* [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
@ 2020-12-16 5:30 Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16 5:30 UTC (permalink / raw)
To: openembedded-devel; +Cc: Stacy Gaikovaia, Khem Raj
From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
Uprev nodejs in order to fix CVE-2020-8277.
This CVE allows an attacker to trigger a DNS request for a host
of their choice, which could trigger a Denial of Service in
nodejs versions < 12.19.1.
See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
CVE: CVE-2020-8277
Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
.../nodejs/{nodejs_12.19.0.bb => nodejs_12.19.1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-oe/recipes-devtools/nodejs/{nodejs_12.19.0.bb => nodejs_12.19.1.bb} (98%)
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
similarity index 98%
rename from meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
index 9d15586238..8021fedf44 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
@@ -26,7 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
SRC_URI_append_class-target = " \
file://0002-Using-native-binaries.patch \
"
-SRC_URI[sha256sum] = "3b671c45c493f96d7e018c15110cdbafa4478e5e5cfc9e6eec83cea9e6b551e1"
+SRC_URI[sha256sum] = "74077e0cc3db000a6f3cc685b220e609807b61adc8e7d8243e8511d478d1b17d"
S = "${WORKDIR}/node-v${PV}"
--
2.29.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-oe][PATCH 2/3] Add recipe for dbus-cxx
2020-12-16 5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
@ 2020-12-16 5:30 ` Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16 5:30 UTC (permalink / raw)
To: openembedded-devel; +Cc: Caio Toledo, Khem Raj
From: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
.../recipes-core/dbus-cxx/dbus-cxx_0.12.bb | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
create mode 100644 meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb
diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb
new file mode 100644
index 0000000000..7a170d66f5
--- /dev/null
+++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb
@@ -0,0 +1,24 @@
+SUMMARY = "D-Bus wrapper in C++ for dbus"
+HOMEPAGE = "https://dbus-cxx.github.io/"
+SECTION = "base"
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4cf0188f02184e1e84b9586ac53c3f83"
+
+SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master"
+SRCREV = "ea7f8e361d11dc7d41d9ae2c4128aed2cdadd84e"
+
+DEPENDS = "\
+ dbus \
+ libsigc++-2.0 \
+"
+
+RDEPENDS_${PN} = "\
+ dbus \
+ libsigc++-2.0 \
+"
+
+S = "${WORKDIR}/git/"
+
+inherit pkgconfig cmake
+
+OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM = "BOTH"
--
2.29.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe
2020-12-16 5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
@ 2020-12-16 5:30 ` Khem Raj
2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
2021-01-06 6:40 ` Sean Nyekjaer
3 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16 5:30 UTC (permalink / raw)
To: openembedded-devel; +Cc: Caio Toledo, Khem Raj
From: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
index 577f2e7886..5023e49510 100644
--- a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
+++ b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
@@ -179,6 +179,7 @@ RDEPENDS_packagegroup-meta-oe-core = "\
sdbus-c++ \
toybox \
usleep \
+ dbus-cxx \
"
RDEPENDS_packagegroup-meta-oe-core_append_libc-glibc = " glfw"
RDEPENDS_packagegroup-meta-oe-core_remove_riscv64 = "safec"
--
2.29.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
2020-12-16 5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
@ 2021-01-05 13:31 ` Sean Nyekjaer
2021-01-06 6:40 ` Sean Nyekjaer
3 siblings, 0 replies; 6+ messages in thread
From: Sean Nyekjaer @ 2021-01-05 13:31 UTC (permalink / raw)
To: Khem Raj, openembedded-devel; +Cc: Stacy Gaikovaia
On 16/12/2020 06.30, Khem Raj wrote:
> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>
> Uprev nodejs in order to fix CVE-2020-8277.
> This CVE allows an attacker to trigger a DNS request for a host
> of their choice, which could trigger a Denial of Service in
> nodejs versions < 12.19.1.
>
> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>
> CVE: CVE-2020-8277
> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
>
Hi Khem,
Will you please backport this to gatesgarth :)
/Sean
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
2020-12-16 5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
` (2 preceding siblings ...)
2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
@ 2021-01-06 6:40 ` Sean Nyekjaer
2021-01-10 19:52 ` akuster
3 siblings, 1 reply; 6+ messages in thread
From: Sean Nyekjaer @ 2021-01-06 6:40 UTC (permalink / raw)
To: openembedded-devel, Armin Kuster
On 16/12/2020 06.30, Khem Raj wrote:
> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>
> Uprev nodejs in order to fix CVE-2020-8277.
> This CVE allows an attacker to trigger a DNS request for a host
> of their choice, which could trigger a Denial of Service in
> nodejs versions < 12.19.1.
>
> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>
> CVE: CVE-2020-8277
> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hi Armin,
Will you please backport this to gatesgarth
/Sean
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
2021-01-06 6:40 ` Sean Nyekjaer
@ 2021-01-10 19:52 ` akuster
0 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2021-01-10 19:52 UTC (permalink / raw)
To: Sean Nyekjaer, openembedded-devel
On 1/5/21 10:40 PM, Sean Nyekjaer wrote:
>
>
> On 16/12/2020 06.30, Khem Raj wrote:
>> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>>
>> Uprev nodejs in order to fix CVE-2020-8277.
>> This CVE allows an attacker to trigger a DNS request for a host
>> of their choice, which could trigger a Denial of Service in
>> nodejs versions < 12.19.1.
>>
>> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>>
>> CVE: CVE-2020-8277
>> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Hi Armin,
>
> Will you please backport this to gatesgarth
sure thing. its in the test branch.
thanks for the input.
-armin
>
> /Sean
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-10 19:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-16 5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
2020-12-16 5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
2021-01-06 6:40 ` Sean Nyekjaer
2021-01-10 19:52 ` akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.