Главная Обзор Помощь
Вход
PUBLIC_REPOS
/
buildroot
зеркало из git://git.buildroot.net/buildroot
2
1
Ответвить 0
Файлы
Просмотр исходного кода

package/libconfuse: add CVE trailer in patch

Since Buildroot commit [1] the patches that fixes a security
vulnerability needs to reference the fixed vulnerability.

This patch adds the relevant information to the patch header
and adds the `Upstream` trailer.

[1] 1167d0ff3d docs/manual: mention CVE trailer

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Perale 2 недель назад
Родитель
c9b63b439c
Сommit
ba51d53019
2 измененных файлов с 2 добавлено и 3 удалено
Разделённый вид Показать статистику Diff
  1. 0 1
      .checkpackageignore
  2. 2 2
      package/libconfuse/0001-Fix-163-unterminated-username-used-with-getpwnam.patch

+ 0 - 1
.checkpackageignore
Просмотреть файл 

@@ -528,7 +528,6 @@ package/libb64/0002-Initialize-C++-objects.patch lib_patch.Upstream
 
 package/libcdaudio/0001-libcdaudio-enable-autoreconf.patch lib_patch.Upstream
 
 package/libcgi/0001-CMakeLists.txt-honour-BUILD_TESTING.patch lib_patch.Upstream
 
 package/libcgicc/0001-disable-documentation-option.patch lib_patch.Sob lib_patch.Upstream
 
-package/libconfuse/0001-Fix-163-unterminated-username-used-with-getpwnam.patch lib_patch.Upstream
 
 package/libcuefile/0001-fix-static-link.patch lib_patch.Upstream
 
 package/libdaemon/0001-testd-use-unistd-h-instead-of-sys-unistd-h.patch lib_patch.Upstream
 
 package/libdnet/0001-python-makefile.patch lib_patch.Upstream

+ 2 - 2
package/libconfuse/0001-Fix-163-unterminated-username-used-with-getpwnam.patch
Просмотреть файл 

@@ -5,8 +5,8 @@ Subject: [PATCH] Fix #163: unterminated username used with getpwnam()
 
 
 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
 
 
-[Retrieved (and backported) from:
 
-https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b]
 
+CVE: CVE-2022-40320
 
+Upstream: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
 
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
 ---
 
  src/confuse.c | 10 ++++++----