[Buildroot] [PATCH 1/2] package/traceroute: add TRACEROUTE_CPE_ID_VENDOR

[Buildroot] [PATCH 1/2] package/traceroute: add TRACEROUTE_CPE_ID_VENDOR

[Fabrice Fontaine]

cpe:2.3:a:buc:traceroute is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/399C82DE-9AC7-4C48-8E9B-57C480E95FF5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/traceroute/traceroute.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/traceroute/traceroute.mk b/package/traceroute/traceroute.mk
index a02982a6b5..155e134c68 100644
--- a/package/traceroute/traceroute.mk
+++ b/package/traceroute/traceroute.mk
@@ -9,6 +9,7 @@ TRACEROUTE_SITE = http://downloads.sourceforge.net/traceroute/traceroute/tracero
 
 TRACEROUTE_LICENSE = GPL-2.0+, LGPL-2.1+
 TRACEROUTE_LICENSE_FILES = COPYING COPYING.LIB
+TRACEROUTE_CPE_ID_VENDOR = buc
 
 define TRACEROUTE_BUILD_CMDS
 	$(TARGET_MAKE_ENV) VPATH=$(STAGING_DIR)/usr/lib $(MAKE) $(TARGET_CONFIGURE_OPTS) \
-- 
2.42.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 2/2] package/traceroute: security bump to version 2.1.3

[Fabrice Fontaine]

Fix CVE-2023-46316: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3,
the wrapper scripts do not properly parse command lines.

https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.1
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.2
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/traceroute/traceroute.hash | 2 +-
 package/traceroute/traceroute.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/traceroute/traceroute.hash b/package/traceroute/traceroute.hash
index 83791c18a4..cf2eb127a2 100644
--- a/package/traceroute/traceroute.hash
+++ b/package/traceroute/traceroute.hash
@@ -1,5 +1,5 @@
 # Locally computed:
-sha256  3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6  traceroute-2.1.0.tar.gz
+sha256  05ebc7aba28a9100f9bbae54ceecbf75c82ccf46bdfce8b5d64806459a7e0412  traceroute-2.1.3.tar.gz
 
 # Hash for license files:
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/traceroute/traceroute.mk b/package/traceroute/traceroute.mk
index 155e134c68..133f8d3c3e 100644
--- a/package/traceroute/traceroute.mk
+++ b/package/traceroute/traceroute.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TRACEROUTE_VERSION = 2.1.0
+TRACEROUTE_VERSION = 2.1.3
 TRACEROUTE_SITE = http://downloads.sourceforge.net/traceroute/traceroute/traceroute-$(TRACEROUTE_VERSION)
 
 TRACEROUTE_LICENSE = GPL-2.0+, LGPL-2.1+
-- 
2.42.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] package/traceroute: add TRACEROUTE_CPE_ID_VENDOR

[Arnout Vandecappelle via buildroot]

On 04/11/2023 23:53, Fabrice Fontaine wrote:
> cpe:2.3:a:buc:traceroute is a valid CPE identifier for this package:
> 
>    https://nvd.nist.gov/products/cpe/detail/399C82DE-9AC7-4C48-8E9B-57C480E95FF5
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

  Applied both to master, thanks.

  Regards,
  Arnout

> ---
>   package/traceroute/traceroute.mk | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/package/traceroute/traceroute.mk b/package/traceroute/traceroute.mk
> index a02982a6b5..155e134c68 100644
> --- a/package/traceroute/traceroute.mk
> +++ b/package/traceroute/traceroute.mk
> @@ -9,6 +9,7 @@ TRACEROUTE_SITE = http://downloads.sourceforge.net/traceroute/traceroute/tracero
>   
>   TRACEROUTE_LICENSE = GPL-2.0+, LGPL-2.1+
>   TRACEROUTE_LICENSE_FILES = COPYING COPYING.LIB
> +TRACEROUTE_CPE_ID_VENDOR = buc
>   
>   define TRACEROUTE_BUILD_CMDS
>   	$(TARGET_MAKE_ENV) VPATH=$(STAGING_DIR)/usr/lib $(MAKE) $(TARGET_CONFIGURE_OPTS) \
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] package/traceroute: add TRACEROUTE_CPE_ID_VENDOR

[Peter Korsgaard]

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > cpe:2.3:a:buc:traceroute is a valid CPE identifier for this package:
 >   https://nvd.nist.gov/products/cpe/detail/399C82DE-9AC7-4C48-8E9B-57C480E95FF5

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2023.02.x and 2023.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 2/2] package/traceroute: security bump to version 2.1.3

[Peter Korsgaard]

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2023-46316: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3,
 > the wrapper scripts do not properly parse command lines.

 > https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.1
 > https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.2
 > https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2023.02.x and 2023.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot