e2KfuBhR4D5CNvII8JllZ2JDo Rdm5XFn8ZEhgOKWC0AD4O9CJWxUAu4xkUm0x307S/zWkfP74DK95s8+kUu0+WQ== X-Gm-Gg: AY/fxX5Go+bMkiwxLWYDf+ITACrjoLoNaeTlXuQjCykt/nsH29woEWxzAQ3WZ1ROIc2 0PU15A9vt86yEl351GwfPnuOILPhL/t/bqlkLLOzl2TNHB8XQjgIWMYAJcqQe///ZXDBRGGv6eZ 8DIDqBFcW1g5RGQsJwMGmPxJ7SLyogr56e/1CYPVIgOzaR+54RslFzLg8RVM+60pG03qTVbDV7P 1Ovbx9XhT2h7NJPdfivee5sC0/NzPWqudxpwpXYVDRb/n5lO9OYG/qOjbtmap/AKntom22CLL+V fI8iXy4xPTPKpeSywKQMf80EfQLQ1bk6nWyHOT+REHJnY3a3xoJ7Dfj4TNI99RqZ6zXAXNL2j6+ uq8b0PsstsxOk20cXGLtQcxALrzdpwJlVFkN1DlJrtK1PBd3mJjk5EZQSNX1Z2OI4H2tY+SDpqO giFj/DdnUw X-Google-Smtp-Source: AGHT+IH5KX8kTLRrDRXAiV6z0x5waQVndEXRY3Kf55XpBFwwvtVY8TJuBUh9B1bAEggJQtIbFg4c+w== X-Received: by 2002:a05:600c:1d0b:b0:477:b0b9:312a with SMTP id 5b1f17b1804b1-47d195498a2mr376604605e9.7.1767167693057; Tue, 30 Dec 2025 23:54:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 22/34] python3-priority: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:24 +0100 Message-ID: <20251231075436.771395-22-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123062 Set CVE_PRODUCT to the value that is used to track CVEs for this recipe in the CVE db. See CVE db query (priority-software vendor is not relevant): sqlite> select * from products where product like '%priority%'; CVE-2016-6580|python|python_priority_library|1.0.0|=|| CVE-2016-6580|python|python_priority_library|1.1.0|=|| CVE-2016-6580|python|python_priority_library|1.1.1|=|| CVE-2021-26832|priority-software|priority_enterprise_management_system|8.00|=|| CVE-2022-23172|priority-software|priority|||22.0|< CVE-2022-23173|priority-software|priority|||22.0|< CVE-2023-23459|priority-software|priority|||22.1|< CVE-2023-23460|priority-software|priority|19.1.0.68|=|| CVE-2024-41697|priority-software|priority|||24.0|< CVE-2024-41698|priority-software|priority|||24.0|< CVE-2024-41699|priority-software|priority|||24.0|< Signed-off-by: Gyorgy Sarvari --- .../python-priority/python3-priority_2.0.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-connectivity/python-priority/python3-priority_2.0.0.bb b/meta-python/recipes-connectivity/python-priority/python3-priority_2.0.0.bb index 26620a3a39..7a7ec94ca9 100644 --- a/meta-python/recipes-connectivity/python-priority/python3-priority_2.0.0.bb +++ b/meta-python/recipes-connectivity/python-priority/python3-priority_2.0.0.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ae57d8a09fc8b6b164d7357339619045" SRC_URI[sha256sum] = "c965d54f1b8d0d0b19479db3924c7c36cf672dbf2aec92d43fbdaf4492ba18c0" +CVE_PRODUCT = "python:python_priority_library" + PTEST_PYTEST_DIR = "test" inherit pypi setuptools3 ptest-python-pytest From patchwork Wed Dec 31 07:54:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77795 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AB56EE57E7 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81810.1767167695576592084 for ; Tue, 30 Dec 2025 23:54:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=O175ebbR; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-477a219dbcaso85505595e9.3 for ; Tue, 30 Dec 2025 23:54:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167694; x=1767772494; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mvo2gUj9Y2R+/zM+D9QD0rb1oboyK/GgLi+/CNb+xto=; b=O175ebbRGlo23Tj90S1kExC5egaCjivwunA+IJ6p13Zn4iuVGlcS180FvWKITwL4NF qZrB1EsJOTPROKf1HEqnxcUTxAu9VKx75k4JpJVKY4cwa9oYFws/wEeNsmdNyO9Ncvw6 sQHRYGxYb/ED/9NDP2H2C+2Hg25Eby2T1aOP2DyeqpdUtr2XUiHhF7VsD1EKMfR5z1Ce s4rdbkhaqdBbnBY0cgkRzrC/DYB278wdlkkueDb5oPG3rCJ085Cq6pSTGxXssxcOXN1k Sn8AUCsfh6+Fta7F0elvjPnOQhv6G31oOdX/2tOmjYb+anzX7h/WSL0ft9pYbZ+Pdrpp yfYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167694; x=1767772494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mvo2gUj9Y2R+/zM+D9QD0rb1oboyK/GgLi+/CNb+xto=; b=WCB/b0wT5wGVxFosbKVb5+I7Vx3qQL4iMPTfHI7BX0XEeEM9s0U1Kh70J2yOr9yMAN STEjF0f2QDh2V6v/ZiDGxGPCUETUsy/YaHVkbqyW1MaQnFT0vvpJAzEyGEtkjd02Jbe0 q9XD7WFlNH1zpxtAC/y8KB6ku7ijwuhcg7FiawIvqoECLjGE1PJ8UkWKj9RZhSK/H6/Q Sqsc2ZpTTzEPACBywUpOiFCzgpMINrBUYNf2ziuTNG/k6mrpGc486IgCtXXxxRGGeymU E+FfuCJI1G258eP4jTCjj8HI7zslH/KcouyFYrZcQBZknYBUCNiB2r5zdb0lXphK5l2r xBDw== X-Gm-Message-State: AOJu0YyQ4+QH35gYx3j+gGeB+2g2rfD7eFyIegZqnJ37qeDxH7skRb4G 5ZkP2eCJcJE62vJifhWtm2ThSLeERPkFZSbLqEe0HByn7VY//UXP8umjL9IAMg== X-Gm-Gg: AY/fxX5AZw8BgwuCOxl1kYCTnIELaV9hEILec9hG4pqcY7P4Jz+eGVzBIHmW4z7Miim siUBr2K1D0bI4xJavLUxl6R6lcHFXSRvw9q+0Xb0hoaw1ekuf5MZm3aZpUqDe3Ed8i+xcZvntbl MBM/W7lD+ruKdChamM5EJJwh33fcESY742En725mD46ZkEOmVzjQNs9Dr4kDO/uqUgNRV6zWE7M qED7blhPJRiioEOD+Hq4ZATsN8DPFipAWQflVqLZzMQuW243jqlO+K3mqwNQ8Au+YvvG58Xw76h EaEpsV9MUzuv0c8O1e5gw3GlRGrumt10hOnPP3Cjw9oRulNOzILUnXHnsCJijnSq0cqOvr5JeOZ A02vhMnrG9bV6Kxy5tXAeEwj5mLqNDou+FtMOKwJHYruk7cb4ZvbB9jq2q5zhYXA5S/qoGd+ABF YF7pR1X/ks X-Google-Smtp-Source: AGHT+IEYArt/i1rs2fclUNYwq5ul0+wUNp16Gtvo2iyd6ZHZMrGj3GYj2AzShaWK8d1WSucdJUk9Cw== X-Received: by 2002:a05:600d:6405:20b0:477:7a87:48d1 with SMTP id 5b1f17b1804b1-47d216bab2fmr297025915e9.30.1767167693818; Tue, 30 Dec 2025 23:54:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:53 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 23/34] python3-oauthlib: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:25 +0100 Message-ID: <20251231075436.771395-23-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123063 The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-oauthlib_3.3.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.3.1.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.3.1.bb index 80b87c1aa8..bdc1f0e7b4 100644 --- a/meta-python/recipes-devtools/python/python3-oauthlib_3.3.1.bb +++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.3.1.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2699a9fb0d71d5eafd75d8d7c302f7df" SRC_URI[sha256sum] = "0f0f8aa759826a193cf66c12ea1af1637f87b9b4622d46e866952bb022e538c9" +CVE_PRODUCT = "oauthlib" + inherit pypi setuptools3 # The following configs & dependencies are from setuptools extras_require. From patchwork Wed Dec 31 07:54:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 707D4EE57E5 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81881.1767167696231236262 for ; Tue, 30 Dec 2025 23:54:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EcLD4047; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4779adb38d3so69211915e9.2 for ; Tue, 30 Dec 2025 23:54:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167694; x=1767772494; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Bk3vsYDJf/kyH/ydmzGr9FkkuIcC/A9sNgJrk7A+h4I=; b=EcLD4047oA5/Kes1hKzqsDIINOkaWKClKVgj8MVS2q7KD3naS9Xxzvd3qkZAzzBCKm t5QpVnkOgQ9+1tDiZzgGmbGB1ttfhpF5sXTbCqpRdnUOXI2wUrNxumW1IV0N+llvrsTl E+/UiOErrQB6vdeZAwOu9E9oSkbkn7/lJPXfOqLZcyEmUCumiVyrQIB395NWnIEkSV/4 WJ/CX6mNudiKVv20EmxmuYsqurMB6FsTyYW3L4y+kVv6Ch9g3yNAnGOB64hL5HOCMFJa CruowPmJoMAVMcUrQUVNkWe8DI04m89Al6gT4ecy3EzCQEEGZ2GRTD8PlSeT3IieJO0B /MgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167694; x=1767772494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Bk3vsYDJf/kyH/ydmzGr9FkkuIcC/A9sNgJrk7A+h4I=; b=smXHSX3JJt6X5NRn64q/SSmpFRREpsDGG5AWrpJZ18QDPsw5dzm+iX1qnghddKMomI zFWvewNpAPkxQ/lwxLHT29t1poA1nK/I7hzQE/oRq5LZGX1WHDVb3sfJukhMI8nk7fLS APBZLT9iu3v4QYV/HwzulHwu77Z/hIbxdYIaiaOjHEGzQ4Q/TNi3lN1IHl461C0Ux4sZ 7iOWewn6fejjboyFSamcN1q6W3LdFbtGXOfgT4/me5R+P2HtyNI6m9x7jS+TQdDPYbFY NWRH/095C5d6E2cOx98w2BwPpheZBPNQ2PH8T5IufEcsWsV+wNdtwU2TUz+fpMNS0efb z5lw== X-Gm-Message-State: AOJu0YwtaK1SayYxJp3zCB5owezXPT92I0UHHMonodP67azdNpKs7i5m MeBQz7EHKPcqFLCNRz0m+RAbHrszPizgt3DNOtm84tpK+dQdABQwxGPHW86wqg== X-Gm-Gg: AY/fxX4aAVDwTCZYhi8/NT3c7pM3hD8HCZK9KvHnJXfAzbz7I0lwOBF/P2wws8P7+rS OK/ZNqiXBWc78U7mgaJZE3X7ymskfL9O2j8p7CvzYBrnqCRJUgXb4icUO1QpFIMMIPAFo6oeD45 5i3ruCMk8YUn/sFyo9OOgthoUD5zb6iHvqhvIVhHxx2YeXV3mHvNDse2PqlkZ39RmTYXILYLBrI F726Mo+yGDL6e4w74kIjhsuGVX64Rb4JVCmQIouymlY1YqcXrS9/EpJBrr3OFNTUZJtqr0WoErJ b6oksV01KKQNJcm6Mxrt7FK/8N9atkhfrogseW5+nBwHZ7NpuKjeKRgYgRY77+u9qqNB/rzlnnP yJ/JWaxQckTDMBY1faY87nWT9plt7XBlCl6L5aSKVjMBVrnbNqGsAZ+gvtlvYoncgfBMSQryMbP P8hwm1ggcK X-Google-Smtp-Source: AGHT+IFd43rDtIS0sPDgkccCCA0x0jP1II/HiQ+RE34hLt381tZT5m9jdfxMRyjdrKVeBfLx6+V5yQ== X-Received: by 2002:a05:600c:1d1d:b0:471:d2f:7987 with SMTP id 5b1f17b1804b1-47d1958f9c5mr403172275e9.26.1767167694519; Tue, 30 Dec 2025 23:54:54 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:54 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 24/34] python3-py7zr: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:26 +0100 Message-ID: <20251231075436.771395-24-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123064 The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900|py7zr_project|py7zr|||0.20.1|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-py7zr_1.0.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-py7zr_1.0.0.bb b/meta-python/recipes-devtools/python/python3-py7zr_1.0.0.bb index 61a9a5569b..83482a9466 100644 --- a/meta-python/recipes-devtools/python/python3-py7zr_1.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-py7zr_1.0.0.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4fbd65380cdd255951079008b364516c" SRC_URI[sha256sum] = "f6bfee81637c9032f6a9f0eb045a4bfc7a7ff4138becfc42d7cb89b54ffbfef1" +CVE_PRODUCT = "py7zr" + inherit pypi python_setuptools_build_meta DEPENDS += " \ From patchwork Wed Dec 31 07:54:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77792 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63017EE57E2 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81811.1767167697040675460 for ; Tue, 30 Dec 2025 23:54:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IGDzb2Lf; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47d5e021a53so7208955e9.3 for ; Tue, 30 Dec 2025 23:54:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167695; x=1767772495; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MaTLdMZ53ipzhbBumWOASQOmj2aUNym9pEef5+muNRI=; b=IGDzb2Lf1n6PfWnYOq3o3cedD5zSeOVgqchQjmVmWibUkpZvGZG6+lu8Fzd27L0gN1 QFSKSuKjHLBc9yy1RKe2LXEdhpj+qNFGBFKMpXBojKvZFdrPIqIPfiJiSjdYwXWtRW4z UR/yK4B1s4CGr5Jwn8hsSwzvk/bfvpRN8hSgRojoFBbRFaZqW36rismi2P378YZ8Dsvq z+gZCiNMLpZ26OSa86SSM2fIHKDb8BKAHDzxNOS9rb21d0n47XJ0Pghm4Qd0Zg1VBp07 j6ZP5Y4GHDX2a0hNaW9OXPdZTTD5TsJMpiPFeXa7WPWiTE39Z8odhpYUmAH0ieByQWPq vw4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167695; x=1767772495; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MaTLdMZ53ipzhbBumWOASQOmj2aUNym9pEef5+muNRI=; b=rRRlTpsguO++aH5lN7ACbEMPQCfZ2e8WfuOQO61PYRX5KTnQ1ipYFRJNLKPnM7su70 hrlz6GH0IuYWgT52c1W1PnAp9fxbXY+t9EkvUsj4BZFgvbLOqKEnIjX3AOoNIuNygCQ5 +rq4BtDUVLOrzuCICfA9Vm+U2S0Vmy+y0GYq3Nr0RA99EjNu4NGLGGa1Y0V00pf4yjqV sWJ2Pl2s6k3f5s+4Cpt1Ng/yZl0N8O1JE7fjmw7kXihM8QcMjIrUxribp1Ay9DSy7kqJ 9HSgD1ed2uZk+wV2Vh6CRLwj6QCpF9ykScDrGpsHRHxL3fyPUDtI4ee0WRxGh9mb/Sxf n8EQ== X-Gm-Message-State: AOJu0YxkxTZLiDcbxi/WtesMlHrCXQ8ECatRJfWJhY6f6VEURO7eWyci Q10CU6ada1l2HSNt+kUC7p6aT9Vt+ox70m6KbkcpG9gLEQJXhSQpvN0n6gs6KQ== X-Gm-Gg: AY/fxX4cQ9pvGJMkfyG0xbV+SQeu5eTQ72jMhpOb2afzL3HLFN0+BQefzwLrGo1SThE