From 1dd10406bd4ef725d3afb4f33a63765aa4640893 Mon Sep 17 00:00:00 2001
From: Colin McAllister <colin.mcallister@garmin.com>
Date: Tue, 24 Feb 2026 14:15:14 -0600
Subject: [PATCH] iperf2: Update CVE_PRODUCT

CPEs are registered for iperf_project2:iperf2 in addition to
iperf_project:iperf. By changing CVE_PRODUCT to an appends, this ensures
that both iperf and iperf2 CPEs are used for CVE matching.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-benchmark/iperf2/iperf2_2.2.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-benchmark/iperf2/iperf2_2.2.1.bb b/meta-oe/recipes-benchmark/iperf2/iperf2_2.2.1.bb
index d31f4ed634..cc7a1561df 100644
--- a/meta-oe/recipes-benchmark/iperf2/iperf2_2.2.1.bb
+++ b/meta-oe/recipes-benchmark/iperf2/iperf2_2.2.1.bb
@@ -19,7 +19,7 @@ EXTRA_OECONF = "--exec-prefix=${STAGING_DIR_HOST}${layout_exec_prefix}"
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 
-CVE_PRODUCT = "iperf_project:iperf"
+CVE_PRODUCT:append = " iperf_project:iperf"
 CVE_STATUS[CVE-2025-54349] = "cpe-incorrect: the vulnerability is in iperf3, which is a different project"
 CVE_STATUS[CVE-2025-54350] = "cpe-incorrect: the vulnerability is in iperf3, which is a different project"
 CVE_STATUS[CVE-2025-54351] = "cpe-incorrect: the vulnerability is in iperf3, which is a different project"