This is a short and sweet package, so I'll skip the full boilerplate:
No cves, no setuid executables, no use of complex frameworks, no sudo
fragments, no initscripts or systemd units, it's really just a few
shellscripts that look like they were well-written.
I wish it were a quilt package rather than a patchless package but
changing that just on the off-chance that we have to do work on this is
probably more work than it deserves.
There were some shellcheck results, but they're probably not security
critical, there shouldn't be untrusted inputs into this tool.
Security team ACK for promoting u-boot-menu to main.
Thanks
shellcheck results (I trimmed it a bit):
./u-boot-update:100:8: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:1: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:24: warning: _FS_VFSTYPE appears unused. Verify it or
export it. [SC2034]
./u-boot-update:103:36: warning: _FS_MNTOPS appears unused. Verify it or export
it. [SC2034]
./u-boot-update:103:47: warning: _FS_FREQ appears unused. Verify it or export
it. [SC2034]
./u-boot-update:103:56: warning: _FS_PASSNO appears unused. Verify it or export
it. [SC2034]
./u-boot-update:121:15: note: To read lines rather than words, pipe/redirect to
a 'while read' loop. [SC2013]
./u-boot-update:172:27: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:178:23: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:178:40: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:178:52: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:181:25: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:181:42: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:184:25: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:184:42: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:194:10: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:209:10: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:220:26: note: See if you can use ${variable//search/replace}
instead. [SC2001]
./u-boot-update:220:31: note: Double quote to prevent globbing and word
splitting. [SC2086]
./u-boot-update:225:14: note: $/${} is unnecessary on arithmetic variables.
[SC2004]
./zz-sync-dtb:30:17: note: Double quote to prevent globbing and word splitting.
[SC2086]
** Changed in: u-boot-menu (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1907284
Title:
[MIR] u-boot-menu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/u-boot-menu/+bug/1907284/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
