From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/xterm: bump to version 384
Date: Wed, 20 Sep 2023 19:39:08 +0200 [thread overview]
Message-ID: <20230920173908.GI512384@scaer> (raw)
In-Reply-To: <20230919210405.554008-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2023-09-19 23:04 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2023-40359: xterm before 380 supports ReGIS reporting for
> character-set names even if they have unexpected characters (i.e.,
> neither alphanumeric nor underscore), aka a pointer/overflow issue.
> This can only occur for xterm installations that are configured at
> compile time to use a certain experimental feature.
> - Update COPYING hash (update in year and version)
>
> https://invisible-island.net/xterm/xterm.log.html#xterm_384
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Since it contains a security fix, I tweaked the commit log accordingly.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/xterm/xterm.hash | 4 ++--
> package/xterm/xterm.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/xterm/xterm.hash b/package/xterm/xterm.hash
> index 12cd2e639b..1a2ad8fea0 100644
> --- a/package/xterm/xterm.hash
> +++ b/package/xterm/xterm.hash
> @@ -1,4 +1,4 @@
> # Locally calculated after checking pgp signature
> -sha256 1e5bb7aad068fb31d6d3cbb77f80c7ad1526cd4c956a4ddcf2c5cf28af5334e1 xterm-376.tgz
> +sha256 31ef870740ceae020c3c4b4a9601c7f47bfd46672c1aaf2d213a565d64cbc373 xterm-384.tgz
> # Locally calculated
> -sha256 9521ef761474cd31ea406f56a751646a7b42a9287cdc6f2f8e52ed4c4d2a73e7 COPYING
> +sha256 98d02d0b7f7b8aabb742b05e6960caaa9ae20e26d2f0d0dc57808362f2ac79bc COPYING
> diff --git a/package/xterm/xterm.mk b/package/xterm/xterm.mk
> index d01b608d99..2fc2f734c8 100644
> --- a/package/xterm/xterm.mk
> +++ b/package/xterm/xterm.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -XTERM_VERSION = 376
> +XTERM_VERSION = 384
> XTERM_SOURCE = xterm-$(XTERM_VERSION).tgz
> XTERM_SITE = http://invisible-mirror.net/archives/xterm
> XTERM_DEPENDENCIES = ncurses xlib_libXaw host-pkgconf
> --
> 2.40.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-09-20 17:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-19 21:04 [Buildroot] [PATCH 1/1] package/xterm: bump to version 384 Fabrice Fontaine
2023-09-20 17:39 ` Yann E. MORIN [this message]
2023-09-25 6:41 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920173908.GI512384@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.