* [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR
@ 2021-07-17 21:48 Fabrice Fontaine
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2021-07-17 21:48 UTC (permalink / raw)
To: buildroot
cpe:2.3:a:openwrt:libuci is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenwrt%3Alibuci
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libuci/libuci.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index b7fd2ddb66..ae70b6f2af 100644
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -9,6 +9,7 @@ LIBUCI_SITE = https://git.openwrt.org/project/uci.git
LIBUCI_SITE_METHOD = git
LIBUCI_LICENSE = LGPL-2.1, GPL-2.0 (tools)
LIBUCI_LICENSE_FILES = cli.c libuci.c
+LIBUCI_CPE_ID_VENDOR = openwrt
LIBUCI_INSTALL_STAGING = YES
LIBUCI_DEPENDENCIES = libubox
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513
2021-07-17 21:48 [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Fabrice Fontaine
@ 2021-07-17 21:48 ` Fabrice Fontaine
2021-07-18 7:48 ` Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
2021-07-18 7:47 ` [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2021-07-17 21:48 UTC (permalink / raw)
To: buildroot
Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libuci/libuci.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index ae70b6f2af..5288b08406 100644
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -13,6 +13,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
LIBUCI_INSTALL_STAGING = YES
LIBUCI_DEPENDENCIES = libubox
+# Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
+LIBUCI_IGNORE_CVES += CVE-2019-15513
+
ifeq ($(BR2_PACKAGE_LUA_5_1),y)
LIBUCI_DEPENDENCIES += lua
LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR
2021-07-17 21:48 [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Fabrice Fontaine
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
@ 2021-07-18 7:47 ` Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2021-07-18 7:47 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2021-07-17 23:48 +0200, Fabrice Fontaine spake thusly:
> cpe:2.3:a:openwrt:libuci is a valid CPE identifier for this package:
>
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenwrt%3Alibuci
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/libuci/libuci.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
> index b7fd2ddb66..ae70b6f2af 100644
> --- a/package/libuci/libuci.mk
> +++ b/package/libuci/libuci.mk
> @@ -9,6 +9,7 @@ LIBUCI_SITE = https://git.openwrt.org/project/uci.git
> LIBUCI_SITE_METHOD = git
> LIBUCI_LICENSE = LGPL-2.1, GPL-2.0 (tools)
> LIBUCI_LICENSE_FILES = cli.c libuci.c
This is not in master yet, so there was a conflict when applying. I
fixed that. Can you send a patch adding those license files, then? ;-)
> +LIBUCI_CPE_ID_VENDOR = openwrt
Applied to master, thanks.
Regards,
Yann E. MORIN.
> LIBUCI_INSTALL_STAGING = YES
> LIBUCI_DEPENDENCIES = libubox
>
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
@ 2021-07-18 7:48 ` Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2021-07-18 7:48 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2021-07-17 23:48 +0200, Fabrice Fontaine spake thusly:
> Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
This was a bit crpytic for me, so I rewrote the commit log to explain
that the CVE was fixed in that commit.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/libuci/libuci.mk | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
> index ae70b6f2af..5288b08406 100644
> --- a/package/libuci/libuci.mk
> +++ b/package/libuci/libuci.mk
> @@ -13,6 +13,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
> LIBUCI_INSTALL_STAGING = YES
> LIBUCI_DEPENDENCIES = libubox
>
> +# Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
Ditto.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> +LIBUCI_IGNORE_CVES += CVE-2019-15513
> +
> ifeq ($(BR2_PACKAGE_LUA_5_1),y)
> LIBUCI_DEPENDENCIES += lua
> LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR
2021-07-17 21:48 [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Fabrice Fontaine
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
2021-07-18 7:47 ` [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Yann E. MORIN
@ 2021-08-03 20:44 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-08-03 20:44 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> cpe:2.3:a:openwrt:libuci is a valid CPE identifier for this package:
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aopenwrt%3Alibuci
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
2021-07-18 7:48 ` Yann E. MORIN
@ 2021-08-03 20:44 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2021-08-03 20:44 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-03 20:44 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-17 21:48 [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Fabrice Fontaine
2021-07-17 21:48 ` [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Fabrice Fontaine
2021-07-18 7:48 ` Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
2021-07-18 7:47 ` [Buildroot] [PATCH 1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR Yann E. MORIN
2021-08-03 20:44 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox