> Am 02.10.2015 um 03:25 schrieb Khem Raj <raj.k...@gmail.com>: > > Jens > > >> On Oct 1, 2015, at 11:18 AM, Jens Rehsack <rehs...@gmail.com> wrote: >> >> >> many bux-fixes, optmizations and features added: >> >> Changes with nginx 1.9.5 22 Sep 2015 >> >> [...] >> *) Security: a stack-based buffer overflow might occur in a worker >> process while handling a specially crafted request, potentially >> resulting in arbitrary code execution (CVE-2013-2028); the bug had >> appeared in 1.3.9. >> Thanks to Greg MacManus, iSIGHT Partners Labs. >> > > > This is good info. Although a link to diff in cgit or web view of whatever > SCM nginx uses would have done too.
That's simply the Changelog. It's an update, not a fix for a critical issue. Do you really ask me to list each fixed bug from nginx' ticket list? >> Signed-off-by: Jens Rehsack <s...@netbsd.org> >> [...] >> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb >> +++ /dev/null > > > please user git format-patch -M to let git work harder on detecting renames, > its way easier to review the changes that way > this patch belongs to openembedded-devel list so please resend it there with > prefixing the layer in meta-openembedded repo [meta-webserver] where the > patch is applied. Sure, will do when I have feedback regarding above question. Regarding the other 6 patches - is just the right layer and "-M" missing? Do I have to improve them anyhow (beside what Martin Jansa and Khem criticized: missing description here and there)? >> [...] Cheers -- Jens Rehsack - rehs...@gmail.com -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto