[Buildroot] [git commit] package: drop _CPE_ID_VALID, use _CPE_ID_VENDOR
Peter Korsgaard
peter at korsgaard.com
Sat Mar 6 16:18:07 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=b9db38d370dcd22c077d0ebb6ab8eb20f0196faa
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
Cc: Matthew Weber <matthew.weber at rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice at gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/asn1c/asn1c.mk | 2 +-
package/atftp/atftp.mk | 2 +-
package/atop/atop.mk | 2 +-
package/attr/attr.mk | 2 +-
package/axel/axel.mk | 2 +-
package/bdwgc/bdwgc.mk | 2 +-
package/beecrypt/beecrypt.mk | 2 +-
package/botan/botan.mk | 2 +-
package/c-icap/c-icap.mk | 2 +-
package/civetweb/civetweb.mk | 2 +-
package/cjson/cjson.mk | 2 +-
package/cryptsetup/cryptsetup.mk | 2 +-
package/dosfstools/dosfstools.mk | 2 +-
package/e2fsprogs/e2fsprogs.mk | 2 +-
package/elfutils/elfutils.mk | 2 +-
package/file/file.mk | 2 +-
package/flac/flac.mk | 2 +-
package/flex/flex.mk | 2 +-
package/fontconfig/fontconfig.mk | 2 +-
package/giflib/giflib.mk | 2 +-
package/gnuplot/gnuplot.mk | 2 +-
package/harfbuzz/harfbuzz.mk | 2 +-
package/heimdal/heimdal.mk | 2 +-
package/ipmitool/ipmitool.mk | 2 +-
package/iucode-tool/iucode-tool.mk | 2 +-
package/jansson/jansson.mk | 2 +-
package/jasper/jasper.mk | 2 +-
package/jhead/jhead.mk | 2 +-
package/jq/jq.mk | 2 +-
package/json-c/json-c.mk | 2 +-
package/jsoncpp/jsoncpp.mk | 2 +-
package/lame/lame.mk | 2 +-
package/lftp/lftp.mk | 2 +-
package/libass/libass.mk | 2 +-
package/libcap-ng/libcap-ng.mk | 2 +-
package/libconfuse/libconfuse.mk | 2 +-
package/libesmtp/libesmtp.mk | 2 +-
package/libevent/libevent.mk | 2 +-
package/libexif/libexif.mk | 2 +-
package/libgit2/libgit2.mk | 2 +-
package/libksba/libksba.mk | 2 +-
package/librsync/librsync.mk | 2 +-
package/libseccomp/libseccomp.mk | 2 +-
package/libsndfile/libsndfile.mk | 2 +-
package/libtirpc/libtirpc.mk | 2 +-
package/libupnp/libupnp.mk | 2 +-
package/libvncserver/libvncserver.mk | 2 +-
package/logrotate/logrotate.mk | 2 +-
package/lzo/lzo.mk | 2 +-
package/matio/matio.mk | 2 +-
package/minicom/minicom.mk | 2 +-
package/ncmpc/ncmpc.mk | 2 +-
package/netatalk/netatalk.mk | 2 +-
package/netcat/netcat.mk | 2 +-
package/nettle/nettle.mk | 2 +-
package/oniguruma/oniguruma.mk | 2 +-
package/openrc/openrc.mk | 2 +-
package/p11-kit/p11-kit.mk | 2 +-
package/polkit/polkit.mk | 2 +-
package/powerpc-utils/powerpc-utils.mk | 2 +-
package/procps-ng/procps-ng.mk | 2 +-
package/rabbitmq-c/rabbitmq-c.mk | 2 +-
package/rhash/rhash.mk | 2 +-
package/rpcbind/rpcbind.mk | 2 +-
package/rtmpdump/rtmpdump.mk | 2 +-
package/sane-backends/sane-backends.mk | 2 +-
package/spice/spice.mk | 2 +-
package/squashfs/squashfs.mk | 2 +-
package/strace/strace.mk | 2 +-
package/sysklogd/sysklogd.mk | 2 +-
package/tmux/tmux.mk | 2 +-
package/unzip/unzip.mk | 2 +-
package/upx/upx.mk | 2 +-
package/valijson/valijson.mk | 2 +-
package/vsftpd/vsftpd.mk | 2 +-
package/x11vnc/x11vnc.mk | 2 +-
package/xscreensaver/xscreensaver.mk | 2 +-
package/yaml-cpp/yaml-cpp.mk | 2 +-
package/zziplib/zziplib.mk | 2 +-
.../tests/core/cpeid-br2-external/package/cpe-id-pkg3/cpe-id-pkg3.mk | 2 +-
support/testing/tests/core/test_cpeid.py | 2 +-
81 files changed, 81 insertions(+), 81 deletions(-)
diff --git a/package/asn1c/asn1c.mk b/package/asn1c/asn1c.mk
index e76a9f84fd..a5fb9ccf1b 100644
--- a/package/asn1c/asn1c.mk
+++ b/package/asn1c/asn1c.mk
@@ -8,6 +8,6 @@ ASN1C_VERSION = 0.9.28
ASN1C_SITE = https://github.com/vlm/asn1c/releases/download/v$(ASN1C_VERSION)
ASN1C_LICENSE = BSD-2-Clause
ASN1C_LICENSE_FILES = LICENSE
-ASN1C_CPE_ID_VALID = YES
+ASN1C_CPE_ID_VENDOR = asn1c_project
$(eval $(host-autotools-package))
diff --git a/package/atftp/atftp.mk b/package/atftp/atftp.mk
index de67a4c680..a2df4af056 100644
--- a/package/atftp/atftp.mk
+++ b/package/atftp/atftp.mk
@@ -8,7 +8,7 @@ ATFTP_VERSION = 0.7.4
ATFTP_SITE = http://sourceforge.net/projects/atftp/files
ATFTP_LICENSE = GPL-2.0+
ATFTP_LICENSE_FILES = LICENSE
-ATFTP_CPE_ID_VALID = YES
+ATFTP_CPE_ID_VENDOR = atftp_project
ATFTP_CONF_OPTS = --disable-libwrap --disable-mtftp
# For static we need to explicitly link against libpthread
ATFTP_LIBS = -lpthread
diff --git a/package/atop/atop.mk b/package/atop/atop.mk
index acbaf2995a..88f292b6b3 100644
--- a/package/atop/atop.mk
+++ b/package/atop/atop.mk
@@ -8,7 +8,7 @@ ATOP_VERSION = 2.6.0
ATOP_SITE = http://www.atoptool.nl/download
ATOP_LICENSE = GPL-2.0+
ATOP_LICENSE_FILES = COPYING
-ATOP_CPE_ID_VALID = YES
+ATOP_CPE_ID_VENDOR = atop_project
ATOP_DEPENDENCIES = ncurses zlib
ATOP_CFLAGS = $(TARGET_CFLAGS)
diff --git a/package/attr/attr.mk b/package/attr/attr.mk
index 13f3f0db3d..b6b46453c7 100644
--- a/package/attr/attr.mk
+++ b/package/attr/attr.mk
@@ -8,7 +8,7 @@ ATTR_VERSION = 2.4.48
ATTR_SITE = http://download.savannah.gnu.org/releases/attr
ATTR_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
ATTR_LICENSE_FILES = doc/COPYING doc/COPYING.LGPL
-ATTR_CPE_ID_VALID = YES
+ATTR_CPE_ID_VENDOR = attr_project
ATTR_INSTALL_STAGING = YES
diff --git a/package/axel/axel.mk b/package/axel/axel.mk
index 8dbf277b88..8e3d7679e7 100644
--- a/package/axel/axel.mk
+++ b/package/axel/axel.mk
@@ -9,7 +9,7 @@ AXEL_SITE = https://github.com/axel-download-accelerator/axel/releases/download/
AXEL_SOURCE = axel-$(AXEL_VERSION).tar.xz
AXEL_LICENSE = GPL-2.0+
AXEL_LICENSE_FILES = COPYING
-AXEL_CPE_ID_VALID = YES
+AXEL_CPE_ID_VENDOR = axel_project
AXEL_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
# ac_cv_prog_cc_c99 is required for BR2_USE_WCHAR=n because the C99 test
diff --git a/package/bdwgc/bdwgc.mk b/package/bdwgc/bdwgc.mk
index 4a720dbfd8..57dd82cab4 100644
--- a/package/bdwgc/bdwgc.mk
+++ b/package/bdwgc/bdwgc.mk
@@ -10,7 +10,7 @@ BDWGC_SITE = http://www.hboehm.info/gc/gc_source
BDWGC_INSTALL_STAGING = YES
BDWGC_LICENSE = bdwgc license
BDWGC_LICENSE_FILES = README.QUICK
-BDWGC_CPE_ID_VALID = YES
+BDWGC_CPE_ID_VENDOR = bdwgc_project
BDWGC_DEPENDENCIES = libatomic_ops host-pkgconf
HOST_BDWGC_DEPENDENCIES = host-libatomic_ops host-pkgconf
diff --git a/package/beecrypt/beecrypt.mk b/package/beecrypt/beecrypt.mk
index 20e1a122d0..78c3c2ebb1 100644
--- a/package/beecrypt/beecrypt.mk
+++ b/package/beecrypt/beecrypt.mk
@@ -10,7 +10,7 @@ BEECRYPT_AUTORECONF = YES
BEECRYPT_INSTALL_STAGING = YES
BEECRYPT_LICENSE = LGPL-2.1+
BEECRYPT_LICENSE_FILES = COPYING.LIB
-BEECRYPT_CPE_ID_VALID = YES
+BEECRYPT_CPE_ID_VENDOR = beecrypt_project
BEECRYPT_CONF_OPTS = \
--disable-expert-mode \
diff --git a/package/botan/botan.mk b/package/botan/botan.mk
index c3af4a45d8..2e3f99b49b 100644
--- a/package/botan/botan.mk
+++ b/package/botan/botan.mk
@@ -9,7 +9,7 @@ BOTAN_SOURCE = Botan-$(BOTAN_VERSION).tar.xz
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause
BOTAN_LICENSE_FILES = license.txt
-BOTAN_CPE_ID_VALID = YES
+BOTAN_CPE_ID_VENDOR = botan_project
BOTAN_INSTALL_STAGING = YES
diff --git a/package/c-icap/c-icap.mk b/package/c-icap/c-icap.mk
index 5548fb4b97..fb66c75e61 100644
--- a/package/c-icap/c-icap.mk
+++ b/package/c-icap/c-icap.mk
@@ -9,7 +9,7 @@ C_ICAP_SOURCE = c_icap-$(C_ICAP_VERSION).tar.gz
C_ICAP_SITE = http://downloads.sourceforge.net/c-icap
C_ICAP_LICENSE = LGPL-2.1+
C_ICAP_LICENSE_FILES = COPYING
-C_ICAP_CPE_ID_VALID = YES
+C_ICAP_CPE_ID_VENDOR = c-icap_project
C_ICAP_INSTALL_STAGING = YES
C_ICAP_CONFIG_SCRIPTS = c-icap-config c-icap-libicapapi-config
C_ICAP_CONF_OPTS = \
diff --git a/package/civetweb/civetweb.mk b/package/civetweb/civetweb.mk
index 2cabee3736..94fbb4f9d8 100644
--- a/package/civetweb/civetweb.mk
+++ b/package/civetweb/civetweb.mk
@@ -8,7 +8,7 @@ CIVETWEB_VERSION = 1.13
CIVETWEB_SITE = $(call github,civetweb,civetweb,v$(CIVETWEB_VERSION))
CIVETWEB_LICENSE = MIT
CIVETWEB_LICENSE_FILES = LICENSE.md
-CIVETWEB_CPE_ID_VALID = YES
+CIVETWEB_CPE_ID_VENDOR = civetweb_project
CIVETWEB_CONF_OPTS = TARGET_OS=LINUX WITH_IPV6=1 \
$(if $(BR2_INSTALL_LIBSTDCPP),WITH_CPP=1)
diff --git a/package/cjson/cjson.mk b/package/cjson/cjson.mk
index 4bfab3b646..47f8ecfd15 100644
--- a/package/cjson/cjson.mk
+++ b/package/cjson/cjson.mk
@@ -9,7 +9,7 @@ CJSON_SITE = $(call github,DaveGamble,cjson,v$(CJSON_VERSION))
CJSON_INSTALL_STAGING = YES
CJSON_LICENSE = MIT
CJSON_LICENSE_FILES = LICENSE
-CJSON_CPE_ID_VALID = YES
+CJSON_CPE_ID_VENDOR = cjson_project
# Set ENABLE_CUSTOM_COMPILER_FLAGS to OFF in particular to disable
# -fstack-protector-strong which depends on BR2_TOOLCHAIN_HAS_SSP
CJSON_CONF_OPTS += \
diff --git a/package/cryptsetup/cryptsetup.mk b/package/cryptsetup/cryptsetup.mk
index 34981282b2..719885b59c 100644
--- a/package/cryptsetup/cryptsetup.mk
+++ b/package/cryptsetup/cryptsetup.mk
@@ -15,7 +15,7 @@ CRYPTSETUP_DEPENDENCIES = \
$(TARGET_NLS_DEPENDENCIES)
CRYPTSETUP_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (library)
CRYPTSETUP_LICENSE_FILES = COPYING COPYING.LGPL
-CRYPTSETUP_CPE_ID_VALID = YES
+CRYPTSETUP_CPE_ID_VENDOR = cryptsetup_project
CRYPTSETUP_INSTALL_STAGING = YES
CRYPTSETUP_CONF_ENV += LDFLAGS="$(TARGET_LDFLAGS) $(TARGET_NLS_LIBS)"
CRYPTSETUP_CONF_OPTS += --enable-blkid --enable-libargon2
diff --git a/package/dosfstools/dosfstools.mk b/package/dosfstools/dosfstools.mk
index b876649b90..b5da490dbd 100644
--- a/package/dosfstools/dosfstools.mk
+++ b/package/dosfstools/dosfstools.mk
@@ -9,7 +9,7 @@ DOSFSTOOLS_SOURCE = dosfstools-$(DOSFSTOOLS_VERSION).tar.xz
DOSFSTOOLS_SITE = https://github.com/dosfstools/dosfstools/releases/download/v$(DOSFSTOOLS_VERSION)
DOSFSTOOLS_LICENSE = GPL-3.0+
DOSFSTOOLS_LICENSE_FILES = COPYING
-DOSFSTOOLS_CPE_ID_VALID = YES
+DOSFSTOOLS_CPE_ID_VENDOR = dosfstools_project
DOSFSTOOLS_CONF_OPTS = --enable-compat-symlinks --exec-prefix=/
HOST_DOSFSTOOLS_CONF_OPTS = --enable-compat-symlinks
diff --git a/package/e2fsprogs/e2fsprogs.mk b/package/e2fsprogs/e2fsprogs.mk
index e2d6263c4e..eb127b42d3 100644
--- a/package/e2fsprogs/e2fsprogs.mk
+++ b/package/e2fsprogs/e2fsprogs.mk
@@ -9,7 +9,7 @@ E2FSPROGS_SOURCE = e2fsprogs-$(E2FSPROGS_VERSION).tar.xz
E2FSPROGS_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/people/tytso/e2fsprogs/v$(E2FSPROGS_VERSION)
E2FSPROGS_LICENSE = GPL-2.0, MIT-like with advertising clause (libss and libet)
E2FSPROGS_LICENSE_FILES = NOTICE lib/ss/mit-sipb-copyright.h lib/et/internal.h
-E2FSPROGS_CPE_ID_VALID = YES
+E2FSPROGS_CPE_ID_VENDOR = e2fsprogs_project
E2FSPROGS_INSTALL_STAGING = YES
# Use libblkid and libuuid from util-linux for host and target packages.
diff --git a/package/elfutils/elfutils.mk b/package/elfutils/elfutils.mk
index e52e38b16e..b76b06bcb3 100644
--- a/package/elfutils/elfutils.mk
+++ b/package/elfutils/elfutils.mk
@@ -10,7 +10,7 @@ ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
ELFUTILS_INSTALL_STAGING = YES
ELFUTILS_LICENSE = GPL-2.0+ or LGPL-3.0+ (library)
ELFUTILS_LICENSE_FILES = COPYING COPYING-GPLV2 COPYING-LGPLV3
-ELFUTILS_CPE_ID_VALID = YES
+ELFUTILS_CPE_ID_VENDOR = elfutils_project
ELFUTILS_DEPENDENCIES = host-pkgconf zlib $(TARGET_NLS_DEPENDENCIES)
HOST_ELFUTILS_DEPENDENCIES = host-pkgconf host-zlib host-bzip2 host-xz
diff --git a/package/file/file.mk b/package/file/file.mk
index fa7daa8e07..c41a8eb3a4 100644
--- a/package/file/file.mk
+++ b/package/file/file.mk
@@ -12,7 +12,7 @@ FILE_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
FILE_INSTALL_STAGING = YES
FILE_LICENSE = BSD-2-Clause, BSD-4-Clause (one file), BSD-3-Clause (one file)
FILE_LICENSE_FILES = COPYING src/mygetopt.h src/vasprintf.c
-FILE_CPE_ID_VALID = YES
+FILE_CPE_ID_VENDOR = file_project
# We're patching configure.ac
FILE_AUTORECONF = YES
HOST_FILE_CONF_OPTS = --disable-libseccomp
diff --git a/package/flac/flac.mk b/package/flac/flac.mk
index 15d4eefb37..880c176f6e 100644
--- a/package/flac/flac.mk
+++ b/package/flac/flac.mk
@@ -11,7 +11,7 @@ FLAC_INSTALL_STAGING = YES
FLAC_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv)
FLAC_LICENSE = Xiph BSD-like (libFLAC), GPL-2.0+ (tools), LGPL-2.1+ (other libraries)
FLAC_LICENSE_FILES = COPYING.Xiph COPYING.GPL COPYING.LGPL
-FLAC_CPE_ID_VALID = YES
+FLAC_CPE_ID_VENDOR = flac_project
# patch touching configure.ac
FLAC_AUTORECONF = YES
diff --git a/package/flex/flex.mk b/package/flex/flex.mk
index 52a15ca497..2d00969662 100644
--- a/package/flex/flex.mk
+++ b/package/flex/flex.mk
@@ -9,7 +9,7 @@ FLEX_SITE = https://github.com/westes/flex/files/981163
FLEX_INSTALL_STAGING = YES
FLEX_LICENSE = FLEX
FLEX_LICENSE_FILES = COPYING
-FLEX_CPE_ID_VALID = YES
+FLEX_CPE_ID_VENDOR = flex_project
FLEX_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-m4
HOST_FLEX_DEPENDENCIES = host-m4
diff --git a/package/fontconfig/fontconfig.mk b/package/fontconfig/fontconfig.mk
index 0c15e89313..33218ed639 100644
--- a/package/fontconfig/fontconfig.mk
+++ b/package/fontconfig/fontconfig.mk
@@ -15,7 +15,7 @@ HOST_FONTCONFIG_DEPENDENCIES = \
host-freetype host-expat host-pkgconf host-gperf host-util-linux
FONTCONFIG_LICENSE = fontconfig license
FONTCONFIG_LICENSE_FILES = COPYING
-FONTCONFIG_CPE_ID_VALID = YES
+FONTCONFIG_CPE_ID_VENDOR = fontconfig_project
FONTCONFIG_CONF_OPTS = \
--with-arch=$(GNU_TARGET_NAME) \
diff --git a/package/giflib/giflib.mk b/package/giflib/giflib.mk
index 9b4f602db6..d47edfaa8b 100644
--- a/package/giflib/giflib.mk
+++ b/package/giflib/giflib.mk
@@ -9,7 +9,7 @@ GIFLIB_SITE = http://downloads.sourceforge.net/project/giflib
GIFLIB_INSTALL_STAGING = YES
GIFLIB_LICENSE = MIT
GIFLIB_LICENSE_FILES = COPYING
-GIFLIB_CPE_ID_VALID = YES
+GIFLIB_CPE_ID_VENDOR = giflib_project
ifeq ($(BR2_STATIC_LIBS),y)
GIFLIB_BUILD_LIBS = static-lib
diff --git a/package/gnuplot/gnuplot.mk b/package/gnuplot/gnuplot.mk
index 8d096c6102..9a72a47144 100644
--- a/package/gnuplot/gnuplot.mk
+++ b/package/gnuplot/gnuplot.mk
@@ -8,7 +8,7 @@ GNUPLOT_VERSION = 5.4.1
GNUPLOT_SITE = http://downloads.sourceforge.net/project/gnuplot/gnuplot/$(GNUPLOT_VERSION)
GNUPLOT_LICENSE = gnuplot license (open source)
GNUPLOT_LICENSE_FILES = Copyright
-GNUPLOT_CPE_ID_VALID = YES
+GNUPLOT_CPE_ID_VENDOR = gnuplot_project
GNUPLOT_AUTORECONF = YES
diff --git a/package/harfbuzz/harfbuzz.mk b/package/harfbuzz/harfbuzz.mk
index 28771118a1..f1ef7ee953 100644
--- a/package/harfbuzz/harfbuzz.mk
+++ b/package/harfbuzz/harfbuzz.mk
@@ -9,7 +9,7 @@ HARFBUZZ_SITE = https://github.com/harfbuzz/harfbuzz/releases/download/$(HARFBUZ
HARFBUZZ_SOURCE = harfbuzz-$(HARFBUZZ_VERSION).tar.xz
HARFBUZZ_LICENSE = MIT, ISC (ucdn library)
HARFBUZZ_LICENSE_FILES = COPYING
-HARFBUZZ_CPE_ID_VALID = YES
+HARFBUZZ_CPE_ID_VENDOR = harfbuzz_project
HARFBUZZ_INSTALL_STAGING = YES
HARFBUZZ_CONF_OPTS = \
-Dfontconfig=disabled \
diff --git a/package/heimdal/heimdal.mk b/package/heimdal/heimdal.mk
index b72778f396..9a1a68f046 100644
--- a/package/heimdal/heimdal.mk
+++ b/package/heimdal/heimdal.mk
@@ -31,7 +31,7 @@ HOST_HEIMDAL_CONF_OPTS = \
HOST_HEIMDAL_CONF_ENV = MAKEINFO=true
HEIMDAL_LICENSE = BSD-3-Clause
HEIMDAL_LICENSE_FILES = LICENSE
-HEIMDAL_CPE_ID_VALID = YES
+HEIMDAL_CPE_ID_VENDOR = heimdal_project
# We need asn1_compile in the PATH for samba4
define HOST_HEIMDAL_MAKE_SYMLINK
diff --git a/package/ipmitool/ipmitool.mk b/package/ipmitool/ipmitool.mk
index 29a0476589..facd97a0b8 100644
--- a/package/ipmitool/ipmitool.mk
+++ b/package/ipmitool/ipmitool.mk
@@ -9,7 +9,7 @@ IPMITOOL_SOURCE = ipmitool-$(IPMITOOL_VERSION).tar.bz2
IPMITOOL_SITE = http://downloads.sourceforge.net/project/ipmitool/ipmitool/$(IPMITOOL_VERSION)
IPMITOOL_LICENSE = BSD-3-Clause
IPMITOOL_LICENSE_FILES = COPYING
-IPMITOOL_CPE_ID_VALID = YES
+IPMITOOL_CPE_ID_VENDOR = ipmitool_project
# 0008-fru-Fix-buffer-overflow-vulnerabilities.patch
# 0009-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
diff --git a/package/iucode-tool/iucode-tool.mk b/package/iucode-tool/iucode-tool.mk
index 64229ccc0f..568692c46c 100644
--- a/package/iucode-tool/iucode-tool.mk
+++ b/package/iucode-tool/iucode-tool.mk
@@ -12,7 +12,7 @@ IUCODE_TOOL_DEPENDENCIES = argp-standalone
