Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429
@ 2023-05-05 19:27 Daniel Lang
  2023-05-06 15:36 ` Yann E. MORIN
  2023-05-30 19:40 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Daniel Lang @ 2023-05-05 19:27 UTC (permalink / raw)
  To: buildroot

Update to 6.4 and use latest snapshot to fix CVE-2023-29491.
COPYING has been changed in snapshot 20230107 to update the year [0].
Update CVE version to major.minor.snapshot, as NVD uses the snapshot date as patch version [1].

[0]: https://github.com/ThomasDickey/ncurses-snapshots/commit/eedb756850fdddcd2767d488ed5ea323d40b37ec
[1]: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:ncurses

Signed-off-by: Daniel Lang <dalang@gmx.at>
---
 package/ncurses/ncurses.hash | 4 ++--
 package/ncurses/ncurses.mk   | 9 +++------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/package/ncurses/ncurses.hash b/package/ncurses/ncurses.hash
index c96bf77bce..a5f83c8725 100644
--- a/package/ncurses/ncurses.hash
+++ b/package/ncurses/ncurses.hash
@@ -1,4 +1,4 @@
 # Locally calculated
-sha256  4057d800ee96623ae70d06b05b2dadb481a80c030e4968aa5d9bcea4439441da  ncurses-6.3-20221224.tar.gz
+sha256  004603a9b3ec51599ef0a0089482004ee3d33b0240d87ce17b6f77525b51fb4e  ncurses-6.4-20230429.tar.gz
 # Locally computed
-sha256  63de87399e9fc8860236082b6b0520e068e9eb1fad0ebd30202aa30bb6f690ac  COPYING
+sha256  0413b2f4ea863194c174673032f0fca84f1ea1ed4eed6476baea68c075a631ce  COPYING
diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk
index 73e3c3feb8..4753da299c 100644
--- a/package/ncurses/ncurses.mk
+++ b/package/ncurses/ncurses.mk
@@ -5,8 +5,8 @@
 ################################################################################
 
 # When there is no snapshost yet for a new version, set it to the empty string
-NCURSES_VERSION_MAJOR = 6.3
-NCURSES_SNAPSHOT_DATE = 20221224
+NCURSES_VERSION_MAJOR = 6.4
+NCURSES_SNAPSHOT_DATE = 20230429
 NCURSES_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),-$(NCURSES_SNAPSHOT_DATE))
 NCURSES_VERSION_GIT = $(subst .,_,$(subst -,_,$(NCURSES_VERSION)))
 NCURSES_SITE = $(call github,ThomasDickey,ncurses-snapshots,v$(NCURSES_VERSION_GIT))
@@ -15,12 +15,9 @@ NCURSES_DEPENDENCIES = host-ncurses
 NCURSES_LICENSE = MIT with advertising clause
 NCURSES_LICENSE_FILES = COPYING
 NCURSES_CPE_ID_VENDOR = gnu
-NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)
+NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),.$(NCURSES_SNAPSHOT_DATE))
 NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config
 
-# Fixed since snapshot 20220416
-NCURSES_IGNORE_CVES += CVE-2022-29458
-
 NCURSES_CONF_OPTS = \
 	--without-cxx \
 	--without-cxx-binding \
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429
  2023-05-05 19:27 [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429 Daniel Lang
@ 2023-05-06 15:36 ` Yann E. MORIN
  2023-05-30 19:40 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2023-05-06 15:36 UTC (permalink / raw)
  To: Daniel Lang; +Cc: buildroot

Daniel, All,

On 2023-05-05 21:27 +0200, Daniel Lang spake thusly:
> Update to 6.4 and use latest snapshot to fix CVE-2023-29491.
> COPYING has been changed in snapshot 20230107 to update the year [0].
> Update CVE version to major.minor.snapshot, as NVD uses the snapshot date as patch version [1].

Nice! :-)

> [0]: https://github.com/ThomasDickey/ncurses-snapshots/commit/eedb756850fdddcd2767d488ed5ea323d40b37ec
> [1]: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:ncurses
> 
> Signed-off-by: Daniel Lang <dalang@gmx.at>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/ncurses/ncurses.hash | 4 ++--
>  package/ncurses/ncurses.mk   | 9 +++------
>  2 files changed, 5 insertions(+), 8 deletions(-)
> 
> diff --git a/package/ncurses/ncurses.hash b/package/ncurses/ncurses.hash
> index c96bf77bce..a5f83c8725 100644
> --- a/package/ncurses/ncurses.hash
> +++ b/package/ncurses/ncurses.hash
> @@ -1,4 +1,4 @@
>  # Locally calculated
> -sha256  4057d800ee96623ae70d06b05b2dadb481a80c030e4968aa5d9bcea4439441da  ncurses-6.3-20221224.tar.gz
> +sha256  004603a9b3ec51599ef0a0089482004ee3d33b0240d87ce17b6f77525b51fb4e  ncurses-6.4-20230429.tar.gz
>  # Locally computed
> -sha256  63de87399e9fc8860236082b6b0520e068e9eb1fad0ebd30202aa30bb6f690ac  COPYING
> +sha256  0413b2f4ea863194c174673032f0fca84f1ea1ed4eed6476baea68c075a631ce  COPYING
> diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk
> index 73e3c3feb8..4753da299c 100644
> --- a/package/ncurses/ncurses.mk
> +++ b/package/ncurses/ncurses.mk
> @@ -5,8 +5,8 @@
>  ################################################################################
>  
>  # When there is no snapshost yet for a new version, set it to the empty string
> -NCURSES_VERSION_MAJOR = 6.3
> -NCURSES_SNAPSHOT_DATE = 20221224
> +NCURSES_VERSION_MAJOR = 6.4
> +NCURSES_SNAPSHOT_DATE = 20230429
>  NCURSES_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),-$(NCURSES_SNAPSHOT_DATE))
>  NCURSES_VERSION_GIT = $(subst .,_,$(subst -,_,$(NCURSES_VERSION)))
>  NCURSES_SITE = $(call github,ThomasDickey,ncurses-snapshots,v$(NCURSES_VERSION_GIT))
> @@ -15,12 +15,9 @@ NCURSES_DEPENDENCIES = host-ncurses
>  NCURSES_LICENSE = MIT with advertising clause
>  NCURSES_LICENSE_FILES = COPYING
>  NCURSES_CPE_ID_VENDOR = gnu
> -NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)
> +NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),.$(NCURSES_SNAPSHOT_DATE))
>  NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config
>  
> -# Fixed since snapshot 20220416
> -NCURSES_IGNORE_CVES += CVE-2022-29458
> -
>  NCURSES_CONF_OPTS = \
>  	--without-cxx \
>  	--without-cxx-binding \
> -- 
> 2.40.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429
  2023-05-05 19:27 [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429 Daniel Lang
  2023-05-06 15:36 ` Yann E. MORIN
@ 2023-05-30 19:40 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-05-30 19:40 UTC (permalink / raw)
  To: Daniel Lang; +Cc: buildroot

>>>>> "Daniel" == Daniel Lang <dalang@gmx.at> writes:

 > Update to 6.4 and use latest snapshot to fix CVE-2023-29491.
 > COPYING has been changed in snapshot 20230107 to update the year [0].
 > Update CVE version to major.minor.snapshot, as NVD uses the snapshot
 > date as patch version [1].

 > [0]:
 > https://github.com/ThomasDickey/ncurses-snapshots/commit/eedb756850fdddcd2767d488ed5ea323d40b37ec
 > [1]:
 > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:ncurses

 > Signed-off-by: Daniel Lang <dalang@gmx.at>

Committed to 2023.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-05-30 19:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-05 19:27 [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429 Daniel Lang
2023-05-06 15:36 ` Yann E. MORIN
2023-05-30 19:40 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox