[1/1] package/postgresql: ignore CVE-2017-8806

Message ID	20230313061323.173744-1-fido_max@inbox.ru
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> To: buildroot@buildroot.org Date: Mon, 13 Mar 2023 09:13:23 +0300 Message-Id: <20230313061323.173744-1-fido_max@inbox.ru> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/postgresql: ignore CVE-2017-8806 Precedence: list From: Maxim Kochetkov via buildroot <buildroot@buildroot.org> Reply-To: Maxim Kochetkov <fido_max@inbox.ru> Cc: Maxim Kochetkov <fido_max@inbox.ru> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/postgresql: ignore CVE-2017-8806 \| expand [1/1] package/postgresql: ignore CVE-2017-8806

Message ID

20230313061323.173744-1-fido_max@inbox.ru

State

Accepted

Headers

To: buildroot@buildroot.org
Date: Mon, 13 Mar 2023 09:13:23 +0300
Message-Id: <20230313061323.173744-1-fido_max@inbox.ru>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp4.osuosl.org;
 dkim=pass (2048-bit key) header.d=inbox.ru header.i=@inbox.ru
 header.a=rsa-sha256 header.s=mail4 header.b=NuTptsK8
X-Mailman-Original-Authentication-Results: smtpng3.m.smailru.net; auth=pass
 smtp.auth=fido_max@inbox.ru smtp.mailfrom=fido_max@inbox.ru
Subject: [Buildroot] [PATCH 1/1] package/postgresql: ignore CVE-2017-8806
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
From: Maxim Kochetkov via buildroot <buildroot@buildroot.org>
Reply-To: Maxim Kochetkov <fido_max@inbox.ru>
Cc: Maxim Kochetkov <fido_max@inbox.ru>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/postgresql: ignore CVE-2017-8806 | expand

CVE-2017-8806 is related to postgresql-common package. It is false positive for postgresql, so ignore it. Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru> --- package/postgresql/postgresql.mk | 4 ++++ 1 file changed, 4 insertions(+)

Comments

Yann E. MORIN April 23, 2023, 3:26 p.m. UTC | #1

Maxim, All,

On 2023-03-13 09:13 +0300, Maxim Kochetkov via buildroot spake thusly:
> CVE-2017-8806 is related to postgresql-common package.

I've reworded that sentence to explain that postgresql-common is a
package in Debian-like distros, not available in Buildroot.

> It is false positive for postgresql, so ignore it.

I also added a blurb that the similar CVE that did apply to postgresql
was fixed a while ago, to avoid vonfusion.

Applied to master, thanks.

Regards,
Yann E. MORIN.

> Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
> ---
>  package/postgresql/postgresql.mk | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
> index a2aed9a2eb..e46622c0e7 100644
> --- a/package/postgresql/postgresql.mk
> +++ b/package/postgresql/postgresql.mk
> @@ -19,6 +19,10 @@ POSTGRESQL_CONF_ENV = \
>  POSTGRESQL_CONF_OPTS = --disable-rpath
>  POSTGRESQL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
>  
> +# CVE-2017-8806 is related to postgresql-common package
> +# It is false positive for postgresql
> +POSTGRESQL_IGNORE_CVES += CVE-2017-8806
> +
>  # https://www.postgresql.org/docs/11/static/install-procedure.html:
>  # "If you want to invoke the build from another makefile rather than
>  # manually, you must unset MAKELEVEL or set it to zero"
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

Peter Korsgaard May 2, 2023, 6:26 a.m. UTC | #2

>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

 > Maxim, All,
 > On 2023-03-13 09:13 +0300, Maxim Kochetkov via buildroot spake thusly:
 >> CVE-2017-8806 is related to postgresql-common package.

 > I've reworded that sentence to explain that postgresql-common is a
 > package in Debian-like distros, not available in Buildroot.

 >> It is false positive for postgresql, so ignore it.

 > I also added a blurb that the similar CVE that did apply to postgresql
 > was fixed a while ago, to avoid vonfusion.

 > Applied to master, thanks.

Committed to 2023.02.x and 2022.02.x, thanks.

diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
index a2aed9a2eb..e46622c0e7 100644
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@@ -19,6 +19,10 @@  POSTGRESQL_CONF_ENV = \
 POSTGRESQL_CONF_OPTS = --disable-rpath
 POSTGRESQL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
 
+# CVE-2017-8806 is related to postgresql-common package
+# It is false positive for postgresql
+POSTGRESQL_IGNORE_CVES += CVE-2017-8806
+
 # https://www.postgresql.org/docs/11/static/install-procedure.html:
 # "If you want to invoke the build from another makefile rather than
 # manually, you must unset MAKELEVEL or set it to zero"

[1/1] package/postgresql: ignore CVE-2017-8806

Commit Message

Comments

Patch