FrACmEpN05GdnoH0jmHitGu9sRWmG0E1Mflc/LZuUvVFI7PVHai4c14DlKsDuV9dMbukbaGTQsP sYAU3If8lNdfNKg/b7KRgQfVSW1+TCqOAdjJwfHtlCcBKqgVvpwz2DEgGYkIPUAWN6yvsb4nwHZ ODKzpInGCuGFfuP4VTm2N0q4M+d5oK4qvPp1jjYz+axwXHGlAUA3QqUxJ5FFB4wVwbEPndH6Xq6 9xrqeL4LaMfEcoadw3i18/2AX0cjTt6iR3bnp+PdvGoa05IhKPSU7XrxX69DVHEx2x0gH/mfp0s pRwZfMr2n0oLV2keBaMqjB8DdZrAgh7eBsbp3Tg/UQScOUU9+aqfGWClWs1hMmHAtihaHIlbxgh oqzkQTo4UH X-Google-Smtp-Source: AGHT+IHcSGPSm53zCdOGRO2arZsx3nFuClLoXP3ciHq+1dzPzKbVPJWswLHaNDTrBZgpUBhgcU+bQw== X-Received: by 2002:a05:600c:3b1f:b0:477:bb0:751b with SMTP id 5b1f17b1804b1-47d20423ca4mr410723275e9.27.1767167695348; Tue, 30 Dec 2025 23:54:55 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:54 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 25/34] python3-configobj: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:27 +0100 Message-ID: <20251231075436.771395-25-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123065 The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112|configobj_project|configobj|-||| Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-configobj_5.0.9.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-configobj_5.0.9.bb b/meta-python/recipes-devtools/python/python3-configobj_5.0.9.bb index bd4764f4de..474c345b14 100644 --- a/meta-python/recipes-devtools/python/python3-configobj_5.0.9.bb +++ b/meta-python/recipes-devtools/python/python3-configobj_5.0.9.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e2df3cb285297a24cd1097dfe6e96f95" SRC_URI[sha256sum] = "03c881bbf23aa07bccf1b837005975993c4ab4427ba57f959afdd9d1a2386848" +CVE_PRODUCT = "configobj" + inherit pypi python_setuptools_build_meta ptest-python-pytest PTEST_PYTEST_DIR = "src/tests" From patchwork Wed Dec 31 07:54:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BD4FEE57E1 for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81812.1767167697776678242 for ; Tue, 30 Dec 2025 23:54:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IKZy781R; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47795f6f5c0so56998435e9.1 for ; Tue, 30 Dec 2025 23:54:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167696; x=1767772496; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JP5yT/9/gdjhI5eT9vsqGuCD6TuYg/KRN2uGneH5toQ=; b=IKZy781RaeCfbfeVVriNdFWFbXPzlUHRUNaqIRLt7pEX8PIyvwRL6YxUNAVnwE3A6R lsWrlLsuaIPDBoj1EeWNyXfFXfQ3WiTMFsUjCy2W6jO5GdyNPVPPMsLmDDWn3Ow9bwl9 m04FOZD/7/9wubH1qpqv/0/Db4dlfvHeZqwzoLKrWyMu3571fYImBXg4px/wZhXkXoah /+dSQw7MSmif8oeYS4iA3vderaJLroWCpNFrdJzDqTwJOn0a0/2fN8tdnDUbTM2HI6aR NhJjYWxYkGX86RoqOuETvDaDvg2MYuaSEilLsyicr44YNqrkUD9xTrGxgeNml0b2U4WL joBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167696; x=1767772496; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JP5yT/9/gdjhI5eT9vsqGuCD6TuYg/KRN2uGneH5toQ=; b=nI2lNrutV+n5ztbV+pqu0czdEtBw+yKw+rUZAIfUkHc7QBu0I6UV4Br2xJuKgVWZAj iBEVMXO2LiDdILGhe4DuYiXwJAA/4choq+O/v8q57MOJ9wiPEsk63gTy55hCsLGM887S S/ch7Zorz+BxxMZ1K9xImzopsw0iONuJ1kuKANOAz/dxzufqh5WudaCpleeBxQbzk2LO oijTCaREZV9on5oPUcCytGDOSp4YnFS9AIPndnWIczbGE0vDQEOawfe32GXeQ4ZVNJkx nSqAAqEq+ivWyNhr/w+Te6OI6sN9OT7WXwB9Pf2/F4UJF1yysDRDIGHzWIP0KgGpUM5T ByLw== X-Gm-Message-State: AOJu0YwfugbE7f8Ab4hkLlwXg3KlLi9wr12GY9QTdYi7UJ8hxefK5DBI I7wUzgh8POPg2gCOn3olQOoi3Ng1Fc/7wY1jIjvqEStQj/KzGAUI9i1SZ/fzvg== X-Gm-Gg: AY/fxX48ePe+xl1jg7WN+3NV4qdaYfXH0AQSMf6V8HDtW96DOHxllB0+cD9vKR0TBan svjI5i0i6qzc5bG+HTnMwik+nMebxhC6C+VOrrBcDsMsQvecAsYCWWylKuzE1MtZet4jtYXqwjd eSoa0rDKQRm1MJHf+No7xJmoJXDIHhsFG9PfIa3QIQ7vpFXLCf1iwClPUi0ghuNzmj4nzv1Ohg2 BGtb0R+pgweRnzugPYbimJzhIZV4XjrcDkpW8IvNao6Vf8fG8ISGfVAx0lsUv/Pp5ThkMbG0po/ pcinPegeh1kntfcRfGx/nw75U9q0CbEAsEL8nnt2vuGyBwXNfvwfUFKIGuTqcq4grOiUUVIyoYn b1xrCJ0fbsAymoUO8HI8gpP7PkG0vePiL5qabLuj0Fc6GDkY43rHM6Kc7U6Cp/L9yHLY73iFYbj xQkEKqtqM4 X-Google-Smtp-Source: AGHT+IGpYIh3RMAtCuFUNbOuMagJ3myyVgULuCdirPHql/Z3sLvwuq4DEwwKAPYJdbtAMvMw8czQzg== X-Received: by 2002:a05:600c:1d1d:b0:479:1348:c61e with SMTP id 5b1f17b1804b1-47d1957d746mr364233865e9.20.1767167696119; Tue, 30 Dec 2025 23:54:56 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:55 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 26/34] python3-markdown-it-py: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:28 +0100 Message-ID: <20251231075436.771395-26-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123066 The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|< CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|< Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-markdown-it-py_3.0.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-markdown-it-py_3.0.0.bb b/meta-python/recipes-devtools/python/python3-markdown-it-py_3.0.0.bb index 5ba4fc88b7..1944574fdb 100644 --- a/meta-python/recipes-devtools/python/python3-markdown-it-py_3.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-markdown-it-py_3.0.0.bb @@ -10,5 +10,6 @@ inherit pypi python_flit_core RDEPENDS:${PN} += "python3-mdurl" PYPI_PACKAGE = "markdown-it-py" +CVE_PRODUCT = "markdown-it-py" BBCLASSEXTEND = "native nativesdk" From patchwork Wed Dec 31 07:54:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77793 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54A48EE57DF for ; Wed, 31 Dec 2025 07:54:59 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81882.1767167698696623441 for ; Tue, 30 Dec 2025 23:54:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=dGjoy7Az; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47795f6f5c0so56998505e9.1 for ; Tue, 30 Dec 2025 23:54:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167697; x=1767772497; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VIhTlwIoB5Vw8NMyYHCrm9289siVXj3ta9Tfae4ThrI=; b=dGjoy7AzJw6c3uQtLsmEStAXgxc1/r9ci3PzOFyIgUM+fQOEC99FPjfdYjjkwBBDCI +Bl57ecwONPVFB0DM6xY5R7jcY5v5nn8IdRTWQvqtDYSWBDVuMy7gmVr9+zGfVBPHweD I3SSPVfs7hP8mqsVjSC/3D/AOj1r2JW5v57KhXqiznFyqEZKXkW0/WQU5sIXAo68l0FS 6cNaaO5yNOX9s4wTY2/6KXut2yb+0rmL1LitG7oWOJxTPnCb7oeWA2E7Ojid282xqje3 AKPnmFnWc0HCT1Sg0z5ZINnjHQ+RsvY3YBXhYGgEjvF31r4XoPAepYnhRURFlraNoIVW 3aew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167697; x=1767772497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VIhTlwIoB5Vw8NMyYHCrm9289siVXj3ta9Tfae4ThrI=; b=EljG1A363g90rgNC28L0kZqVO2JQ7sdzrTk1CE6rpE8qsnprP0XBndZDNbVugTYUAW v99IVaG/AAobE0JewZs0iNvxz/0OErUzVTnTls7i6e95AwXDyP5E6xvvQqeoucTz+EJ7 0FMnZJ6zZ2wZiBxwDJZg0bakYrtT91DiErKJLmNyMXs8WpvzLkfp5tPKF0AWIh6xigQ3 pZ5L09BvQ39pbQjXjA//9+8wYnqrESre7rylsh4HCyGtgCyTgkUF7vucHUUQqBlb+4AG OnByM4kDiOxHtWhc54nBSl4jgZENmSPAVy9Y5TZd/nIb55dg6g+2dpL/VE9QsaJAt1xw xBXA== X-Gm-Message-State: AOJu0YyQYj+BQBHs6Or4ZTLHc1AckVzih26ncAm5uBDsMMJroGBiUp7m F1i9KzsovJ+mJfTmaU41bekmNyzp2fxlito5qZlFU8H/14DFnkE4Meu9CjqflQ== X-Gm-Gg: AY/fxX4F1dxS5kIcgLZ9/EAXUc0GZHPVMcHdqrG37apY3UJjpAghnrOcFCkJbHgcvsh xN5gaxI0FB/F7HM9tZwN5oI4UG9Ix6/uMIlCq4RJ312/8lBy2IR5I9P+I5vfl9r5nO23UrOBnHy tU9ug4CKggBHVlB6qoQ3I7oOShE5P6rQUaGpa6vh8VCdcq7Y2Lyx9HrdGCTOMMxd43Vj+VAfmHb Ch8kkkURLdCzmli11/55E+X12ehCAE2pFJQipkefaHwDS5LUKsftlv644JeCmspetWYvnVGMmO2 TveqTtwiZX3JzH57qDGn7BrUzDuMG0rHg+UJx62qbrDFoprDX7v1beZka6MLDTlyBl2P9g2bIRH 9596J92hwbUZN2g552g7xABKygXtuK8GVF9Mdme7cKdIKlC5AKbbyjI4K+1F2XeWHsKidNECTNo STxBmxgtar X-Google-Smtp-Source: AGHT+IFysruoAicK/Mg3js1QMU3fnXPslTmCEgocO46Yoam/WWHkN7MBh5kzQmss6B41o0YRgAKfuw== X-Received: by 2002:a05:600c:818f:b0:477:a0dd:b2af with SMTP id 5b1f17b1804b1-47d195920damr432917765e9.33.1767167696941; Tue, 30 Dec 2025 23:54:56 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:56 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 27/34] python3-starlette: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:29 +0100 Message-ID: <20251231075436.771395-27-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:54:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123067 The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|< CVE-2023-30798|encode|starlette|||0.25.0|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-starlette_0.50.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-starlette_0.50.0.bb b/meta-python/recipes-devtools/python/python3-starlette_0.50.0.bb index 9b9adca6fc..682ec89b89 100644 --- a/meta-python/recipes-devtools/python/python3-starlette_0.50.0.bb +++ b/meta-python/recipes-devtools/python/python3-starlette_0.50.0.bb @@ -7,6 +7,7 @@ SRC_URI[sha256sum] = "a2a17b22203254bcbc2e1f926d2d55f3f9497f769416b3190768befe59 inherit pypi python_hatchling ptest PYPI_PACKAGE = "starlette" +CVE_PRODUCT = "starlette" SRC_URI += " \ file://run-ptest \ From patchwork Wed Dec 31 07:54:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23A32EE6424 for ; Wed, 31 Dec 2025 07:55:00 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81813.1767167699545227542 for ; Tue, 30 Dec 2025 23:54:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Ral4Kg8Z; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so81195345e9.1 for ; Tue, 30 Dec 2025 23:54:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167698; x=1767772498; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hBqBxQt4/qmJ1ET/M7jfa+UXpMJsGcxpAS3nAUT3BNw=; b=Ral4Kg8ZE+KKzitS4UdXboA1DOf1LusEgmS95Y87I7qkUUHnZb/NXWD6xL+uGJq/oK JHsJJMjTPDwTreyKdXq4QNfCcZbs5QJEW1z+Kq832L7wi4rvXR0VLiYLElC8ivAglCZl HSuRRiKkXj0SvrfPyzp9HLIeqpy+Yra4psrU8Of+TDmXUfvgi1Y6qnB0nLXeADLbf3T6 QPQfUso76WrrVvyEHLhmaW3lxcf8F0Sn878xf39ONerpr7h8v6bWsnhNztIoxlQGgIWG e4AFVqvQNk2sYw5aVlF4py6aURPfwTIcr6MdbSVxDq+ZUJ4KdAiYYyMPzIY3bB+bHl/F VcbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167698; x=1767772498; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hBqBxQt4/qmJ1ET/M7jfa+UXpMJsGcxpAS3nAUT3BNw=; b=Lwybv+UQxuAhvB8zfhD59OyhZEcSrliknd58Rs5TerQC0r6B3jTN1rCKk/n8BGyC4U l0ZZ3oj+QOOUo8JLnUuwQ/w3SyzOCupqNqjax1iZG4R20SfBfQPNY/PzN1uIoHWzMLuu Yyl0hYqNllbLIzw5UgKGyWZA1nXNJmW58kTdyT2ZZLWI31gJcm/RW00XKz+A768FhWA+ WoNlLmWOD6nbZO6s7sIVnW2V5wS/1bbuU/dHEYj3xJeIc+i1EOUb4QxEaO9chVhz+8Ob 7oh1JcBeItwKavYNyRYrdI1GvF2kJG8aXWuAt+5mlGilWYlCq4TcxBtz38IAVAnhTMOk 4JdA== X-Gm-Message-State: AOJu0Yzgd2lJCIXdeOTVscEloBSxCgqoH4cdSKdaNUXRRgZF+lLgjQt6 0GsVWRuMRLy9Ro7KkA2t8HQCtiYbx1RLUUkePc7ewlOcDmKH7akMtJguD5r0Lg== X-Gm-Gg: AY/fxX77YtO+RZxz1Ih+1Uioqg9vWrJJPkYqPoRTbRu1ugLfJmwB1BWmveFNHNwdjBB He4l3K2L21VU3UMAyvdpQuHX0dmQoiRzalwpoHts+kNch+6IzCBJpHEKlfL5GnPl8k27dGLQotK scoWlgtqhvDGVWhlV9KzTMb3OuUW+x+Nm0hjk+qXN9u2f+h9cBQlK8vvlBJiyTwSSmMjqMiQGJJ eHrOJlqtpWgkndGJ0oet1WgIkqQ6g8bFgr4moPnSvgsbJjWTgFl73g0Sevl8Kt5zXLrvq540S4V dCBqo9ACcLadRLL1lDFCX0aLe4oTF93LCdp7jJBrZZMTCOvzlxLHsqR2BoMV7/Wtarrl1UqFfff MOjuuF5QzS9ht3FCBmWKuBVu5MHdcP0T+lKLJPcpY8Oknfd0r3DryI2aoJ3J7+UPTAkLckpG4cC IdKlwfMd7t X-Google-Smtp-Source: AGHT+IGsh6VObtgD9EaV/BWqnYBWEdy4UHKkoJZBzrwJmnhHRlJSn9Nzri70x/zoDsgap0ke9Rvh4w== X-Received: by 2002:a05:600d:108:20b0:477:9986:5e6b with SMTP id 5b1f17b1804b1-47d1c038664mr296380695e9.28.1767167697859; Tue, 30 Dec 2025 23:54:57 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:57 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 28/34] python3-dnspython: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:30 +0100 Message-ID: <20251231075436.771395-28-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123068 The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483|dnspython|dnspython|||2.6.0|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-dnspython_2.8.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-dnspython_2.8.0.bb b/meta-python/recipes-devtools/python/python3-dnspython_2.8.0.bb index f8f78f1016..aa14caed15 100644 --- a/meta-python/recipes-devtools/python/python3-dnspython_2.8.0.bb +++ b/meta-python/recipes-devtools/python/python3-dnspython_2.8.0.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5af50906b5929837f667dfe31052bd34" SRC_URI[sha256sum] = "181d3c6996452cb1189c4046c61599b84a5a86e099562ffde77d26984ff26d0f" +CVE_PRODUCT = "dnspython" + inherit pypi python_hatchling ptest SRC_URI += " \ From patchwork Wed Dec 31 07:54:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DA80EE57E5 for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81815.1767167700189650400 for ; Tue, 30 Dec 2025 23:55:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HJ4HICUT; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so81195385e9.1 for ; Tue, 30 Dec 2025 23:54:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167698; x=1767772498; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5aBjPru3/4HWD/aTs9jxEWEEfgRAX9OfEFDlbOcjVOk=; b=HJ4HICUTs6EkGvpWX+cUQpgqD3evlh+XgSDL608ffUPq5VME8+/RLQZ0h2JQa/zY8+ ALmv3ea3Ha5kkuW/bzyfGQRfgCiW7osJSWVnx4kuZS85QWTobO/KPd8uNcRe2UXVriHA qyHDEM0G6JBa353KRCnFSC+yv0D4o+ur3zegl84CMBA7GuMdpinD00Eq5A97qKxsxrsl kr4hSb9DLzhtrwPyR4WbMK6QSJ6Zrel4Nh3kgz6W9B3T4YtyOCFx7grCWUN3GXY7XGns +4Lzq2lfK13bkcyyBT0TZLE6MlQCXUTbOqu7LG2+RC5RKHVKyZaIf4T8RARHEq3D4XlY UomQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167698; x=1767772498; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=5aBjPru3/4HWD/aTs9jxEWEEfgRAX9OfEFDlbOcjVOk=; b=q42e53ZAIuHLiiNj5hH6VADmthVyEfXWrdLNc9dyH9jvuVI14JTVlNw4sBrpEu6uji mZ2i0rAVzzGBgDftgsYE4WeOR5y/7x5gx9X9wfWMwZsP7MjJ859m1K8rNNAyGEqd2c5k VOEmJz0nl7g+k9JrvydWo3y1eFXq/F2r0hFQwcYJ4nC0cXyiIHB6+G+wdodAQdwk+J2D PuR1V9zyMy9mk/gvkILxMkiUFCy4voWXZgfIx7GaU/lznqtT/HDI6fqGNNXmxRBpq4SO cb8BcwnnK50oHKS/lRz/PDynRcC0Uuc4MhYFFCabSO9lkZGR8VLnQXjLFiqf8onvJo3/ lpng== X-Gm-Message-State: AOJu0Yx4rbNu6tQLxgJaDxyeieYF9RHdlsOq+mrEs1oRb2VSZKDQLY/N V2fQLlKzZuONoBi+QApxZruX1UOVS2UWezLeTAdQgxzM6lIbwpaNpZaX7egNOw== X-Gm-Gg: AY/fxX59Q/9w4z355s1KYppndy4GI8NEXmJ9LpVzXZl66rgc0Y8uPKA2caSYi0U0VeS oD9B9oRuAr8Fj/u6HOxITXv31HAP/F2Pe8dEYIJt5UaSrg3ulDa9BoFVVrEr12ZJvDv4JdeMClF hTg3EoC4k3c4ykx4xxDHzxI/UElILPqW/d+uM+a9AMVYCHNNOjrJJ21atzI8pU2kvjiZO6scvEo zg5K3BfehUGQvsCo5chW1vmfoj+mL2mDajO5ewznWR+FWqoqvwbP5eq5ZLSPxEKMRr0kkJAVpCX IFlU4LkQO2J1yMCnNMcfP0mYk6dxIHi8STh99zmfCrp0JLHNYgP9rt3T0gS/2jv/Ftfc5KpMESo B1/9pQ/CiAVIpBxO45KilvhOZytNgacOa7p0Gt6pTOEtBKneFoXWIqMhy38FIipCEV0OfmSGYrJ lE6lG1xXgr X-Google-Smtp-Source: AGHT+IG6O6xGoHX8Bj4I/3wW0XmaSrTqHFUJoEf2eg+w4KxPjdlIQ2Byz7kyunCmyHBLLk+cV7nIpw== X-Received: by 2002:a05:600c:3b05:b0:477:6e02:54a5 with SMTP id 5b1f17b1804b1-47d19594d77mr385291325e9.18.1767167698546; Tue, 30 Dec 2025 23:54:58 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:58 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 29/34] python3-gevent: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:31 +0100 Message-ID: <20251231075436.771395-29-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123069 Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419|gevent|gevent|||23.9.0|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-gevent_25.9.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-gevent_25.9.1.bb b/meta-python/recipes-devtools/python/python3-gevent_25.9.1.bb index ea445d8ceb..51861f24c7 100644 --- a/meta-python/recipes-devtools/python/python3-gevent_25.9.1.bb +++ b/meta-python/recipes-devtools/python/python3-gevent_25.9.1.bb @@ -17,6 +17,8 @@ SRC_URI += "file://0001-_setuputils.py-Do-not-add-sys_inc_dir.patch" SRC_URI[sha256sum] = "adf9cd552de44a4e6754c51ff2e78d9193b7fa6eab123db9578a210e657235dd" +CVE_PRODUCT = "gevent" + inherit pypi python_setuptools_build_meta cython # Don't embed libraries, link to the system provided libs instead From patchwork Wed Dec 31 07:54:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77814 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A789EE57EC for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81816.1767167701784530726 for ; Tue, 30 Dec 2025 23:55:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MvN3AbUm; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47795f6f5c0so56998595e9.1 for ; Tue, 30 Dec 2025 23:55:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167700; x=1767772500; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ign8pzhT3UBV9GxhABqSsezdLJc0BrRjbZPYxye12fY=; b=MvN3AbUmlWKpO/xO5p0fMgEWoy5lOVTwSmkwPf5e3RbOQu2X6TDqlm8Epooyuo4t6k /dtwccCfy1IsMM5gbRzvF49If0ZSnCJJKB5pXM3w5yS4Q/UdRVB3GeL8xvZ7ns2EoTrJ QD3+6EIg6nwXSXvVxBsbdeEyJgeiBHvnmqhirYGUkbr3oVXyJnXYHsvpvZHqg7yMs9Vx kB1o2qp8XaxhZH4xPxcZLpPyY18PeM+0yMB4+9DtvJNDlLO3X4dhg821yj9nQejbq0tZ 7Dk3e68wq+5ZNry4oadLe2icWorG6oWp3/1i6ow4qwnhc/An7qekkWc11z3pV2KYBd9x eTJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167700; x=1767772500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Ign8pzhT3UBV9GxhABqSsezdLJc0BrRjbZPYxye12fY=; b=cvl/TERc7EtGe6tA4TnL7GCEUZZdttXkc76lQnZopfpsWme84JuRouMxrOHrvYnRbD hWRy7PVNTWiPxboVlDP4R8HsefU81xOhiXVX20HAPAMzCBevdtxQXJreZJFKy5J2vbK4 f9I142rglefOBI7sL/nMe5jJ49xBWwBRc4Jy2AKRUUDh3a6/us+1pfzlj5K6KvJMeFk7 5YBMvWwAZPF+DDJClDQlGjEk4592kv2BNd/NWFWViC3E2AhK0a33EuYgHHFoz2PKvvN2 tFsm4+FyKkQAnIkWiwo6vaRwKu4f6tnzicYz+F0VnyUWqQHoLdDX9X2sLD4IbgBCWF80 qk1w== X-Gm-Message-State: AOJu0YylVJrQ5/4jXI7FM8xniOJZy1aywazvRqOrf3U6V/vpUnsBdV57 N4lOknNIxSKX4+2BTWa/nGkZEFHcb6XaXP/kOnaqFiIQgGi31Q4YJyFtsVBnEQ== X-Gm-Gg: AY/fxX574NcBk77WHelUz78+l3WpD9XhVNJ9y9ZzKBtjobdaEbtrGnSTQtRc14w1SV7 /mv6XTCrP386ZmIjreJAUgGpKm/UxLE/2PNqBOPRPu0smOKEAi6tX9U6vEX9/Z1vsEQsoUNHJ0r Ab55BU5h+WpTTxFSIVlKrE/5FTi5txctX9dJtBUSggIeLDhC0SOtMFz1FzH0+sTvdVrcADcSiZp g4iFTonYPnUi3VOtsY1k4UJGMBtss/ogJcZxzcoOT2ieJYLsjihFXmGJcpVKKT6rtd54bIWPdrP xhd9NqIKG96uap38ZVNQ0Q29MSrgknlbvgp9O6kwv1ktzRbRA+W+cpAW+poX2okSzTadkaGa3DP 4VPP4Z6eQcz6M1IbkqijdjIWxxFqTJ4p4A0htOWp5H6HznU+oSZqVk6TFd40diBzRnrNrYwr50F ed3VixmFKm X-Google-Smtp-Source: AGHT+IEfMywN0RV2v9Nzcyhfx8aLiijgpqN656r7RnWWUJtrEIMgbMYTAgMupsWq5d/ZggKfILjPSw== X-Received: by 2002:a05:600c:310b:b0:471:1716:11c4 with SMTP id 5b1f17b1804b1-47d1959783amr421056545e9.34.1767167700142; Tue, 30 Dec 2025 23:55:00 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.54.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:54:59 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 30/34] python3-ecdsa: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:32 +0100 Message-ID: <20251231075436.771395-30-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123070 Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|< CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=|| CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=|| CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=|| CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=|| CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|< CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|< CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|< CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<= Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb index 4e884b2d74..2025d5e139 100644 --- a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb +++ b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=66ffc5e30f76cbb5358fe54b645e5a1d" PYPI_PACKAGE = "ecdsa" SRC_URI[sha256sum] = "478cba7b62555866fcb3bb3fe985e06decbdb68ef55713c4e5ab98c57d508e61" +CVE_PRODUCT = "python-ecdsa_project:python-ecdsa tlsfuzzer:ecdsa" + inherit pypi setuptools3 python3native ptest-python-pytest RDEPENDS:${PN}-ptest += " \ From patchwork Wed Dec 31 07:54:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77813 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E3EAEE57F0 for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81885.1767167702514628542 for ; Tue, 30 Dec 2025 23:55:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=A7D4NmhP; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4775ae77516so106713695e9.1 for ; Tue, 30 Dec 2025 23:55:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167701; x=1767772501; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cHkjRYeMrVueMgdXyrlSIgr+7LHXK8cnft2KQhjUOZ0=; b=A7D4NmhPLGiLE+PtVstg73D8xcW2G9zVqDvgR/3OmeJU/iiJrOJ7nWG3ZJDLoY1nUb ZsRrZO0/VPAJo50YNSzFnMdrZ3rylbYl67LcdzyseSLZ7j0mUoTtVRqBJNBShfbII21g Aum4mRFujR8w80VnlvL0KYr1K8+FJNcejbt1bX6PPdPGnriWlicSElvtP4zoJtnirkEV G0UhYSJF8D149U0JhOMBV/M9rsCHdUZMlQXFdRpYLpAl0OM8hlKSnBjii9rOWgP/7RHc 64rORiIU7WchZSzGG0oiP3tOJJz7z85kXdyNT0MDEoJM6meajWwVgYE9QWW8uT19qaiE fUmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167701; x=1767772501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=cHkjRYeMrVueMgdXyrlSIgr+7LHXK8cnft2KQhjUOZ0=; b=Q6DggCnAm+Vpw44rnUkW1jEh2YYhXcoNxruv4cJPpBUSd8hjCZur0LcQpD62ttdBoH toQuniqcFNqfwZc/r1Z1dd8lJDUxE1+n2HqCL9AHkal4pNAafNIXyHZtul4a8IUMc0Qr bvDzjtBGzNRrDL+jbG51U8RiyaBH3xVDIJD0kuZQpfd7QGbvej58NzfnC8EbSZLkMRZf CCmda01Jo8UAS8pRzZV6JkQn4uvk0UOp5m/wkJROvZLqUsUTyK+nhYooBGSB3BXzVaWa MYQdLD7kn450GgnMVAqS915gNwUkKbDK46DzSYyMXfaXHBCoi7ZAtSx+SLXgSM5u1veR drVg== X-Gm-Message-State: AOJu0Ywn0F5mEauPEQ99vLMfjroci5aOmXIS6OYQAc73ZBaaprpID+5D br+cZ9reqdBMlWU1YFuHWXBtfIxDeFhaLMgLiZqxgmWFZgouOWr3MzdIL4cxmw== X-Gm-Gg: AY/fxX5xqcR8pf9Ec4Gl+VLMoFYKA95YI4HN8KFMTNf45gtEMTP0RhAgkyCL2Bl7e9B KXAXvTPHiGa+xVZkMTwUWIR8fbiEso//jGUIHzMWt/awsZPitpJp1puTdwA/+M+5fFU7hU2twaU n2qi/2IN8qo+Lz0vLluUTsTn48wa1WYuaGzaiXw7gYkGfC9wwsJ6riPXhfi4MejmHiW7MXVBbdR XBSgqEeHzkHH1hnB4Q4y8rLIXhwmyniKm+HCZmB8zVjc6vEDGyN9/odwvPYVknnIf9gN+HxgpTd 15RFQxahYJJSwInJWQr0gKezRXhEcekxL4niTWnuK5Hr81WlvklBjnt8vmI5aqWdc8jC//uE1Yh fnixqTvLyUe2z0b+ulUf5CU38+mu+MXsgquIuATysDzUi8EDSWtTSLMlb4mYlIF227YBOqgoklU eVUJz6z3Rizr5zvQke0nA= X-Google-Smtp-Source: AGHT+IEIkqWrr/W0uD6mY3levIuYPyK5r9eISCYFqzEzM67Jv6TWKh5OJkKSTws+WPLWM9sai1fSDA== X-Received: by 2002:a05:600c:3b1f:b0:477:9b4a:a82 with SMTP id 5b1f17b1804b1-47d36c75e0cmr291123795e9.35.1767167700859; Tue, 30 Dec 2025 23:55:00 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.55.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:55:00 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 31/34] python3-python-multipart: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:33 +0100 Message-ID: <20251231075436.771395-31-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123071 The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< Signed-off-by: Gyorgy Sarvari --- .../recipes-devtools/python/python3-python-multipart_0.0.21.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-python-multipart_0.0.21.bb b/meta-python/recipes-devtools/python/python3-python-multipart_0.0.21.bb index 29054f47a7..6fc2b69f7e 100644 --- a/meta-python/recipes-devtools/python/python3-python-multipart_0.0.21.bb +++ b/meta-python/recipes-devtools/python/python3-python-multipart_0.0.21.bb @@ -8,6 +8,7 @@ inherit pypi python_hatchling ptest-python-pytest PYPI_PACKAGE = "python_multipart" UPSTREAM_CHECK_PYPI_PACKAGE = "${PYPI_PACKAGE}" +CVE_PRODUCT = "python-multipart" RDEPENDS:${PN}-ptest += " \ python3-pyyaml \ From patchwork Wed Dec 31 07:54:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77816 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BC29EE57F5 for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81817.1767167703375255261 for ; Tue, 30 Dec 2025 23:55:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JJH298FP; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-47d5e021a53so7209415e9.3 for ; Tue, 30 Dec 2025 23:55:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167702; x=1767772502; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=X6LeuWyD5uG7m89jFnFyq4q5xPKOJdEPt7pvnF4jAsg=; b=JJH298FPk1YmaPT7282wG6/FIqenaxOgjadG9PQ4CczRJXwGtqw+f4LJibikZtEmZY vxF8OAKDCVkqN0hkZUkvynlG6gUWUF+Wa4xvBhOHh00PtGU/pK+6s8KmP4zSxiedSSvB +IWQU64cmI4B2hedISKL0JW1cTEXvZGhxavk0HXhZBjsrGLQraQVqZLZTaTNeGdbrat9 tzuOVRh5f+K1e3ZaKP9j6h02wVQyYNB27jgsNROFrML0YsKPaqqF1rDbHiNVuihrt+Ye KIULyt1JwM4HRuXuJPK6lmcGsnwuOH6IEO8gMNrIRxQgcGGmTkGKrgNukdUHEYntIVg8 Tqfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167702; x=1767772502; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=X6LeuWyD5uG7m89jFnFyq4q5xPKOJdEPt7pvnF4jAsg=; b=Kr0ahwTT2hh2cG6BFfCX0ruYAfDCF1YXW2zCHYGIhPa27tEe+j1io3FSQ+ln8tQIBF RC9ldCFy+CCWKD278zsO2wbMjAqP5e4OG9BXMgtIxzvpLbRIMJyKhGXN1aAQQtuxJ4Ea nWuIocCdVzuQf4VMecAcBBEL/7gIppm1Xb3KC1EFmH3QSAcZgIAJJZn+STb4Fzfx3ko3 uGKYIfv+CvD4Y5hVi31i3nsvSDoa4efGf5gdWkUfsFH1qRxIJzTyY4i6pTazoGPEQHdL Kl1rpqzs3r4GDHy6WaW3Q7uxzyeKDyM2vTI/SZec8ZAVVPWi8QLeBfAcrv/yHUAGdjPK mN2g== X-Gm-Message-State: AOJu0YzOP3Cz5kE3AB/ELrL0CLCwsUk/jz2jDKlNXLQtX6EB8ULGoC4g tiVDnaloZHpaqsB3xPmVXUHr56kx02S9t2ymnJs622aEERpeiJEyxYT86iyHxQ== X-Gm-Gg: AY/fxX5IO4lxjjYMVBIAoU3jUnF8pLBJbmEpFWnl+CASJX5T+I+pHIo5Vy9UDXWK5G9 KO0ynD+yRK38Kbjyrn3L1VCbLdWqOgbypCsIdwI+CZHJuFW70ojaN98atHp8TJdru3r9NXu8Dap NR+pLXvj1Fr0uCoQrzYO5UZEeIWNJymp8e3TIy819tDA9A2ULNTrB7f89rvBYOPWCu1VqPCSRqO rIpreothlbZQUapeEX5XCxlOEjoiTvhVZmO8LvwHRz6lGjg89lD3gCMN3nO1N1aJGxa6ZjAq5B4 GT2qukUNZLUXbHxhz0MSuntg6dHYkQJzAIlGFWKDtPKGe+xS3Rk8rAilxuiBmuIkp6A5torbuQb OVRQQq1afKZlQXfsTRzHf5HVJnTKGkAutE+zd2grKFa7Tu+E+b6/gvIcRlAy6ezmAIpcE2yPKiQ anj8RQn0Af X-Google-Smtp-Source: AGHT+IGznXgegbEic68vKM8jRZnOdDCZR6CzosqixGscPVwT09sv1PBry4MJns3blJvhlhC0gPggdQ== X-Received: by 2002:a05:600c:4506:b0:477:9392:8557 with SMTP id 5b1f17b1804b1-47d1957711fmr399437185e9.18.1767167701696; Tue, 30 Dec 2025 23:55:01 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.55.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:55:01 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 32/34] python3-orjson: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:34 +0100 Message-ID: <20251231075436.771395-32-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123072 The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb b/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb index 7db76c9415..2209569aca 100644 --- a/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb +++ b/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=b377b220f43d747efdec40d69fcaa69d" SRC_URI[sha256sum] = "28eeae6a15243966962b658dfcf7bae9e7bb1f3260dfcf0370dbd41f5ff6058b" +CVE_PRODUCT = "orjson" + require ${BPN}-crates.inc inherit pypi python_maturin cargo-update-recipe-crates From patchwork Wed Dec 31 07:54:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77815 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23707EE57E9 for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81887.1767167705169844264 for ; Tue, 30 Dec 2025 23:55:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=eaMonwC1; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4779cb0a33fso108776055e9.0 for ; Tue, 30 Dec 2025 23:55:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167703; x=1767772503; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=c4GF0QimqlrkO4lMESzaGF74vi3kLN8bqI0Ae4bKoII=; b=eaMonwC1gVQwsCGcCPvOFWSiZ6qsp8wRSq0X1ejiHOKrA2NYXdz4gRhbYVlZegES+I X2y/JY2dtgLqxtHdG2J1TXddxWUPY65NqTs07p5XIZQOuyQBNRCoEOlaDj9yRBFoiZim XCAKBxdILrdLCWXYy1ylbC3Ggpd4oeX9AIXZnEMy4Ko9iryv6ZEfw71ToSfY0wEzwEcV UZmRuoRLY6kI5Su/d7vhWbRmyu2+pugeUzXwoXzauIZqch9obLJ9Nv3BNPH7lnCZDHKt L8q7TqJYBV6QeQ4HDvfljARzW0XgYjiYX1tMKXyk0+GZK02Zv/JDkFFAeFLGX2vljNix xPxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167703; x=1767772503; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=c4GF0QimqlrkO4lMESzaGF74vi3kLN8bqI0Ae4bKoII=; b=pJziRhdbu4L4lYczgtXGlIa4hQOt6OpVENiozz3sNJTlvBapzmIkQH4sqs9RYOVlxk euShxDkGH0iQmjujS4Pvbb7YhlAPSvXiZNn4w+HpeTYkcoomxr4qb8ktwSl2OtkDVROH JOLzsTRTSNiEcrepOk4Zd1mEXk13uJDGz2Hi/5xn2GnZq+9aZ+SvyMML8fm9gdTUfBb1 v4jctTh6Kn+w9NFWOSYei4tOdDxOdFScDFyLqsXGhsT5LkTr//gEDL5tSmX7slBnWqpn hdER+/+TfNZs2icLUATj4a6JOSb7RHlDOol8HYbHBNM6cHbIWYA7sYk9icqdF/lqqnQg Yy4g== X-Gm-Message-State: AOJu0YxdvU80Bu0a02fPO2seEkhpQsLhmE6PKuhXhqFmbmBs1OmjGfJ7 RCu4FD0YvrLVLMLc/P/HQ0LekLX+1tObPalu1nNuoo55IxSi8qv6HpPvikW/9A== X-Gm-Gg: AY/fxX6CjdE/cRUKTL8ftZLicMhh/hf61+3wZ84iM9RVXgGKbBuFsk4O8ZcuZ6abir4 TI0EbA4lXrG0efG/tKgN4KA/uPqiIkejHucnapoVUxjHsTJ9WEMMXO3PCjVhD/xGZo1xFaGbjUo I188NxA2V8+oQq9Av5gJnICXkERJaTQj1HDTP8xMHw9uDeF3ZJYCOO+LrxB1b512BH42tw3P2Hm 6Gr3A11NKnzCchrAzuQShu1mA00KsGay22qQW10V/v8i/lf70bsc8VQ1Xhao6O9OaN7B7DTyPu0 rrywaLLQX9ptmcjR9DOnHi6+gBxOM/uWHaks2RHBI5mAxgl/nLorSSfd9DURoOMYf9yoet39egt +AL9Nd6M4hft0tStf5zYxqGm1IAYF4SDyTBWOwI2ttXd0fi8Od+AhabRggqneJQYOH8Pq0UpLOr WmHt8ceeoq X-Google-Smtp-Source: AGHT+IHGBTH3a4cWwkOfmQ17ooABH54G4OU+OYuUNNgaJpsqVxaiOlJYCgkkMWcePDHENREvEZrIgQ== X-Received: by 2002:a05:600c:3111:b0:477:b642:9dc6 with SMTP id 5b1f17b1804b1-47d195aa79cmr402463275e9.34.1767167703539; Tue, 30 Dec 2025 23:55:03 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.55.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:55:03 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 33/34] python3-pymongo: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:35 +0100 Message-ID: <20251231075436.771395-33-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123073 The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0 Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pymongo_4.15.5.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pymongo_4.15.5.bb b/meta-python/recipes-devtools/python/python3-pymongo_4.15.5.bb index 916fd0f1d9..80f07e4425 100644 --- a/meta-python/recipes-devtools/python/python3-pymongo_4.15.5.bb +++ b/meta-python/recipes-devtools/python/python3-pymongo_4.15.5.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI[sha256sum] = "3a8d6bf2610abe0c97c567cf98bf5bba3e90ccc93cc03c9dde75fa11e4267b42" +CVE_PRODUCT = "pymongo" + inherit pypi python_hatchling PACKAGES =+ "python3-bson" From patchwork Wed Dec 31 07:54:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 77812 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DA45EE57E2 for ; Wed, 31 Dec 2025 07:55:10 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.81819.1767167705957985515 for ; Tue, 30 Dec 2025 23:55:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KOS/5sW9; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4779adb38d3so69212545e9.2 for ; Tue, 30 Dec 2025 23:55:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767167704; x=1767772504; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RVeOkXKhl5afL/H9Uq2yulWuZzjJjIEPXOeFi3BA42A=; b=KOS/5sW9ZBp8+UQIlRP4xmLpTJ2r2fg21KC5MuII9RgzyM3H2ayE2YFluk5Qwht12h 2H89XuSuf7gxvYynxRDdiZSceMm1+gTMwEe9OsHb6UPILIQ2W5UMcJOC6FIrUzvocY5G 6vBc4hYlD2i9eLvcEeAcmccn03vpd+U76w7pQf5/CTMYkAOsDtHZ0qUhjNXPbdWRimWf pxQBgXfTdrUlF7RA7V3KqBBR6kKuGjaaND4BAzuPj7PUKEtMayE+4vL3Hf7to7C7awy3 WntQsBPd/FH0H94dAft5qs1HnuAqXYZ5lugRiBem6pUmuvyPHKwkQzRNWINK7IxYF4MR Ofyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767167704; x=1767772504; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RVeOkXKhl5afL/H9Uq2yulWuZzjJjIEPXOeFi3BA42A=; b=hE+kNQWSj4n4b8l3F+9ci7KpJUpivcn43BcopBUOhtKD0kSMFdgCNRql9jSf6Kfw0u cNeKo6m2b16B6udndL+srr+B5vh5V/rzMI3KQvLqedyrMR+PNPCAy2m+ExKBHSrmkEbt pLqOkG3dUJXxLKWr4DFk5eYGL673AXw0Vl27nstZjdsYVjTzUZisk4w0jzQdir3ctoL/ Yda0+i0rnF6RzCP4YppSMnRqT5/XuugcPaDxI4wgnlfIquZ/uaSeWljNnq0hqQZVy+dm Bx6ZjtMd1WZ4HHZDTCNk2NB3P+7UZF8b6k/kFbLwQ3lIT0m9lpT6v1A2e8sa1O/Z6o+y Fkmw== X-Gm-Message-State: AOJu0YxR1W/C7dBhBN+8K6tJLKTTggNybyyclflH7Z5FLQrltmNoTL17 BNVjmZrvFBZuXEmrQDkW39ag1GKSqVweSQu9THE9C0vUJBcloDPMi2xMxm5gMQ== X-Gm-Gg: AY/fxX4/ekHuv7XjlZYXgsNjFonwuyxnTsWjPdItsn9zfK9SagWoe9VLPCjph5FcqE7 L5asZMcZg4vclBORGjJGgDxYDLfCe6tg5BahAKkcQ6EeKUUizqzcz983GbCd5vBfRLTYFiuRh6Z 43EGInWycb9Rx404xgqfJL7g/zFfGDWNU/H7aBMhWQCzwZJ7l1bdZOeaM5EylyyuYHxkmfmviw4 pKvMvlbAaUGxqJXJBYxtlTk4vC/C5zCyxLjUhgw8relN2cS6byx105t/HGXZeGMmY2dU3N/x6y6 20KIOa2DXk3vgX2rBDNFKXXPEhEJDhv0h4HYe6s/VNx1oxwRtHpEsHgUfKAtTTbnai+E4qM/xY8 rxy0iRFPxE8geSH3e937oUOAq0jgBj5Ug8i46H4GdiUxR190wsmhg0aX+K0dmjVFVj0j0a0TwYE KT2va9+O3k X-Google-Smtp-Source: AGHT+IGkcC0jYSgSZxqk5PQVfrIMn/UEZprT/cY901jfEzFgU8cl0oeStexZiPWfr/7iV+hfUkEa3A== X-Received: by 2002:a05:600c:5251:b0:477:8a29:582c with SMTP id 5b1f17b1804b1-47d195a425bmr424488815e9.34.1767167704330; Tue, 30 Dec 2025 23:55:04 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be273f147sm700559825e9.7.2025.12.30.23.55.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Dec 2025 23:55:03 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH 34/34] python3-scapy: set CVE_PRODUCT Date: Wed, 31 Dec 2025 08:54:36 +0100 Message-ID: <20251231075436.771395-34-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251231075436.771395-1-skandigraun@gmail.com> References: <20251231075436.771395-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 31 Dec 2025 07:55:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123074 The default ${PN} (python3-scapy) CVE fails to match relevant CVEs, because they are tracked under the scapy:scapy CPE. Set CVE_PRODUCT to the correct value. See CVE db query: sqlite> select * from products where product like '%scapy%'; CVE-2019-1010142|scapy|scapy|2.4.0|=|| Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-devtools/python/python3-scapy_2.6.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-devtools/python/python3-scapy_2.6.1.bb b/meta-networking/recipes-devtools/python/python3-scapy_2.6.1.bb index faafeecfaf..678aec0135 100644 --- a/meta-networking/recipes-devtools/python/python3-scapy_2.6.1.bb +++ b/meta-networking/recipes-devtools/python/python3-scapy_2.6.1.bb @@ -23,6 +23,8 @@ SRC_URI = "git://github.com/secdev/scapy.git;branch=master;protocol=https;tag=v$ UPSTREAM_CHECK_COMMITS = "1" +CVE_PRODUCT = "scapy" + inherit python_setuptools_build_meta ptest do_install:append() {