Accueil » Forum » À propos du Logiciel Libre en général
Soumis par Other_Cody le dim, 02/25/2024 - 21:56

Does Trisquel use/backport the CVE-2022-35978 Minetest patch?

3 réponses [Dernière contribution]
dim, 02/25/2024 - 21:56
Other_Cody
Other_Cody
Hors ligne
A rejoint: 12/20/2023

apt-get source minetest
Reading package lists... Done
NOTICE: 'minetest' packaging is maintained in the 'Git' version control system at:
https://salsa.debian.org/games-team/minetest.git
Please use:
git clone https://salsa.debian.org/games-team/minetest.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 13.6 MB of source archives.
Get:1 https://archive.trisquel.org/trisquel aramo/main minetest 5.4.1+repack-2build1 (dsc) [2,731 B]
Get:2 https://archive.trisquel.org/trisquel aramo/main minetest 5.4.1+repack-2build1 (tar) [13.5 MB]
Get:3 https://archive.trisquel.org/trisquel aramo/main minetest 5.4.1+repack-2build1 (diff) [38.5 kB]
Fetched 13.6 MB in 4s (3,221 kB/s)
dpkg-source: info: extracting minetest in minetest-5.4.1+repack
dpkg-source: info: unpacking minetest_5.4.1+repack.orig.tar.gz
dpkg-source: info: unpacking minetest_5.4.1+repack-2build1.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying kfreebsd-gettext.patch
dpkg-source: info: applying shared_mods.patch
dpkg-source: info: applying rawlua.patch
dpkg-source: info: applying postgresql.patch
dpkg-source: info: applying fix_typos.patch
dpkg-source: info: applying gcc_11.patch

Do these patches include the CVE-2022-35978 (like?) security patch, if that is even needed in Minetest 5.4.1?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35978

https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc

https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
dim, 02/25/2024 - 22:29
#1
Other_Cody
Other_Cody
Hors ligne
A rejoint: 12/20/2023

The patch/patches is/are also typed about at

https://forum.minetest.net/viewtopic.php?p=433751#p433751

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
dim, 02/25/2024 - 23:18
#2
Other_Cody
Other_Cody
Hors ligne
A rejoint: 12/20/2023

https://forums.hyperbola.info/viewtopic.php?pid=7706#p7706

also may have information about how to backport this, in-case anyone finds out how to backport this before the main upstream, though it was just typed about there, so maybe not yet.

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
lun, 02/26/2024 - 16:37
#3
Other_Cody
Other_Cody
Hors ligne
A rejoint: 12/20/2023

https://forums.hyperbola.info/viewtopic.php?pid=7717#p7717

shows in part throgh from Hyperbola text of

As final statement ... yes, I managed to backport the patch.

So a backported patch may have been found for Hyperbola's Minetest.

Maybe it can also work for Trisquel's Minetest.

Haut
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines