File 1111-updates-vendor.info-files-to-include-sha-information.patch of Package erlang
From 736c9e9aee06decb2458b5d1f3cf88df14478489 Mon Sep 17 00:00:00 2001
From: Kiko Fernandez-Reyes <kiko@erlang.org>
Date: Thu, 18 Sep 2025 14:15:40 +0200
Subject: [PATCH 1/5] updates vendor.info files to include sha information
the `sha` information indicates which commit the vendor library comes
from. this is useful for vulnerability scanners to detect if a vendor
library may have a reported vulnerability
---
erts/emulator/openssl/vendor.info | 1 +
erts/emulator/pcre/vendor.info | 1 +
erts/emulator/ryu/vendor.info | 3 +--
erts/emulator/zlib/vendor.info | 5 +++--
erts/emulator/zstd/vendor.info | 1 +
lib/common_test/priv/vendor.info | 4 +++-
lib/erl_interface/src/openssl/vendor.info | 1 +
lib/wx/{ => api_gen}/vendor.info | 9 +++++----
8 files changed, 16 insertions(+), 9 deletions(-)
rename lib/wx/{ => api_gen}/vendor.info (80%)
diff --git a/erts/emulator/openssl/vendor.info b/erts/emulator/openssl/vendor.info
index 2dbc6371bf..6dd37defce 100644
--- a/erts/emulator/openssl/vendor.info
+++ b/erts/emulator/openssl/vendor.info
@@ -15,6 +15,7 @@
"licenseDeclared": "Apache-2.0",
"name": "openssl",
"versionInfo": "3.5",
+ "sha": "636dfadc70ce26f2473870570bfd9ec352806b1d",
"path": "./erts/emulator/openssl",
"exclude": ["./erts/emulator/openssl/vendor.info",
"./erts/emulator/openssl/README",
diff --git a/erts/emulator/pcre/vendor.info b/erts/emulator/pcre/vendor.info
index db3a2acec0..1ee9884c48 100644
--- a/erts/emulator/pcre/vendor.info
+++ b/erts/emulator/pcre/vendor.info
@@ -19,6 +19,7 @@
"exclude": ["./erts/emulator/pcre/vendor.info",
"./erts/emulator/pcre/README.pcre_update.md",
"./erts/emulator/pcre/pcre.mk"],
+ "sha": "b2bd4254b379b9d7dc9a3dda060a7e27009ccdff",
"supplier": "Person: Nicholas Wilson",
"purl": "pkg:generic/pcre2"
}
diff --git a/erts/emulator/ryu/vendor.info b/erts/emulator/ryu/vendor.info
index a98d92e423..d3f70daac6 100644
--- a/erts/emulator/ryu/vendor.info
+++ b/erts/emulator/ryu/vendor.info
@@ -22,8 +22,7 @@
"./erts/emulator/ryu/digit_table.h",
"./erts/emulator/ryu/ryu.h",
"./erts/emulator/ryu/LICENSE-Apache2",
- "./erts/emulator/ryu/LICENSE-Boost"
- ],
+ "./erts/emulator/ryu/LICENSE-Boost"],
"supplier": "Person: Ulf Adams",
"purl": "pkg:github/ulfjack/ryu#ryu",
"update": "./erts/emulator/ryu/update.sh",
diff --git a/erts/emulator/zlib/vendor.info b/erts/emulator/zlib/vendor.info
index 716f1ea095..a0ae3dce97 100644
--- a/erts/emulator/zlib/vendor.info
+++ b/erts/emulator/zlib/vendor.info
@@ -10,15 +10,16 @@
"ID": "erts-zlib",
"description": "interface of the 'zlib' general purpose compression library",
"copyrightText": "Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler",
- "downloadLocation": "https://zlib.net/",
+ "downloadLocation": "https://github.com/madler/zlib",
"homepage": "https://zlib.net/",
"licenseDeclared": "Zlib",
"name": "zlib",
"versionInfo": "1.3.1",
+ "sha": "1a8db63788c34a50e39e273d39b7e1033208aea2",
"path": "./erts/emulator/zlib",
"exclude": ["./erts/emulator/zlib/vendor.info",
"./erts/emulator/zlib/zlib.mk"],
"supplier": "Person: Mark Adler (zlib@gzip.org)",
- "purl": "pkg:generic/zlib"
+ "purl": "pkg:github/madler/zlib"
}
]
diff --git a/erts/emulator/zstd/vendor.info b/erts/emulator/zstd/vendor.info
index fe5b5b9458..53e34eee32 100644
--- a/erts/emulator/zstd/vendor.info
+++ b/erts/emulator/zstd/vendor.info
@@ -15,6 +15,7 @@
"licenseDeclared": "BSD-3-Clause OR GPL-2.0-only",
"name": "zstd",
"versionInfo": "v1.5.7",
+ "sha": "f8745da6ff1ad1e7bab384bd1f9d742439278e99",
"path": "./erts/emulator/zstd",
"exclude": ["./erts/emulator/zstd/vendor.info",
"./erts/emulator/zstd/update.sh",
diff --git a/lib/common_test/priv/vendor.info b/lib/common_test/priv/vendor.info
index 2526eed770..119fa886bb 100644
--- a/lib/common_test/priv/vendor.info
+++ b/lib/common_test/priv/vendor.info
@@ -13,6 +13,7 @@
"downloadLocation": "https://github.com/jquery/jquery",
"homepage": "https://jquery.com",
"licenseDeclared": "MIT",
+ "ecosystem": "npm",
"name": "jquery",
"versionInfo": "3.7.1",
"path": ["./lib/common_test/priv/jquery-latest.js"],
@@ -26,7 +27,8 @@
"downloadLocation": "https://github.com/Mottie/tablesorter",
"homepage": "https://github.com/Mottie/tablesorter",
"licenseDeclared": "BSD-3-Clause OR GPL-2.0-only",
- "name": "jquery-tablesorter",
+ "ecosystem": "npm",
+ "name": "tablesorter",
"versionInfo": "2.32",
"path": ["./lib/common_test/priv/jquery.tablesorter.min.js"],
"supplier": "Person: Christian Bach",
diff --git a/lib/erl_interface/src/openssl/vendor.info b/lib/erl_interface/src/openssl/vendor.info
index e1abf3576f..dccd469541 100644
--- a/lib/erl_interface/src/openssl/vendor.info
+++ b/lib/erl_interface/src/openssl/vendor.info
@@ -15,6 +15,7 @@
"licenseDeclared": "Apache-2.0",
"name": "openssl",
"versionInfo": "3.5",
+ "sha": "636dfadc70ce26f2473870570bfd9ec352806b1d",
"path": "./lib/erl_interface/src/openssl",
"exclude": ["./lib/erl_interface/src/openssl/vendor.info",
"./lib/erl_interface/src/openssl/README",
diff --git a/lib/wx/vendor.info b/lib/wx/api_gen/vendor.info
similarity index 80%
rename from lib/wx/vendor.info
rename to lib/wx/api_gen/vendor.info
index 9dd3992951..36644d26e3 100644
--- a/lib/wx/vendor.info
+++ b/lib/wx/api_gen/vendor.info
@@ -7,17 +7,18 @@
// %CopyrightEnd%
[
{
- "ID": "wx",
+ "ID": "wx-doc-src",
"description": "wxWidgets documentation inserted from original project into Erlang bindings",
"copyrightText": "Copyright (c) 1998 Julian Smart, Robert Roebling et al",
"downloadLocation": "https://github.com/wxWidgets/wxWidgets",
"homepage": "https://github.com/wxWidgets/wxWidgets",
"licenseDeclared": "LicenseRef-scancode-wxwindows-free-doc-3",
- "name": "wx",
+ "name": "wx-doc-src",
"versionInfo": "dc585039bbd426829e3433002023a93f9bedd0c2",
- "path": "./lib/wx",
+ "sha": "dc585039bbd426829e3433002023a93f9bedd0c2",
+ "path": "./lib/wx/api_gen",
"comments": "This only applies to the source code of Erlang files in 'src', and specifically to the documentation embedded in them",
- "supplier": "NOASSERTION",
+ "supplier": "Organization: Ericsson AB",
"purl": "pkg:github/wxwidgets/wxwidgets"
}
]
--
2.51.0
