Message ID | 20231009162723.94207-1-marex@denx.de |
---|---|
State | Accepted, archived |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [dunfell] ncurses: Mitigate CVE-2023-29491 | expand |
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index ee0b15ecf0..38826a6231 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc @@ -86,6 +86,7 @@ ncurses_configure() { --enable-sigwinch \ --enable-pc-files \ --disable-rpath-hack \ + --disable-root-environ \ ${EXCONFIG_ARGS} \ --with-manpage-format=normal \ --without-manpage-renames \
Configure with "--disable-root-environ" to disallow loading of custom terminfo entries in setuid/setgid programs, mitigating the impact of CVE-2023-29491. This is taken from debian: https://salsa.debian.org/debian/ncurses/-/commit/1c530aad772f7aeef039b8780d51cd09bd5a08ac Signed-off-by: Marek Vasut <marex@denx.de> --- meta/recipes-core/ncurses/ncurses.inc | 1 + 1 file changed, 1 insertion(+)