On Tue, 2020-02-18 at 15:43 +0000, Mittal, Anuj wrote: > On Tue, 2020-02-18 at 15:35 +0000, Richard Purdie wrote: > > On Tue, 2020-02-18 at 10:28 -0500, Chet Ramey wrote: > > > On 2/17/20 9:46 PM, Huo, De wrote: > > > > I applied the patch to fix CVE defect CVE-2019-18276. > > > > > > That's not exactly an answer to the question of who produced the > > > patch. > > > If that patch is the one causing failures when it's applied, > > > doesn't it > > > make sense to go back to the person who produced it and ask them > > > to > > > update it if necessary? > > > > Its likely a general CVE patch where both configure and > > configure.ac > > are patched. For OE, we can drop the configure part since we > > reautoconf > > the code. Its therefore the OE port of the patch which is likely at > > fault. > > > > Someone just needs to remove that section of the patch. > > There are other issues with this patch which should also be fixed I > think. It has been marked as a Backport while it is not one. The > patch > includes changes that are irrelevant to the CVE. And, it should have > gone to master first.
I shall await guidance from you/Armin then. Cheers, Richard -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
