From patchwork Tue Jun 1 07:03:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Dahl X-Patchwork-Id: 1485901 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FvNYs4xj3z9sj1 for ; Tue, 1 Jun 2021 17:09:04 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 56CDE607CB; Tue, 1 Jun 2021 07:09:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ydwDTUUK0_bn; Tue, 1 Jun 2021 07:09:00 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp3.osuosl.org (Postfix) with ESMTP id B091E605BD; Tue, 1 Jun 2021 07:08:59 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 582101BF5AA for ; Tue, 1 Jun 2021 07:08:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 46F7640153 for ; Tue, 1 Jun 2021 07:08:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgRS4aTqGwGU for ; Tue, 1 Jun 2021 07:08:57 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) by smtp2.osuosl.org (Postfix) with ESMTPS id E479E400C7 for ; Tue, 1 Jun 2021 07:08:56 +0000 (UTC) Received: from methusalix.internal.home.lespocky.de ([109.250.103.247]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MDPuq-1lef2w2G3y-00Aa4z; Tue, 01 Jun 2021 09:03:40 +0200 Received: from lemmy.internal.home.lespocky.de ([192.168.243.175] helo=lemmy.home.lespocky.de) by methusalix.internal.home.lespocky.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1lnyQq-0002NH-47; Tue, 01 Jun 2021 09:03:33 +0200 Received: (nullmailer pid 27491 invoked by uid 2001); Tue, 01 Jun 2021 07:03:19 -0000 From: Alexander Dahl To: buildroot@buildroot.org Date: Tue, 1 Jun 2021 09:03:16 +0200 Message-Id: <20210601070316.27441-1-post@lespocky.de> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Scan-Signature: aaba504e6e7ea76f790d1b1323b7db89 X-Provags-ID: V03:K1:jqHKBObURwkLppWTD0iUb5QzmV0OsAr1Vbdz5dzIkvyKJzOHHIk TzuSxpI1bLGuqCqLjX83OTTsYhYUS9fw6M6nNjtuNIzeOK2H6pyOEP07DBcNVE+i2T6FE+f pxrP4RAxdmcFJIFg8ZHZhmJtS0LNZPLFFq6OGpxk+8WA4si51NBw7++hFo/g6sdTDTHo4JK b2IRshKG6VQOQZR+7yJbQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:bq583qlkdLA=:yI9NdA9tDXxyzOP6F+8zfP rMpcp/jFZ4+udEdpYaHiZ7fm7i5aC2vfNXZp3BLnvv5Jn4NqfiiUM6g2rDsBLalh8+2oHIZNw p0rVMpBd43R/mS1ICSkwcMFglrN/KixD/qLz9ia5L4WBN0H1XOU05ejQa8Z4N52jUDofhxojj VC1UpZQx3Bwzs4kwzCuZqgB9nN/tpZ2UeGVSfzyyftlREYlAyFxdJcOJwpByhqsRDDCdXDGz2 T464dTu9SwtJu4DVG0/Pb+LvnHYcs6N3y7sYlzrlDUFGtG3sG58oPKb2eL1FIbRbefvCRiq6k uYB31s9mIvd1fxV6ILLq+/CDAWDC8VRDQVxAv+8HnZBeDfSGwWRo2kLJ7RHsdbhd9R8k9DitO euNtMIknJUV9MNVgHFo4DTGCZph2LZQJRMkuIpzXbDG5ZfnWu589pwYkev7fXpGLM5MKa+Yvl yqQdXh01i2Xj11dMonxnq79217+H914tARaUhIbd00/rWTjpNFKuG2+TMzv0slocDLUnozcvK 2J6KUFOG++6KjzMvQsarQk= Subject: [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexander Dahl Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Since putty is only affected by this CVE on Windows, ignore it in the stable branch. Branch master is not affected anymore already, due to newer version which got fixed. Signed-off-by: Alexander Dahl --- package/putty/putty.mk | 3 +++ 1 file changed, 3 insertions(+) base-commit: 677b20cf240d099e1bfc1d50e54730083618d24f diff --git a/package/putty/putty.mk b/package/putty/putty.mk index c40cac9dc5..8a494d4e54 100644 --- a/package/putty/putty.mk +++ b/package/putty/putty.mk @@ -12,6 +12,9 @@ PUTTY_CPE_ID_VENDOR = putty PUTTY_CONF_OPTS = --disable-gtktest PUTTY_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error" +# Windows only, fixed for Windows with 0.75 +PUTTY_IGNORE_CVES += CVE-2021-33500 + ifeq ($(BR2_PACKAGE_LIBGTK2),y) PUTTY_CONF_OPTS += --with-gtk=2 PUTTY_DEPENDENCIES += libgtk2