[2/2] package/libuci: ignore CVE-2019-15513

Message ID	20210717214854.1150900-2-fontaine.fabrice@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Fabrice Fontaine <fontaine.fabrice@gmail.com> To: buildroot@buildroot.org Date: Sat, 17 Jul 2021 23:48:54 +0200 Message-Id: <20210717214854.1150900-2-fontaine.fabrice@gmail.com> In-Reply-To: <20210717214854.1150900-1-fontaine.fabrice@gmail.com> References: <20210717214854.1150900-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513 Precedence: list Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>
Series	[1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR \| expand [1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR [2/2] package/libuci: ignore CVE-2019-15513

Message ID

20210717214854.1150900-2-fontaine.fabrice@gmail.com

State

Accepted

Headers

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Sat, 17 Jul 2021 23:48:54 +0200
Message-Id: <20210717214854.1150900-2-fontaine.fabrice@gmail.com>
In-Reply-To: <20210717214854.1150900-1-fontaine.fabrice@gmail.com>
References: <20210717214854.1150900-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 2/2] package/libuci: ignore CVE-2019-15513
Precedence: list
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Series

[1/2] package/libuci: add LIBUCI_CPE_ID_VENDOR | expand

Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/libuci/libuci.mk | 3 +++ 1 file changed, 3 insertions(+)

Comments

Yann E. MORIN July 18, 2021, 7:48 a.m. UTC | #1

Fabrice, All,

On 2021-07-17 23:48 +0200, Fabrice Fontaine spake thusly:
> Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION

This was a bit crpytic for me, so I rewrote the commit log to explain
that the CVE was fixed in that commit.

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/libuci/libuci.mk | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
> index ae70b6f2af..5288b08406 100644
> --- a/package/libuci/libuci.mk
> +++ b/package/libuci/libuci.mk
> @@ -13,6 +13,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
>  LIBUCI_INSTALL_STAGING = YES
>  LIBUCI_DEPENDENCIES = libubox
>  
> +# Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION

Ditto.

Applied to master, thanks.

Regards,
Yann E. MORIN.

> +LIBUCI_IGNORE_CVES += CVE-2019-15513
> +
>  ifeq ($(BR2_PACKAGE_LUA_5_1),y)
>  LIBUCI_DEPENDENCIES += lua
>  LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

Peter Korsgaard Aug. 3, 2021, 8:44 p.m. UTC | #2

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x and 2021.05.x, thanks.

diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index ae70b6f2af..5288b08406 100644
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -13,6 +13,9 @@  LIBUCI_CPE_ID_VENDOR = openwrt
 LIBUCI_INSTALL_STAGING = YES
 LIBUCI_DEPENDENCIES = libubox
 
+# Commit 19e29ffc15dbd958e8e6a648ee0982c68353516f is older than LIBUCI_VERSION
+LIBUCI_IGNORE_CVES += CVE-2019-15513
+
 ifeq ($(BR2_PACKAGE_LUA_5_1),y)
 LIBUCI_DEPENDENCIES += lua
 LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \

[2/2] package/libuci: ignore CVE-2019-15513

Commit Message

Comments

Patch