I apologize community for disturb but it raises one question to me earlier today about yocto 2.6.4 (it is the latest yocto package for arm5) The libtinfo library (part of ncurses) presented in 2.6.4 has version 5.9 ---------------------------------------------------------------------------- lrwxrwxrwx. 1 root root 15 Oct 14 02:21 libtinfo.so.5 -> libtinfo.so.5.9 -rwxr-xr-x. 1 root root 124676 Oct 14 02:22 libtinfo.so.5.9 ----------------------------------------------------------------------------- The vulnerability "community" has pointed 2 vulnerabilities in libtinfo before 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-17595 https://nvd.nist.gov/vuln/detail/CVE-2019-17594
If I search for keyword "ncurses" in 2.6.4 poky folder the find process finds in ncourses package 6.1. ------------------------------------------------------------------------------------- ./armv5e-poky-linux-gnueabi/usr/include/ncurses_dll.h ./armv5e-poky-linux-gnueabi/usr/include/ncurses.h ./armv5e-poky-linux-gnueabi/usr/src/debug/ncurses ./armv5e-poky-linux-gnueabi/usr/src/debug/ncurses/6.1+20180630-r0/build/narrowc/ncurses ./armv5e-poky-linux-gnueabi/usr/src/debug/ncurses/6.1+20180630-r0/build/widec/ncurses ./armv5e-poky-linux-gnueabi/usr/src/debug/ncurses/6.1+20180630-r0/git/ncurses ./armv5e-poky-linux-gnueabi/usr/lib/pkgconfig/ncurses.pc ./armv5e-poky-linux-gnueabi/usr/lib/pkgconfig/ncurses++w.pc ./armv5e-poky-linux-gnueabi/usr/lib/pkgconfig/ncursesw.pc ./armv5e-poky-linux-gnueabi/usr/lib/pkgconfig/ncurses++.pc ./armv5e-poky-linux-gnueabi/usr/bin/ncursesw6-config ./armv5e-poky-linux-gnueabi/usr/bin/ncursesw5-config ./armv5e-poky-linux-gnueabi/usr/bin/ncurses5-config ./armv5e-poky-linux-gnueabi/usr/bin/ncurses6-config ----------------------------------------------------------------------------------------------------------------------- Does anyone know why we do not have libtinfo.so.6.1 when code is presented ? Or even is it possible to create now (but I assume whole yocto shall be again rebuilt and definitely it is not feasible for me with current knowledge )? (e.g) libtinfo.so -> libtinfo.so.6 libtinfo.so.6 -> libtinfo.so.6.1 Thank you in advance Milun
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#48252): https://lists.yoctoproject.org/g/yocto/message/48252 Mute This Topic: https://lists.yoctoproject.org/mt/70951247/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
