On Tue, May 30, 2023 at 2:45 AM Ranjitsinh Rathod < ranjitsinh.rat...@kpit.com> wrote:
> Hi @Steve Sakoman <st...@sakoman.com>, > > I request to not take this patch in the kirkstone as it seems we are still > checking on the data type which we changed from long to unsigned char. > It seems that this variable was 'long' only in the curl version which we > have in the kirkstone. > OK, I won't take this patch. Steve > > Of cource the link is wrong and so Sourav will send new patch v2. > > Thanks, > > Best Regards, > > *Ranjitsinh Rathod* > Technical Leader | | KPIT Technologies Ltd. > Cellphone: +91-84606 92403 > > *__________________________________________ *KPIT <http://www.kpit.com/> | > Follow us on LinkedIn <http://www.kpit.com/linkedin> > > <https://www.kpit.com/TheNewBrand> > ------------------------------ > *From:* openembedded-core@lists.openembedded.org < > openembedded-core@lists.openembedded.org> on behalf of Sourav Kumar > Pramanik via lists.openembedded.org <pramanik.souravkumar= > gmail....@lists.openembedded.org> > *Sent:* Friday, May 26, 2023 2:08 PM > *To:* openembedded-core@lists.openembedded.org < > openembedded-core@lists.openembedded.org>; pramanik.souravku...@gmail.com > <pramanik.souravku...@gmail.com> > *Cc:* Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com>; Omkar Patil < > omkar.pa...@kpit.com> > *Subject:* [OE-core][kirkstone][PATCH] curl: Correction for CVE-2023-27536 > > Caution: This email originated from outside of the KPIT. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > From: Omkar Patil <omkar.pa...@kpit.com> > > Correction of backport link inside the patch with correct commit link as > below > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Fcb49e67303dbafbab1cebf4086e3ec15b7d56ee5&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527044313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NH5veabZDDhqCO2JtlUvnfELKHXLOJFOULlA%2FcZFiBA%3D&reserved=0 > <https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5> > > Variable type change from long to unsigned char as per the original > patch > > Signed-off-by: Sourav Kumar Pramanik <pramanik.souravku...@gmail.com> > --- > meta/recipes-support/curl/curl/CVE-2023-27536.patch | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch > b/meta/recipes-support/curl/curl/CVE-2023-27536.patch > index fb3ee6a14d..51a5c0eef1 100644 > --- a/meta/recipes-support/curl/curl/CVE-2023-27536.patch > +++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch > @@ -3,7 +3,7 @@ From: Daniel Stenberg <dan...@haxx.se> > Date: Fri, 10 Mar 2023 09:22:43 +0100 > Subject: [PATCH] url: only reuse connections with same GSS delegation > > -Upstream-Status: Backport from [ > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Faf369db4d3833272b8ed443f7fcc2e757a0872eb&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527200533%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JxYwhvpTusRONt5yI1HRI4elSpLHpAdcOLNdVAMg2w8%3D&reserved=0 > <https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb> > ] > +Upstream-Status: Backport from [ > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Fcb49e67303dbafbab1cebf4086e3ec15b7d56ee5&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527200533%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vu9ivxrR8hez8PSMdXyyJJ7NYu2cUcLc9PD6%2BAEy5KI%3D&reserved=0 > <https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5> > ] > CVE: CVE-2023-27536 > Signed-off-by: Signed-off-by: Mingli Yu <mingli...@windriver.com> > Signed-off-by: Siddharth Doshi <sdo...@mvista.com> > @@ -44,7 +44,7 @@ index 6e6122a..602c735 100644 > int socks5_gssapi_enctype; > #endif > unsigned short localport; > -+ long gssapi_delegation; /* inherited from set.gssapi_delegation */ > ++ unsigned char gssapi_delegation; /* inherited from > set.gssapi_delegation */ > }; > > /* The end of connectdata. */ > -- > 2.25.1 > > This message contains information that may be privileged or confidential > and is the property of the KPIT Technologies Ltd. It is intended only for > the person to whom it is addressed. If you are not the intended recipient, > you are not authorized to read, print, retain copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all > copies of this message. KPIT Technologies Ltd. does not accept any > liability for virus infected mails. >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181926): https://lists.openembedded.org/g/openembedded-core/message/181926 Mute This Topic: https://lists.openembedded.org/mt/99146414/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
