Re: [yocto] [RFC] CVEs on sumo branch

2018-09-24 Thread Sinan Kaya
On 9/24/2018 10:27 AM, Sinan Kaya wrote: Here is another one. https://patches.openembedded.org/patch/154290/ I see you pulled this into rucko-nmut. It is also needed for the sumo branch. -- ___ yocto mailing list yocto@yoctoproject.org https://lists.

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-24 Thread Sinan Kaya
On 9/22/2018 10:46 AM, akuster wrote: Signed-off-by: Zheng Ruoqin     Signed-off-by: Richard Purdie What does it take to move this in the right direction? bring it to my attention like you have. backported it for the next build round. Here is another one. https://patches.openembedded.org/p

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-22 Thread akuster
On 09/21/2018 02:07 PM, Sinan Kaya wrote: > On 9/21/2018 4:35 PM, akuster808 wrote: >> I already have in my sumo-next >> http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=stable/sumo-next >> >> libcroco: patch for CVE-2017-7960 >>

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-21 Thread Sinan Kaya
On 9/21/2018 4:35 PM, akuster808 wrote: I already have in my sumo-next http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=stable/sumo-next libcroco: patch for CVE-2017-7960

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-21 Thread Sinan Kaya
On 9/21/2018 4:35 PM, akuster808 wrote: For the rest can you sent them to the proper mailing list openembedded-c...@lists.openembedded.org via git send-patch. I noticed a few of the patches for recipes need some addition information: please review https://www.openembedded.org/wiki/Commit_Patch_

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-21 Thread akuster808
Sinan, On 09/21/2018 12:43 PM, Sinan Kaya wrote: > I'm sure this has been discussed recently but I wanted to raise this > question > one more time as I have seen a lot of CVEs patches getting pulled into > the sumo > branch recently. > > We started enabling the cve-check feature and are triaging

Re: [yocto] [RFC] CVEs on sumo branch

2018-09-21 Thread Alexander Kanavin
2018-09-21 21:43 GMT+02:00 Sinan Kaya : > 2. Apply the attached patches to sumo branch. > > We'd like to hear the community opinion. For stable branches the yocto project tends to be on the conservative side. Which means option 2: backport the cve fixes. For the master branch, version upgrades ar

[yocto] [RFC] CVEs on sumo branch

2018-09-21 Thread Sinan Kaya
I'm sure this has been discussed recently but I wanted to raise this question one more time as I have seen a lot of CVEs patches getting pulled into the sumo branch recently. We started enabling the cve-check feature and are triaging the results of CVE reports. We think that the following CVEs ne