@@ -26,6 +26,7 @@ GRUB2_INSTALL_TARGET = YES
else
GRUB2_INSTALL_TARGET = NO
endif
+GRUB2_CPE_ID_VENDOR = gnu
GRUB2_BUILTIN_MODULES = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES))
GRUB2_BUILTIN_CONFIG = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG))
@@ -11,6 +11,8 @@ UBOOT_LICENSE = GPL-2.0+
ifeq ($(BR2_TARGET_UBOOT_LATEST_VERSION),y)
UBOOT_LICENSE_FILES = Licenses/gpl-2.0.txt
endif
+UBOOT_CPE_ID_VENDOR = denx
+UBOOT_CPE_ID_NAME = u-boot
UBOOT_INSTALL_IMAGES = YES
@@ -12,6 +12,8 @@ LINUX_LICENSE_FILES = \
LICENSES/preferred/GPL-2.0 \
LICENSES/exceptions/Linux-syscall-note
endif
+LINUX_CPE_ID_VENDOR = $(LINUX_NAME)
+LINUX_CPE_ID_NAME = $(LINUX_NAME)_kernel
define LINUX_HELP_CMDS
@echo ' linux-menuconfig - Run Linux kernel menuconfig'
@@ -10,6 +10,8 @@ AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
AUDIT_LICENSE_FILES = COPYING COPYING.LIB
# 0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
AUDIT_AUTORECONF = YES
+AUDIT_CPE_ID_VENDOR = linux_audit_project
+AUDIT_CPE_ID_NAME = linux_audit
AUDIT_INSTALL_STAGING = YES
@@ -7,6 +7,7 @@
AUFS_VERSION = $(call qstrip,$(BR2_PACKAGE_AUFS_VERSION))
AUFS_LICENSE = GPL-2.0
AUFS_LICENSE_FILES = COPYING
+AUFS_CPE_ID_VERSION = 4.1
ifeq ($(BR2_PACKAGE_AUFS_SERIES),3)
AUFS_SITE = http://git.code.sf.net/p/aufs/aufs3-standalone
@@ -10,6 +10,7 @@ BASH_DEPENDENCIES = ncurses readline host-bison
BASH_CONF_OPTS = --with-installed-readline --without-bash-malloc
BASH_LICENSE = GPL-3.0+
BASH_LICENSE_FILES = COPYING
+BASH_CPE_ID_VENDOR = gnu
BASH_CONF_ENV += \
ac_cv_rl_prefix="$(STAGING_DIR)" \
@@ -9,6 +9,7 @@ BC_SITE = http://ftp.gnu.org/gnu/bc
BC_DEPENDENCIES = host-flex
BC_LICENSE = GPL-2.0+, LGPL-2.1+
BC_LICENSE_FILES = COPYING COPYING.LIB
+BC_CPE_ID_VENDOR = gnu
BC_CONF_ENV = MAKEINFO=true
# 0001-bc-use-MAKEINFO-variable-for-docs.patch and 0004-no-gen-libmath.patch
@@ -12,6 +12,7 @@ BIND_INSTALL_STAGING = YES
BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh
BIND_LICENSE = MPL-2.0
BIND_LICENSE_FILES = COPYRIGHT
+BIND_CPE_ID_VENDOR = isc
BIND_TARGET_SERVER_SBIN = arpaname ddns-confgen dnssec-checkds dnssec-coverage
BIND_TARGET_SERVER_SBIN += dnssec-importkey dnssec-keygen dnssec-revoke
BIND_TARGET_SERVER_SBIN += dnssec-settime dnssec-verify genrandom
@@ -10,6 +10,7 @@ BOOST_SITE = https://dl.bintray.com/boostorg/release/$(BOOST_VERSION)/source
BOOST_INSTALL_STAGING = YES
BOOST_LICENSE = BSL-1.0
BOOST_LICENSE_FILES = LICENSE_1_0.txt
+BOOST_CPE_ID_VENDOR = $(BOOST_NAME)
# CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost,
# while in fact it affects Drupal (a module called boost in there).
@@ -10,6 +10,7 @@ BRIDGE_UTILS_SOURCE = bridge-utils-1.6.tar.xz
BRIDGE_UTILS_AUTORECONF = YES
BRIDGE_UTILS_LICENSE = GPL-2.0+
BRIDGE_UTILS_LICENSE_FILES = COPYING
+BRIDGE_UTILS_CPE_ID_VENDOR = kernel
# Avoid using the host's headers. Location is not important as
# required headers will anyway be found from within the sysroot.
@@ -9,6 +9,7 @@ BUSYBOX_SITE = http://www.busybox.net/downloads
BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
BUSYBOX_LICENSE = GPL-2.0
BUSYBOX_LICENSE_FILES = LICENSE
+BUSYBOX_CPE_ID_VENDOR = $(BUSYBOX_NAME)
define BUSYBOX_HELP_CMDS
@echo ' busybox-menuconfig - Run BusyBox menuconfig'
@@ -9,6 +9,7 @@ BZIP2_SITE = https://sourceware.org/pub/bzip2
BZIP2_INSTALL_STAGING = YES
BZIP2_LICENSE = bzip2 license
BZIP2_LICENSE_FILES = LICENSE
+BZIP2_CPE_ID_VENDOR = bzip
ifeq ($(BR2_STATIC_LIBS),)
define BZIP2_BUILD_SHARED_CMDS
@@ -10,6 +10,7 @@ CLANG_SITE = https://github.com/llvm/llvm-project/releases/download/llvmorg-$(CL
CLANG_SOURCE = clang-$(CLANG_VERSION).src.tar.xz
CLANG_LICENSE = Apache-2.0 with exceptions
CLANG_LICENSE_FILES = LICENSE.TXT
+CLANG_CVE_ID_VENDOR = llvm
CLANG_SUPPORTS_IN_SOURCE_BUILD = NO
CLANG_INSTALL_STAGING = YES
@@ -12,6 +12,7 @@ COLLECTD_CONF_ENV = ac_cv_lib_yajl_yajl_alloc=yes
COLLECTD_INSTALL_STAGING = YES
COLLECTD_LICENSE = MIT (daemon, plugins), GPL-2.0 (plugins), LGPL-2.1 (plugins)
COLLECTD_LICENSE_FILES = COPYING
+COLLECTD_CPE_ID_VENDOR = $(COLLECTD_NAME)
# These require unmet dependencies, are fringe, pointless or deprecated
COLLECTD_PLUGINS_DISABLE = \
@@ -12,6 +12,7 @@ CONNTRACK_TOOLS_DEPENDENCIES = host-pkgconf \
libnetfilter_queue host-bison host-flex
CONNTRACK_TOOLS_LICENSE = GPL-2.0+
CONNTRACK_TOOLS_LICENSE_FILES = COPYING
+CONNTRACK_TOOLS_CPE_ID_VENDOR = netfilter
CONNTRACK_TOOLS_CFLAGS = $(TARGET_CFLAGS)
@@ -9,6 +9,7 @@ COREUTILS_SITE = $(BR2_GNU_MIRROR)/coreutils
COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz
COREUTILS_LICENSE = GPL-3.0+
COREUTILS_LICENSE_FILES = COPYING
+COREUTILS_CPE_ID_VENDOR = gnu
COREUTILS_CONF_OPTS = --disable-rpath \
$(if $(BR2_TOOLCHAIN_USES_MUSL),--with-included-regex)
@@ -9,6 +9,7 @@ CRDA_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/crda.git/snap
CRDA_DEPENDENCIES = host-pkgconf host-python-pycryptodomex libnl libgcrypt
CRDA_LICENSE = ISC
CRDA_LICENSE_FILES = LICENSE
+CRDA_CPE_ID_VENDOR = kernel
define CRDA_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) \
@@ -8,6 +8,7 @@ DAVICI_VERSION = 1.3
DAVICI_SITE = $(call github,strongswan,davici,v$(DAVICI_VERSION))
DAVICI_LICENSE = LGPL-2.1+
DAVICI_LICENSE_FILES = COPYING
+DAVICI_CPE_ID_VENDOR = strongswan
DAVICI_DEPENDENCIES = strongswan
DAVICI_INSTALL_STAGING = YES
DAVICI_AUTORECONF = YES
@@ -9,6 +9,7 @@ DBUS_GLIB_SITE = http://dbus.freedesktop.org/releases/dbus-glib
DBUS_GLIB_INSTALL_STAGING = YES
DBUS_GLIB_LICENSE = AFL-2.1 or GPL-2.0+
DBUS_GLIB_LICENSE_FILES = COPYING
+DBUS_GLIB_CPE_ID_VENDOR = freedesktop
DBUS_GLIB_CONF_ENV = \
ac_cv_have_abstract_sockets=yes \
@@ -8,6 +8,8 @@ DBUS_VERSION = 1.12.18
DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
DBUS_LICENSE_FILES = COPYING
+DBUS_CPE_ID_VENDOR = d-bus_project
+DBUS_CPE_ID_NAME = d-bus
DBUS_INSTALL_STAGING = YES
define DBUS_PERMISSIONS
@@ -10,6 +10,7 @@ DHCP_INSTALL_STAGING = YES
DHCP_LICENSE = MPL-2.0
DHCP_LICENSE_FILES = LICENSE
DHCP_DEPENDENCIES = bind
+DHCP_CPE_ID_VENDOR = isc
# use libtool-enabled configure.ac
define DHCP_LIBTOOL_AUTORECONF
@@ -14,6 +14,7 @@ DNSMASQ_MAKE_OPTS += DESTDIR=$(TARGET_DIR) LDFLAGS="$(TARGET_LDFLAGS)" \
DNSMASQ_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
DNSMASQ_LICENSE = GPL-2.0 or GPL-3.0
DNSMASQ_LICENSE_FILES = COPYING COPYING-v3
+DNSMASQ_CPE_ID_VENDOR = thekelleys
DNSMASQ_I18N = $(if $(BR2_SYSTEM_ENABLE_NLS),-i18n)
@@ -11,6 +11,8 @@ DROPBEAR_LICENSE = MIT, BSD-2-Clause, BSD-3-Clause
DROPBEAR_LICENSE_FILES = LICENSE
DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
+DROPBEAR_CPE_ID_VENDOR = $(DROPBEAR_NAME)_ssh_project
+DROPBEAR_CPE_ID_NAME = $(DROPBEAR_NAME)_ssh
# Disable hardening flags added by dropbear configure.ac, and let
# Buildroot add them when the relevant options are enabled. This
@@ -9,6 +9,7 @@ EBTABLES_SOURCE = ebtables-v$(EBTABLES_VERSION).tar.gz
EBTABLES_SITE = http://ftp.netfilter.org/pub/ebtables
EBTABLES_LICENSE = GPL-2.0+
EBTABLES_LICENSE_FILES = COPYING
+EBTABLES_CVE_ID_VENDOR = netfilter
EBTABLES_STATIC = $(if $(BR2_STATIC_LIBS),static)
EBTABLES_K64U32 = $(if $(BR2_KERNEL_64_USERLAND_32),-DKERNEL_64_USERSPACE_32)
@@ -9,6 +9,7 @@ ETHTOOL_SOURCE = ethtool-$(ETHTOOL_VERSION).tar.xz
ETHTOOL_SITE = $(BR2_KERNEL_MIRROR)/software/network/ethtool
ETHTOOL_LICENSE = GPL-2.0
ETHTOOL_LICENSE_FILES = LICENSE COPYING
+ETHTOOL_CPE_ID_VENDOR = kernel
ETHTOOL_CONF_OPTS = \
$(if $(BR2_PACKAGE_ETHTOOL_PRETTY_PRINT),--enable-pretty-dump,--disable-pretty-dump)
@@ -12,6 +12,7 @@ EXPAT_DEPENDENCIES = host-pkgconf
HOST_EXPAT_DEPENDENCIES = host-pkgconf
EXPAT_LICENSE = MIT
EXPAT_LICENSE_FILES = COPYING
+EXPAT_CPE_ID_VENDOR = libexpat
EXPAT_CONF_OPTS = --without-docbook
HOST_EXPAT_CONF_OPTS = --without-docbook
@@ -22,6 +22,7 @@ endif
GDB_LICENSE = GPL-2.0+, LGPL-2.0+, GPL-3.0+, LGPL-3.0+
GDB_LICENSE_FILES = COPYING COPYING.LIB COPYING3 COPYING3.LIB
+GDB_CPE_ID_VENDOR = gnu
# We only want gdbserver and not the entire debugger.
ifeq ($(BR2_PACKAGE_GDB_DEBUGGER),)
@@ -12,6 +12,8 @@ GESFTPSERVER_LICENSE_FILES = COPYING
# "Missing prototype" warning treated as error
GESFTPSERVER_CONF_OPTS = --disable-warnings-as-errors
+GESFTPSERVER_CPE_ID_VENDOR = green_end
+GESFTPSERVER_CPE_ID_NAME = sftpserver
# forgets to link against pthread when cross compiling
GESFTPSERVER_CONF_ENV = LIBS=-lpthread
@@ -29,6 +29,7 @@ endif
GLIBC_LICENSE = GPL-2.0+ (programs), LGPL-2.1+, BSD-3-Clause, MIT (library)
GLIBC_LICENSE_FILES = COPYING COPYING.LIB LICENSES
+GLIBC_CPE_ID_VENDOR = gnu
# glibc is part of the toolchain so disable the toolchain dependency
GLIBC_ADD_TOOLCHAIN_DEPENDENCY = NO
@@ -10,6 +10,7 @@ GMP_SOURCE = gmp-$(GMP_VERSION).tar.xz
GMP_INSTALL_STAGING = YES
GMP_LICENSE = LGPL-3.0+ or GPL-2.0+
GMP_LICENSE_FILES = COPYING.LESSERv3 COPYINGv2
+GMP_CPE_ID_VENDOR = gmplib
GMP_DEPENDENCIES = host-m4
HOST_GMP_DEPENDENCIES = host-m4
@@ -10,6 +10,7 @@ GNUPG_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG_LICENSE = GPL-3.0+
GNUPG_LICENSE_FILES = COPYING
GNUPG_DEPENDENCIES = zlib $(if $(BR2_PACKAGE_LIBICONV),libiconv)
+GNUPG_CPE_ID_VENDOR = $(GNUPG_NAME)
GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no
GNUPG_CONF_OPTS = \
--disable-rpath \
@@ -17,6 +17,7 @@ GNUTLS_LICENSE_FILES += doc/COPYING
endif
GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 nettle pcre
+GNUTLS_CPE_ID_VENDOR = gnu
GNUTLS_CONF_OPTS = \
--disable-doc \
--disable-guile \
@@ -9,6 +9,7 @@ GREP_SITE = $(BR2_GNU_MIRROR)/grep
GREP_SOURCE = grep-$(GREP_VERSION).tar.xz
GREP_LICENSE = GPL-3.0+
GREP_LICENSE_FILES = COPYING
+GREP_CPE_ID_VENDOR = gnu
GREP_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
# install into /bin like busybox grep
GREP_CONF_OPTS = --exec-prefix=/
@@ -10,6 +10,8 @@ GTEST_INSTALL_STAGING = YES
GTEST_INSTALL_TARGET = NO
GTEST_LICENSE = BSD-3-Clause
GTEST_LICENSE_FILES = googletest/LICENSE
+GTEST_CPE_ID_VENDOR = google
+GTEST_CPE_ID_NAME = google_test
ifeq ($(BR2_PACKAGE_GTEST_GMOCK),y)
GTEST_DEPENDENCIES += host-gtest
@@ -11,6 +11,7 @@ GZIP_SITE = $(BR2_GNU_MIRROR)/gzip
GZIP_CONF_OPTS = --exec-prefix=/
GZIP_LICENSE = GPL-3.0+
GZIP_LICENSE_FILES = COPYING
+GZIP_CPE_ID_VENDOR = gnu
GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes
HOST_GZIP_CONF_ENV += gl_cv_func_fflush_stdin=yes
# configure substitutes $(SHELL) for the shell shebang in scripts like
@@ -16,6 +16,7 @@ HOSTAPD_LICENSE_FILES = README
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
HOSTAPD_IGNORE_CVES += CVE-2019-16275
+HOSTAPD_CPE_ID_VENDOR = w1.fi
HOSTAPD_CONFIG_SET =
HOSTAPD_CONFIG_ENABLE = \
@@ -9,6 +9,7 @@ IFUPDOWN_SOURCE = ifupdown_$(IFUPDOWN_VERSION).tar.xz
IFUPDOWN_SITE = http://snapshot.debian.org/archive/debian/20160922T165503Z/pool/main/i/ifupdown
IFUPDOWN_LICENSE = GPL-2.0+
IFUPDOWN_LICENSE_FILES = COPYING
+IFUPDOWN_CPE_ID_VENDOR = debian
define IFUPDOWN_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
@@ -8,6 +8,8 @@ IPERF_VERSION = 2.0.13
IPERF_SITE = http://downloads.sourceforge.net/project/iperf2
IPERF_LICENSE = MIT-like
IPERF_LICENSE_FILES = COPYING
+IPERF_CPE_ID_VENDOR = $(IPERF_NAME)2_project
+IPERF_CPE_ID_NAME = $(IPERF_NAME)2
IPERF_CONF_OPTS = \
--disable-web100
@@ -9,6 +9,7 @@ IPERF3_SITE = https://downloads.es.net/pub/iperf
IPERF3_SOURCE = iperf-$(IPERF3_VERSION).tar.gz
IPERF3_LICENSE = BSD-3-Clause, BSD-2-Clause, MIT
IPERF3_LICENSE_FILES = LICENSE
+IPERF3_CPE_ID_VENDOR = es
IPERF3_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE"
@@ -11,6 +11,7 @@ IPSET_DEPENDENCIES = libmnl host-pkgconf
IPSET_CONF_OPTS = --with-kmod=no
IPSET_LICENSE = GPL-2.0
IPSET_LICENSE_FILES = COPYING
+IPSET_CPE_ID_VENDOR = netfilter
IPSET_INSTALL_STAGING = YES
$(eval $(autotools-package))
@@ -12,6 +12,7 @@ IPTABLES_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
IPTABLES_LICENSE = GPL-2.0
IPTABLES_LICENSE_FILES = COPYING
+IPTABLES_CPE_ID_VENDOR = netfilter
# Building static causes ugly warnings on some plugins
IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \
$(if $(BR2_STATIC_LIBS),,--disable-static)
@@ -9,6 +9,7 @@ IW_SOURCE = iw-$(IW_VERSION).tar.xz
IW_SITE = $(BR2_KERNEL_MIRROR)/software/network/iw
IW_LICENSE = ISC
IW_LICENSE_FILES = COPYING
+IW_CPE_ID_VENDOR = kernel
IW_DEPENDENCIES = host-pkgconf libnl
IW_MAKE_ENV = \
$(TARGET_MAKE_ENV) \
@@ -15,6 +15,8 @@ HOST_KMOD_DEPENDENCIES = host-pkgconf
KMOD_LICENSE = LGPL-2.1+ (library)
KMOD_LICENSE_FILES = libkmod/COPYING
+KMOD_CPE_ID_VENDOR = kernel
+
# --gc-sections triggers binutils ld segfault
# https://sourceware.org/bugzilla/show_bug.cgi?id=21180
ifeq ($(BR2_microblaze),y)
@@ -9,6 +9,7 @@ LIBARCHIVE_SITE = https://www.libarchive.de/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
LIBARCHIVE_LICENSE_FILES = COPYING
+LIBARCHIVE_CPE_ID_VENDOR = $(LIBARCHIVE_NAME)
ifeq ($(BR2_PACKAGE_LIBARCHIVE_BSDTAR),y)
ifeq ($(BR2_STATIC_LIBS),y)
@@ -12,6 +12,8 @@ LIBCURL_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
+LIBCURL_CPE_ID_VENDOR = haxx
+LIBCURL_CPE_ID_NAME = libcurl
LIBCURL_INSTALL_STAGING = YES
# We disable NTLM support because it uses fork(), which doesn't work
@@ -8,6 +8,7 @@ LIBESTR_VERSION = 0.1.11
LIBESTR_SITE = http://libestr.adiscon.com/files/download
LIBESTR_LICENSE = LGPL-2.1+
LIBESTR_LICENSE_FILES = COPYING
+LIBESTR_CPE_ID_VENDOR = adiscon
LIBESTR_INSTALL_STAGING = YES
$(eval $(autotools-package))
@@ -12,5 +12,6 @@ LIBFASTJSON_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
LIBFASTJSON_AUTORECONF = YES
LIBFASTJSON_LICENSE = MIT
LIBFASTJSON_LICENSE_FILES = COPYING
+LIBFASTJSON_CPE_ID_VENDOR = rsyslog
$(eval $(autotools-package))
@@ -8,6 +8,8 @@ LIBFCGI_VERSION = 2.4.2
LIBFCGI_SITE = $(call github,FastCGI-Archives,fcgi2,$(LIBFCGI_VERSION))
LIBFCGI_LICENSE = OML
LIBFCGI_LICENSE_FILES = LICENSE.TERMS
+LIBFCGI_CPE_ID_VENDOR = fastcgi
+LIBFCGI_CPE_ID_NAME = fcgi
LIBFCGI_INSTALL_STAGING = YES
LIBFCGI_AUTORECONF = YES
@@ -6,6 +6,8 @@
LIBFFI_VERSION = 3.3
LIBFFI_SITE = $(call github,libffi,libffi,v$(LIBFFI_VERSION))
+LIBFFI_CPE_ID_VERSION = 3.3
+LIBFFI_CPE_ID_VERSION_MINOR = rc0
LIBFFI_LICENSE = MIT
LIBFFI_LICENSE_FILES = LICENSE
LIBFFI_INSTALL_STAGING = YES
@@ -12,6 +12,7 @@ LIBGCRYPT_SITE = https://gnupg.org/ftp/gcrypt/libgcrypt
LIBGCRYPT_INSTALL_STAGING = YES
LIBGCRYPT_DEPENDENCIES = libgpg-error
LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config
+LIBGCRYPT_CPE_ID_VENDOR = gnupg
# Patching acinclude.m4 in 0001
# Patching configure.ac and Makefile.am in 0002
@@ -10,6 +10,8 @@ LIBGLIB2_SOURCE = glib-$(LIBGLIB2_VERSION).tar.xz
LIBGLIB2_SITE = http://ftp.gnome.org/pub/gnome/sources/glib/$(LIBGLIB2_VERSION_MAJOR)
LIBGLIB2_LICENSE = LGPL-2.1+
LIBGLIB2_LICENSE_FILES = COPYING
+LIBGLIB2_CPE_ID_VENDOR = gnome
+LIBGLIB2_CPE_ID_NAME = glib
LIBGLIB2_INSTALL_STAGING = YES
LIBGLIB2_CFLAGS = $(TARGET_CFLAGS)
@@ -9,6 +9,7 @@ LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error
LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2
LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+
LIBGPG_ERROR_LICENSE_FILES = COPYING COPYING.LIB
+LIBGPG_ERROR_CPE_ID_VENDOR = gnupg
LIBGPG_ERROR_INSTALL_STAGING = YES
LIBGPG_ERROR_CONFIG_SCRIPTS = gpg-error-config
LIBGPG_ERROR_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
@@ -8,6 +8,7 @@ LIBLOGGING_VERSION = 1.0.6
LIBLOGGING_SITE = http://download.rsyslog.com/liblogging
LIBLOGGING_LICENSE = BSD-2-Clause
LIBLOGGING_LICENSE_FILES = COPYING
+LIBLOGGING_CPE_ID_VENDOR = adiscon
LIBLOGGING_INSTALL_STAGING = YES
LIBLOGGING_CONF_OPTS = --enable-cached-man-pages
@@ -9,6 +9,7 @@ LIBMBIM_SITE = https://www.freedesktop.org/software/libmbim
LIBMBIM_SOURCE = libmbim-$(LIBMBIM_VERSION).tar.xz
LIBMBIM_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs)
LIBMBIM_LICENSE_FILES = COPYING COPYING.LIB
+LIBMBIM_CPE_ID_VENDOR = freedesktop
LIBMBIM_INSTALL_STAGING = YES
LIBMBIM_DEPENDENCIES = libglib2
@@ -10,5 +10,6 @@ LIBMNL_SITE = http://netfilter.org/projects/libmnl/files
LIBMNL_INSTALL_STAGING = YES
LIBMNL_LICENSE = LGPL-2.1+
LIBMNL_LICENSE_FILES = COPYING
+LIBMNL_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -11,5 +11,6 @@ LIBNETFILTER_CONNTRACK_INSTALL_STAGING = YES
LIBNETFILTER_CONNTRACK_DEPENDENCIES = host-pkgconf libnfnetlink libmnl
LIBNETFILTER_CONNTRACK_LICENSE = GPL-2.0+
LIBNETFILTER_CONNTRACK_LICENSE_FILES = COPYING
+LIBNETFILTER_CONNTRACK_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -12,5 +12,6 @@ LIBNETFILTER_CTHELPER_DEPENDENCIES = host-pkgconf libmnl
LIBNETFILTER_CTHELPER_AUTORECONF = YES
LIBNETFILTER_CTHELPER_LICENSE = GPL-2.0+
LIBNETFILTER_CTHELPER_LICENSE_FILES = COPYING
+LIBNETFILTER_CTHELPER_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -12,5 +12,6 @@ LIBNETFILTER_CTTIMEOUT_DEPENDENCIES = host-pkgconf libmnl
LIBNETFILTER_CTTIMEOUT_AUTORECONF = YES
LIBNETFILTER_CTTIMEOUT_LICENSE = GPL-2.0+
LIBNETFILTER_CTTIMEOUT_LICENSE_FILES = COPYING
+LIBNETFILTER_CTTIMEOUT_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -12,5 +12,6 @@ LIBNETFILTER_QUEUE_DEPENDENCIES = host-pkgconf libnfnetlink libmnl
LIBNETFILTER_QUEUE_AUTORECONF = YES
LIBNETFILTER_QUEUE_LICENSE = GPL-2.0+
LIBNETFILTER_QUEUE_LICENSE_FILES = COPYING
+LIBNETFILTER_QUEUE_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -11,5 +11,6 @@ LIBNFNETLINK_AUTORECONF = YES
LIBNFNETLINK_INSTALL_STAGING = YES
LIBNFNETLINK_LICENSE = GPL-2.0
LIBNFNETLINK_LICENSE_FILES = COPYING
+LIBNFNETLINK_CPE_ID_VENDOR = netfilter
$(eval $(autotools-package))
@@ -45,3 +45,14 @@ config BR2_PACKAGE_LIBOPENSSL_ENGINES
Install additional encryption engine libraries.
endif # BR2_PACKAGE_LIBOPENSSL
+# See package/openssl/Config.in for the actual kconfig
+# of this package. This file provides a URL for CPE use.
+
+# help
+# A collaborative effort to develop a robust, commercial-grade,
+# fully featured, and Open Source toolkit implementing the
+# Secure Sockets Layer (SSL v2/v3) and Transport Security
+# (TLS v1) as well as a full-strength general-purpose
+# cryptography library.
+#
+# http://www.openssl.org/
@@ -15,6 +15,8 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
LIBOPENSSL_PROVIDES = openssl
+LIBOPENSSL_CPE_ID_VENDOR = $(LIBOPENSSL_PROVIDES)
+LIBOPENSSL_CPE_ID_NAME = $(LIBOPENSSL_PROVIDES)
ifeq ($(BR2_m68k_cf),y)
# relocation truncated to fit: R_68K_GOT16O
@@ -8,6 +8,7 @@ LIBPCAP_VERSION = 1.9.1
LIBPCAP_SITE = http://www.tcpdump.org/release
LIBPCAP_LICENSE = BSD-3-Clause
LIBPCAP_LICENSE_FILES = LICENSE
+LIBPCAP_CPE_ID_VENDOR = tcpdump
LIBPCAP_INSTALL_STAGING = YES
LIBPCAP_DEPENDENCIES = host-flex host-bison
@@ -8,6 +8,7 @@ LIBSELINUX_VERSION = 3.0
LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20191204
LIBSELINUX_LICENSE = Public Domain
LIBSELINUX_LICENSE_FILES = LICENSE
+LIBSELINUX_CPE_ID_VENDOR = selinuxproject
LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre
@@ -9,6 +9,7 @@ LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/2
LIBSEMANAGE_LICENSE = LGPL-2.1+
LIBSEMANAGE_LICENSE_FILES = COPYING
LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2
+LIBSEMANAGE_CPE_ID_VENDOR = selinuxproject
LIBSEMANAGE_INSTALL_STAGING = YES
LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
@@ -8,6 +8,7 @@ LIBSEPOL_VERSION = 3.0
LIBSEPOL_SITE = https://github.com/SELinuxProject/selinux/releases/download/20191204
LIBSEPOL_LICENSE = LGPL-2.1+
LIBSEPOL_LICENSE_FILES = COPYING
+LIBSEPOL_CPE_ID_VENDOR = selinuxproject
LIBSEPOL_INSTALL_STAGING = YES
LIBSEPOL_DEPENDENCIES = host-flex
@@ -8,6 +8,7 @@ LIBSSH2_VERSION = 1.9.0
LIBSSH2_SITE = https://www.libssh2.org/download
LIBSSH2_LICENSE = BSD
LIBSSH2_LICENSE_FILES = COPYING
+LIBSSH2_CPE_ID_VENDOR = $(LIBSSH2_NAME)
LIBSSH2_INSTALL_STAGING = YES
LIBSSH2_CONF_OPTS = --disable-examples-build
@@ -10,5 +10,7 @@ LIBSYSFS_SOURCE = sysfsutils-$(LIBSYSFS_VERSION).tar.gz
LIBSYSFS_INSTALL_STAGING = YES
LIBSYSFS_LICENSE = GPL-2.0 (utilities), LGPL-2.1+ (library)
LIBSYSFS_LICENSE_FILES = cmd/GPL lib/LGPL
+LIBSYSFS_CPE_ID_VENDOR = sysfsutils_project
+LIBSYSFS_CPE_ID_NAME = sysfsutils
$(eval $(autotools-package))
@@ -9,6 +9,7 @@ LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
LIBTASN1_DEPENDENCIES = host-bison host-pkgconf
LIBTASN1_LICENSE = GPL-3.0+ (tests, tools), LGPL-2.1+ (library)
LIBTASN1_LICENSE_FILES = LICENSE doc/COPYING doc/COPYING.LESSER
+LIBTASN1_CPE_ID_VENDOR = gnu
LIBTASN1_INSTALL_STAGING = YES
# We're patching fuzz/Makefile.am
@@ -10,6 +10,7 @@ LIBUNISTRING_SOURCE = libunistring-$(LIBUNISTRING_VERSION).tar.xz
LIBUNISTRING_INSTALL_STAGING = YES
LIBUNISTRING_LICENSE = LGPL-3.0+ or GPL-2.0
LIBUNISTRING_LICENSE_FILES = COPYING COPYING.LIB
+LIBUNISTRING_CPE_ID_VENDOR = gnu
$(eval $(autotools-package))
$(eval $(host-autotools-package))
@@ -13,6 +13,7 @@ LIBXML2_LICENSE_FILES = COPYING
LIBXML2_IGNORE_CVES += CVE-2020-7595
# 0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
LIBXML2_IGNORE_CVES += CVE-2019-20388
+LIBXML2_CPE_ID_VENDOR = xmlsoft
LIBXML2_CONFIG_SCRIPTS = xml2-config
# relocation truncated to fit: R_68K_GOT16O
@@ -9,6 +9,7 @@ LIBXSLT_SITE = http://xmlsoft.org/sources
LIBXSLT_INSTALL_STAGING = YES
LIBXSLT_LICENSE = MIT
LIBXSLT_LICENSE_FILES = COPYING
+LIBXSLT_CPE_ID_VENDOR = xmlsoft
LIBXSLT_CONF_OPTS = \
--with-gnu-ld \
@@ -11,6 +11,8 @@ LIBZLIB_LICENSE = Zlib
LIBZLIB_LICENSE_FILES = README
LIBZLIB_INSTALL_STAGING = YES
LIBZLIB_PROVIDES = zlib
+LIBZLIB_CPE_ID_VENDOR = gnu
+LIBZLIB_CPE_ID_NAME = $(LIBZLIB_PROVIDES)
# It is not possible to build only a shared version of zlib, so we build both
# shared and static, unless we only want the static libs, and we eventually
@@ -10,6 +10,7 @@ LIGHTTPD_SOURCE = lighttpd-$(LIGHTTPD_VERSION).tar.xz
LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-$(LIGHTTPD_VERSION_MAJOR).x
LIGHTTPD_LICENSE = BSD-3-Clause
LIGHTTPD_LICENSE_FILES = COPYING
+LIGHTTPD_CPE_ID_VENDOR = $(LIGHTTPD_NAME)
LIGHTTPD_DEPENDENCIES = host-pkgconf
LIGHTTPD_CONF_OPTS = \
--without-wolfssl \
@@ -8,6 +8,8 @@ LINUX_FIRMWARE_VERSION = 20200122
LINUX_FIRMWARE_SITE = http://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
LINUX_FIRMWARE_SITE_METHOD = git
+LINUX_FIRMWARE_CPE_ID_VENDOR = kernel
+
# Intel SST DSP
ifeq ($(BR2_PACKAGE_LINUX_FIRMWARE_INTEL_SST_DSP),y)
LINUX_FIRMWARE_FILES += intel/fw_sst_0f28.bin-48kHz_i2s_master
@@ -102,6 +102,8 @@ LINUX_HEADERS_LICENSE_FILES = \
LICENSES/preferred/GPL-2.0 \
LICENSES/exceptions/Linux-syscall-note
endif
+LINUX_HEADERS_CPE_ID_VENDOR = linux
+LINUX_HEADERS_CPE_ID_NAME = linux_kernel
LINUX_HEADERS_INSTALL_STAGING = YES
@@ -23,6 +23,8 @@ LINUX_PAM_LICENSE_FILES = Copyright
# We're patching configure.ac
LINUX_PAM_AUTORECONF = YES
LINUX_PAM_MAKE_OPTS += LIBS=$(TARGET_NLS_LIBS)
+LINUX_PAM_CPE_ID_VENDOR = $(LINUX_PAM_NAME)
+LINUX_PAM_CPE_ID_NAME = $(LINUX_PAM_NAME)
ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
LINUX_PAM_CONF_OPTS += --enable-selinux
@@ -10,6 +10,7 @@ LLVM_SITE = https://github.com/llvm/llvm-project/releases/download/llvmorg-$(LLV
LLVM_SOURCE = llvm-$(LLVM_VERSION).src.tar.xz
LLVM_LICENSE = Apache-2.0 with exceptions
LLVM_LICENSE_FILES = LICENSE.TXT
+LLVM_CPE_ID_VENDOR = $(LLVM_NAME)
LLVM_SUPPORTS_IN_SOURCE_BUILD = NO
LLVM_INSTALL_STAGING = YES
@@ -8,6 +8,7 @@ LXC_VERSION = 3.2.1
LXC_SITE = https://linuxcontainers.org/downloads/lxc
LXC_LICENSE = LGPL-2.1+
LXC_LICENSE_FILES = COPYING
+LXC_CPE_ID_VENDOR = linuxcontainers
LXC_DEPENDENCIES = host-pkgconf
LXC_INSTALL_STAGING = YES
# We're patching configure.ac
@@ -9,6 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
+LZ4_CPE_ID_VENDOR = yann_collet
# CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version
# 1.9.2, while in fact this issue has been fixed since lz4-r130:
@@ -8,6 +8,7 @@ MEMTESTER_VERSION = 4.3.0
MEMTESTER_SITE = http://pyropus.ca/software/memtester/old-versions
MEMTESTER_LICENSE = GPL-2.0
MEMTESTER_LICENSE_FILES = COPYING
+MEMTESTER_CPE_ID_VENDOR = pryopus
MEMTESTER_TARGET_INSTALL_OPTS = INSTALLPATH=$(TARGET_DIR)/usr
@@ -10,6 +10,7 @@ MII_DIAG_PATCH = mii-diag_$(MII_DIAG_VERSION)-3.diff.gz
MII_DIAG_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/m/mii-diag
MII_DIAG_LICENSE = GPL # No version specified
MII_DIAG_LICENSE_FILES = mii-diag.c
+MII_DIAG_CPE_ID_VENDOR = debian
MII_DIAG_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
@@ -9,6 +9,7 @@ MPFR_SITE = http://www.mpfr.org/mpfr-$(MPFR_VERSION)
MPFR_SOURCE = mpfr-$(MPFR_VERSION).tar.xz
MPFR_LICENSE = LGPL-3.0+
MPFR_LICENSE_FILES = COPYING.LESSER
+MPFR_CPE_ID_VENDOR = gnu
MPFR_INSTALL_STAGING = YES
MPFR_DEPENDENCIES = gmp
HOST_MPFR_DEPENDENCIES = host-gmp
@@ -9,6 +9,7 @@ MROUTED_SITE = $(call github,troglobit,mrouted,$(MROUTED_VERSION))
MROUTED_DEPENDENCIES = host-bison
MROUTED_LICENSE = BSD-3-Clause
MROUTED_LICENSE_FILES = LICENSE
+MROUTED_CPE_ID_VENDOR = troglobit
define MROUTED_CONFIGURE_CMDS
(cd $(@D); \
@@ -9,6 +9,8 @@ MTD_SOURCE = mtd-utils-$(MTD_VERSION).tar.bz2
MTD_SITE = ftp://ftp.infradead.org/pub/mtd-utils
MTD_LICENSE = GPL-2.0
MTD_LICENSE_FILES = COPYING
+MTD_CPE_ID_VENDOR = mtd-utils_project
+MTD_CPE_ID_NAME = mtd-utils
MTD_INSTALL_STAGING = YES
ifeq ($(BR2_PACKAGE_MTD_JFFS_UTILS),y)
@@ -10,6 +10,7 @@ NCURSES_INSTALL_STAGING = YES
NCURSES_DEPENDENCIES = host-ncurses
NCURSES_LICENSE = MIT with advertising clause
NCURSES_LICENSE_FILES = COPYING
+NCURSES_CPE_ID_VENDOR = gnu
NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config
NCURSES_PATCH = \
$(addprefix https://invisible-mirror.net/archives/ncurses/$(NCURSES_VERSION)/, \
@@ -9,6 +9,8 @@ NETSNMP_SITE = https://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NET
NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
NETSNMP_LICENSE = Various BSD-like
NETSNMP_LICENSE_FILES = COPYING
+NETSNMP_CPE_ID_VENDOR = net-snmp
+NETSNMP_CPE_ID_NAME = $(NETSNMP_CPE_ID_VENDOR)
NETSNMP_INSTALL_STAGING = YES
NETSNMP_CONF_ENV = ac_cv_NETSNMP_CAN_USE_SYSCTL=no
NETSNMP_CONF_OPTS = \
@@ -10,6 +10,8 @@ NFS_UTILS_SITE = https://www.kernel.org/pub/linux/utils/nfs-utils/$(NFS_UTILS_VE
NFS_UTILS_LICENSE = GPL-2.0+
NFS_UTILS_LICENSE_FILES = COPYING
NFS_UTILS_DEPENDENCIES = host-nfs-utils host-pkgconf libtirpc
+NFS_UTILS_CPE_ID_VENDOR = linux-nfs
+NFS_UTILS_AUTORECONF = YES
NFS_UTILS_CONF_ENV = knfsd_cv_bsd_signals=no
@@ -5,6 +5,8 @@
################################################################################
OPENSSH_VERSION = 8.3p1
+OPENSSH_CPE_ID_VERSION = 8.3
+OPENSSH_CPE_ID_VERSION_MINOR = p1
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
OPENSSH_LICENSE_FILES = LICENCE
@@ -12,6 +14,7 @@ OPENSSH_CONF_ENV = \
LD="$(TARGET_CC)" \
LDFLAGS="$(TARGET_CFLAGS)" \
LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl`
+OPENSSH_CPE_ID_VENDOR = openbsd
OPENSSH_CONF_OPTS = \
--sysconfdir=/etc/ssh \
--with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \
@@ -9,6 +9,7 @@ PAX_UTILS_SITE = http://distfiles.gentoo.org/distfiles
PAX_UTILS_SOURCE = pax-utils-$(PAX_UTILS_VERSION).tar.xz
PAX_UTILS_LICENSE = GPL-2.0
PAX_UTILS_LICENSE_FILES = COPYING
+PAX_UTILS_CPE_ID_VENDOR = gentoo
PAX_UTILS_DEPENDENCIES = host-pkgconf
PAX_UTILS_CONF_OPTS = --without-python
@@ -8,6 +8,7 @@ PAXTEST_VERSION = 0.9.15
PAXTEST_SITE = https://www.grsecurity.net/~spender
PAXTEST_LICENSE = GPL-2.0+
PAXTEST_LICENSE_FILES = README
+PAXTEST_CPE_ID_VENDOR = grsecurity
define PAXTEST_BUILD_CMDS
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
@@ -9,6 +9,7 @@ PCRE_SITE = https://ftp.pcre.org/pub/pcre
PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2
PCRE_LICENSE = BSD-3-Clause
PCRE_LICENSE_FILES = LICENCE
+PCRE_CPE_ID_VENDOR = $(PCRE_NAME)
PCRE_INSTALL_STAGING = YES
PCRE_CONFIG_SCRIPTS = pcre-config
@@ -9,6 +9,7 @@ PIXMAN_SOURCE = pixman-$(PIXMAN_VERSION).tar.xz
PIXMAN_SITE = https://xorg.freedesktop.org/releases/individual/lib
PIXMAN_LICENSE = MIT
PIXMAN_LICENSE_FILES = COPYING
+PIXMAN_CPE_ID_VENDOR = $(PIXMAN_NAME)
PIXMAN_INSTALL_STAGING = YES
PIXMAN_DEPENDENCIES = host-pkgconf
@@ -8,6 +8,7 @@ POLICYCOREUTILS_VERSION = 3.0
POLICYCOREUTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/20191204
POLICYCOREUTILS_LICENSE = GPL-2.0
POLICYCOREUTILS_LICENSE_FILES = COPYING
+POLICYCOREUTILS_CPE_ID_VENDOR = selinuxproject
POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(TARGET_NLS_DEPENDENCIES)
POLICYCOREUTILS_MAKE_OPTS = LDLIBS=$(TARGET_NLS_LIBS)
@@ -10,6 +10,8 @@ PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+
PPPD_LICENSE_FILES = \
pppd/tdb.c pppd/plugins/pppoatm/COPYING \
pppdump/bsd-comp.c pppd/ccp.c pppd/plugins/passprompt.c
+PPPD_CPE_ID_VENDOR = samba
+PPPD_CPE_ID_NAME = ppp
# 0001-pppd-Fix-bounds-check.patch
PPPD_IGNORE_CVES += CVE-2020-8597
@@ -8,6 +8,7 @@ PROFTPD_VERSION = 1.3.6c
PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION))
PROFTPD_LICENSE = GPL-2.0+
PROFTPD_LICENSE_FILES = COPYING
+PROFTPD_CPE_ID_VENDOR = $(PROFTPD_NAME)
PROFTPD_CONF_ENV = \
ac_cv_func_setpgrp_void=yes \
@@ -12,6 +12,7 @@ PROTOBUF_SOURCE = protobuf-cpp-$(PROTOBUF_VERSION).tar.gz
PROTOBUF_SITE = https://github.com/google/protobuf/releases/download/v$(PROTOBUF_VERSION)
PROTOBUF_LICENSE = BSD-3-Clause
PROTOBUF_LICENSE_FILES = LICENSE
+PROTOBUF_CPE_ID_VENDOR = google
# N.B. Need to use host protoc during cross compilation.
PROTOBUF_DEPENDENCIES = host-protobuf
@@ -9,6 +9,7 @@ PURE_FTPD_SITE = https://download.pureftpd.org/pub/pure-ftpd/releases
PURE_FTPD_SOURCE = pure-ftpd-$(PURE_FTPD_VERSION).tar.bz2
PURE_FTPD_LICENSE = ISC
PURE_FTPD_LICENSE_FILES = COPYING
+PURE_FTPD_CPE_ID_VENDOR = pureftpd
PURE_FTPD_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv)
# 0001-listdir-reuse-a-single-buffer-to-store-every-file-name-to-display.patch
@@ -15,6 +15,8 @@ PYTHON_LXML_LICENSE_FILES = \
doc/licenses/BSD.txt \
doc/licenses/elementtree.txt \
src/lxml/isoschematron/resources/rng/iso-schematron.rng
+PYTHON_LXML_CPE_ID_VENDOR = lxml
+PYTHON_LXML_CPE_ID_NAME = lxml
# python-lxml can use either setuptools, or distutils as a fallback.
# So, we use setuptools.
@@ -11,6 +11,8 @@ PYTHON_SETUPTOOLS_SOURCE = setuptools-$(PYTHON_SETUPTOOLS_VERSION).zip
PYTHON_SETUPTOOLS_SITE = https://files.pythonhosted.org/packages/b0/f3/44da7482ac6da3f36f68e253cb04de37365b3dba9036a3c70773b778b485
PYTHON_SETUPTOOLS_LICENSE = MIT
PYTHON_SETUPTOOLS_LICENSE_FILES = LICENSE
+PYTHON_SETUPTOOLS_CPE_ID_VENDOR = python
+PYTHON_SETUPTOOLS_CPE_ID_NAME = setuptools
PYTHON_SETUPTOOLS_SETUP_TYPE = setuptools
HOST_PYTHON_SETUPTOOLS_NEEDS_HOST_PYTHON = python2
@@ -10,6 +10,7 @@ PYTHON_SOURCE = Python-$(PYTHON_VERSION).tar.xz
PYTHON_SITE = https://python.org/ftp/python/$(PYTHON_VERSION)
PYTHON_LICENSE = Python-2.0, others
PYTHON_LICENSE_FILES = LICENSE
+PYTHON_CPE_ID_VENDOR = $(PYTHON_NAME)
PYTHON_LIBTOOL_PATCH = NO
# Python needs itself to be built, so in order to cross-compile
@@ -12,6 +12,7 @@ QEMU_LICENSE_FILES = COPYING COPYING.LIB
# NOTE: there is no top-level license file for non-(L)GPL licenses;
# the non-(L)GPL license texts are specified in the affected
# individual source files.
+QEMU_CPE_ID_VENDOR = $(QEMU_NAME)
#-------------------------------------------------------------
# Target-qemu
@@ -8,6 +8,7 @@ RAPIDJSON_VERSION = 1.1.0
RAPIDJSON_SITE = $(call github,miloyip,rapidjson,v$(RAPIDJSON_VERSION))
RAPIDJSON_LICENSE = MIT
RAPIDJSON_LICENSE_FILES = license.txt
+RAPIDJSON_CPE_ID_VENDOR = tencent
# rapidjson is a header-only C++ library
RAPIDJSON_INSTALL_TARGET = NO
@@ -14,6 +14,7 @@ READLINE_CONF_ENV = bash_cv_func_sigsetjmp=yes \
READLINE_CONF_OPTS = --disable-install-examples
READLINE_LICENSE = GPL-3.0+
READLINE_LICENSE_FILES = COPYING
+READLINE_CPE_ID_VENDOR = gnu
define READLINE_INSTALL_INPUTRC
$(INSTALL) -D -m 644 package/readline/inputrc $(TARGET_DIR)/etc/inputrc
@@ -9,6 +9,7 @@ REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20190609
REFPOLICY_LICENSE = GPL-2.0
REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_CPE_ID_VENDOR = tresys
REFPOLICY_INSTALL_STAGING = YES
REFPOLICY_DEPENDENCIES = \
host-m4 \
@@ -8,6 +8,7 @@ RSYSLOG_VERSION = 8.2004.0
RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
+RSYSLOG_CPE_ID_VENDOR = $(RSYSLOG_NAME)
RSYSLOG_DEPENDENCIES = zlib libestr liblogging libfastjson host-pkgconf
RSYSLOG_CONF_ENV = ac_cv_prog_cc_c99='-std=c99'
RSYSLOG_PLUGINS = imdiag imfile impstats imptcp \
@@ -10,6 +10,7 @@ RT_TESTS_VERSION = 1.8
RT_TESTS_LICENSE = GPL-2.0+
RT_TESTS_LICENSE_FILES = COPYING
RT_TESTS_DEPENDENCIES = numactl
+RT_TESTS_CPE_ID_VENDOR = kernel
define RT_TESTS_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
@@ -9,6 +9,7 @@ SED_SOURCE = sed-$(SED_VERSION).tar.xz
SED_SITE = $(BR2_GNU_MIRROR)/sed
SED_LICENSE = GPL-3.0
SED_LICENSE_FILES = COPYING
+SED_CPE_ID_VENDOR = gnu
SED_CONF_OPTS = \
--bindir=/bin \
@@ -10,6 +10,7 @@ SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-fle
SETOOLS_INSTALL_STAGING = YES
SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
+SETOOLS_CPE_ID_VENDOR = selinuxproject
SETOOLS_SETUP_TYPE = setuptools
HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-python-networkx
@@ -10,6 +10,7 @@ SETSERIAL_SOURCE = setserial_$(SETSERIAL_VERSION).orig.tar.gz
SETSERIAL_SITE = http://snapshot.debian.org/archive/debian/20141023T043132Z/pool/main/s/setserial
SETSERIAL_LICENSE = GPL-2.0
SETSERIAL_LICENSE_FILES = debian/copyright
+
# make all also builds setserial.cat which needs nroff
SETSERIAL_MAKE_OPTS = setserial
@@ -9,6 +9,7 @@ SMCROUTE_SOURCE = smcroute-$(SMCROUTE_VERSION).tar.xz
SMCROUTE_SITE = https://github.com/troglobit/smcroute/releases/download/$(SMCROUTE_VERSION)
SMCROUTE_LICENSE = GPL-2.0+
SMCROUTE_LICENSE_FILES = COPYING
+SMCROUTE_CPE_ID_VENDOR = troglobit
SMCROUTE_CONF_OPTS = ac_cv_func_setpgrp_void=yes
#BUG:The package Makefile uses CC?= even though the package is autotools based
@@ -9,5 +9,6 @@ SPAWN_FCGI_SITE = http://www.lighttpd.net/download
SPAWN_FCGI_SOURCE = spawn-fcgi-$(SPAWN_FCGI_VERSION).tar.bz2
SPAWN_FCGI_LICENSE = BSD-3-Clause
SPAWN_FCGI_LICENSE_FILES = COPYING
+SPAWN_FCGI_CPE_ID_VENDOR = lighttpd
$(eval $(autotools-package))
@@ -5,11 +5,13 @@
################################################################################
SQLITE_VERSION = 3310100
+SQLITE_CPE_ID_VERSION = 3.31.1
SQLITE_SOURCE = sqlite-autoconf-$(SQLITE_VERSION).tar.gz
SQLITE_SITE = https://www.sqlite.org/2020
SQLITE_LICENSE = Public domain
SQLITE_LICENSE_FILES = tea/license.terms
SQLITE_INSTALL_STAGING = YES
+SQLITE_CPE_ID_VENDOR = $(SQLITE_NAME)
ifeq ($(BR2_PACKAGE_SQLITE_STAT4),y)
SQLITE_CFLAGS += -DSQLITE_ENABLE_STAT4
@@ -12,6 +12,7 @@ STRONGSWAN_PATCH = \
$(STRONGSWAN_SITE)/patches/28_gmp_pkcs1_overflow_patch/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch
STRONGSWAN_LICENSE = GPL-2.0+
STRONGSWAN_LICENSE_FILES = COPYING LICENSE
+STRONGSWAN_CPE_ID_VENDOR = $(STRONGSWAN_NAME)
STRONGSWAN_DEPENDENCIES = host-pkgconf
STRONGSWAN_INSTALL_STAGING = YES
STRONGSWAN_CONF_OPTS += \
@@ -12,6 +12,7 @@ TAR_SITE = $(BR2_GNU_MIRROR)/tar
TAR_CONF_OPTS = --exec-prefix=/
TAR_LICENSE = GPL-3.0+
TAR_LICENSE_FILES = COPYING
+TAR_CPE_ID_VENDOR = gnu
ifeq ($(BR2_PACKAGE_ACL),y)
TAR_DEPENDENCIES += acl
@@ -10,6 +10,7 @@ TCL_SOURCE = tcl$(TCL_VERSION)-src.tar.gz
TCL_SITE = http://downloads.sourceforge.net/project/tcl/Tcl/$(TCL_VERSION)
TCL_LICENSE = TCL
TCL_LICENSE_FILES = license.terms
+TCL_CPE_ID_VENDOR = $(TCL_NAME)
TCL_SUBDIR = unix
TCL_INSTALL_STAGING = YES
TCL_AUTORECONF = YES
@@ -8,6 +8,7 @@ TCPDUMP_VERSION = 4.9.3
TCPDUMP_SITE = http://www.tcpdump.org/release
TCPDUMP_LICENSE = BSD-3-Clause
TCPDUMP_LICENSE_FILES = LICENSE
+TCPDUMP_CPE_ID_VENDOR = $(TCPDUMP_NAME)
TCPDUMP_CONF_ENV = \
ac_cv_linux_vers=2 \
td_cv_buggygetaddrinfo=no \
@@ -10,6 +10,8 @@ TFTPD_SITE = $(BR2_KERNEL_MIRROR)/software/network/tftp/tftp-hpa
TFTPD_CONF_OPTS = --without-tcpwrappers
TFTPD_LICENSE = BSD-4-Clause
TFTPD_LICENSE_FILES = tftpd/tftpd.c
+TFTPD_CPE_ID_VENDOR = $(TFTPD_NAME)-hpa_project
+TFTPD_CPE_ID_NAME = $(TFTPD_NAME)-hpa
define TFTPD_INSTALL_TARGET_CMDS
$(INSTALL) -D $(@D)/tftp/tftp $(TARGET_DIR)/usr/bin/tftp
@@ -9,6 +9,8 @@ UBOOT_TOOLS_SOURCE = u-boot-$(UBOOT_TOOLS_VERSION).tar.bz2
UBOOT_TOOLS_SITE = ftp://ftp.denx.de/pub/u-boot
UBOOT_TOOLS_LICENSE = GPL-2.0+
UBOOT_TOOLS_LICENSE_FILES = Licenses/gpl-2.0.txt
+UBOOT_TOOLS_CPE_ID_VENDOR = denx
+UBOOT_TOOLS_CPE_ID_NAME = u-boot
UBOOT_TOOLS_INSTALL_STAGING = YES
# u-boot 2020.01+ needs make 4.0+
@@ -21,6 +21,7 @@ UTIL_LINUX_LICENSE_FILES = README.licensing \
Documentation/licenses/COPYING.ISC \
Documentation/licenses/COPYING.LGPL-2.1-or-later
+UTIL_LINUX_CPE_ID_VENDOR = kernel
UTIL_LINUX_INSTALL_STAGING = YES
UTIL_LINUX_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
UTIL_LINUX_CONF_OPTS += \
@@ -9,6 +9,7 @@ VALGRIND_SITE = ftp://sourceware.org/pub/valgrind
VALGRIND_SOURCE = valgrind-$(VALGRIND_VERSION).tar.bz2
VALGRIND_LICENSE = GPL-2.0, GFDL-1.2
VALGRIND_LICENSE_FILES = COPYING COPYING.DOCS
+VALGRIND_CPE_ID_VENDOR = $(VALGRIND_NAME)
VALGRIND_CONF_OPTS = \
--disable-ubsan \
--without-mpicc
@@ -23,6 +23,7 @@ VIM_CONF_ENV = \
VIM_CONF_OPTS = --with-tlib=ncurses --enable-gui=no --without-x
VIM_LICENSE = Charityware
VIM_LICENSE_FILES = README.txt
+VIM_CPE_ID_VENDOR = $(VIM_NAME)
ifeq ($(BR2_PACKAGE_ACL),y)
VIM_CONF_OPTS += --enable-acl
@@ -10,6 +10,7 @@ WGET_SITE = $(BR2_GNU_MIRROR)/wget
WGET_DEPENDENCIES = host-pkgconf
WGET_LICENSE = GPL-3.0+
WGET_LICENSE_FILES = COPYING
+WGET_CPE_ID_VENDOR = gnu
ifeq ($(BR2_PACKAGE_GNUTLS),y)
WGET_CONF_OPTS += --with-ssl=gnutls
@@ -9,6 +9,7 @@ WIRELESS_REGDB_SOURCE = wireless-regdb-$(WIRELESS_REGDB_VERSION).tar.xz
WIRELESS_REGDB_SITE = $(BR2_KERNEL_MIRROR)/software/network/wireless-regdb
WIRELESS_REGDB_LICENSE = ISC
WIRELESS_REGDB_LICENSE_FILES = LICENSE
+WIRELESS_REGDB_CPE_ID_VENDOR = kernel
ifeq ($(BR2_PACKAGE_CRDA),y)
define WIRELESS_REGDB_INSTALL_CRDA_TARGET_CMDS
@@ -10,6 +10,8 @@ WIRELESS_TOOLS_SITE = https://hewlettpackard.github.io/wireless-tools
WIRELESS_TOOLS_SOURCE = wireless_tools.$(WIRELESS_TOOLS_VERSION).tar.gz
WIRELESS_TOOLS_LICENSE = GPL-2.0
WIRELESS_TOOLS_LICENSE_FILES = COPYING
+WIRELESS_TOOLS_CPE_ID_VERSION = $(WIRELESS_TOOLS_VERSION_MAJOR)
+WIRELESS_TOOLS_CPE_ID_VERSION_MINOR = pre9
WIRELESS_TOOLS_INSTALL_STAGING = YES
WIRELESS_TOOLS_BUILD_TARGETS = iwmulticall
@@ -8,6 +8,7 @@ WPA_SUPPLICANT_VERSION = 2.9
WPA_SUPPLICANT_SITE = http://w1.fi/releases
WPA_SUPPLICANT_LICENSE = BSD-3-Clause
WPA_SUPPLICANT_LICENSE_FILES = README
+WPA_SUPPLICANT_CPE_ID_VENDOR = w1.fi
WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config
WPA_SUPPLICANT_SUBDIR = wpa_supplicant
WPA_SUPPLICANT_DBUS_OLD_SERVICE = fi.epitest.hostap.WPASupplicant
@@ -9,6 +9,8 @@ XERCES_SOURCE = xerces-c-$(XERCES_VERSION).tar.xz
XERCES_SITE = http://archive.apache.org/dist/xerces/c/3/sources
XERCES_LICENSE = Apache-2.0
XERCES_LICENSE_FILES = LICENSE
+XERCES_CPE_ID_VENDOR = apache
+XERCES_CPE_ID_NAME = $(XERCES_NAME)-c\+\+
XERCES_INSTALL_STAGING = YES
define XERCES_DISABLE_SAMPLES
@@ -11,6 +11,7 @@ XZ_INSTALL_STAGING = YES
XZ_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
XZ_LICENSE = Public Domain, GPL-2.0+, GPL-3.0+, LGPL-2.1+
XZ_LICENSE_FILES = COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv2.1
+XZ_CPE_ID_VENDOR = tukaani
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
XZ_CONF_OPTS = --enable-threads
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- boot/grub2/grub2.mk | 1 + boot/uboot/uboot.mk | 2 ++ linux/linux.mk | 2 ++ package/audit/audit.mk | 2 ++ package/aufs/aufs.mk | 1 + package/bash/bash.mk | 1 + package/bc/bc.mk | 1 + package/bind/bind.mk | 1 + package/boost/boost.mk | 1 + package/bridge-utils/bridge-utils.mk | 1 + package/busybox/busybox.mk | 1 + package/bzip2/bzip2.mk | 1 + package/clang/clang.mk | 1 + package/collectd/collectd.mk | 1 + package/conntrack-tools/conntrack-tools.mk | 1 + package/coreutils/coreutils.mk | 1 + package/crda/crda.mk | 1 + package/davici/davici.mk | 1 + package/dbus-glib/dbus-glib.mk | 1 + package/dbus/dbus.mk | 2 ++ package/dhcp/dhcp.mk | 1 + package/dnsmasq/dnsmasq.mk | 1 + package/dropbear/dropbear.mk | 2 ++ package/ebtables/ebtables.mk | 1 + package/ethtool/ethtool.mk | 1 + package/expat/expat.mk | 1 + package/gdb/gdb.mk | 1 + package/gesftpserver/gesftpserver.mk | 2 ++ package/glibc/glibc.mk | 1 + package/gmp/gmp.mk | 1 + package/gnupg/gnupg.mk | 1 + package/gnutls/gnutls.mk | 1 + package/grep/grep.mk | 1 + package/gtest/gtest.mk | 2 ++ package/gzip/gzip.mk | 1 + package/hostapd/hostapd.mk | 1 + package/ifupdown/ifupdown.mk | 1 + package/iperf/iperf.mk | 2 ++ package/iperf3/iperf3.mk | 1 + package/ipset/ipset.mk | 1 + package/iptables/iptables.mk | 1 + package/iw/iw.mk | 1 + package/kmod/kmod.mk | 2 ++ package/libarchive/libarchive.mk | 1 + package/libcurl/libcurl.mk | 2 ++ package/libestr/libestr.mk | 1 + package/libfastjson/libfastjson.mk | 1 + package/libfcgi/libfcgi.mk | 2 ++ package/libffi/libffi.mk | 2 ++ package/libgcrypt/libgcrypt.mk | 1 + package/libglib2/libglib2.mk | 2 ++ package/libgpg-error/libgpg-error.mk | 1 + package/liblogging/liblogging.mk | 1 + package/libmbim/libmbim.mk | 1 + package/libmnl/libmnl.mk | 1 + .../libnetfilter_conntrack/libnetfilter_conntrack.mk | 1 + .../libnetfilter_cthelper/libnetfilter_cthelper.mk | 1 + .../libnetfilter_cttimeout/libnetfilter_cttimeout.mk | 1 + package/libnetfilter_queue/libnetfilter_queue.mk | 1 + package/libnfnetlink/libnfnetlink.mk | 1 + package/libopenssl/Config.in | 11 +++++++++++ package/libopenssl/libopenssl.mk | 2 ++ package/libpcap/libpcap.mk | 1 + package/libselinux/libselinux.mk | 1 + package/libsemanage/libsemanage.mk | 1 + package/libsepol/libsepol.mk | 1 + package/libssh2/libssh2.mk | 1 + package/libsysfs/libsysfs.mk | 2 ++ package/libtasn1/libtasn1.mk | 1 + package/libunistring/libunistring.mk | 1 + package/libxml2/libxml2.mk | 1 + package/libxslt/libxslt.mk | 1 + package/libzlib/libzlib.mk | 2 ++ package/lighttpd/lighttpd.mk | 1 + package/linux-firmware/linux-firmware.mk | 2 ++ package/linux-headers/linux-headers.mk | 2 ++ package/linux-pam/linux-pam.mk | 2 ++ package/llvm/llvm.mk | 1 + package/lxc/lxc.mk | 1 + package/lz4/lz4.mk | 1 + package/memtester/memtester.mk | 1 + package/mii-diag/mii-diag.mk | 1 + package/mpfr/mpfr.mk | 1 + package/mrouted/mrouted.mk | 1 + package/mtd/mtd.mk | 2 ++ package/ncurses/ncurses.mk | 1 + package/netsnmp/netsnmp.mk | 2 ++ package/nfs-utils/nfs-utils.mk | 2 ++ package/openssh/openssh.mk | 3 +++ package/pax-utils/pax-utils.mk | 1 + package/paxtest/paxtest.mk | 1 + package/pcre/pcre.mk | 1 + package/pixman/pixman.mk | 1 + package/policycoreutils/policycoreutils.mk | 1 + package/pppd/pppd.mk | 2 ++ package/proftpd/proftpd.mk | 1 + package/protobuf/protobuf.mk | 1 + package/pure-ftpd/pure-ftpd.mk | 1 + package/python-lxml/python-lxml.mk | 2 ++ package/python-setuptools/python-setuptools.mk | 2 ++ package/python/python.mk | 1 + package/qemu/qemu.mk | 1 + package/rapidjson/rapidjson.mk | 1 + package/readline/readline.mk | 1 + package/refpolicy/refpolicy.mk | 1 + package/rsyslog/rsyslog.mk | 1 + package/rt-tests/rt-tests.mk | 1 + package/sed/sed.mk | 1 + package/setools/setools.mk | 1 + package/setserial/setserial.mk | 1 + package/smcroute/smcroute.mk | 1 + package/spawn-fcgi/spawn-fcgi.mk | 1 + package/sqlite/sqlite.mk | 2 ++ package/strongswan/strongswan.mk | 1 + package/tar/tar.mk | 1 + package/tcl/tcl.mk | 1 + package/tcpdump/tcpdump.mk | 1 + package/tftpd/tftpd.mk | 2 ++ package/uboot-tools/uboot-tools.mk | 2 ++ package/util-linux/util-linux.mk | 1 + package/valgrind/valgrind.mk | 1 + package/vim/vim.mk | 1 + package/wget/wget.mk | 1 + package/wireless-regdb/wireless-regdb.mk | 1 + package/wireless_tools/wireless_tools.mk | 2 ++ package/wpa_supplicant/wpa_supplicant.mk | 1 + package/xerces/xerces.mk | 2 ++ package/xz/xz.mk | 1 + 128 files changed, 170 insertions(+)