[oe] [meta-gnome][PATCH 2/2] gnome-keyring: set CVE_PRODUCT

Gyorgy Sarvari via lists.openembedded.org Mon, 12 Jan 2026 05:00:46 -0800

The underscores and hyphens in the product name are used randomly in the CVE
database:


sqlite> select * from PRODUCTs where vendor = 'gnome' and product like '%keyr%';
CVE-2012-3466|gnome|gnome-keyring|3.4.0|=||
CVE-2012-3466|gnome|gnome-keyring|3.4.1|=||
CVE-2012-6111|gnome|gnome_keyring|3.2|=||
CVE-2012-6111|gnome|gnome_keyring|3.4|=||
CVE-2018-19358|gnome|gnome-keyring|||3.28.2|<=
CVE-2018-20781|gnome|gnome_keyring|||3.27.2|<

Set CVE_PRODUCT so that both versions are matched.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_46.2.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_46.2.bb 
b/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_46.2.bb
index e173199088..b723a0dd71 100644
--- a/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_46.2.bb
+++ b/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_46.2.bb
@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = " \
     file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \
 "
 
+CVE_PRODUCT = "gnome-keyring gnome_keyring"
+
 DEPENDS = " \
     glib-2.0-native \
     gtk+3 \

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123384): 
https://lists.openembedded.org/g/openembedded-devel/message/123384
Mute This Topic: https://lists.openembedded.org/mt/117222448/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-gnome][PATCH 2/2] gnome-keyring: set CVE_PRODUCT

Reply via email to