[scarthgap][PATCH 0/1] wpa-supplicant: Add CVE id to CVE-2024-3596

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* [scarthgap][PATCH 0/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch
@ 2025-01-20  6:00 liezhi.yang
  2025-01-20  6:00 ` [scarthgap][PATCH 1/1] " liezhi.yang
  0 siblings, 1 reply; 4+ messages in thread
From: liezhi.yang @ 2025-01-20  6:00 UTC (permalink / raw)
  To: openembedded-core

From: Robert Yang <liezhi.yang@windriver.com>

The following changes since commit 92eea72a25e553c698bee9e3f551a5880bd4631c:

  systemd: enable create-log-dirs (2025-01-13 06:16:07 -0800)

are available in the Git repository at:

  https://github.com/robertlinux/yocto rbt/cve
  https://github.com/robertlinux/yocto/tree/rbt/cve

Robert Yang (1):
  wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch

 .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
 1 file changed, 1 insertion(+)

-- 
2.44.1



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch
  2025-01-20  6:00 [scarthgap][PATCH 0/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch liezhi.yang
@ 2025-01-20  6:00 ` liezhi.yang
  2025-01-21 16:41   ` [OE-core] " Marko, Peter
  0 siblings, 1 reply; 4+ messages in thread
From: liezhi.yang @ 2025-01-20  6:00 UTC (permalink / raw)
  To: openembedded-core

From: Robert Yang <liezhi.yang@windriver.com>

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
index 7a8197d2b4..58e1327f2b 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
@@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup - no string
 
 Signed-off-by: Jouni Malinen <j@w1.fi>
 
+CVE: CVE-2024-3596
 Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac432d1]
 Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---
-- 
2.44.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* RE: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch
  2025-01-20  6:00 ` [scarthgap][PATCH 1/1] " liezhi.yang
@ 2025-01-21 16:41   ` Marko, Peter
  2025-01-22  7:34     ` Robert Yang
  0 siblings, 1 reply; 4+ messages in thread
From: Marko, Peter @ 2025-01-21 16:41 UTC (permalink / raw)
  To: liezhi.yang@windriver.com,
	openembedded-core@lists.openembedded.org

This is not correct.

The patch CVE-2024-3596_00 does not fix any part of that CVE.
As the commit message says, it's a style commit so that real CVE patches apply cleanly.
If it bothers you that it has CVE in filename but no CVE, maybe rename it instead adding incorrect tag?

Peter

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Robert Yang via
> lists.openembedded.org
> Sent: Monday, January 20, 2025 7:01
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
> 2024-3596_00.patch
> 
> From: Robert Yang <liezhi.yang@windriver.com>
> 
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> ---
>  .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
> supplicant/CVE-2024-3596_00.patch
> index 7a8197d2b4..58e1327f2b 100644
> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch
> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch
> @@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
> no string
> 
>  Signed-off-by: Jouni Malinen <j@w1.fi>
> 
> +CVE: CVE-2024-3596
>  Upstream-Status: Backport
> [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
> 432d1]
>  Signed-off-by: Peter Marko <peter.marko@siemens.com>
>  ---
> --
> 2.44.1



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch
  2025-01-21 16:41   ` [OE-core] " Marko, Peter
@ 2025-01-22  7:34     ` Robert Yang
  0 siblings, 0 replies; 4+ messages in thread
From: Robert Yang @ 2025-01-22  7:34 UTC (permalink / raw)
  To: Marko, Peter, openembedded-core@lists.openembedded.org



On 1/22/25 00:41, Marko, Peter wrote:
> This is not correct.
> 
> The patch CVE-2024-3596_00 does not fix any part of that CVE.
> As the commit message says, it's a style commit so that real CVE patches apply cleanly.
> If it bothers you that it has CVE in filename but no CVE, maybe rename it instead adding incorrect tag?

The cve patches can't be applied without it, may we should just leave it as the 
current status.

// Robert

> 
> Peter
> 
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-
>> core@lists.openembedded.org> On Behalf Of Robert Yang via
>> lists.openembedded.org
>> Sent: Monday, January 20, 2025 7:01
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
>> 2024-3596_00.patch
>>
>> From: Robert Yang <liezhi.yang@windriver.com>
>>
>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
>> ---
>>   .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
>> supplicant/CVE-2024-3596_00.patch
>> index 7a8197d2b4..58e1327f2b 100644
>> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> @@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
>> no string
>>
>>   Signed-off-by: Jouni Malinen <j@w1.fi>
>>
>> +CVE: CVE-2024-3596
>>   Upstream-Status: Backport
>> [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
>> 432d1]
>>   Signed-off-by: Peter Marko <peter.marko@siemens.com>
>>   ---
>> --
>> 2.44.1
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-01-22  7:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-20  6:00 [scarthgap][PATCH 0/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch liezhi.yang
2025-01-20  6:00 ` [scarthgap][PATCH 1/1] " liezhi.yang
2025-01-21 16:41   ` [OE-core] " Marko, Peter
2025-01-22  7:34     ` Robert Yang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox