* [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
@ 2018-11-02 6:07 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: changqing.li @ 2018-11-02 6:07 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
.../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++
.../recipes-support/curl/curl/CVE-2018-16840.patch | 43 ++++++++++++++++++++++
.../recipes-support/curl/curl/CVE-2018-16842.patch | 35 ++++++++++++++++++
3 files changed, 113 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16840.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16842.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
new file mode 100644
index 0000000..bf972d2
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
@@ -0,0 +1,35 @@
+From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:27:35 +0800
+Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
+
+CVE-2018-16839
+Reported-by: Harry Sintonen
+Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
+
+CVE: CVE-2018-16839
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/vauth/cleartext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
+index 5d61ce6..1367143 100644
+--- a/lib/vauth/cleartext.c
++++ b/lib/vauth/cleartext.c
+@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+ plen = strlen(passwdp);
+
+ /* Compute binary message length. Check for overflows. */
+- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+ return CURLE_OUT_OF_MEMORY;
+ plainlen = 2 * ulen + plen + 2;
+
+--
+2.7.4
+
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
new file mode 100644
index 0000000..3d086c4
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
@@ -0,0 +1,43 @@
+From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:33:35 +0800
+Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
+ use-after-free
+
+Regression from b46cfbc (7.59.0)
+CVE-2018-16840
+Reported-by: Brian Carpenter (Geeknik Labs)
+
+Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/
+81d135d67155c5295b1033679c606165d4e28f3f]
+
+CVE: CVE-2018-16840
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/url.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 27b2c1e..7ef7c20 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
+ and detach this handle from there. */
+ curl_multi_remove_handle(data->multi, data);
+
+- if(data->multi_easy)
++ if(data->multi_easy) {
+ /* when curl_easy_perform() is used, it creates its own multi handle to
+ use and this is the one */
+ curl_multi_cleanup(data->multi_easy);
++ data->multi_easy = NULL;
++ }
+
+ /* Destroy the timeout list that is held in the easy handle. It is
+ /normally/ done by curl_multi_remove_handle() but this is "just in
+--
+2.7.4
+
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
new file mode 100644
index 0000000..82e7557
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
@@ -0,0 +1,35 @@
+From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:30:56 +0800
+Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
+
+CVE: CVE-2018-16842
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+ (void)fwrite(ptr, cut + 1, 1, config->errors);
+ fputs("\n", config->errors);
+ ptr += cut + 1; /* skip the space too */
+- len -= cut;
++ len -= cut + 1;
+ }
+ else {
+ fputs(ptr, config->errors);
+--
+2.7.4
+
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 6:07 [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 changqing.li
@ 2018-11-02 6:41 ` Patchwork
2018-11-02 6:48 ` Changqing Li
2018-11-02 16:05 ` [PATCH] " akuster808
2018-11-09 16:36 ` akuster808
2 siblings, 1 reply; 9+ messages in thread
From: Patchwork @ 2018-11-02 6:41 UTC (permalink / raw)
To: changqing.li; +Cc: openembedded-core
== Series Details ==
Series: curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Revision: 1
URL : https://patchwork.openembedded.org/series/14764/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Patch curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format]
Suggested fix Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
@ 2018-11-02 6:48 ` Changqing Li
2018-11-05 17:39 ` Grygorii Tertychnyi
0 siblings, 1 reply; 9+ messages in thread
From: Changqing Li @ 2018-11-02 6:48 UTC (permalink / raw)
To: openembedded-core
I have add CVE tag in the patch file, is this test result incorrect?
On 11/2/18 2:41 PM, Patchwork wrote:
> == Series Details ==
>
> Series: curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
> Revision: 1
> URL : https://patchwork.openembedded.org/series/14764/
> State : failure
>
> == Summary ==
>
>
> Thank you for submitting this patch series to OpenEmbedded Core. This is
> an automated response. Several tests have been executed on the proposed
> series by patchtest resulting in the following failures:
>
>
>
> * Patch curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
> Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format]
> Suggested fix Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"
>
>
>
> If you believe any of these test results are incorrect, please reply to the
> mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
> Otherwise we would appreciate you correcting the issues and submitting a new
> version of the patchset if applicable. Please ensure you add/increment the
> version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
> [PATCH v3] -> ...).
>
> ---
> Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
> Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
> Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>
>
--
BRs
Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 6:07 [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
@ 2018-11-02 16:05 ` akuster808
2018-11-05 2:32 ` Changqing Li
2018-11-09 16:36 ` akuster808
2 siblings, 1 reply; 9+ messages in thread
From: akuster808 @ 2018-11-02 16:05 UTC (permalink / raw)
To: changqing.li, openembedded-core
On 11/1/18 11:07 PM, changqing.li@windriver.com wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++
> .../recipes-support/curl/curl/CVE-2018-16840.patch | 43 ++++++++++++++++++++++
> .../recipes-support/curl/curl/CVE-2018-16842.patch | 35 ++++++++++++++++++
> 3 files changed, 113 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16840.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16842.patch
curl update to 7.61.1 is in Master-next. do this also affect that version?
- armin
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
> new file mode 100644
> index 0000000..bf972d2
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
> @@ -0,0 +1,35 @@
> +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:27:35 +0800
> +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
> +
> +CVE-2018-16839
> +Reported-by: Harry Sintonen
> +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit
> +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
> +
> +CVE: CVE-2018-16839
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + lib/vauth/cleartext.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
> +index 5d61ce6..1367143 100644
> +--- a/lib/vauth/cleartext.c
> ++++ b/lib/vauth/cleartext.c
> +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
> + plen = strlen(passwdp);
> +
> + /* Compute binary message length. Check for overflows. */
> +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
> ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
> + return CURLE_OUT_OF_MEMORY;
> + plainlen = 2 * ulen + plen + 2;
> +
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
> new file mode 100644
> index 0000000..3d086c4
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
> @@ -0,0 +1,43 @@
> +From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:33:35 +0800
> +Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
> + use-after-free
> +
> +Regression from b46cfbc (7.59.0)
> +CVE-2018-16840
> +Reported-by: Brian Carpenter (Geeknik Labs)
> +
> +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit/
> +81d135d67155c5295b1033679c606165d4e28f3f]
> +
> +CVE: CVE-2018-16840
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + lib/url.c | 4 +++-
> + 1 file changed, 3 insertions(+), 1 deletion(-)
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index 27b2c1e..7ef7c20 100644
> +--- a/lib/url.c
> ++++ b/lib/url.c
> +@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
> + and detach this handle from there. */
> + curl_multi_remove_handle(data->multi, data);
> +
> +- if(data->multi_easy)
> ++ if(data->multi_easy) {
> + /* when curl_easy_perform() is used, it creates its own multi handle to
> + use and this is the one */
> + curl_multi_cleanup(data->multi_easy);
> ++ data->multi_easy = NULL;
> ++ }
> +
> + /* Destroy the timeout list that is held in the easy handle. It is
> + /normally/ done by curl_multi_remove_handle() but this is "just in
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
> new file mode 100644
> index 0000000..82e7557
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
> @@ -0,0 +1,35 @@
> +From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:30:56 +0800
> +Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
> +
> +CVE-2018-16842
> +Reported-by: Brian Carpenter
> +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit
> +/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
> +
> +CVE: CVE-2018-16842
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + src/tool_msgs.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/tool_msgs.c b/src/tool_msgs.c
> +index 9cce806..05bec39 100644
> +--- a/src/tool_msgs.c
> ++++ b/src/tool_msgs.c
> +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
> + (void)fwrite(ptr, cut + 1, 1, config->errors);
> + fputs("\n", config->errors);
> + ptr += cut + 1; /* skip the space too */
> +- len -= cut;
> ++ len -= cut + 1;
> + }
> + else {
> + fputs(ptr, config->errors);
> +--
> +2.7.4
> +
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 16:05 ` [PATCH] " akuster808
@ 2018-11-05 2:32 ` Changqing Li
0 siblings, 0 replies; 9+ messages in thread
From: Changqing Li @ 2018-11-05 2:32 UTC (permalink / raw)
To: akuster808, openembedded-core
On 11/3/18 12:05 AM, akuster808 wrote:
> On 11/1/18 11:07 PM, changqing.li@windriver.com wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>> .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++
>> .../recipes-support/curl/curl/CVE-2018-16840.patch | 43 ++++++++++++++++++++++
>> .../recipes-support/curl/curl/CVE-2018-16842.patch | 35 ++++++++++++++++++
>> 3 files changed, 113 insertions(+)
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16842.patch
>
> curl update to 7.61.1 is in Master-next. do this also affect that version?
>
> - armin
Yes, These 3 CVEs all affected version 7.61.1
//changqing
>
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> new file mode 100644
>> index 0000000..bf972d2
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> @@ -0,0 +1,35 @@
>> +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:27:35 +0800
>> +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
>> +
>> +CVE-2018-16839
>> +Reported-by: Harry Sintonen
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit
>> +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
>> +
>> +CVE: CVE-2018-16839
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + lib/vauth/cleartext.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
>> +index 5d61ce6..1367143 100644
>> +--- a/lib/vauth/cleartext.c
>> ++++ b/lib/vauth/cleartext.c
>> +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
>> + plen = strlen(passwdp);
>> +
>> + /* Compute binary message length. Check for overflows. */
>> +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
>> ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
>> + return CURLE_OUT_OF_MEMORY;
>> + plainlen = 2 * ulen + plen + 2;
>> +
>> +--
>> +2.7.4
>> +
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> new file mode 100644
>> index 0000000..3d086c4
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> @@ -0,0 +1,43 @@
>> +From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:33:35 +0800
>> +Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
>> + use-after-free
>> +
>> +Regression from b46cfbc (7.59.0)
>> +CVE-2018-16840
>> +Reported-by: Brian Carpenter (Geeknik Labs)
>> +
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit/
>> +81d135d67155c5295b1033679c606165d4e28f3f]
>> +
>> +CVE: CVE-2018-16840
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + lib/url.c | 4 +++-
>> + 1 file changed, 3 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/lib/url.c b/lib/url.c
>> +index 27b2c1e..7ef7c20 100644
>> +--- a/lib/url.c
>> ++++ b/lib/url.c
>> +@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
>> + and detach this handle from there. */
>> + curl_multi_remove_handle(data->multi, data);
>> +
>> +- if(data->multi_easy)
>> ++ if(data->multi_easy) {
>> + /* when curl_easy_perform() is used, it creates its own multi handle to
>> + use and this is the one */
>> + curl_multi_cleanup(data->multi_easy);
>> ++ data->multi_easy = NULL;
>> ++ }
>> +
>> + /* Destroy the timeout list that is held in the easy handle. It is
>> + /normally/ done by curl_multi_remove_handle() but this is "just in
>> +--
>> +2.7.4
>> +
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
>> new file mode 100644
>> index 0000000..82e7557
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
>> @@ -0,0 +1,35 @@
>> +From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:30:56 +0800
>> +Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
>> +
>> +CVE-2018-16842
>> +Reported-by: Brian Carpenter
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit
>> +/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
>> +
>> +CVE: CVE-2018-16842
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + src/tool_msgs.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/src/tool_msgs.c b/src/tool_msgs.c
>> +index 9cce806..05bec39 100644
>> +--- a/src/tool_msgs.c
>> ++++ b/src/tool_msgs.c
>> +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
>> + (void)fwrite(ptr, cut + 1, 1, config->errors);
>> + fputs("\n", config->errors);
>> + ptr += cut + 1; /* skip the space too */
>> +- len -= cut;
>> ++ len -= cut + 1;
>> + }
>> + else {
>> + fputs(ptr, config->errors);
>> +--
>> +2.7.4
>> +
--
BRs
Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 6:48 ` Changqing Li
@ 2018-11-05 17:39 ` Grygorii Tertychnyi
2018-11-06 2:09 ` Changqing Li
0 siblings, 1 reply; 9+ messages in thread
From: Grygorii Tertychnyi @ 2018-11-05 17:39 UTC (permalink / raw)
To: Changqing Li; +Cc: openembedded-core
On Fri Nov02 2018 @ 06:48, Changqing Li
<changqing.li@windriver.com> wrote:
> I have add CVE tag in the patch file, is this test result
> incorrect?
My guess is it was fooled by (well, "incorrect") "CVE-YYYY-XXXX"
lines. Even thouhg it is followed by the (correct) "CVE:
CVE-YYYY-XXXX" in your CVE patches
43 # first match is lax but second strict
44 if
self.re_cve_payload_pattern.match(line):
45 if not
self.re_cve_payload_tag.match(line):
46 self.fail('Missing or incorrectly
formatted CVE tag in included patch file',
47 'Correct or include the
CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"',
48 commit)
Do you really need "incorrect" lines?
> On 11/2/18 2:41 PM, Patchwork wrote:
>> == Series Details ==
>>
>> Series: curl: fix for
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>> Revision: 1
>> URL : https://patchwork.openembedded.org/series/14764/
>> State : failure
>>
>> == Summary ==
>>
>>
>> Thank you for submitting this patch series to OpenEmbedded
>> Core. This is
>> an automated response. Several tests have been executed on the
>> proposed
>> series by patchtest resulting in the following failures:
>>
>>
>>
>> * Patch curl: fix for
>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>> Issue Missing or incorrectly formatted CVE tag in
>> included patch file [test_cve_tag_format]
>> Suggested fix Correct or include the CVE tag on cve patch
>> with format: "CVE: CVE-YYYY-XXXX"
>>
>>
>>
>> If you believe any of these test results are incorrect, please
>> reply to the
>> mailing list (openembedded-core@lists.openembedded.org) raising
>> your concerns.
>> Otherwise we would appreciate you correcting the issues and
>> submitting a new
>> version of the patchset if applicable. Please ensure you
>> add/increment the
>> version number when sending the new version (i.e. [PATCH] ->
>> [PATCH v2] ->
>> [PATCH v3] -> ...).
>>
>> ---
>> Guidelines:
>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
>> Test framework:
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
>> Test suite:
>> http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>>
>>
> --
> BRs
>
> Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ✗ patchtest: failure for curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-05 17:39 ` Grygorii Tertychnyi
@ 2018-11-06 2:09 ` Changqing Li
0 siblings, 0 replies; 9+ messages in thread
From: Changqing Li @ 2018-11-06 2:09 UTC (permalink / raw)
To: Grygorii Tertychnyi; +Cc: openembedded-core
On 11/6/18 1:39 AM, Grygorii Tertychnyi wrote:
>
> On Fri Nov02 2018 @ 06:48, Changqing Li <changqing.li@windriver.com>
> wrote:
>
>> I have add CVE tag in the patch file, is this test result incorrect?
>
> My guess is it was fooled by (well, "incorrect") "CVE-YYYY-XXXX"
> lines. Even thouhg it is followed by the (correct) "CVE:
> CVE-YYYY-XXXX" in your CVE patches
>
> 43 # first match is lax but second strict
> 44 if self.re_cve_payload_pattern.match(line):
> 45 if not self.re_cve_payload_tag.match(line):
> 46 self.fail('Missing or incorrectly
> formatted CVE tag in included patch file',
> 47 'Correct or include the CVE
> tag on cve patch with format: "CVE: CVE-YYYY-XXXX"', 48 commit)
> Do you really need "incorrect" lines?
Thanks. the incorrect line are not necessary. I will rework this patch
based on new updated version 7.61.1
//changqing
>
>> On 11/2/18 2:41 PM, Patchwork wrote:
>>> == Series Details ==
>>>
>>> Series: curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>>> Revision: 1
>>> URL : https://patchwork.openembedded.org/series/14764/
>>> State : failure
>>>
>>> == Summary ==
>>>
>>>
>>> Thank you for submitting this patch series to OpenEmbedded Core.
>>> This is
>>> an automated response. Several tests have been executed on the proposed
>>> series by patchtest resulting in the following failures:
>>>
>>>
>>>
>>> * Patch curl: fix for
>>> CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
>>> Issue Missing or incorrectly formatted CVE tag in
>>> included patch file [test_cve_tag_format]
>>> Suggested fix Correct or include the CVE tag on cve patch
>>> with format: "CVE: CVE-YYYY-XXXX"
>>>
>>>
>>>
>>> If you believe any of these test results are incorrect, please reply
>>> to the
>>> mailing list (openembedded-core@lists.openembedded.org) raising your
>>> concerns.
>>> Otherwise we would appreciate you correcting the issues and
>>> submitting a new
>>> version of the patchset if applicable. Please ensure you
>>> add/increment the
>>> version number when sending the new version (i.e. [PATCH] -> [PATCH
>>> v2] ->
>>> [PATCH v3] -> ...).
>>>
>>> ---
>>> Guidelines:
>>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
>>> Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
>>> Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
>>>
>>>
>> --
>> BRs
>>
>> Sandy(Li Changqing)
>
>
--
BRs
Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-02 6:07 [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
2018-11-02 16:05 ` [PATCH] " akuster808
@ 2018-11-09 16:36 ` akuster808
2018-11-12 1:46 ` Changqing Li
2 siblings, 1 reply; 9+ messages in thread
From: akuster808 @ 2018-11-09 16:36 UTC (permalink / raw)
To: changqing.li, openembedded-core
On 11/1/18 11:07 PM, changqing.li@windriver.com wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++
> .../recipes-support/curl/curl/CVE-2018-16840.patch | 43 ++++++++++++++++++++++
> .../recipes-support/curl/curl/CVE-2018-16842.patch | 35 ++++++++++++++++++
> 3 files changed, 113 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16840.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16842.patch
Patchtest is not catching missing bb file changes.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13005
Sad thing is 3 people commented on this thread and no one saw the
missing recipe changes to add these patches.
- armin
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
> new file mode 100644
> index 0000000..bf972d2
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
> @@ -0,0 +1,35 @@
> +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:27:35 +0800
> +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
> +
> +CVE-2018-16839
> +Reported-by: Harry Sintonen
> +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit
> +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
> +
> +CVE: CVE-2018-16839
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + lib/vauth/cleartext.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
> +index 5d61ce6..1367143 100644
> +--- a/lib/vauth/cleartext.c
> ++++ b/lib/vauth/cleartext.c
> +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
> + plen = strlen(passwdp);
> +
> + /* Compute binary message length. Check for overflows. */
> +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
> ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
> + return CURLE_OUT_OF_MEMORY;
> + plainlen = 2 * ulen + plen + 2;
> +
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
> new file mode 100644
> index 0000000..3d086c4
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
> @@ -0,0 +1,43 @@
> +From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:33:35 +0800
> +Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
> + use-after-free
> +
> +Regression from b46cfbc (7.59.0)
> +CVE-2018-16840
> +Reported-by: Brian Carpenter (Geeknik Labs)
> +
> +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit/
> +81d135d67155c5295b1033679c606165d4e28f3f]
> +
> +CVE: CVE-2018-16840
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + lib/url.c | 4 +++-
> + 1 file changed, 3 insertions(+), 1 deletion(-)
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index 27b2c1e..7ef7c20 100644
> +--- a/lib/url.c
> ++++ b/lib/url.c
> +@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
> + and detach this handle from there. */
> + curl_multi_remove_handle(data->multi, data);
> +
> +- if(data->multi_easy)
> ++ if(data->multi_easy) {
> + /* when curl_easy_perform() is used, it creates its own multi handle to
> + use and this is the one */
> + curl_multi_cleanup(data->multi_easy);
> ++ data->multi_easy = NULL;
> ++ }
> +
> + /* Destroy the timeout list that is held in the easy handle. It is
> + /normally/ done by curl_multi_remove_handle() but this is "just in
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
> new file mode 100644
> index 0000000..82e7557
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
> @@ -0,0 +1,35 @@
> +From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 1 Nov 2018 15:30:56 +0800
> +Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
> +
> +CVE-2018-16842
> +Reported-by: Brian Carpenter
> +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit
> +/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
> +
> +CVE: CVE-2018-16842
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + src/tool_msgs.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/tool_msgs.c b/src/tool_msgs.c
> +index 9cce806..05bec39 100644
> +--- a/src/tool_msgs.c
> ++++ b/src/tool_msgs.c
> +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
> + (void)fwrite(ptr, cut + 1, 1, config->errors);
> + fputs("\n", config->errors);
> + ptr += cut + 1; /* skip the space too */
> +- len -= cut;
> ++ len -= cut + 1;
> + }
> + else {
> + fputs(ptr, config->errors);
> +--
> +2.7.4
> +
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
2018-11-09 16:36 ` akuster808
@ 2018-11-12 1:46 ` Changqing Li
0 siblings, 0 replies; 9+ messages in thread
From: Changqing Li @ 2018-11-12 1:46 UTC (permalink / raw)
To: akuster808, openembedded-core
On 11/10/18 12:36 AM, akuster808 wrote:
> On 11/1/18 11:07 PM, changqing.li@windriver.com wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>> .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++
>> .../recipes-support/curl/curl/CVE-2018-16840.patch | 43 ++++++++++++++++++++++
>> .../recipes-support/curl/curl/CVE-2018-16842.patch | 35 ++++++++++++++++++
>> 3 files changed, 113 insertions(+)
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16842.patch
> Patchtest is not catching missing bb file changes.
>
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=13005
>
> Sad thing is 3 people commented on this thread and no one saw the
> missing recipe changes to add these patches.
>
> - armin
I'm so sorry, I just see your reply. And Ross have added it, Thanks.
>
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> new file mode 100644
>> index 0000000..bf972d2
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
>> @@ -0,0 +1,35 @@
>> +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:27:35 +0800
>> +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
>> +
>> +CVE-2018-16839
>> +Reported-by: Harry Sintonen
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit
>> +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
>> +
>> +CVE: CVE-2018-16839
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + lib/vauth/cleartext.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
>> +index 5d61ce6..1367143 100644
>> +--- a/lib/vauth/cleartext.c
>> ++++ b/lib/vauth/cleartext.c
>> +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
>> + plen = strlen(passwdp);
>> +
>> + /* Compute binary message length. Check for overflows. */
>> +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
>> ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
>> + return CURLE_OUT_OF_MEMORY;
>> + plainlen = 2 * ulen + plen + 2;
>> +
>> +--
>> +2.7.4
>> +
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> new file mode 100644
>> index 0000000..3d086c4
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
>> @@ -0,0 +1,43 @@
>> +From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:33:35 +0800
>> +Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
>> + use-after-free
>> +
>> +Regression from b46cfbc (7.59.0)
>> +CVE-2018-16840
>> +Reported-by: Brian Carpenter (Geeknik Labs)
>> +
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit/
>> +81d135d67155c5295b1033679c606165d4e28f3f]
>> +
>> +CVE: CVE-2018-16840
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + lib/url.c | 4 +++-
>> + 1 file changed, 3 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/lib/url.c b/lib/url.c
>> +index 27b2c1e..7ef7c20 100644
>> +--- a/lib/url.c
>> ++++ b/lib/url.c
>> +@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
>> + and detach this handle from there. */
>> + curl_multi_remove_handle(data->multi, data);
>> +
>> +- if(data->multi_easy)
>> ++ if(data->multi_easy) {
>> + /* when curl_easy_perform() is used, it creates its own multi handle to
>> + use and this is the one */
>> + curl_multi_cleanup(data->multi_easy);
>> ++ data->multi_easy = NULL;
>> ++ }
>> +
>> + /* Destroy the timeout list that is held in the easy handle. It is
>> + /normally/ done by curl_multi_remove_handle() but this is "just in
>> +--
>> +2.7.4
>> +
>> diff --git a/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
>> new file mode 100644
>> index 0000000..82e7557
>> --- /dev/null
>> +++ b/meta/recipes-support/curl/curl/CVE-2018-16842.patch
>> @@ -0,0 +1,35 @@
>> +From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 1 Nov 2018 15:30:56 +0800
>> +Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
>> +
>> +CVE-2018-16842
>> +Reported-by: Brian Carpenter
>> +Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
>> +
>> +Upstream-Status: Backport [https://github.com/curl/curl/commit
>> +/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
>> +
>> +CVE: CVE-2018-16842
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + src/tool_msgs.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/src/tool_msgs.c b/src/tool_msgs.c
>> +index 9cce806..05bec39 100644
>> +--- a/src/tool_msgs.c
>> ++++ b/src/tool_msgs.c
>> +@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
>> + (void)fwrite(ptr, cut + 1, 1, config->errors);
>> + fputs("\n", config->errors);
>> + ptr += cut + 1; /* skip the space too */
>> +- len -= cut;
>> ++ len -= cut + 1;
>> + }
>> + else {
>> + fputs(ptr, config->errors);
>> +--
>> +2.7.4
>> +
--
BRs
Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-11-12 1:46 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-02 6:07 [PATCH] curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
2018-11-02 6:48 ` Changqing Li
2018-11-05 17:39 ` Grygorii Tertychnyi
2018-11-06 2:09 ` Changqing Li
2018-11-02 16:05 ` [PATCH] " akuster808
2018-11-05 2:32 ` Changqing Li
2018-11-09 16:36 ` akuster808
2018-11-12 1:46 ` Changqing Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.