From patchwork Wed Apr 21 20:42:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 1468871 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rockwellcollins.com header.i=@rockwellcollins.com header.a=rsa-sha256 header.s=hrcrc2020 header.b=K4me2+uJ; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FQXbr56Zjz9sVq for ; Thu, 22 Apr 2021 06:44:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4BE6640346; Wed, 21 Apr 2021 20:44:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h84ORyXcYGxk; Wed, 21 Apr 2021 20:44:37 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 713B2404DE; Wed, 21 Apr 2021 20:44:36 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 27C351BF46D for ; Wed, 21 Apr 2021 20:42:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 879C540630 for ; Wed, 21 Apr 2021 20:42:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4nb-_nDjGwsy for ; Wed, 21 Apr 2021 20:42:40 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from secvs04.rockwellcollins.com (secvs04.rockwellcollins.com [205.175.225.130]) by smtp4.osuosl.org (Postfix) with ESMTPS id 8243040628 for ; Wed, 21 Apr 2021 20:42:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rockwellcollins.com; s=hrcrc2020; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=QixmgJBcvydufg4nyBFMxlg4Rkb+5DdcPCKrQt4xCwM=; b=K4me2+uJjCHGBLmDdm9/OT8xqmC7aDXx1hA5kJugTQ5hxLN7dS+6i2Ci iDHZgI0EC22DAMaAh3LD1QMPeT7olB4xqGj0nwuoW1FeVnWv61xiYr2ZQ TwZSKNegk0DNAaIqYAOe8HpAvhedmgUT0Fk45W+nbERTL3Wt8a/qrCIu9 5f0gMYogEskv4C29ZjaZR3bTe8LJckBvLV1Sl0pSkIBKUkmDWU89lfmu2 8vmskCGEpKoE+2/JfrpE652KvGn12hedUHhC6WVBS5ff+2zkLPeSp54jc XADhjmLRvIQw4NmFT6Zya7NgKKSTfsy2CueZO0CnAfGy3SdRvdfUevHhq w==; IronPort-SDR: UZ9/rR2NRrgQ8M2J1x8HJll/OK44NeAGxRdLlqId51jD53siGd78cJviyna9DRN7Cubb77cu14 B7W8qlrOt0zBS2qgHjNuRGHRiA+Rrx8oMY0rXbAqB6UOYIBbVvk0tAuPmSxMbopaOrfcbJ3OB8 ZgzR8OUsF1Sme55TO6UmWxdAQsr4iOR9Vqvj6kOefN2s6E/vWtFoGF1BaX0gY5fe7gVZKmVYSx O/yWT+UuSjCI8ne+Bwk5sSTt/CGIaOnWlkHp7N/KDj4uC2G2dqSUnNEaDFoiGAjGxjc7RYirfo x4U= Received: from ofwgwc03.rockwellcollins.com (HELO crulimr02.rockwellcollins.com) ([205.175.225.12]) by secvs04.rockwellcollins.com with ESMTP; 21 Apr 2021 15:42:37 -0500 X-Received: from biscuits.rockwellcollins.com (biscuits.rockwellcollins.lab [10.148.119.137]) by crulimr02.rockwellcollins.com (Postfix) with ESMTP id 7534C608CE; Wed, 21 Apr 2021 15:42:37 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Wed, 21 Apr 2021 15:42:33 -0500 Message-Id: <20210421204235.5956-9-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210421204235.5956-1-matthew.weber@rockwellcollins.com> References: <20210421204235.5956-1-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH 08/10] package/ncurses: ignore CVE-2018-10754, CVE-2018-19211, CVE-2018-19217, CVE-2019-17594, CVE-2019-17595 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Commit 4b21273d71d09 added upstream (security) patches up to 20200118 and in the commit description it outlines these CVEs were patched. Signed-off-by: Matthew Weber --- package/ncurses/ncurses.mk | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk index 97e3e2c321..5d9c6bb0dd 100644 --- a/package/ncurses/ncurses.mk +++ b/package/ncurses/ncurses.mk @@ -11,6 +11,12 @@ NCURSES_DEPENDENCIES = host-ncurses NCURSES_LICENSE = MIT with advertising clause NCURSES_LICENSE_FILES = COPYING NCURSES_CPE_ID_VENDOR = gnu +# Commit 4b21273d71d09 added upstream (security) patches up to 20200118 +NCURSES_IGNORE_CVES += CVE-2018-10754 +NCURSES_IGNORE_CVES += CVE-2018-19211 +NCURSES_IGNORE_CVES += CVE-2018-19217 +NCURSES_IGNORE_CVES += CVE-2019-17594 +NCURSES_IGNORE_CVES += CVE-2019-17595 NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config NCURSES_PATCH = \ $(addprefix https://invisible-mirror.net/archives/ncurses/$(NCURSES_VERSION)/, \