Hello Steve, Thank you, that you're taking care of it. Sorry, but maybe I didn't catch the right approach about the patching. Are you going to create a "fixing CVE" patch or just patch to set "CVE_PRODUCT" ?
Thanks, Andrej > On Tue, May 25, 2021 at 12:17 PM Richard Purdie > <[email protected]> wrote: >> >> On Tue, 2021-05-25 at 12:50 +0000, Andrej Valek wrote: >> > Hello everyone, >> > >> > I have an another question regarding to backporting this to dunfell branch. >> > Is it possible to apply this upgrade to this branch? I would like to >> > have an very important fix for CVE-2013-0340 >> > (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fg >> > ithub.com%2Flibexpat%2Flibexpat%2Fpull%2F220&data=04%7C01%7Candr >> > ej.valek%40siemens.com%7Cc9695097e1bc47d8261708d91fcbba17%7C38ae3bcd >> > 95794fd4addab42e1495d55a%7C1%7C0%7C637575782123699324%7CUnknown%7CTW >> > FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC >> > I6Mn0%3D%7C1000&sdata=jBk29qyJpIq%2BsG0iXhnMoSbv%2F2%2Bd8dKIbuV7 >> > GqP3YA8%3D&reserved=0) there. But there is a lot of changes, >> > means just applying the patch is not very promising. >> > >> > How we can handle it? >> >> Adding Steve to Cc. It is possible if there is a good case for it and >> there aren't bad side effects from the change. I don't know enough >> about expat here to comment on that. > > Our responses crossed in the mail :-) > > I don't know enough about expat to comment on this either. But if someone > who is familiar with expat would care to chime in I am open to consider > whether an exception should be made. > >> I suspect we should be adding something to the expat recipe to make it >> match libexpat CVEs, maybe CVE_PRODUCT = "libexpat"? > > Yes, good catch, that does appear to be the case. I'll do a little testing > to verify that and will submit a patch. > > Steve
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152249): https://lists.openembedded.org/g/openembedded-core/message/152249 Mute This Topic: https://lists.openembedded.org/mt/83074955/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