endif
IUCODE_TOOL_LICENSE = GPL-2.0+
IUCODE_TOOL_LICENSE_FILES = COPYING
-IUCODE_TOOL_CPE_ID_VALID = YES
+IUCODE_TOOL_CPE_ID_VENDOR = iucode-tool_project
define IUCODE_TOOL_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/iucode-tool/S00iucode-tool \
diff --git a/package/jansson/jansson.mk b/package/jansson/jansson.mk
index 4ac64b69ef..2761ce9b16 100644
--- a/package/jansson/jansson.mk
+++ b/package/jansson/jansson.mk
@@ -8,7 +8,7 @@ JANSSON_VERSION = 2.13.1
JANSSON_SITE = http://www.digip.org/jansson/releases
JANSSON_LICENSE = MIT
JANSSON_LICENSE_FILES = LICENSE
-JANSSON_CPE_ID_VALID = YES
+JANSSON_CPE_ID_VENDOR = jansson_project
JANSSON_INSTALL_STAGING = YES
JANSSON_CONF_ENV = LIBS="-lm"
diff --git a/package/jasper/jasper.mk b/package/jasper/jasper.mk
index bc66f11057..b9cbe5749b 100644
--- a/package/jasper/jasper.mk
+++ b/package/jasper/jasper.mk
@@ -9,7 +9,7 @@ JASPER_SITE = $(call github,jasper-software,jasper,version-$(JASPER_VERSION))
JASPER_INSTALL_STAGING = YES
JASPER_LICENSE = JasPer-2.0
JASPER_LICENSE_FILES = LICENSE
-JASPER_CPE_ID_VALID = YES
+JASPER_CPE_ID_VENDOR = jasper_project
JASPER_SUPPORTS_IN_SOURCE_BUILD = NO
JASPER_CONF_OPTS = \
-DCMAKE_DISABLE_FIND_PACKAGE_DOXYGEN=TRUE \
diff --git a/package/jhead/jhead.mk b/package/jhead/jhead.mk
index 9c0d4d1237..49cb03da61 100644
--- a/package/jhead/jhead.mk
+++ b/package/jhead/jhead.mk
@@ -8,7 +8,7 @@ JHEAD_VERSION = 3.04
JHEAD_SITE = http://www.sentex.net/~mwandel/jhead
JHEAD_LICENSE = Public Domain
JHEAD_LICENSE_FILES = readme.txt
-JHEAD_CPE_ID_VALID = YES
+JHEAD_CPE_ID_VENDOR = jhead_project
define JHEAD_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
diff --git a/package/jq/jq.mk b/package/jq/jq.mk
index 0aab55d089..7f890f8998 100644
--- a/package/jq/jq.mk
+++ b/package/jq/jq.mk
@@ -8,7 +8,7 @@ JQ_VERSION = a17dd3248a666d01be75f6b16be37e80e20b0954
JQ_SITE = $(call github,stedolan,jq,$(JQ_VERSION))
JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
JQ_LICENSE_FILES = COPYING
-JQ_CPE_ID_VALID = YES
+JQ_CPE_ID_VENDOR = jq_project
JQ_INSTALL_STAGING = YES
# currently using git version directly
diff --git a/package/json-c/json-c.mk b/package/json-c/json-c.mk
index a55831432a..3639bad25a 100644
--- a/package/json-c/json-c.mk
+++ b/package/json-c/json-c.mk
@@ -9,7 +9,7 @@ JSON_C_SITE = https://s3.amazonaws.com/json-c_releases/releases
JSON_C_INSTALL_STAGING = YES
JSON_C_LICENSE = MIT
JSON_C_LICENSE_FILES = COPYING
-JSON_C_CPE_ID_VALID = YES
+JSON_C_CPE_ID_VENDOR = json-c_project
$(eval $(cmake-package))
$(eval $(host-cmake-package))
diff --git a/package/jsoncpp/jsoncpp.mk b/package/jsoncpp/jsoncpp.mk
index a8d863a3ed..829459df4d 100644
--- a/package/jsoncpp/jsoncpp.mk
+++ b/package/jsoncpp/jsoncpp.mk
@@ -8,7 +8,7 @@ JSONCPP_VERSION = 1.9.4
JSONCPP_SITE = $(call github,open-source-parsers,jsoncpp,$(JSONCPP_VERSION))
JSONCPP_LICENSE = Public Domain or MIT
JSONCPP_LICENSE_FILES = LICENSE
-JSONCPP_CPE_ID_VALID = YES
+JSONCPP_CPE_ID_VENDOR = jsoncpp_project
JSONCPP_INSTALL_STAGING = YES
JSONCPP_CONF_OPTS = -Dtests=false
diff --git a/package/lame/lame.mk b/package/lame/lame.mk
index 206e4407c9..3a57cffe3d 100644
--- a/package/lame/lame.mk
+++ b/package/lame/lame.mk
@@ -12,7 +12,7 @@ LAME_CONF_ENV = GTK_CONFIG=/bin/false
LAME_CONF_OPTS = --enable-dynamic-frontends
LAME_LICENSE = LGPL-2.0+
LAME_LICENSE_FILES = COPYING
-LAME_CPE_ID_VALID = YES
+LAME_CPE_ID_VENDOR = lame_project
ifeq ($(BR2_PACKAGE_LIBSNDFILE),y)
LAME_DEPENDENCIES += libsndfile
diff --git a/package/lftp/lftp.mk b/package/lftp/lftp.mk
index 483ca298cd..00b33b91fb 100644
--- a/package/lftp/lftp.mk
+++ b/package/lftp/lftp.mk
@@ -9,7 +9,7 @@ LFTP_SOURCE = lftp-$(LFTP_VERSION).tar.xz
LFTP_SITE = http://lftp.yar.ru/ftp
LFTP_LICENSE = GPL-3.0+
LFTP_LICENSE_FILES = COPYING
-LFTP_CPE_ID_VALID = YES
+LFTP_CPE_ID_VENDOR = lftp_project
LFTP_DEPENDENCIES = readline zlib host-pkgconf
# Help lftp finding readline and zlib
diff --git a/package/libass/libass.mk b/package/libass/libass.mk
index 8bdfd9dd40..48e70a52c5 100644
--- a/package/libass/libass.mk
+++ b/package/libass/libass.mk
@@ -12,7 +12,7 @@ LIBASS_SITE = https://github.com/libass/libass/releases/download/$(LIBASS_VERSIO
LIBASS_INSTALL_STAGING = YES
LIBASS_LICENSE = ISC
LIBASS_LICENSE_FILES = COPYING
-LIBASS_CPE_ID_VALID = YES
+LIBASS_CPE_ID_VENDOR = libass_project
LIBASS_DEPENDENCIES = \
host-pkgconf \
freetype \
diff --git a/package/libcap-ng/libcap-ng.mk b/package/libcap-ng/libcap-ng.mk
index d4c9336e2b..4fb0cf4777 100644
--- a/package/libcap-ng/libcap-ng.mk
+++ b/package/libcap-ng/libcap-ng.mk
@@ -8,7 +8,7 @@ LIBCAP_NG_VERSION = 0.8.2
LIBCAP_NG_SITE = http://people.redhat.com/sgrubb/libcap-ng
LIBCAP_NG_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (library)
LIBCAP_NG_LICENSE_FILES = COPYING COPYING.LIB
-LIBCAP_NG_CPE_ID_VALID = YES
+LIBCAP_NG_CPE_ID_VENDOR = libcap-ng_project
LIBCAP_NG_INSTALL_STAGING = YES
LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
diff --git a/package/libconfuse/libconfuse.mk b/package/libconfuse/libconfuse.mk
index b4523d069c..2beb0e4fbf 100644
--- a/package/libconfuse/libconfuse.mk
+++ b/package/libconfuse/libconfuse.mk
@@ -11,7 +11,7 @@ LIBCONFUSE_INSTALL_STAGING = YES
LIBCONFUSE_CONF_OPTS = --disable-rpath
LIBCONFUSE_LICENSE = ISC
LIBCONFUSE_LICENSE_FILES = LICENSE
-LIBCONFUSE_CPE_ID_VALID = YES
+LIBCONFUSE_CPE_ID_VENDOR = libconfuse_project
LIBCONFUSE_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
$(eval $(autotools-package))
diff --git a/package/libesmtp/libesmtp.mk b/package/libesmtp/libesmtp.mk
index ad896fc943..dcffaceddc 100644
--- a/package/libesmtp/libesmtp.mk
+++ b/package/libesmtp/libesmtp.mk
@@ -12,6 +12,6 @@ LIBESMTP_CONFIG_SCRIPTS = libesmtp-config
LIBESMTP_DEPENDENCIES = $(if $(BR2_PACKAGE_OPENSSL),openssl)
LIBESMTP_LICENSE = GPL-2.0+ (examples), LGPL-2.1+ (library)
LIBESMTP_LICENSE_FILES = COPYING COPYING.LIB
-LIBESMTP_CPE_ID_VALID = YES
+LIBESMTP_CPE_ID_VENDOR = libesmtp_project
$(eval $(autotools-package))
diff --git a/package/libevent/libevent.mk b/package/libevent/libevent.mk
index 1e34094e25..93ba88ca88 100644
--- a/package/libevent/libevent.mk
+++ b/package/libevent/libevent.mk
@@ -10,7 +10,7 @@ LIBEVENT_SOURCE = libevent-$(LIBEVENT_VERSION)-stable.tar.gz
LIBEVENT_INSTALL_STAGING = YES
LIBEVENT_LICENSE = BSD-3-Clause, OpenBSD
LIBEVENT_LICENSE_FILES = LICENSE
-LIBEVENT_CPE_ID_VALID = YES
+LIBEVENT_CPE_ID_VENDOR = libevent_project
LIBEVENT_CONF_OPTS = \
--disable-libevent-regress \
--disable-samples
diff --git a/package/libexif/libexif.mk b/package/libexif/libexif.mk
index 9d29cbf590..9a25e90d26 100644
--- a/package/libexif/libexif.mk
+++ b/package/libexif/libexif.mk
@@ -12,7 +12,7 @@ LIBEXIF_INSTALL_STAGING = YES
LIBEXIF_DEPENDENCIES = host-pkgconf
LIBEXIF_LICENSE = LGPL-2.1+
LIBEXIF_LICENSE_FILES = COPYING
-LIBEXIF_CPE_ID_VALID = YES
+LIBEXIF_CPE_ID_VENDOR = libexif_project
# 0001-fixed-another-unsigned-integer-overflow.patch
LIBEXIF_IGNORE_CVES += CVE-2020-0198
# 0002-fixed-a-incorrect-overflow-check.patch
diff --git a/package/libgit2/libgit2.mk b/package/libgit2/libgit2.mk
index 14709a0939..e5d17fa3dd 100644
--- a/package/libgit2/libgit2.mk
+++ b/package/libgit2/libgit2.mk
@@ -8,7 +8,7 @@ LIBGIT2_VERSION = 1.1.0
LIBGIT2_SITE = https://github.com/libgit2/libgit2/releases/download/v$(LIBGIT2_VERSION)
LIBGIT2_LICENSE = GPL-2.0 with linking exception, MIT (sha1), wildmatch license (wildmatch)
LIBGIT2_LICENSE_FILES = COPYING
-LIBGIT2_CPE_ID_VALID = YES
+LIBGIT2_CPE_ID_VENDOR = libgit2_project
LIBGIT2_INSTALL_STAGING = YES
LIBGIT2_CONF_OPTS = \
diff --git a/package/libksba/libksba.mk b/package/libksba/libksba.mk
index 2ad9bee06d..bb02391a38 100644
--- a/package/libksba/libksba.mk
+++ b/package/libksba/libksba.mk
@@ -9,7 +9,7 @@ LIBKSBA_SOURCE = libksba-$(LIBKSBA_VERSION).tar.bz2
LIBKSBA_SITE = ftp://ftp.gnupg.org/gcrypt/libksba
LIBKSBA_LICENSE = LGPL-3.0+ or GPL-2.0+ (library, headers), GPL-3.0+ (manual, tests, build system)
LIBKSBA_LICENSE_FILES = AUTHORS COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv3
-LIBKSBA_CPE_ID_VALID = YES
+LIBKSBA_CPE_ID_VENDOR = libksba_project
LIBKSBA_INSTALL_STAGING = YES
LIBKSBA_DEPENDENCIES = libgpg-error
LIBKSBA_CONF_OPTS = --with-gpg-error-prefix=$(STAGING_DIR)/usr
diff --git a/package/librsync/librsync.mk b/package/librsync/librsync.mk
index fd9eefe129..bb36cb657c 100644
--- a/package/librsync/librsync.mk
+++ b/package/librsync/librsync.mk
@@ -8,7 +8,7 @@ LIBRSYNC_VERSION = 2.3.1
LIBRSYNC_SITE = $(call github,librsync,librsync,v$(LIBRSYNC_VERSION))
LIBRSYNC_LICENSE = LGPL-2.1+
LIBRSYNC_LICENSE_FILES = COPYING
-LIBRSYNC_CPE_ID_VALID = YES
+LIBRSYNC_CPE_ID_VENDOR = librsync_project
LIBRSYNC_INSTALL_STAGING = YES
LIBRSYNC_DEPENDENCIES = host-pkgconf zlib bzip2 popt
diff --git a/package/libseccomp/libseccomp.mk b/package/libseccomp/libseccomp.mk
index 33ef14a3d8..e7512730d5 100644
--- a/package/libseccomp/libseccomp.mk
+++ b/package/libseccomp/libseccomp.mk
@@ -8,7 +8,7 @@ LIBSECCOMP_VERSION = 2.4.4
LIBSECCOMP_SITE = https://github.com/seccomp/libseccomp/releases/download/v$(LIBSECCOMP_VERSION)
LIBSECCOMP_LICENSE = LGPL-2.1
LIBSECCOMP_LICENSE_FILES = LICENSE
-LIBSECCOMP_CPE_ID_VALID = YES
+LIBSECCOMP_CPE_ID_VENDOR = libseccomp_project
LIBSECCOMP_INSTALL_STAGING = YES
$(eval $(autotools-package))
diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
index cdaa01de35..eb15426146 100644
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@@ -9,7 +9,7 @@ LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files
LIBSNDFILE_INSTALL_STAGING = YES
LIBSNDFILE_LICENSE = LGPL-2.1+
LIBSNDFILE_LICENSE_FILES = COPYING
-LIBSNDFILE_CPE_ID_VALID = YES
+LIBSNDFILE_CPE_ID_VENDOR = libsndfile_project
# 0001-double64_init-Check-psf-sf.channels-against-upper-bo.patch
LIBSNDFILE_IGNORE_CVES += CVE-2017-14634
diff --git a/package/libtirpc/libtirpc.mk b/package/libtirpc/libtirpc.mk
index e0c3d0e3f2..0f44aaffb6 100644
--- a/package/libtirpc/libtirpc.mk
+++ b/package/libtirpc/libtirpc.mk
@@ -9,7 +9,7 @@ LIBTIRPC_SOURCE = libtirpc-$(LIBTIRPC_VERSION).tar.bz2
LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
LIBTIRPC_LICENSE = BSD-3-Clause
LIBTIRPC_LICENSE_FILES = COPYING
-LIBTIRPC_CPE_ID_VALID = YES
+LIBTIRPC_CPE_ID_VENDOR = libtirpc_project
LIBTIRPC_DEPENDENCIES = host-nfs-utils
LIBTIRPC_INSTALL_STAGING = YES
diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
index ebc5e83765..0b36881e16 100644
--- a/package/libupnp/libupnp.mk
+++ b/package/libupnp/libupnp.mk
@@ -12,7 +12,7 @@ LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
LIBUPNP_INSTALL_STAGING = YES
LIBUPNP_LICENSE = BSD-3-Clause
LIBUPNP_LICENSE_FILES = COPYING
-LIBUPNP_CPE_ID_VALID = YES
+LIBUPNP_CPE_ID_VENDOR = libupnp_project
LIBUPNP_DEPENDENCIES = host-pkgconf
# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
diff --git a/package/libvncserver/libvncserver.mk b/package/libvncserver/libvncserver.mk
index db38e7d3cb..ead809d19c 100644
--- a/package/libvncserver/libvncserver.mk
+++ b/package/libvncserver/libvncserver.mk
@@ -9,7 +9,7 @@ LIBVNCSERVER_SOURCE = LibVNCServer-$(LIBVNCSERVER_VERSION).tar.gz
LIBVNCSERVER_SITE = https://github.com/LibVNC/libvncserver/archive
LIBVNCSERVER_LICENSE = GPL-2.0+
LIBVNCSERVER_LICENSE_FILES = COPYING
-LIBVNCSERVER_CPE_ID_VALID = YES
+LIBVNCSERVER_CPE_ID_VENDOR = libvncserver_project
LIBVNCSERVER_INSTALL_STAGING = YES
LIBVNCSERVER_DEPENDENCIES = host-pkgconf lzo
LIBVNCSERVER_CONF_OPTS = -DWITH_LZO=ON
diff --git a/package/logrotate/logrotate.mk b/package/logrotate/logrotate.mk
index ee2ab75095..df79da677e 100644
--- a/package/logrotate/logrotate.mk
+++ b/package/logrotate/logrotate.mk
@@ -9,7 +9,7 @@ LOGROTATE_SOURCE = logrotate-3.18.0.tar.xz
LOGROTATE_SITE = https://github.com/logrotate/logrotate/releases/download/$(LOGROTATE_VERSION)
LOGROTATE_LICENSE = GPL-2.0+
LOGROTATE_LICENSE_FILES = COPYING
-LOGROTATE_CPE_ID_VALID = YES
+LOGROTATE_CPE_ID_VENDOR = logrotate_project
LOGROTATE_DEPENDENCIES = popt host-pkgconf
LOGROTATE_CONF_ENV = LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs popt`"
diff --git a/package/lzo/lzo.mk b/package/lzo/lzo.mk
index 76c00615d5..0682d8d0ff 100644
--- a/package/lzo/lzo.mk
+++ b/package/lzo/lzo.mk
@@ -8,7 +8,7 @@ LZO_VERSION = 2.10
LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
LZO_LICENSE = GPL-2.0+
LZO_LICENSE_FILES = COPYING
-LZO_CPE_ID_VALID = YES
+LZO_CPE_ID_VENDOR = lzo_project
LZO_INSTALL_STAGING = YES
LZO_SUPPORTS_IN_SOURCE_BUILD = NO
diff --git a/package/matio/matio.mk b/package/matio/matio.mk
index eb83632746..0ebba13435 100644
--- a/package/matio/matio.mk
+++ b/package/matio/matio.mk
@@ -8,7 +8,7 @@ MATIO_VERSION = 1.5.18
MATIO_SITE = http://downloads.sourceforge.net/project/matio/matio/$(MATIO_VERSION)
MATIO_LICENSE = BSD-2-Clause
MATIO_LICENSE_FILES = COPYING
-MATIO_CPE_ID_VALID = YES
+MATIO_CPE_ID_VENDOR = matio_project
MATIO_DEPENDENCIES = zlib
MATIO_INSTALL_STAGING = YES
diff --git a/package/minicom/minicom.mk b/package/minicom/minicom.mk
index 7a8b2ef369..b81ee52120 100644
--- a/package/minicom/minicom.mk
+++ b/package/minicom/minicom.mk
@@ -10,7 +10,7 @@ MINICOM_SITE = \
https://salsa.debian.org/minicom-team/minicom/-/archive/$(MINICOM_VERSION)
MINICOM_LICENSE = GPL-2.0+
MINICOM_LICENSE_FILES = COPYING
-MINICOM_CPE_ID_VALID = YES
+MINICOM_CPE_ID_VENDOR = minicom_project
MINICOM_AUTORECONF = YES
MINICOM_DEPENDENCIES = ncurses $(if $(BR2_ENABLE_LOCALE),,libiconv) \
diff --git a/package/ncmpc/ncmpc.mk b/package/ncmpc/ncmpc.mk
index c229fd298c..0cc9765642 100644
--- a/package/ncmpc/ncmpc.mk
+++ b/package/ncmpc/ncmpc.mk
@@ -16,7 +16,7 @@ NCMPC_DEPENDENCIES = \
$(TARGET_NLS_DEPENDENCIES)
NCMPC_LICENSE = GPL-2.0+
NCMPC_LICENSE_FILES = COPYING
-NCMPC_CPE_ID_VALID = YES
+NCMPC_CPE_ID_VENDOR = ncmpc_project
NCMPC_CONF_OPTS = \
-Dcurses=ncurses \
diff --git a/package/netatalk/netatalk.mk b/package/netatalk/netatalk.mk
index afe87bb409..0c219a2316 100644
--- a/package/netatalk/netatalk.mk
+++ b/package/netatalk/netatalk.mk
@@ -14,7 +14,7 @@ NETATALK_DEPENDENCIES = host-pkgconf openssl berkeleydb libgcrypt libgpg-error \
libevent
NETATALK_LICENSE = GPL-2.0+, LGPL-3.0+, MIT-like
NETATALK_LICENSE_FILES = COPYING COPYRIGHT
-NETATALK_CPE_ID_VALID = YES
+NETATALK_CPE_ID_VENDOR = netatalk_project
# Don't run ldconfig!
NETATALK_CONF_ENV += CC="$(TARGET_CC) -std=gnu99" \
diff --git a/package/netcat/netcat.mk b/package/netcat/netcat.mk
index c9d7952e59..939c9fa9fb 100644
--- a/package/netcat/netcat.mk
+++ b/package/netcat/netcat.mk
@@ -8,6 +8,6 @@ NETCAT_VERSION = 0.7.1
NETCAT_SITE = http://downloads.sourceforge.net/project/netcat/netcat/$(NETCAT_VERSION)
NETCAT_LICENSE = GPL-2.0+
NETCAT_LICENSE_FILES = COPYING
-NETCAT_CPE_ID_VALID = YES
+NETCAT_CPE_ID_VENDOR = netcat_project
$(eval $(autotools-package))
diff --git a/package/nettle/nettle.mk b/package/nettle/nettle.mk
index 68844976ea..fef68375db 100644
--- a/package/nettle/nettle.mk
+++ b/package/nettle/nettle.mk
@@ -10,7 +10,7 @@ NETTLE_DEPENDENCIES = gmp
NETTLE_INSTALL_STAGING = YES
NETTLE_LICENSE = Dual GPL-2.0+/LGPL-3.0+
NETTLE_LICENSE_FILES = COPYING.LESSERv3 COPYINGv2
-NETTLE_CPE_ID_VALID = YES
+NETTLE_CPE_ID_VENDOR = nettle_project
# don't include openssl support for (unused) examples as it has problems
# with static linking
NETTLE_CONF_OPTS = --disable-openssl
diff --git a/package/oniguruma/oniguruma.mk b/package/oniguruma/oniguruma.mk
index ef63a5e8a7..6ea5e1e691 100644
--- a/package/oniguruma/oniguruma.mk
+++ b/package/oniguruma/oniguruma.mk
@@ -10,7 +10,7 @@ ONIGURUMA_SITE = \
ONIGURUMA_SOURCE = onig-$(ONIGURUMA_VERSION).tar.gz
ONIGURUMA_LICENSE = BSD-2-Clause
ONIGURUMA_LICENSE_FILES = COPYING
-ONIGURUMA_CPE_ID_VALID = YES
+ONIGURUMA_CPE_ID_VENDOR = oniguruma_project
ONIGURUMA_INSTALL_STAGING = YES
$(eval $(autotools-package))
diff --git a/package/openrc/openrc.mk b/package/openrc/openrc.mk
index e9e35c4d13..d9010a60be 100644
--- a/package/openrc/openrc.mk
+++ b/package/openrc/openrc.mk
@@ -8,7 +8,7 @@ OPENRC_VERSION = 0.42.1
OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION))
OPENRC_LICENSE = BSD-2-Clause
OPENRC_LICENSE_FILES = LICENSE
-OPENRC_CPE_ID_VALID = YES
+OPENRC_CPE_ID_VENDOR = openrc_project
# 0007-checkpath-fix-CVE-2018-21269.patch
OPENRC_IGNORE_CVES += CVE-2018-21269
diff --git a/package/p11-kit/p11-kit.mk b/package/p11-kit/p11-kit.mk
index 977150f571..284eb0fa35 100644
--- a/package/p11-kit/p11-kit.mk
+++ b/package/p11-kit/p11-kit.mk
@@ -13,7 +13,7 @@ P11_KIT_CONF_ENV = ac_cv_have_decl_program_invocation_short_name=yes \
ac_cv_have_decl___progname=no
P11_KIT_LICENSE = BSD-3-Clause
P11_KIT_LICENSE_FILES = COPYING
-P11_KIT_CPE_ID_VALID = YES
+P11_KIT_CPE_ID_VENDOR = p11-kit_project
ifeq ($(BR2_PACKAGE_LIBFFI),y)
P11_KIT_DEPENDENCIES += host-pkgconf libffi
diff --git a/package/polkit/polkit.mk b/package/polkit/polkit.mk
index e3fad53183..bf9b5a7112 100644
--- a/package/polkit/polkit.mk
+++ b/package/polkit/polkit.mk
@@ -8,7 +8,7 @@ POLKIT_VERSION = 0.116
POLKIT_SITE = http://www.freedesktop.org/software/polkit/releases
POLKIT_LICENSE = GPL-2.0
POLKIT_LICENSE_FILES = COPYING
-POLKIT_CPE_ID_VALID = YES
+POLKIT_CPE_ID_VENDOR = polkit_project
POLKIT_AUTORECONF = YES
POLKIT_INSTALL_STAGING = YES
diff --git a/package/powerpc-utils/powerpc-utils.mk b/package/powerpc-utils/powerpc-utils.mk
index 2f8b7d3b96..b12194ae8e 100644
--- a/package/powerpc-utils/powerpc-utils.mk
+++ b/package/powerpc-utils/powerpc-utils.mk
@@ -10,7 +10,7 @@ POWERPC_UTILS_DEPENDENCIES = zlib
POWERPC_UTILS_AUTORECONF = YES
POWERPC_UTILS_LICENSE = GPL-2.0+
POWERPC_UTILS_LICENSE_FILES = COPYING
-POWERPC_UTILS_CPE_ID_VALID = YES
+POWERPC_UTILS_CPE_ID_VENDOR = powerpc-utils_project
POWERPC_UTILS_CONF_ENV = \
ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
diff --git a/package/procps-ng/procps-ng.mk b/package/procps-ng/procps-ng.mk
index 1f99ac3e55..84ada1b133 100644
--- a/package/procps-ng/procps-ng.mk
+++ b/package/procps-ng/procps-ng.mk
@@ -9,7 +9,7 @@ PROCPS_NG_SOURCE = procps-ng-$(PROCPS_NG_VERSION).tar.xz
PROCPS_NG_SITE = http://downloads.sourceforge.net/project/procps-ng/Production
PROCPS_NG_LICENSE = GPL-2.0+, LGPL-2.0+ (libproc and libps)
PROCPS_NG_LICENSE_FILES = COPYING COPYING.LIB
-PROCPS_NG_CPE_ID_VALID = YES
+PROCPS_NG_CPE_ID_VENDOR = procps-ng_project
PROCPS_NG_INSTALL_STAGING = YES
PROCPS_NG_DEPENDENCIES = ncurses host-pkgconf $(TARGET_NLS_DEPENDENCIES)
PROCPS_NG_CONF_OPTS = LIBS=$(TARGET_NLS_LIBS)
diff --git a/package/rabbitmq-c/rabbitmq-c.mk b/package/rabbitmq-c/rabbitmq-c.mk
index 2c7d15c0ad..e6ac52fd87 100644
--- a/package/rabbitmq-c/rabbitmq-c.mk
+++ b/package/rabbitmq-c/rabbitmq-c.mk
@@ -8,7 +8,7 @@ RABBITMQ_C_VERSION = 0.10.0
RABBITMQ_C_SITE = $(call github,alanxz,rabbitmq-c,v$(RABBITMQ_C_VERSION))
RABBITMQ_C_LICENSE = MIT
RABBITMQ_C_LICENSE_FILES = LICENSE-MIT
-RABBITMQ_C_CPE_ID_VALID = YES
+RABBITMQ_C_CPE_ID_VENDOR = rabbitmq-c_project
RABBITMQ_C_INSTALL_STAGING = YES
RABBITMQ_C_CONF_OPTS = \
-DBUILD_API_DOCS=OFF \
diff --git a/package/rhash/rhash.mk b/package/rhash/rhash.mk
index 4438112f3f..92abcd29b0 100644
--- a/package/rhash/rhash.mk
+++ b/package/rhash/rhash.mk
@@ -9,7 +9,7 @@ RHASH_SOURCE = rhash-$(RHASH_VERSION)-src.tar.gz
RHASH_SITE = https://sourceforge.net/projects/rhash/files/rhash/$(RHASH_VERSION)
RHASH_LICENSE = 0BSD
RHASH_LICENSE_FILES = COPYING
-RHASH_CPE_ID_VALID = YES
+RHASH_CPE_ID_VENDOR = rhash_project
RHASH_INSTALL_STAGING = YES
RHASH_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
RHASH_ADDLDFLAGS = $(TARGET_NLS_LIBS)
diff --git a/package/rpcbind/rpcbind.mk b/package/rpcbind/rpcbind.mk
index abeca2d247..25916f0b56 100644
--- a/package/rpcbind/rpcbind.mk
+++ b/package/rpcbind/rpcbind.mk
@@ -9,7 +9,7 @@ RPCBIND_SITE = http://downloads.sourceforge.net/project/rpcbind/rpcbind/$(RPCBIN
RPCBIND_SOURCE = rpcbind-$(RPCBIND_VERSION).tar.bz2
RPCBIND_LICENSE = BSD-3-Clause
RPCBIND_LICENSE_FILES = COPYING
-RPCBIND_CPE_ID_VALID = YES
+RPCBIND_CPE_ID_VENDOR = rpcbind_project
RPCBIND_CONF_ENV += \
CFLAGS="$(TARGET_CFLAGS) `$(PKG_CONFIG_HOST_BINARY) --cflags libtirpc`"
diff --git a/package/rtmpdump/rtmpdump.mk b/package/rtmpdump/rtmpdump.mk
index 35b3ec1846..db79a796dc 100644
--- a/package/rtmpdump/rtmpdump.mk
+++ b/package/rtmpdump/rtmpdump.mk
@@ -11,7 +11,7 @@ RTMPDUMP_INSTALL_STAGING = YES
# care about librtmp, it's LGPL-2.1+
RTMPDUMP_LICENSE = LGPL-2.1+
RTMPDUMP_LICENSE_FILES = librtmp/COPYING
-RTMPDUMP_CPE_ID_VALID = YES
+RTMPDUMP_CPE_ID_VENDOR = rtmpdump_project
RTMPDUMP_DEPENDENCIES = zlib
ifeq ($(BR2_PACKAGE_GNUTLS),y)
diff --git a/package/sane-backends/sane-backends.mk b/package/sane-backends/sane-backends.mk
index 9c4494f096..3c93ceaaae 100644
--- a/package/sane-backends/sane-backends.mk
+++ b/package/sane-backends/sane-backends.mk
@@ -10,7 +10,7 @@ SANE_BACKENDS_SITE = \
SANE_BACKENDS_CONFIG_SCRIPTS = sane-config
SANE_BACKENDS_LICENSE = GPL-2.0+
SANE_BACKENDS_LICENSE_FILES = COPYING
-SANE_BACKENDS_CPE_ID_VALID = YES
+SANE_BACKENDS_CPE_ID_VENDOR = sane-backends_project
SANE_BACKENDS_INSTALL_STAGING = YES
SANE_BACKENDS_CONF_OPTS = \
diff --git a/package/spice/spice.mk b/package/spice/spice.mk
index db05bd67f0..b515431cf1 100644
--- a/package/spice/spice.mk
+++ b/package/spice/spice.mk
@@ -9,7 +9,7 @@ SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
SPICE_SITE = http://www.spice-space.org/download/releases/spice-server
SPICE_LICENSE = LGPL-2.1+
SPICE_LICENSE_FILES = COPYING
-SPICE_CPE_ID_VALID = YES
+SPICE_CPE_ID_VENDOR = spice_project
SPICE_INSTALL_STAGING = YES
SPICE_DEPENDENCIES = \
host-pkgconf \
diff --git a/package/squashfs/squashfs.mk b/package/squashfs/squashfs.mk
index 026c0a46cc..cbc3c906d8 100644
--- a/package/squashfs/squashfs.mk
+++ b/package/squashfs/squashfs.mk
@@ -8,7 +8,7 @@ SQUASHFS_VERSION = 4.4
SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION))
SQUASHFS_LICENSE = GPL-2.0+
SQUASHFS_LICENSE_FILES = COPYING
-SQUASHFS_CPE_ID_VALID = YES
+SQUASHFS_CPE_ID_VENDOR = squashfs_project
SQUASHFS_MAKE_ARGS = XATTR_SUPPORT=1
ifeq ($(BR2_PACKAGE_SQUASHFS_LZ4),y)
diff --git a/package/strace/strace.mk b/package/strace/strace.mk
index 646be41e5b..0ae622ec5a 100644
--- a/package/strace/strace.mk
+++ b/package/strace/strace.mk
@@ -9,7 +9,7 @@ STRACE_SOURCE = strace-$(STRACE_VERSION).tar.xz
STRACE_SITE = https://strace.io/files/$(STRACE_VERSION)
STRACE_LICENSE = LGPL-2.1+
STRACE_LICENSE_FILES = COPYING LGPL-2.1-or-later
-STRACE_CPE_ID_VALID = YES
+STRACE_CPE_ID_VENDOR = strace_project
STRACE_CONF_OPTS = --enable-mpers=no
ifeq ($(BR2_PACKAGE_LIBUNWIND),y)
diff --git a/package/sysklogd/sysklogd.mk b/package/sysklogd/sysklogd.mk
index ff181372b6..ea7b869d7b 100644
--- a/package/sysklogd/sysklogd.mk
+++ b/package/sysklogd/sysklogd.mk
@@ -8,7 +8,7 @@ SYSKLOGD_VERSION = 2.2.1
SYSKLOGD_SITE = https://github.com/troglobit/sysklogd/releases/download/v$(SYSKLOGD_VERSION)
SYSKLOGD_LICENSE = BSD-3-Clause
SYSKLOGD_LICENSE_FILES = LICENSE
-SYSKLOGD_CPE_ID_VALID = YES
+SYSKLOGD_CPE_ID_VENDOR = sysklogd_project
# Busybox install logger in /usr/bin, and syslogd in /sbin, so install in
# the same locations so that busybox does not install its applets in there.
diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk
index 17570520c3..281b7d8ee6 100644
--- a/package/tmux/tmux.mk
+++ b/package/tmux/tmux.mk
@@ -8,7 +8,7 @@ TMUX_VERSION = 3.1c
TMUX_SITE = https://github.com/tmux/tmux/releases/download/$(TMUX_VERSION)
TMUX_LICENSE = ISC
TMUX_LICENSE_FILES = COPYING
-TMUX_CPE_ID_VALID = YES
+TMUX_CPE_ID_VENDOR = tmux_project
TMUX_DEPENDENCIES = libevent ncurses host-pkgconf
# Add /usr/bin/tmux to /etc/shells otherwise some login tools like dropbear
diff --git a/package/unzip/unzip.mk b/package/unzip/unzip.mk
index 2997d33a28..e8c9366a1b 100644
--- a/package/unzip/unzip.mk
+++ b/package/unzip/unzip.mk
@@ -10,7 +10,7 @@ UNZIP_PATCH = unzip_$(UNZIP_VERSION)-26.debian.tar.xz
UNZIP_SITE = https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip
UNZIP_LICENSE = Info-ZIP
UNZIP_LICENSE_FILES = LICENSE
-UNZIP_CPE_ID_VALID = YES
+UNZIP_CPE_ID_VENDOR = unzip_project
# unzip_$(UNZIP_VERSION)-26.debian.tar.xz has patches to fix:
UNZIP_IGNORE_CVES = \
diff --git a/package/upx/upx.mk b/package/upx/upx.mk
index 2449fa643b..bdf5dd4c0e 100644
--- a/package/upx/upx.mk
+++ b/package/upx/upx.mk
@@ -9,7 +9,7 @@ UPX_SITE = https://github.com/upx/upx/releases/download/v$(UPX_VERSION)
UPX_SOURCE = upx-$(UPX_VERSION)-src.tar.xz
UPX_LICENSE = GPL-2.0+
UPX_LICENSE_FILES = COPYING
-UPX_CPE_ID_VALID = YES
+UPX_CPE_ID_VENDOR = upx_project
HOST_UPX_DEPENDENCIES = host-ucl host-zlib
diff --git a/package/valijson/valijson.mk b/package/valijson/valijson.mk
index 29e6342a68..e425757d26 100644
--- a/package/valijson/valijson.mk
+++ b/package/valijson/valijson.mk
@@ -8,7 +8,7 @@ VALIJSON_VERSION = 0.3
VALIJSON_SITE = $(call github,tristanpenman,valijson,v$(VALIJSON_VERSION))
VALIJSON_LICENSE = BSD-2-Clause
VALIJSON_LICENSE_FILES = LICENSE
-VALIJSON_CPE_ID_VALID = YES
+VALIJSON_CPE_ID_VENDOR = valijson_project
VALIJSON_INSTALL_STAGING = YES
VALIJSON_INSTALL_TARGET = NO
VALIJSON_DEPENDENCIES = boost
diff --git a/package/vsftpd/vsftpd.mk b/package/vsftpd/vsftpd.mk
index 2804a3a39d..49b9b1917f 100644
--- a/package/vsftpd/vsftpd.mk
+++ b/package/vsftpd/vsftpd.mk
@@ -9,7 +9,7 @@ VSFTPD_SITE = https://security.appspot.com/downloads
VSFTPD_LIBS = -lcrypt
VSFTPD_LICENSE = GPL-2.0
VSFTPD_LICENSE_FILES = COPYING
-VSFTPD_CPE_ID_VALID = YES
+VSFTPD_CPE_ID_VENDOR = vsftpd_project
define VSFTPD_DISABLE_UTMPX
$(SED) 's/.*VSF_BUILD_UTMPX/#undef VSF_BUILD_UTMPX/' $(@D)/builddefs.h
diff --git a/package/x11vnc/x11vnc.mk b/package/x11vnc/x11vnc.mk
index aa0f14c456..1eda717c68 100644
--- a/package/x11vnc/x11vnc.mk
+++ b/package/x11vnc/x11vnc.mk
@@ -12,7 +12,7 @@ X11VNC_CONF_OPTS = --without-sdl
X11VNC_DEPENDENCIES = xlib_libXt xlib_libXext xlib_libXtst libvncserver
X11VNC_LICENSE = GPL-2.0+
X11VNC_LICENSE_FILES = COPYING
-X11VNC_CPE_ID_VALID = YES
+X11VNC_CPE_ID_VENDOR = x11vnc_project
# 0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
X11VNC_IGNORE_CVES += CVE-2020-29074
diff --git a/package/xscreensaver/xscreensaver.mk b/package/xscreensaver/xscreensaver.mk
index cb1e440ea1..c3c9ec89c3 100644
--- a/package/xscreensaver/xscreensaver.mk
+++ b/package/xscreensaver/xscreensaver.mk
@@ -10,7 +10,7 @@ XSCREENSAVER_SITE = https://www.jwz.org/xscreensaver
# N.B. GPL-2.0+ code (in the hacks/glx subdirectory) is not currently built.
XSCREENSAVER_LICENSE = MIT-like, GPL-2.0+
XSCREENSAVER_LICENSE_FILES = hacks/screenhack.h hacks/glx/chessmodels.h
-XSCREENSAVER_CPE_ID_VALID = YES
+XSCREENSAVER_CPE_ID_VENDOR = xscreensaver_project
XSCREENSAVER_DEPENDENCIES = \
gdk-pixbuf \
diff --git a/package/yaml-cpp/yaml-cpp.mk b/package/yaml-cpp/yaml-cpp.mk
index d95380e621..895072ec45 100644
--- a/package/yaml-cpp/yaml-cpp.mk
+++ b/package/yaml-cpp/yaml-cpp.mk
@@ -9,7 +9,7 @@ YAML_CPP_SITE = $(call github,jbeder,yaml-cpp,yaml-cpp-$(YAML_CPP_VERSION))
YAML_CPP_INSTALL_STAGING = YES
YAML_CPP_LICENSE = MIT
YAML_CPP_LICENSE_FILES = LICENSE
-YAML_CPP_CPE_ID_VALID = YES
+YAML_CPP_CPE_ID_VENDOR = yaml-cpp_project
# Disable testing and parse tools
YAML_CPP_CONF_OPTS += \
diff --git a/package/zziplib/zziplib.mk b/package/zziplib/zziplib.mk
index 6cb9dedce8..6b7b64cacc 100644
--- a/package/zziplib/zziplib.mk
+++ b/package/zziplib/zziplib.mk
@@ -8,7 +8,7 @@ ZZIPLIB_VERSION = 0.13.72
ZZIPLIB_SITE = $(call github,gdraheim,zziplib,v$(ZZIPLIB_VERSION))
ZZIPLIB_LICENSE = LGPL-2.0+ or MPL-1.1
ZZIPLIB_LICENSE_FILES = docs/COPYING.LIB docs/COPYING.MPL docs/copying.htm
-ZZIPLIB_CPE_ID_VALID = YES
+ZZIPLIB_CPE_ID_VENDOR = zziplib_project
ZZIPLIB_INSTALL_STAGING = YES
ZZIPLIB_CONF_OPTS += \
-DZZIPDOCS=OFF \
diff --git a/support/testing/tests/core/cpeid-br2-external/package/cpe-id-pkg3/cpe-id-pkg3.mk b/support/testing/tests/core/cpeid-br2-external/package/cpe-id-pkg3/cpe-id-pkg3.mk
index 5added78df..7f539ad584 100644
--- a/support/testing/tests/core/cpeid-br2-external/package/cpe-id-pkg3/cpe-id-pkg3.mk
+++ b/support/testing/tests/core/cpeid-br2-external/package/cpe-id-pkg3/cpe-id-pkg3.mk
@@ -1,5 +1,5 @@
CPE_ID_PKG3_VERSION = 67
-CPE_ID_PKG3_CPE_ID_VALID = YES
+CPE_ID_PKG3_CPE_ID_VENDOR = cpe-id-pkg3_project
$(eval $(generic-package))
$(eval $(host-generic-package))
diff --git a/support/testing/tests/core/test_cpeid.py b/support/testing/tests/core/test_cpeid.py
index 190f0306e5..11c847215a 100644
--- a/support/testing/tests/core/test_cpeid.py
+++ b/support/testing/tests/core/test_cpeid.py
@@ -47,7 +47,7 @@ class CpeIdTest(infra.basetest.BRConfigTest):
self.assertNotIn("cpe-id", pkg_json['host-cpe-id-pkg2'])
def test_pkg3(self):
- # this package has just <pkg>_CPE_ID_VALID defined, so verify
+ # this package has just <pkg>_CPE_ID_VENDOR defined, so verify
# it has the default CPE_ID value, and that inheritance of the
# values for the host package is working
pkg_vars = self.get_vars("CPE_ID_PKG3_CPE_ID")
More information about the buildroot
mailing list