All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
@ 2020-12-16  5:30 Khem Raj
  2020-12-16  5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16  5:30 UTC (permalink / raw)
  To: openembedded-devel; +Cc: Stacy Gaikovaia, Khem Raj

From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>

Uprev nodejs in order to fix CVE-2020-8277.
This CVE allows an attacker to trigger a DNS request for a host
of their choice, which could trigger a Denial of Service in
nodejs versions < 12.19.1.

See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.

CVE: CVE-2020-8277
Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../nodejs/{nodejs_12.19.0.bb => nodejs_12.19.1.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/nodejs/{nodejs_12.19.0.bb => nodejs_12.19.1.bb} (98%)

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
similarity index 98%
rename from meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb
rename to meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
index 9d15586238..8021fedf44 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_12.19.0.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.19.1.bb
@@ -26,7 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
 SRC_URI_append_class-target = " \
            file://0002-Using-native-binaries.patch \
            "
-SRC_URI[sha256sum] = "3b671c45c493f96d7e018c15110cdbafa4478e5e5cfc9e6eec83cea9e6b551e1"
+SRC_URI[sha256sum] = "74077e0cc3db000a6f3cc685b220e609807b61adc8e7d8243e8511d478d1b17d"
 
 S = "${WORKDIR}/node-v${PV}"
 
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [meta-oe][PATCH 2/3] Add recipe for dbus-cxx
  2020-12-16  5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
@ 2020-12-16  5:30 ` Khem Raj
  2020-12-16  5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16  5:30 UTC (permalink / raw)
  To: openembedded-devel; +Cc: Caio Toledo, Khem Raj

From: Caio Toledo <caioviniciusdetoledo@gmail.com>

Signed-off-by: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../recipes-core/dbus-cxx/dbus-cxx_0.12.bb    | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb

diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb
new file mode 100644
index 0000000000..7a170d66f5
--- /dev/null
+++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_0.12.bb
@@ -0,0 +1,24 @@
+SUMMARY = "D-Bus wrapper in C++ for dbus"
+HOMEPAGE = "https://dbus-cxx.github.io/"
+SECTION = "base"
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4cf0188f02184e1e84b9586ac53c3f83"
+
+SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master"
+SRCREV = "ea7f8e361d11dc7d41d9ae2c4128aed2cdadd84e"
+
+DEPENDS = "\
+	dbus \
+	libsigc++-2.0 \
+"
+
+RDEPENDS_${PN} = "\
+	dbus \
+	libsigc++-2.0 \
+"
+
+S = "${WORKDIR}/git/"
+
+inherit pkgconfig cmake
+
+OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM = "BOTH"
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe
  2020-12-16  5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
  2020-12-16  5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
@ 2020-12-16  5:30 ` Khem Raj
  2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
  2021-01-06  6:40 ` Sean Nyekjaer
  3 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-12-16  5:30 UTC (permalink / raw)
  To: openembedded-devel; +Cc: Caio Toledo, Khem Raj

From: Caio Toledo <caioviniciusdetoledo@gmail.com>

Signed-off-by: Caio Toledo <caioviniciusdetoledo@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
index 577f2e7886..5023e49510 100644
--- a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
+++ b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
@@ -179,6 +179,7 @@ RDEPENDS_packagegroup-meta-oe-core = "\
     sdbus-c++ \
     toybox \
     usleep \
+    dbus-cxx \
 "
 RDEPENDS_packagegroup-meta-oe-core_append_libc-glibc = " glfw"
 RDEPENDS_packagegroup-meta-oe-core_remove_riscv64 = "safec"
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
  2020-12-16  5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
  2020-12-16  5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
  2020-12-16  5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
@ 2021-01-05 13:31 ` Sean Nyekjaer
  2021-01-06  6:40 ` Sean Nyekjaer
  3 siblings, 0 replies; 6+ messages in thread
From: Sean Nyekjaer @ 2021-01-05 13:31 UTC (permalink / raw)
  To: Khem Raj, openembedded-devel; +Cc: Stacy Gaikovaia



On 16/12/2020 06.30, Khem Raj wrote:
> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>
> Uprev nodejs in order to fix CVE-2020-8277.
> This CVE allows an attacker to trigger a DNS request for a host
> of their choice, which could trigger a Denial of Service in
> nodejs versions < 12.19.1.
>
> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>
> CVE: CVE-2020-8277
> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
>
Hi Khem,

Will you please backport this to gatesgarth :)

/Sean

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
  2020-12-16  5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
                   ` (2 preceding siblings ...)
  2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
@ 2021-01-06  6:40 ` Sean Nyekjaer
  2021-01-10 19:52   ` akuster
  3 siblings, 1 reply; 6+ messages in thread
From: Sean Nyekjaer @ 2021-01-06  6:40 UTC (permalink / raw)
  To: openembedded-devel, Armin Kuster



On 16/12/2020 06.30, Khem Raj wrote:
> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>
> Uprev nodejs in order to fix CVE-2020-8277.
> This CVE allows an attacker to trigger a DNS request for a host
> of their choice, which could trigger a Denial of Service in
> nodejs versions < 12.19.1.
>
> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>
> CVE: CVE-2020-8277
> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hi Armin,

Will you please backport this to gatesgarth

/Sean

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1
  2021-01-06  6:40 ` Sean Nyekjaer
@ 2021-01-10 19:52   ` akuster
  0 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2021-01-10 19:52 UTC (permalink / raw)
  To: Sean Nyekjaer, openembedded-devel



On 1/5/21 10:40 PM, Sean Nyekjaer wrote:
>
>
> On 16/12/2020 06.30, Khem Raj wrote:
>> From: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>>
>> Uprev nodejs in order to fix CVE-2020-8277.
>> This CVE allows an attacker to trigger a DNS request for a host
>> of their choice, which could trigger a Denial of Service in
>> nodejs versions < 12.19.1.
>>
>> See https://nvd.nist.gov/vuln/detail/CVE-2020-8277 for details.
>>
>> CVE: CVE-2020-8277
>> Signed-off-by: Stacy Gaikovaia <Stacy.Gaikovaia@windriver.com>
>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Hi Armin,
>
> Will you please backport this to gatesgarth
sure thing. its in the test branch.

thanks for the input.

-armin
>
> /Sean


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-01-10 19:52 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-16  5:30 [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Khem Raj
2020-12-16  5:30 ` [meta-oe][PATCH 2/3] Add recipe for dbus-cxx Khem Raj
2020-12-16  5:30 ` [meta-oe][PATCH 3/3] Add dbus-cxx to packagegroup-meta-oe Khem Raj
2021-01-05 13:31 ` [oe] [meta-oe][PATCH 1/3] nodejs: 12.19.0 -> 12.19.1 Sean Nyekjaer
2021-01-06  6:40 ` Sean Nyekjaer
2021-01-10 19:52   ` akuster

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.