From patchwork Tue Oct 6 13:42:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377442 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jb81sFrz9sTL for ; Wed, 7 Oct 2020 00:43:48 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id A28CC204E4; Tue, 6 Oct 2020 13:43:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mV9t8B8Xtbpa; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 2E61120500; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id D008C1BF3E9 for ; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C5BDC203B8 for ; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdPJLoqd87KT for ; Tue, 6 Oct 2020 13:43:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by silver.osuosl.org (Postfix) with ESMTPS id C31F51FEDF for ; Tue, 6 Oct 2020 13:43:25 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 155461BF207; Tue, 6 Oct 2020 13:43:21 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:34 +0200 Message-Id: <20201006134250.22738-2-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 01/17] cpe-info: new make target X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber Similar to make legal-info, produce a csv delimited file containing all selected packages CPE identification. By default, support the pkg infra defining a set of CPE_ID_* defaults using the package name for the vendor and name as most CPE IDs seem to align with that assumption. Plus initially, use the pkg version as the CPE ID's version field. Signed-off-by: Matthew Weber --- Makefile | 17 ++++++++++++++++- package/pkg-generic.mk | 13 +++++++++++++ package/pkg-utils.mk | 8 ++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9648fa58d8..9b788cf937 100644 --- a/Makefile +++ b/Makefile @@ -141,7 +141,7 @@ nobuild_targets := source %-source \ clean distclean help show-targets graph-depends \ %-graph-depends %-show-depends %-show-version \ graph-build graph-size list-defconfigs \ - savedefconfig update-defconfig printvars + savedefconfig update-defconfig printvars cpe-info %-cpe-info ifeq ($(MAKECMDGOALS),) BR_BUILDING = y else ifneq ($(filter-out $(nobuild_targets),$(MAKECMDGOALS)),) @@ -228,6 +228,7 @@ LEGAL_MANIFEST_CSV_TARGET = $(LEGAL_INFO_DIR)/manifest.csv LEGAL_MANIFEST_CSV_HOST = $(LEGAL_INFO_DIR)/host-manifest.csv LEGAL_WARNINGS = $(LEGAL_INFO_DIR)/.warnings LEGAL_REPORT = $(LEGAL_INFO_DIR)/README +CPE_MANIFEST_CSV = $(BASE_DIR)/cpe-manifest.csv BR2_CONFIG = $(CONFIG_DIR)/.config @@ -873,6 +874,19 @@ legal-info: legal-info-clean legal-info-prepare $(foreach p,$(PACKAGES),$(p)-all mv .legal-info.sha256 legal-info.sha256) @echo "Legal info produced in $(LEGAL_INFO_DIR)" +.PHONY: cpe-info-clean +cpe-info-clean: + @rm -f $(CPE_MANIFEST_CSV) + +.PHONY: cpe-info-prepare +cpe-info-prepare: + @$(call MESSAGE,"Gathering CPE info") + @$(call cpe-manifest,CPE ID,CVE PATCHED,PACKAGE,VERSION,SOURCE SITE) + +.PHONY: cpe-info +cpe-info: cpe-info-clean cpe-info-prepare $(foreach p,$(PACKAGES),$(p)-cpe-info) + @echo "CPE info produced in $(CPE_MANIFEST_CSV)" + .PHONY: show-targets show-targets: @echo $(sort $(PACKAGES)) $(sort $(TARGETS_ROOTFS)) @@ -1154,6 +1168,7 @@ help: @echo ' legal-info - generate info about license compliance' @echo ' show-info - generate info about packages, as a JSON blurb' @echo ' printvars - dump internal variables selected with VARS=...' + @echo ' cpe-info - generate info about security CPE identification' @echo @echo ' make V=0|1 - 0 => quiet build (default), 1 => verbose build' @echo ' make O=dir - Locate all output files in "dir", including .config' diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 54de03da03..01df3a3a4f 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -970,6 +970,18 @@ else $(2)_KCONFIG_VAR = BR2_PACKAGE_$(2) endif +$(2)_CPE_ID_VENDOR ?= $$($(2)_NAME)_project +$(2)_CPE_ID_NAME ?= $$($(2)_NAME) +$(2)_CPE_ID_VERSION ?= $$($(2)_VERSION) +$(2)_CPE_ID ?= $$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION) + +$(1)-cpe-info: PKG=$(2) +$(1)-cpe-info: +ifneq ($$(call qstrip,$$($(2)_SOURCE)),) + @$$(call MESSAGE,"Collecting cpe info") + $(Q)$$(call cpe-manifest,$$($(2)_CPE_ID),$$($(2)_RAWNAME),$$($(2)_VERSION),$$($(2)_ACTUAL_SOURCE_SITE)) +endif # ifneq ($$(call qstrip,$$($(2)_SOURCE)),) + # legal-info: declare dependencies and set values used later for the manifest ifneq ($$($(2)_LICENSE_FILES),) $(2)_MANIFEST_LICENSE_FILES = $$($(2)_LICENSE_FILES) @@ -1121,6 +1133,7 @@ DL_TOOLS_DEPENDENCIES += $$(call extractor-system-dependency,$$($(2)_SOURCE)) $(1)-clean-for-reconfigure \ $(1)-clean-for-reinstall \ $(1)-configure \ + $(1)-cpe-info \ $(1)-depends \ $(1)-dirclean \ $(1)-external-deps \ diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk index 4fcb076e21..f1d085ece1 100644 --- a/package/pkg-utils.mk +++ b/package/pkg-utils.mk @@ -228,3 +228,11 @@ legal-deps = \ $(filter-out $(if $(1:host-%=),host-%),\ $(call non-virtual-deps,\ $($(call UPPERCASE,$(1))_FINAL_RECURSIVE_DEPENDENCIES))),$(p) [$($(call UPPERCASE,$(p))_LICENSE)]) + +# +# cpe-info helper functions +# + +define cpe-manifest # cpe, pkg name, version, url + echo '"$(1)","$(2)","$(3)","$(4)"' >>$(CPE_MANIFEST_CSV) +endef From patchwork Tue Oct 6 13:42:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377437 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JZx1zqnz9sTq for ; Wed, 7 Oct 2020 00:43:37 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 941F185CD0; Tue, 6 Oct 2020 13:43:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hz3erIyKLpcE; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 466DD85040; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 7D48E1BF3E9 for ; Tue, 6 Oct 2020 13:43:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 771618249B for ; Tue, 6 Oct 2020 13:43:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CNanGeiBG86m for ; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by fraxinus.osuosl.org (Postfix) with ESMTPS id B63C08502C for ; Tue, 6 Oct 2020 13:43:26 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id E52ADFF808; Tue, 6 Oct 2020 13:43:22 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:35 +0200 Message-Id: <20201006134250.22738-3-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 02/17] cpe-info: id prefix/suffix X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber There are two types of software CPE prefixes applicable for software, one for applications and one for operating systems. Note: The third type is for hardware. This patchset determines which should be used and stores that information with the package for later use when assembling the CPE report. Refs: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf https://cpe.mitre.org/specification/ Signed-off-by: Matthew Weber --- package/Makefile.in | 4 ++++ package/pkg-generic.mk | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/package/Makefile.in b/package/Makefile.in index 51f5cbce4f..c6a21276a2 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -373,6 +373,10 @@ TARGET_CONFIGURE_ARGS = \ ################################################################################ +CPE_PREFIX_OS = cpe:2.3:o +CPE_PREFIX_APP = cpe:2.3:a +CPE_SUFFIX = *:*:*:*:*:*:* + ifeq ($(BR2_SYSTEM_ENABLE_NLS),y) NLS_OPTS = --enable-nls TARGET_NLS_DEPENDENCIES = host-gettext diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 01df3a3a4f..63bd8720eb 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -975,11 +975,17 @@ $(2)_CPE_ID_NAME ?= $$($(2)_NAME) $(2)_CPE_ID_VERSION ?= $$($(2)_VERSION) $(2)_CPE_ID ?= $$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION) +ifneq ($(filter linux linux-headers,$(1)),) +$(2)_CPE_PREFIX = $(CPE_PREFIX_OS) +else +$(2)_CPE_PREFIX = $(CPE_PREFIX_APP) +endif + $(1)-cpe-info: PKG=$(2) $(1)-cpe-info: ifneq ($$(call qstrip,$$($(2)_SOURCE)),) @$$(call MESSAGE,"Collecting cpe info") - $(Q)$$(call cpe-manifest,$$($(2)_CPE_ID),$$($(2)_RAWNAME),$$($(2)_VERSION),$$($(2)_ACTUAL_SOURCE_SITE)) + $(Q)$$(call cpe-manifest,$$($(2)_CPE_PREFIX):$$($(2)_CPE_ID):$(CPE_SUFFIX),$$($(2)_RAWNAME),$$($(2)_VERSION),$$($(2)_ACTUAL_SOURCE_SITE)) endif # ifneq ($$(call qstrip,$$($(2)_SOURCE)),) # legal-info: declare dependencies and set values used later for the manifest From patchwork Tue Oct 6 13:42:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377438 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JZx10GLz9sTm for ; Wed, 7 Oct 2020 00:43:36 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 00BF0203B8; Tue, 6 Oct 2020 13:43:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQntcUmvCrDe; Tue, 6 Oct 2020 13:43:31 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id EFDC5204C8; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 9B3C91BF3E9 for ; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 985D281FAA for ; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f50Iygl5AV4c for ; Tue, 6 Oct 2020 13:43:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by whitealder.osuosl.org (Postfix) with ESMTPS id B120E838CD for ; Tue, 6 Oct 2020 13:43:25 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 9A0501BF212; Tue, 6 Oct 2020 13:43:23 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:36 +0200 Message-Id: <20201006134250.22738-4-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 03/17] cpe-info: only report target pkgs X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber The reporting of host packages causes some duplication and complicates what is really in the targets configuration. For the purpose of the first version of this patchset, its assumed that host packages aren't relevant for the configuration and we only report the target's contents. Signed-off-by: Matthew Weber --- package/pkg-generic.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 63bd8720eb..1372dc6e4d 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -983,10 +983,12 @@ endif $(1)-cpe-info: PKG=$(2) $(1)-cpe-info: +ifeq ($$($(2)_TYPE),target) ifneq ($$(call qstrip,$$($(2)_SOURCE)),) @$$(call MESSAGE,"Collecting cpe info") $(Q)$$(call cpe-manifest,$$($(2)_CPE_PREFIX):$$($(2)_CPE_ID):$(CPE_SUFFIX),$$($(2)_RAWNAME),$$($(2)_VERSION),$$($(2)_ACTUAL_SOURCE_SITE)) endif # ifneq ($$(call qstrip,$$($(2)_SOURCE)),) +endif # ifeq ($$($(2)_TYPE),target) # legal-info: declare dependencies and set values used later for the manifest ifneq ($$($(2)_LICENSE_FILES),) From patchwork Tue Oct 6 13:42:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377439 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jb23CtYz9sTc for ; Wed, 7 Oct 2020 00:43:42 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A79EA86658; Tue, 6 Oct 2020 13:43:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SvlgY6U6X0X; Tue, 6 Oct 2020 13:43:36 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 34F95856B7; Tue, 6 Oct 2020 13:43:34 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 31A8D1BF3E9 for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 2E8B91FEDF for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIAqyWCiz9oC for ; Tue, 6 Oct 2020 13:43:28 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by silver.osuosl.org (Postfix) with ESMTPS id 53DFA203B8 for ; Tue, 6 Oct 2020 13:43:28 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id 2B065FF804; Tue, 6 Oct 2020 13:43:24 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:37 +0200 Message-Id: <20201006134250.22738-5-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 04/17] cpe-info: cpe minor version support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber Minor version are used to allow -rc, - and other variants of representing a sub release in the CPE dictionary. Signed-off-by: Matthew Weber --- package/Makefile.in | 2 +- package/pkg-generic.mk | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/package/Makefile.in b/package/Makefile.in index c6a21276a2..f66f7041ee 100644 --- a/package/Makefile.in +++ b/package/Makefile.in @@ -375,7 +375,7 @@ TARGET_CONFIGURE_ARGS = \ CPE_PREFIX_OS = cpe:2.3:o CPE_PREFIX_APP = cpe:2.3:a -CPE_SUFFIX = *:*:*:*:*:*:* +CPE_SUFFIX = *:*:*:*:*:* ifeq ($(BR2_SYSTEM_ENABLE_NLS),y) NLS_OPTS = --enable-nls diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 1372dc6e4d..489918b1eb 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -973,7 +973,8 @@ endif $(2)_CPE_ID_VENDOR ?= $$($(2)_NAME)_project $(2)_CPE_ID_NAME ?= $$($(2)_NAME) $(2)_CPE_ID_VERSION ?= $$($(2)_VERSION) -$(2)_CPE_ID ?= $$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION) +$(2)_CPE_ID_VERSION_MINOR ?= * +$(2)_CPE_ID ?= $$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION):$$($(2)_CPE_ID_VERSION_MINOR) ifneq ($(filter linux linux-headers,$(1)),) $(2)_CPE_PREFIX = $(CPE_PREFIX_OS) From patchwork Tue Oct 6 13:42:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377440 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jb2272Qz9sTL for ; Wed, 7 Oct 2020 00:43:42 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 6B4B987022; Tue, 6 Oct 2020 13:43:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzbkBJrr4e4P; Tue, 6 Oct 2020 13:43:36 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 2010786F6E; Tue, 6 Oct 2020 13:43:36 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 361581BF3E9 for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 2E5F085040 for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unND0uMaqFfL for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by whitealder.osuosl.org (Postfix) with ESMTPS id 85C0881FAA for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 1EB5BE000D; Tue, 6 Oct 2020 13:43:24 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:38 +0200 Message-Id: <20201006134250.22738-6-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 05/17] toolchain/toolchain-ext: glibc cpe-info support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Shruthi Singh , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Shruthi Singh This commit adds the correct CPE string for glibc, describing CPE ID, VERSION, PACKAGE NAME and URL. Signed-off-by: Shruthi Singh shruthi.singh@rockwellcollins.com Signed-off-by: Matthew Weber --- package/pkg-generic.mk | 14 ++++++++++++++ .../toolchain-external/pkg-toolchain-external.mk | 7 +++++++ 2 files changed, 21 insertions(+) diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 489918b1eb..dba03a8119 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -983,8 +983,22 @@ $(2)_CPE_PREFIX = $(CPE_PREFIX_APP) endif $(1)-cpe-info: PKG=$(2) +ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y) +$(1)-cpe-info: toolchain +endif $(1)-cpe-info: ifeq ($$($(2)_TYPE),target) +ifneq ($$($(2)_NAME),toolchain-external) +ifneq ($(findstring TOOLCHAIN_EXTERNAL, $(2)),) +ifeq ($(BR2_TOOLCHAIN_EXTERNAL_GLIBC),y) + $$(eval $(2)_VERSION = $$(shell $$(call TOOLCHAIN_CPE_INFO))) + $$(eval $(2)_CPE_ID_VENDOR = gnu) + $$(eval $(2)_CPE_ID_NAME = glibc) + $$(eval $(2)_ACTUAL_SOURCE_SITE = https://github.com/bminor/glibc/releases) + $$(eval $(2)_RAWNAME = glibc) +endif # ifeq ($(BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC),y) +endif # ifneq ($(findstring TOOLCHAIN_EXTERNAL, $(2)),) +endif # ifneq ($$($(2)_NAME),toolchain-external) ifneq ($$(call qstrip,$$($(2)_SOURCE)),) @$$(call MESSAGE,"Collecting cpe info") $(Q)$$(call cpe-manifest,$$($(2)_CPE_PREFIX):$$($(2)_CPE_ID):$(CPE_SUFFIX),$$($(2)_RAWNAME),$$($(2)_VERSION),$$($(2)_ACTUAL_SOURCE_SITE)) diff --git a/toolchain/toolchain-external/pkg-toolchain-external.mk b/toolchain/toolchain-external/pkg-toolchain-external.mk index 6d91cb5d1e..14065345d7 100644 --- a/toolchain/toolchain-external/pkg-toolchain-external.mk +++ b/toolchain/toolchain-external/pkg-toolchain-external.mk @@ -453,6 +453,13 @@ define TOOLCHAIN_EXTERNAL_INSTALL_SYSROOT_LIBS $(call copy_toolchain_sysroot,$${SYSROOT_DIR},$${ARCH_SYSROOT_DIR},$${ARCH_SUBDIR},$${ARCH_LIB_DIR},$${SUPPORT_LIB_DIR}) endef +define TOOLCHAIN_CPE_INFO + ARCH_SYSROOT_DIR="$(call toolchain_find_sysroot,$(TOOLCHAIN_EXTERNAL_CC) $(TOOLCHAIN_EXTERNAL_CFLAGS))" ; \ + MAJ=`awk '{ if ($$1 = /#define/ && ($$2= /__GLIBC__/)){printf $$3};}' $${ARCH_SYSROOT_DIR}/usr/include/features.h` ; \ + MIN=`awk '{ if ($$1 = /#define/ && ($$2 = /_GLIBC_MINOR/)){printf $$3};}' $${ARCH_SYSROOT_DIR}/usr/include/features.h` ; \ + echo $${MAJ}.$${MIN} +endef + # Create a symlink from (usr/)$(ARCH_LIB_DIR) to lib. # Note: the skeleton package additionally creates lib32->lib or lib64->lib # (as appropriate) From patchwork Tue Oct 6 13:42:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377441 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jb82PSwz9sTc for ; Wed, 7 Oct 2020 00:43:48 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8F6C787037; Tue, 6 Oct 2020 13:43:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGo3wU2sopuh; Tue, 6 Oct 2020 13:43:40 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 3C59486FEF; Tue, 6 Oct 2020 13:43:37 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 846531BF3E9 for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8047086EC0 for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cJKg+NCDhO4 for ; Tue, 6 Oct 2020 13:43:31 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay12.mail.gandi.net (relay12.mail.gandi.net [217.70.178.232]) by hemlock.osuosl.org (Postfix) with ESMTPS id D15FA86F13 for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay12.mail.gandi.net (Postfix) with ESMTPSA id 64ACB200014; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:39 +0200 Message-Id: <20201006134250.22738-7-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 06/17] cpe-info: update manual for new pkg vars X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber Provide guidance on setting up the *_CPE_* and *_CVE_* variables. Signed-off-by: Matthew Weber --- docs/manual/adding-packages-generic.txt | 111 +++++++++++++++--------- 1 file changed, 68 insertions(+), 43 deletions(-) diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt index b8bfcb4aff..94b2313600 100644 --- a/docs/manual/adding-packages-generic.txt +++ b/docs/manual/adding-packages-generic.txt @@ -24,57 +24,59 @@ system is based on hand-written Makefiles or shell scripts. 09: LIBFOO_SITE = http://www.foosoftware.org/download 10: LIBFOO_LICENSE = GPL-3.0+ 11: LIBFOO_LICENSE_FILES = COPYING -12: LIBFOO_INSTALL_STAGING = YES -13: LIBFOO_CONFIG_SCRIPTS = libfoo-config -14: LIBFOO_DEPENDENCIES = host-libaaa libbbb -15: -16: define LIBFOO_BUILD_CMDS -17: $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) all -18: endef -19: -20: define LIBFOO_INSTALL_STAGING_CMDS -21: $(INSTALL) -D -m 0755 $(@D)/libfoo.a $(STAGING_DIR)/usr/lib/libfoo.a -22: $(INSTALL) -D -m 0644 $(@D)/foo.h $(STAGING_DIR)/usr/include/foo.h -23: $(INSTALL) -D -m 0755 $(@D)/libfoo.so* $(STAGING_DIR)/usr/lib -24: endef -25: -26: define LIBFOO_INSTALL_TARGET_CMDS -27: $(INSTALL) -D -m 0755 $(@D)/libfoo.so* $(TARGET_DIR)/usr/lib -28: $(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/foo.d -29: endef -30: -31: define LIBFOO_USERS -32: foo -1 libfoo -1 * - - - LibFoo daemon -33: endef -34: -35: define LIBFOO_DEVICES -36: /dev/foo c 666 0 0 42 0 - - - -37: endef -38: -39: define LIBFOO_PERMISSIONS -40: /bin/foo f 4755 foo libfoo - - - - - -41: endef -42: -43: $(eval $(generic-package)) +12: LIBFOO_CPE_ID_VENDOR = foosoftware +13: LIBFOO_INSTALL_STAGING = YES +14: LIBFOO_CONFIG_SCRIPTS = libfoo-config +15: LIBFOO_DEPENDENCIES = host-libaaa libbbb +16: +17: define LIBFOO_BUILD_CMDS +18: $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) all +19: endef +20: +21: define LIBFOO_INSTALL_STAGING_CMDS +22: $(INSTALL) -D -m 0755 $(@D)/libfoo.a $(STAGING_DIR)/usr/lib/libfoo.a +23: $(INSTALL) -D -m 0644 $(@D)/foo.h $(STAGING_DIR)/usr/include/foo.h +24: $(INSTALL) -D -m 0755 $(@D)/libfoo.so* $(STAGING_DIR)/usr/lib +25: endef +26: +27: define LIBFOO_INSTALL_TARGET_CMDS +28: $(INSTALL) -D -m 0755 $(@D)/libfoo.so* $(TARGET_DIR)/usr/lib +29: $(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/foo.d +30: endef +31: +32: define LIBFOO_USERS +33: foo -1 libfoo -1 * - - - LibFoo daemon +34: endef +35: +36: define LIBFOO_DEVICES +37: /dev/foo c 666 0 0 42 0 - - - +38: endef +39: +40: define LIBFOO_PERMISSIONS +41: /bin/foo f 4755 foo libfoo - - - - - +42: endef +43: +44: $(eval $(generic-package)) -------------------------------- -The Makefile begins on line 7 to 11 with metadata information: the +The Makefile begins on line 7 to 12 with metadata information: the version of the package (+LIBFOO_VERSION+), the name of the tarball containing the package (+LIBFOO_SOURCE+) (xz-ed tarball recommended) the Internet location at which the tarball can be downloaded from -(+LIBFOO_SITE+), the license (+LIBFOO_LICENSE+) and file with the -license text (+LIBFOO_LICENSE_FILES+). All variables must start with +(+LIBFOO_SITE+), the license (+LIBFOO_LICENSE+), the file with the +license text (+LIBFOO_LICENSE_FILES+) and the vendor for vunerability +analysis (+LIBFOO_CPE_ID_VENDOR+). All variables must start with the same prefix, +LIBFOO_+ in this case. This prefix is always the uppercased version of the package name (see below to understand where the package name is defined). -On line 12, we specify that this package wants to install something to +On line 13, we specify that this package wants to install something to the staging space. This is often needed for libraries, since they must install header files and other development files in the staging space. This will ensure that the commands listed in the +LIBFOO_INSTALL_STAGING_CMDS+ variable will be executed. -On line 13, we specify that there is some fixing to be done to some +On line 14, we specify that there is some fixing to be done to some of the 'libfoo-config' files that were installed during +LIBFOO_INSTALL_STAGING_CMDS+ phase. These *-config files are executable shell script files that are @@ -122,14 +124,14 @@ IMAGEMAGICK_CONFIG_SCRIPTS = \ -------------------------------- ================================ -On line 14, we specify the list of dependencies this package relies +On line 15, we specify the list of dependencies this package relies on. These dependencies are listed in terms of lower-case package names, which can be packages for the target (without the +host-+ prefix) or packages for the host (with the +host-+) prefix). Buildroot will ensure that all these packages are built and installed 'before' the current package starts its configuration. -The rest of the Makefile, lines 16..29, defines what should be done +The rest of the Makefile, lines 17..29, defines what should be done at the different steps of the package configuration, compilation and installation. +LIBFOO_BUILD_CMDS+ tells what steps should be performed to @@ -142,16 +144,16 @@ All these steps rely on the +$(@D)+ variable, which contains the directory where the source code of the package has been extracted. -On lines 31..33, we define a user that is used by this package (e.g. +On lines 31..44, we define a user that is used by this package (e.g. to run a daemon as non-root) (+LIBFOO_USERS+). -On line 35..37, we define a device-node file used by this package +On line 36..38, we define a device-node file used by this package (+LIBFOO_DEVICES+). -On line 39..41, we define the permissions to set to specific files +On line 40..42, we define the permissions to set to specific files installed by this package (+LIBFOO_PERMISSIONS+). -Finally, on line 43, we call the +generic-package+ function, which +Finally, on line 44, we call the +generic-package+ function, which generates, according to the variables defined previously, all the Makefile code necessary to make your package working. @@ -502,6 +504,29 @@ LIBFOO_IGNORE_CVES += CVE-2020-12345 LIBFOO_IGNORE_CVES += CVE-2020-54321 ---------------------- +* +LIBFOO_CPE_ID_VENDOR+ + This variable is optional. It only must be defined if the package name + does not match what the CPE ID uses for the vendor. By default it's set + to _project. + +* +LIBFOO_CPE_ID_NAME+ + This variable is optional. It only must be defined if the package name + does not match what the CPE ID uses for the name. By default it's set + to . + +* +LIBFOO_CPE_ID_VERSION+ + This variable is optional. By default it's set to . + +* +LIBFOO_CPE_ID_VERSION_MINOR+ + This variable is optional. By default it's set to *. + +* +LIBFOO_CPE_ID+ is optional, as the package infrastructure hangles the + default case of a single package's Common Product Enumeration (CPE) + identification string. +make cpe-info+ copies all of these into a + +cpe-manifest.csv+ file. To identify a package's possible CPE, + the National Vunerability Database can be searched at + https://nvd.nist.gov/products/cpe/search. + The recommended way to define these variables is to use the following syntax: From patchwork Tue Oct 6 13:42:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377445 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbB4HKGz9sTc for ; Wed, 7 Oct 2020 00:43:50 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 1F58B81FAA; Tue, 6 Oct 2020 13:43:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfnTHCtSifvX; Tue, 6 Oct 2020 13:43:41 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 3F2CE85D5F; Tue, 6 Oct 2020 13:43:40 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id B47711BF3E9 for ; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8B27286F13 for ; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N55cqwAOSLja for ; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by hemlock.osuosl.org (Postfix) with ESMTPS id 17B4B86F7E for ; Tue, 6 Oct 2020 13:43:29 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 054C01BF20C; Tue, 6 Oct 2020 13:43:27 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:40 +0200 Message-Id: <20201006134250.22738-8-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 07/17] support/scripts/cpedb.py: new CPE XML helper X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber Python class which consumes a NIST CPE XML and provides helper functions to access and search the db's data. - Defines the CPE as a object with operations / formats - Processing of CPE dictionary Signed-off-by: Matthew Weber --- support/scripts/cpedb.py | 185 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 support/scripts/cpedb.py diff --git a/support/scripts/cpedb.py b/support/scripts/cpedb.py new file mode 100644 index 0000000000..0369536f6f --- /dev/null +++ b/support/scripts/cpedb.py @@ -0,0 +1,185 @@ +import sys +import urllib2 +from collections import OrderedDict +import xmltodict +import gzip +from StringIO import StringIO +import os +import pickle + +VALID_REFS = ['VENDOR', 'VERSION', 'CHANGE_LOG', 'PRODUCT', 'PROJECT', 'ADVISORY'] + + +class CPE: + cpe_str = None + cpe_str_short = None + cpe_desc = None + cpe_cur_ver = None + titles = {} + references = {} + + def __init__(self, cpe_str, titles=None, refs=None): + self.cpe_str = cpe_str + self.cpe_str_short = ":".join(self.cpe_str.split(":")[:6]) + self.titles = titles + self.references = refs + self.cpe_cur_ver = "".join(self.cpe_str.split(":")[5:6]) + + def to_dict(self, cpe_str): + cpe_short_name = ":".join(cpe_str.split(":")[2:6]) + cpe_new_ver = "".join(cpe_str.split(":")[5:6]) + self.titles[0]['#text'] = self.titles[0]['#text'].replace(self.cpe_cur_ver, cpe_new_ver) + cpe_dict = OrderedDict([ + ('cpe-item', OrderedDict([ + ('@name', 'cpe:/' + cpe_short_name), + ('title', self.titles), + ('references', OrderedDict([('reference', self.references)])), + ('cpe-23:cpe23-item', OrderedDict([ + ('@name', cpe_str) + ])) + ])) + ]) + return cpe_dict + + +class CPEDB: + all_cpes = dict() + all_cpes_no_version = dict() + + def get_xml_dict(self, url): + print("CPE: Setting up NIST dictionary") + # Setup location to save dict and xmls, if it exists, assume we're + # reusing the previous dict + if not os.path.exists("cpe"): + os.makedirs("cpe") + self.get_new_xml_dict(url) + else: + print("CPE: Loading CACHED dictionary") + cpe_file = open('cpe/.all_cpes.pkl', 'rb') + self.all_cpes = pickle.load(cpe_file) + cpe_file.close() + cpe_file = open('cpe/.all_cpes_no_version.pkl', 'rb') + self.all_cpes_no_version = pickle.load(cpe_file) + cpe_file.close() + + def get_new_xml_dict(self, url): + print("CPE: Fetching xml manifest from [" + url + "]") + try: + compressed_cpe_file = urllib2.urlopen(url) + print("CPE: Unzipping xml manifest...") + nist_cpe_file = gzip.GzipFile(fileobj=StringIO(compressed_cpe_file.read())).read() + print("CPE: Converting xml manifest to dict...") + all_cpedb = xmltodict.parse(nist_cpe_file) + + # Cycle through the dict and build two dict to be used for custom + # lookups of partial and complete CPE objects + # The objects are then used to create new proposed XML updates if + # if is determined one is required + for cpe in all_cpedb['cpe-list']['cpe-item']: + cpe_titles = cpe['title'] + # There maybe multiple titles or one. Make sure this is + # always a list + if not isinstance(cpe_titles, (list,)): + cpe_titles = [cpe_titles] + # Out of the different language titles, select English + for title in cpe_titles: + if title['@xml:lang'] is 'en-US': + cpe_titles = [title] + # Some older CPE don't include references, if they do, make + # sure we handle the case of one ref needing to be packed + # in a list + if 'references' in cpe: + cpe_ref = cpe['references']['reference'] + if not isinstance(cpe_ref, (list,)): + cpe_ref = [cpe_ref] + # The reference text has not been consistantly upper case + # in the NIST dict but they now require it. So force upper + # and then check for compliance to a specific tagging + for ref_href in cpe_ref: + ref_href['#text'] = ref_href['#text'].upper() + if ref_href['#text'] not in VALID_REFS: + ref_href['#text'] = ref_href['#text'] + "-- UPDATE this entry, here are some exmaples and just one word should be used -- " + ' '.join(VALID_REFS) + cpe_str = cpe['cpe-23:cpe23-item']['@name'] + item = CPE(cpe_str, cpe_titles, cpe_ref) + cpe_str_no_version = self.get_cpe_no_version(cpe_str) + # This dict must have a unique key for every CPE version + # which allows matching to the specific obj data of that + # NIST dict entry + self.all_cpes.update({cpe_str: item}) + # This dict has one entry for every CPE (w/o version) to allow + # partial match (no valid version) check (the obj is saved and + # used as seed for suggested xml updates. By updating the same + # non-version'd entry, it assumes the last update here is the + # latest version in the NIST dict) + self.all_cpes_no_version.update({cpe_str_no_version: item}) + + except urllib2.HTTPError: + print("CPE: HTTP Error: %s" % url) + sys.exit(1) + except urllib2.URLError: + print("CPE: URL Error: %s" % url) + sys.exit(1) + + print("CPE: Caching dictionary") + cpes_file = open('cpe/.all_cpes.pkl', 'wb') + pickle.dump(self.all_cpes, cpes_file) + cpes_file.close() + cpes_file = open('cpe/.all_cpes_no_version.pkl', 'wb') + pickle.dump(self.all_cpes_no_version, cpes_file) + cpes_file.close() + + def find_partial(self, cpe_str): + cpe_str_no_version = self.get_cpe_no_version(cpe_str) + if cpe_str_no_version in self.all_cpes_no_version: + return cpe_str_no_version + + def find_partial_obj(self, cpe_str): + cpe_str_no_version = self.get_cpe_no_version(cpe_str) + if cpe_str_no_version in self.all_cpes_no_version: + return self.all_cpes_no_version[cpe_str_no_version] + + def find_partial_latest_version(self, cpe_str_partial): + cpe_obj = self.find_partial_obj(cpe_str_partial) + return cpe_obj.cpe_cur_ver + + def find(self, cpe_str): + if self.find_partial(cpe_str): + if cpe_str in self.all_cpes: + return cpe_str + + def update(self, cpe_str): + to_update = self.find_partial_obj(cpe_str) + xml = self.__gen_xml__(to_update.to_dict(cpe_str)) + fp = open(os.path.join('cpe', self.get_cpe_name(cpe_str) + '-' + self.get_cpe_version(cpe_str) + '.xml'), 'w+') + fp.write(xmltodict.unparse(xml, pretty=True)) + fp.close() + + def get_nvd_url(self, cpe_str): + return "https://nvd.nist.gov/products/cpe/search/results?keyword=" + \ + urllib2.quote(cpe_str) + \ + "&status=FINAL&orderBy=CPEURI&namingFormat=2.3" + + def get_cpe_no_version(self, cpe): + return ":".join(cpe.split(":")[:5]) + + def get_cpe_name(self, cpe_str): + return "".join(cpe_str.split(":")[4]) + + def get_cpe_version(self, cpe_str): + return "".join(cpe_str.split(":")[5]) + + def __gen_xml__(self, cpe_list): + list_header = { + "cpe-list": { + "@xmlns:config": "http://scap.nist.gov/schema/configuration/0.1", + "@xmlns": "http://cpe.mitre.org/dictionary/2.0", + "@xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance", + "@xmlnsscap-core": "http://scap.nist.gov/schema/scap-core/0.3", + "@xmlns:cpe-23": "http://scap.nist.gov/schema/cpe-extension/2.3", + "@xmlns:ns6": "http://scap.nist.gov/schema/scap-core/0.1", + "@xmlns:meta": "http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2", + "@xsi:schemaLocation": "http://scap.nist.gov/schema/cpe-extension/2.3 https://scap.nist.gov/schema/cpe/2.3/cpe-dictionary-extension_2.3.xsd http://cpe.mitre.org/dictionary/2.0 https://scap.nist.gov/schema/cpe/2.3/cpe-dictionary_2.3.xsd http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2 https://scap.nist.gov/schema/cpe/2.1/cpe-dictionary-metadata_0.2.xsd http://scap.nist.gov/schema/scap-core/0.3 https://scap.nist.gov/schema/nvd/scap-core_0.3.xsd http://scap.nist.gov/schema/configuration/0.1 https://scap.nist.gov/schema/nvd/configuration_0.1.xsd http://scap.nist.gov/schema/scap-core/0.1 https://scap.nist.gov/schema/nvd/scap-core_0.1.xsd" + } + } + list_header['cpe-list'].update(cpe_list) + return list_header From patchwork Tue Oct 6 13:42:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377446 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbQ2LNGz9sTm for ; Wed, 7 Oct 2020 00:44:01 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id E79B885CD0; Tue, 6 Oct 2020 13:43:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Enqfrz27oAOb; Tue, 6 Oct 2020 13:43:52 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id E831E85DA4; Tue, 6 Oct 2020 13:43:49 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id E143C1BF3E9 for ; Tue, 6 Oct 2020 13:43:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id CF6F32076E for ; Tue, 6 Oct 2020 13:43:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmYeVcexCUyO for ; Tue, 6 Oct 2020 13:43:38 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by silver.osuosl.org (Postfix) with ESMTPS id B22FB20529 for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay11.mail.gandi.net (Postfix) with ESMTPSA id B5A8510000E; Tue, 6 Oct 2020 13:43:28 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:41 +0200 Message-Id: <20201006134250.22738-9-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 08/17] support/scripts/cpe-report: new script X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber The script supports looking up all the CPEs provided in a make cpe-info csv file export from a target Buildroot build. It checks the current version and suggests a CPE needs update or possibly an initial submission is required to NIST. Adds option to allow alternate locations for the dictionary URL and caching of a processed dictionary to speed up execution. Outputs a cpe/ folder with propsed xml generated from the dictionary contents to propose updated versions to NIST. For missing CPE matches, a cpe-report-missing.txt is created by the script that can be used later to manually create proposed new NIST dictionary entries. Ref: NIST has a group email (cpe_dictionary@nist.gov) used to recieve these version update and new entry xml files. They do process the XML and provide feedback. In some cases they will propose back something different where the vendor or version is slightly different. Limitations - Currently any use of non-number version identifiers isn't supported by NIST as they use ranges to determine impact of a CVE - Any Linux version from a non-upstream is also not supported without manually adjusting the information as the custom kernel will more then likely not match the upstream version used in the dictionary Signed-off-by: Matt Weber --- support/scripts/cpe-report | 70 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100755 support/scripts/cpe-report diff --git a/support/scripts/cpe-report b/support/scripts/cpe-report new file mode 100755 index 0000000000..7242a372b2 --- /dev/null +++ b/support/scripts/cpe-report @@ -0,0 +1,70 @@ +#!/usr/bin/env python + +import argparse +import sys +import csv +from cpedb import CPEDB + +CPE_XML_URL = "https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz" + + +def get_target_cpe_report(cpe_report_file, cpedb): + report_cpe_exact_match = "" + report_cpe_needing_update = "" + report_cpe_needing_update_list = "" + report_cpe_missing = "" + + print("CPE: Checking for matches...") + try: + with open(cpe_report_file) as cpe_file: + cpe_list = csv.reader(cpe_file) + next(cpe_list) # make cpe-info has a one line header + for cpe in cpe_list: + result = cpedb.find(cpe[0]) + if not result: + result = cpedb.find_partial(cpedb.get_cpe_no_version(cpe[0])) + if not result: + report_cpe_missing += cpe[0] + "," + cpe[1] + "," + cpe[3] + "\n" + else: + latest_version = cpedb.find_partial_latest_version(cpedb.get_cpe_no_version(cpe[0])) + report_cpe_needing_update += cpe[0] + ", Latest Version Guess from Dict[" + latest_version + "]\n" + report_cpe_needing_update_list += cpe[0] + "\n" + else: + report_cpe_exact_match += cpe[0] + "\n" + except (OSError, IOError) as e: + print("CPE: report csv file (%s): %s" % (e.errno, e.strerror)) + sys.exit(1) + + print("CPE: Found but may REQUIRE an UPDATE:\n" + report_cpe_needing_update) + print("CPE: Not found:\n" + report_cpe_missing) + + fp = open('cpe-report-missing.txt', 'w+') + fp.write(report_cpe_missing) + fp.close() + + for cpe in report_cpe_needing_update_list.splitlines(): + cpedb.update(cpe) + print("XML Generation Complete of NIST update files, see ./cpe/*") + + +def parse_args(): + parser = argparse.ArgumentParser() + parser.add_argument('-c', dest='cpe_report', action='store', required=True, + help='CPE Report generated by make cpe-info (csv format)') + parser.add_argument('-u', dest='url', action='store', required=False, + help='(optional)URL to the NIST dict (official-cpe-dictionary_v2.3.xml.gz)') + return parser.parse_args() + + +def __main__(): + args = parse_args() + cpedb = CPEDB() + url = CPE_XML_URL + if args.url: + url = args.url + cpedb.get_xml_dict(url) + print("Performing Target CPE Report Analysis...") + get_target_cpe_report(args.cpe_report, cpedb) + + +__main__() From patchwork Tue Oct 6 13:42:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377444 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbB4n2Nz9sTf for ; Wed, 7 Oct 2020 00:43:50 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 5D80686FC8; Tue, 6 Oct 2020 13:43:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWgKM61+xnQu; Tue, 6 Oct 2020 13:43:43 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 48ED887006; Tue, 6 Oct 2020 13:43:38 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 17DCE1BF3E9 for ; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 14D688440D for ; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DxqKgpSXm9Te for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 8AD5E80ACD for ; Tue, 6 Oct 2020 13:43:31 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 9247AE0006; Tue, 6 Oct 2020 13:43:29 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:42 +0200 Message-Id: <20201006134250.22738-10-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 09/17] docs/manual: new security management section X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber This changeset captures an initial discussion on the use of CPE reporting within a target build. It notes the reporting limitations and provides actions a user could take to improve upon the current report information. There is also an example of how one might do CVE analysis using the CPE report information. Signed-off-by: Matthew Weber --- docs/manual/cpe-reporting.txt | 107 ++++++++++++++++++++++++++++++++++ docs/manual/manual.txt | 2 + 2 files changed, 109 insertions(+) create mode 100644 docs/manual/cpe-reporting.txt diff --git a/docs/manual/cpe-reporting.txt b/docs/manual/cpe-reporting.txt new file mode 100644 index 0000000000..11da979345 --- /dev/null +++ b/docs/manual/cpe-reporting.txt @@ -0,0 +1,107 @@ +// -*- mode:doc; -*- +// vim: set syntax=asciidoc: + +[[cpe-info]] + +== Security Vulnerability Management + +There are many different vulnerability databases (open/paid). This +section documents the use of the National Vulnerability Database(NVD) +provided by the National Institute of Standards and Technology (NIST). + +Within Buildroot, the intent is to provide good reporting of the build +configuration's inventory of software. The vulnerability analysis is +assumed to occur outside of the Buildroot environment (at this time). + +=== Common Platform Enumeration (CPE) Reporting + +Buildroot consists of a series of upstream packages. Each of those +packages may have a CPE definition used to map vulnerabilities to Common +Vulnerabilities and Exposures (CVE). A single package CPE has many versions +and each version may have a suite of CVEs associated. + +To make the gathering of the software inventory of CPE easier, Buildroot can +collect for you all the CPE related to the configured defconfig. To produce +this material, after you have configured Buildroot with +make menuconfig+, ++make xconfig+ or +make gconfig+, run: + +-------------------- +make cpe-info +-------------------- + +Buildroot then collects and writes the +$(TOPDIR)/cpe-manifest.csv+. This file +can be used for manual inspection against a CVE database or provided to +external tools which perform CVE inventory/analysis. + +*CPE Maintenance* + +To maintain these CPE strings for version changes against the NIST dictionary, +the manifest can be further processed. First, navigate to your Buildroot +directory and execute the script below. The script has some optional arguments +for providing a alternate dictionary URL or caching a processed dictionary. + +-------------------- +support/scripts/cpe-report -c $(TOPDIR)/cpe-manifest.csv +-------------------- + +This script retrieves the NIST dictionary and classifies each CPE as either +matched, requires version update or missing. Based on this analysis, the script +automatically uses the NIST dictionary entries to produce a draft of XML which +can be submitted to NIST to update a version of an entry in the dictionary. It +is important to review the generated xml files in the cpe folder as they may +need refined reference tags and adjustments to how the version is represented +in the title. + +In the case of missing items, a +cpe-report-missing.txt+ report is output by +the script and can be used as a starting point to manually create a xml file +to submit. Note, some manual analysis using the NIST search engine (https://nvd.nist.gov/products/cpe/search) +is suggested for these missing item as the Buildroot +CPE_ID_+ variables maybe +slightly incorrect and cause the cpe-report script to catagorize the package +as missing. If that is the case, a change can be made by adjusting the default +CPE variables in the specific package's +.mk+. See xref:_infrastructure_for_packages_with_specific_build_systems[] +discussion on the use of +LIBFOO_CPE_*+. +If the package is truely missing, the package's Kconfig help material and .mk +should provide most of the information to construct a new NIST submission. + +To submit a new entry or updated entry to NIST, create an request email to the +cpe_dictionary@nist.gov recipient and attach a individual xml file per package +being added/updated. It is OK to have multiple version updates in a single +file as long as they are all for the same package. For reference the guidance +can be found on the NIST CPE site (https://nvd.nist.gov/products/cpe). + +*Limitations* + +Buildroot does not produce or accurately present some of the CPE material. Items +such as any versions which are non-number/hash are not compliant with the CPE +string specification and would require a manual analysis to update the CPE list +before any external CVE analysis should occur. This is a similar situation for +packages like the Linux kernel or U-Boot which may not have a version which +directly maps to a CPE. + +There is an assumed default CPE string for each package which is auto-generated +using existing package information. The output of +make cpe-info+ is based on +this default information and the packages which have been individually tailored +to match existing CPE strings. The Buildroot developers try to do their best to +keep those declarative statements as accurate as possible, to the best of their +knowledge. However, it is very well possible that those declarative statements +are not all fully accurate nor exhaustive. Similar to legal-info, it is your +responsibility to verify this information. + +=== Common Vulnerability and Exposures (CVE) Anaylsis +The Common Vulnerabilities and Exposures (CVE) system provides a +reference-method for publicly known information-security vulnerabilities and +exposures. (https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) + +Like previously stated, there are many tools and methods to perform this +analysis. The most basic example is to do a manual CVE analysis by navigating +to the NVD search engine (https://nvd.nist.gov/vuln/search) and using the CPE +string identified in the first field of the +$(TOPDIR)/cpe-manifest.csv+. +Here's an example for tcpdump. + +CPE ID: "cpe:2.3:a:tcpdump:tcpdump:4.9.1:*:*:*:*:*:*:*" + +Result: https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=cpe%3A2.3%3Aa%3Atcpdump%3Atcpdump%3A4.9.1%3A*%3A*%3A*%3A*%3A*%3A*%3A*&search_type=all + +Beyond the manual search approach, the next step would be a more centralized +shared database with multi-feed support (NVD+). The cve-search project aims +to offer that type of solution (https://github.com/cve-search/cve-search). diff --git a/docs/manual/manual.txt b/docs/manual/manual.txt index b5cc044805..9297cbd599 100644 --- a/docs/manual/manual.txt +++ b/docs/manual/manual.txt @@ -48,6 +48,8 @@ include::legal-notice.txt[] include::beyond-buildroot.txt[] +include::cpe-reporting.txt[] + = Developer guide include::how-buildroot-works.txt[] From patchwork Tue Oct 6 13:42:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377453 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jd10Knsz9sTK for ; Wed, 7 Oct 2020 00:45:25 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C96E120766; Tue, 6 Oct 2020 13:45:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZq2Mb2mCSKK; Tue, 6 Oct 2020 13:44:09 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 33A2820768; Tue, 6 Oct 2020 13:44:03 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 7DE5E1BF3E9 for ; Tue, 6 Oct 2020 13:44:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6D0EB81FAA for ; Tue, 6 Oct 2020 13:44:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zM4oSBPMWjaM for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay12.mail.gandi.net (relay12.mail.gandi.net [217.70.178.232]) by whitealder.osuosl.org (Postfix) with ESMTPS id CC5B1838CD for ; Tue, 6 Oct 2020 13:43:31 +0000 (UTC) Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay12.mail.gandi.net (Postfix) with ESMTPSA id 127AB20000B; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:43 +0200 Message-Id: <20201006134250.22738-11-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 10/17] packages: fixup of cpe info X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Matt Weber Signed-off-by: Matthew Weber --- boot/grub2/grub2.mk | 1 + boot/uboot/uboot.mk | 2 ++ linux/linux.mk | 2 ++ package/audit/audit.mk | 2 ++ package/aufs/aufs.mk | 1 + package/bash/bash.mk | 1 + package/bc/bc.mk | 1 + package/bind/bind.mk | 1 + package/boost/boost.mk | 1 + package/bridge-utils/bridge-utils.mk | 1 + package/busybox/busybox.mk | 1 + package/bzip2/bzip2.mk | 1 + package/clang/clang.mk | 1 + package/collectd/collectd.mk | 1 + package/conntrack-tools/conntrack-tools.mk | 1 + package/coreutils/coreutils.mk | 1 + package/crda/crda.mk | 1 + package/davici/davici.mk | 1 + package/dbus-glib/dbus-glib.mk | 1 + package/dbus/dbus.mk | 2 ++ package/dhcp/dhcp.mk | 1 + package/dnsmasq/dnsmasq.mk | 1 + package/dropbear/dropbear.mk | 2 ++ package/ebtables/ebtables.mk | 1 + package/ethtool/ethtool.mk | 1 + package/expat/expat.mk | 1 + package/gdb/gdb.mk | 1 + package/gesftpserver/gesftpserver.mk | 2 ++ package/glibc/glibc.mk | 1 + package/gmp/gmp.mk | 1 + package/gnupg/gnupg.mk | 1 + package/gnutls/gnutls.mk | 1 + package/grep/grep.mk | 1 + package/gtest/gtest.mk | 2 ++ package/gzip/gzip.mk | 1 + package/hostapd/hostapd.mk | 1 + package/ifupdown/ifupdown.mk | 1 + package/iperf/iperf.mk | 2 ++ package/iperf3/iperf3.mk | 1 + package/ipset/ipset.mk | 1 + package/iptables/iptables.mk | 1 + package/iw/iw.mk | 1 + package/kmod/kmod.mk | 2 ++ package/libarchive/libarchive.mk | 1 + package/libcurl/libcurl.mk | 2 ++ package/libestr/libestr.mk | 1 + package/libfastjson/libfastjson.mk | 1 + package/libfcgi/libfcgi.mk | 2 ++ package/libffi/libffi.mk | 2 ++ package/libgcrypt/libgcrypt.mk | 1 + package/libglib2/libglib2.mk | 2 ++ package/libgpg-error/libgpg-error.mk | 1 + package/liblogging/liblogging.mk | 1 + package/libmbim/libmbim.mk | 1 + package/libmnl/libmnl.mk | 1 + .../libnetfilter_conntrack/libnetfilter_conntrack.mk | 1 + .../libnetfilter_cthelper/libnetfilter_cthelper.mk | 1 + .../libnetfilter_cttimeout/libnetfilter_cttimeout.mk | 1 + package/libnetfilter_queue/libnetfilter_queue.mk | 1 + package/libnfnetlink/libnfnetlink.mk | 1 + package/libopenssl/Config.in | 11 +++++++++++ package/libopenssl/libopenssl.mk | 2 ++ package/libpcap/libpcap.mk | 1 + package/libselinux/libselinux.mk | 1 + package/libsemanage/libsemanage.mk | 1 + package/libsepol/libsepol.mk | 1 + package/libssh2/libssh2.mk | 1 + package/libsysfs/libsysfs.mk | 2 ++ package/libtasn1/libtasn1.mk | 1 + package/libunistring/libunistring.mk | 1 + package/libxml2/libxml2.mk | 1 + package/libxslt/libxslt.mk | 1 + package/libzlib/libzlib.mk | 2 ++ package/lighttpd/lighttpd.mk | 1 + package/linux-firmware/linux-firmware.mk | 2 ++ package/linux-headers/linux-headers.mk | 2 ++ package/linux-pam/linux-pam.mk | 2 ++ package/llvm/llvm.mk | 1 + package/lxc/lxc.mk | 1 + package/lz4/lz4.mk | 1 + package/memtester/memtester.mk | 1 + package/mii-diag/mii-diag.mk | 1 + package/mpfr/mpfr.mk | 1 + package/mrouted/mrouted.mk | 1 + package/mtd/mtd.mk | 2 ++ package/ncurses/ncurses.mk | 1 + package/netsnmp/netsnmp.mk | 2 ++ package/nfs-utils/nfs-utils.mk | 2 ++ package/openssh/openssh.mk | 3 +++ package/pax-utils/pax-utils.mk | 1 + package/paxtest/paxtest.mk | 1 + package/pcre/pcre.mk | 1 + package/pixman/pixman.mk | 1 + package/policycoreutils/policycoreutils.mk | 1 + package/pppd/pppd.mk | 2 ++ package/proftpd/proftpd.mk | 1 + package/protobuf/protobuf.mk | 1 + package/pure-ftpd/pure-ftpd.mk | 1 + package/python-lxml/python-lxml.mk | 2 ++ package/python-setuptools/python-setuptools.mk | 2 ++ package/python/python.mk | 1 + package/qemu/qemu.mk | 1 + package/rapidjson/rapidjson.mk | 1 + package/readline/readline.mk | 1 + package/refpolicy/refpolicy.mk | 1 + package/rsyslog/rsyslog.mk | 1 + package/rt-tests/rt-tests.mk | 1 + package/sed/sed.mk | 1 + package/setools/setools.mk | 1 + package/setserial/setserial.mk | 1 + package/smcroute/smcroute.mk | 1 + package/spawn-fcgi/spawn-fcgi.mk | 1 + package/sqlite/sqlite.mk | 2 ++ package/strongswan/strongswan.mk | 1 + package/tar/tar.mk | 1 + package/tcl/tcl.mk | 1 + package/tcpdump/tcpdump.mk | 1 + package/tftpd/tftpd.mk | 2 ++ package/uboot-tools/uboot-tools.mk | 2 ++ package/util-linux/util-linux.mk | 1 + package/valgrind/valgrind.mk | 1 + package/vim/vim.mk | 1 + package/wget/wget.mk | 1 + package/wireless-regdb/wireless-regdb.mk | 1 + package/wireless_tools/wireless_tools.mk | 2 ++ package/wpa_supplicant/wpa_supplicant.mk | 1 + package/xerces/xerces.mk | 2 ++ package/xz/xz.mk | 1 + 128 files changed, 170 insertions(+) diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk index 5fca2315ee..9686815f4d 100644 --- a/boot/grub2/grub2.mk +++ b/boot/grub2/grub2.mk @@ -37,6 +37,7 @@ GRUB2_INSTALL_TARGET = YES else GRUB2_INSTALL_TARGET = NO endif +GRUB2_CPE_ID_VENDOR = gnu GRUB2_BUILTIN_MODULES = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES)) GRUB2_BUILTIN_CONFIG = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG)) diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk index 1831466780..1de0b7b16a 100644 --- a/boot/uboot/uboot.mk +++ b/boot/uboot/uboot.mk @@ -11,6 +11,8 @@ UBOOT_LICENSE = GPL-2.0+ ifeq ($(BR2_TARGET_UBOOT_LATEST_VERSION),y) UBOOT_LICENSE_FILES = Licenses/gpl-2.0.txt endif +UBOOT_CPE_ID_VENDOR = denx +UBOOT_CPE_ID_NAME = u-boot UBOOT_INSTALL_IMAGES = YES diff --git a/linux/linux.mk b/linux/linux.mk index e07e014d1e..648f6ea2a5 100644 --- a/linux/linux.mk +++ b/linux/linux.mk @@ -12,6 +12,8 @@ LINUX_LICENSE_FILES = \ LICENSES/preferred/GPL-2.0 \ LICENSES/exceptions/Linux-syscall-note endif +LINUX_CPE_ID_VENDOR = $(LINUX_NAME) +LINUX_CPE_ID_NAME = $(LINUX_NAME)_kernel define LINUX_HELP_CMDS @echo ' linux-menuconfig - Run Linux kernel menuconfig' diff --git a/package/audit/audit.mk b/package/audit/audit.mk index 652e0fcd56..a20767d24b 100644 --- a/package/audit/audit.mk +++ b/package/audit/audit.mk @@ -10,6 +10,8 @@ AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries) AUDIT_LICENSE_FILES = COPYING COPYING.LIB # 0002-Add-substitue-functions-for-strndupa-rawmemchr.patch AUDIT_AUTORECONF = YES +AUDIT_CPE_ID_VENDOR = linux_audit_project +AUDIT_CPE_ID_NAME = linux_audit AUDIT_INSTALL_STAGING = YES diff --git a/package/aufs/aufs.mk b/package/aufs/aufs.mk index 4e95a350a0..495e94e606 100644 --- a/package/aufs/aufs.mk +++ b/package/aufs/aufs.mk @@ -7,6 +7,7 @@ AUFS_VERSION = $(call qstrip,$(BR2_PACKAGE_AUFS_VERSION)) AUFS_LICENSE = GPL-2.0 AUFS_LICENSE_FILES = COPYING +AUFS_CPE_ID_VERSION = 4.1 ifeq ($(BR2_PACKAGE_AUFS_SERIES),3) AUFS_SITE = http://git.code.sf.net/p/aufs/aufs3-standalone diff --git a/package/bash/bash.mk b/package/bash/bash.mk index 1843862e49..b4681c1085 100644 --- a/package/bash/bash.mk +++ b/package/bash/bash.mk @@ -10,6 +10,7 @@ BASH_DEPENDENCIES = ncurses readline host-bison BASH_CONF_OPTS = --with-installed-readline --without-bash-malloc BASH_LICENSE = GPL-3.0+ BASH_LICENSE_FILES = COPYING +BASH_CPE_ID_VENDOR = gnu BASH_CONF_ENV += \ ac_cv_rl_prefix="$(STAGING_DIR)" \ diff --git a/package/bc/bc.mk b/package/bc/bc.mk index fdfacb6c89..06b6feae4f 100644 --- a/package/bc/bc.mk +++ b/package/bc/bc.mk @@ -9,6 +9,7 @@ BC_SITE = http://ftp.gnu.org/gnu/bc BC_DEPENDENCIES = host-flex BC_LICENSE = GPL-2.0+, LGPL-2.1+ BC_LICENSE_FILES = COPYING COPYING.LIB +BC_CPE_ID_VENDOR = gnu BC_CONF_ENV = MAKEINFO=true # 0001-bc-use-MAKEINFO-variable-for-docs.patch and 0004-no-gen-libmath.patch diff --git a/package/bind/bind.mk b/package/bind/bind.mk index 18fc4845f9..41b3146da1 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -12,6 +12,7 @@ BIND_INSTALL_STAGING = YES BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh BIND_LICENSE = MPL-2.0 BIND_LICENSE_FILES = COPYRIGHT +BIND_CPE_ID_VENDOR = isc BIND_TARGET_SERVER_SBIN = arpaname ddns-confgen dnssec-checkds dnssec-coverage BIND_TARGET_SERVER_SBIN += dnssec-importkey dnssec-keygen dnssec-revoke BIND_TARGET_SERVER_SBIN += dnssec-settime dnssec-verify genrandom diff --git a/package/boost/boost.mk b/package/boost/boost.mk index 82fe42d6b2..d5c404a13c 100644 --- a/package/boost/boost.mk +++ b/package/boost/boost.mk @@ -10,6 +10,7 @@ BOOST_SITE = https://dl.bintray.com/boostorg/release/$(BOOST_VERSION)/source BOOST_INSTALL_STAGING = YES BOOST_LICENSE = BSL-1.0 BOOST_LICENSE_FILES = LICENSE_1_0.txt +BOOST_CPE_ID_VENDOR = $(BOOST_NAME) # CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost, # while in fact it affects Drupal (a module called boost in there). diff --git a/package/bridge-utils/bridge-utils.mk b/package/bridge-utils/bridge-utils.mk index 9d63b3ef30..fa71c3a64e 100644 --- a/package/bridge-utils/bridge-utils.mk +++ b/package/bridge-utils/bridge-utils.mk @@ -10,6 +10,7 @@ BRIDGE_UTILS_SITE = \ BRIDGE_UTILS_AUTORECONF = YES BRIDGE_UTILS_LICENSE = GPL-2.0+ BRIDGE_UTILS_LICENSE_FILES = COPYING +BRIDGE_UTILS_CPE_ID_VENDOR = kernel # Avoid using the host's headers. Location is not important as # required headers will anyway be found from within the sysroot. diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk index 7862beb790..a88168416f 100644 --- a/package/busybox/busybox.mk +++ b/package/busybox/busybox.mk @@ -9,6 +9,7 @@ BUSYBOX_SITE = http://www.busybox.net/downloads BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2 BUSYBOX_LICENSE = GPL-2.0 BUSYBOX_LICENSE_FILES = LICENSE +BUSYBOX_CPE_ID_VENDOR = $(BUSYBOX_NAME) define BUSYBOX_HELP_CMDS @echo ' busybox-menuconfig - Run BusyBox menuconfig' diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk index b4d8eea25e..c2e5f7610e 100644 --- a/package/bzip2/bzip2.mk +++ b/package/bzip2/bzip2.mk @@ -9,6 +9,7 @@ BZIP2_SITE = https://sourceware.org/pub/bzip2 BZIP2_INSTALL_STAGING = YES BZIP2_LICENSE = bzip2 license BZIP2_LICENSE_FILES = LICENSE +BZIP2_CPE_ID_VENDOR = bzip ifeq ($(BR2_STATIC_LIBS),) define BZIP2_BUILD_SHARED_CMDS diff --git a/package/clang/clang.mk b/package/clang/clang.mk index d740af5322..672c9fb3fa 100644 --- a/package/clang/clang.mk +++ b/package/clang/clang.mk @@ -10,6 +10,7 @@ CLANG_SITE = https://github.com/llvm/llvm-project/releases/download/llvmorg-$(CL CLANG_SOURCE = clang-$(CLANG_VERSION).src.tar.xz CLANG_LICENSE = Apache-2.0 with exceptions CLANG_LICENSE_FILES = LICENSE.TXT +CLANG_CVE_ID_VENDOR = llvm CLANG_SUPPORTS_IN_SOURCE_BUILD = NO CLANG_INSTALL_STAGING = YES diff --git a/package/collectd/collectd.mk b/package/collectd/collectd.mk index 00e33f27df..83bf01109a 100644 --- a/package/collectd/collectd.mk +++ b/package/collectd/collectd.mk @@ -12,6 +12,7 @@ COLLECTD_CONF_ENV = ac_cv_lib_yajl_yajl_alloc=yes COLLECTD_INSTALL_STAGING = YES COLLECTD_LICENSE = MIT (daemon, plugins), GPL-2.0 (plugins), LGPL-2.1 (plugins) COLLECTD_LICENSE_FILES = COPYING +COLLECTD_CPE_ID_VENDOR = $(COLLECTD_NAME) # These require unmet dependencies, are fringe, pointless or deprecated COLLECTD_PLUGINS_DISABLE = \ diff --git a/package/conntrack-tools/conntrack-tools.mk b/package/conntrack-tools/conntrack-tools.mk index 145b6d785f..55ea407924 100644 --- a/package/conntrack-tools/conntrack-tools.mk +++ b/package/conntrack-tools/conntrack-tools.mk @@ -12,6 +12,7 @@ CONNTRACK_TOOLS_DEPENDENCIES = host-pkgconf \ libnetfilter_queue host-bison host-flex CONNTRACK_TOOLS_LICENSE = GPL-2.0+ CONNTRACK_TOOLS_LICENSE_FILES = COPYING +CONNTRACK_TOOLS_CPE_ID_VENDOR = netfilter CONNTRACK_TOOLS_CFLAGS = $(TARGET_CFLAGS) diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk index 3866b76243..18e9052dfd 100644 --- a/package/coreutils/coreutils.mk +++ b/package/coreutils/coreutils.mk @@ -9,6 +9,7 @@ COREUTILS_SITE = $(BR2_GNU_MIRROR)/coreutils COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz COREUTILS_LICENSE = GPL-3.0+ COREUTILS_LICENSE_FILES = COPYING +COREUTILS_CPE_ID_VENDOR = gnu COREUTILS_CONF_OPTS = --disable-rpath \ $(if $(BR2_TOOLCHAIN_USES_MUSL),--with-included-regex) diff --git a/package/crda/crda.mk b/package/crda/crda.mk index c5880797be..31a64d004b 100644 --- a/package/crda/crda.mk +++ b/package/crda/crda.mk @@ -9,6 +9,7 @@ CRDA_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snap CRDA_DEPENDENCIES = host-pkgconf host-python-pycryptodomex libnl libgcrypt CRDA_LICENSE = ISC CRDA_LICENSE_FILES = LICENSE +CRDA_CPE_ID_VENDOR = kernel define CRDA_BUILD_CMDS $(TARGET_CONFIGURE_OPTS) \ diff --git a/package/davici/davici.mk b/package/davici/davici.mk index 5c08bbe0da..6c8df48b6a 100644 --- a/package/davici/davici.mk +++ b/package/davici/davici.mk @@ -8,6 +8,7 @@ DAVICI_VERSION = 1.3 DAVICI_SITE = $(call github,strongswan,davici,v$(DAVICI_VERSION)) DAVICI_LICENSE = LGPL-2.1+ DAVICI_LICENSE_FILES = COPYING +DAVICI_CPE_ID_VENDOR = strongswan DAVICI_DEPENDENCIES = strongswan DAVICI_INSTALL_STAGING = YES DAVICI_AUTORECONF = YES diff --git a/package/dbus-glib/dbus-glib.mk b/package/dbus-glib/dbus-glib.mk index 372942e1c3..5eb158d954 100644 --- a/package/dbus-glib/dbus-glib.mk +++ b/package/dbus-glib/dbus-glib.mk @@ -9,6 +9,7 @@ DBUS_GLIB_SITE = http://dbus.freedesktop.org/releases/dbus-glib DBUS_GLIB_INSTALL_STAGING = YES DBUS_GLIB_LICENSE = AFL-2.1 or GPL-2.0+ DBUS_GLIB_LICENSE_FILES = COPYING +DBUS_GLIB_CPE_ID_VENDOR = freedesktop DBUS_GLIB_CONF_ENV = \ ac_cv_have_abstract_sockets=yes \ diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk index 70f2c6fef4..ae480f3bb2 100644 --- a/package/dbus/dbus.mk +++ b/package/dbus/dbus.mk @@ -8,6 +8,8 @@ DBUS_VERSION = 1.12.18 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools) DBUS_LICENSE_FILES = COPYING +DBUS_CPE_ID_VENDOR = d-bus_project +DBUS_CPE_ID_NAME = d-bus DBUS_INSTALL_STAGING = YES define DBUS_PERMISSIONS diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk index ad59804d3b..988c7792dc 100644 --- a/package/dhcp/dhcp.mk +++ b/package/dhcp/dhcp.mk @@ -10,6 +10,7 @@ DHCP_INSTALL_STAGING = YES DHCP_LICENSE = MPL-2.0 DHCP_LICENSE_FILES = LICENSE DHCP_DEPENDENCIES = bind +DHCP_CPE_ID_VENDOR = isc # use libtool-enabled configure.ac define DHCP_LIBTOOL_AUTORECONF diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk index 4a7218a2b7..e0e8bed5aa 100644 --- a/package/dnsmasq/dnsmasq.mk +++ b/package/dnsmasq/dnsmasq.mk @@ -14,6 +14,7 @@ DNSMASQ_MAKE_OPTS += DESTDIR=$(TARGET_DIR) LDFLAGS="$(TARGET_LDFLAGS)" \ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES) DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3 +DNSMASQ_CPE_ID_VENDOR = thekelleys DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n) diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk index 3eaa98d0a4..d965b2eaf2 100644 --- a/package/dropbear/dropbear.mk +++ b/package/dropbear/dropbear.mk @@ -11,6 +11,8 @@ DROPBEAR_LICENSE = MIT, BSD-2-Clause, Public domain DROPBEAR_LICENSE_FILES = LICENSE DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS) +DROPBEAR_CPE_ID_VENDOR = $(DROPBEAR_NAME)_ssh_project +DROPBEAR_CPE_ID_NAME = $(DROPBEAR_NAME)_ssh # Disable hardening flags added by dropbear configure.ac, and let # Buildroot add them when the relevant options are enabled. This diff --git a/package/ebtables/ebtables.mk b/package/ebtables/ebtables.mk index 117cd5e99e..2f1e291c03 100644 --- a/package/ebtables/ebtables.mk +++ b/package/ebtables/ebtables.mk @@ -9,6 +9,7 @@ EBTABLES_SOURCE = ebtables-v$(EBTABLES_VERSION).tar.gz EBTABLES_SITE = http://ftp.netfilter.org/pub/ebtables EBTABLES_LICENSE = GPL-2.0+ EBTABLES_LICENSE_FILES = COPYING +EBTABLES_CVE_ID_VENDOR = netfilter EBTABLES_STATIC = $(if $(BR2_STATIC_LIBS),static) EBTABLES_K64U32 = $(if $(BR2_KERNEL_64_USERLAND_32),-DKERNEL_64_USERSPACE_32) diff --git a/package/ethtool/ethtool.mk b/package/ethtool/ethtool.mk index 1668171f3a..0e94a918c2 100644 --- a/package/ethtool/ethtool.mk +++ b/package/ethtool/ethtool.mk @@ -9,6 +9,7 @@ ETHTOOL_SOURCE = ethtool-$(ETHTOOL_VERSION).tar.xz ETHTOOL_SITE = $(BR2_KERNEL_MIRROR)/software/network/ethtool ETHTOOL_LICENSE = GPL-2.0 ETHTOOL_LICENSE_FILES = LICENSE COPYING +ETHTOOL_CPE_ID_VENDOR = kernel ETHTOOL_CONF_OPTS = \ $(if $(BR2_PACKAGE_ETHTOOL_PRETTY_PRINT),--enable-pretty-dump,--disable-pretty-dump) diff --git a/package/expat/expat.mk b/package/expat/expat.mk index 38e5dee75d..af3088b80c 100644 --- a/package/expat/expat.mk +++ b/package/expat/expat.mk @@ -12,6 +12,7 @@ EXPAT_DEPENDENCIES = host-pkgconf HOST_EXPAT_DEPENDENCIES = host-pkgconf EXPAT_LICENSE = MIT EXPAT_LICENSE_FILES = COPYING +EXPAT_CPE_ID_VENDOR = libexpat EXPAT_CONF_OPTS = --without-docbook HOST_EXPAT_CONF_OPTS = --without-docbook diff --git a/package/gdb/gdb.mk b/package/gdb/gdb.mk index 6b63a6214b..de11b1e5e8 100644 --- a/package/gdb/gdb.mk +++ b/package/gdb/gdb.mk @@ -22,6 +22,7 @@ endif GDB_LICENSE = GPL-2.0+, LGPL-2.0+, GPL-3.0+, LGPL-3.0+ GDB_LICENSE_FILES = COPYING COPYING.LIB COPYING3 COPYING3.LIB +GDB_CPE_ID_VENDOR = gnu # We only want gdbserver and not the entire debugger. ifeq ($(BR2_PACKAGE_GDB_DEBUGGER),) diff --git a/package/gesftpserver/gesftpserver.mk b/package/gesftpserver/gesftpserver.mk index ff7ce768ae..07718a4c42 100644 --- a/package/gesftpserver/gesftpserver.mk +++ b/package/gesftpserver/gesftpserver.mk @@ -12,6 +12,8 @@ GESFTPSERVER_LICENSE_FILES = COPYING # "Missing prototype" warning treated as error GESFTPSERVER_CONF_OPTS = --disable-warnings-as-errors +GESFTPSERVER_CPE_ID_VENDOR = green_end +GESFTPSERVER_CPE_ID_NAME = sftpserver # forgets to link against pthread when cross compiling GESFTPSERVER_CONF_ENV = LIBS=-lpthread diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk index f2b5b4caf6..032e642bb8 100644 --- a/package/glibc/glibc.mk +++ b/package/glibc/glibc.mk @@ -31,6 +31,7 @@ endif GLIBC_LICENSE = GPL-2.0+ (programs), LGPL-2.1+, BSD-3-Clause, MIT (library) GLIBC_LICENSE_FILES = COPYING COPYING.LIB LICENSES +GLIBC_CPE_ID_VENDOR = gnu # glibc is part of the toolchain so disable the toolchain dependency GLIBC_ADD_TOOLCHAIN_DEPENDENCY = NO diff --git a/package/gmp/gmp.mk b/package/gmp/gmp.mk index d124463a98..a79d5b7d9a 100644 --- a/package/gmp/gmp.mk +++ b/package/gmp/gmp.mk @@ -10,6 +10,7 @@ GMP_SOURCE = gmp-$(GMP_VERSION).tar.xz GMP_INSTALL_STAGING = YES GMP_LICENSE = LGPL-3.0+ or GPL-2.0+ GMP_LICENSE_FILES = COPYING.LESSERv3 COPYINGv2 +GMP_CPE_ID_VENDOR = gmplib GMP_DEPENDENCIES = host-m4 HOST_GMP_DEPENDENCIES = host-m4 diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk index 617def884e..ba424fed96 100644 --- a/package/gnupg/gnupg.mk +++ b/package/gnupg/gnupg.mk @@ -10,6 +10,7 @@ GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg GNUPG_LICENSE = GPL-3.0+ GNUPG_LICENSE_FILES = COPYING GNUPG_DEPENDENCIES = zlib $(if $(BR2_PACKAGE_LIBICONV),libiconv) +GNUPG_CPE_ID_VENDOR = $(GNUPG_NAME) GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no GNUPG_CONF_OPTS = \ --disable-rpath \ diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index 9f53150004..65bb4893e8 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -17,6 +17,7 @@ GNUTLS_LICENSE_FILES += doc/COPYING endif GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 nettle pcre +GNUTLS_CPE_ID_VENDOR = gnu GNUTLS_CONF_OPTS = \ --disable-doc \ --disable-guile \ diff --git a/package/grep/grep.mk b/package/grep/grep.mk index ef1bbb4487..204c74f3b8 100644 --- a/package/grep/grep.mk +++ b/package/grep/grep.mk @@ -9,6 +9,7 @@ GREP_SITE = $(BR2_GNU_MIRROR)/grep GREP_SOURCE = grep-$(GREP_VERSION).tar.xz GREP_LICENSE = GPL-3.0+ GREP_LICENSE_FILES = COPYING +GREP_CPE_ID_VENDOR = gnu GREP_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) # install into /bin like busybox grep GREP_CONF_OPTS = --exec-prefix=/ diff --git a/package/gtest/gtest.mk b/package/gtest/gtest.mk index 7f967b8bfb..fc51d9f7a2 100644 --- a/package/gtest/gtest.mk +++ b/package/gtest/gtest.mk @@ -10,6 +10,8 @@ GTEST_INSTALL_STAGING = YES GTEST_INSTALL_TARGET = NO GTEST_LICENSE = BSD-3-Clause GTEST_LICENSE_FILES = googletest/LICENSE +GTEST_CPE_ID_VENDOR = google +GTEST_CPE_ID_NAME = google_test ifeq ($(BR2_PACKAGE_GTEST_GMOCK),y) GTEST_DEPENDENCIES += host-gtest diff --git a/package/gzip/gzip.mk b/package/gzip/gzip.mk index 17b27b497c..c8fd3ddb7a 100644 --- a/package/gzip/gzip.mk +++ b/package/gzip/gzip.mk @@ -11,6 +11,7 @@ GZIP_SITE = $(BR2_GNU_MIRROR)/gzip GZIP_CONF_OPTS = --exec-prefix=/ GZIP_LICENSE = GPL-3.0+ GZIP_LICENSE_FILES = COPYING +GZIP_CPE_ID_VENDOR = gnu GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes HOST_GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes # configure substitutes $(SHELL) for the shell shebang in scripts like diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk index 676e36d8ba..efeefd8b35 100644 --- a/package/hostapd/hostapd.mk +++ b/package/hostapd/hostapd.mk @@ -23,6 +23,7 @@ HOSTAPD_IGNORE_CVES += CVE-2019-16275 # 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch HOSTAPD_IGNORE_CVES += CVE-2020-12695 +HOSTAPD_CPE_ID_VENDOR = w1.fi HOSTAPD_CONFIG_SET = HOSTAPD_CONFIG_ENABLE = \ diff --git a/package/ifupdown/ifupdown.mk b/package/ifupdown/ifupdown.mk index 84d24aedab..e62c2a79c5 100644 --- a/package/ifupdown/ifupdown.mk +++ b/package/ifupdown/ifupdown.mk @@ -9,6 +9,7 @@ IFUPDOWN_SOURCE = ifupdown_$(IFUPDOWN_VERSION).tar.xz IFUPDOWN_SITE = http://snapshot.debian.org/archive/debian/20160922T165503Z/pool/main/i/ifupdown IFUPDOWN_LICENSE = GPL-2.0+ IFUPDOWN_LICENSE_FILES = COPYING +IFUPDOWN_CPE_ID_VENDOR = debian define IFUPDOWN_BUILD_CMDS $(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \ diff --git a/package/iperf/iperf.mk b/package/iperf/iperf.mk index 7088b0f152..f1e65e7545 100644 --- a/package/iperf/iperf.mk +++ b/package/iperf/iperf.mk @@ -8,6 +8,8 @@ IPERF_VERSION = 2.0.13 IPERF_SITE = http://downloads.sourceforge.net/project/iperf2 IPERF_LICENSE = MIT-like IPERF_LICENSE_FILES = COPYING +IPERF_CPE_ID_VENDOR = $(IPERF_NAME)2_project +IPERF_CPE_ID_NAME = $(IPERF_NAME)2 IPERF_CONF_OPTS = \ --disable-web100 diff --git a/package/iperf3/iperf3.mk b/package/iperf3/iperf3.mk index 7d5a10cdef..234e04eae0 100644 --- a/package/iperf3/iperf3.mk +++ b/package/iperf3/iperf3.mk @@ -9,6 +9,7 @@ IPERF3_SITE = https://downloads.es.net/pub/iperf IPERF3_SOURCE = iperf-$(IPERF3_VERSION).tar.gz IPERF3_LICENSE = BSD-3-Clause, BSD-2-Clause, MIT IPERF3_LICENSE_FILES = LICENSE +IPERF3_CPE_ID_VENDOR = es IPERF3_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE" diff --git a/package/ipset/ipset.mk b/package/ipset/ipset.mk index 869763d322..cea3ee0e05 100644 --- a/package/ipset/ipset.mk +++ b/package/ipset/ipset.mk @@ -11,6 +11,7 @@ IPSET_DEPENDENCIES = libmnl host-pkgconf IPSET_CONF_OPTS = --with-kmod=no IPSET_LICENSE = GPL-2.0 IPSET_LICENSE_FILES = COPYING +IPSET_CPE_ID_VENDOR = netfilter IPSET_INSTALL_STAGING = YES $(eval $(autotools-package)) diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index 442639f159..053d0e3964 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -12,6 +12,7 @@ IPTABLES_DEPENDENCIES = host-pkgconf \ $(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack) IPTABLES_LICENSE = GPL-2.0 IPTABLES_LICENSE_FILES = COPYING +IPTABLES_CPE_ID_VENDOR = netfilter # Building static causes ugly warnings on some plugins IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \ $(if $(BR2_STATIC_LIBS),,--disable-static) diff --git a/package/iw/iw.mk b/package/iw/iw.mk index 2250ea413b..a232cc8baa 100644 --- a/package/iw/iw.mk +++ b/package/iw/iw.mk @@ -9,6 +9,7 @@ IW_SOURCE = iw-$(IW_VERSION).tar.xz IW_SITE = $(BR2_KERNEL_MIRROR)/software/network/iw IW_LICENSE = ISC IW_LICENSE_FILES = COPYING +IW_CPE_ID_VENDOR = kernel IW_DEPENDENCIES = host-pkgconf libnl IW_MAKE_ENV = \ $(TARGET_MAKE_ENV) \ diff --git a/package/kmod/kmod.mk b/package/kmod/kmod.mk index 0a79b2cf4d..c44764ea18 100644 --- a/package/kmod/kmod.mk +++ b/package/kmod/kmod.mk @@ -15,6 +15,8 @@ HOST_KMOD_DEPENDENCIES = host-pkgconf KMOD_LICENSE = LGPL-2.1+ (library) KMOD_LICENSE_FILES = libkmod/COPYING +KMOD_CPE_ID_VENDOR = kernel + # --gc-sections triggers binutils ld segfault # https://sourceware.org/bugzilla/show_bug.cgi?id=21180 ifeq ($(BR2_microblaze),y) diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk index 708ce637c2..71c8a2e4cf 100644 --- a/package/libarchive/libarchive.mk +++ b/package/libarchive/libarchive.mk @@ -9,6 +9,7 @@ LIBARCHIVE_SITE = https://www.libarchive.de/downloads LIBARCHIVE_INSTALL_STAGING = YES LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0 LIBARCHIVE_LICENSE_FILES = COPYING +LIBARCHIVE_CPE_ID_VENDOR = $(LIBARCHIVE_NAME) ifeq ($(BR2_PACKAGE_LIBARCHIVE_BSDTAR),y) ifeq ($(BR2_STATIC_LIBS),y) diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index ea7e06e27e..969325a485 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -12,6 +12,8 @@ LIBCURL_DEPENDENCIES = host-pkgconf \ $(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump) LIBCURL_LICENSE = curl LIBCURL_LICENSE_FILES = COPYING +LIBCURL_CPE_ID_VENDOR = haxx +LIBCURL_CPE_ID_NAME = libcurl LIBCURL_INSTALL_STAGING = YES # We disable NTLM support because it uses fork(), which doesn't work diff --git a/package/libestr/libestr.mk b/package/libestr/libestr.mk index 30960f7257..6ce22efae2 100644 --- a/package/libestr/libestr.mk +++ b/package/libestr/libestr.mk @@ -8,6 +8,7 @@ LIBESTR_VERSION = 0.1.11 LIBESTR_SITE = http://libestr.adiscon.com/files/download LIBESTR_LICENSE = LGPL-2.1+ LIBESTR_LICENSE_FILES = COPYING +LIBESTR_CPE_ID_VENDOR = adiscon LIBESTR_INSTALL_STAGING = YES $(eval $(autotools-package)) diff --git a/package/libfastjson/libfastjson.mk b/package/libfastjson/libfastjson.mk index ecca72f56c..37dbd7e03e 100644 --- a/package/libfastjson/libfastjson.mk +++ b/package/libfastjson/libfastjson.mk @@ -12,5 +12,6 @@ LIBFASTJSON_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99' LIBFASTJSON_AUTORECONF = YES LIBFASTJSON_LICENSE = MIT LIBFASTJSON_LICENSE_FILES = COPYING +LIBFASTJSON_CPE_ID_VENDOR = rsyslog $(eval $(autotools-package)) diff --git a/package/libfcgi/libfcgi.mk b/package/libfcgi/libfcgi.mk index c158df2395..c40d9c5970 100644 --- a/package/libfcgi/libfcgi.mk +++ b/package/libfcgi/libfcgi.mk @@ -8,6 +8,8 @@ LIBFCGI_VERSION = 2.4.2 LIBFCGI_SITE = $(call github,FastCGI-Archives,fcgi2,$(LIBFCGI_VERSION)) LIBFCGI_LICENSE = OML LIBFCGI_LICENSE_FILES = LICENSE.TERMS +LIBFCGI_CPE_ID_VENDOR = fastcgi +LIBFCGI_CPE_ID_NAME = fcgi LIBFCGI_INSTALL_STAGING = YES LIBFCGI_AUTORECONF = YES diff --git a/package/libffi/libffi.mk b/package/libffi/libffi.mk index 722a03dca0..e87a024040 100644 --- a/package/libffi/libffi.mk +++ b/package/libffi/libffi.mk @@ -6,6 +6,8 @@ LIBFFI_VERSION = 3.3 LIBFFI_SITE = $(call github,libffi,libffi,v$(LIBFFI_VERSION)) +LIBFFI_CPE_ID_VERSION = 3.3 +LIBFFI_CPE_ID_VERSION_MINOR = rc0 LIBFFI_LICENSE = MIT LIBFFI_LICENSE_FILES = LICENSE LIBFFI_INSTALL_STAGING = YES diff --git a/package/libgcrypt/libgcrypt.mk b/package/libgcrypt/libgcrypt.mk index b2c1ea3cbe..d928d2fd80 100644 --- a/package/libgcrypt/libgcrypt.mk +++ b/package/libgcrypt/libgcrypt.mk @@ -12,6 +12,7 @@ LIBGCRYPT_SITE = https://gnupg.org/ftp/gcrypt/libgcrypt LIBGCRYPT_INSTALL_STAGING = YES LIBGCRYPT_DEPENDENCIES = libgpg-error LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config +LIBGCRYPT_CPE_ID_VENDOR = gnupg # Patching acinclude.m4 in 0001 # Patching configure.ac and Makefile.am in 0002 diff --git a/package/libglib2/libglib2.mk b/package/libglib2/libglib2.mk index fda04334f5..7f726df29b 100644 --- a/package/libglib2/libglib2.mk +++ b/package/libglib2/libglib2.mk @@ -10,6 +10,8 @@ LIBGLIB2_SOURCE = glib-$(LIBGLIB2_VERSION).tar.xz LIBGLIB2_SITE = http://ftp.gnome.org/pub/gnome/sources/glib/$(LIBGLIB2_VERSION_MAJOR) LIBGLIB2_LICENSE = LGPL-2.1+ LIBGLIB2_LICENSE_FILES = COPYING +LIBGLIB2_CPE_ID_VENDOR = gnome +LIBGLIB2_CPE_ID_NAME = glib LIBGLIB2_INSTALL_STAGING = YES LIBGLIB2_CFLAGS = $(TARGET_CFLAGS) diff --git a/package/libgpg-error/libgpg-error.mk b/package/libgpg-error/libgpg-error.mk index 6281faa662..05c7f710f2 100644 --- a/package/libgpg-error/libgpg-error.mk +++ b/package/libgpg-error/libgpg-error.mk @@ -9,6 +9,7 @@ LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2 LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+ LIBGPG_ERROR_LICENSE_FILES = COPYING COPYING.LIB +LIBGPG_ERROR_CPE_ID_VENDOR = gnupg LIBGPG_ERROR_INSTALL_STAGING = YES LIBGPG_ERROR_CONFIG_SCRIPTS = gpg-error-config LIBGPG_ERROR_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) diff --git a/package/liblogging/liblogging.mk b/package/liblogging/liblogging.mk index c756891a86..24375b56b4 100644 --- a/package/liblogging/liblogging.mk +++ b/package/liblogging/liblogging.mk @@ -8,6 +8,7 @@ LIBLOGGING_VERSION = 1.0.6 LIBLOGGING_SITE = http://download.rsyslog.com/liblogging LIBLOGGING_LICENSE = BSD-2-Clause LIBLOGGING_LICENSE_FILES = COPYING +LIBLOGGING_CPE_ID_VENDOR = adiscon LIBLOGGING_INSTALL_STAGING = YES LIBLOGGING_CONF_OPTS = --enable-cached-man-pages diff --git a/package/libmbim/libmbim.mk b/package/libmbim/libmbim.mk index f9c1ec9953..2cf245e6b6 100644 --- a/package/libmbim/libmbim.mk +++ b/package/libmbim/libmbim.mk @@ -9,6 +9,7 @@ LIBMBIM_SITE = https://www.freedesktop.org/software/libmbim LIBMBIM_SOURCE = libmbim-$(LIBMBIM_VERSION).tar.xz LIBMBIM_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs) LIBMBIM_LICENSE_FILES = COPYING COPYING.LIB +LIBMBIM_CPE_ID_VENDOR = freedesktop LIBMBIM_INSTALL_STAGING = YES LIBMBIM_DEPENDENCIES = libglib2 diff --git a/package/libmnl/libmnl.mk b/package/libmnl/libmnl.mk index 7fcce4c21f..d3b33db2e0 100644 --- a/package/libmnl/libmnl.mk +++ b/package/libmnl/libmnl.mk @@ -10,5 +10,6 @@ LIBMNL_SITE = http://netfilter.org/projects/libmnl/files LIBMNL_INSTALL_STAGING = YES LIBMNL_LICENSE = LGPL-2.1+ LIBMNL_LICENSE_FILES = COPYING +LIBMNL_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_conntrack/libnetfilter_conntrack.mk b/package/libnetfilter_conntrack/libnetfilter_conntrack.mk index 8beefefb51..0a5a94be8f 100644 --- a/package/libnetfilter_conntrack/libnetfilter_conntrack.mk +++ b/package/libnetfilter_conntrack/libnetfilter_conntrack.mk @@ -11,5 +11,6 @@ LIBNETFILTER_CONNTRACK_INSTALL_STAGING = YES LIBNETFILTER_CONNTRACK_DEPENDENCIES = host-pkgconf libnfnetlink libmnl LIBNETFILTER_CONNTRACK_LICENSE = GPL-2.0+ LIBNETFILTER_CONNTRACK_LICENSE_FILES = COPYING +LIBNETFILTER_CONNTRACK_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_cthelper/libnetfilter_cthelper.mk b/package/libnetfilter_cthelper/libnetfilter_cthelper.mk index 61d6acd07c..d74ea4d0fd 100644 --- a/package/libnetfilter_cthelper/libnetfilter_cthelper.mk +++ b/package/libnetfilter_cthelper/libnetfilter_cthelper.mk @@ -12,5 +12,6 @@ LIBNETFILTER_CTHELPER_DEPENDENCIES = host-pkgconf libmnl LIBNETFILTER_CTHELPER_AUTORECONF = YES LIBNETFILTER_CTHELPER_LICENSE = GPL-2.0+ LIBNETFILTER_CTHELPER_LICENSE_FILES = COPYING +LIBNETFILTER_CTHELPER_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk b/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk index 9c4c951687..f5c5067b64 100644 --- a/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk +++ b/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk @@ -12,5 +12,6 @@ LIBNETFILTER_CTTIMEOUT_DEPENDENCIES = host-pkgconf libmnl LIBNETFILTER_CTTIMEOUT_AUTORECONF = YES LIBNETFILTER_CTTIMEOUT_LICENSE = GPL-2.0+ LIBNETFILTER_CTTIMEOUT_LICENSE_FILES = COPYING +LIBNETFILTER_CTTIMEOUT_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_queue/libnetfilter_queue.mk b/package/libnetfilter_queue/libnetfilter_queue.mk index 2bb4dd376d..6cd35baea1 100644 --- a/package/libnetfilter_queue/libnetfilter_queue.mk +++ b/package/libnetfilter_queue/libnetfilter_queue.mk @@ -12,5 +12,6 @@ LIBNETFILTER_QUEUE_DEPENDENCIES = host-pkgconf libnfnetlink libmnl LIBNETFILTER_QUEUE_AUTORECONF = YES LIBNETFILTER_QUEUE_LICENSE = GPL-2.0+ LIBNETFILTER_QUEUE_LICENSE_FILES = COPYING +LIBNETFILTER_QUEUE_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnfnetlink/libnfnetlink.mk b/package/libnfnetlink/libnfnetlink.mk index 13f5d72c87..a5ad47b85e 100644 --- a/package/libnfnetlink/libnfnetlink.mk +++ b/package/libnfnetlink/libnfnetlink.mk @@ -11,5 +11,6 @@ LIBNFNETLINK_AUTORECONF = YES LIBNFNETLINK_INSTALL_STAGING = YES LIBNFNETLINK_LICENSE = GPL-2.0 LIBNFNETLINK_LICENSE_FILES = COPYING +LIBNFNETLINK_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in index 8909e36b9e..dd03de7674 100644 --- a/package/libopenssl/Config.in +++ b/package/libopenssl/Config.in @@ -45,3 +45,14 @@ config BR2_PACKAGE_LIBOPENSSL_ENGINES Install additional encryption engine libraries. endif # BR2_PACKAGE_LIBOPENSSL +# See package/openssl/Config.in for the actual kconfig +# of this package. This file provides a URL for CPE use. + +# help +# A collaborative effort to develop a robust, commercial-grade, +# fully featured, and Open Source toolkit implementing the +# Secure Sockets Layer (SSL v2/v3) and Transport Security +# (TLS v1) as well as a full-strength general-purpose +# cryptography library. +# +# http://www.openssl.org/ diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index a300458f85..bb4747f4c0 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -15,6 +15,8 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH)) LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS) LIBOPENSSL_PROVIDES = openssl +LIBOPENSSL_CPE_ID_VENDOR = $(LIBOPENSSL_PROVIDES) +LIBOPENSSL_CPE_ID_NAME = $(LIBOPENSSL_PROVIDES) ifeq ($(BR2_m68k_cf),y) # relocation truncated to fit: R_68K_GOT16O diff --git a/package/libpcap/libpcap.mk b/package/libpcap/libpcap.mk index 881a109a0a..e323461529 100644 --- a/package/libpcap/libpcap.mk +++ b/package/libpcap/libpcap.mk @@ -8,6 +8,7 @@ LIBPCAP_VERSION = 1.9.1 LIBPCAP_SITE = http://www.tcpdump.org/release LIBPCAP_LICENSE = BSD-3-Clause LIBPCAP_LICENSE_FILES = LICENSE +LIBPCAP_CPE_ID_VENDOR = tcpdump LIBPCAP_INSTALL_STAGING = YES LIBPCAP_DEPENDENCIES = host-flex host-bison diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk index c96b5a4431..9bb1e57db6 100644 --- a/package/libselinux/libselinux.mk +++ b/package/libselinux/libselinux.mk @@ -8,6 +8,7 @@ LIBSELINUX_VERSION = 3.1 LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 LIBSELINUX_LICENSE = Public Domain LIBSELINUX_LICENSE_FILES = LICENSE +LIBSELINUX_CPE_ID_VENDOR = selinuxproject LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk index 3ea0603f53..48e2bbbc8b 100644 --- a/package/libsemanage/libsemanage.mk +++ b/package/libsemanage/libsemanage.mk @@ -9,6 +9,7 @@ LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/2 LIBSEMANAGE_LICENSE = LGPL-2.1+ LIBSEMANAGE_LICENSE_FILES = COPYING LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2 +LIBSEMANAGE_CPE_ID_VENDOR = selinuxproject LIBSEMANAGE_INSTALL_STAGING = YES LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk index 7d8b7b2063..a4398bdc42 100644 --- a/package/libsepol/libsepol.mk +++ b/package/libsepol/libsepol.mk @@ -8,6 +8,7 @@ LIBSEPOL_VERSION = 3.1 LIBSEPOL_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 LIBSEPOL_LICENSE = LGPL-2.1+ LIBSEPOL_LICENSE_FILES = COPYING +LIBSEPOL_CPE_ID_VENDOR = selinuxproject LIBSEPOL_INSTALL_STAGING = YES LIBSEPOL_DEPENDENCIES = host-flex diff --git a/package/libssh2/libssh2.mk b/package/libssh2/libssh2.mk index c03fe0db55..eb66ab5643 100644 --- a/package/libssh2/libssh2.mk +++ b/package/libssh2/libssh2.mk @@ -8,6 +8,7 @@ LIBSSH2_VERSION = 1.9.0 LIBSSH2_SITE = https://www.libssh2.org/download LIBSSH2_LICENSE = BSD LIBSSH2_LICENSE_FILES = COPYING +LIBSSH2_CPE_ID_VENDOR = $(LIBSSH2_NAME) LIBSSH2_INSTALL_STAGING = YES LIBSSH2_CONF_OPTS = --disable-examples-build diff --git a/package/libsysfs/libsysfs.mk b/package/libsysfs/libsysfs.mk index 13edc9a4ea..fd8bfa6724 100644 --- a/package/libsysfs/libsysfs.mk +++ b/package/libsysfs/libsysfs.mk @@ -10,5 +10,7 @@ LIBSYSFS_SOURCE = sysfsutils-$(LIBSYSFS_VERSION).tar.gz LIBSYSFS_INSTALL_STAGING = YES LIBSYSFS_LICENSE = GPL-2.0 (utilities), LGPL-2.1+ (library) LIBSYSFS_LICENSE_FILES = cmd/GPL lib/LGPL +LIBSYSFS_CPE_ID_VENDOR = sysfsutils_project +LIBSYSFS_CPE_ID_NAME = sysfsutils $(eval $(autotools-package)) diff --git a/package/libtasn1/libtasn1.mk b/package/libtasn1/libtasn1.mk index d5a6c69965..a354716824 100644 --- a/package/libtasn1/libtasn1.mk +++ b/package/libtasn1/libtasn1.mk @@ -9,6 +9,7 @@ LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1 LIBTASN1_DEPENDENCIES = host-bison host-pkgconf LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library) LIBTASN1_LICENSE_FILES = LICENSE doc/COPYING doc/COPYING.LESSER +LIBTASN1_CPE_ID_VENDOR = gnu LIBTASN1_INSTALL_STAGING = YES # We're patching fuzz/Makefile.am diff --git a/package/libunistring/libunistring.mk b/package/libunistring/libunistring.mk index fa51447170..1ed7ecf906 100644 --- a/package/libunistring/libunistring.mk +++ b/package/libunistring/libunistring.mk @@ -10,6 +10,7 @@ LIBUNISTRING_SOURCE = libunistring-$(LIBUNISTRING_VERSION).tar.xz LIBUNISTRING_INSTALL_STAGING = YES LIBUNISTRING_LICENSE = LGPL-3.0+ or GPL-2.0 LIBUNISTRING_LICENSE_FILES = COPYING COPYING.LIB +LIBUNISTRING_CPE_ID_VENDOR = gnu $(eval $(autotools-package)) $(eval $(host-autotools-package)) diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk index acbdfb7728..c531934dc3 100644 --- a/package/libxml2/libxml2.mk +++ b/package/libxml2/libxml2.mk @@ -13,6 +13,7 @@ LIBXML2_LICENSE_FILES = COPYING LIBXML2_IGNORE_CVES += CVE-2020-7595 # 0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch LIBXML2_IGNORE_CVES += CVE-2019-20388 +LIBXML2_CPE_ID_VENDOR = xmlsoft LIBXML2_CONFIG_SCRIPTS = xml2-config # relocation truncated to fit: R_68K_GOT16O diff --git a/package/libxslt/libxslt.mk b/package/libxslt/libxslt.mk index 2f37f303ac..3c603ad9f6 100644 --- a/package/libxslt/libxslt.mk +++ b/package/libxslt/libxslt.mk @@ -9,6 +9,7 @@ LIBXSLT_SITE = http://xmlsoft.org/sources LIBXSLT_INSTALL_STAGING = YES LIBXSLT_LICENSE = MIT LIBXSLT_LICENSE_FILES = COPYING +LIBXSLT_CPE_ID_VENDOR = xmlsoft LIBXSLT_CONF_OPTS = \ --with-gnu-ld \ diff --git a/package/libzlib/libzlib.mk b/package/libzlib/libzlib.mk index eea0c12f22..a1e2640bac 100644 --- a/package/libzlib/libzlib.mk +++ b/package/libzlib/libzlib.mk @@ -11,6 +11,8 @@ LIBZLIB_LICENSE = Zlib LIBZLIB_LICENSE_FILES = README LIBZLIB_INSTALL_STAGING = YES LIBZLIB_PROVIDES = zlib +LIBZLIB_CPE_ID_VENDOR = gnu +LIBZLIB_CPE_ID_NAME = $(LIBZLIB_PROVIDES) # It is not possible to build only a shared version of zlib, so we build both # shared and static, unless we only want the static libs, and we eventually diff --git a/package/lighttpd/lighttpd.mk b/package/lighttpd/lighttpd.mk index 7181465c66..39600ef94b 100644 --- a/package/lighttpd/lighttpd.mk +++ b/package/lighttpd/lighttpd.mk @@ -10,6 +10,7 @@ LIGHTTPD_SOURCE = lighttpd-$(LIGHTTPD_VERSION).tar.xz LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-$(LIGHTTPD_VERSION_MAJOR).x LIGHTTPD_LICENSE = BSD-3-Clause LIGHTTPD_LICENSE_FILES = COPYING +LIGHTTPD_CPE_ID_VENDOR = $(LIGHTTPD_NAME) LIGHTTPD_DEPENDENCIES = host-pkgconf LIGHTTPD_CONF_OPTS = \ --without-wolfssl \ diff --git a/package/linux-firmware/linux-firmware.mk b/package/linux-firmware/linux-firmware.mk index 2af8d09f40..938daf0ccd 100644 --- a/package/linux-firmware/linux-firmware.mk +++ b/package/linux-firmware/linux-firmware.mk @@ -8,6 +8,8 @@ LINUX_FIRMWARE_VERSION = 20200122 LINUX_FIRMWARE_SITE = http://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git LINUX_FIRMWARE_SITE_METHOD = git +LINUX_FIRMWARE_CPE_ID_VENDOR = kernel + # Intel SST DSP ifeq ($(BR2_PACKAGE_LINUX_FIRMWARE_INTEL_SST_DSP),y) LINUX_FIRMWARE_FILES += intel/fw_sst_0f28.bin-48kHz_i2s_master diff --git a/package/linux-headers/linux-headers.mk b/package/linux-headers/linux-headers.mk index 4c3cb716b3..4496295f2a 100644 --- a/package/linux-headers/linux-headers.mk +++ b/package/linux-headers/linux-headers.mk @@ -102,6 +102,8 @@ LINUX_HEADERS_LICENSE_FILES = \ LICENSES/preferred/GPL-2.0 \ LICENSES/exceptions/Linux-syscall-note endif +LINUX_HEADERS_CPE_ID_VENDOR = linux +LINUX_HEADERS_CPE_ID_NAME = linux_kernel LINUX_HEADERS_INSTALL_STAGING = YES diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk index 57fb2c9cfd..ecd4a723c4 100644 --- a/package/linux-pam/linux-pam.mk +++ b/package/linux-pam/linux-pam.mk @@ -23,6 +23,8 @@ LINUX_PAM_LICENSE_FILES = Copyright # We're patching configure.ac LINUX_PAM_AUTORECONF = YES LINUX_PAM_MAKE_OPTS += LIBS=$(TARGET_NLS_LIBS) +LINUX_PAM_CPE_ID_VENDOR = $(LINUX_PAM_NAME) +LINUX_PAM_CPE_ID_NAME = $(LINUX_PAM_NAME) ifeq ($(BR2_PACKAGE_LIBSELINUX),y) LINUX_PAM_CONF_OPTS += --enable-selinux diff --git a/package/llvm/llvm.mk b/package/llvm/llvm.mk index 24d033d124..177fff71bb 100644 --- a/package/llvm/llvm.mk +++ b/package/llvm/llvm.mk @@ -10,6 +10,7 @@ LLVM_SITE = https://github.com/llvm/llvm-project/releases/download/llvmorg-$(LLV LLVM_SOURCE = llvm-$(LLVM_VERSION).src.tar.xz LLVM_LICENSE = Apache-2.0 with exceptions LLVM_LICENSE_FILES = LICENSE.TXT +LLVM_CPE_ID_VENDOR = $(LLVM_NAME) LLVM_SUPPORTS_IN_SOURCE_BUILD = NO LLVM_INSTALL_STAGING = YES diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk index 82b8793546..fbf0b28759 100644 --- a/package/lxc/lxc.mk +++ b/package/lxc/lxc.mk @@ -8,6 +8,7 @@ LXC_VERSION = 4.0.4 LXC_SITE = https://linuxcontainers.org/downloads/lxc LXC_LICENSE = GPL-2.0 (some tools), LGPL-2.1+ LXC_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 +LXC_CPE_ID_VENDOR = linuxcontainers LXC_DEPENDENCIES = host-pkgconf LXC_INSTALL_STAGING = YES diff --git a/package/lz4/lz4.mk b/package/lz4/lz4.mk index fa309e8dbb..7c91b6eecc 100644 --- a/package/lz4/lz4.mk +++ b/package/lz4/lz4.mk @@ -9,6 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION)) LZ4_INSTALL_STAGING = YES LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs) LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING +LZ4_CPE_ID_VENDOR = yann_collet # CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version # 1.9.2, while in fact this issue has been fixed since lz4-r130: diff --git a/package/memtester/memtester.mk b/package/memtester/memtester.mk index 0e64d8cde2..ec821adbe8 100644 --- a/package/memtester/memtester.mk +++ b/package/memtester/memtester.mk @@ -8,6 +8,7 @@ MEMTESTER_VERSION = 4.3.0 MEMTESTER_SITE = http://pyropus.ca/software/memtester/old-versions MEMTESTER_LICENSE = GPL-2.0 MEMTESTER_LICENSE_FILES = COPYING +MEMTESTER_CPE_ID_VENDOR = pryopus MEMTESTER_TARGET_INSTALL_OPTS = INSTALLPATH=$(TARGET_DIR)/usr diff --git a/package/mii-diag/mii-diag.mk b/package/mii-diag/mii-diag.mk index 6efd5be80d..a7c6483221 100644 --- a/package/mii-diag/mii-diag.mk +++ b/package/mii-diag/mii-diag.mk @@ -10,6 +10,7 @@ MII_DIAG_PATCH = mii-diag_$(MII_DIAG_VERSION)-3.diff.gz MII_DIAG_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/m/mii-diag MII_DIAG_LICENSE = GPL # No version specified MII_DIAG_LICENSE_FILES = mii-diag.c +MII_DIAG_CPE_ID_VENDOR = debian MII_DIAG_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) diff --git a/package/mpfr/mpfr.mk b/package/mpfr/mpfr.mk index ef2999eb16..837aff3aa5 100644 --- a/package/mpfr/mpfr.mk +++ b/package/mpfr/mpfr.mk @@ -9,6 +9,7 @@ MPFR_SITE = http://www.mpfr.org/mpfr-$(MPFR_VERSION) MPFR_SOURCE = mpfr-$(MPFR_VERSION).tar.xz MPFR_LICENSE = LGPL-3.0+ MPFR_LICENSE_FILES = COPYING.LESSER +MPFR_CPE_ID_VENDOR = gnu MPFR_INSTALL_STAGING = YES MPFR_DEPENDENCIES = gmp HOST_MPFR_DEPENDENCIES = host-gmp diff --git a/package/mrouted/mrouted.mk b/package/mrouted/mrouted.mk index b9a4eaba45..6ee7fd5dfd 100644 --- a/package/mrouted/mrouted.mk +++ b/package/mrouted/mrouted.mk @@ -9,6 +9,7 @@ MROUTED_SITE = $(call github,troglobit,mrouted,$(MROUTED_VERSION)) MROUTED_DEPENDENCIES = host-bison MROUTED_LICENSE = BSD-3-Clause MROUTED_LICENSE_FILES = LICENSE +MROUTED_CPE_ID_VENDOR = troglobit define MROUTED_CONFIGURE_CMDS (cd $(@D); \ diff --git a/package/mtd/mtd.mk b/package/mtd/mtd.mk index 1186fa52d5..bbae4e13b2 100644 --- a/package/mtd/mtd.mk +++ b/package/mtd/mtd.mk @@ -9,6 +9,8 @@ MTD_SOURCE = mtd-utils-$(MTD_VERSION).tar.bz2 MTD_SITE = ftp://ftp.infradead.org/pub/mtd-utils MTD_LICENSE = GPL-2.0 MTD_LICENSE_FILES = COPYING +MTD_CPE_ID_VENDOR = mtd-utils_project +MTD_CPE_ID_NAME = mtd-utils MTD_INSTALL_STAGING = YES ifeq ($(BR2_PACKAGE_MTD_JFFS_UTILS),y) diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk index c11650c766..5c5e497488 100644 --- a/package/ncurses/ncurses.mk +++ b/package/ncurses/ncurses.mk @@ -10,6 +10,7 @@ NCURSES_INSTALL_STAGING = YES NCURSES_DEPENDENCIES = host-ncurses NCURSES_LICENSE = MIT with advertising clause NCURSES_LICENSE_FILES = COPYING +NCURSES_CPE_ID_VENDOR = gnu NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config NCURSES_PATCH = \ $(addprefix https://invisible-mirror.net/archives/ncurses/$(NCURSES_VERSION)/, \ diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk index 904279d1fb..09ca33f754 100644 --- a/package/netsnmp/netsnmp.mk +++ b/package/netsnmp/netsnmp.mk @@ -9,6 +9,8 @@ NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NET NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz NETSNMP_LICENSE = Various BSD-like NETSNMP_LICENSE_FILES = COPYING +NETSNMP_CPE_ID_VENDOR = net-snmp +NETSNMP_CPE_ID_NAME = $(NETSNMP_CPE_ID_VENDOR) NETSNMP_INSTALL_STAGING = YES NETSNMP_CONF_ENV = ac_cv_NETSNMP_CAN_USE_SYSCTL=no NETSNMP_CONF_OPTS = \ diff --git a/package/nfs-utils/nfs-utils.mk b/package/nfs-utils/nfs-utils.mk index da85cb178f..67f178cbff 100644 --- a/package/nfs-utils/nfs-utils.mk +++ b/package/nfs-utils/nfs-utils.mk @@ -10,6 +10,8 @@ NFS_UTILS_SITE = https://www.kernel.org/pub/linux/utils/nfs-utils/$(NFS_UTILS_VE NFS_UTILS_LICENSE = GPL-2.0+ NFS_UTILS_LICENSE_FILES = COPYING NFS_UTILS_DEPENDENCIES = host-nfs-utils host-pkgconf libtirpc +NFS_UTILS_CPE_ID_VENDOR = linux-nfs +NFS_UTILS_AUTORECONF = YES NFS_UTILS_CONF_ENV = knfsd_cv_bsd_signals=no diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 64ac22181b..c8937229ab 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -5,6 +5,8 @@ ################################################################################ OPENSSH_VERSION = 8.3p1 +OPENSSH_CPE_ID_VERSION = 8.3 +OPENSSH_CPE_ID_VERSION_MINOR = p1 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain OPENSSH_LICENSE_FILES = LICENCE @@ -12,6 +14,7 @@ OPENSSH_CONF_ENV = \ LD="$(TARGET_CC)" \ LDFLAGS="$(TARGET_CFLAGS)" \ LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl` +OPENSSH_CPE_ID_VENDOR = openbsd OPENSSH_CONF_OPTS = \ --sysconfdir=/etc/ssh \ --with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \ diff --git a/package/pax-utils/pax-utils.mk b/package/pax-utils/pax-utils.mk index b31468eca2..a6618851ba 100644 --- a/package/pax-utils/pax-utils.mk +++ b/package/pax-utils/pax-utils.mk @@ -9,6 +9,7 @@ PAX_UTILS_SITE = http://distfiles.gentoo.org/distfiles PAX_UTILS_SOURCE = pax-utils-$(PAX_UTILS_VERSION).tar.xz PAX_UTILS_LICENSE = GPL-2.0 PAX_UTILS_LICENSE_FILES = COPYING +PAX_UTILS_CPE_ID_VENDOR = gentoo PAX_UTILS_DEPENDENCIES = host-pkgconf PAX_UTILS_CONF_OPTS = --without-python diff --git a/package/paxtest/paxtest.mk b/package/paxtest/paxtest.mk index e632e222c3..1b8d6699b6 100644 --- a/package/paxtest/paxtest.mk +++ b/package/paxtest/paxtest.mk @@ -8,6 +8,7 @@ PAXTEST_VERSION = 0.9.15 PAXTEST_SITE = https://www.grsecurity.net/~spender PAXTEST_LICENSE = GPL-2.0+ PAXTEST_LICENSE_FILES = README +PAXTEST_CPE_ID_VENDOR = grsecurity define PAXTEST_BUILD_CMDS $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \ diff --git a/package/pcre/pcre.mk b/package/pcre/pcre.mk index 3c280e593f..b37a2ca9b7 100644 --- a/package/pcre/pcre.mk +++ b/package/pcre/pcre.mk @@ -9,6 +9,7 @@ PCRE_SITE = https://ftp.pcre.org/pub/pcre PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2 PCRE_LICENSE = BSD-3-Clause PCRE_LICENSE_FILES = LICENCE +PCRE_CPE_ID_VENDOR = $(PCRE_NAME) PCRE_INSTALL_STAGING = YES PCRE_CONFIG_SCRIPTS = pcre-config diff --git a/package/pixman/pixman.mk b/package/pixman/pixman.mk index a446ebca46..52d4e36f2e 100644 --- a/package/pixman/pixman.mk +++ b/package/pixman/pixman.mk @@ -9,6 +9,7 @@ PIXMAN_SOURCE = pixman-$(PIXMAN_VERSION).tar.xz PIXMAN_SITE = https://xorg.freedesktop.org/releases/individual/lib PIXMAN_LICENSE = MIT PIXMAN_LICENSE_FILES = COPYING +PIXMAN_CPE_ID_VENDOR = $(PIXMAN_NAME) PIXMAN_INSTALL_STAGING = YES PIXMAN_DEPENDENCIES = host-pkgconf diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk index 4c0fdc71a7..0dfdc7af03 100644 --- a/package/policycoreutils/policycoreutils.mk +++ b/package/policycoreutils/policycoreutils.mk @@ -8,6 +8,7 @@ POLICYCOREUTILS_VERSION = 3.1 POLICYCOREUTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 POLICYCOREUTILS_LICENSE = GPL-2.0 POLICYCOREUTILS_LICENSE_FILES = COPYING +POLICYCOREUTILS_CPE_ID_VENDOR = selinuxproject POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(TARGET_NLS_DEPENDENCIES) POLICYCOREUTILS_MAKE_OPTS = LDLIBS=$(TARGET_NLS_LIBS) diff --git a/package/pppd/pppd.mk b/package/pppd/pppd.mk index 685666a200..118f9fc334 100644 --- a/package/pppd/pppd.mk +++ b/package/pppd/pppd.mk @@ -10,6 +10,8 @@ PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+ PPPD_LICENSE_FILES = \ pppd/tdb.c pppd/plugins/pppoatm/COPYING \ pppdump/bsd-comp.c pppd/ccp.c pppd/plugins/passprompt.c +PPPD_CPE_ID_VENDOR = samba +PPPD_CPE_ID_NAME = ppp # 0001-pppd-Fix-bounds-check.patch PPPD_IGNORE_CVES += CVE-2020-8597 diff --git a/package/proftpd/proftpd.mk b/package/proftpd/proftpd.mk index e126d0e0a4..94276233c8 100644 --- a/package/proftpd/proftpd.mk +++ b/package/proftpd/proftpd.mk @@ -8,6 +8,7 @@ PROFTPD_VERSION = 1.3.6c PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION)) PROFTPD_LICENSE = GPL-2.0+ PROFTPD_LICENSE_FILES = COPYING +PROFTPD_CPE_ID_VENDOR = $(PROFTPD_NAME) PROFTPD_CONF_ENV = \ ac_cv_func_setpgrp_void=yes \ diff --git a/package/protobuf/protobuf.mk b/package/protobuf/protobuf.mk index 04fea3063e..82c814b65b 100644 --- a/package/protobuf/protobuf.mk +++ b/package/protobuf/protobuf.mk @@ -12,6 +12,7 @@ PROTOBUF_SOURCE = protobuf-cpp-$(PROTOBUF_VERSION).tar.gz PROTOBUF_SITE = https://github.com/google/protobuf/releases/download/v$(PROTOBUF_VERSION) PROTOBUF_LICENSE = BSD-3-Clause PROTOBUF_LICENSE_FILES = LICENSE +PROTOBUF_CPE_ID_VENDOR = google # N.B. Need to use host protoc during cross compilation. PROTOBUF_DEPENDENCIES = host-protobuf diff --git a/package/pure-ftpd/pure-ftpd.mk b/package/pure-ftpd/pure-ftpd.mk index 7b7c7d9637..7e3d18b433 100644 --- a/package/pure-ftpd/pure-ftpd.mk +++ b/package/pure-ftpd/pure-ftpd.mk @@ -9,6 +9,7 @@ PURE_FTPD_SITE = https://download.pureftpd.org/pub/pure-ftpd/releases PURE_FTPD_SOURCE = pure-ftpd-$(PURE_FTPD_VERSION).tar.bz2 PURE_FTPD_LICENSE = ISC PURE_FTPD_LICENSE_FILES = COPYING +PURE_FTPD_CPE_ID_VENDOR = pureftpd PURE_FTPD_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv) # 0001-listdir-reuse-a-single-buffer-to-store-every-file-name-to-display.patch diff --git a/package/python-lxml/python-lxml.mk b/package/python-lxml/python-lxml.mk index 7e727a6753..0b95cf4dc6 100644 --- a/package/python-lxml/python-lxml.mk +++ b/package/python-lxml/python-lxml.mk @@ -15,6 +15,8 @@ PYTHON_LXML_LICENSE_FILES = \ doc/licenses/BSD.txt \ doc/licenses/elementtree.txt \ src/lxml/isoschematron/resources/rng/iso-schematron.rng +PYTHON_LXML_CPE_ID_VENDOR = lxml +PYTHON_LXML_CPE_ID_NAME = lxml # python-lxml can use either setuptools, or distutils as a fallback. # So, we use setuptools. diff --git a/package/python-setuptools/python-setuptools.mk b/package/python-setuptools/python-setuptools.mk index 2cb575ae22..ade5ca5521 100644 --- a/package/python-setuptools/python-setuptools.mk +++ b/package/python-setuptools/python-setuptools.mk @@ -11,6 +11,8 @@ PYTHON_SETUPTOOLS_SOURCE = setuptools-$(PYTHON_SETUPTOOLS_VERSION).zip PYTHON_SETUPTOOLS_SITE = https://files.pythonhosted.org/packages/b0/f3/44da7482ac6da3f36f68e253cb04de37365b3dba9036a3c70773b778b485 PYTHON_SETUPTOOLS_LICENSE = MIT PYTHON_SETUPTOOLS_LICENSE_FILES = LICENSE +PYTHON_SETUPTOOLS_CPE_ID_VENDOR = python +PYTHON_SETUPTOOLS_CPE_ID_NAME = setuptools PYTHON_SETUPTOOLS_SETUP_TYPE = setuptools HOST_PYTHON_SETUPTOOLS_NEEDS_HOST_PYTHON = python2 diff --git a/package/python/python.mk b/package/python/python.mk index ccaaadd012..2d4c5a3721 100644 --- a/package/python/python.mk +++ b/package/python/python.mk @@ -10,6 +10,7 @@ PYTHON_SOURCE = Python-$(PYTHON_VERSION).tar.xz PYTHON_SITE = https://python.org/ftp/python/$(PYTHON_VERSION) PYTHON_LICENSE = Python-2.0, others PYTHON_LICENSE_FILES = LICENSE +PYTHON_CPE_ID_VENDOR = $(PYTHON_NAME) PYTHON_LIBTOOL_PATCH = NO # Python needs itself to be built, so in order to cross-compile diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk index 69850ec938..a4b5688605 100644 --- a/package/qemu/qemu.mk +++ b/package/qemu/qemu.mk @@ -12,6 +12,7 @@ QEMU_LICENSE_FILES = COPYING COPYING.LIB # NOTE: there is no top-level license file for non-(L)GPL licenses; # the non-(L)GPL license texts are specified in the affected # individual source files. +QEMU_CPE_ID_VENDOR = $(QEMU_NAME) #------------------------------------------------------------- # Target-qemu diff --git a/package/rapidjson/rapidjson.mk b/package/rapidjson/rapidjson.mk index 9f1c82ce40..d3bcef7df1 100644 --- a/package/rapidjson/rapidjson.mk +++ b/package/rapidjson/rapidjson.mk @@ -8,6 +8,7 @@ RAPIDJSON_VERSION = 1.1.0 RAPIDJSON_SITE = $(call github,miloyip,rapidjson,v$(RAPIDJSON_VERSION)) RAPIDJSON_LICENSE = MIT RAPIDJSON_LICENSE_FILES = license.txt +RAPIDJSON_CPE_ID_VENDOR = tencent # rapidjson is a header-only C++ library RAPIDJSON_INSTALL_TARGET = NO diff --git a/package/readline/readline.mk b/package/readline/readline.mk index f5d7d5bf9e..04872ac868 100644 --- a/package/readline/readline.mk +++ b/package/readline/readline.mk @@ -14,6 +14,7 @@ READLINE_CONF_ENV = bash_cv_func_sigsetjmp=yes \ READLINE_CONF_OPTS = --disable-install-examples READLINE_LICENSE = GPL-3.0+ READLINE_LICENSE_FILES = COPYING +READLINE_CPE_ID_VENDOR = gnu define READLINE_INSTALL_INPUTRC $(INSTALL) -D -m 644 package/readline/inputrc $(TARGET_DIR)/etc/inputrc diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk index e1924f3c2d..63a1713e35 100644 --- a/package/refpolicy/refpolicy.mk +++ b/package/refpolicy/refpolicy.mk @@ -6,6 +6,7 @@ REFPOLICY_LICENSE = GPL-2.0 REFPOLICY_LICENSE_FILES = COPYING +REFPOLICY_CPE_ID_VENDOR = tresys REFPOLICY_INSTALL_STAGING = YES REFPOLICY_DEPENDENCIES = \ host-m4 \ diff --git a/package/rsyslog/rsyslog.mk b/package/rsyslog/rsyslog.mk index 90f21559f8..f9e1a0443a 100644 --- a/package/rsyslog/rsyslog.mk +++ b/package/rsyslog/rsyslog.mk @@ -8,6 +8,7 @@ RSYSLOG_VERSION = 8.2004.0 RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0 RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20 +RSYSLOG_CPE_ID_VENDOR = $(RSYSLOG_NAME) RSYSLOG_DEPENDENCIES = zlib libestr liblogging libfastjson host-pkgconf RSYSLOG_CONF_ENV = ac_cv_prog_cc_c99='-std=c99' RSYSLOG_PLUGINS = imdiag imfile impstats imptcp \ diff --git a/package/rt-tests/rt-tests.mk b/package/rt-tests/rt-tests.mk index c17b7fe982..a52cfff3c3 100644 --- a/package/rt-tests/rt-tests.mk +++ b/package/rt-tests/rt-tests.mk @@ -10,6 +10,7 @@ RT_TESTS_VERSION = 1.8 RT_TESTS_LICENSE = GPL-2.0+ RT_TESTS_LICENSE_FILES = COPYING RT_TESTS_DEPENDENCIES = numactl +RT_TESTS_CPE_ID_VENDOR = kernel define RT_TESTS_BUILD_CMDS $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \ diff --git a/package/sed/sed.mk b/package/sed/sed.mk index 6bb3220553..64fb2035b0 100644 --- a/package/sed/sed.mk +++ b/package/sed/sed.mk @@ -9,6 +9,7 @@ SED_SOURCE = sed-$(SED_VERSION).tar.xz SED_SITE = $(BR2_GNU_MIRROR)/sed SED_LICENSE = GPL-3.0 SED_LICENSE_FILES = COPYING +SED_CPE_ID_VENDOR = gnu SED_CONF_OPTS = \ --bindir=/bin \ diff --git a/package/setools/setools.mk b/package/setools/setools.mk index c1a3a909cb..a07b1367a2 100644 --- a/package/setools/setools.mk +++ b/package/setools/setools.mk @@ -10,6 +10,7 @@ SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-fle SETOOLS_INSTALL_STAGING = YES SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+ SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL +SETOOLS_CPE_ID_VENDOR = selinuxproject SETOOLS_SETUP_TYPE = setuptools HOST_SETOOLS_DEPENDENCIES = host-python3-cython host-libselinux host-libsepol host-python-networkx HOST_SETOOLS_NEEDS_HOST_PYTHON = python3 diff --git a/package/setserial/setserial.mk b/package/setserial/setserial.mk index 66ca59d79d..2e29e4c803 100644 --- a/package/setserial/setserial.mk +++ b/package/setserial/setserial.mk @@ -10,6 +10,7 @@ SETSERIAL_SOURCE = setserial_$(SETSERIAL_VERSION).orig.tar.gz SETSERIAL_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/s/setserial SETSERIAL_LICENSE = GPL-2.0 SETSERIAL_LICENSE_FILES = debian/copyright + # make all also builds setserial.cat which needs nroff SETSERIAL_MAKE_OPTS = setserial diff --git a/package/smcroute/smcroute.mk b/package/smcroute/smcroute.mk index 1a36c75d47..0db0e084f6 100644 --- a/package/smcroute/smcroute.mk +++ b/package/smcroute/smcroute.mk @@ -9,6 +9,7 @@ SMCROUTE_SOURCE = smcroute-$(SMCROUTE_VERSION).tar.xz SMCROUTE_SITE = https://github.com/troglobit/smcroute/releases/download/$(SMCROUTE_VERSION) SMCROUTE_LICENSE = GPL-2.0+ SMCROUTE_LICENSE_FILES = COPYING +SMCROUTE_CPE_ID_VENDOR = troglobit SMCROUTE_CONF_OPTS = ac_cv_func_setpgrp_void=yes #BUG:The package Makefile uses CC?= even though the package is autotools based diff --git a/package/spawn-fcgi/spawn-fcgi.mk b/package/spawn-fcgi/spawn-fcgi.mk index ed97d0a7b4..8caa1e2b3c 100644 --- a/package/spawn-fcgi/spawn-fcgi.mk +++ b/package/spawn-fcgi/spawn-fcgi.mk @@ -9,5 +9,6 @@ SPAWN_FCGI_SITE = http://www.lighttpd.net/download SPAWN_FCGI_SOURCE = spawn-fcgi-$(SPAWN_FCGI_VERSION).tar.bz2 SPAWN_FCGI_LICENSE = BSD-3-Clause SPAWN_FCGI_LICENSE_FILES = COPYING +SPAWN_FCGI_CPE_ID_VENDOR = lighttpd $(eval $(autotools-package)) diff --git a/package/sqlite/sqlite.mk b/package/sqlite/sqlite.mk index c8b9ba3150..796292178c 100644 --- a/package/sqlite/sqlite.mk +++ b/package/sqlite/sqlite.mk @@ -5,11 +5,13 @@ ################################################################################ SQLITE_VERSION = 3320300 +SQLITE_CPE_ID_VERSION = 3.31.1 SQLITE_SOURCE = sqlite-autoconf-$(SQLITE_VERSION).tar.gz SQLITE_SITE = https://www.sqlite.org/2020 SQLITE_LICENSE = Public domain SQLITE_LICENSE_FILES = tea/license.terms SQLITE_INSTALL_STAGING = YES +SQLITE_CPE_ID_VENDOR = $(SQLITE_NAME) ifeq ($(BR2_PACKAGE_SQLITE_STAT4),y) SQLITE_CFLAGS += -DSQLITE_ENABLE_STAT4 diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk index 7f1752ce57..1f7437fa31 100644 --- a/package/strongswan/strongswan.mk +++ b/package/strongswan/strongswan.mk @@ -12,6 +12,7 @@ STRONGSWAN_PATCH = \ $(STRONGSWAN_SITE)/patches/28_gmp_pkcs1_overflow_patch/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch STRONGSWAN_LICENSE = GPL-2.0+ STRONGSWAN_LICENSE_FILES = COPYING LICENSE +STRONGSWAN_CPE_ID_VENDOR = $(STRONGSWAN_NAME) STRONGSWAN_DEPENDENCIES = host-pkgconf STRONGSWAN_INSTALL_STAGING = YES STRONGSWAN_CONF_OPTS += \ diff --git a/package/tar/tar.mk b/package/tar/tar.mk index 9e0a40e561..643eff1cbc 100644 --- a/package/tar/tar.mk +++ b/package/tar/tar.mk @@ -12,6 +12,7 @@ TAR_SITE = $(BR2_GNU_MIRROR)/tar TAR_CONF_OPTS = --exec-prefix=/ TAR_LICENSE = GPL-3.0+ TAR_LICENSE_FILES = COPYING +TAR_CPE_ID_VENDOR = gnu ifeq ($(BR2_PACKAGE_ACL),y) TAR_DEPENDENCIES += acl diff --git a/package/tcl/tcl.mk b/package/tcl/tcl.mk index 6d750b3cd2..913891e897 100644 --- a/package/tcl/tcl.mk +++ b/package/tcl/tcl.mk @@ -10,6 +10,7 @@ TCL_SOURCE = tcl$(TCL_VERSION)-src.tar.gz TCL_SITE = http://downloads.sourceforge.net/project/tcl/Tcl/$(TCL_VERSION) TCL_LICENSE = TCL TCL_LICENSE_FILES = license.terms +TCL_CPE_ID_VENDOR = $(TCL_NAME) TCL_SUBDIR = unix TCL_INSTALL_STAGING = YES TCL_AUTORECONF = YES diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk index 01a46b9b5f..9687e3c497 100644 --- a/package/tcpdump/tcpdump.mk +++ b/package/tcpdump/tcpdump.mk @@ -8,6 +8,7 @@ TCPDUMP_VERSION = 4.9.3 TCPDUMP_SITE = http://www.tcpdump.org/release TCPDUMP_LICENSE = BSD-3-Clause TCPDUMP_LICENSE_FILES = LICENSE +TCPDUMP_CPE_ID_VENDOR = $(TCPDUMP_NAME) TCPDUMP_CONF_ENV = \ ac_cv_linux_vers=2 \ td_cv_buggygetaddrinfo=no \ diff --git a/package/tftpd/tftpd.mk b/package/tftpd/tftpd.mk index 57905fda05..301a222e39 100644 --- a/package/tftpd/tftpd.mk +++ b/package/tftpd/tftpd.mk @@ -10,6 +10,8 @@ TFTPD_SITE = $(BR2_KERNEL_MIRROR)/software/network/tftp/tftp-hpa TFTPD_CONF_OPTS = --without-tcpwrappers TFTPD_LICENSE = BSD-4-Clause TFTPD_LICENSE_FILES = tftpd/tftpd.c +TFTPD_CPE_ID_VENDOR = $(TFTPD_NAME)-hpa_project +TFTPD_CPE_ID_NAME = $(TFTPD_NAME)-hpa define TFTPD_INSTALL_TARGET_CMDS $(INSTALL) -D $(@D)/tftp/tftp $(TARGET_DIR)/usr/bin/tftp diff --git a/package/uboot-tools/uboot-tools.mk b/package/uboot-tools/uboot-tools.mk index a06c25998f..61e22f6ae8 100644 --- a/package/uboot-tools/uboot-tools.mk +++ b/package/uboot-tools/uboot-tools.mk @@ -9,6 +9,8 @@ UBOOT_TOOLS_SOURCE = u-boot-$(UBOOT_TOOLS_VERSION).tar.bz2 UBOOT_TOOLS_SITE = ftp://ftp.denx.de/pub/u-boot UBOOT_TOOLS_LICENSE = GPL-2.0+ UBOOT_TOOLS_LICENSE_FILES = Licenses/gpl-2.0.txt +UBOOT_TOOLS_CPE_ID_VENDOR = denx +UBOOT_TOOLS_CPE_ID_NAME = u-boot UBOOT_TOOLS_INSTALL_STAGING = YES # u-boot 2020.01+ needs make 4.0+ diff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk index 4356b2b569..96596fd8da 100644 --- a/package/util-linux/util-linux.mk +++ b/package/util-linux/util-linux.mk @@ -24,6 +24,7 @@ UTIL_LINUX_LICENSE_FILES = README.licensing \ Documentation/licenses/COPYING.ISC \ Documentation/licenses/COPYING.LGPL-2.1-or-later +UTIL_LINUX_CPE_ID_VENDOR = kernel UTIL_LINUX_INSTALL_STAGING = YES UTIL_LINUX_DEPENDENCIES = \ host-pkgconf \ diff --git a/package/valgrind/valgrind.mk b/package/valgrind/valgrind.mk index 7fd3278614..7d0070a974 100644 --- a/package/valgrind/valgrind.mk +++ b/package/valgrind/valgrind.mk @@ -9,6 +9,7 @@ VALGRIND_SITE = https://sourceware.org/pub/valgrind VALGRIND_SOURCE = valgrind-$(VALGRIND_VERSION).tar.bz2 VALGRIND_LICENSE = GPL-2.0, GFDL-1.2 VALGRIND_LICENSE_FILES = COPYING COPYING.DOCS +VALGRIND_CPE_ID_VENDOR = $(VALGRIND_NAME) VALGRIND_CONF_OPTS = \ --disable-ubsan \ --without-mpicc diff --git a/package/vim/vim.mk b/package/vim/vim.mk index 1fbb6a6b86..2bd3d437e4 100644 --- a/package/vim/vim.mk +++ b/package/vim/vim.mk @@ -23,6 +23,7 @@ VIM_CONF_ENV = \ VIM_CONF_OPTS = --with-tlib=ncurses --enable-gui=no --without-x VIM_LICENSE = Charityware VIM_LICENSE_FILES = README.txt +VIM_CPE_ID_VENDOR = $(VIM_NAME) ifeq ($(BR2_PACKAGE_ACL),y) VIM_CONF_OPTS += --enable-acl diff --git a/package/wget/wget.mk b/package/wget/wget.mk index ed3f1fdff9..65c132e453 100644 --- a/package/wget/wget.mk +++ b/package/wget/wget.mk @@ -10,6 +10,7 @@ WGET_SITE = $(BR2_GNU_MIRROR)/wget WGET_DEPENDENCIES = host-pkgconf WGET_LICENSE = GPL-3.0+ WGET_LICENSE_FILES = COPYING +WGET_CPE_ID_VENDOR = gnu ifeq ($(BR2_PACKAGE_GNUTLS),y) WGET_CONF_OPTS += --with-ssl=gnutls diff --git a/package/wireless-regdb/wireless-regdb.mk b/package/wireless-regdb/wireless-regdb.mk index 52a0e0cffc..aaab7fc28b 100644 --- a/package/wireless-regdb/wireless-regdb.mk +++ b/package/wireless-regdb/wireless-regdb.mk @@ -9,6 +9,7 @@ WIRELESS_REGDB_SOURCE = wireless-regdb-$(WIRELESS_REGDB_VERSION).tar.xz WIRELESS_REGDB_SITE = $(BR2_KERNEL_MIRROR)/software/network/wireless-regdb WIRELESS_REGDB_LICENSE = ISC WIRELESS_REGDB_LICENSE_FILES = LICENSE +WIRELESS_REGDB_CPE_ID_VENDOR = kernel ifeq ($(BR2_PACKAGE_CRDA),y) define WIRELESS_REGDB_INSTALL_CRDA_TARGET_CMDS diff --git a/package/wireless_tools/wireless_tools.mk b/package/wireless_tools/wireless_tools.mk index b87ab20fb2..01d03218d6 100644 --- a/package/wireless_tools/wireless_tools.mk +++ b/package/wireless_tools/wireless_tools.mk @@ -10,6 +10,8 @@ WIRELESS_TOOLS_SITE = https://hewlettpackard.github.io/wireless-tools WIRELESS_TOOLS_SOURCE = wireless_tools.$(WIRELESS_TOOLS_VERSION).tar.gz WIRELESS_TOOLS_LICENSE = GPL-2.0 WIRELESS_TOOLS_LICENSE_FILES = COPYING +WIRELESS_TOOLS_CPE_ID_VERSION = $(WIRELESS_TOOLS_VERSION_MAJOR) +WIRELESS_TOOLS_CPE_ID_VERSION_MINOR = pre9 WIRELESS_TOOLS_INSTALL_STAGING = YES WIRELESS_TOOLS_BUILD_TARGETS = iwmulticall diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk index 7170db0d07..955f7fb98f 100644 --- a/package/wpa_supplicant/wpa_supplicant.mk +++ b/package/wpa_supplicant/wpa_supplicant.mk @@ -8,6 +8,7 @@ WPA_SUPPLICANT_VERSION = 2.9 WPA_SUPPLICANT_SITE = http://w1.fi/releases WPA_SUPPLICANT_LICENSE = BSD-3-Clause WPA_SUPPLICANT_LICENSE_FILES = README +WPA_SUPPLICANT_CPE_ID_VENDOR = w1.fi WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config WPA_SUPPLICANT_SUBDIR = wpa_supplicant WPA_SUPPLICANT_DBUS_OLD_SERVICE = fi.epitest.hostap.WPASupplicant diff --git a/package/xerces/xerces.mk b/package/xerces/xerces.mk index ae42b1e62f..5caf421132 100644 --- a/package/xerces/xerces.mk +++ b/package/xerces/xerces.mk @@ -9,6 +9,8 @@ XERCES_SOURCE = xerces-c-$(XERCES_VERSION).tar.xz XERCES_SITE = http://archive.apache.org/dist/xerces/c/3/sources XERCES_LICENSE = Apache-2.0 XERCES_LICENSE_FILES = LICENSE +XERCES_CPE_ID_VENDOR = apache +XERCES_CPE_ID_NAME = $(XERCES_NAME)-c\+\+ XERCES_INSTALL_STAGING = YES define XERCES_DISABLE_SAMPLES diff --git a/package/xz/xz.mk b/package/xz/xz.mk index 487dac461b..ffbae4c873 100644 --- a/package/xz/xz.mk +++ b/package/xz/xz.mk @@ -11,6 +11,7 @@ XZ_INSTALL_STAGING = YES XZ_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99' XZ_LICENSE = Public Domain, GPL-2.0+, GPL-3.0+, LGPL-2.1+ XZ_LICENSE_FILES = COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv2.1 +XZ_CPE_ID_VENDOR = tukaani ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) XZ_CONF_OPTS = --enable-threads From patchwork Tue Oct 6 13:42:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377443 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbB29LBz9sTK for ; Wed, 7 Oct 2020 00:43:50 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id CEDAF84806; Tue, 6 Oct 2020 13:43:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grTcx5xXzFoi; Tue, 6 Oct 2020 13:43:42 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id B38ED8440D; Tue, 6 Oct 2020 13:43:42 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id DA9F61BF3E9 for ; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8B6DD85DA4 for ; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WJyg6781L6S for ; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by whitealder.osuosl.org (Postfix) with ESMTPS id E074F81FAA for ; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay11.mail.gandi.net (Postfix) with ESMTPSA id F4081100011; Tue, 6 Oct 2020 13:43:30 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:44 +0200 Message-Id: <20201006134250.22738-12-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 11/17] Support/scripts/cpedb.py: Convert to Python 3 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Switch the script to be used with pyhton 3 Signed-off-by: Gregory CLEMENT --- support/scripts/cpedb.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/support/scripts/cpedb.py b/support/scripts/cpedb.py index 0369536f6f..6e48772b5e 100644 --- a/support/scripts/cpedb.py +++ b/support/scripts/cpedb.py @@ -1,9 +1,9 @@ import sys -import urllib2 +import urllib3 from collections import OrderedDict import xmltodict import gzip -from StringIO import StringIO +from io import StringIO import os import pickle @@ -65,7 +65,7 @@ class CPEDB: def get_new_xml_dict(self, url): print("CPE: Fetching xml manifest from [" + url + "]") try: - compressed_cpe_file = urllib2.urlopen(url) + compressed_cpe_file = urllib3.urlopen(url) print("CPE: Unzipping xml manifest...") nist_cpe_file = gzip.GzipFile(fileobj=StringIO(compressed_cpe_file.read())).read() print("CPE: Converting xml manifest to dict...") @@ -113,10 +113,10 @@ class CPEDB: # latest version in the NIST dict) self.all_cpes_no_version.update({cpe_str_no_version: item}) - except urllib2.HTTPError: + except urllib3.HTTPError: print("CPE: HTTP Error: %s" % url) sys.exit(1) - except urllib2.URLError: + except urllib3.URLError: print("CPE: URL Error: %s" % url) sys.exit(1) @@ -156,7 +156,7 @@ class CPEDB: def get_nvd_url(self, cpe_str): return "https://nvd.nist.gov/products/cpe/search/results?keyword=" + \ - urllib2.quote(cpe_str) + \ + urllib3.quote(cpe_str) + \ "&status=FINAL&orderBy=CPEURI&namingFormat=2.3" def get_cpe_no_version(self, cpe): From patchwork Tue Oct 6 13:42:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377448 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbM0Jg8z9sTL for ; Wed, 7 Oct 2020 00:43:58 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 77B6B2077C; Tue, 6 Oct 2020 13:43:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WFW82E2uvTTd; Tue, 6 Oct 2020 13:43:48 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id BFC0D20766; Tue, 6 Oct 2020 13:43:43 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id CBC4F1BF3E9 for ; Tue, 6 Oct 2020 13:43:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id C85E68700D for ; Tue, 6 Oct 2020 13:43:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PW0V1Z-K-cck for ; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by hemlock.osuosl.org (Postfix) with ESMTPS id 9578186F58 for ; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id AA59340007; Tue, 6 Oct 2020 13:43:31 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:45 +0200 Message-Id: <20201006134250.22738-13-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 12/17] package/pkg-generic.mk: Create CPE ID information only if verified X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" The CPE ID are created automatically based on the information provided by the buildroot package. However, it may not match the official cpeid. To be able to know if it can be trusted, only generate this CPE ID when a CPE_ID_VALID flag has been added to the package. Signed-off-by: Gregory CLEMENT --- package/pkg-generic.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index dba03a8119..55084bc7d9 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -970,6 +970,7 @@ else $(2)_KCONFIG_VAR = BR2_PACKAGE_$(2) endif +ifeq ($$($(2)_CPE_ID_VALID),y) $(2)_CPE_ID_VENDOR ?= $$($(2)_NAME)_project $(2)_CPE_ID_NAME ?= $$($(2)_NAME) $(2)_CPE_ID_VERSION ?= $$($(2)_VERSION) @@ -981,6 +982,7 @@ $(2)_CPE_PREFIX = $(CPE_PREFIX_OS) else $(2)_CPE_PREFIX = $(CPE_PREFIX_APP) endif +endif $(1)-cpe-info: PKG=$(2) ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y) From patchwork Tue Oct 6 13:42:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377450 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbS1vtdz9sVL for ; Wed, 7 Oct 2020 00:44:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 6382686FFB; Tue, 6 Oct 2020 13:44:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1QZUS+ZKa6DM; Tue, 6 Oct 2020 13:43:46 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id E78BF8700D; Tue, 6 Oct 2020 13:43:44 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id B0ADB1BF3E9 for ; Tue, 6 Oct 2020 13:43:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9FA3984439 for ; Tue, 6 Oct 2020 13:43:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbI8m1D0lZop for ; Tue, 6 Oct 2020 13:43:37 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) by fraxinus.osuosl.org (Postfix) with ESMTPS id AFE388440D for ; Tue, 6 Oct 2020 13:43:36 +0000 (UTC) Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay10.mail.gandi.net (Postfix) with ESMTPSA id A923D240010; Tue, 6 Oct 2020 13:43:32 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:46 +0200 Message-Id: <20201006134250.22738-14-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 13/17] packages: add new flag for CPE ID X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" All the packages having cpeid fixup has CPE ID that has been validated, so add the flag _CPE_ID_VALID. Signed-off-by: Gregory CLEMENT --- boot/grub2/grub2.mk | 1 + boot/uboot/uboot.mk | 1 + linux/linux.mk | 1 + package/audit/audit.mk | 1 + package/aufs/aufs.mk | 1 + package/bash/bash.mk | 1 + package/bc/bc.mk | 1 + package/bind/bind.mk | 1 + package/boost/boost.mk | 1 + package/bridge-utils/bridge-utils.mk | 1 + package/busybox/busybox.mk | 1 + package/bzip2/bzip2.mk | 1 + package/collectd/collectd.mk | 1 + package/conntrack-tools/conntrack-tools.mk | 1 + package/coreutils/coreutils.mk | 1 + package/crda/crda.mk | 1 + package/davici/davici.mk | 1 + package/dbus-glib/dbus-glib.mk | 1 + package/dbus/dbus.mk | 1 + package/dhcp/dhcp.mk | 1 + package/dnsmasq/dnsmasq.mk | 1 + package/dropbear/dropbear.mk | 1 + package/ethtool/ethtool.mk | 1 + package/expat/expat.mk | 1 + package/gdb/gdb.mk | 1 + package/gesftpserver/gesftpserver.mk | 1 + package/glibc/glibc.mk | 1 + package/gmp/gmp.mk | 1 + package/gnupg/gnupg.mk | 1 + package/gnutls/gnutls.mk | 1 + package/grep/grep.mk | 1 + package/gtest/gtest.mk | 1 + package/gzip/gzip.mk | 1 + package/hostapd/hostapd.mk | 1 + package/ifupdown/ifupdown.mk | 1 + package/iperf/iperf.mk | 1 + package/iperf3/iperf3.mk | 1 + package/ipset/ipset.mk | 1 + package/iptables/iptables.mk | 1 + package/iw/iw.mk | 1 + package/kmod/kmod.mk | 1 + package/libarchive/libarchive.mk | 1 + package/libcurl/libcurl.mk | 1 + package/libestr/libestr.mk | 1 + package/libfastjson/libfastjson.mk | 1 + package/libfcgi/libfcgi.mk | 1 + package/libffi/libffi.mk | 1 + package/libgcrypt/libgcrypt.mk | 1 + package/libglib2/libglib2.mk | 1 + package/libgpg-error/libgpg-error.mk | 1 + package/liblogging/liblogging.mk | 1 + package/libmbim/libmbim.mk | 1 + package/libmnl/libmnl.mk | 1 + package/libnetfilter_conntrack/libnetfilter_conntrack.mk | 1 + package/libnetfilter_cthelper/libnetfilter_cthelper.mk | 1 + package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk | 1 + package/libnetfilter_queue/libnetfilter_queue.mk | 1 + package/libnfnetlink/libnfnetlink.mk | 1 + package/libopenssl/libopenssl.mk | 1 + package/libpcap/libpcap.mk | 1 + package/libselinux/libselinux.mk | 1 + package/libsemanage/libsemanage.mk | 1 + package/libsepol/libsepol.mk | 1 + package/libssh2/libssh2.mk | 1 + package/libsysfs/libsysfs.mk | 1 + package/libtasn1/libtasn1.mk | 1 + package/libunistring/libunistring.mk | 1 + package/libxml2/libxml2.mk | 1 + package/libxslt/libxslt.mk | 1 + package/libzlib/libzlib.mk | 1 + package/lighttpd/lighttpd.mk | 1 + package/linux-firmware/linux-firmware.mk | 1 + package/linux-headers/linux-headers.mk | 1 + package/linux-pam/linux-pam.mk | 1 + package/llvm/llvm.mk | 1 + package/lxc/lxc.mk | 1 + package/lz4/lz4.mk | 1 + package/memtester/memtester.mk | 1 + package/mii-diag/mii-diag.mk | 1 + package/mpfr/mpfr.mk | 1 + package/mrouted/mrouted.mk | 1 + package/mtd/mtd.mk | 1 + package/ncurses/ncurses.mk | 1 + package/netsnmp/netsnmp.mk | 1 + package/nfs-utils/nfs-utils.mk | 1 + package/openssh/openssh.mk | 1 + package/pax-utils/pax-utils.mk | 1 + package/paxtest/paxtest.mk | 1 + package/pcre/pcre.mk | 1 + package/pixman/pixman.mk | 1 + package/policycoreutils/policycoreutils.mk | 1 + package/pppd/pppd.mk | 1 + package/proftpd/proftpd.mk | 2 ++ package/protobuf/protobuf.mk | 1 + package/pure-ftpd/pure-ftpd.mk | 1 + package/python-lxml/python-lxml.mk | 1 + package/python-setuptools/python-setuptools.mk | 1 + package/python/python.mk | 1 + package/qemu/qemu.mk | 1 + package/rapidjson/rapidjson.mk | 1 + package/readline/readline.mk | 1 + package/refpolicy/refpolicy.mk | 1 + package/rsyslog/rsyslog.mk | 1 + package/rt-tests/rt-tests.mk | 1 + package/sed/sed.mk | 1 + package/setools/setools.mk | 1 + package/smcroute/smcroute.mk | 1 + package/spawn-fcgi/spawn-fcgi.mk | 1 + package/sqlite/sqlite.mk | 1 + package/strongswan/strongswan.mk | 1 + package/tar/tar.mk | 1 + package/tcl/tcl.mk | 1 + package/tcpdump/tcpdump.mk | 1 + package/tftpd/tftpd.mk | 1 + package/uboot-tools/uboot-tools.mk | 1 + package/util-linux/util-linux.mk | 1 + package/valgrind/valgrind.mk | 1 + package/vim/vim.mk | 1 + package/wget/wget.mk | 1 + package/wireless-regdb/wireless-regdb.mk | 1 + package/wireless_tools/wireless_tools.mk | 1 + package/wpa_supplicant/wpa_supplicant.mk | 1 + package/xerces/xerces.mk | 1 + package/xz/xz.mk | 1 + 124 files changed, 125 insertions(+) diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk index 9686815f4d..266bc9ad4e 100644 --- a/boot/grub2/grub2.mk +++ b/boot/grub2/grub2.mk @@ -37,6 +37,7 @@ GRUB2_INSTALL_TARGET = YES else GRUB2_INSTALL_TARGET = NO endif +GRUB2_CPE_ID_VALID = y GRUB2_CPE_ID_VENDOR = gnu GRUB2_BUILTIN_MODULES = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES)) diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk index 1de0b7b16a..c193469a75 100644 --- a/boot/uboot/uboot.mk +++ b/boot/uboot/uboot.mk @@ -11,6 +11,7 @@ UBOOT_LICENSE = GPL-2.0+ ifeq ($(BR2_TARGET_UBOOT_LATEST_VERSION),y) UBOOT_LICENSE_FILES = Licenses/gpl-2.0.txt endif +UBOOT_CPE_ID_VALID = y UBOOT_CPE_ID_VENDOR = denx UBOOT_CPE_ID_NAME = u-boot diff --git a/linux/linux.mk b/linux/linux.mk index 648f6ea2a5..27dc49f3a2 100644 --- a/linux/linux.mk +++ b/linux/linux.mk @@ -12,6 +12,7 @@ LINUX_LICENSE_FILES = \ LICENSES/preferred/GPL-2.0 \ LICENSES/exceptions/Linux-syscall-note endif +LINUX_CPE_ID_VALID = y LINUX_CPE_ID_VENDOR = $(LINUX_NAME) LINUX_CPE_ID_NAME = $(LINUX_NAME)_kernel diff --git a/package/audit/audit.mk b/package/audit/audit.mk index a20767d24b..d0ff6b1b78 100644 --- a/package/audit/audit.mk +++ b/package/audit/audit.mk @@ -10,6 +10,7 @@ AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries) AUDIT_LICENSE_FILES = COPYING COPYING.LIB # 0002-Add-substitue-functions-for-strndupa-rawmemchr.patch AUDIT_AUTORECONF = YES +AUDIT_CPE_ID_VALID = y AUDIT_CPE_ID_VENDOR = linux_audit_project AUDIT_CPE_ID_NAME = linux_audit diff --git a/package/aufs/aufs.mk b/package/aufs/aufs.mk index 495e94e606..ec5d1aa78f 100644 --- a/package/aufs/aufs.mk +++ b/package/aufs/aufs.mk @@ -7,6 +7,7 @@ AUFS_VERSION = $(call qstrip,$(BR2_PACKAGE_AUFS_VERSION)) AUFS_LICENSE = GPL-2.0 AUFS_LICENSE_FILES = COPYING +AUFS_CPE_ID_VALID = y AUFS_CPE_ID_VERSION = 4.1 ifeq ($(BR2_PACKAGE_AUFS_SERIES),3) diff --git a/package/bash/bash.mk b/package/bash/bash.mk index b4681c1085..938462040a 100644 --- a/package/bash/bash.mk +++ b/package/bash/bash.mk @@ -10,6 +10,7 @@ BASH_DEPENDENCIES = ncurses readline host-bison BASH_CONF_OPTS = --with-installed-readline --without-bash-malloc BASH_LICENSE = GPL-3.0+ BASH_LICENSE_FILES = COPYING +BASH_CPE_ID_VALID = y BASH_CPE_ID_VENDOR = gnu BASH_CONF_ENV += \ diff --git a/package/bc/bc.mk b/package/bc/bc.mk index 06b6feae4f..be3b9665b2 100644 --- a/package/bc/bc.mk +++ b/package/bc/bc.mk @@ -9,6 +9,7 @@ BC_SITE = http://ftp.gnu.org/gnu/bc BC_DEPENDENCIES = host-flex BC_LICENSE = GPL-2.0+, LGPL-2.1+ BC_LICENSE_FILES = COPYING COPYING.LIB +BC_CPE_ID_VALID = y BC_CPE_ID_VENDOR = gnu BC_CONF_ENV = MAKEINFO=true diff --git a/package/bind/bind.mk b/package/bind/bind.mk index 41b3146da1..abe6cb4d93 100644 --- a/package/bind/bind.mk +++ b/package/bind/bind.mk @@ -12,6 +12,7 @@ BIND_INSTALL_STAGING = YES BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh BIND_LICENSE = MPL-2.0 BIND_LICENSE_FILES = COPYRIGHT +BIND_CPE_ID_VALID = y BIND_CPE_ID_VENDOR = isc BIND_TARGET_SERVER_SBIN = arpaname ddns-confgen dnssec-checkds dnssec-coverage BIND_TARGET_SERVER_SBIN += dnssec-importkey dnssec-keygen dnssec-revoke diff --git a/package/boost/boost.mk b/package/boost/boost.mk index d5c404a13c..27f404cda2 100644 --- a/package/boost/boost.mk +++ b/package/boost/boost.mk @@ -10,6 +10,7 @@ BOOST_SITE = https://dl.bintray.com/boostorg/release/$(BOOST_VERSION)/source BOOST_INSTALL_STAGING = YES BOOST_LICENSE = BSL-1.0 BOOST_LICENSE_FILES = LICENSE_1_0.txt +BOOST_CPE_ID_VALID = y BOOST_CPE_ID_VENDOR = $(BOOST_NAME) # CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost, diff --git a/package/bridge-utils/bridge-utils.mk b/package/bridge-utils/bridge-utils.mk index fa71c3a64e..1d022af2a4 100644 --- a/package/bridge-utils/bridge-utils.mk +++ b/package/bridge-utils/bridge-utils.mk @@ -10,6 +10,7 @@ BRIDGE_UTILS_SITE = \ BRIDGE_UTILS_AUTORECONF = YES BRIDGE_UTILS_LICENSE = GPL-2.0+ BRIDGE_UTILS_LICENSE_FILES = COPYING +BRIDGE_UTILS_CPE_ID_VALID = y BRIDGE_UTILS_CPE_ID_VENDOR = kernel # Avoid using the host's headers. Location is not important as diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk index a88168416f..184753b7c5 100644 --- a/package/busybox/busybox.mk +++ b/package/busybox/busybox.mk @@ -9,6 +9,7 @@ BUSYBOX_SITE = http://www.busybox.net/downloads BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2 BUSYBOX_LICENSE = GPL-2.0 BUSYBOX_LICENSE_FILES = LICENSE +BUSYBOX_CPE_ID_VALID = y BUSYBOX_CPE_ID_VENDOR = $(BUSYBOX_NAME) define BUSYBOX_HELP_CMDS diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk index c2e5f7610e..4033c2bf6d 100644 --- a/package/bzip2/bzip2.mk +++ b/package/bzip2/bzip2.mk @@ -9,6 +9,7 @@ BZIP2_SITE = https://sourceware.org/pub/bzip2 BZIP2_INSTALL_STAGING = YES BZIP2_LICENSE = bzip2 license BZIP2_LICENSE_FILES = LICENSE +BZIP2_CPE_ID_VALID = y BZIP2_CPE_ID_VENDOR = bzip ifeq ($(BR2_STATIC_LIBS),) diff --git a/package/collectd/collectd.mk b/package/collectd/collectd.mk index 83bf01109a..4339ec418e 100644 --- a/package/collectd/collectd.mk +++ b/package/collectd/collectd.mk @@ -12,6 +12,7 @@ COLLECTD_CONF_ENV = ac_cv_lib_yajl_yajl_alloc=yes COLLECTD_INSTALL_STAGING = YES COLLECTD_LICENSE = MIT (daemon, plugins), GPL-2.0 (plugins), LGPL-2.1 (plugins) COLLECTD_LICENSE_FILES = COPYING +COLLECTD_CPE_ID_VALID = y COLLECTD_CPE_ID_VENDOR = $(COLLECTD_NAME) # These require unmet dependencies, are fringe, pointless or deprecated diff --git a/package/conntrack-tools/conntrack-tools.mk b/package/conntrack-tools/conntrack-tools.mk index 55ea407924..7adbd6aaa0 100644 --- a/package/conntrack-tools/conntrack-tools.mk +++ b/package/conntrack-tools/conntrack-tools.mk @@ -12,6 +12,7 @@ CONNTRACK_TOOLS_DEPENDENCIES = host-pkgconf \ libnetfilter_queue host-bison host-flex CONNTRACK_TOOLS_LICENSE = GPL-2.0+ CONNTRACK_TOOLS_LICENSE_FILES = COPYING +CONNTRACK_TOOLS_CPE_ID_VALID = y CONNTRACK_TOOLS_CPE_ID_VENDOR = netfilter CONNTRACK_TOOLS_CFLAGS = $(TARGET_CFLAGS) diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk index 18e9052dfd..7257ffc89a 100644 --- a/package/coreutils/coreutils.mk +++ b/package/coreutils/coreutils.mk @@ -9,6 +9,7 @@ COREUTILS_SITE = $(BR2_GNU_MIRROR)/coreutils COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz COREUTILS_LICENSE = GPL-3.0+ COREUTILS_LICENSE_FILES = COPYING +COREUTILS_CPE_ID_VALID = y COREUTILS_CPE_ID_VENDOR = gnu COREUTILS_CONF_OPTS = --disable-rpath \ diff --git a/package/crda/crda.mk b/package/crda/crda.mk index 31a64d004b..20f9925a10 100644 --- a/package/crda/crda.mk +++ b/package/crda/crda.mk @@ -9,6 +9,7 @@ CRDA_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snap CRDA_DEPENDENCIES = host-pkgconf host-python-pycryptodomex libnl libgcrypt CRDA_LICENSE = ISC CRDA_LICENSE_FILES = LICENSE +CRDA_CPE_ID_VALID = y CRDA_CPE_ID_VENDOR = kernel define CRDA_BUILD_CMDS diff --git a/package/davici/davici.mk b/package/davici/davici.mk index 6c8df48b6a..1aaa5cdb66 100644 --- a/package/davici/davici.mk +++ b/package/davici/davici.mk @@ -8,6 +8,7 @@ DAVICI_VERSION = 1.3 DAVICI_SITE = $(call github,strongswan,davici,v$(DAVICI_VERSION)) DAVICI_LICENSE = LGPL-2.1+ DAVICI_LICENSE_FILES = COPYING +DAVICI_CPE_ID_VALID = y DAVICI_CPE_ID_VENDOR = strongswan DAVICI_DEPENDENCIES = strongswan DAVICI_INSTALL_STAGING = YES diff --git a/package/dbus-glib/dbus-glib.mk b/package/dbus-glib/dbus-glib.mk index 5eb158d954..c60256d5e7 100644 --- a/package/dbus-glib/dbus-glib.mk +++ b/package/dbus-glib/dbus-glib.mk @@ -9,6 +9,7 @@ DBUS_GLIB_SITE = http://dbus.freedesktop.org/releases/dbus-glib DBUS_GLIB_INSTALL_STAGING = YES DBUS_GLIB_LICENSE = AFL-2.1 or GPL-2.0+ DBUS_GLIB_LICENSE_FILES = COPYING +DBUS_GLIB_CPE_ID_VALID = y DBUS_GLIB_CPE_ID_VENDOR = freedesktop DBUS_GLIB_CONF_ENV = \ diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk index ae480f3bb2..7ff023b7ab 100644 --- a/package/dbus/dbus.mk +++ b/package/dbus/dbus.mk @@ -8,6 +8,7 @@ DBUS_VERSION = 1.12.18 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools) DBUS_LICENSE_FILES = COPYING +DBUS_CPE_ID_VALID = y DBUS_CPE_ID_VENDOR = d-bus_project DBUS_CPE_ID_NAME = d-bus DBUS_INSTALL_STAGING = YES diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk index 988c7792dc..85e0676677 100644 --- a/package/dhcp/dhcp.mk +++ b/package/dhcp/dhcp.mk @@ -10,6 +10,7 @@ DHCP_INSTALL_STAGING = YES DHCP_LICENSE = MPL-2.0 DHCP_LICENSE_FILES = LICENSE DHCP_DEPENDENCIES = bind +DHCP_CPE_ID_VALID = y DHCP_CPE_ID_VENDOR = isc # use libtool-enabled configure.ac diff --git a/package/dnsmasq/dnsmasq.mk b/package/dnsmasq/dnsmasq.mk index e0e8bed5aa..679a7f8b91 100644 --- a/package/dnsmasq/dnsmasq.mk +++ b/package/dnsmasq/dnsmasq.mk @@ -14,6 +14,7 @@ DNSMASQ_MAKE_OPTS += DESTDIR=$(TARGET_DIR) LDFLAGS="$(TARGET_LDFLAGS)" \ DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES) DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0 DNSMASQ_LICENSE_FILES = COPYING COPYING-v3 +DNSMASQ_CPE_ID_VALID = y DNSMASQ_CPE_ID_VENDOR = thekelleys DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n) diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk index d965b2eaf2..e8fb240ad0 100644 --- a/package/dropbear/dropbear.mk +++ b/package/dropbear/dropbear.mk @@ -11,6 +11,7 @@ DROPBEAR_LICENSE = MIT, BSD-2-Clause, Public domain DROPBEAR_LICENSE_FILES = LICENSE DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS) +DROPBEAR_CPE_ID_VALID = y DROPBEAR_CPE_ID_VENDOR = $(DROPBEAR_NAME)_ssh_project DROPBEAR_CPE_ID_NAME = $(DROPBEAR_NAME)_ssh diff --git a/package/ethtool/ethtool.mk b/package/ethtool/ethtool.mk index 0e94a918c2..87730eda9f 100644 --- a/package/ethtool/ethtool.mk +++ b/package/ethtool/ethtool.mk @@ -9,6 +9,7 @@ ETHTOOL_SOURCE = ethtool-$(ETHTOOL_VERSION).tar.xz ETHTOOL_SITE = $(BR2_KERNEL_MIRROR)/software/network/ethtool ETHTOOL_LICENSE = GPL-2.0 ETHTOOL_LICENSE_FILES = LICENSE COPYING +ETHTOOL_CPE_ID_VALID = y ETHTOOL_CPE_ID_VENDOR = kernel ETHTOOL_CONF_OPTS = \ $(if $(BR2_PACKAGE_ETHTOOL_PRETTY_PRINT),--enable-pretty-dump,--disable-pretty-dump) diff --git a/package/expat/expat.mk b/package/expat/expat.mk index af3088b80c..3a1da2c7b6 100644 --- a/package/expat/expat.mk +++ b/package/expat/expat.mk @@ -12,6 +12,7 @@ EXPAT_DEPENDENCIES = host-pkgconf HOST_EXPAT_DEPENDENCIES = host-pkgconf EXPAT_LICENSE = MIT EXPAT_LICENSE_FILES = COPYING +EXPAT_CPE_ID_VALID = y EXPAT_CPE_ID_VENDOR = libexpat EXPAT_CONF_OPTS = --without-docbook diff --git a/package/gdb/gdb.mk b/package/gdb/gdb.mk index de11b1e5e8..b3900e2587 100644 --- a/package/gdb/gdb.mk +++ b/package/gdb/gdb.mk @@ -22,6 +22,7 @@ endif GDB_LICENSE = GPL-2.0+, LGPL-2.0+, GPL-3.0+, LGPL-3.0+ GDB_LICENSE_FILES = COPYING COPYING.LIB COPYING3 COPYING3.LIB +GDB_CPE_ID_VALID = y GDB_CPE_ID_VENDOR = gnu # We only want gdbserver and not the entire debugger. diff --git a/package/gesftpserver/gesftpserver.mk b/package/gesftpserver/gesftpserver.mk index 07718a4c42..9a660c313a 100644 --- a/package/gesftpserver/gesftpserver.mk +++ b/package/gesftpserver/gesftpserver.mk @@ -12,6 +12,7 @@ GESFTPSERVER_LICENSE_FILES = COPYING # "Missing prototype" warning treated as error GESFTPSERVER_CONF_OPTS = --disable-warnings-as-errors +GESFTPSERVER_CPE_ID_VALID = y GESFTPSERVER_CPE_ID_VENDOR = green_end GESFTPSERVER_CPE_ID_NAME = sftpserver diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk index 032e642bb8..90cbd38d44 100644 --- a/package/glibc/glibc.mk +++ b/package/glibc/glibc.mk @@ -31,6 +31,7 @@ endif GLIBC_LICENSE = GPL-2.0+ (programs), LGPL-2.1+, BSD-3-Clause, MIT (library) GLIBC_LICENSE_FILES = COPYING COPYING.LIB LICENSES +GLIBC_CPE_ID_VALID = y GLIBC_CPE_ID_VENDOR = gnu # glibc is part of the toolchain so disable the toolchain dependency diff --git a/package/gmp/gmp.mk b/package/gmp/gmp.mk index a79d5b7d9a..b2db9be2ea 100644 --- a/package/gmp/gmp.mk +++ b/package/gmp/gmp.mk @@ -10,6 +10,7 @@ GMP_SOURCE = gmp-$(GMP_VERSION).tar.xz GMP_INSTALL_STAGING = YES GMP_LICENSE = LGPL-3.0+ or GPL-2.0+ GMP_LICENSE_FILES = COPYING.LESSERv3 COPYINGv2 +GMP_CPE_ID_VALID = y GMP_CPE_ID_VENDOR = gmplib GMP_DEPENDENCIES = host-m4 HOST_GMP_DEPENDENCIES = host-m4 diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk index ba424fed96..4ba9e6d691 100644 --- a/package/gnupg/gnupg.mk +++ b/package/gnupg/gnupg.mk @@ -10,6 +10,7 @@ GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg GNUPG_LICENSE = GPL-3.0+ GNUPG_LICENSE_FILES = COPYING GNUPG_DEPENDENCIES = zlib $(if $(BR2_PACKAGE_LIBICONV),libiconv) +GNUPG_CPE_ID_VALID = y GNUPG_CPE_ID_VENDOR = $(GNUPG_NAME) GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no GNUPG_CONF_OPTS = \ diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index 65bb4893e8..cab3897ffe 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -17,6 +17,7 @@ GNUTLS_LICENSE_FILES += doc/COPYING endif GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 nettle pcre +GNUTLS_CPE_ID_VALID = y GNUTLS_CPE_ID_VENDOR = gnu GNUTLS_CONF_OPTS = \ --disable-doc \ diff --git a/package/grep/grep.mk b/package/grep/grep.mk index 204c74f3b8..f3d2b35fa3 100644 --- a/package/grep/grep.mk +++ b/package/grep/grep.mk @@ -9,6 +9,7 @@ GREP_SITE = $(BR2_GNU_MIRROR)/grep GREP_SOURCE = grep-$(GREP_VERSION).tar.xz GREP_LICENSE = GPL-3.0+ GREP_LICENSE_FILES = COPYING +GREP_CPE_ID_VALID = y GREP_CPE_ID_VENDOR = gnu GREP_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) # install into /bin like busybox grep diff --git a/package/gtest/gtest.mk b/package/gtest/gtest.mk index fc51d9f7a2..f103854bc9 100644 --- a/package/gtest/gtest.mk +++ b/package/gtest/gtest.mk @@ -10,6 +10,7 @@ GTEST_INSTALL_STAGING = YES GTEST_INSTALL_TARGET = NO GTEST_LICENSE = BSD-3-Clause GTEST_LICENSE_FILES = googletest/LICENSE +GTEST_CPE_ID_VALID = y GTEST_CPE_ID_VENDOR = google GTEST_CPE_ID_NAME = google_test diff --git a/package/gzip/gzip.mk b/package/gzip/gzip.mk index c8fd3ddb7a..4fcab5817c 100644 --- a/package/gzip/gzip.mk +++ b/package/gzip/gzip.mk @@ -11,6 +11,7 @@ GZIP_SITE = $(BR2_GNU_MIRROR)/gzip GZIP_CONF_OPTS = --exec-prefix=/ GZIP_LICENSE = GPL-3.0+ GZIP_LICENSE_FILES = COPYING +GZIP_CPE_ID_VALID = y GZIP_CPE_ID_VENDOR = gnu GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes HOST_GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk index efeefd8b35..980757c4c2 100644 --- a/package/hostapd/hostapd.mk +++ b/package/hostapd/hostapd.mk @@ -23,6 +23,7 @@ HOSTAPD_IGNORE_CVES += CVE-2019-16275 # 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch HOSTAPD_IGNORE_CVES += CVE-2020-12695 +HOSTAPD_CPE_ID_VALID = y HOSTAPD_CPE_ID_VENDOR = w1.fi HOSTAPD_CONFIG_SET = diff --git a/package/ifupdown/ifupdown.mk b/package/ifupdown/ifupdown.mk index e62c2a79c5..f92950f3ee 100644 --- a/package/ifupdown/ifupdown.mk +++ b/package/ifupdown/ifupdown.mk @@ -9,6 +9,7 @@ IFUPDOWN_SOURCE = ifupdown_$(IFUPDOWN_VERSION).tar.xz IFUPDOWN_SITE = http://snapshot.debian.org/archive/debian/20160922T165503Z/pool/main/i/ifupdown IFUPDOWN_LICENSE = GPL-2.0+ IFUPDOWN_LICENSE_FILES = COPYING +IFUPDOWN_CPE_ID_VALID = y IFUPDOWN_CPE_ID_VENDOR = debian define IFUPDOWN_BUILD_CMDS diff --git a/package/iperf/iperf.mk b/package/iperf/iperf.mk index f1e65e7545..0080c04e09 100644 --- a/package/iperf/iperf.mk +++ b/package/iperf/iperf.mk @@ -8,6 +8,7 @@ IPERF_VERSION = 2.0.13 IPERF_SITE = http://downloads.sourceforge.net/project/iperf2 IPERF_LICENSE = MIT-like IPERF_LICENSE_FILES = COPYING +IPERF_CPE_ID_VALID = y IPERF_CPE_ID_VENDOR = $(IPERF_NAME)2_project IPERF_CPE_ID_NAME = $(IPERF_NAME)2 diff --git a/package/iperf3/iperf3.mk b/package/iperf3/iperf3.mk index 234e04eae0..18a0c55860 100644 --- a/package/iperf3/iperf3.mk +++ b/package/iperf3/iperf3.mk @@ -9,6 +9,7 @@ IPERF3_SITE = https://downloads.es.net/pub/iperf IPERF3_SOURCE = iperf-$(IPERF3_VERSION).tar.gz IPERF3_LICENSE = BSD-3-Clause, BSD-2-Clause, MIT IPERF3_LICENSE_FILES = LICENSE +IPERF3_CPE_ID_VALID = y IPERF3_CPE_ID_VENDOR = es IPERF3_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE" diff --git a/package/ipset/ipset.mk b/package/ipset/ipset.mk index cea3ee0e05..108fb29986 100644 --- a/package/ipset/ipset.mk +++ b/package/ipset/ipset.mk @@ -11,6 +11,7 @@ IPSET_DEPENDENCIES = libmnl host-pkgconf IPSET_CONF_OPTS = --with-kmod=no IPSET_LICENSE = GPL-2.0 IPSET_LICENSE_FILES = COPYING +IPSET_CPE_ID_VALID = y IPSET_CPE_ID_VENDOR = netfilter IPSET_INSTALL_STAGING = YES diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index 053d0e3964..7d18c0bc52 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -12,6 +12,7 @@ IPTABLES_DEPENDENCIES = host-pkgconf \ $(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack) IPTABLES_LICENSE = GPL-2.0 IPTABLES_LICENSE_FILES = COPYING +IPTABLES_CPE_ID_VALID = y IPTABLES_CPE_ID_VENDOR = netfilter # Building static causes ugly warnings on some plugins IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \ diff --git a/package/iw/iw.mk b/package/iw/iw.mk index a232cc8baa..d72eafa09e 100644 --- a/package/iw/iw.mk +++ b/package/iw/iw.mk @@ -9,6 +9,7 @@ IW_SOURCE = iw-$(IW_VERSION).tar.xz IW_SITE = $(BR2_KERNEL_MIRROR)/software/network/iw IW_LICENSE = ISC IW_LICENSE_FILES = COPYING +IW_CPE_ID_VALID = y IW_CPE_ID_VENDOR = kernel IW_DEPENDENCIES = host-pkgconf libnl IW_MAKE_ENV = \ diff --git a/package/kmod/kmod.mk b/package/kmod/kmod.mk index c44764ea18..8f11adfd2b 100644 --- a/package/kmod/kmod.mk +++ b/package/kmod/kmod.mk @@ -15,6 +15,7 @@ HOST_KMOD_DEPENDENCIES = host-pkgconf KMOD_LICENSE = LGPL-2.1+ (library) KMOD_LICENSE_FILES = libkmod/COPYING +KMOD_CPE_ID_VALID = y KMOD_CPE_ID_VENDOR = kernel # --gc-sections triggers binutils ld segfault diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk index 71c8a2e4cf..2a057acd8c 100644 --- a/package/libarchive/libarchive.mk +++ b/package/libarchive/libarchive.mk @@ -9,6 +9,7 @@ LIBARCHIVE_SITE = https://www.libarchive.de/downloads LIBARCHIVE_INSTALL_STAGING = YES LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0 LIBARCHIVE_LICENSE_FILES = COPYING +LIBARCHIVE_CPE_ID_VALID = y LIBARCHIVE_CPE_ID_VENDOR = $(LIBARCHIVE_NAME) ifeq ($(BR2_PACKAGE_LIBARCHIVE_BSDTAR),y) diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 969325a485..5ac444cf20 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -12,6 +12,7 @@ LIBCURL_DEPENDENCIES = host-pkgconf \ $(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump) LIBCURL_LICENSE = curl LIBCURL_LICENSE_FILES = COPYING +LIBCURL_CPE_ID_VALID = y LIBCURL_CPE_ID_VENDOR = haxx LIBCURL_CPE_ID_NAME = libcurl LIBCURL_INSTALL_STAGING = YES diff --git a/package/libestr/libestr.mk b/package/libestr/libestr.mk index 6ce22efae2..da612cb853 100644 --- a/package/libestr/libestr.mk +++ b/package/libestr/libestr.mk @@ -8,6 +8,7 @@ LIBESTR_VERSION = 0.1.11 LIBESTR_SITE = http://libestr.adiscon.com/files/download LIBESTR_LICENSE = LGPL-2.1+ LIBESTR_LICENSE_FILES = COPYING +LIBESTR_CPE_ID_VALID = y LIBESTR_CPE_ID_VENDOR = adiscon LIBESTR_INSTALL_STAGING = YES diff --git a/package/libfastjson/libfastjson.mk b/package/libfastjson/libfastjson.mk index 37dbd7e03e..a7f60d988e 100644 --- a/package/libfastjson/libfastjson.mk +++ b/package/libfastjson/libfastjson.mk @@ -12,6 +12,7 @@ LIBFASTJSON_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99' LIBFASTJSON_AUTORECONF = YES LIBFASTJSON_LICENSE = MIT LIBFASTJSON_LICENSE_FILES = COPYING +LIBFASTJSON_CPE_ID_VALID = y LIBFASTJSON_CPE_ID_VENDOR = rsyslog $(eval $(autotools-package)) diff --git a/package/libfcgi/libfcgi.mk b/package/libfcgi/libfcgi.mk index c40d9c5970..79a1b52be8 100644 --- a/package/libfcgi/libfcgi.mk +++ b/package/libfcgi/libfcgi.mk @@ -8,6 +8,7 @@ LIBFCGI_VERSION = 2.4.2 LIBFCGI_SITE = $(call github,FastCGI-Archives,fcgi2,$(LIBFCGI_VERSION)) LIBFCGI_LICENSE = OML LIBFCGI_LICENSE_FILES = LICENSE.TERMS +LIBFCGI_CPE_ID_VALID = y LIBFCGI_CPE_ID_VENDOR = fastcgi LIBFCGI_CPE_ID_NAME = fcgi LIBFCGI_INSTALL_STAGING = YES diff --git a/package/libffi/libffi.mk b/package/libffi/libffi.mk index e87a024040..2231fa7b71 100644 --- a/package/libffi/libffi.mk +++ b/package/libffi/libffi.mk @@ -6,6 +6,7 @@ LIBFFI_VERSION = 3.3 LIBFFI_SITE = $(call github,libffi,libffi,v$(LIBFFI_VERSION)) +LIBFFI_CPE_ID_VALID = y LIBFFI_CPE_ID_VERSION = 3.3 LIBFFI_CPE_ID_VERSION_MINOR = rc0 LIBFFI_LICENSE = MIT diff --git a/package/libgcrypt/libgcrypt.mk b/package/libgcrypt/libgcrypt.mk index d928d2fd80..b0cbae98c6 100644 --- a/package/libgcrypt/libgcrypt.mk +++ b/package/libgcrypt/libgcrypt.mk @@ -12,6 +12,7 @@ LIBGCRYPT_SITE = https://gnupg.org/ftp/gcrypt/libgcrypt LIBGCRYPT_INSTALL_STAGING = YES LIBGCRYPT_DEPENDENCIES = libgpg-error LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config +LIBGCRYPT_CPE_ID_VALID = y LIBGCRYPT_CPE_ID_VENDOR = gnupg # Patching acinclude.m4 in 0001 diff --git a/package/libglib2/libglib2.mk b/package/libglib2/libglib2.mk index 7f726df29b..c396f4392f 100644 --- a/package/libglib2/libglib2.mk +++ b/package/libglib2/libglib2.mk @@ -10,6 +10,7 @@ LIBGLIB2_SOURCE = glib-$(LIBGLIB2_VERSION).tar.xz LIBGLIB2_SITE = http://ftp.gnome.org/pub/gnome/sources/glib/$(LIBGLIB2_VERSION_MAJOR) LIBGLIB2_LICENSE = LGPL-2.1+ LIBGLIB2_LICENSE_FILES = COPYING +LIBGLIB2_CPE_ID_VALID = y LIBGLIB2_CPE_ID_VENDOR = gnome LIBGLIB2_CPE_ID_NAME = glib LIBGLIB2_INSTALL_STAGING = YES diff --git a/package/libgpg-error/libgpg-error.mk b/package/libgpg-error/libgpg-error.mk index 05c7f710f2..f5e73fdf67 100644 --- a/package/libgpg-error/libgpg-error.mk +++ b/package/libgpg-error/libgpg-error.mk @@ -9,6 +9,7 @@ LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2 LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+ LIBGPG_ERROR_LICENSE_FILES = COPYING COPYING.LIB +LIBGPG_ERROR_CPE_ID_VALID = y LIBGPG_ERROR_CPE_ID_VENDOR = gnupg LIBGPG_ERROR_INSTALL_STAGING = YES LIBGPG_ERROR_CONFIG_SCRIPTS = gpg-error-config diff --git a/package/liblogging/liblogging.mk b/package/liblogging/liblogging.mk index 24375b56b4..32cd4bf7d2 100644 --- a/package/liblogging/liblogging.mk +++ b/package/liblogging/liblogging.mk @@ -8,6 +8,7 @@ LIBLOGGING_VERSION = 1.0.6 LIBLOGGING_SITE = http://download.rsyslog.com/liblogging LIBLOGGING_LICENSE = BSD-2-Clause LIBLOGGING_LICENSE_FILES = COPYING +LIBLOGGING_CPE_ID_VALID = y LIBLOGGING_CPE_ID_VENDOR = adiscon LIBLOGGING_INSTALL_STAGING = YES LIBLOGGING_CONF_OPTS = --enable-cached-man-pages diff --git a/package/libmbim/libmbim.mk b/package/libmbim/libmbim.mk index 2cf245e6b6..9c38c38a61 100644 --- a/package/libmbim/libmbim.mk +++ b/package/libmbim/libmbim.mk @@ -9,6 +9,7 @@ LIBMBIM_SITE = https://www.freedesktop.org/software/libmbim LIBMBIM_SOURCE = libmbim-$(LIBMBIM_VERSION).tar.xz LIBMBIM_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs) LIBMBIM_LICENSE_FILES = COPYING COPYING.LIB +LIBMBIM_CPE_ID_VALID = y LIBMBIM_CPE_ID_VENDOR = freedesktop LIBMBIM_INSTALL_STAGING = YES diff --git a/package/libmnl/libmnl.mk b/package/libmnl/libmnl.mk index d3b33db2e0..98dae41de6 100644 --- a/package/libmnl/libmnl.mk +++ b/package/libmnl/libmnl.mk @@ -10,6 +10,7 @@ LIBMNL_SITE = http://netfilter.org/projects/libmnl/files LIBMNL_INSTALL_STAGING = YES LIBMNL_LICENSE = LGPL-2.1+ LIBMNL_LICENSE_FILES = COPYING +LIBMNL_CPE_ID_VALID = y LIBMNL_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_conntrack/libnetfilter_conntrack.mk b/package/libnetfilter_conntrack/libnetfilter_conntrack.mk index 0a5a94be8f..650a24f74d 100644 --- a/package/libnetfilter_conntrack/libnetfilter_conntrack.mk +++ b/package/libnetfilter_conntrack/libnetfilter_conntrack.mk @@ -11,6 +11,7 @@ LIBNETFILTER_CONNTRACK_INSTALL_STAGING = YES LIBNETFILTER_CONNTRACK_DEPENDENCIES = host-pkgconf libnfnetlink libmnl LIBNETFILTER_CONNTRACK_LICENSE = GPL-2.0+ LIBNETFILTER_CONNTRACK_LICENSE_FILES = COPYING +LIBNETFILTER_CONNTRACK_CPE_ID_VALID = y LIBNETFILTER_CONNTRACK_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_cthelper/libnetfilter_cthelper.mk b/package/libnetfilter_cthelper/libnetfilter_cthelper.mk index d74ea4d0fd..01b886eb91 100644 --- a/package/libnetfilter_cthelper/libnetfilter_cthelper.mk +++ b/package/libnetfilter_cthelper/libnetfilter_cthelper.mk @@ -12,6 +12,7 @@ LIBNETFILTER_CTHELPER_DEPENDENCIES = host-pkgconf libmnl LIBNETFILTER_CTHELPER_AUTORECONF = YES LIBNETFILTER_CTHELPER_LICENSE = GPL-2.0+ LIBNETFILTER_CTHELPER_LICENSE_FILES = COPYING +LIBNETFILTER_CTHELPER_CPE_ID_VALID = y LIBNETFILTER_CTHELPER_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk b/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk index f5c5067b64..b68a3e0520 100644 --- a/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk +++ b/package/libnetfilter_cttimeout/libnetfilter_cttimeout.mk @@ -12,6 +12,7 @@ LIBNETFILTER_CTTIMEOUT_DEPENDENCIES = host-pkgconf libmnl LIBNETFILTER_CTTIMEOUT_AUTORECONF = YES LIBNETFILTER_CTTIMEOUT_LICENSE = GPL-2.0+ LIBNETFILTER_CTTIMEOUT_LICENSE_FILES = COPYING +LIBNETFILTER_CTTIMEOUT_CPE_ID_VALID = y LIBNETFILTER_CTTIMEOUT_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnetfilter_queue/libnetfilter_queue.mk b/package/libnetfilter_queue/libnetfilter_queue.mk index 6cd35baea1..a301a040a0 100644 --- a/package/libnetfilter_queue/libnetfilter_queue.mk +++ b/package/libnetfilter_queue/libnetfilter_queue.mk @@ -12,6 +12,7 @@ LIBNETFILTER_QUEUE_DEPENDENCIES = host-pkgconf libnfnetlink libmnl LIBNETFILTER_QUEUE_AUTORECONF = YES LIBNETFILTER_QUEUE_LICENSE = GPL-2.0+ LIBNETFILTER_QUEUE_LICENSE_FILES = COPYING +LIBNETFILTER_QUEUE_CPE_ID_VALID = y LIBNETFILTER_QUEUE_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libnfnetlink/libnfnetlink.mk b/package/libnfnetlink/libnfnetlink.mk index a5ad47b85e..81efbe263f 100644 --- a/package/libnfnetlink/libnfnetlink.mk +++ b/package/libnfnetlink/libnfnetlink.mk @@ -11,6 +11,7 @@ LIBNFNETLINK_AUTORECONF = YES LIBNFNETLINK_INSTALL_STAGING = YES LIBNFNETLINK_LICENSE = GPL-2.0 LIBNFNETLINK_LICENSE_FILES = COPYING +LIBNFNETLINK_CPE_ID_VALID = y LIBNFNETLINK_CPE_ID_VENDOR = netfilter $(eval $(autotools-package)) diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index bb4747f4c0..3d58e69cff 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -15,6 +15,7 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH)) LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS) LIBOPENSSL_PROVIDES = openssl +LIBOPENSSL_CPE_ID_VALID = y LIBOPENSSL_CPE_ID_VENDOR = $(LIBOPENSSL_PROVIDES) LIBOPENSSL_CPE_ID_NAME = $(LIBOPENSSL_PROVIDES) diff --git a/package/libpcap/libpcap.mk b/package/libpcap/libpcap.mk index e323461529..b011290a42 100644 --- a/package/libpcap/libpcap.mk +++ b/package/libpcap/libpcap.mk @@ -8,6 +8,7 @@ LIBPCAP_VERSION = 1.9.1 LIBPCAP_SITE = http://www.tcpdump.org/release LIBPCAP_LICENSE = BSD-3-Clause LIBPCAP_LICENSE_FILES = LICENSE +LIBPCAP_CPE_ID_VALID = y LIBPCAP_CPE_ID_VENDOR = tcpdump LIBPCAP_INSTALL_STAGING = YES LIBPCAP_DEPENDENCIES = host-flex host-bison diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk index 9bb1e57db6..d79da928ce 100644 --- a/package/libselinux/libselinux.mk +++ b/package/libselinux/libselinux.mk @@ -8,6 +8,7 @@ LIBSELINUX_VERSION = 3.1 LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 LIBSELINUX_LICENSE = Public Domain LIBSELINUX_LICENSE_FILES = LICENSE +LIBSELINUX_CPE_ID_VALID = y LIBSELINUX_CPE_ID_VENDOR = selinuxproject LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk index 48e2bbbc8b..e07b0d15ee 100644 --- a/package/libsemanage/libsemanage.mk +++ b/package/libsemanage/libsemanage.mk @@ -9,6 +9,7 @@ LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/2 LIBSEMANAGE_LICENSE = LGPL-2.1+ LIBSEMANAGE_LICENSE_FILES = COPYING LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2 +LIBSEMANAGE_CPE_ID_VALID = y LIBSEMANAGE_CPE_ID_VENDOR = selinuxproject LIBSEMANAGE_INSTALL_STAGING = YES diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk index a4398bdc42..4f421de5cf 100644 --- a/package/libsepol/libsepol.mk +++ b/package/libsepol/libsepol.mk @@ -8,6 +8,7 @@ LIBSEPOL_VERSION = 3.1 LIBSEPOL_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 LIBSEPOL_LICENSE = LGPL-2.1+ LIBSEPOL_LICENSE_FILES = COPYING +LIBSEPOL_CPE_ID_VALID = y LIBSEPOL_CPE_ID_VENDOR = selinuxproject LIBSEPOL_INSTALL_STAGING = YES diff --git a/package/libssh2/libssh2.mk b/package/libssh2/libssh2.mk index eb66ab5643..ed80408109 100644 --- a/package/libssh2/libssh2.mk +++ b/package/libssh2/libssh2.mk @@ -8,6 +8,7 @@ LIBSSH2_VERSION = 1.9.0 LIBSSH2_SITE = https://www.libssh2.org/download LIBSSH2_LICENSE = BSD LIBSSH2_LICENSE_FILES = COPYING +LIBSSH2_CPE_ID_VALID = y LIBSSH2_CPE_ID_VENDOR = $(LIBSSH2_NAME) LIBSSH2_INSTALL_STAGING = YES LIBSSH2_CONF_OPTS = --disable-examples-build diff --git a/package/libsysfs/libsysfs.mk b/package/libsysfs/libsysfs.mk index fd8bfa6724..2417dd3b62 100644 --- a/package/libsysfs/libsysfs.mk +++ b/package/libsysfs/libsysfs.mk @@ -10,6 +10,7 @@ LIBSYSFS_SOURCE = sysfsutils-$(LIBSYSFS_VERSION).tar.gz LIBSYSFS_INSTALL_STAGING = YES LIBSYSFS_LICENSE = GPL-2.0 (utilities), LGPL-2.1+ (library) LIBSYSFS_LICENSE_FILES = cmd/GPL lib/LGPL +LIBSYSFS_CPE_ID_VALID = y LIBSYSFS_CPE_ID_VENDOR = sysfsutils_project LIBSYSFS_CPE_ID_NAME = sysfsutils diff --git a/package/libtasn1/libtasn1.mk b/package/libtasn1/libtasn1.mk index a354716824..e9336cec1f 100644 --- a/package/libtasn1/libtasn1.mk +++ b/package/libtasn1/libtasn1.mk @@ -9,6 +9,7 @@ LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1 LIBTASN1_DEPENDENCIES = host-bison host-pkgconf LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library) LIBTASN1_LICENSE_FILES = LICENSE doc/COPYING doc/COPYING.LESSER +LIBTASN1_CPE_ID_VALID = y LIBTASN1_CPE_ID_VENDOR = gnu LIBTASN1_INSTALL_STAGING = YES diff --git a/package/libunistring/libunistring.mk b/package/libunistring/libunistring.mk index 1ed7ecf906..eb592132b8 100644 --- a/package/libunistring/libunistring.mk +++ b/package/libunistring/libunistring.mk @@ -10,6 +10,7 @@ LIBUNISTRING_SOURCE = libunistring-$(LIBUNISTRING_VERSION).tar.xz LIBUNISTRING_INSTALL_STAGING = YES LIBUNISTRING_LICENSE = LGPL-3.0+ or GPL-2.0 LIBUNISTRING_LICENSE_FILES = COPYING COPYING.LIB +LIBUNISTRING_CPE_ID_VALID = y LIBUNISTRING_CPE_ID_VENDOR = gnu $(eval $(autotools-package)) diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk index c531934dc3..c7a2e8d9aa 100644 --- a/package/libxml2/libxml2.mk +++ b/package/libxml2/libxml2.mk @@ -13,6 +13,7 @@ LIBXML2_LICENSE_FILES = COPYING LIBXML2_IGNORE_CVES += CVE-2020-7595 # 0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch LIBXML2_IGNORE_CVES += CVE-2019-20388 +LIBXML2_CPE_ID_VALID = y LIBXML2_CPE_ID_VENDOR = xmlsoft LIBXML2_CONFIG_SCRIPTS = xml2-config diff --git a/package/libxslt/libxslt.mk b/package/libxslt/libxslt.mk index 3c603ad9f6..0c22013e9e 100644 --- a/package/libxslt/libxslt.mk +++ b/package/libxslt/libxslt.mk @@ -9,6 +9,7 @@ LIBXSLT_SITE = http://xmlsoft.org/sources LIBXSLT_INSTALL_STAGING = YES LIBXSLT_LICENSE = MIT LIBXSLT_LICENSE_FILES = COPYING +LIBXSLT_CPE_ID_VALID = y LIBXSLT_CPE_ID_VENDOR = xmlsoft LIBXSLT_CONF_OPTS = \ diff --git a/package/libzlib/libzlib.mk b/package/libzlib/libzlib.mk index a1e2640bac..1ea41c55df 100644 --- a/package/libzlib/libzlib.mk +++ b/package/libzlib/libzlib.mk @@ -11,6 +11,7 @@ LIBZLIB_LICENSE = Zlib LIBZLIB_LICENSE_FILES = README LIBZLIB_INSTALL_STAGING = YES LIBZLIB_PROVIDES = zlib +LIBZLIB_CPE_ID_VALID = y LIBZLIB_CPE_ID_VENDOR = gnu LIBZLIB_CPE_ID_NAME = $(LIBZLIB_PROVIDES) diff --git a/package/lighttpd/lighttpd.mk b/package/lighttpd/lighttpd.mk index 39600ef94b..848bc1eaf1 100644 --- a/package/lighttpd/lighttpd.mk +++ b/package/lighttpd/lighttpd.mk @@ -10,6 +10,7 @@ LIGHTTPD_SOURCE = lighttpd-$(LIGHTTPD_VERSION).tar.xz LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-$(LIGHTTPD_VERSION_MAJOR).x LIGHTTPD_LICENSE = BSD-3-Clause LIGHTTPD_LICENSE_FILES = COPYING +LIGHTTPD_CPE_ID_VALID = y LIGHTTPD_CPE_ID_VENDOR = $(LIGHTTPD_NAME) LIGHTTPD_DEPENDENCIES = host-pkgconf LIGHTTPD_CONF_OPTS = \ diff --git a/package/linux-firmware/linux-firmware.mk b/package/linux-firmware/linux-firmware.mk index 938daf0ccd..dbfa3fd00b 100644 --- a/package/linux-firmware/linux-firmware.mk +++ b/package/linux-firmware/linux-firmware.mk @@ -8,6 +8,7 @@ LINUX_FIRMWARE_VERSION = 20200122 LINUX_FIRMWARE_SITE = http://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git LINUX_FIRMWARE_SITE_METHOD = git +LINUX_FIRMWARE_CPE_ID_VALID = y LINUX_FIRMWARE_CPE_ID_VENDOR = kernel # Intel SST DSP diff --git a/package/linux-headers/linux-headers.mk b/package/linux-headers/linux-headers.mk index 4496295f2a..1486ed723a 100644 --- a/package/linux-headers/linux-headers.mk +++ b/package/linux-headers/linux-headers.mk @@ -102,6 +102,7 @@ LINUX_HEADERS_LICENSE_FILES = \ LICENSES/preferred/GPL-2.0 \ LICENSES/exceptions/Linux-syscall-note endif +LINUX_HEADERS_CPE_ID_VALID = y LINUX_HEADERS_CPE_ID_VENDOR = linux LINUX_HEADERS_CPE_ID_NAME = linux_kernel diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk index ecd4a723c4..7edea5990c 100644 --- a/package/linux-pam/linux-pam.mk +++ b/package/linux-pam/linux-pam.mk @@ -23,6 +23,7 @@ LINUX_PAM_LICENSE_FILES = Copyright # We're patching configure.ac LINUX_PAM_AUTORECONF = YES LINUX_PAM_MAKE_OPTS += LIBS=$(TARGET_NLS_LIBS) +LINUX_PAM_CPE_ID_VALID = y LINUX_PAM_CPE_ID_VENDOR = $(LINUX_PAM_NAME) LINUX_PAM_CPE_ID_NAME = $(LINUX_PAM_NAME) diff --git a/package/llvm/llvm.mk b/package/llvm/llvm.mk index 177fff71bb..2d39156900 100644 --- a/package/llvm/llvm.mk +++ b/package/llvm/llvm.mk @@ -10,6 +10,7 @@ LLVM_SITE = https://github.com/llvm/llvm-project/releases/download/llvmorg-$(LLV LLVM_SOURCE = llvm-$(LLVM_VERSION).src.tar.xz LLVM_LICENSE = Apache-2.0 with exceptions LLVM_LICENSE_FILES = LICENSE.TXT +LLVM_CPE_ID_VALID = y LLVM_CPE_ID_VENDOR = $(LLVM_NAME) LLVM_SUPPORTS_IN_SOURCE_BUILD = NO LLVM_INSTALL_STAGING = YES diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk index fbf0b28759..359b3c671c 100644 --- a/package/lxc/lxc.mk +++ b/package/lxc/lxc.mk @@ -8,6 +8,7 @@ LXC_VERSION = 4.0.4 LXC_SITE = https://linuxcontainers.org/downloads/lxc LXC_LICENSE = GPL-2.0 (some tools), LGPL-2.1+ LXC_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 +LXC_CPE_ID_VALID = y LXC_CPE_ID_VENDOR = linuxcontainers LXC_DEPENDENCIES = host-pkgconf LXC_INSTALL_STAGING = YES diff --git a/package/lz4/lz4.mk b/package/lz4/lz4.mk index 7c91b6eecc..0436e615c3 100644 --- a/package/lz4/lz4.mk +++ b/package/lz4/lz4.mk @@ -9,6 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION)) LZ4_INSTALL_STAGING = YES LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs) LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING +LZ4_CPE_ID_VALID = y LZ4_CPE_ID_VENDOR = yann_collet # CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version diff --git a/package/memtester/memtester.mk b/package/memtester/memtester.mk index ec821adbe8..1b4dd7516f 100644 --- a/package/memtester/memtester.mk +++ b/package/memtester/memtester.mk @@ -8,6 +8,7 @@ MEMTESTER_VERSION = 4.3.0 MEMTESTER_SITE = http://pyropus.ca/software/memtester/old-versions MEMTESTER_LICENSE = GPL-2.0 MEMTESTER_LICENSE_FILES = COPYING +MEMTESTER_CPE_ID_VALID = y MEMTESTER_CPE_ID_VENDOR = pryopus MEMTESTER_TARGET_INSTALL_OPTS = INSTALLPATH=$(TARGET_DIR)/usr diff --git a/package/mii-diag/mii-diag.mk b/package/mii-diag/mii-diag.mk index a7c6483221..eb1fa1b6f8 100644 --- a/package/mii-diag/mii-diag.mk +++ b/package/mii-diag/mii-diag.mk @@ -10,6 +10,7 @@ MII_DIAG_PATCH = mii-diag_$(MII_DIAG_VERSION)-3.diff.gz MII_DIAG_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/m/mii-diag MII_DIAG_LICENSE = GPL # No version specified MII_DIAG_LICENSE_FILES = mii-diag.c +MII_DIAG_CPE_ID_VALID = y MII_DIAG_CPE_ID_VENDOR = debian MII_DIAG_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) diff --git a/package/mpfr/mpfr.mk b/package/mpfr/mpfr.mk index 837aff3aa5..4630960c83 100644 --- a/package/mpfr/mpfr.mk +++ b/package/mpfr/mpfr.mk @@ -9,6 +9,7 @@ MPFR_SITE = http://www.mpfr.org/mpfr-$(MPFR_VERSION) MPFR_SOURCE = mpfr-$(MPFR_VERSION).tar.xz MPFR_LICENSE = LGPL-3.0+ MPFR_LICENSE_FILES = COPYING.LESSER +MPFR_CPE_ID_VALID = y MPFR_CPE_ID_VENDOR = gnu MPFR_INSTALL_STAGING = YES MPFR_DEPENDENCIES = gmp diff --git a/package/mrouted/mrouted.mk b/package/mrouted/mrouted.mk index 6ee7fd5dfd..342ce22d53 100644 --- a/package/mrouted/mrouted.mk +++ b/package/mrouted/mrouted.mk @@ -9,6 +9,7 @@ MROUTED_SITE = $(call github,troglobit,mrouted,$(MROUTED_VERSION)) MROUTED_DEPENDENCIES = host-bison MROUTED_LICENSE = BSD-3-Clause MROUTED_LICENSE_FILES = LICENSE +MROUTED_CPE_ID_VALID = y MROUTED_CPE_ID_VENDOR = troglobit define MROUTED_CONFIGURE_CMDS diff --git a/package/mtd/mtd.mk b/package/mtd/mtd.mk index bbae4e13b2..aaa5c28beb 100644 --- a/package/mtd/mtd.mk +++ b/package/mtd/mtd.mk @@ -9,6 +9,7 @@ MTD_SOURCE = mtd-utils-$(MTD_VERSION).tar.bz2 MTD_SITE = ftp://ftp.infradead.org/pub/mtd-utils MTD_LICENSE = GPL-2.0 MTD_LICENSE_FILES = COPYING +MTD_CPE_ID_VALID = y MTD_CPE_ID_VENDOR = mtd-utils_project MTD_CPE_ID_NAME = mtd-utils MTD_INSTALL_STAGING = YES diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk index 5c5e497488..ab46b50cb2 100644 --- a/package/ncurses/ncurses.mk +++ b/package/ncurses/ncurses.mk @@ -10,6 +10,7 @@ NCURSES_INSTALL_STAGING = YES NCURSES_DEPENDENCIES = host-ncurses NCURSES_LICENSE = MIT with advertising clause NCURSES_LICENSE_FILES = COPYING +NCURSES_CPE_ID_VALID = y NCURSES_CPE_ID_VENDOR = gnu NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config NCURSES_PATCH = \ diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk index 09ca33f754..c8eead6988 100644 --- a/package/netsnmp/netsnmp.mk +++ b/package/netsnmp/netsnmp.mk @@ -9,6 +9,7 @@ NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NET NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz NETSNMP_LICENSE = Various BSD-like NETSNMP_LICENSE_FILES = COPYING +NETSNMP_CPE_ID_VALID = y NETSNMP_CPE_ID_VENDOR = net-snmp NETSNMP_CPE_ID_NAME = $(NETSNMP_CPE_ID_VENDOR) NETSNMP_INSTALL_STAGING = YES diff --git a/package/nfs-utils/nfs-utils.mk b/package/nfs-utils/nfs-utils.mk index 67f178cbff..8ca3278a65 100644 --- a/package/nfs-utils/nfs-utils.mk +++ b/package/nfs-utils/nfs-utils.mk @@ -10,6 +10,7 @@ NFS_UTILS_SITE = https://www.kernel.org/pub/linux/utils/nfs-utils/$(NFS_UTILS_VE NFS_UTILS_LICENSE = GPL-2.0+ NFS_UTILS_LICENSE_FILES = COPYING NFS_UTILS_DEPENDENCIES = host-nfs-utils host-pkgconf libtirpc +NFS_UTILS_CPE_ID_VALID = y NFS_UTILS_CPE_ID_VENDOR = linux-nfs NFS_UTILS_AUTORECONF = YES diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index c8937229ab..c0447e5d1a 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -5,6 +5,7 @@ ################################################################################ OPENSSH_VERSION = 8.3p1 +OPENSSH_CPE_ID_VALID = y OPENSSH_CPE_ID_VERSION = 8.3 OPENSSH_CPE_ID_VERSION_MINOR = p1 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable diff --git a/package/pax-utils/pax-utils.mk b/package/pax-utils/pax-utils.mk index a6618851ba..9e2584faca 100644 --- a/package/pax-utils/pax-utils.mk +++ b/package/pax-utils/pax-utils.mk @@ -9,6 +9,7 @@ PAX_UTILS_SITE = http://distfiles.gentoo.org/distfiles PAX_UTILS_SOURCE = pax-utils-$(PAX_UTILS_VERSION).tar.xz PAX_UTILS_LICENSE = GPL-2.0 PAX_UTILS_LICENSE_FILES = COPYING +PAX_UTILS_CPE_ID_VALID = y PAX_UTILS_CPE_ID_VENDOR = gentoo PAX_UTILS_DEPENDENCIES = host-pkgconf diff --git a/package/paxtest/paxtest.mk b/package/paxtest/paxtest.mk index 1b8d6699b6..fee8a84ddd 100644 --- a/package/paxtest/paxtest.mk +++ b/package/paxtest/paxtest.mk @@ -8,6 +8,7 @@ PAXTEST_VERSION = 0.9.15 PAXTEST_SITE = https://www.grsecurity.net/~spender PAXTEST_LICENSE = GPL-2.0+ PAXTEST_LICENSE_FILES = README +PAXTEST_CPE_ID_VALID = y PAXTEST_CPE_ID_VENDOR = grsecurity define PAXTEST_BUILD_CMDS diff --git a/package/pcre/pcre.mk b/package/pcre/pcre.mk index b37a2ca9b7..b0ff7a499c 100644 --- a/package/pcre/pcre.mk +++ b/package/pcre/pcre.mk @@ -9,6 +9,7 @@ PCRE_SITE = https://ftp.pcre.org/pub/pcre PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2 PCRE_LICENSE = BSD-3-Clause PCRE_LICENSE_FILES = LICENCE +PCRE_CPE_ID_VALID = y PCRE_CPE_ID_VENDOR = $(PCRE_NAME) PCRE_INSTALL_STAGING = YES PCRE_CONFIG_SCRIPTS = pcre-config diff --git a/package/pixman/pixman.mk b/package/pixman/pixman.mk index 52d4e36f2e..f08e954652 100644 --- a/package/pixman/pixman.mk +++ b/package/pixman/pixman.mk @@ -9,6 +9,7 @@ PIXMAN_SOURCE = pixman-$(PIXMAN_VERSION).tar.xz PIXMAN_SITE = https://xorg.freedesktop.org/releases/individual/lib PIXMAN_LICENSE = MIT PIXMAN_LICENSE_FILES = COPYING +PIXMAN_CPE_ID_VALID = y PIXMAN_CPE_ID_VENDOR = $(PIXMAN_NAME) PIXMAN_INSTALL_STAGING = YES diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk index 0dfdc7af03..5307564145 100644 --- a/package/policycoreutils/policycoreutils.mk +++ b/package/policycoreutils/policycoreutils.mk @@ -8,6 +8,7 @@ POLICYCOREUTILS_VERSION = 3.1 POLICYCOREUTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710 POLICYCOREUTILS_LICENSE = GPL-2.0 POLICYCOREUTILS_LICENSE_FILES = COPYING +POLICYCOREUTILS_CPE_ID_VALID = y POLICYCOREUTILS_CPE_ID_VENDOR = selinuxproject POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(TARGET_NLS_DEPENDENCIES) diff --git a/package/pppd/pppd.mk b/package/pppd/pppd.mk index 118f9fc334..297de6aae6 100644 --- a/package/pppd/pppd.mk +++ b/package/pppd/pppd.mk @@ -10,6 +10,7 @@ PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+ PPPD_LICENSE_FILES = \ pppd/tdb.c pppd/plugins/pppoatm/COPYING \ pppdump/bsd-comp.c pppd/ccp.c pppd/plugins/passprompt.c +PPPD_CPE_ID_VALID = y PPPD_CPE_ID_VENDOR = samba PPPD_CPE_ID_NAME = ppp diff --git a/package/proftpd/proftpd.mk b/package/proftpd/proftpd.mk index 94276233c8..35fe2f2605 100644 --- a/package/proftpd/proftpd.mk +++ b/package/proftpd/proftpd.mk @@ -8,6 +8,8 @@ PROFTPD_VERSION = 1.3.6c PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION)) PROFTPD_LICENSE = GPL-2.0+ PROFTPD_LICENSE_FILES = COPYING +PROFTPD_CPE_ID_VALID = y +PROFTPD_CPE_ID_VALID = y PROFTPD_CPE_ID_VENDOR = $(PROFTPD_NAME) PROFTPD_CONF_ENV = \ diff --git a/package/protobuf/protobuf.mk b/package/protobuf/protobuf.mk index 82c814b65b..16bcb57bbc 100644 --- a/package/protobuf/protobuf.mk +++ b/package/protobuf/protobuf.mk @@ -12,6 +12,7 @@ PROTOBUF_SOURCE = protobuf-cpp-$(PROTOBUF_VERSION).tar.gz PROTOBUF_SITE = https://github.com/google/protobuf/releases/download/v$(PROTOBUF_VERSION) PROTOBUF_LICENSE = BSD-3-Clause PROTOBUF_LICENSE_FILES = LICENSE +PROTOBUF_CPE_ID_VALID = y PROTOBUF_CPE_ID_VENDOR = google # N.B. Need to use host protoc during cross compilation. diff --git a/package/pure-ftpd/pure-ftpd.mk b/package/pure-ftpd/pure-ftpd.mk index 7e3d18b433..5852c48ee0 100644 --- a/package/pure-ftpd/pure-ftpd.mk +++ b/package/pure-ftpd/pure-ftpd.mk @@ -9,6 +9,7 @@ PURE_FTPD_SITE = https://download.pureftpd.org/pub/pure-ftpd/releases PURE_FTPD_SOURCE = pure-ftpd-$(PURE_FTPD_VERSION).tar.bz2 PURE_FTPD_LICENSE = ISC PURE_FTPD_LICENSE_FILES = COPYING +PURE_FTPD_CPE_ID_VALID = y PURE_FTPD_CPE_ID_VENDOR = pureftpd PURE_FTPD_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv) diff --git a/package/python-lxml/python-lxml.mk b/package/python-lxml/python-lxml.mk index 0b95cf4dc6..6721579311 100644 --- a/package/python-lxml/python-lxml.mk +++ b/package/python-lxml/python-lxml.mk @@ -15,6 +15,7 @@ PYTHON_LXML_LICENSE_FILES = \ doc/licenses/BSD.txt \ doc/licenses/elementtree.txt \ src/lxml/isoschematron/resources/rng/iso-schematron.rng +PYTHON_LXML_CPE_ID_VALID = y PYTHON_LXML_CPE_ID_VENDOR = lxml PYTHON_LXML_CPE_ID_NAME = lxml diff --git a/package/python-setuptools/python-setuptools.mk b/package/python-setuptools/python-setuptools.mk index ade5ca5521..55e54bf52f 100644 --- a/package/python-setuptools/python-setuptools.mk +++ b/package/python-setuptools/python-setuptools.mk @@ -11,6 +11,7 @@ PYTHON_SETUPTOOLS_SOURCE = setuptools-$(PYTHON_SETUPTOOLS_VERSION).zip PYTHON_SETUPTOOLS_SITE = https://files.pythonhosted.org/packages/b0/f3/44da7482ac6da3f36f68e253cb04de37365b3dba9036a3c70773b778b485 PYTHON_SETUPTOOLS_LICENSE = MIT PYTHON_SETUPTOOLS_LICENSE_FILES = LICENSE +PYTHON_SETUPTOOLS_CPE_ID_VALID = y PYTHON_SETUPTOOLS_CPE_ID_VENDOR = python PYTHON_SETUPTOOLS_CPE_ID_NAME = setuptools PYTHON_SETUPTOOLS_SETUP_TYPE = setuptools diff --git a/package/python/python.mk b/package/python/python.mk index 2d4c5a3721..fd58e8bc7c 100644 --- a/package/python/python.mk +++ b/package/python/python.mk @@ -10,6 +10,7 @@ PYTHON_SOURCE = Python-$(PYTHON_VERSION).tar.xz PYTHON_SITE = https://python.org/ftp/python/$(PYTHON_VERSION) PYTHON_LICENSE = Python-2.0, others PYTHON_LICENSE_FILES = LICENSE +PYTHON_CPE_ID_VALID = y PYTHON_CPE_ID_VENDOR = $(PYTHON_NAME) PYTHON_LIBTOOL_PATCH = NO diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk index a4b5688605..937f627b18 100644 --- a/package/qemu/qemu.mk +++ b/package/qemu/qemu.mk @@ -12,6 +12,7 @@ QEMU_LICENSE_FILES = COPYING COPYING.LIB # NOTE: there is no top-level license file for non-(L)GPL licenses; # the non-(L)GPL license texts are specified in the affected # individual source files. +QEMU_CPE_ID_VALID = y QEMU_CPE_ID_VENDOR = $(QEMU_NAME) #------------------------------------------------------------- diff --git a/package/rapidjson/rapidjson.mk b/package/rapidjson/rapidjson.mk index d3bcef7df1..3316e71d98 100644 --- a/package/rapidjson/rapidjson.mk +++ b/package/rapidjson/rapidjson.mk @@ -8,6 +8,7 @@ RAPIDJSON_VERSION = 1.1.0 RAPIDJSON_SITE = $(call github,miloyip,rapidjson,v$(RAPIDJSON_VERSION)) RAPIDJSON_LICENSE = MIT RAPIDJSON_LICENSE_FILES = license.txt +RAPIDJSON_CPE_ID_VALID = y RAPIDJSON_CPE_ID_VENDOR = tencent # rapidjson is a header-only C++ library diff --git a/package/readline/readline.mk b/package/readline/readline.mk index 04872ac868..2624ddcdf9 100644 --- a/package/readline/readline.mk +++ b/package/readline/readline.mk @@ -14,6 +14,7 @@ READLINE_CONF_ENV = bash_cv_func_sigsetjmp=yes \ READLINE_CONF_OPTS = --disable-install-examples READLINE_LICENSE = GPL-3.0+ READLINE_LICENSE_FILES = COPYING +READLINE_CPE_ID_VALID = y READLINE_CPE_ID_VENDOR = gnu define READLINE_INSTALL_INPUTRC diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk index 63a1713e35..b212330924 100644 --- a/package/refpolicy/refpolicy.mk +++ b/package/refpolicy/refpolicy.mk @@ -6,6 +6,7 @@ REFPOLICY_LICENSE = GPL-2.0 REFPOLICY_LICENSE_FILES = COPYING +REFPOLICY_CPE_ID_VALID = y REFPOLICY_CPE_ID_VENDOR = tresys REFPOLICY_INSTALL_STAGING = YES REFPOLICY_DEPENDENCIES = \ diff --git a/package/rsyslog/rsyslog.mk b/package/rsyslog/rsyslog.mk index f9e1a0443a..4e1019e8bf 100644 --- a/package/rsyslog/rsyslog.mk +++ b/package/rsyslog/rsyslog.mk @@ -8,6 +8,7 @@ RSYSLOG_VERSION = 8.2004.0 RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0 RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20 +RSYSLOG_CPE_ID_VALID = y RSYSLOG_CPE_ID_VENDOR = $(RSYSLOG_NAME) RSYSLOG_DEPENDENCIES = zlib libestr liblogging libfastjson host-pkgconf RSYSLOG_CONF_ENV = ac_cv_prog_cc_c99='-std=c99' diff --git a/package/rt-tests/rt-tests.mk b/package/rt-tests/rt-tests.mk index a52cfff3c3..9010119e47 100644 --- a/package/rt-tests/rt-tests.mk +++ b/package/rt-tests/rt-tests.mk @@ -10,6 +10,7 @@ RT_TESTS_VERSION = 1.8 RT_TESTS_LICENSE = GPL-2.0+ RT_TESTS_LICENSE_FILES = COPYING RT_TESTS_DEPENDENCIES = numactl +RT_TESTS_CPE_ID_VALID = y RT_TESTS_CPE_ID_VENDOR = kernel define RT_TESTS_BUILD_CMDS diff --git a/package/sed/sed.mk b/package/sed/sed.mk index 64fb2035b0..f9e53c129e 100644 --- a/package/sed/sed.mk +++ b/package/sed/sed.mk @@ -9,6 +9,7 @@ SED_SOURCE = sed-$(SED_VERSION).tar.xz SED_SITE = $(BR2_GNU_MIRROR)/sed SED_LICENSE = GPL-3.0 SED_LICENSE_FILES = COPYING +SED_CPE_ID_VALID = y SED_CPE_ID_VENDOR = gnu SED_CONF_OPTS = \ diff --git a/package/setools/setools.mk b/package/setools/setools.mk index a07b1367a2..ce81fa959f 100644 --- a/package/setools/setools.mk +++ b/package/setools/setools.mk @@ -10,6 +10,7 @@ SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-fle SETOOLS_INSTALL_STAGING = YES SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+ SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL +SETOOLS_CPE_ID_VALID = y SETOOLS_CPE_ID_VENDOR = selinuxproject SETOOLS_SETUP_TYPE = setuptools HOST_SETOOLS_DEPENDENCIES = host-python3-cython host-libselinux host-libsepol host-python-networkx diff --git a/package/smcroute/smcroute.mk b/package/smcroute/smcroute.mk index 0db0e084f6..2fa0cd02af 100644 --- a/package/smcroute/smcroute.mk +++ b/package/smcroute/smcroute.mk @@ -9,6 +9,7 @@ SMCROUTE_SOURCE = smcroute-$(SMCROUTE_VERSION).tar.xz SMCROUTE_SITE = https://github.com/troglobit/smcroute/releases/download/$(SMCROUTE_VERSION) SMCROUTE_LICENSE = GPL-2.0+ SMCROUTE_LICENSE_FILES = COPYING +SMCROUTE_CPE_ID_VALID = y SMCROUTE_CPE_ID_VENDOR = troglobit SMCROUTE_CONF_OPTS = ac_cv_func_setpgrp_void=yes diff --git a/package/spawn-fcgi/spawn-fcgi.mk b/package/spawn-fcgi/spawn-fcgi.mk index 8caa1e2b3c..6cec9bbe04 100644 --- a/package/spawn-fcgi/spawn-fcgi.mk +++ b/package/spawn-fcgi/spawn-fcgi.mk @@ -9,6 +9,7 @@ SPAWN_FCGI_SITE = http://www.lighttpd.net/download SPAWN_FCGI_SOURCE = spawn-fcgi-$(SPAWN_FCGI_VERSION).tar.bz2 SPAWN_FCGI_LICENSE = BSD-3-Clause SPAWN_FCGI_LICENSE_FILES = COPYING +SPAWN_FCGI_CPE_ID_VALID = y SPAWN_FCGI_CPE_ID_VENDOR = lighttpd $(eval $(autotools-package)) diff --git a/package/sqlite/sqlite.mk b/package/sqlite/sqlite.mk index 796292178c..24f32854e4 100644 --- a/package/sqlite/sqlite.mk +++ b/package/sqlite/sqlite.mk @@ -5,6 +5,7 @@ ################################################################################ SQLITE_VERSION = 3320300 +SQLITE_CPE_ID_VALID = y SQLITE_CPE_ID_VERSION = 3.31.1 SQLITE_SOURCE = sqlite-autoconf-$(SQLITE_VERSION).tar.gz SQLITE_SITE = https://www.sqlite.org/2020 diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk index 1f7437fa31..7b699a9a22 100644 --- a/package/strongswan/strongswan.mk +++ b/package/strongswan/strongswan.mk @@ -12,6 +12,7 @@ STRONGSWAN_PATCH = \ $(STRONGSWAN_SITE)/patches/28_gmp_pkcs1_overflow_patch/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch STRONGSWAN_LICENSE = GPL-2.0+ STRONGSWAN_LICENSE_FILES = COPYING LICENSE +STRONGSWAN_CPE_ID_VALID = y STRONGSWAN_CPE_ID_VENDOR = $(STRONGSWAN_NAME) STRONGSWAN_DEPENDENCIES = host-pkgconf STRONGSWAN_INSTALL_STAGING = YES diff --git a/package/tar/tar.mk b/package/tar/tar.mk index 643eff1cbc..cba24607af 100644 --- a/package/tar/tar.mk +++ b/package/tar/tar.mk @@ -12,6 +12,7 @@ TAR_SITE = $(BR2_GNU_MIRROR)/tar TAR_CONF_OPTS = --exec-prefix=/ TAR_LICENSE = GPL-3.0+ TAR_LICENSE_FILES = COPYING +TAR_CPE_ID_VALID = y TAR_CPE_ID_VENDOR = gnu ifeq ($(BR2_PACKAGE_ACL),y) diff --git a/package/tcl/tcl.mk b/package/tcl/tcl.mk index 913891e897..82774cc2ac 100644 --- a/package/tcl/tcl.mk +++ b/package/tcl/tcl.mk @@ -10,6 +10,7 @@ TCL_SOURCE = tcl$(TCL_VERSION)-src.tar.gz TCL_SITE = http://downloads.sourceforge.net/project/tcl/Tcl/$(TCL_VERSION) TCL_LICENSE = TCL TCL_LICENSE_FILES = license.terms +TCL_CPE_ID_VALID = y TCL_CPE_ID_VENDOR = $(TCL_NAME) TCL_SUBDIR = unix TCL_INSTALL_STAGING = YES diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk index 9687e3c497..5a02a0c94f 100644 --- a/package/tcpdump/tcpdump.mk +++ b/package/tcpdump/tcpdump.mk @@ -8,6 +8,7 @@ TCPDUMP_VERSION = 4.9.3 TCPDUMP_SITE = http://www.tcpdump.org/release TCPDUMP_LICENSE = BSD-3-Clause TCPDUMP_LICENSE_FILES = LICENSE +TCPDUMP_CPE_ID_VALID = y TCPDUMP_CPE_ID_VENDOR = $(TCPDUMP_NAME) TCPDUMP_CONF_ENV = \ ac_cv_linux_vers=2 \ diff --git a/package/tftpd/tftpd.mk b/package/tftpd/tftpd.mk index 301a222e39..7f7be4aef7 100644 --- a/package/tftpd/tftpd.mk +++ b/package/tftpd/tftpd.mk @@ -10,6 +10,7 @@ TFTPD_SITE = $(BR2_KERNEL_MIRROR)/software/network/tftp/tftp-hpa TFTPD_CONF_OPTS = --without-tcpwrappers TFTPD_LICENSE = BSD-4-Clause TFTPD_LICENSE_FILES = tftpd/tftpd.c +TFTPD_CPE_ID_VALID = y TFTPD_CPE_ID_VENDOR = $(TFTPD_NAME)-hpa_project TFTPD_CPE_ID_NAME = $(TFTPD_NAME)-hpa diff --git a/package/uboot-tools/uboot-tools.mk b/package/uboot-tools/uboot-tools.mk index 61e22f6ae8..6a063e910b 100644 --- a/package/uboot-tools/uboot-tools.mk +++ b/package/uboot-tools/uboot-tools.mk @@ -9,6 +9,7 @@ UBOOT_TOOLS_SOURCE = u-boot-$(UBOOT_TOOLS_VERSION).tar.bz2 UBOOT_TOOLS_SITE = ftp://ftp.denx.de/pub/u-boot UBOOT_TOOLS_LICENSE = GPL-2.0+ UBOOT_TOOLS_LICENSE_FILES = Licenses/gpl-2.0.txt +UBOOT_TOOLS_CPE_ID_VALID = y UBOOT_TOOLS_CPE_ID_VENDOR = denx UBOOT_TOOLS_CPE_ID_NAME = u-boot UBOOT_TOOLS_INSTALL_STAGING = YES diff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk index 96596fd8da..402d4de1a1 100644 --- a/package/util-linux/util-linux.mk +++ b/package/util-linux/util-linux.mk @@ -24,6 +24,7 @@ UTIL_LINUX_LICENSE_FILES = README.licensing \ Documentation/licenses/COPYING.ISC \ Documentation/licenses/COPYING.LGPL-2.1-or-later +UTIL_LINUX_CPE_ID_VALID = y UTIL_LINUX_CPE_ID_VENDOR = kernel UTIL_LINUX_INSTALL_STAGING = YES UTIL_LINUX_DEPENDENCIES = \ diff --git a/package/valgrind/valgrind.mk b/package/valgrind/valgrind.mk index 7d0070a974..198fb2c728 100644 --- a/package/valgrind/valgrind.mk +++ b/package/valgrind/valgrind.mk @@ -9,6 +9,7 @@ VALGRIND_SITE = https://sourceware.org/pub/valgrind VALGRIND_SOURCE = valgrind-$(VALGRIND_VERSION).tar.bz2 VALGRIND_LICENSE = GPL-2.0, GFDL-1.2 VALGRIND_LICENSE_FILES = COPYING COPYING.DOCS +VALGRIND_CPE_ID_VALID = y VALGRIND_CPE_ID_VENDOR = $(VALGRIND_NAME) VALGRIND_CONF_OPTS = \ --disable-ubsan \ diff --git a/package/vim/vim.mk b/package/vim/vim.mk index 2bd3d437e4..f496332e74 100644 --- a/package/vim/vim.mk +++ b/package/vim/vim.mk @@ -23,6 +23,7 @@ VIM_CONF_ENV = \ VIM_CONF_OPTS = --with-tlib=ncurses --enable-gui=no --without-x VIM_LICENSE = Charityware VIM_LICENSE_FILES = README.txt +VIM_CPE_ID_VALID = y VIM_CPE_ID_VENDOR = $(VIM_NAME) ifeq ($(BR2_PACKAGE_ACL),y) diff --git a/package/wget/wget.mk b/package/wget/wget.mk index 65c132e453..0fbbc9c23c 100644 --- a/package/wget/wget.mk +++ b/package/wget/wget.mk @@ -10,6 +10,7 @@ WGET_SITE = $(BR2_GNU_MIRROR)/wget WGET_DEPENDENCIES = host-pkgconf WGET_LICENSE = GPL-3.0+ WGET_LICENSE_FILES = COPYING +WGET_CPE_ID_VALID = y WGET_CPE_ID_VENDOR = gnu ifeq ($(BR2_PACKAGE_GNUTLS),y) diff --git a/package/wireless-regdb/wireless-regdb.mk b/package/wireless-regdb/wireless-regdb.mk index aaab7fc28b..acb40ca76d 100644 --- a/package/wireless-regdb/wireless-regdb.mk +++ b/package/wireless-regdb/wireless-regdb.mk @@ -9,6 +9,7 @@ WIRELESS_REGDB_SOURCE = wireless-regdb-$(WIRELESS_REGDB_VERSION).tar.xz WIRELESS_REGDB_SITE = $(BR2_KERNEL_MIRROR)/software/network/wireless-regdb WIRELESS_REGDB_LICENSE = ISC WIRELESS_REGDB_LICENSE_FILES = LICENSE +WIRELESS_REGDB_CPE_ID_VALID = y WIRELESS_REGDB_CPE_ID_VENDOR = kernel ifeq ($(BR2_PACKAGE_CRDA),y) diff --git a/package/wireless_tools/wireless_tools.mk b/package/wireless_tools/wireless_tools.mk index 01d03218d6..631d04d460 100644 --- a/package/wireless_tools/wireless_tools.mk +++ b/package/wireless_tools/wireless_tools.mk @@ -10,6 +10,7 @@ WIRELESS_TOOLS_SITE = https://hewlettpackard.github.io/wireless-tools WIRELESS_TOOLS_SOURCE = wireless_tools.$(WIRELESS_TOOLS_VERSION).tar.gz WIRELESS_TOOLS_LICENSE = GPL-2.0 WIRELESS_TOOLS_LICENSE_FILES = COPYING +WIRELESS_TOOLS_CPE_ID_VALID = y WIRELESS_TOOLS_CPE_ID_VERSION = $(WIRELESS_TOOLS_VERSION_MAJOR) WIRELESS_TOOLS_CPE_ID_VERSION_MINOR = pre9 WIRELESS_TOOLS_INSTALL_STAGING = YES diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk index 955f7fb98f..62149d255f 100644 --- a/package/wpa_supplicant/wpa_supplicant.mk +++ b/package/wpa_supplicant/wpa_supplicant.mk @@ -8,6 +8,7 @@ WPA_SUPPLICANT_VERSION = 2.9 WPA_SUPPLICANT_SITE = http://w1.fi/releases WPA_SUPPLICANT_LICENSE = BSD-3-Clause WPA_SUPPLICANT_LICENSE_FILES = README +WPA_SUPPLICANT_CPE_ID_VALID = y WPA_SUPPLICANT_CPE_ID_VENDOR = w1.fi WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config WPA_SUPPLICANT_SUBDIR = wpa_supplicant diff --git a/package/xerces/xerces.mk b/package/xerces/xerces.mk index 5caf421132..1eb80224d1 100644 --- a/package/xerces/xerces.mk +++ b/package/xerces/xerces.mk @@ -9,6 +9,7 @@ XERCES_SOURCE = xerces-c-$(XERCES_VERSION).tar.xz XERCES_SITE = http://archive.apache.org/dist/xerces/c/3/sources XERCES_LICENSE = Apache-2.0 XERCES_LICENSE_FILES = LICENSE +XERCES_CPE_ID_VALID = y XERCES_CPE_ID_VENDOR = apache XERCES_CPE_ID_NAME = $(XERCES_NAME)-c\+\+ XERCES_INSTALL_STAGING = YES diff --git a/package/xz/xz.mk b/package/xz/xz.mk index ffbae4c873..9f90de485f 100644 --- a/package/xz/xz.mk +++ b/package/xz/xz.mk @@ -11,6 +11,7 @@ XZ_INSTALL_STAGING = YES XZ_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99' XZ_LICENSE = Public Domain, GPL-2.0+, GPL-3.0+, LGPL-2.1+ XZ_LICENSE_FILES = COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv2.1 +XZ_CPE_ID_VALID = y XZ_CPE_ID_VENDOR = tukaani ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) From patchwork Tue Oct 6 13:42:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377452 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5Jbb3tdVz9sTL for ; Wed, 7 Oct 2020 00:44:11 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D7DDB20770; Tue, 6 Oct 2020 13:44:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ulGhMHFcYWf; Tue, 6 Oct 2020 13:44:02 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 2A5312052B; Tue, 6 Oct 2020 13:43:51 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id E2B411BF3E9 for ; Tue, 6 Oct 2020 13:43:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D6C742076E for ; Tue, 6 Oct 2020 13:43:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nhK0QyN5I1Nr for ; Tue, 6 Oct 2020 13:43:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by silver.osuosl.org (Postfix) with ESMTPS id 8365D20531 for ; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 6007540017; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:47 +0200 Message-Id: <20201006134250.22738-15-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 14/17] package/pkg-utils.mk: add the CPE ID in show-info X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add the CPE ID of each package. This information will be useful for a cve-checker. Signed-off-by: Gregory CLEMENT --- package/pkg-utils.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk index f1d085ece1..99000a3043 100644 --- a/package/pkg-utils.mk +++ b/package/pkg-utils.mk @@ -130,6 +130,7 @@ define _json-info-pkg-details "version": "$($(1)_DL_VERSION)", "licenses": "$($(1)_LICENSE)", "dl_dir": "$($(1)_DL_SUBDIR)", + "cpeid": "$($(1)_CPE_ID)", "downloads": [ $(foreach dl,$(sort $($(1)_ALL_DOWNLOADS)), { From patchwork Tue Oct 6 13:42:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377449 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbR75Hcz9sV7 for ; Wed, 7 Oct 2020 00:44:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 756AC2076E; Tue, 6 Oct 2020 13:44:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghxOfBe-Ywgq; Tue, 6 Oct 2020 13:43:55 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 5A31B2076F; Tue, 6 Oct 2020 13:43:47 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 789E61BF3E9 for ; Tue, 6 Oct 2020 13:43:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 731B586EC0 for ; Tue, 6 Oct 2020 13:43:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvY41KVbYbxI for ; Tue, 6 Oct 2020 13:43:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by hemlock.osuosl.org (Postfix) with ESMTPS id 2548886FFB for ; Tue, 6 Oct 2020 13:43:37 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 1EDD86000E; Tue, 6 Oct 2020 13:43:33 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:48 +0200 Message-Id: <20201006134250.22738-16-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 15/17] package/pkg-utils/cve.py: Add cpeid support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add function allowing to use cpeid as argument instead of only using name and version. Also add a new return value (CPEID_UNKNOWN), if there is no cpeid value. Signed-off-by: Gregory CLEMENT --- support/scripts/cve.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/support/scripts/cve.py b/support/scripts/cve.py index 3cc01248b2..de2f5d5701 100755 --- a/support/scripts/cve.py +++ b/support/scripts/cve.py @@ -52,6 +52,7 @@ class CVE: CVE_AFFECTS = 1 CVE_DOESNT_AFFECT = 2 CVE_UNKNOWN = 3 + CPEID_UNKNOWN = 4 def __init__(self, nvd_cve): """Initialize a CVE from its NVD JSON representation""" @@ -190,7 +191,7 @@ class CVE: """The set of package names referred by this CVE definition""" return set(p['product'] for p in self.each_cpe()) - def affects(self, name, version, cve_ignore_list): + def __affects(self, name, version, cve_ignore_list): """ True if the Buildroot Package object passed as argument is affected by this CVE. @@ -247,3 +248,13 @@ class CVE: return self.CVE_UNKNOWN else: return self.CVE_DOESNT_AFFECT + + def affects(self, name, version, cve_ignore_list): + return self.__affects(name, version, cve_ignore_list) + + def affects_cpeid(self, cpeid, cve_ignore_list): + try: + product, version = cpeid.split(':')[1:3] + except: + return self.CPEID_UNKNOWN + return self.__affects(product, version, cve_ignore_list) From patchwork Tue Oct 6 13:42:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377447 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbG103Nz9sTK for ; Wed, 7 Oct 2020 00:43:54 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B62A886FAC; Tue, 6 Oct 2020 13:43:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YSC5dL2q4LWw; Tue, 6 Oct 2020 13:43:50 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 721DF8703A; Tue, 6 Oct 2020 13:43:48 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 0F5C41BF3E9 for ; Tue, 6 Oct 2020 13:43:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0C0A786688 for ; Tue, 6 Oct 2020 13:43:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJ4+5xvodI+H for ; Tue, 6 Oct 2020 13:43:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by whitealder.osuosl.org (Postfix) with ESMTPS id 784F385DB1 for ; Tue, 6 Oct 2020 13:43:36 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id CA11140013; Tue, 6 Oct 2020 13:43:34 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:49 +0200 Message-Id: <20201006134250.22738-17-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 16/17] support/script/cve-checker: Allow to use cpeid X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add a argument to cve-checker allowing to use the cpeid instead of the internal name and version from buildroot. It should allow to have more accurate CVE status. Signed-off-by: Gregory CLEMENT --- support/scripts/cve-checker | 48 +++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/support/scripts/cve-checker b/support/scripts/cve-checker index b32e036d76..d1bce65b0c 100755 --- a/support/scripts/cve-checker +++ b/support/scripts/cve-checker @@ -26,23 +26,26 @@ import cve as cvecheck class Package: - def __init__(self, name, version, ignored_cves): + def __init__(self, name, version, cpeid, ignored_cves): self.name = name self.version = version + self.cpeid = cpeid self.cves = list() self.cves_to_check = list() self.ignored_cves = ignored_cves -def check_package_cves(nvd_path, packages): +def check_package_cves(nvd_path, packages, use_cpeid): if not os.path.isdir(nvd_path): os.makedirs(nvd_path) - for cve in cvecheck.CVE.read_nvd_dir(nvd_path): for pkg_name in cve.pkg_names: pkg = packages.get(pkg_name, '') if pkg: - affected = cve.affects(pkg.name, pkg.version, pkg.ignored_cves) + if use_cpeid: + affected = cve.affects_cpeid(pkg.cpeid, pkg.ignored_cves) + else: + affected = cve.affects(pkg.name, pkg.version, pkg.ignored_cves) if (affected == cve.CVE_UNKNOWN): pkg.cves_to_check.append(cve.identifier) elif affected == cve.CVE_AFFECTS: @@ -91,7 +94,14 @@ if (typeof sorttable === \"object\") { def dump_html_pkg(f, pkg): f.write(" \n") - f.write(" %s\n" % pkg.name) + td_class = ["left"] + if len(pkg.cpeid) != 0: + td_class.append("correct") + else: + td_class.append("wrong") + f.write(" \n" % " ".join(td_class)) + f.write(" %s\n" % pkg.name) + f.write(" \n") # Current version if len(pkg.version) > 20: @@ -122,6 +132,16 @@ def dump_html_pkg(f, pkg): f.write(" %s
\n" % (cve, cve)) f.write(" \n") + # CPEID valid + td_class = ["left"] + if len(pkg.cpeid) != 0: + td_class.append("correct") + else: + td_class.append("wrong") + f.write(" \n" % " ".join(td_class)) + f.write(" %s\n" % pkg.cpeid) + f.write(" \n") + f.write(" \n") @@ -133,6 +153,7 @@ def dump_html_all_pkgs(f, packages): Version CVEs CVEs to check +CPEID valid """) for pkg in packages: @@ -158,6 +179,7 @@ def dump_json(packages, date, output): pkg.name: { "version": pkg.version, "cves": pkg.cves, + "cpeid": pkg.cpeid, } for pkg in packages } # The actual structure to dump, add date to it @@ -182,25 +204,37 @@ def parse_args(): parser.add_argument('--nvd-path', dest='nvd_path', help='Path to the local NVD database', type=resolvepath, required=True) + parser.add_argument("--cpeid", action='store_true') args = parser.parse_args() if not args.html and not args.json: parser.error('at least one of --html or --json (or both) is required') return args +def cpeid_name(pkg): + try: + return pkg.cpeid.split(':')[1] + except: + return '' def __main__(): packages = list() content = json.load(sys.stdin) for item in content: pkg = content[item] - p = Package(item, pkg.get('version', ''), pkg.get('ignore_cves', '')) + p = Package(item, pkg.get('version', ''), pkg.get('cpeid', ''), pkg.get('ignore_cves', '')) packages.append(p) args = parse_args() + if args.cpeid: + print("going to use strict cpeid") date = datetime.datetime.utcnow() print("Checking packages CVEs") - check_package_cves(args.nvd_path, {p.name: p for p in packages}) + if args.cpeid: + check_package_cves(args.nvd_path, {cpeid_name(p): p for p in packages}, args.cpeid) + else: + check_package_cves(args.nvd_path, {p.name: p for p in packages}, args.cpeid) + if args.html: print("Write HTML") From patchwork Tue Oct 6 13:42:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregory CLEMENT X-Patchwork-Id: 1377451 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5JbY3PzFz9sTK for ; Wed, 7 Oct 2020 00:44:09 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 9CC948672E; Tue, 6 Oct 2020 13:44:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeiSMqsH-sij; Tue, 6 Oct 2020 13:44:00 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 9AEB886687; Tue, 6 Oct 2020 13:43:58 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 3C11A1BF97F for ; Tue, 6 Oct 2020 13:43:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 20465204E4 for ; Tue, 6 Oct 2020 13:43:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoorAqjvRYRz for ; Tue, 6 Oct 2020 13:43:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by silver.osuosl.org (Postfix) with ESMTPS id CDF6E204D1 for ; Tue, 6 Oct 2020 13:43:37 +0000 (UTC) X-Originating-IP: 90.65.92.90 Received: from localhost (lfbn-lyo-1-1913-90.w90-65.abo.wanadoo.fr [90.65.92.90]) (Authenticated sender: gregory.clement@bootlin.com) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 552F36001B; Tue, 6 Oct 2020 13:43:35 +0000 (UTC) From: Gregory CLEMENT To: buildroot@buildroot.org Date: Tue, 6 Oct 2020 15:42:50 +0200 Message-Id: <20201006134250.22738-18-gregory.clement@bootlin.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20201006134250.22738-1-gregory.clement@bootlin.com> References: <20201006134250.22738-1-gregory.clement@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 17/17] support/script/pkg-stats: Allow to use CPEID for managing CVEs X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add CPEID information by retrieving it from the package. Also introduce a new argument --cpeid to use valid cpeid instead of buildroot name and version to check if a pacakge is affected by a CVEs. Signed-off-by: Gregory CLEMENT --- support/scripts/pkg-stats | 46 +++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/support/scripts/pkg-stats b/support/scripts/pkg-stats index 69edeedec0..e2e328847f 100755 --- a/support/scripts/pkg-stats +++ b/support/scripts/pkg-stats @@ -76,6 +76,7 @@ class Package: all_license_files = list() all_versions = dict() all_ignored_cves = dict() + all_cpeids = dict () # This is the list of all possible checks. Add new checks to this list so # a tool that post-processeds the json output knows the checks before # iterating over the packages. @@ -96,6 +97,7 @@ class Package: self.current_version = None self.url = None self.url_worker = None + self.cpeid = '' self.cves = list() self.cves_to_check = list() self.latest_version = {'status': RM_API_STATUS_ERROR, 'version': None, 'id': None} @@ -211,6 +213,14 @@ class Package: if var in self.all_versions: self.current_version = self.all_versions[var] + def set_cpeid(self): + """ + Fills in the .cpeid field + """ + var = self.pkgvar() + if var in self.all_cpeids: + self.cpeid = self.all_cpeids[var] + def set_check_package_warnings(self): """ Fills in the .warnings and .status['pkg-check'] fields @@ -334,7 +344,7 @@ def get_pkglist(npackages, package_list): def package_init_make_info(): # Fetch all variables at once variables = subprocess.check_output(["make", "BR2_HAVE_DOT_CONFIG=y", "-s", "printvars", - "VARS=%_LICENSE %_LICENSE_FILES %_VERSION %_IGNORE_CVES"]) + "VARS=%_LICENSE %_LICENSE_FILES %_VERSION %_IGNORE_CVES %_CPE_ID"]) variable_list = variables.decode().splitlines() # We process first the host package VERSION, and then the target @@ -372,6 +382,9 @@ def package_init_make_info(): pkgvar = pkgvar[:-12] Package.all_ignored_cves[pkgvar] = value.split() + elif pkgvar.endswith("_CPE_ID"): + pkgvar = pkgvar[:-7] + Package.all_cpeids[pkgvar] = value check_url_count = 0 @@ -528,7 +541,7 @@ async def check_package_latest_version(packages): await asyncio.wait(tasks) -def check_package_cves(nvd_path, packages): +def check_package_cves(nvd_path, packages, use_cpeid): if not os.path.isdir(nvd_path): os.makedirs(nvd_path) @@ -536,7 +549,11 @@ def check_package_cves(nvd_path, packages): for pkg_name in cve.pkg_names: if pkg_name in packages: pkg = packages[pkg_name] - affected = cve.affects(pkg.name, pkg.current_version, pkg.ignored_cves) + print("check_package", pkg.cpeid) + if use_cpeid: + affected = cve.affects_cpeid(pkg.cpeid, pkg.ignored_cves) + else: + affected = cve.affects(pkg.name, pkg.current_version, pkg.ignored_cves) if affected == cve.CVE_UNKNOWN: pkg.cves_to_check.append(cve.identifier) if affected == cve.CVE_AFFECTS: @@ -818,6 +835,16 @@ def dump_html_pkg(f, pkg): f.write(" %s
\n" % (cve, cve)) f.write(" \n") + # CPEID valid + td_class = ["left"] + if len(pkg.cpeid) != 0: + td_class.append("correct") + else: + td_class.append("wrong") + f.write(" \n" % " ".join(td_class)) + f.write(" %s\n" % pkg.cpeid) + f.write(" \n") + f.write(" \n") @@ -837,6 +864,7 @@ def dump_html_all_pkgs(f, packages): Upstream URL CVEs CVEs to check +CPEID valid """) for pkg in sorted(packages): @@ -955,11 +983,17 @@ def parse_args(): help='List of packages (comma separated)') parser.add_argument('--nvd-path', dest='nvd_path', help='Path to the local NVD database', type=resolvepath) + parser.add_argument("--cpeid", action='store_true') args = parser.parse_args() if not args.html and not args.json: parser.error('at least one of --html or --json (or both) is required') return args +def cpeid_name(pkg): + try: + return pkg.cpeid.split(':')[1] + except: + return '' def __main__(): args = parse_args() @@ -988,6 +1022,7 @@ def __main__(): pkg.set_patch_count() pkg.set_check_package_warnings() pkg.set_current_version() + pkg.set_cpeid() pkg.set_url() pkg.set_developers(developers) print("Checking URL status") @@ -998,7 +1033,10 @@ def __main__(): loop.run_until_complete(check_package_latest_version(packages)) if args.nvd_path: print("Checking packages CVEs") - check_package_cves(args.nvd_path, {p.name: p for p in packages}) + if args.cpeid: + check_package_cves(args.nvd_path, {cpeid_name(p): p for p in packages}, args.cpeid) + else: + check_package_cves(args.nvd_path, {p.name: p for p in packages}, args.cpeid) print("Calculate stats") stats = calculate_stats(packages) if args.html: