From d84d0c42ec3e9b1f78a1bb38a0c83b38cc237191 Mon Sep 17 00:00:00 2001
From: Louis Maillard <louis.maillard@savoirfairelinux.com>
Date: Thu, 27 Jun 2024 16:39:01 -0400
Subject: [PATCH] contrib: add CPE information on packages
Added "cpe" field in package.json and PKG_CVE for make rules.
GitLab: #1021
Change-Id: I375fe3c224b0578ed702877d236fbc8ed0a5d8d5
---
contrib/src/argon2/package.json | 1 +
contrib/src/argon2/rules.mak | 1 +
contrib/src/asio/package.json | 1 +
contrib/src/asio/rules.mak | 1 +
contrib/src/ffmpeg/package.json | 1 +
contrib/src/ffmpeg/rules.mak | 1 +
contrib/src/ffnvcodec/package.json | 1 +
contrib/src/ffnvcodec/rules.mak | 1 +
contrib/src/fmt/package.json | 1 +
contrib/src/fmt/rules.mak | 1 +
contrib/src/freetype/package.json | 1 +
contrib/src/freetype/rules.mak | 2 ++
contrib/src/gmp/package.json | 1 +
contrib/src/gmp/rules.mak | 1 +
contrib/src/gnutls/package.json | 1 +
contrib/src/gnutls/rules.mak | 1 +
contrib/src/http_parser/package.json | 1 +
contrib/src/http_parser/rules.mak | 1 +
contrib/src/jsoncpp/package.json | 1 +
contrib/src/jsoncpp/rules.mak | 1 +
contrib/src/libarchive/package.json | 1 +
contrib/src/libarchive/rules.mak | 1 +
contrib/src/libgit2/package.json | 1 +
contrib/src/libgit2/rules.mak | 1 +
contrib/src/libressl/rules.mak | 1 +
contrib/src/liburcu/package.json | 1 +
contrib/src/liburcu/rules.mak | 1 +
contrib/src/llhttp/rules.mak | 1 +
contrib/src/lttng-ust/package.json | 6 +++---
contrib/src/lttng-ust/rules.mak | 1 +
contrib/src/main.mak | 3 +++
contrib/src/minizip/package.json | 1 +
contrib/src/minizip/rules.mak | 1 +
contrib/src/msgpack/package.json | 1 +
contrib/src/msgpack/rules.mak | 1 +
contrib/src/nettle/package.json | 1 +
contrib/src/nettle/rules.mak | 1 +
contrib/src/onnx/package.json | 1 +
contrib/src/onnx/rules.mak | 1 +
contrib/src/opencv/package.json | 1 +
contrib/src/opencv/rules.mak | 1 +
contrib/src/openssl/package.json | 1 +
contrib/src/opus/package.json | 1 +
contrib/src/opus/rules.mak | 1 +
contrib/src/portaudio/package.json | 1 +
contrib/src/portaudio/rules.mak | 1 +
contrib/src/pthreads/package.json | 1 +
contrib/src/restinio/package.json | 1 +
contrib/src/restinio/rules.mak | 1 +
contrib/src/speex/rules.mak | 5 +++--
contrib/src/speexdsp/package.json | 1 +
contrib/src/speexdsp/rules.mak | 4 +++-
contrib/src/upnp/package.json | 1 +
contrib/src/upnp/rules.mak | 1 +
contrib/src/vpx/package.json | 1 +
contrib/src/vpx/rules.mak | 5 +++--
contrib/src/yaml-cpp/package.json | 1 +
contrib/src/yaml-cpp/rules.mak | 1 +
contrib/src/zlib/package.json | 1 +
contrib/src/zlib/rules.mak | 1 +
60 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/contrib/src/argon2/package.json b/contrib/src/argon2/package.json
index b16c8c95f7..2444fa7994 100644
--- a/contrib/src/argon2/package.json
+++ b/contrib/src/argon2/package.json
@@ -1,6 +1,7 @@
{
"name": "argon2",
"version": "670229c849b9fe882583688b74eb7dfdc846f9f6",
+ "cpe": "cpe:2.3:a:argon2_project:argon2:-:*:*:*:*:*:*:*",
"url": "https://github.com/P-H-C/phc-winner-argon2/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/argon2/rules.mak b/contrib/src/argon2/rules.mak
index 60ef3ddeb3..322d485d66 100644
--- a/contrib/src/argon2/rules.mak
+++ b/contrib/src/argon2/rules.mak
@@ -1,5 +1,6 @@
# ARGON2
ARGON2_VERSION := 16d3df698db2486dde480b09a732bf9bf48599f9
+PKG_CPE += cpe:2.3:a:argon2_project:argon2:-:*:*:*:*:*:*:*
ARGON2_URL := https://github.com/P-H-C/phc-winner-argon2/archive/$(ARGON2_VERSION).tar.gz
ifeq ($(call need_pkg,'libargon2 > 20161029'),)
diff --git a/contrib/src/asio/package.json b/contrib/src/asio/package.json
index 3e9c594e56..44fe06fcbe 100644
--- a/contrib/src/asio/package.json
+++ b/contrib/src/asio/package.json
@@ -1,6 +1,7 @@
{
"name": "asio",
"version": "asio-1-28-1",
+ "cpe": "cpe:2.3:a:*:asio:1.28.1:*:*:*:*:*:*:*",
"url": "https://github.com/chriskohlhoff/asio/archive/__VERSION__.tar.gz",
"deps": ["openssl"],
"patches": [],
diff --git a/contrib/src/asio/rules.mak b/contrib/src/asio/rules.mak
index d630f18de3..08e19a2b2f 100644
--- a/contrib/src/asio/rules.mak
+++ b/contrib/src/asio/rules.mak
@@ -19,6 +19,7 @@
#
ASIO_VERSION := asio-1-28-1
+PKG_CPE += cpe:2.3:a:*:asio:1.28.1:*:*:*:*:*:*:*
ASIO_URL := https://github.com/chriskohlhoff/asio/archive/$(ASIO_VERSION).tar.gz
# Pure dependency of restinio: do not add to PKGS.
diff --git a/contrib/src/ffmpeg/package.json b/contrib/src/ffmpeg/package.json
index c1f73f0756..12b210b864 100644
--- a/contrib/src/ffmpeg/package.json
+++ b/contrib/src/ffmpeg/package.json
@@ -1,6 +1,7 @@
{
"name": "ffmpeg",
"version": "6.0.1",
+ "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:6.0.1:*:*:*:*:*:*:*",
"url": "https://ffmpeg.org/releases/ffmpeg-__VERSION__.tar.xz",
"deps": [
"vpx",
diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak
index 833f8916d3..0204fbb17f 100644
--- a/contrib/src/ffmpeg/rules.mak
+++ b/contrib/src/ffmpeg/rules.mak
@@ -1,4 +1,5 @@
FFMPEG_HASH := 6.0.1
+PKG_CPE += cpe:2.3:a:ffmpeg:ffmpeg:6.0.1:*:*:*:*:*:*:*
FFMPEG_URL := https://ffmpeg.org/releases/ffmpeg-$(FFMPEG_HASH).tar.xz
PKGS+=ffmpeg
diff --git a/contrib/src/ffnvcodec/package.json b/contrib/src/ffnvcodec/package.json
index 2e83aaa3ba..75dec99a6e 100644
--- a/contrib/src/ffnvcodec/package.json
+++ b/contrib/src/ffnvcodec/package.json
@@ -1,6 +1,7 @@
{
"name": "ffnvcodec",
"version": "n11.1.5.2",
+ "cpe": "cpe:2.3:a:videolan:ffnvcodec:11.1.5.2:*:*:*:*:*:*:*",
"url": "https://github.com/FFmpeg/nv-codec-headers/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/ffnvcodec/rules.mak b/contrib/src/ffnvcodec/rules.mak
index b6ffc4a837..c2671a0600 100644
--- a/contrib/src/ffnvcodec/rules.mak
+++ b/contrib/src/ffnvcodec/rules.mak
@@ -1,5 +1,6 @@
# ffnvcodec
FFNVCODEC_VERSION := n11.1.5.2
+PKG_CPE += cpe:2.3:a:videolan:ffnvcodec:11.1.5.2:*:*:*:*:*:*:*
FFNVCODEC_GITURL := https://git.videolan.org/git/ffmpeg/nv-codec-headers.git
ifeq ($(call need_pkg,"ffnvcodec >= 8"),)
diff --git a/contrib/src/fmt/package.json b/contrib/src/fmt/package.json
index 2721cc319a..80d921e38e 100644
--- a/contrib/src/fmt/package.json
+++ b/contrib/src/fmt/package.json
@@ -1,6 +1,7 @@
{
"name": "fmt",
"version": "10.1.0",
+ "cpe": "cpe:2.3:a:fmt:fmt:10.1.0:*:*:*:*:*:*:*",
"url": "https://github.com/fmtlib/fmt/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/fmt/rules.mak b/contrib/src/fmt/rules.mak
index 0961089979..9b0a5148a2 100644
--- a/contrib/src/fmt/rules.mak
+++ b/contrib/src/fmt/rules.mak
@@ -1,5 +1,6 @@
# FMT
FMT_VERSION := 10.1.0
+PKG_CPE += cpe:2.3:a:fmt:fmt:$(FMT_VERSION):*:*:*:*:*:*:*
FMT_URL := https://github.com/fmtlib/fmt/archive/$(FMT_VERSION).tar.gz
PKGS += fmt
diff --git a/contrib/src/freetype/package.json b/contrib/src/freetype/package.json
index ebc164176c..93760a67b7 100644
--- a/contrib/src/freetype/package.json
+++ b/contrib/src/freetype/package.json
@@ -1,6 +1,7 @@
{
"name": "freetype",
"version": "39ce3ac499d4cd7371031a062f410953c8ecce29",
+ "cpe": "cpe:2.3:a:freetype:freetype:2.10.1:*:*:*:*:*:*:*",
"url": "https://gitlab.freedesktop.org/freetype/freetype/-/archive/__VERSION__/freetype-__VERSION__.tar.gz",
"use_cmake": true
}
diff --git a/contrib/src/freetype/rules.mak b/contrib/src/freetype/rules.mak
index 197626403d..b06454d0b9 100644
--- a/contrib/src/freetype/rules.mak
+++ b/contrib/src/freetype/rules.mak
@@ -2,6 +2,8 @@
FREETYPE_HASH := 39ce3ac499d4cd7371031a062f410953c8ecce29
FREETYPE_GITURL := https://gitlab.freedesktop.org/freetype/freetype/-/archive/$(FREETYPE_HASH)/freetype-$(FREETYPE_HASH).tar.gz
+PKG_CPE += cpe:2.3:a:freetype:freetype:2.10.1:*:*:*:*:*:*:*
+
ifeq ($(call need_pkg,"freetype2 >= 2.10.1"),)
PKGS_FOUND += freetype
endif
diff --git a/contrib/src/gmp/package.json b/contrib/src/gmp/package.json
index 6a897fb551..5a12033367 100644
--- a/contrib/src/gmp/package.json
+++ b/contrib/src/gmp/package.json
@@ -1,6 +1,7 @@
{
"name": "gmp",
"version": "eb35fdadc072ecae2b262fd6e6709c308cadc07a",
+ "cpe": "cpe:2.3:a:gmplib:gmp:6.3.0:*:*:*:*:*:*:*",
"url": "https://github.com/ShiftMediaProject/gmp/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/gmp/rules.mak b/contrib/src/gmp/rules.mak
index 68be37f740..6b975ceb80 100644
--- a/contrib/src/gmp/rules.mak
+++ b/contrib/src/gmp/rules.mak
@@ -2,6 +2,7 @@
GMP_VERSION := 6.3.0
+PKG_CPE += cpe:2.3:a:gmplib:gmp:$(GMP_VERSION):*:*:*:*:*:*:*
GMP_URL := $(GNU)/gmp/gmp-$(GMP_VERSION).tar.bz2
ifeq ($(call need_pkg,'gmp >= 6.2.0'),)
diff --git a/contrib/src/gnutls/package.json b/contrib/src/gnutls/package.json
index 4b706dd4ae..e121a5c805 100644
--- a/contrib/src/gnutls/package.json
+++ b/contrib/src/gnutls/package.json
@@ -1,6 +1,7 @@
{
"name": "gnutls",
"version": "3.6.7",
+ "cpe": "cpe:2.3:a:gnu:gnutls:3.6.7:*:*:*:*:*:*:*",
"url": "https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-__VERSION__.tar.xz",
"deps": [
"iconv",
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 44b2eedea4..8d556f4871 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -1,6 +1,7 @@
# GnuTLS
GNUTLS_VERSION := 3.8.3
+PKG_CPE += cpe:2.3:a:gnu:gnutls:$(GNUTLS_VERSION):*:*:*:*:*:*:*
GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-$(GNUTLS_VERSION).tar.xz
PKGS += gnutls
diff --git a/contrib/src/http_parser/package.json b/contrib/src/http_parser/package.json
index 0ae1dc3fee..85e6f67c09 100644
--- a/contrib/src/http_parser/package.json
+++ b/contrib/src/http_parser/package.json
@@ -1,6 +1,7 @@
{
"name": "http_parser",
"version": "2.9.4",
+ "cpe": "cpe:2.3:a:nodejs:http-parser:2.9.4:*:*:*:*:*:*:*",
"url": "https://github.com/nodejs/http-parser/archive/v__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/http_parser/rules.mak b/contrib/src/http_parser/rules.mak
index 09c347c25d..5c86b260f2 100644
--- a/contrib/src/http_parser/rules.mak
+++ b/contrib/src/http_parser/rules.mak
@@ -1,5 +1,6 @@
# HTTP_PARSER
HTTP_PARSER_VERSION := 2.9.4
+PKG_CPE += cpe:2.3:a:nodejs:http-parser:$(HTTP_PARSER_VERSION):*:*:*:*:*:*:*
HTTP_PARSER_URL := https://github.com/nodejs/http-parser/archive/v$(HTTP_PARSER_VERSION).tar.gz
PKGS += http_parser
diff --git a/contrib/src/jsoncpp/package.json b/contrib/src/jsoncpp/package.json
index 48d5aebb06..4eb680cb80 100644
--- a/contrib/src/jsoncpp/package.json
+++ b/contrib/src/jsoncpp/package.json
@@ -1,6 +1,7 @@
{
"name": "jsoncpp",
"version": "1.9.3",
+ "cpe": "cpe:2.3:a:jsoncpp_project:jsoncpp:1.9.3:*:*:*:*:*:*:*",
"url": "https://github.com/open-source-parsers/jsoncpp/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/jsoncpp/rules.mak b/contrib/src/jsoncpp/rules.mak
index 67ba98d6d2..ed07d40c91 100644
--- a/contrib/src/jsoncpp/rules.mak
+++ b/contrib/src/jsoncpp/rules.mak
