From f2081a47b2f2d28386ef031ee25b76a28fffb9ea Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 5 Jul 2023 08:19:46 +0200 Subject: [PATCH] overlay profiles: Unmask and add accept keywords for sys-libs/ncurses --- .../profiles/coreos/base/package.accept_keywords | 3 +++ .../coreos-overlay/profiles/coreos/base/package.unmask | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 103e8fd534..0c0d90abff 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -81,6 +81,9 @@ =sys-libs/libsemanage-3.1-r2 ~arm64 =sys-libs/libsepol-3.1 ~arm64 +# Needed to fix CVE-2023-29491. +=sys-libs/ncurses-6.4_p20230527 ~amd64 ~arm64 + # A dependency of app-shells/bash version that we need for security # fixes. =sys-libs/readline-8.2_p1 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 9ac55e2060..daa49a7cce 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,3 +1,8 @@ +# Overwrite portage-stable mask. The regressions that this version of +# ncurses caused are in Gentoo packages that we don't have in +# Flatcar. And we need it for a security fix. +=sys-libs/ncurses-6.4_p20230527 + # Overwrite portage-stable mask. We are delaying the transition to # libxcrypt, because we need to figure out how to solve the dep loop # that results from the migration (python -> virtual/libcrypt ->