Bug 11480

Summary: libusb can be updated to 1.0.23
Product: IPFire Reporter: gerd <gerd>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED FIXED QA Contact:
Severity: Security    
Priority: Will affect all users CC: michael.tremer, peter.mueller
Version: 2Keywords: 5MinuteJob, Security
Hardware: all   
OS: All   
Attachments: LFS for Lib USB
Rootfile for new LibUSB

Description gerd 2017-08-27 17:58:15 UTC 
the src can be updated to 1.0.21 => works here with x86_64
Comment 1 gerd 2018-11-27 12:39:09 UTC 
Can also updated to 1.0.22 works..
Comment 2 Michael Tremer 2018-11-27 12:45:11 UTC 
This is not really how a bug tracker works. Please submit a patch if you have updated and tested a new version of this package.
Comment 3 gerd 2019-03-26 12:25:40 UTC 
Created attachment 664 [details]
LFS for Lib USB
Comment 4 gerd 2019-03-26 12:26:06 UTC 
Created attachment 665 [details]
Rootfile for new LibUSB
Comment 5 gerd 2019-03-26 12:28:22 UTC 
Meanwhile whe havelibusb 1.0.22 and it works...
Comment 6 gerd 2019-03-26 12:31:02 UTC 
(In reply to Michael Tremer from comment #2)
> This is not really how a bug tracker works. Please submit a patch if you
> have updated and tested a new version of this package.

Don runs since i submitted that Bug LFS and root is now included (rootfile isn't usually needed because update will be a system update.... (i only created rootfile to test package locally)

KR  Gerd
Comment 7 Michael Tremer 2019-03-26 12:31:20 UTC 
Please submit the patch as described here:

> https://wiki.ipfire.org/devel/submit-patches

It HAS to be sent to the mailing list.

And please do not change the component to anything that belongs to IPFire 3.
Comment 8 Peter Müller 2019-03-26 12:38:10 UTC 
I did trying to update libusb in the past, but stumbled across #11810. @gerd: Do you experiencing the same problem or know how to fix it?
Comment 9 gerd 2019-03-26 12:45:07 UTC 
(In reply to Peter Müller from comment #8)
> I did trying to update libusb in the past, but stumbled across #11810.
> @gerd: Do you experiencing the same problem or know how to fix it?

No i do notuse USB NICs :)

Ciao Gerd
Comment 10 Peter Müller 2020-04-10 11:28:10 UTC 
I will take care about this...
Comment 11 gerd 2020-04-17 22:23:35 UTC 
meanwhile you can use 1.0.23 :)

Ciao gerd
Comment 12 Peter Müller 2020-04-18 10:06:28 UTC 
https://patchwork.ipfire.org/patch/2984/
Comment 13 Michael Tremer 2020-04-20 07:14:30 UTC 
@Peter: Why has this been marked as security-relevant? Could you please quote the changelog in those occasions?
Comment 14 Peter Müller 2020-04-26 09:37:40 UTC 
(In reply to Michael Tremer from comment #13)
> @Peter: Why has this been marked as security-relevant? Could you please
> quote the changelog in those occasions?

Because I consider USB stuff being security-relevant in general. While I am not aware of any precise security vulnerability, libusb attempted to close several flaws mostly detected by fuzzing sessions within the last releases.

However: Good point. One should always quote the changelog in such cases.