Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

2015-10-08 06:31 skrev Marko Lindqvist: > On 6 October 2015 at 17:08, Burton, Ross wrote: > >> On 6 October 2015 at 14:43, Petter Mabäcker wrote: >> >>> Great. As you will notice also when formatted properly it will not apply due to that

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

2015-10-08 04:13 skrev Kang Kai: > On 2015年10月06日 23:30, Petter Mabäcker wrote: > >> 2015-10-06 16:08 skrev Burton, Ross: >> >>> On 6 October 2015 at 14:43, Petter Mabäcker wrote: >>> Great. As you will notice also when formatted properly it will not apply due to

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 2015年10月06日 23:30, Petter Mabäcker wrote: 2015-10-06 16:08 skrev Burton, Ross: On 6 October 2015 at 14:43, Petter Mabäcker > wrote: Great. As you will notice also when formatted properly it will not apply due to that readline63-001

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 6 October 2015 at 17:08, Burton, Ross wrote: > > On 6 October 2015 at 14:43, Petter Mabäcker wrote: >> >> Great. As you will notice also when formatted properly it will not apply >> due to that readline63-001 and readline63-002 isn't applied so

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

2015-10-06 16:08 skrev Burton, Ross: > On 6 October 2015 at 14:43, Petter Mabäcker wrote: > >> Great. As you will notice also when formatted properly it will not apply due to that readline63-001 and readline63-002 isn't applied so 'patchlevel' is incorrect. That makes me

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

Hi Kai, I played around with the new meta-security-isafw layer and the cve-check-tool. In readline the cve CVE-2014-2524 is marked as 'missing' by the framework and I was confused to start with, since I saw that this commit was included. But after looking at the actual patch I realized that

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 6 October 2015 at 09:11, Petter Mabäcker wrote: > I played around with the new meta-security-isafw layer and the > cve-check-tool. In readline the cve CVE-2014-2524 is marked as 'missing' by > the framework and I was confused to start with, since I saw that this > commit

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

2015-10-06 14:58 skrev Burton, Ross: > On 6 October 2015 at 12:23, Petter Mabäcker wrote: > >> The patch must be applied by something/someone.. For example Debian solves it by doing their own .diff patch

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

Petter Mabäcker Technux www.technux.se 2015-10-06 12:06 skrev Burton, Ross: > On 6 October 2015 at 09:11, Petter Mabäcker wrote: > >> I played around with the new meta-security-isafw layer and the cve-check-tool. In readline the cve CVE-2014-2524 is

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 6 October 2015 at 14:43, Petter Mabäcker wrote: > Great. As you will notice also when formatted properly it will not apply > due to that readline63-001 and readline63-002 isn't applied so > 'patchlevel' is incorrect. That makes me wondering what the patching > strategy is?

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 6 October 2015 at 12:23, Petter Mabäcker wrote: > The patch must be applied by something/someone.. For example Debian > solves it by doing their own .diff patch ( > http://http.debian.net/debian/pool/main/r/readline6/readline6_6.3-8.debian.tar.xz). > I can send a

Re: [OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524

On 2014年10月16日 19:20, Burton, Ross wrote: On 16 October 2014 10:48, Kai Kang kai.k...@windriver.com wrote: +++ b/meta/recipes-core/readline/readline_6.3.bb @@ -1,5 +1,7 @@ require readline.inc +SRC_URI_append = file://readline63-003 Doing SRC_URI += is the usual thing to do. OK. I'll