@@ -1,5 +1,6 @@
# JSONCPP
JSONCPP_VERSION := 1.9.3
+PKG_CPE += cpe:2.3:a:jsoncpp_project:jsoncpp:$(JSONCPP_VERSION):*:*:*:*:*:*:*
JSONCPP_URL := https://github.com/open-source-parsers/jsoncpp/archive/$(JSONCPP_VERSION).tar.gz
diff --git a/contrib/src/libarchive/package.json b/contrib/src/libarchive/package.json
index f3d616e25a..5de25f9771 100644
--- a/contrib/src/libarchive/package.json
+++ b/contrib/src/libarchive/package.json
@@ -1,6 +1,7 @@
{
"name": "libarchive",
"version": "a53d711261f4d5bf2104d9c3616a8602a45ba196",
+ "cpe": "cpe:2.3:a:libarchive:libarchive:3.6.0:*:*:*:*:*:*:*",
"url": "https://github.com/libarchive/libarchive/archive/__VERSION__.tar.gz",
"deps": ["iconv"],
"patches": [
diff --git a/contrib/src/libarchive/rules.mak b/contrib/src/libarchive/rules.mak
index 0f4c45a05e..3958c0854a 100644
--- a/contrib/src/libarchive/rules.mak
+++ b/contrib/src/libarchive/rules.mak
@@ -1,5 +1,6 @@
# LIBARCHIVE
LIBARCHIVE_VERSION := 3.6.0
+PKG_CPE += cpe:2.3:a:libarchive:libarchive:$(LIBARCHIVE_VERSION):*:*:*:*:*:*:*
LIBARCHIVE_URL := https://github.com/libarchive/libarchive/releases/download/v$(LIBARCHIVE_VERSION)/libarchive-$(LIBARCHIVE_VERSION).tar.xz
ifndef HAVE_MACOSX
diff --git a/contrib/src/libgit2/package.json b/contrib/src/libgit2/package.json
index 5b74ca49b2..996628f20f 100644
--- a/contrib/src/libgit2/package.json
+++ b/contrib/src/libgit2/package.json
@@ -1,6 +1,7 @@
{
"name": "libgit2",
"version": "v1.8.0",
+ "cpe": "cpe:2.3:a:libgit2:libgit2:1.8.0:*:*:*:*:*:*:*",
"url": "https://github.com/libgit2/libgit2/archive/__VERSION__.tar.gz",
"use_cmake" : true,
"defines": [
diff --git a/contrib/src/libgit2/rules.mak b/contrib/src/libgit2/rules.mak
index 80171984e2..88318dbe78 100644
--- a/contrib/src/libgit2/rules.mak
+++ b/contrib/src/libgit2/rules.mak
@@ -1,5 +1,6 @@
# LIBGIT2
LIBGIT2_VERSION := 1.8.0
+PKG_CPE += cpe:2.3:a:libgit2:libgit2:${LIBGIT2_VERSION}:*:*:*:*:*:*:*
LIBGIT2_URL := https://github.com/libgit2/libgit2/archive/v${LIBGIT2_VERSION}.tar.gz
PKGS += libgit2
diff --git a/contrib/src/libressl/rules.mak b/contrib/src/libressl/rules.mak
index 3e27c4e7bf..5f70a739ba 100644
--- a/contrib/src/libressl/rules.mak
+++ b/contrib/src/libressl/rules.mak
@@ -19,6 +19,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
SSL_VERSION := 3.7.0
+PKG_CPE += cpe:2.3:a:openbsd:libressl:$(SSL_VERSION):*:*:*:*:*:*:*
LIBRESSL_VERSION := libressl-$(SSL_VERSION)
LIBRESSL_URL := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$(LIBRESSL_VERSION).tar.gz
diff --git a/contrib/src/liburcu/package.json b/contrib/src/liburcu/package.json
index b0f36c2aa0..4bc205b3e5 100644
--- a/contrib/src/liburcu/package.json
+++ b/contrib/src/liburcu/package.json
@@ -1,6 +1,7 @@
{
"name": "liburcu",
"version": "0.13.1",
+ "cpe": "cpe:2.3:a:lttng:urcu:0.13.1:*:*:*:*:*:*:*",
"url": "https://lttng.org/files/urcu/userspace-rcu-__VERSION__.tar.bz2",
"deps": [],
"patches": [],
diff --git a/contrib/src/liburcu/rules.mak b/contrib/src/liburcu/rules.mak
index ee91a5d117..ec196d9874 100644
--- a/contrib/src/liburcu/rules.mak
+++ b/contrib/src/liburcu/rules.mak
@@ -1,6 +1,7 @@
# liburcu
LIBURCU_VERSION := 0.13.1
+PKG_CPE += cpe:2.3:a:lttng:urcu:${LIBURCU_VERSION}:*:*:*:*:*:*:*
LIBURCU_URL := https://lttng.org/files/urcu/userspace-rcu-${LIBURCU_VERSION}.tar.bz2
ifeq ($(call need_pkg "liburcu >= 0.13.1"),)
diff --git a/contrib/src/llhttp/rules.mak b/contrib/src/llhttp/rules.mak
index d5d1fddd87..4fdc532766 100644
--- a/contrib/src/llhttp/rules.mak
+++ b/contrib/src/llhttp/rules.mak
@@ -17,6 +17,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
LLHTTP_VERSION := 9.2.0
+PKG_CPE += cpe:2.3:a:llhttp:llhttp:$(LLHTTP_VERSION):*:*:*:*:*:*:*
LLHTTP_URL := https://github.com/nodejs/llhttp/archive/refs/tags/release/v$(LLHTTP_VERSION).tar.gz
LLHTTP_CMAKECONF := \
diff --git a/contrib/src/lttng-ust/package.json b/contrib/src/lttng-ust/package.json
index a6604d5a5f..0d9abc609b 100644
--- a/contrib/src/lttng-ust/package.json
+++ b/contrib/src/lttng-ust/package.json
@@ -1,14 +1,14 @@
{
"name": "lttng-ust",
"version": "2.13.0",
+ "cpe": "cpe:2.3:a:lttng:ust:2.13.0:*:*:*:*:*:*:*",
"url": "https://lttng.org/files/lttng-ust/lttng-ust-__VERSION__.tar.bz2",
"deps": [
- "liburcu",
+ "liburcu"
],
"patches": [],
"win_patches": [],
- "project_paths": [
- ],
+ "project_paths": [],
"with_env" : "",
"custom_scripts": {
"pre_build": [],
diff --git a/contrib/src/lttng-ust/rules.mak b/contrib/src/lttng-ust/rules.mak
index a4b65803cf..b02e4d6d2c 100644
--- a/contrib/src/lttng-ust/rules.mak
+++ b/contrib/src/lttng-ust/rules.mak
@@ -1,6 +1,7 @@
# lttng-ust
LTTNG_UST_VERSION := 2.13.1
+PKG_CPE += cpe:2.3:a:lttng:ust:${LTTNG_UST_VERSION}:*:*:*:*:*:*:*
LTTNG_UST_URL := https://lttng.org/files/lttng-ust/lttng-ust-${LTTNG_UST_VERSION}.tar.bz2
ifeq ($(call need_pkg "liblttng-ust >= 2.13.0"),)
diff --git a/contrib/src/main.mak b/contrib/src/main.mak
index 160fd79130..8c0a2fbb4a 100644
--- a/contrib/src/main.mak
+++ b/contrib/src/main.mak
@@ -55,6 +55,9 @@ GNU := https://ftpmirror.gnu.org
SF := https://sourceforge.net/projects
CONTRIB_VIDEOLAN ?= https://downloads.videolan.org/pub/contrib
+# CPE ID list for generating SBOM
+PKG_CPE :=
+
#
# Machine-dependent variables
#
diff --git a/contrib/src/minizip/package.json b/contrib/src/minizip/package.json
index 735fbc0300..36f324ffdd 100644
--- a/contrib/src/minizip/package.json
+++ b/contrib/src/minizip/package.json
@@ -1,6 +1,7 @@
{
"name": "minizip",
"version": "3.0.0",
+ "cpe": "cpe:2.3:a:minizip_project:minizip:3.0.0:*:*:*:*:*:*:*",
"url": "https://github.com/zlib-ng/minizip-ng/archive/refs/tags/__VERSION__.tar.gz",
"deps": ["zlib", "iconv"],
"patches": [],
diff --git a/contrib/src/minizip/rules.mak b/contrib/src/minizip/rules.mak
index 52a131a3c4..cfaf9e264b 100644
--- a/contrib/src/minizip/rules.mak
+++ b/contrib/src/minizip/rules.mak
@@ -1,5 +1,6 @@
# MINIZIP
LIBMINIZIP_VERSION := 4.0.7
+PKG_CPE += cpe:2.3:a:minizip_project:minizip:$(LIBMINIZIP_VERSION):*:*:*:*:*:*:*
LIBMINIZIP_URL := https://github.com/zlib-ng/minizip-ng/archive/$(LIBMINIZIP_VERSION).tar.gz
ifdef HAVE_MACOSX
diff --git a/contrib/src/msgpack/package.json b/contrib/src/msgpack/package.json
index f06afa0ffe..889452a4bf 100644
--- a/contrib/src/msgpack/package.json
+++ b/contrib/src/msgpack/package.json
@@ -1,6 +1,7 @@
{
"name": "msgpack-c",
"version": "cpp-6.1.0",
+ "cpe": "cpe:2.3:a:*:msgpack:6.1.0:*:*:*:*:*:*:*",
"url": "https://github.com/msgpack/msgpack-c/archive/__VERSION__.tar.gz",
"use_cmake" : true,
"defines": [
diff --git a/contrib/src/msgpack/rules.mak b/contrib/src/msgpack/rules.mak
index a2a7049c63..976b03d338 100644
--- a/contrib/src/msgpack/rules.mak
+++ b/contrib/src/msgpack/rules.mak
@@ -1,5 +1,6 @@
# MSGPACK
MSGPACK_VERSION := cpp-6.1.0
+PKG_CPE += cpe:2.3:a:*:msgpack:6.1.0:*:*:*:*:*:*:*
MSGPACK_URL := https://github.com/msgpack/msgpack-c/archive/$(MSGPACK_VERSION).tar.gz
PKGS += msgpack
diff --git a/contrib/src/nettle/package.json b/contrib/src/nettle/package.json
index 9bf61932a6..910cce912e 100644
--- a/contrib/src/nettle/package.json
+++ b/contrib/src/nettle/package.json
@@ -1,6 +1,7 @@
{
"name": "nettle",
"version": "c180b4d7afbda4049ad265d1366567f62a7a4a3a",
+ "cpe": "cpe:2.3:a:nettle_project:nettle:3.9.1:*:*:*:*:*:*:*",
"url": "https://github.com/ShiftMediaProject/nettle/archive/__VERSION__.tar.gz",
"deps": ["gmp"],
"patches": [],
diff --git a/contrib/src/nettle/rules.mak b/contrib/src/nettle/rules.mak
index 2f8b13eef7..a204aebd6d 100644
--- a/contrib/src/nettle/rules.mak
+++ b/contrib/src/nettle/rules.mak
@@ -1,6 +1,7 @@
# Nettle
NETTLE_VERSION := nettle_3.9.1_release_20230601
+PKG_CPE += cpe:2.3:a:nettle_project:nettle:3.9.1:*:*:*:*:*:*:*
NETTLE_URL := https://git.lysator.liu.se/nettle/nettle/-/archive/$(NETTLE_VERSION)/nettle-$(NETTLE_VERSION).tar.gz
PKGS += nettle
diff --git a/contrib/src/onnx/package.json b/contrib/src/onnx/package.json
index f45c0a4fc7..7508129650 100644
--- a/contrib/src/onnx/package.json
+++ b/contrib/src/onnx/package.json
@@ -1,6 +1,7 @@
{
"name": "onnx",
"version": "v1.12.0",
+ "cpe": "cpe:2.3:a:*:onnx:1.12.0:*:*:*:*:*:*:*",
"url": "https://github.com/microsoft/onnxruntime/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/onnx/rules.mak b/contrib/src/onnx/rules.mak
index a08b38bc33..fa553a0c13 100644
--- a/contrib/src/onnx/rules.mak
+++ b/contrib/src/onnx/rules.mak
@@ -1,5 +1,6 @@
# ONNX
ONNX_VERSION := v1.16.3
+PKG_CPE += cpe:2.3:a:*:onnx:1.16.3:*:*:*:*:*:*:*
ONNX_URL := https://github.com/microsoft/onnxruntime.git
$(TARBALLS)/onnxruntime-$(ONNX_VERSION).tar.xz:
diff --git a/contrib/src/opencv/package.json b/contrib/src/opencv/package.json
index c811e8932f..182e83a3ac 100644
--- a/contrib/src/opencv/package.json
+++ b/contrib/src/opencv/package.json
@@ -1,6 +1,7 @@
{
"name": "opencv",
"version": "4.6.0",
+ "cpe": "cpe:2.3:a:opencv:opencv:4.6.0:*:*:*:*:*:*:*",
"url": "https://github.com/opencv/opencv/archive/__VERSION__.tar.gz",
"deps": ["opencv_contrib"],
"patches": [],
diff --git a/contrib/src/opencv/rules.mak b/contrib/src/opencv/rules.mak
index 52371efb07..bb10b86967 100644
--- a/contrib/src/opencv/rules.mak
+++ b/contrib/src/opencv/rules.mak
@@ -1,5 +1,6 @@
# OPENCV
OPENCV_VERSION := 4.6.0
+PKG_CPE += cpe:2.3:a:opencv:opencv:$(OPENCV_VERSION):*:*:*:*:*:*:*
OPENCV_CONTRIB_VERSION := 4.6.0
OPENCV_URL := https://github.com/opencv/opencv/archive/$(OPENCV_VERSION).tar.gz
diff --git a/contrib/src/openssl/package.json b/contrib/src/openssl/package.json
index d8e458e5ca..9edfda252d 100644
--- a/contrib/src/openssl/package.json
+++ b/contrib/src/openssl/package.json
@@ -1,6 +1,7 @@
{
"name": "openssl",
"version": "OpenSSL_1_1_1-stable",
+ "cpe": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
"url": "https://github.com/openssl/openssl/archive/__VERSION__.tar.gz",
"custom_scripts": {
"build": [
diff --git a/contrib/src/opus/package.json b/contrib/src/opus/package.json
index aeac223efc..f9f2bf396a 100644
--- a/contrib/src/opus/package.json
+++ b/contrib/src/opus/package.json
@@ -1,6 +1,7 @@
{
"name": "opus",
"version": "76d2d6dca0a224f3ffb34b7429d7547bdbb1bad7",
+ "cpe": "cpe:2.3:a:*:opus:1.4:*:*:*:*:*:*:*",
"url": "https://github.com/ShiftMediaProject/opus/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/opus/rules.mak b/contrib/src/opus/rules.mak
index c7753626e5..036d291260 100644
--- a/contrib/src/opus/rules.mak
+++ b/contrib/src/opus/rules.mak
@@ -1,6 +1,7 @@
# opus
OPUS_VERSION := 1.4
+PKG_CPE += cpe:2.3:a:*:opus:$(OPUS_VERSION):*:*:*:*:*:*:*
OPUS_URL := https://github.com/xiph/opus/archive/v$(OPUS_VERSION).tar.gz
PKGS += opus
diff --git a/contrib/src/portaudio/package.json b/contrib/src/portaudio/package.json
index 3720bac1a7..a4e5a468f9 100644
--- a/contrib/src/portaudio/package.json
+++ b/contrib/src/portaudio/package.json
@@ -1,6 +1,7 @@
{
"name": "portaudio",
"version": "v190600_20161030",
+ "cpe": "cpe:2.3:a:*:portaudio:19.6.0:*:*:*:*:*:*:*",
"url": "https://github.com/PortAudio/portaudio/archive/refs/tags/pa_stable___VERSION__.tar.gz",
"use_cmake" : true,
"defines": [
diff --git a/contrib/src/portaudio/rules.mak b/contrib/src/portaudio/rules.mak
index a74232a240..859057c831 100644
--- a/contrib/src/portaudio/rules.mak
+++ b/contrib/src/portaudio/rules.mak
@@ -1,6 +1,7 @@
# PortAudio
PORTAUDIO_VERSION := v19_20140130
+PKG_CPE += cpe:2.3:a:*:portaudio:19.5.0:*:*:*:*:*:*:*
PORTAUDIO_URL := http://www.portaudio.com/archives/pa_stable_$(PORTAUDIO_VERSION).tgz
ifdef HAVE_WIN32
diff --git a/contrib/src/pthreads/package.json b/contrib/src/pthreads/package.json
index 98af313cb1..30ca34a24c 100644
--- a/contrib/src/pthreads/package.json
+++ b/contrib/src/pthreads/package.json
@@ -1,6 +1,7 @@
{
"name": "pthreads",
"version": "v-2-10-0-rc",
+ "cpe": "cpe:2.3:a:pthread-win32_project:pthreads-win32:2.10.0:rc:*:*:*:*:*:*",
"url": " https://github.com/jwinarske/pthreads4w/archive/refs/tags/__VERSION__.tar.gz",
"win_patches": [
"pthreads-windows.patch",
diff --git a/contrib/src/restinio/package.json b/contrib/src/restinio/package.json
index 5803ade276..9fae80c258 100644
--- a/contrib/src/restinio/package.json
+++ b/contrib/src/restinio/package.json
@@ -1,6 +1,7 @@
{
"name": "restinio",
"version": "bbaa034dbcc7555ce67df0f8a1475591a7441733",
+ "cpe": "cpe:2.3:a:*:restinio:0.7.2:*:*:*:*:*:*:*",
"url": "https://github.com/aberaud/restinio/archive/__VERSION__.tar.gz",
"deps": [
"fmt",
diff --git a/contrib/src/restinio/rules.mak b/contrib/src/restinio/rules.mak
index df659d00dc..4cbd13d22d 100644
--- a/contrib/src/restinio/rules.mak
+++ b/contrib/src/restinio/rules.mak
@@ -1,5 +1,6 @@
# RESTINIO
RESTINIO_VERSION := 0.7.2
+PKG_CPE += cpe:2.3:a:*:restinio:$(RESTINIO_VERSION):*:*:*:*:*:*:*
RESTINIO_URL := https://github.com/Stiffstream/restinio/releases/download/v.$(RESTINIO_VERSION)/restinio-$(RESTINIO_VERSION).tar.bz2
EXPECTED_LITE_URL := https://raw.githubusercontent.com/martinmoene/expected-lite/master/include/nonstd/expected.hpp
diff --git a/contrib/src/speex/rules.mak b/contrib/src/speex/rules.mak
index 6b3cbb3664..575892ac8c 100644
--- a/contrib/src/speex/rules.mak
+++ b/contrib/src/speex/rules.mak
@@ -1,6 +1,7 @@
# speex
-
-SPEEX_HASH := Speex-1.2.1
+SPEEX_VERSION := 1.2.1
+SPEEX_HASH := Speex-$(SPEEX_VERSION)
+PKG_CPE += cpe:2.3:a:xiph:speex:$(SPEEX_VERSION):*:*:*:*:*:*:*
SPEEX_GITURL := https://gitlab.xiph.org/xiph/speex/-/archive/$(SPEEX_HASH)/speex-$(SPEEX_HASH).tar.gz
PKGS += speex
diff --git a/contrib/src/speexdsp/package.json b/contrib/src/speexdsp/package.json
index 95d427120b..aa5e3a5b5b 100644
--- a/contrib/src/speexdsp/package.json
+++ b/contrib/src/speexdsp/package.json
@@ -1,6 +1,7 @@
{
"name": "speexdsp",
"version": "SpeexDSP-1.2.0",
+ "cpe": "cpe:2.3:a:xiph:speex:1.2.0:*:*:*:*:*:*:*",
"url": "https://github.com/xiph/speexdsp/archive/__VERSION__.tar.gz",
"deps": [],
"patches": ["speexdsp_vs_proj.patch"],
diff --git a/contrib/src/speexdsp/rules.mak b/contrib/src/speexdsp/rules.mak
index 3eef299192..e726b0d000 100644
--- a/contrib/src/speexdsp/rules.mak
+++ b/contrib/src/speexdsp/rules.mak
@@ -1,6 +1,8 @@
# speexdsp
-SPEEXDSP_HASH := SpeexDSP-1.2.0
+SPEEXDSP_VERSION := 1.2.0
+SPEEXDSP_HASH := SpeexDSP-$(SPEEXDSP_VERSION)
+PKG_CPE += cpe:2.3:a:xiph:speex:$(SPEEXDSP_VERSION):*:*:*:*:*:*:*
SPEEXDSP_GITURL := https://gitlab.xiph.org/xiph/speexdsp/-/archive/$(SPEEXDSP_HASH)/speexdsp-$(SPEEXDSP_HASH).tar.gz
PKGS += speexdsp
diff --git a/contrib/src/upnp/package.json b/contrib/src/upnp/package.json
index 44f931129e..e011c35451 100644
--- a/contrib/src/upnp/package.json
+++ b/contrib/src/upnp/package.json
@@ -1,6 +1,7 @@
{
"name": "upnp",
"version": "1.8.4",
+ "cpe": "cpe:2.3:a:pupnp_project:pupnp:1.8.4:*:*:*:*:*:*:*",
"url": "https://github.com/mrjimenez/pupnp/archive/release-__VERSION__.tar.gz",
"deps": ["pthreads"],
"patches": [],
diff --git a/contrib/src/upnp/rules.mak b/contrib/src/upnp/rules.mak
index b6c9c9c250..0d7d035a6f 100644
--- a/contrib/src/upnp/rules.mak
+++ b/contrib/src/upnp/rules.mak
@@ -1,5 +1,6 @@
# UPNP
UPNP_VERSION := 1.14.18
+PKG_CPE += cpe:2.3:a:pupnp_project:pupnp:$(UPNP_VERSION):*:*:*:*:*:*:*
UPNP_URL := https://github.com/pupnp/pupnp/archive/release-$(UPNP_VERSION).tar.gz
PKGS += upnp
diff --git a/contrib/src/vpx/package.json b/contrib/src/vpx/package.json
index 5322b819af..a65d166509 100644
--- a/contrib/src/vpx/package.json
+++ b/contrib/src/vpx/package.json
@@ -1,6 +1,7 @@
{
"name": "vpx",
"version": "f4d13145a2c3aea6fbf211dc493ea4e97be6a092",
+ "cpe": "cpe:2.3:a:webmproject:libvpx:1.14.1:*:*:*:*:*:*:*",
"url": "https://github.com/ShiftMediaProject/libvpx/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/vpx/rules.mak b/contrib/src/vpx/rules.mak
index 47988432b7..07664ccb1a 100644
--- a/contrib/src/vpx/rules.mak
+++ b/contrib/src/vpx/rules.mak
@@ -1,6 +1,7 @@
# libvpx
-
-VPX_HASH := v1.14.1
+VPX_VERSION := 1.14.1
+VPX_HASH := v$(VPX_VERSION)
+PKG_CPE += cpe:2.3:a:webmproject:libvpx:$(VPX_VERSION):*:*:*:*:*:*:*
VPX_URL := https://github.com/webmproject/libvpx/archive/$(VPX_HASH).tar.gz
$(TARBALLS)/libvpx-$(VPX_HASH).tar.gz:
diff --git a/contrib/src/yaml-cpp/package.json b/contrib/src/yaml-cpp/package.json
index 45adbdbbdc..77c2ed689f 100644
--- a/contrib/src/yaml-cpp/package.json
+++ b/contrib/src/yaml-cpp/package.json
@@ -1,6 +1,7 @@
{
"name": "yaml-cpp",
"version": "24fa1b33805c9a91df0f32c46c28e314dd7ad96f",
+ "cpe": "cpe:2.3:a:*:yaml-cpp:0.8.0:*:*:*:*:*:*:*",
"url": "https://github.com/jbeder/yaml-cpp/archive/__VERSION__.tar.gz",
"use_cmake": true,
"defines": [
diff --git a/contrib/src/yaml-cpp/rules.mak b/contrib/src/yaml-cpp/rules.mak
index 0c43ab20c5..f5f01bafd4 100644
--- a/contrib/src/yaml-cpp/rules.mak
+++ b/contrib/src/yaml-cpp/rules.mak
@@ -1,5 +1,6 @@
# YAML
YAML_CPP_VERSION := 0.8.0
+PKG_CPE += cpe:2.3:a:*:yaml-cpp:$(YAML_CPP_VERSION):*:*:*:*:*:*:*
YAML_CPP_URL := https://github.com/jbeder/yaml-cpp/archive/$(YAML_CPP_VERSION).tar.gz
PKGS += yaml-cpp
diff --git a/contrib/src/zlib/package.json b/contrib/src/zlib/package.json
index b72c18c403..c5a0cf6fe2 100644
--- a/contrib/src/zlib/package.json
+++ b/contrib/src/zlib/package.json
@@ -1,6 +1,7 @@
{
"name": "zlib",
"version": "8e4e3ead55cdd296130242d86b44b92fde3ea4d4",
+ "cpe": "cpe:2.3:a:zlib:zlib:1.2.8:*:*:*:*:*:*:*",
"url": "https://github.com/ShiftMediaProject/zlib/archive/__VERSION__.tar.gz",
"deps": [],
"patches": [],
diff --git a/contrib/src/zlib/rules.mak b/contrib/src/zlib/rules.mak
index 6455db4301..7ffdc0cb58 100644
--- a/contrib/src/zlib/rules.mak
+++ b/contrib/src/zlib/rules.mak
@@ -1,5 +1,6 @@
# ZLIB
ZLIB_VERSION := 1.2.8
+PKG_CPE += cpe:2.3:a:zlib:zlib:$(ZLIB_VERSION):*:*:*:*:*:*:*
ZLIB_URL := https://github.com/madler/zlib/archive/v$(ZLIB_VERSION).tar.gz
PKGS += zlib
--
GitLab