* [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID @ 2021-02-06 10:54 Fabrice Fontaine 2021-02-06 10:54 ` [Buildroot] [PATCH 94/94] package/tmux: bump to version 3.1c Fabrice Fontaine 2021-02-06 13:54 ` [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Yann E. MORIN 0 siblings, 2 replies; 3+ messages in thread From: Fabrice Fontaine @ 2021-02-06 10:54 UTC (permalink / raw) To: buildroot cpe:2.3:a:tmux_project:tmux is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atmux_project%3Atmux Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/tmux/tmux.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk index 00e77ad762..17e1da5607 100644 --- a/package/tmux/tmux.mk +++ b/package/tmux/tmux.mk @@ -8,6 +8,7 @@ TMUX_VERSION = 2.9a TMUX_SITE = https://github.com/tmux/tmux/releases/download/$(TMUX_VERSION) TMUX_LICENSE = ISC TMUX_LICENSE_FILES = COPYING +TMUX_CPE_ID_VALID = YES TMUX_DEPENDENCIES = libevent ncurses host-pkgconf # 0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch -- 2.29.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 94/94] package/tmux: bump to version 3.1c 2021-02-06 10:54 [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Fabrice Fontaine @ 2021-02-06 10:54 ` Fabrice Fontaine 2021-02-06 13:54 ` [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Yann E. MORIN 1 sibling, 0 replies; 3+ messages in thread From: Fabrice Fontaine @ 2021-02-06 10:54 UTC (permalink / raw) To: buildroot - Drop patch (already in version) - Update hash of COPYING (examples directory removed: https://github.com/tmux/tmux/commit/e722ba38e3133cb01b4cd17bf5fe7c56e42a4962) - Update indentation in hash file (two spaces) https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- ...er-the-end-of-the-array-and-overwrit.patch | 35 ------------------- package/tmux/tmux.hash | 4 +-- package/tmux/tmux.mk | 5 +-- 3 files changed, 3 insertions(+), 41 deletions(-) delete mode 100644 package/tmux/0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch diff --git a/package/tmux/0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch b/package/tmux/0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch deleted file mode 100644 index d169322ed7..0000000000 --- a/package/tmux/0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a868bacb46e3c900530bed47a1c6f85b0fbe701c Mon Sep 17 00:00:00 2001 -From: nicm <nicm> -Date: Thu, 29 Oct 2020 16:33:01 +0000 -Subject: [PATCH] Do not write after the end of the array and overwrite the - stack when colon-separated SGR sequences contain empty arguments. Reported by - Sergey Nizovtsev. - -[Peter: Fixes CVE-2020-27347] -Signed-off-by: Peter Korsgaard <peter@korsgaard.com> ---- - input.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/input.c b/input.c -index 42a60c92..c280c0d9 100644 ---- a/input.c -+++ b/input.c -@@ -1976,8 +1976,13 @@ input_csi_dispatch_sgr_colon(struct input_ctx *ictx, u_int i) - free(copy); - return; - } -- } else -+ } else { - n++; -+ if (n == nitems(p)) { -+ free(copy); -+ return; -+ } -+ } - log_debug("%s: %u = %d", __func__, n - 1, p[n - 1]); - } - free(copy); --- -2.20.1 - diff --git a/package/tmux/tmux.hash b/package/tmux/tmux.hash index e27fca253d..75538e09ae 100644 --- a/package/tmux/tmux.hash +++ b/package/tmux/tmux.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 839d167a4517a6bffa6b6074e89a9a8630547b2dea2086f1fad15af12ab23b25 tmux-2.9a.tar.gz -sha256 ce75f1345a76c93bd0f413d1b93ff1baa0669f34a7242779a00c1b862b4f813a COPYING +sha256 918f7220447bef33a1902d4faff05317afd9db4ae1c9971bef5c787ac6c88386 tmux-3.1c.tar.gz +sha256 c031bd37f464c534277814f6aa38686fa023d094261d57fd2545ad592bb53ccd COPYING diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk index 17e1da5607..17570520c3 100644 --- a/package/tmux/tmux.mk +++ b/package/tmux/tmux.mk @@ -4,16 +4,13 @@ # ################################################################################ -TMUX_VERSION = 2.9a +TMUX_VERSION = 3.1c TMUX_SITE = https://github.com/tmux/tmux/releases/download/$(TMUX_VERSION) TMUX_LICENSE = ISC TMUX_LICENSE_FILES = COPYING TMUX_CPE_ID_VALID = YES TMUX_DEPENDENCIES = libevent ncurses host-pkgconf -# 0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch -TMUX_IGNORE_CVES += CVE-2020-27347 - # Add /usr/bin/tmux to /etc/shells otherwise some login tools like dropbear # can reject the user connection. See man shells. define TMUX_ADD_TMUX_TO_SHELLS -- 2.29.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID 2021-02-06 10:54 [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Fabrice Fontaine 2021-02-06 10:54 ` [Buildroot] [PATCH 94/94] package/tmux: bump to version 3.1c Fabrice Fontaine @ 2021-02-06 13:54 ` Yann E. MORIN 1 sibling, 0 replies; 3+ messages in thread From: Yann E. MORIN @ 2021-02-06 13:54 UTC (permalink / raw) To: buildroot Fabrice, All, On 2021-02-06 11:54 +0100, Fabrice Fontaine spake thusly: > cpe:2.3:a:tmux_project:tmux is a valid CPE identifier for this package: > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atmux_project%3Atmux > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Series of two applied to master, thanks. Regards, Yann E. MORIN. > --- > package/tmux/tmux.mk | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/package/tmux/tmux.mk b/package/tmux/tmux.mk > index 00e77ad762..17e1da5607 100644 > --- a/package/tmux/tmux.mk > +++ b/package/tmux/tmux.mk > @@ -8,6 +8,7 @@ TMUX_VERSION = 2.9a > TMUX_SITE = https://github.com/tmux/tmux/releases/download/$(TMUX_VERSION) > TMUX_LICENSE = ISC > TMUX_LICENSE_FILES = COPYING > +TMUX_CPE_ID_VALID = YES > TMUX_DEPENDENCIES = libevent ncurses host-pkgconf > > # 0001-Do-not-write-after-the-end-of-the-array-and-overwrit.patch > -- > 2.29.2 > > _______________________________________________ > buildroot mailing list > buildroot at busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-06 13:54 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-02-06 10:54 [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Fabrice Fontaine 2021-02-06 10:54 ` [Buildroot] [PATCH 94/94] package/tmux: bump to version 3.1c Fabrice Fontaine 2021-02-06 13:54 ` [Buildroot] [PATCH 1/2] package/tmux: set TMUX_CPE_ID_VALID Yann E. MORIN
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox