From d84d0c42ec3e9b1f78a1bb38a0c83b38cc237191 Mon Sep 17 00:00:00 2001
From: Louis Maillard <louis.maillard@savoirfairelinux.com>
Date: Thu, 27 Jun 2024 16:39:01 -0400
Subject: [PATCH] contrib: add CPE information on packages

Added "cpe" field in package.json and PKG_CVE for make rules.
GitLab: #1021

Change-Id: I375fe3c224b0578ed702877d236fbc8ed0a5d8d5
---
 contrib/src/argon2/package.json      | 1 +
 contrib/src/argon2/rules.mak         | 1 +
 contrib/src/asio/package.json        | 1 +
 contrib/src/asio/rules.mak           | 1 +
 contrib/src/ffmpeg/package.json      | 1 +
 contrib/src/ffmpeg/rules.mak         | 1 +
 contrib/src/ffnvcodec/package.json   | 1 +
 contrib/src/ffnvcodec/rules.mak      | 1 +
 contrib/src/fmt/package.json         | 1 +
 contrib/src/fmt/rules.mak            | 1 +
 contrib/src/freetype/package.json    | 1 +
 contrib/src/freetype/rules.mak       | 2 ++
 contrib/src/gmp/package.json         | 1 +
 contrib/src/gmp/rules.mak            | 1 +
 contrib/src/gnutls/package.json      | 1 +
 contrib/src/gnutls/rules.mak         | 1 +
 contrib/src/http_parser/package.json | 1 +
 contrib/src/http_parser/rules.mak    | 1 +
 contrib/src/jsoncpp/package.json     | 1 +
 contrib/src/jsoncpp/rules.mak        | 1 +
 contrib/src/libarchive/package.json  | 1 +
 contrib/src/libarchive/rules.mak     | 1 +
 contrib/src/libgit2/package.json     | 1 +
 contrib/src/libgit2/rules.mak        | 1 +
 contrib/src/libressl/rules.mak       | 1 +
 contrib/src/liburcu/package.json     | 1 +
 contrib/src/liburcu/rules.mak        | 1 +
 contrib/src/llhttp/rules.mak         | 1 +
 contrib/src/lttng-ust/package.json   | 6 +++---
 contrib/src/lttng-ust/rules.mak      | 1 +
 contrib/src/main.mak                 | 3 +++
 contrib/src/minizip/package.json     | 1 +
 contrib/src/minizip/rules.mak        | 1 +
 contrib/src/msgpack/package.json     | 1 +
 contrib/src/msgpack/rules.mak        | 1 +
 contrib/src/nettle/package.json      | 1 +
 contrib/src/nettle/rules.mak         | 1 +
 contrib/src/onnx/package.json        | 1 +
 contrib/src/onnx/rules.mak           | 1 +
 contrib/src/opencv/package.json      | 1 +
 contrib/src/opencv/rules.mak         | 1 +
 contrib/src/openssl/package.json     | 1 +
 contrib/src/opus/package.json        | 1 +
 contrib/src/opus/rules.mak           | 1 +
 contrib/src/portaudio/package.json   | 1 +
 contrib/src/portaudio/rules.mak      | 1 +
 contrib/src/pthreads/package.json    | 1 +
 contrib/src/restinio/package.json    | 1 +
 contrib/src/restinio/rules.mak       | 1 +
 contrib/src/speex/rules.mak          | 5 +++--
 contrib/src/speexdsp/package.json    | 1 +
 contrib/src/speexdsp/rules.mak       | 4 +++-
 contrib/src/upnp/package.json        | 1 +
 contrib/src/upnp/rules.mak           | 1 +
 contrib/src/vpx/package.json         | 1 +
 contrib/src/vpx/rules.mak            | 5 +++--
 contrib/src/yaml-cpp/package.json    | 1 +
 contrib/src/yaml-cpp/rules.mak       | 1 +
 contrib/src/zlib/package.json        | 1 +
 contrib/src/zlib/rules.mak           | 1 +
 60 files changed, 71 insertions(+), 8 deletions(-)

diff --git a/contrib/src/argon2/package.json b/contrib/src/argon2/package.json
index b16c8c95f7..2444fa7994 100644
--- a/contrib/src/argon2/package.json
+++ b/contrib/src/argon2/package.json
@@ -1,6 +1,7 @@
 {
     "name": "argon2",
     "version": "670229c849b9fe882583688b74eb7dfdc846f9f6",
+    "cpe": "cpe:2.3:a:argon2_project:argon2:-:*:*:*:*:*:*:*",
     "url": "https://github.com/P-H-C/phc-winner-argon2/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/argon2/rules.mak b/contrib/src/argon2/rules.mak
index 60ef3ddeb3..322d485d66 100644
--- a/contrib/src/argon2/rules.mak
+++ b/contrib/src/argon2/rules.mak
@@ -1,5 +1,6 @@
 # ARGON2
 ARGON2_VERSION := 16d3df698db2486dde480b09a732bf9bf48599f9
+PKG_CPE += cpe:2.3:a:argon2_project:argon2:-:*:*:*:*:*:*:*
 ARGON2_URL := https://github.com/P-H-C/phc-winner-argon2/archive/$(ARGON2_VERSION).tar.gz
 
 ifeq ($(call need_pkg,'libargon2 > 20161029'),)
diff --git a/contrib/src/asio/package.json b/contrib/src/asio/package.json
index 3e9c594e56..44fe06fcbe 100644
--- a/contrib/src/asio/package.json
+++ b/contrib/src/asio/package.json
@@ -1,6 +1,7 @@
 {
     "name": "asio",
     "version": "asio-1-28-1",
+    "cpe": "cpe:2.3:a:*:asio:1.28.1:*:*:*:*:*:*:*",
     "url": "https://github.com/chriskohlhoff/asio/archive/__VERSION__.tar.gz",
     "deps": ["openssl"],
     "patches": [],
diff --git a/contrib/src/asio/rules.mak b/contrib/src/asio/rules.mak
index d630f18de3..08e19a2b2f 100644
--- a/contrib/src/asio/rules.mak
+++ b/contrib/src/asio/rules.mak
@@ -19,6 +19,7 @@
 #
 
 ASIO_VERSION := asio-1-28-1
+PKG_CPE += cpe:2.3:a:*:asio:1.28.1:*:*:*:*:*:*:*
 ASIO_URL := https://github.com/chriskohlhoff/asio/archive/$(ASIO_VERSION).tar.gz
 
 # Pure dependency of restinio: do not add to PKGS.
diff --git a/contrib/src/ffmpeg/package.json b/contrib/src/ffmpeg/package.json
index c1f73f0756..12b210b864 100644
--- a/contrib/src/ffmpeg/package.json
+++ b/contrib/src/ffmpeg/package.json
@@ -1,6 +1,7 @@
 {
     "name": "ffmpeg",
     "version": "6.0.1",
+    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:6.0.1:*:*:*:*:*:*:*",
     "url": "https://ffmpeg.org/releases/ffmpeg-__VERSION__.tar.xz",
     "deps": [
         "vpx",
diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak
index 833f8916d3..0204fbb17f 100644
--- a/contrib/src/ffmpeg/rules.mak
+++ b/contrib/src/ffmpeg/rules.mak
@@ -1,4 +1,5 @@
 FFMPEG_HASH := 6.0.1
+PKG_CPE += cpe:2.3:a:ffmpeg:ffmpeg:6.0.1:*:*:*:*:*:*:*
 FFMPEG_URL := https://ffmpeg.org/releases/ffmpeg-$(FFMPEG_HASH).tar.xz
 
 PKGS+=ffmpeg
diff --git a/contrib/src/ffnvcodec/package.json b/contrib/src/ffnvcodec/package.json
index 2e83aaa3ba..75dec99a6e 100644
--- a/contrib/src/ffnvcodec/package.json
+++ b/contrib/src/ffnvcodec/package.json
@@ -1,6 +1,7 @@
 {
     "name": "ffnvcodec",
     "version": "n11.1.5.2",
+    "cpe": "cpe:2.3:a:videolan:ffnvcodec:11.1.5.2:*:*:*:*:*:*:*",
     "url": "https://github.com/FFmpeg/nv-codec-headers/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/ffnvcodec/rules.mak b/contrib/src/ffnvcodec/rules.mak
index b6ffc4a837..c2671a0600 100644
--- a/contrib/src/ffnvcodec/rules.mak
+++ b/contrib/src/ffnvcodec/rules.mak
@@ -1,5 +1,6 @@
 # ffnvcodec
 FFNVCODEC_VERSION := n11.1.5.2
+PKG_CPE += cpe:2.3:a:videolan:ffnvcodec:11.1.5.2:*:*:*:*:*:*:*
 FFNVCODEC_GITURL := https://git.videolan.org/git/ffmpeg/nv-codec-headers.git
 
 ifeq ($(call need_pkg,"ffnvcodec >= 8"),)
diff --git a/contrib/src/fmt/package.json b/contrib/src/fmt/package.json
index 2721cc319a..80d921e38e 100644
--- a/contrib/src/fmt/package.json
+++ b/contrib/src/fmt/package.json
@@ -1,6 +1,7 @@
 {
     "name": "fmt",
     "version": "10.1.0",
+    "cpe": "cpe:2.3:a:fmt:fmt:10.1.0:*:*:*:*:*:*:*",
     "url": "https://github.com/fmtlib/fmt/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/fmt/rules.mak b/contrib/src/fmt/rules.mak
index 0961089979..9b0a5148a2 100644
--- a/contrib/src/fmt/rules.mak
+++ b/contrib/src/fmt/rules.mak
@@ -1,5 +1,6 @@
 # FMT
 FMT_VERSION := 10.1.0
+PKG_CPE += cpe:2.3:a:fmt:fmt:$(FMT_VERSION):*:*:*:*:*:*:*
 FMT_URL := https://github.com/fmtlib/fmt/archive/$(FMT_VERSION).tar.gz
 
 PKGS += fmt
diff --git a/contrib/src/freetype/package.json b/contrib/src/freetype/package.json
index ebc164176c..93760a67b7 100644
--- a/contrib/src/freetype/package.json
+++ b/contrib/src/freetype/package.json
@@ -1,6 +1,7 @@
 {
     "name": "freetype",
     "version": "39ce3ac499d4cd7371031a062f410953c8ecce29",
+    "cpe": "cpe:2.3:a:freetype:freetype:2.10.1:*:*:*:*:*:*:*",
     "url": "https://gitlab.freedesktop.org/freetype/freetype/-/archive/__VERSION__/freetype-__VERSION__.tar.gz",
     "use_cmake": true
 }
diff --git a/contrib/src/freetype/rules.mak b/contrib/src/freetype/rules.mak
index 197626403d..b06454d0b9 100644
--- a/contrib/src/freetype/rules.mak
+++ b/contrib/src/freetype/rules.mak
@@ -2,6 +2,8 @@
 FREETYPE_HASH := 39ce3ac499d4cd7371031a062f410953c8ecce29
 FREETYPE_GITURL := https://gitlab.freedesktop.org/freetype/freetype/-/archive/$(FREETYPE_HASH)/freetype-$(FREETYPE_HASH).tar.gz
 
+PKG_CPE += cpe:2.3:a:freetype:freetype:2.10.1:*:*:*:*:*:*:*
+
 ifeq ($(call need_pkg,"freetype2 >= 2.10.1"),)
 PKGS_FOUND += freetype
 endif
diff --git a/contrib/src/gmp/package.json b/contrib/src/gmp/package.json
index 6a897fb551..5a12033367 100644
--- a/contrib/src/gmp/package.json
+++ b/contrib/src/gmp/package.json
@@ -1,6 +1,7 @@
 {
     "name": "gmp",
     "version": "eb35fdadc072ecae2b262fd6e6709c308cadc07a",
+    "cpe": "cpe:2.3:a:gmplib:gmp:6.3.0:*:*:*:*:*:*:*",
     "url": "https://github.com/ShiftMediaProject/gmp/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/gmp/rules.mak b/contrib/src/gmp/rules.mak
index 68be37f740..6b975ceb80 100644
--- a/contrib/src/gmp/rules.mak
+++ b/contrib/src/gmp/rules.mak
@@ -2,6 +2,7 @@
 
 
 GMP_VERSION := 6.3.0
+PKG_CPE += cpe:2.3:a:gmplib:gmp:$(GMP_VERSION):*:*:*:*:*:*:*
 GMP_URL := $(GNU)/gmp/gmp-$(GMP_VERSION).tar.bz2
 
 ifeq ($(call need_pkg,'gmp >= 6.2.0'),)
diff --git a/contrib/src/gnutls/package.json b/contrib/src/gnutls/package.json
index 4b706dd4ae..e121a5c805 100644
--- a/contrib/src/gnutls/package.json
+++ b/contrib/src/gnutls/package.json
@@ -1,6 +1,7 @@
 {
     "name": "gnutls",
     "version": "3.6.7",
+    "cpe": "cpe:2.3:a:gnu:gnutls:3.6.7:*:*:*:*:*:*:*",
     "url": "https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-__VERSION__.tar.xz",
     "deps": [
         "iconv",
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 44b2eedea4..8d556f4871 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -1,6 +1,7 @@
 # GnuTLS
 
 GNUTLS_VERSION := 3.8.3
+PKG_CPE += cpe:2.3:a:gnu:gnutls:$(GNUTLS_VERSION):*:*:*:*:*:*:*
 GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-$(GNUTLS_VERSION).tar.xz
 
 PKGS += gnutls
diff --git a/contrib/src/http_parser/package.json b/contrib/src/http_parser/package.json
index 0ae1dc3fee..85e6f67c09 100644
--- a/contrib/src/http_parser/package.json
+++ b/contrib/src/http_parser/package.json
@@ -1,6 +1,7 @@
 {
     "name": "http_parser",
     "version": "2.9.4",
+    "cpe": "cpe:2.3:a:nodejs:http-parser:2.9.4:*:*:*:*:*:*:*",
     "url": "https://github.com/nodejs/http-parser/archive/v__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/http_parser/rules.mak b/contrib/src/http_parser/rules.mak
index 09c347c25d..5c86b260f2 100644
--- a/contrib/src/http_parser/rules.mak
+++ b/contrib/src/http_parser/rules.mak
@@ -1,5 +1,6 @@
 # HTTP_PARSER
 HTTP_PARSER_VERSION := 2.9.4
+PKG_CPE += cpe:2.3:a:nodejs:http-parser:$(HTTP_PARSER_VERSION):*:*:*:*:*:*:*
 HTTP_PARSER_URL := https://github.com/nodejs/http-parser/archive/v$(HTTP_PARSER_VERSION).tar.gz
 
 PKGS += http_parser
diff --git a/contrib/src/jsoncpp/package.json b/contrib/src/jsoncpp/package.json
index 48d5aebb06..4eb680cb80 100644
--- a/contrib/src/jsoncpp/package.json
+++ b/contrib/src/jsoncpp/package.json
@@ -1,6 +1,7 @@
 {
     "name": "jsoncpp",
     "version": "1.9.3",
+    "cpe": "cpe:2.3:a:jsoncpp_project:jsoncpp:1.9.3:*:*:*:*:*:*:*",
     "url": "https://github.com/open-source-parsers/jsoncpp/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/jsoncpp/rules.mak b/contrib/src/jsoncpp/rules.mak
index 67ba98d6d2..ed07d40c91 100644
--- a/contrib/src/jsoncpp/rules.mak
+++ b/contrib/src/jsoncpp/rules.mak
@@ -1,5 +1,6 @@
 # JSONCPP
 JSONCPP_VERSION := 1.9.3
+PKG_CPE += cpe:2.3:a:jsoncpp_project:jsoncpp:$(JSONCPP_VERSION):*:*:*:*:*:*:*
 
 JSONCPP_URL := https://github.com/open-source-parsers/jsoncpp/archive/$(JSONCPP_VERSION).tar.gz
 
diff --git a/contrib/src/libarchive/package.json b/contrib/src/libarchive/package.json
index f3d616e25a..5de25f9771 100644
--- a/contrib/src/libarchive/package.json
+++ b/contrib/src/libarchive/package.json
@@ -1,6 +1,7 @@
 {
     "name": "libarchive",
     "version": "a53d711261f4d5bf2104d9c3616a8602a45ba196",
+    "cpe": "cpe:2.3:a:libarchive:libarchive:3.6.0:*:*:*:*:*:*:*",
     "url": "https://github.com/libarchive/libarchive/archive/__VERSION__.tar.gz",
     "deps": ["iconv"],
     "patches": [
diff --git a/contrib/src/libarchive/rules.mak b/contrib/src/libarchive/rules.mak
index 0f4c45a05e..3958c0854a 100644
--- a/contrib/src/libarchive/rules.mak
+++ b/contrib/src/libarchive/rules.mak
@@ -1,5 +1,6 @@
 # LIBARCHIVE
 LIBARCHIVE_VERSION := 3.6.0
+PKG_CPE += cpe:2.3:a:libarchive:libarchive:$(LIBARCHIVE_VERSION):*:*:*:*:*:*:*
 LIBARCHIVE_URL := https://github.com/libarchive/libarchive/releases/download/v$(LIBARCHIVE_VERSION)/libarchive-$(LIBARCHIVE_VERSION).tar.xz
 
 ifndef HAVE_MACOSX
diff --git a/contrib/src/libgit2/package.json b/contrib/src/libgit2/package.json
index 5b74ca49b2..996628f20f 100644
--- a/contrib/src/libgit2/package.json
+++ b/contrib/src/libgit2/package.json
@@ -1,6 +1,7 @@
 {
     "name": "libgit2",
     "version": "v1.8.0",
+    "cpe": "cpe:2.3:a:libgit2:libgit2:1.8.0:*:*:*:*:*:*:*",
     "url": "https://github.com/libgit2/libgit2/archive/__VERSION__.tar.gz",
     "use_cmake" : true,
     "defines": [
diff --git a/contrib/src/libgit2/rules.mak b/contrib/src/libgit2/rules.mak
index 80171984e2..88318dbe78 100644
--- a/contrib/src/libgit2/rules.mak
+++ b/contrib/src/libgit2/rules.mak
@@ -1,5 +1,6 @@
 # LIBGIT2
 LIBGIT2_VERSION := 1.8.0
+PKG_CPE += cpe:2.3:a:libgit2:libgit2:${LIBGIT2_VERSION}:*:*:*:*:*:*:*
 LIBGIT2_URL := https://github.com/libgit2/libgit2/archive/v${LIBGIT2_VERSION}.tar.gz
 
 PKGS += libgit2
diff --git a/contrib/src/libressl/rules.mak b/contrib/src/libressl/rules.mak
index 3e27c4e7bf..5f70a739ba 100644
--- a/contrib/src/libressl/rules.mak
+++ b/contrib/src/libressl/rules.mak
@@ -19,6 +19,7 @@
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
 #
 SSL_VERSION := 3.7.0
+PKG_CPE += cpe:2.3:a:openbsd:libressl:$(SSL_VERSION):*:*:*:*:*:*:*
 LIBRESSL_VERSION := libressl-$(SSL_VERSION)
 LIBRESSL_URL := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$(LIBRESSL_VERSION).tar.gz
 
diff --git a/contrib/src/liburcu/package.json b/contrib/src/liburcu/package.json
index b0f36c2aa0..4bc205b3e5 100644
--- a/contrib/src/liburcu/package.json
+++ b/contrib/src/liburcu/package.json
@@ -1,6 +1,7 @@
 {
     "name": "liburcu",
     "version": "0.13.1",
+    "cpe": "cpe:2.3:a:lttng:urcu:0.13.1:*:*:*:*:*:*:*",
     "url": "https://lttng.org/files/urcu/userspace-rcu-__VERSION__.tar.bz2",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/liburcu/rules.mak b/contrib/src/liburcu/rules.mak
index ee91a5d117..ec196d9874 100644
--- a/contrib/src/liburcu/rules.mak
+++ b/contrib/src/liburcu/rules.mak
@@ -1,6 +1,7 @@
 # liburcu
 
 LIBURCU_VERSION := 0.13.1
+PKG_CPE += cpe:2.3:a:lttng:urcu:${LIBURCU_VERSION}:*:*:*:*:*:*:*
 LIBURCU_URL     := https://lttng.org/files/urcu/userspace-rcu-${LIBURCU_VERSION}.tar.bz2
 
 ifeq ($(call need_pkg "liburcu >= 0.13.1"),)
diff --git a/contrib/src/llhttp/rules.mak b/contrib/src/llhttp/rules.mak
index d5d1fddd87..4fdc532766 100644
--- a/contrib/src/llhttp/rules.mak
+++ b/contrib/src/llhttp/rules.mak
@@ -17,6 +17,7 @@
 #  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
 #
 LLHTTP_VERSION := 9.2.0
+PKG_CPE += cpe:2.3:a:llhttp:llhttp:$(LLHTTP_VERSION):*:*:*:*:*:*:*
 LLHTTP_URL := https://github.com/nodejs/llhttp/archive/refs/tags/release/v$(LLHTTP_VERSION).tar.gz
 
 LLHTTP_CMAKECONF := \
diff --git a/contrib/src/lttng-ust/package.json b/contrib/src/lttng-ust/package.json
index a6604d5a5f..0d9abc609b 100644
--- a/contrib/src/lttng-ust/package.json
+++ b/contrib/src/lttng-ust/package.json
@@ -1,14 +1,14 @@
 {
     "name": "lttng-ust",
     "version": "2.13.0",
+    "cpe": "cpe:2.3:a:lttng:ust:2.13.0:*:*:*:*:*:*:*",
     "url": "https://lttng.org/files/lttng-ust/lttng-ust-__VERSION__.tar.bz2",
     "deps": [
-        "liburcu",
+        "liburcu"
     ],
     "patches": [],
     "win_patches": [],
-    "project_paths": [
-    ],
+    "project_paths": [],
     "with_env" : "",
     "custom_scripts": {
         "pre_build": [],
diff --git a/contrib/src/lttng-ust/rules.mak b/contrib/src/lttng-ust/rules.mak
index a4b65803cf..b02e4d6d2c 100644
--- a/contrib/src/lttng-ust/rules.mak
+++ b/contrib/src/lttng-ust/rules.mak
@@ -1,6 +1,7 @@
 # lttng-ust
 
 LTTNG_UST_VERSION := 2.13.1
+PKG_CPE += cpe:2.3:a:lttng:ust:${LTTNG_UST_VERSION}:*:*:*:*:*:*:*
 LTTNG_UST_URL     := https://lttng.org/files/lttng-ust/lttng-ust-${LTTNG_UST_VERSION}.tar.bz2
 
 ifeq ($(call need_pkg "liblttng-ust >= 2.13.0"),)
diff --git a/contrib/src/main.mak b/contrib/src/main.mak
index 160fd79130..8c0a2fbb4a 100644
--- a/contrib/src/main.mak
+++ b/contrib/src/main.mak
@@ -55,6 +55,9 @@ GNU := https://ftpmirror.gnu.org
 SF := https://sourceforge.net/projects
 CONTRIB_VIDEOLAN ?= https://downloads.videolan.org/pub/contrib
 
+# CPE ID list for generating SBOM
+PKG_CPE := 
+
 #
 # Machine-dependent variables
 #
diff --git a/contrib/src/minizip/package.json b/contrib/src/minizip/package.json
index 735fbc0300..36f324ffdd 100644
--- a/contrib/src/minizip/package.json
+++ b/contrib/src/minizip/package.json
@@ -1,6 +1,7 @@
 {
     "name": "minizip",
     "version": "3.0.0",
+    "cpe": "cpe:2.3:a:minizip_project:minizip:3.0.0:*:*:*:*:*:*:*",
     "url": "https://github.com/zlib-ng/minizip-ng/archive/refs/tags/__VERSION__.tar.gz",
     "deps": ["zlib", "iconv"],
     "patches": [],
diff --git a/contrib/src/minizip/rules.mak b/contrib/src/minizip/rules.mak
index 52a131a3c4..cfaf9e264b 100644
--- a/contrib/src/minizip/rules.mak
+++ b/contrib/src/minizip/rules.mak
@@ -1,5 +1,6 @@
 # MINIZIP
 LIBMINIZIP_VERSION := 4.0.7
+PKG_CPE += cpe:2.3:a:minizip_project:minizip:$(LIBMINIZIP_VERSION):*:*:*:*:*:*:*
 LIBMINIZIP_URL := https://github.com/zlib-ng/minizip-ng/archive/$(LIBMINIZIP_VERSION).tar.gz
 
 ifdef HAVE_MACOSX
diff --git a/contrib/src/msgpack/package.json b/contrib/src/msgpack/package.json
index f06afa0ffe..889452a4bf 100644
--- a/contrib/src/msgpack/package.json
+++ b/contrib/src/msgpack/package.json
@@ -1,6 +1,7 @@
 {
     "name": "msgpack-c",
     "version": "cpp-6.1.0",
+    "cpe": "cpe:2.3:a:*:msgpack:6.1.0:*:*:*:*:*:*:*",
     "url": "https://github.com/msgpack/msgpack-c/archive/__VERSION__.tar.gz",
     "use_cmake" : true,
     "defines": [
diff --git a/contrib/src/msgpack/rules.mak b/contrib/src/msgpack/rules.mak
index a2a7049c63..976b03d338 100644
--- a/contrib/src/msgpack/rules.mak
+++ b/contrib/src/msgpack/rules.mak
@@ -1,5 +1,6 @@
 # MSGPACK
 MSGPACK_VERSION := cpp-6.1.0
+PKG_CPE += cpe:2.3:a:*:msgpack:6.1.0:*:*:*:*:*:*:*
 MSGPACK_URL := https://github.com/msgpack/msgpack-c/archive/$(MSGPACK_VERSION).tar.gz
 
 PKGS += msgpack
diff --git a/contrib/src/nettle/package.json b/contrib/src/nettle/package.json
index 9bf61932a6..910cce912e 100644
--- a/contrib/src/nettle/package.json
+++ b/contrib/src/nettle/package.json
@@ -1,6 +1,7 @@
 {
     "name": "nettle",
     "version": "c180b4d7afbda4049ad265d1366567f62a7a4a3a",
+    "cpe": "cpe:2.3:a:nettle_project:nettle:3.9.1:*:*:*:*:*:*:*",
     "url": "https://github.com/ShiftMediaProject/nettle/archive/__VERSION__.tar.gz",
     "deps": ["gmp"],
     "patches": [],
diff --git a/contrib/src/nettle/rules.mak b/contrib/src/nettle/rules.mak
index 2f8b13eef7..a204aebd6d 100644
--- a/contrib/src/nettle/rules.mak
+++ b/contrib/src/nettle/rules.mak
@@ -1,6 +1,7 @@
 # Nettle
 
 NETTLE_VERSION := nettle_3.9.1_release_20230601
+PKG_CPE += cpe:2.3:a:nettle_project:nettle:3.9.1:*:*:*:*:*:*:*
 NETTLE_URL := https://git.lysator.liu.se/nettle/nettle/-/archive/$(NETTLE_VERSION)/nettle-$(NETTLE_VERSION).tar.gz
 PKGS += nettle
 
diff --git a/contrib/src/onnx/package.json b/contrib/src/onnx/package.json
index f45c0a4fc7..7508129650 100644
--- a/contrib/src/onnx/package.json
+++ b/contrib/src/onnx/package.json
@@ -1,6 +1,7 @@
 {
     "name": "onnx",
     "version": "v1.12.0",
+    "cpe": "cpe:2.3:a:*:onnx:1.12.0:*:*:*:*:*:*:*",
     "url": "https://github.com/microsoft/onnxruntime/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/onnx/rules.mak b/contrib/src/onnx/rules.mak
index a08b38bc33..fa553a0c13 100644
--- a/contrib/src/onnx/rules.mak
+++ b/contrib/src/onnx/rules.mak
@@ -1,5 +1,6 @@
 # ONNX
 ONNX_VERSION := v1.16.3
+PKG_CPE += cpe:2.3:a:*:onnx:1.16.3:*:*:*:*:*:*:*
 ONNX_URL := https://github.com/microsoft/onnxruntime.git
 
 $(TARBALLS)/onnxruntime-$(ONNX_VERSION).tar.xz:
diff --git a/contrib/src/opencv/package.json b/contrib/src/opencv/package.json
index c811e8932f..182e83a3ac 100644
--- a/contrib/src/opencv/package.json
+++ b/contrib/src/opencv/package.json
@@ -1,6 +1,7 @@
 {
     "name": "opencv",
     "version": "4.6.0",
+    "cpe": "cpe:2.3:a:opencv:opencv:4.6.0:*:*:*:*:*:*:*",
     "url": "https://github.com/opencv/opencv/archive/__VERSION__.tar.gz",
     "deps": ["opencv_contrib"],
     "patches": [],
diff --git a/contrib/src/opencv/rules.mak b/contrib/src/opencv/rules.mak
index 52371efb07..bb10b86967 100644
--- a/contrib/src/opencv/rules.mak
+++ b/contrib/src/opencv/rules.mak
@@ -1,5 +1,6 @@
 # OPENCV
 OPENCV_VERSION := 4.6.0
+PKG_CPE += cpe:2.3:a:opencv:opencv:$(OPENCV_VERSION):*:*:*:*:*:*:*
 OPENCV_CONTRIB_VERSION := 4.6.0
 OPENCV_URL := https://github.com/opencv/opencv/archive/$(OPENCV_VERSION).tar.gz
 
diff --git a/contrib/src/openssl/package.json b/contrib/src/openssl/package.json
index d8e458e5ca..9edfda252d 100644
--- a/contrib/src/openssl/package.json
+++ b/contrib/src/openssl/package.json
@@ -1,6 +1,7 @@
 {
     "name": "openssl",
     "version": "OpenSSL_1_1_1-stable",
+    "cpe": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
     "url": "https://github.com/openssl/openssl/archive/__VERSION__.tar.gz",
     "custom_scripts": {
         "build": [
diff --git a/contrib/src/opus/package.json b/contrib/src/opus/package.json
index aeac223efc..f9f2bf396a 100644
--- a/contrib/src/opus/package.json
+++ b/contrib/src/opus/package.json
@@ -1,6 +1,7 @@
 {
     "name": "opus",
     "version": "76d2d6dca0a224f3ffb34b7429d7547bdbb1bad7",
+    "cpe": "cpe:2.3:a:*:opus:1.4:*:*:*:*:*:*:*",
     "url": "https://github.com/ShiftMediaProject/opus/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/opus/rules.mak b/contrib/src/opus/rules.mak
index c7753626e5..036d291260 100644
--- a/contrib/src/opus/rules.mak
+++ b/contrib/src/opus/rules.mak
@@ -1,6 +1,7 @@
 # opus
 
 OPUS_VERSION := 1.4
+PKG_CPE += cpe:2.3:a:*:opus:$(OPUS_VERSION):*:*:*:*:*:*:*
 OPUS_URL := https://github.com/xiph/opus/archive/v$(OPUS_VERSION).tar.gz
 
 PKGS += opus
diff --git a/contrib/src/portaudio/package.json b/contrib/src/portaudio/package.json
index 3720bac1a7..a4e5a468f9 100644
--- a/contrib/src/portaudio/package.json
+++ b/contrib/src/portaudio/package.json
@@ -1,6 +1,7 @@
 {
     "name": "portaudio",
     "version": "v190600_20161030",
+    "cpe": "cpe:2.3:a:*:portaudio:19.6.0:*:*:*:*:*:*:*",
     "url": "https://github.com/PortAudio/portaudio/archive/refs/tags/pa_stable___VERSION__.tar.gz",
     "use_cmake" : true,
     "defines": [
diff --git a/contrib/src/portaudio/rules.mak b/contrib/src/portaudio/rules.mak
index a74232a240..859057c831 100644
--- a/contrib/src/portaudio/rules.mak
+++ b/contrib/src/portaudio/rules.mak
@@ -1,6 +1,7 @@
 # PortAudio
 
 PORTAUDIO_VERSION := v19_20140130
+PKG_CPE += cpe:2.3:a:*:portaudio:19.5.0:*:*:*:*:*:*:*
 PORTAUDIO_URL := http://www.portaudio.com/archives/pa_stable_$(PORTAUDIO_VERSION).tgz
 
 ifdef HAVE_WIN32
diff --git a/contrib/src/pthreads/package.json b/contrib/src/pthreads/package.json
index 98af313cb1..30ca34a24c 100644
--- a/contrib/src/pthreads/package.json
+++ b/contrib/src/pthreads/package.json
@@ -1,6 +1,7 @@
 {
     "name": "pthreads",
     "version": "v-2-10-0-rc",
+    "cpe": "cpe:2.3:a:pthread-win32_project:pthreads-win32:2.10.0:rc:*:*:*:*:*:*",
     "url": " https://github.com/jwinarske/pthreads4w/archive/refs/tags/__VERSION__.tar.gz",
     "win_patches": [
         "pthreads-windows.patch",
diff --git a/contrib/src/restinio/package.json b/contrib/src/restinio/package.json
index 5803ade276..9fae80c258 100644
--- a/contrib/src/restinio/package.json
+++ b/contrib/src/restinio/package.json
@@ -1,6 +1,7 @@
 {
     "name": "restinio",
     "version": "bbaa034dbcc7555ce67df0f8a1475591a7441733",
+    "cpe": "cpe:2.3:a:*:restinio:0.7.2:*:*:*:*:*:*:*",
     "url": "https://github.com/aberaud/restinio/archive/__VERSION__.tar.gz",
     "deps": [
         "fmt",
diff --git a/contrib/src/restinio/rules.mak b/contrib/src/restinio/rules.mak
index df659d00dc..4cbd13d22d 100644
--- a/contrib/src/restinio/rules.mak
+++ b/contrib/src/restinio/rules.mak
@@ -1,5 +1,6 @@
 # RESTINIO
 RESTINIO_VERSION := 0.7.2
+PKG_CPE += cpe:2.3:a:*:restinio:$(RESTINIO_VERSION):*:*:*:*:*:*:*
 RESTINIO_URL := https://github.com/Stiffstream/restinio/releases/download/v.$(RESTINIO_VERSION)/restinio-$(RESTINIO_VERSION).tar.bz2
 EXPECTED_LITE_URL := https://raw.githubusercontent.com/martinmoene/expected-lite/master/include/nonstd/expected.hpp
 
diff --git a/contrib/src/speex/rules.mak b/contrib/src/speex/rules.mak
index 6b3cbb3664..575892ac8c 100644
--- a/contrib/src/speex/rules.mak
+++ b/contrib/src/speex/rules.mak
@@ -1,6 +1,7 @@
 # speex
-
-SPEEX_HASH := Speex-1.2.1
+SPEEX_VERSION := 1.2.1
+SPEEX_HASH := Speex-$(SPEEX_VERSION)
+PKG_CPE += cpe:2.3:a:xiph:speex:$(SPEEX_VERSION):*:*:*:*:*:*:*
 SPEEX_GITURL := https://gitlab.xiph.org/xiph/speex/-/archive/$(SPEEX_HASH)/speex-$(SPEEX_HASH).tar.gz
 
 PKGS += speex
diff --git a/contrib/src/speexdsp/package.json b/contrib/src/speexdsp/package.json
index 95d427120b..aa5e3a5b5b 100644
--- a/contrib/src/speexdsp/package.json
+++ b/contrib/src/speexdsp/package.json
@@ -1,6 +1,7 @@
 {
     "name": "speexdsp",
     "version": "SpeexDSP-1.2.0",
+    "cpe": "cpe:2.3:a:xiph:speex:1.2.0:*:*:*:*:*:*:*",
     "url": "https://github.com/xiph/speexdsp/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": ["speexdsp_vs_proj.patch"],
diff --git a/contrib/src/speexdsp/rules.mak b/contrib/src/speexdsp/rules.mak
index 3eef299192..e726b0d000 100644
--- a/contrib/src/speexdsp/rules.mak
+++ b/contrib/src/speexdsp/rules.mak
@@ -1,6 +1,8 @@
 # speexdsp
 
-SPEEXDSP_HASH := SpeexDSP-1.2.0
+SPEEXDSP_VERSION := 1.2.0
+SPEEXDSP_HASH := SpeexDSP-$(SPEEXDSP_VERSION)
+PKG_CPE += cpe:2.3:a:xiph:speex:$(SPEEXDSP_VERSION):*:*:*:*:*:*:*
 SPEEXDSP_GITURL := https://gitlab.xiph.org/xiph/speexdsp/-/archive/$(SPEEXDSP_HASH)/speexdsp-$(SPEEXDSP_HASH).tar.gz
 
 PKGS += speexdsp
diff --git a/contrib/src/upnp/package.json b/contrib/src/upnp/package.json
index 44f931129e..e011c35451 100644
--- a/contrib/src/upnp/package.json
+++ b/contrib/src/upnp/package.json
@@ -1,6 +1,7 @@
 {
     "name": "upnp",
     "version": "1.8.4",
+    "cpe": "cpe:2.3:a:pupnp_project:pupnp:1.8.4:*:*:*:*:*:*:*",
     "url": "https://github.com/mrjimenez/pupnp/archive/release-__VERSION__.tar.gz",
     "deps": ["pthreads"],
     "patches": [],
diff --git a/contrib/src/upnp/rules.mak b/contrib/src/upnp/rules.mak
index b6c9c9c250..0d7d035a6f 100644
--- a/contrib/src/upnp/rules.mak
+++ b/contrib/src/upnp/rules.mak
@@ -1,5 +1,6 @@
 # UPNP
 UPNP_VERSION := 1.14.18
+PKG_CPE += cpe:2.3:a:pupnp_project:pupnp:$(UPNP_VERSION):*:*:*:*:*:*:*
 UPNP_URL := https://github.com/pupnp/pupnp/archive/release-$(UPNP_VERSION).tar.gz
 
 PKGS += upnp
diff --git a/contrib/src/vpx/package.json b/contrib/src/vpx/package.json
index 5322b819af..a65d166509 100644
--- a/contrib/src/vpx/package.json
+++ b/contrib/src/vpx/package.json
@@ -1,6 +1,7 @@
 {
     "name": "vpx",
     "version": "f4d13145a2c3aea6fbf211dc493ea4e97be6a092",
+    "cpe": "cpe:2.3:a:webmproject:libvpx:1.14.1:*:*:*:*:*:*:*",
     "url": "https://github.com/ShiftMediaProject/libvpx/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/vpx/rules.mak b/contrib/src/vpx/rules.mak
index 47988432b7..07664ccb1a 100644
--- a/contrib/src/vpx/rules.mak
+++ b/contrib/src/vpx/rules.mak
@@ -1,6 +1,7 @@
 # libvpx
-
-VPX_HASH := v1.14.1
+VPX_VERSION := 1.14.1
+VPX_HASH := v$(VPX_VERSION)
+PKG_CPE += cpe:2.3:a:webmproject:libvpx:$(VPX_VERSION):*:*:*:*:*:*:*
 VPX_URL := https://github.com/webmproject/libvpx/archive/$(VPX_HASH).tar.gz
 
 $(TARBALLS)/libvpx-$(VPX_HASH).tar.gz:
diff --git a/contrib/src/yaml-cpp/package.json b/contrib/src/yaml-cpp/package.json
index 45adbdbbdc..77c2ed689f 100644
--- a/contrib/src/yaml-cpp/package.json
+++ b/contrib/src/yaml-cpp/package.json
@@ -1,6 +1,7 @@
 {
     "name": "yaml-cpp",
     "version": "24fa1b33805c9a91df0f32c46c28e314dd7ad96f",
+    "cpe": "cpe:2.3:a:*:yaml-cpp:0.8.0:*:*:*:*:*:*:*",
     "url": "https://github.com/jbeder/yaml-cpp/archive/__VERSION__.tar.gz",
     "use_cmake": true,
     "defines": [
diff --git a/contrib/src/yaml-cpp/rules.mak b/contrib/src/yaml-cpp/rules.mak
index 0c43ab20c5..f5f01bafd4 100644
--- a/contrib/src/yaml-cpp/rules.mak
+++ b/contrib/src/yaml-cpp/rules.mak
@@ -1,5 +1,6 @@
 # YAML
 YAML_CPP_VERSION := 0.8.0
+PKG_CPE += cpe:2.3:a:*:yaml-cpp:$(YAML_CPP_VERSION):*:*:*:*:*:*:*
 YAML_CPP_URL := https://github.com/jbeder/yaml-cpp/archive/$(YAML_CPP_VERSION).tar.gz
 
 PKGS += yaml-cpp
diff --git a/contrib/src/zlib/package.json b/contrib/src/zlib/package.json
index b72c18c403..c5a0cf6fe2 100644
--- a/contrib/src/zlib/package.json
+++ b/contrib/src/zlib/package.json
@@ -1,6 +1,7 @@
 {
     "name": "zlib",
     "version": "8e4e3ead55cdd296130242d86b44b92fde3ea4d4",
+    "cpe": "cpe:2.3:a:zlib:zlib:1.2.8:*:*:*:*:*:*:*",
     "url": "https://github.com/ShiftMediaProject/zlib/archive/__VERSION__.tar.gz",
     "deps": [],
     "patches": [],
diff --git a/contrib/src/zlib/rules.mak b/contrib/src/zlib/rules.mak
index 6455db4301..7ffdc0cb58 100644
--- a/contrib/src/zlib/rules.mak
+++ b/contrib/src/zlib/rules.mak
@@ -1,5 +1,6 @@
 # ZLIB
 ZLIB_VERSION := 1.2.8
+PKG_CPE += cpe:2.3:a:zlib:zlib:$(ZLIB_VERSION):*:*:*:*:*:*:*
 ZLIB_URL := https://github.com/madler/zlib/archive/v$(ZLIB_VERSION).tar.gz
 
 PKGS += zlib
-- 
GitLab