[Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE
@ 2025-08-07 15:29 Thomas Perale via buildroot
  2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2025-08-07 15:29 UTC (permalink / raw)
  To: buildroot

Since this package hasn't had a proper release in a while this patch set
the CPE_VERSION and CPE_UPDATE to the latest tags available.

The annotation available on NVD all refers to this last available
version `cpe:2.3:a:luajit:luajit:2.1.0:beta3:*:*:*:*:*:*`.

See https://nvd.nist.gov/vuln/detail/CVE-2020-15890 for instance.

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/luajit/luajit.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/luajit/luajit.mk b/package/luajit/luajit.mk
index b030a16cfc..ebec4d87ac 100644
--- a/package/luajit/luajit.mk
+++ b/package/luajit/luajit.mk
@@ -9,6 +9,8 @@ LUAJIT_SITE = $(call github,LuaJIT,LuaJIT,$(LUAJIT_VERSION))
 LUAJIT_LICENSE = MIT
 LUAJIT_LICENSE_FILES = COPYRIGHT
 LUAJIT_CPE_ID_VENDOR = luajit
+LUAJIT_CPE_ID_VERSION = 2.1.0
+LUAJIT_CPE_ID_UPDATE = beta3
 
 LUAJIT_INSTALL_STAGING = YES
 
-- 
2.39.5

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs
  2025-08-07 15:29 [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Thomas Perale via buildroot
@ 2025-08-07 15:29 ` Thomas Perale via buildroot
  2025-08-11 10:02   ` Peter Korsgaard
  2025-08-21 19:20   ` Thomas Perale via buildroot
  2025-08-11 10:01 ` [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Peter Korsgaard
  2025-08-21 19:20 ` Thomas Perale via buildroot
  2 siblings, 2 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2025-08-07 15:29 UTC (permalink / raw)
  To: buildroot

This patch ignores the following CVEs that are already fixed in the
current version.

- CVE-2020-15890

For more informations, see:
- https://nvd.nist.gov/vuln/detail/CVE-2020-15890
- https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6

- CVE-2020-24372

For more informations, see:
- https://nvd.nist.gov/vuln/detail/CVE-2020-24372
- https://github.com/LuaJIT/LuaJIT/commit/e296f56b825c688c3530a981dc6b495d972f3d01

- CVE-2024-25176

For more informations, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25176
- https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc

- CVE-2024-25177

For more informations, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25177
- https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f

- CVE-2024-25178

For more informations, see:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25178
- https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 package/luajit/luajit.mk | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/package/luajit/luajit.mk b/package/luajit/luajit.mk
index ebec4d87ac..f4836df91d 100644
--- a/package/luajit/luajit.mk
+++ b/package/luajit/luajit.mk
@@ -12,6 +12,21 @@ LUAJIT_CPE_ID_VENDOR = luajit
 LUAJIT_CPE_ID_VERSION = 2.1.0
 LUAJIT_CPE_ID_UPDATE = beta3
 
+# Fixed in 53f82e6e2e858a0a62fd1a2ff47e9866693382e6
+LUAJIT_IGNORE_CVES += CVE-2020-15890
+
+# Fixed in e296f56b825c688c3530a981dc6b495d972f3d01
+LUAJIT_IGNORE_CVES += CVE-2020-24372
+
+# Fixed in 343ce0edaf3906a62022936175b2f5410024cbfc
+LUAJIT_IGNORE_CVES += CVE-2024-25176
+
+# Fixed in 85b4fed0b0353dd78c8c875c2f562d522a2b310f
+LUAJIT_IGNORE_CVES += CVE-2024-25177
+
+# Fixed in defe61a56751a0db5f00ff3ab7b8f45436ba74c8
+LUAJIT_IGNORE_CVES += CVE-2024-25178
+
 LUAJIT_INSTALL_STAGING = YES
 
 LUAJIT_PROVIDES = luainterpreter
-- 
2.39.5

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs
  2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
@ 2025-08-11 10:02   ` Peter Korsgaard
  2025-08-21 19:20   ` Thomas Perale via buildroot
  1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2025-08-11 10:02 UTC (permalink / raw)
  To: Thomas Perale via buildroot; +Cc: Thomas Perale

>>>>> "Thomas" == Thomas Perale via buildroot <buildroot@buildroot.org> writes:

 > This patch ignores the following CVEs that are already fixed in the
 > current version.

 > - CVE-2020-15890

 > For more informations, see:
 > - https://nvd.nist.gov/vuln/detail/CVE-2020-15890
 > - https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6

 > - CVE-2020-24372

 > For more informations, see:
 > - https://nvd.nist.gov/vuln/detail/CVE-2020-24372
 > - https://github.com/LuaJIT/LuaJIT/commit/e296f56b825c688c3530a981dc6b495d972f3d01

 > - CVE-2024-25176

 > For more informations, see:
 > - https://nvd.nist.gov/vuln/detail/CVE-2024-25176
 > - https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc

 > - CVE-2024-25177

 > For more informations, see:
 > - https://nvd.nist.gov/vuln/detail/CVE-2024-25177
 > - https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f

 > - CVE-2024-25178

 > For more informations, see:
 > - https://nvd.nist.gov/vuln/detail/CVE-2024-25178
 > - https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8

 > Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs
  2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
  2025-08-11 10:02   ` Peter Korsgaard
@ 2025-08-21 19:20   ` Thomas Perale via buildroot
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2025-08-21 19:20 UTC (permalink / raw)
  To: Thomas Perale; +Cc: buildroot

In reply of:
> This patch ignores the following CVEs that are already fixed in the
> current version.
> 
> - CVE-2020-15890
> 
> For more informations, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2020-15890
> - https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
> 
> - CVE-2020-24372
> 
> For more informations, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2020-24372
> - https://github.com/LuaJIT/LuaJIT/commit/e296f56b825c688c3530a981dc6b495d972f3d01
> 
> - CVE-2024-25176
> 
> For more informations, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2024-25176
> - https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc
> 
> - CVE-2024-25177
> 
> For more informations, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2024-25177
> - https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f
> 
> - CVE-2024-25178
> 
> For more informations, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2024-25178
> - https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.05.x. Thanks

> ---
>  package/luajit/luajit.mk | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/package/luajit/luajit.mk b/package/luajit/luajit.mk
> index ebec4d87ac..f4836df91d 100644
> --- a/package/luajit/luajit.mk
> +++ b/package/luajit/luajit.mk
> @@ -12,6 +12,21 @@ LUAJIT_CPE_ID_VENDOR = luajit
>  LUAJIT_CPE_ID_VERSION = 2.1.0
>  LUAJIT_CPE_ID_UPDATE = beta3
>  
> +# Fixed in 53f82e6e2e858a0a62fd1a2ff47e9866693382e6
> +LUAJIT_IGNORE_CVES += CVE-2020-15890
> +
> +# Fixed in e296f56b825c688c3530a981dc6b495d972f3d01
> +LUAJIT_IGNORE_CVES += CVE-2020-24372
> +
> +# Fixed in 343ce0edaf3906a62022936175b2f5410024cbfc
> +LUAJIT_IGNORE_CVES += CVE-2024-25176
> +
> +# Fixed in 85b4fed0b0353dd78c8c875c2f562d522a2b310f
> +LUAJIT_IGNORE_CVES += CVE-2024-25177
> +
> +# Fixed in defe61a56751a0db5f00ff3ab7b8f45436ba74c8
> +LUAJIT_IGNORE_CVES += CVE-2024-25178
> +
>  LUAJIT_INSTALL_STAGING = YES
>  
>  LUAJIT_PROVIDES = luainterpreter
> -- 
> 2.39.5
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE
  2025-08-07 15:29 [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Thomas Perale via buildroot
  2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
@ 2025-08-11 10:01 ` Peter Korsgaard
  2025-08-21 19:20 ` Thomas Perale via buildroot
  2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2025-08-11 10:01 UTC (permalink / raw)
  To: Thomas Perale via buildroot; +Cc: Thomas Perale

>>>>> "Thomas" == Thomas Perale via buildroot <buildroot@buildroot.org> writes:

 > Since this package hasn't had a proper release in a while this patch set
 > the CPE_VERSION and CPE_UPDATE to the latest tags available.

 > The annotation available on NVD all refers to this last available
 > version `cpe:2.3:a:luajit:luajit:2.1.0:beta3:*:*:*:*:*:*`.

 > See https://nvd.nist.gov/vuln/detail/CVE-2020-15890 for instance.

 > Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE
  2025-08-07 15:29 [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Thomas Perale via buildroot
  2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
  2025-08-11 10:01 ` [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Peter Korsgaard
@ 2025-08-21 19:20 ` Thomas Perale via buildroot
  2 siblings, 0 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2025-08-21 19:20 UTC (permalink / raw)
  To: Thomas Perale; +Cc: buildroot

In reply of:
> Since this package hasn't had a proper release in a while this patch set
> the CPE_VERSION and CPE_UPDATE to the latest tags available.
> 
> The annotation available on NVD all refers to this last available
> version `cpe:2.3:a:luajit:luajit:2.1.0:beta3:*:*:*:*:*:*`.
> 
> See https://nvd.nist.gov/vuln/detail/CVE-2020-15890 for instance.
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.05.x. Thanks

> ---
>  package/luajit/luajit.mk | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/package/luajit/luajit.mk b/package/luajit/luajit.mk
> index b030a16cfc..ebec4d87ac 100644
> --- a/package/luajit/luajit.mk
> +++ b/package/luajit/luajit.mk
> @@ -9,6 +9,8 @@ LUAJIT_SITE = $(call github,LuaJIT,LuaJIT,$(LUAJIT_VERSION))
>  LUAJIT_LICENSE = MIT
>  LUAJIT_LICENSE_FILES = COPYRIGHT
>  LUAJIT_CPE_ID_VENDOR = luajit
> +LUAJIT_CPE_ID_VERSION = 2.1.0
> +LUAJIT_CPE_ID_UPDATE = beta3
>  
>  LUAJIT_INSTALL_STAGING = YES
>  
> -- 
> 2.39.5
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2025-08-21 19:21 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-07 15:29 [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Thomas Perale via buildroot
2025-08-07 15:29 ` [Buildroot] [PATCH 2/2] package/luajit: ignore multiple CVEs Thomas Perale via buildroot
2025-08-11 10:02   ` Peter Korsgaard
2025-08-21 19:20   ` Thomas Perale via buildroot
2025-08-11 10:01 ` [Buildroot] [PATCH 1/2] package/luajit: add CPE_VERSION & CPE_UPDATE Peter Korsgaard
2025-08-21 19:20 ` Thomas Perale via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.