[OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524
Petter Mabäcker
petter at technux.se
Fri Oct 9 06:53:02 UTC 2015
2015-10-08 06:31 skrev Marko Lindqvist:
> On 6 October 2015 at
17:08, Burton, Ross <ross.burton at intel.com> wrote:
>
>> On 6 October
2015 at 14:43, Petter Mabäcker <petter at technux.se> wrote:
>>
>>>
Great. As you will notice also when formatted properly it will not apply
due to that readline63-001 and readline63-002 isn't applied so
'patchlevel' is incorrect. That makes me wondering what the patching
strategy is? In my opinion we should consider adding the official
readline-6.3 patches as well. Should I add a bug report for that or
leave it as is (depending on the strategy...)?
>> Adding the rest of the
patches would have been a sensible thing to do. Right now, we're frozen
as we're about to release 2.0, but a bug or patches post-release would
be much appreciated. Ross
>
> The strategy I introduced in
30a38ea1ee933fb134a5ee9000298703cab93692
> was not to add the patches,
but to fetch them as upstream source.
> That was dropped when readline
was updated to 6.3 (maybe there was no
> patches for it at the time):
>
66bc6f4127e88db18e260c71d181aecfd58c7999
>
> - ML
Hello Marko,
When
looking at the dates for the 6.3 integration my guess is that no patches
existed for 6.3 yet (compared to the dates for the patches..). I will
give it a try to use your 5.2 strategy when applying the 6.3 patches to
make it looks the same for both versions. Thanks for pointing this out!
BR Petter
Petter Mabäcker
Technux
<petter at technux.se>
www.technux.se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20151009/9fb1db58/attachment-0002.html>
More information about the Openembedded-core
mailing list