Skip to content

utils/beep: assign PKG_CPE_ID#28880

Merged
commodo merged 1 commit intoopenwrt:masterfrom
ffontaine:add-beep-cpe
Apr 3, 2026
Merged

utils/beep: assign PKG_CPE_ID#28880
commodo merged 1 commit intoopenwrt:masterfrom
ffontaine:add-beep-cpe

Conversation

@ffontaine
Copy link
Copy Markdown
Contributor

@ffontaine ffontaine commented Mar 17, 2026

cpe:/a:beep_project:beep is the correct CPE ID for beep: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:beep_project:beep

Maintainer: @riptidewave93

@feckert
Copy link
Copy Markdown
Member

feckert commented Mar 18, 2026

That is not correct. We pull the changes from https://github.com/spkr-beep/beep
But the cpe links to https://github.com/johnath/beep as mentioned in https://nvd.nist.gov/products/cpe/detail/2E4424D5-A1A3-4347-8835-3E74FE700296?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Aa%3Aapparmor%3Aapparmor&status=FINAL

@ffontaine
Copy link
Copy Markdown
Contributor Author

ffontaine commented Mar 18, 2026

spkr-beep is indeed a fork of https://github.com/johnath/beep as clearly stated in README.md:

This version of beep has been forked from Johnathan Nightingales' original beep when johnath/beep#11 required fixes in 2018, while Johnathan Nightingales' github.com/johnath/beep/ and johnath.com/beep/ was only maintained from around 2000 until around 2013.

The spkr-beep fixes two CVEs from the original beep (which is essentially no longer maintained). I believe it is still appropriate to use the beep_project:beep CPE ID since the code base remains the same and no new CPE has been assigned to the fork (as there have been no new CVEs since 2018).

@feckert
Copy link
Copy Markdown
Member

feckert commented Mar 18, 2026

Then we should mention this in the commit message. So you know why we don't use the original referenced in the CPE ID

@ffontaine
Copy link
Copy Markdown
Contributor Author

ffontaine commented Mar 18, 2026

OK, I'll update the PR

@ffontaine
utils/beep: assign PKG_CPE_ID
0e3aa7b 
cpe:/a:beep_project:beep is the correct CPE ID for beep:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:beep_project:beep

Indeed, spkr-beep is a fork of https://github.com/johnath/beep as
clearly stated in README.md: "This version of beep has been forked from
Johnathan Nightingales' original beep when johnath/beep#11 required
fixes in 2018, while Johnathan Nightingales' github.com/johnath/beep/
and johnath.com/beep/ was only maintained from around 2000 until around
2013.

So, it is still appropriate to use beep_project:beep CPE ID since the
code base remains the same and no new CPE has been assigned to the fork
(as there have been no new CVEs since 2018).

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
@commodo commodo merged commit 8c58380 into openwrt:master Apr 3, 2026
12 checks passed
@ffontaine ffontaine deleted the add-beep-cpe branch April 7, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ffontaine @feckert @commodo