[OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524
Marko Lindqvist
cazfi74 at gmail.com
Thu Oct 8 04:31:43 UTC 2015
On 6 October 2015 at 17:08, Burton, Ross <ross.burton at intel.com> wrote:
>
> On 6 October 2015 at 14:43, Petter Mabäcker <petter at technux.se> wrote:
>>
>> Great. As you will notice also when formatted properly it will not apply
>> due to that readline63-001 and readline63-002 isn't applied so 'patchlevel'
>> is incorrect. That makes me wondering what the patching strategy is? In my
>> opinion we should consider adding the official readline-6.3 patches as well.
>> Should I add a bug report for that or leave it as is (depending on the
>> strategy...)?
>
>
> Adding the rest of the patches would have been a sensible thing to do.
> Right now, we're frozen as we're about to release 2.0, but a bug or patches
> post-release would be much appreciated.
>
> Ross
The strategy I introduced in 30a38ea1ee933fb134a5ee9000298703cab93692
was not to add the patches, but to fetch them as upstream source.
That was dropped when readline was updated to 6.3 (maybe there was no
patches for it at the time):
66bc6f4127e88db18e260c71d181aecfd58c7999
- ML
More information about the Openembedded-core
mailing list