From patchwork Mon Oct 29 16:41:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 149687 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp4371467ljp; Mon, 29 Oct 2018 09:43:46 -0700 (PDT) X-Google-Smtp-Source: AJdET5e7e/5+u4fLDEBQySo4nhTRbHr1kzB8wvH9UfCXeDeBiHnITtWTKw8n5NqFUsy+xvTYzcls X-Received: by 2002:a17:902:4025:: with SMTP id b34-v6mr11086326pld.318.1540831426237; Mon, 29 Oct 2018 09:43:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540831426; cv=none; d=google.com; s=arc-20160816; b=MK5hr8EW9AoICZ0Cl9x5r65osSifFWWVBjqIIkcdVsjhbeBSV8Jy1RNRfLfPvewo/M RV1c3UckVSbQYiNYGzx0W/OeneQcAG8KjxmN1w0y3MJo/He4Z70AmRvByqlzbimxOonQ ZKqjEZxEr3LAvUrBM1TBY79U+6TIChk0cU56UNELF+y7q2vEO+gJbgc6yR+G/pQFF3Up V8UFKamw9HSvl44dNofWm3ZfbWI6/Z2XJu97UqOHrX5L2svQYpVupsr6+UatxGUAJr8H zks52BgUcOGPE+tIhuWPheSftMzwaLfomSYEQGbHldQvyIu/FOrTH/0Fwda+L38XL8ge V1lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=GQ/sclopJdz6txQ9kJNsN4eXkxeVgwTY4m8EF17U7kI=; b=QmzqXzMBXOyl6MU5RN1X7VhAaw0PaqbUPnT/8coWsApXwvMGmk2UhBkvnHehJVZrZW JRXG/FctPaaDvWBZCYrGnxYbCajJGJ8XMo6kpoxYHeh+MdpR74dtVgEzZM3NjqYup6FV L3Y+UfmjXAbVZtjKBs9rOxDgHGC/tKPPKYMvcyEjKCTtu5NUIbws0zkpQeHocUgXGvId jXYV2JDjq3odmyol+5TzcPlr4CIuM9GRM1YLgHZ+QfISHX3vB8Y5Bi8/zaN3tD8XqBF8 CqvwEFXyGm2wS57y/PtPsDQulPBIPwvx4WWP1MdLnC2e2eCAAAIalnsOQiQ7OZDtDUEj ofmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=QGUNDguU; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s9-v6si22127156pgk.371.2018.10.29.09.43.45; Mon, 29 Oct 2018 09:43:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=QGUNDguU; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from 165.28.230.35.bc.googleusercontent.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 5722F79C4F; Mon, 29 Oct 2018 16:42:09 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mail.openembedded.org (Postfix) with ESMTP id AAD4979BCA for ; Mon, 29 Oct 2018 16:42:00 +0000 (UTC) Received: by mail-wr1-f66.google.com with SMTP id r10-v6so9451103wrv.6 for ; Mon, 29 Oct 2018 09:42:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=M7Mi+KGzWEmPkh0M5k69cCc69ToL30fbXzE7MAoRCjs=; b=QGUNDguU1wDYehy1YF6WetIiWn9bggOwLl5Jgu+AL0IIZO86PntxtvxSs3r4wnuhtN iDuvrHZ5yfYsXffFuckszTBbnflB/kfHyVoQIESalCQSXw+jC/RgQv9JTRKQZMCXvulg xl8oLC8AgIyrGulSQzKajrmzdXYjhGAfsPYaW2nkWdhQkv5FicmMC+B7B4EiG1Rf1lFj bvYNrv1G4uEQJsfCz10V8CqWwMtSsXSTjR1z3cWa6Qe7yl0/MXkV+fpoyHFn8J5RnAsO YbjQOwvvasQf2Oa0X7H9TqfXl3rdEdCJdFAxT7O7wPMzKuEhMz+2FwKVuEimkh7y1QWU 7z0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=M7Mi+KGzWEmPkh0M5k69cCc69ToL30fbXzE7MAoRCjs=; b=Gh/3KE+NvFitsBMSQ7Qw1KotjC/O85q55eVJrEEKh4Ye2tBt7f4Ch4e/tZV6aJvq/S afg3Nn+wSRNoDF9IM/19V7rm9+XuS16ksIAMvWYd2cWbx4AGHeGo7nI3+mygnll0jguS V/iU9leRzleJZXV3UEf3EpxjTNgNK7ZqbpfW7BQzkt4V/eWNCPynChgDAIPqMfZPSe9F 8O4QKQ7im8Qfb/p+eApG/vEDIuRAla/m8j81PaORtMEDeEVk+a/Fe+Ew9bGHG00aSl9s /o+KKlqsrqEu2w3Uem5/IzeCWyOwt8cGrNhlqLt+vMW8EgipZHdBDmUg2XqrFj7Mlsn3 I8ag== X-Gm-Message-State: AGRZ1gIWd6p2UTt/G7uo/seJhT+yVuE8AAtdyaYgKACnvGZF5FrO9ebm qkbU6E/HwvxKOlHL6cQ1zYKbHFsa078= X-Received: by 2002:adf:fa04:: with SMTP id m4-v6mr15263166wrr.155.1540831320672; Mon, 29 Oct 2018 09:42:00 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id j16-v6sm15361144wrq.89.2018.10.29.09.41.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 09:42:00 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Mon, 29 Oct 2018 16:41:57 +0000 Message-Id: <20181029164157.13253-1-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 Subject: [OE-core] [PATCH] python: add missing CVE tag to patches X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- .../0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch | 4 +--- .../0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch index 42c64caaee4..3c0d6622966 100644 --- a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch +++ b/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch @@ -19,9 +19,7 @@ Co-authored-by: Christian Heimes https://bugs.python.org/issue34623 Upstream-Status: Backport - -Fix CVE-2018-14647 - +CVE: CVE-2018-14647 Signed-off-by: Chen Qi --- Include/pyexpat.h | 4 +++- diff --git a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch b/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch index e6fe5f2cc46..125db8512a9 100644 --- a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch +++ b/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch @@ -5,9 +5,7 @@ Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use subprocess rather than distutils.spawn. (GH-8985) Upstream-Status: Backport - -Fix CVE-2018-1000802 - +CVE: CVE-2018-1000802 Signed-off-by: Chen Qi --- Lib/shutil.py | 16 ++++++++++------