Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916

Thu, 15 Jun 2023 10:24:52 -0700 

Thank You,

I will send V2.

Regards,
Archana
________________________________
From: Martin Jansa <martin.ja...@gmail.com>
Sent: Thursday, June 15, 2023 10:50 PM
To: schit...@cisco.com <schit...@cisco.com>
Cc: Polampalli, Archana <archana.polampa...@windriver.com>; 
openembedded-devel@lists.openembedded.org 
<openembedded-devel@lists.openembedded.org>; G Pillai, Hari 
<hari.gpil...@windriver.com>
Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix 
CVE-2022-41916

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.
FWIW: I do agree that a link to upstream patch does belong to Upstream-Status 
as:
"Upstream-Status: Backport [link]"

When there are many Backported changes I also prefer to add in which tag they 
were first included as e.g.
"Upstream-Status: Backport [v1.1 link]"
to make it more clear which patches are expected to be dropped when upgrading 
past 1.1 version.

And I think it's better than in separate lines used in the .patch:

Reference to upstream patch:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4p_ZVvA$>

So I think Sanjay's recommendation is useful one for future patches.

Regards,

On Thu, Jun 15, 2023 at 12:48 PM Sanjaykumar kantibhai Chitroda -X (schitrod - 
E-INFO CHIPS INC at Cisco) via 
lists.openembedded.org<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXkqqIrdg$>
 
<schitrod=cisco....@lists.openembedded.org<mailto:cisco....@lists.openembedded.org>>
 wrote:
Hi Hari,

Regarding format only nothing specific to review of fix,

I saw many developers has contributed to samba package fixes.
I would be great if we can keep common format inside .patch file as following.

----------------------------------------------
CVE: CVE-2022-41916
Upstream-Status: Backport 
[https://github.com/heimdal/heimdal/commit/eb87af0c2d18<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d18__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX5ns6WB8$>]

Signed-off-by: Archana Polampalli 
<archana.polampa...@windriver.com<mailto:archana.polampa...@windriver.com>>
----------------------------------------------

Thanks,
Sanjay

-----Original Message-----
From: 
openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>
 
<openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>>
 On Behalf Of Polampalli, Archana via 
lists.openembedded.org<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXkqqIrdg$>
Sent: Thursday, June 15, 2023 3:37 PM
To: 
openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>
Cc: hari.gpil...@windriver.com<mailto:hari.gpil...@windriver.com>
Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in 
Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) 
and kinit (via PKINIT), as well as any third-party applications using Heimdal's 
libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known 
workarounds for this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41916<https://urldefense.com/v3/__https://nvd.nist.gov/vuln/detail/CVE-2022-41916__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4oqHbF8$>

Upstream patches:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4p_ZVvA$>

Signed-off-by: Archana Polampalli 
<archana.polampa...@windriver.com<mailto:archana.polampa...@windriver.com>>
---





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103319): 
https://lists.openembedded.org/g/openembedded-devel/message/103319
Mute This Topic: https://lists.openembedded.org/mt/99545598/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
  • ... Polampalli, Archana via lists.openembedded.org
    • ... Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
      • ... Polampalli, Archana via lists.openembedded.org
        • ... DC
        • ... Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
      • ... Martin Jansa
        • ... Polampalli, Archana via lists.openembedded.org

Reply via email to