From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.windriver.com (mail.windriver.com [147.11.1.11]) by mail.openembedded.org (Postfix) with ESMTP id B0C2860232 for ; Thu, 8 Oct 2015 02:13:56 +0000 (UTC) Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail.windriver.com (8.15.2/8.15.1) with ESMTPS id t982DtS2014840 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 7 Oct 2015 19:13:55 -0700 (PDT) Received: from [128.224.162.231] (128.224.162.231) by ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server id 14.3.248.2; Wed, 7 Oct 2015 19:13:54 -0700 To: , "Burton, Ross" References: <6958f500cac37c3534a9f58a8bc7b90cc4c94b7f.1413452836.git.kai.kang@windriver.com> <7d91e0a2a4abbb2e84558856e1c2fa6a@technux.se> From: Kang Kai Message-ID: <5615D160.6050709@windriver.com> Date: Thu, 8 Oct 2015 10:13:52 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Cc: Openembedded core Subject: Re: [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 02:14:01 -0000 Content-Type: multipart/alternative; boundary="------------020509020309080602030805" --------------020509020309080602030805 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit On 2015年10月06日 23:30, Petter Mabäcker wrote: > > 2015-10-06 16:08 skrev Burton, Ross: > >> >> On 6 October 2015 at 14:43, Petter Mabäcker > > wrote: >> >> Great. As you will notice also when formatted properly it will >> not apply due to that readline63-001 and readline63-002 isn't >> applied so 'patchlevel' is incorrect. That makes me wondering >> what the patching strategy is? In my opinion we should consider >> adding the official readline-6.3 patches as well. Should I add a >> bug report for that or leave it as is (depending on the strategy...)? >> >> >> Adding the rest of the patches would have been a sensible thing to >> do. Right now, we're frozen as we're about to release 2.0, but a bug >> or patches post-release would be much appreciated. >> Ross > I have created a defect and assigned myself > (https://bugzilla.yoctoproject.org/show_bug.cgi?id=8451) and will send > something up when the normal integration is open again. > BR Petter Sorry for late reply that we had The National Day vacation. I can help for this defect if you please. -- Regards, Neil | Kai Kang --------------020509020309080602030805 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit
On 2015年10月06日 23:30, Petter Mabäcker wrote:

2015-10-06 16:08 skrev Burton, Ross:


On 6 October 2015 at 14:43, Petter Mabäcker <petter@technux.se> wrote:

Great. As you will notice also when formatted properly it will not apply due to that readline63-001 and readline63-002 isn't applied so  'patchlevel' is incorrect. That makes me wondering what the patching strategy is? In my opinion we should consider adding the official readline-6.3 patches as well. Should I add a bug report for that or leave it as is (depending on the strategy...)?

 

Adding the rest of the patches would have been a sensible thing to do.  Right now, we're frozen as we're about to release 2.0, but a bug or patches post-release would be much appreciated.
 
Ross
 
 
I have created a defect and assigned myself (https://bugzilla.yoctoproject.org/show_bug.cgi?id=8451) and will send something up when the normal integration is open again.
 
BR Petter

Sorry for late reply that we had The National Day vacation. I can help for this defect if you please.

-- 
Regards,
Neil | Kai Kang
--------------020509020309080602030805--