folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update ncurses to fix CVE-2023-29491 (#5393) 

* upgrade ncurses for CVE-2023-29491

* update signature cgmanifest and toolchain manifests
This commit is contained in:
sindhu-karri 2023-05-02 10:06:18 +05:30 committed by GitHub
parent 9a3c80ac10
commit a1e39c361a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 31 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SPECS/ncurses/ncurses.signatures.json
View File

@ -1,5 +1,5 @@
{ {
"Signatures": { "Signatures": {
"ncurses-6.3-20220612.tgz": "e7de8893348bd0172aea87853b0a042cd1b19e8c5bd68bfabf95e3edcef44122" "ncurses-6.4-20230408.tgz": "46030c04cfb60433db05631e8124640acff284b1d3b9c897ff661686d885e0e8"
} }
} }

9
SPECS/ncurses/ncurses.spec
View File

@ -1,9 +1,9 @@
%global patchlevel 20220612 %global patchlevel 20230408
Summary: Libraries for terminal handling of character screens Summary: Libraries for terminal handling of character screens
Name: ncurses Name: ncurses
Version: 6.3 Version: 6.4
Release: 2%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Vendor: Microsoft Corporation Vendor: Microsoft Corporation
Distribution: Mariner Distribution: Mariner
@ -233,6 +233,9 @@ xz NEWS
%files term -f terms.term %files term -f terms.term
%changelog %changelog
* Wed Apr 26 2023 Sindhu Karri <lakarri@microsoft.com> - 6.4-1
- Update to version 6.4-20230408 to fix CVE-2023-29491
* Tue Sep 20 2022 Jon Slobodzian <joslobo@microsoft.com> - 6.3-2 * Tue Sep 20 2022 Jon Slobodzian <joslobo@microsoft.com> - 6.3-2
- Update to version 6.3-20220612 to fix CVE-2022-29458 - Update to version 6.3-20220612 to fix CVE-2022-29458
- Cherry-picked from Mariner 1.0 - Cherry-picked from Mariner 1.0

4
cgmanifest.json
View File

@ -13823,8 +13823,8 @@
"type": "other", "type": "other",
"other": { "other": {
"name": "ncurses", "name": "ncurses",
"version": "6.3", "version": "6.4",
"downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.3-20220612.tgz" "downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.4-20230408.tgz"
} }
} }
}, },

10
toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View File

@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.aarch64.rpm
pkgconf-1.8.0-3.cm2.aarch64.rpm pkgconf-1.8.0-3.cm2.aarch64.rpm
pkgconf-m4-1.8.0-3.cm2.noarch.rpm pkgconf-m4-1.8.0-3.cm2.noarch.rpm
pkgconf-pkg-config-1.8.0-3.cm2.aarch64.rpm pkgconf-pkg-config-1.8.0-3.cm2.aarch64.rpm
ncurses-6.3-2.cm2.aarch64.rpm ncurses-6.4-1.cm2.aarch64.rpm
ncurses-compat-6.3-2.cm2.aarch64.rpm ncurses-compat-6.4-1.cm2.aarch64.rpm
ncurses-devel-6.3-2.cm2.aarch64.rpm ncurses-devel-6.4-1.cm2.aarch64.rpm
ncurses-libs-6.3-2.cm2.aarch64.rpm ncurses-libs-6.4-1.cm2.aarch64.rpm
ncurses-term-6.3-2.cm2.aarch64.rpm ncurses-term-6.4-1.cm2.aarch64.rpm
readline-8.1-1.cm2.aarch64.rpm readline-8.1-1.cm2.aarch64.rpm
readline-devel-8.1-1.cm2.aarch64.rpm readline-devel-8.1-1.cm2.aarch64.rpm
coreutils-8.32-6.cm2.aarch64.rpm coreutils-8.32-6.cm2.aarch64.rpm

10
toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View File

@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.x86_64.rpm
pkgconf-1.8.0-3.cm2.x86_64.rpm pkgconf-1.8.0-3.cm2.x86_64.rpm
pkgconf-m4-1.8.0-3.cm2.noarch.rpm pkgconf-m4-1.8.0-3.cm2.noarch.rpm
pkgconf-pkg-config-1.8.0-3.cm2.x86_64.rpm pkgconf-pkg-config-1.8.0-3.cm2.x86_64.rpm
ncurses-6.3-2.cm2.x86_64.rpm ncurses-6.4-1.cm2.x86_64.rpm
ncurses-compat-6.3-2.cm2.x86_64.rpm ncurses-compat-6.4-1.cm2.x86_64.rpm
ncurses-devel-6.3-2.cm2.x86_64.rpm ncurses-devel-6.4-1.cm2.x86_64.rpm
ncurses-libs-6.3-2.cm2.x86_64.rpm ncurses-libs-6.4-1.cm2.x86_64.rpm
ncurses-term-6.3-2.cm2.x86_64.rpm ncurses-term-6.4-1.cm2.x86_64.rpm
readline-8.1-1.cm2.x86_64.rpm readline-8.1-1.cm2.x86_64.rpm
readline-devel-8.1-1.cm2.x86_64.rpm readline-devel-8.1-1.cm2.x86_64.rpm
coreutils-8.32-6.cm2.x86_64.rpm coreutils-8.32-6.cm2.x86_64.rpm

12
toolkit/resources/manifests/package/toolchain_aarch64.txt
View File

@ -248,12 +248,12 @@ mpfr-4.1.0-1.cm2.aarch64.rpm
mpfr-debuginfo-4.1.0-1.cm2.aarch64.rpm mpfr-debuginfo-4.1.0-1.cm2.aarch64.rpm
mpfr-devel-4.1.0-1.cm2.aarch64.rpm mpfr-devel-4.1.0-1.cm2.aarch64.rpm
msopenjdk-11-11.0.18-1.aarch64.rpm msopenjdk-11-11.0.18-1.aarch64.rpm
ncurses-6.3-2.cm2.aarch64.rpm ncurses-6.4-1.cm2.aarch64.rpm
ncurses-compat-6.3-2.cm2.aarch64.rpm ncurses-compat-6.4-1.cm2.aarch64.rpm
ncurses-debuginfo-6.3-2.cm2.aarch64.rpm ncurses-debuginfo-6.4-1.cm2.aarch64.rpm
ncurses-devel-6.3-2.cm2.aarch64.rpm ncurses-devel-6.4-1.cm2.aarch64.rpm
ncurses-libs-6.3-2.cm2.aarch64.rpm ncurses-libs-6.4-1.cm2.aarch64.rpm
ncurses-term-6.3-2.cm2.aarch64.rpm ncurses-term-6.4-1.cm2.aarch64.rpm
newt-0.52.21-4.cm2.aarch64.rpm newt-0.52.21-4.cm2.aarch64.rpm
newt-debuginfo-0.52.21-4.cm2.aarch64.rpm newt-debuginfo-0.52.21-4.cm2.aarch64.rpm
newt-devel-0.52.21-4.cm2.aarch64.rpm newt-devel-0.52.21-4.cm2.aarch64.rpm

12
toolkit/resources/manifests/package/toolchain_x86_64.txt
View File

@ -248,12 +248,12 @@ mpfr-4.1.0-1.cm2.x86_64.rpm
mpfr-debuginfo-4.1.0-1.cm2.x86_64.rpm mpfr-debuginfo-4.1.0-1.cm2.x86_64.rpm
mpfr-devel-4.1.0-1.cm2.x86_64.rpm mpfr-devel-4.1.0-1.cm2.x86_64.rpm
msopenjdk-11-11.0.18-1.x86_64.rpm msopenjdk-11-11.0.18-1.x86_64.rpm
ncurses-6.3-2.cm2.x86_64.rpm ncurses-6.4-1.cm2.x86_64.rpm
ncurses-compat-6.3-2.cm2.x86_64.rpm ncurses-compat-6.4-1.cm2.x86_64.rpm
ncurses-debuginfo-6.3-2.cm2.x86_64.rpm ncurses-debuginfo-6.4-1.cm2.x86_64.rpm
ncurses-devel-6.3-2.cm2.x86_64.rpm ncurses-devel-6.4-1.cm2.x86_64.rpm
ncurses-libs-6.3-2.cm2.x86_64.rpm ncurses-libs-6.4-1.cm2.x86_64.rpm
ncurses-term-6.3-2.cm2.x86_64.rpm ncurses-term-6.4-1.cm2.x86_64.rpm
newt-0.52.21-4.cm2.x86_64.rpm newt-0.52.21-4.cm2.x86_64.rpm
newt-debuginfo-0.52.21-4.cm2.x86_64.rpm newt-debuginfo-0.52.21-4.cm2.x86_64.rpm
newt-devel-0.52.21-4.cm2.x86_64.rpm newt-devel-0.52.21-4.cm2.x86_64.rpm