[Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR
@ 2022-08-26 21:34 Fabrice Fontaine
  2022-08-26 21:34 ` [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Fabrice Fontaine
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2022-08-26 21:34 UTC (permalink / raw)
  To: buildroot; +Cc: Alexandre Esse, Fabrice Fontaine

cpe:2.3:o:v4l2loopback_project:v4l2loopback is a valid CPE identifier
for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Ao%3Av4l2loopback_project%3Av4l2loopback

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/v4l2loopback/v4l2loopback.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk
index d9f065a49d..6ee4b69ef9 100644
--- a/package/v4l2loopback/v4l2loopback.mk
+++ b/package/v4l2loopback/v4l2loopback.mk
@@ -8,6 +8,8 @@ V4L2LOOPBACK_VERSION = 0.12.5
 V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION))
 V4L2LOOPBACK_LICENSE = GPL-2.0+
 V4L2LOOPBACK_LICENSE_FILES = COPYING
+V4L2LOOPBACK_CPE_ID_VENDOR = v4l2loopback_project
+V4L2LOOPBACK_CPE_ID_PREFIX = cpe:2.3:o
 
 ifeq ($(BR2_PACKAGE_V4L2LOOPBACK_UTILS),y)
 define V4L2LOOPBACK_INSTALL_TARGET_CMDS
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7
  2022-08-26 21:34 [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Fabrice Fontaine
@ 2022-08-26 21:34 ` Fabrice Fontaine
  2022-09-17 15:50   ` Peter Korsgaard
  2022-08-27  7:59 ` [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Yann E. MORIN
  2022-09-17 15:50 ` Peter Korsgaard
  2 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2022-08-26 21:34 UTC (permalink / raw)
  To: buildroot; +Cc: Alexandre Esse, Fabrice Fontaine

Fix CVE-2022-2652: Depending on the way the format strings in the card
label are crafted it's possible to leak kernel stack memory. There is
also the possibility for DoS due to the v4l2loopback kernel module
crashing when providing the card label on request (reproduce e.g. with
many %s modifiers in a row).

https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/v4l2loopback/v4l2loopback.hash | 2 +-
 package/v4l2loopback/v4l2loopback.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/v4l2loopback/v4l2loopback.hash b/package/v4l2loopback/v4l2loopback.hash
index f4491e02d0..d897fd48ff 100644
--- a/package/v4l2loopback/v4l2loopback.hash
+++ b/package/v4l2loopback/v4l2loopback.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  e152cd6df6a8add172fb74aca3a9188264823efa5a2317fe960d45880b9406ae  v4l2loopback-0.12.5.tar.gz
+sha256  e0782b8abe8f2235e2734f725dc1533a0729e674c4b7834921ade43b9f04939b  v4l2loopback-0.12.7.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk
index 6ee4b69ef9..84e1927ce3 100644
--- a/package/v4l2loopback/v4l2loopback.mk
+++ b/package/v4l2loopback/v4l2loopback.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-V4L2LOOPBACK_VERSION = 0.12.5
+V4L2LOOPBACK_VERSION = 0.12.7
 V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION))
 V4L2LOOPBACK_LICENSE = GPL-2.0+
 V4L2LOOPBACK_LICENSE_FILES = COPYING
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7
  2022-08-26 21:34 ` [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Fabrice Fontaine
@ 2022-09-17 15:50   ` Peter Korsgaard
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2022-09-17 15:50 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Alexandre Esse, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-2652: Depending on the way the format strings in the card
 > label are crafted it's possible to leak kernel stack memory. There is
 > also the possibility for DoS due to the v4l2loopback kernel module
 > crashing when providing the card label on request (reproduce e.g. with
 > many %s modifiers in a row).

 > https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.05.x and 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR
  2022-08-26 21:34 [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Fabrice Fontaine
  2022-08-26 21:34 ` [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Fabrice Fontaine
@ 2022-08-27  7:59 ` Yann E. MORIN
  2022-09-17 15:50 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2022-08-27  7:59 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Alexandre Esse, buildroot

Fabrice, All,

On 2022-08-26 23:34 +0200, Fabrice Fontaine spake thusly:
> cpe:2.3:o:v4l2loopback_project:v4l2loopback is a valid CPE identifier
> for this package:
> 
>   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Ao%3Av4l2loopback_project%3Av4l2loopback
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Series of two patches applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/v4l2loopback/v4l2loopback.mk | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk
> index d9f065a49d..6ee4b69ef9 100644
> --- a/package/v4l2loopback/v4l2loopback.mk
> +++ b/package/v4l2loopback/v4l2loopback.mk
> @@ -8,6 +8,8 @@ V4L2LOOPBACK_VERSION = 0.12.5
>  V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION))
>  V4L2LOOPBACK_LICENSE = GPL-2.0+
>  V4L2LOOPBACK_LICENSE_FILES = COPYING
> +V4L2LOOPBACK_CPE_ID_VENDOR = v4l2loopback_project
> +V4L2LOOPBACK_CPE_ID_PREFIX = cpe:2.3:o
>  
>  ifeq ($(BR2_PACKAGE_V4L2LOOPBACK_UTILS),y)
>  define V4L2LOOPBACK_INSTALL_TARGET_CMDS
> -- 
> 2.35.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR
  2022-08-26 21:34 [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Fabrice Fontaine
  2022-08-26 21:34 ` [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Fabrice Fontaine
  2022-08-27  7:59 ` [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Yann E. MORIN
@ 2022-09-17 15:50 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2022-09-17 15:50 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Alexandre Esse, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > cpe:2.3:o:v4l2loopback_project:v4l2loopback is a valid CPE identifier
 > for this package:

 >   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Ao%3Av4l2loopback_project%3Av4l2loopback

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.05.x and 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-09-17 15:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-26 21:34 [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Fabrice Fontaine
2022-08-26 21:34 ` [Buildroot] [PATCH 2/2] package/v4l2loopback: security bump to version 0.12.7 Fabrice Fontaine
2022-09-17 15:50   ` Peter Korsgaard
2022-08-27  7:59 ` [Buildroot] [PATCH 1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR Yann E. MORIN
2022-09-17 15:50 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox