[oe] [meta-python][PATCH] python-grpcio(-tools): add grpc:grpc to cve product

Fri, 14 Feb 2025 09:42:51 -0800 

From: Peter Marko <peter.ma...@siemens.com>

These grpc python modules contain parts of grpc core.
Each CVE needs to be assessed if the patch applies also to core parts
included in each module.

Note that so far there was never a CVE specific for python module, only
for grpc:grpc and many of those needed to be fixed at leasts in grpcio:

sqlite> select vendor, product, count(*) from products where product like 
'%grpc%' group by vendor, product;
grpc|grpc|21
grpck|grpck|1
linuxfoundation|grpc_swift|9
microsoft|grpconv|1
opentelemetry|configgrpc|1

Signed-off-by: Peter Marko <peter.ma...@siemens.com>
---
 .../recipes-devtools/python/python3-grpcio-tools_1.70.0.bb      | 2 ++
 meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb 
b/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
index e295e0329e..8af6bb5714 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio-tools_1.70.0.bb
@@ -20,3 +20,5 @@ SRC_URI[sha256sum] = 
"e578fee7c1c213c8e471750d92631d00f178a15479fb2cb3b939a07fc1
 RDEPENDS:${PN} = "python3-grpcio"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT += "grpc:grpc"
diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb 
b/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
index bebfa51be1..c9edc1d541 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.70.0.bb
@@ -35,3 +35,5 @@ CLEANBROKEN = "1"
 BBCLASSEXTEND = "native nativesdk"
 
 CCACHE_DISABLE = "1"
+
+CVE_PRODUCT += "grpc:grpc"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#115490): 
https://lists.openembedded.org/g/openembedded-devel/message/115490
Mute This Topic: https://lists.openembedded.org/mt/111186650/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to