| Message ID | a1b322d5dde27461a6b972b051a120ef3c96d204.1739913090.git.steve@sakoman.com |
|---|---|
| State | RFC |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [scarthgap,1/7] subversion: ignore CVE-2024-45720 | expand |
Le mar. 18 févr. 2025 à 22:15, Steve Sakoman via lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> a écrit : > From: Peter Marko <peter.marko@siemens.com> > > Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720 > > This CVE is relevant only for subversion running on Windows. > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > Signed-off-by: Steve Sakoman <steve@sakoman.com> > Hi Steve, Sorry to bother you with this but Sofiane Hamam gave its Reviewed-by here: https://lists.openembedded.org/g/openembedded-core/topic/111147177#msg211378 He worked on fixing the CVE but Peter was faster so he gave its reviewed-by. It would be nice if that ended up in the repository. Thanks! > --- > meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb > b/meta/recipes-devtools/subversion/subversion_1.14.3.bb > index 1ef3d498a5..679228cbb8 100644 > --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb > +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb > @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native > > CVE_PRODUCT = "apache:subversion" > > +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies > on Windows" > + > PACKAGECONFIG ?= "" > > PACKAGECONFIG[boost] = > "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost" > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#211653): > https://lists.openembedded.org/g/openembedded-core/message/211653 > Mute This Topic: https://lists.openembedded.org/mt/111258880/4316185 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Wed, Feb 19, 2025 at 12:33 AM Yoann Congal <yoann.congal@smile.fr> wrote: > > > > Le mar. 18 févr. 2025 à 22:15, Steve Sakoman via lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> a écrit : >> >> From: Peter Marko <peter.marko@siemens.com> >> >> Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720 >> >> This CVE is relevant only for subversion running on Windows. >> >> Signed-off-by: Peter Marko <peter.marko@siemens.com> >> Signed-off-by: Steve Sakoman <steve@sakoman.com> > > > Hi Steve, > > Sorry to bother you with this but Sofiane Hamam gave its Reviewed-by here: > https://lists.openembedded.org/g/openembedded-core/topic/111147177#msg211378 > > He worked on fixing the CVE but Peter was faster so he gave its reviewed-by. It would be nice if that ended up in the repository. OK, I'll make it so! Steve >> meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb >> index 1ef3d498a5..679228cbb8 100644 >> --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb >> +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb >> @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native >> >> CVE_PRODUCT = "apache:subversion" >> >> +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows" >> + >> PACKAGECONFIG ?= "" >> >> PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost" >> -- >> 2.43.0 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#211653): https://lists.openembedded.org/g/openembedded-core/message/211653 >> Mute This Topic: https://lists.openembedded.org/mt/111258880/4316185 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [yoann.congal@smile.fr] >> -=-=-=-=-=-=-=-=-=-=-=- >> > > > -- > Yoann Congal > Smile ECS - Tech expert
Le mer. 19 févr. 2025 à 15:42, Steve Sakoman <steve@sakoman.com> a écrit : > On Wed, Feb 19, 2025 at 12:33 AM Yoann Congal <yoann.congal@smile.fr> > wrote: > > > > > > > > Le mar. 18 févr. 2025 à 22:15, Steve Sakoman via lists.openembedded.org > <steve=sakoman.com@lists.openembedded.org> a écrit : > >> > >> From: Peter Marko <peter.marko@siemens.com> > >> > >> Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45720 > >> > >> This CVE is relevant only for subversion running on Windows. > >> > >> Signed-off-by: Peter Marko <peter.marko@siemens.com> > >> Signed-off-by: Steve Sakoman <steve@sakoman.com> > > > > > > Hi Steve, > > > > Sorry to bother you with this but Sofiane Hamam gave its Reviewed-by > here: > > > https://lists.openembedded.org/g/openembedded-core/topic/111147177#msg211378 > > > > He worked on fixing the CVE but Peter was faster so he gave its > reviewed-by. It would be nice if that ended up in the repository. > > OK, I'll make it so! > Thanks Steve! :) > > Steve > > >> meta/recipes-devtools/subversion/subversion_1.14.3.bb | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb > b/meta/recipes-devtools/subversion/subversion_1.14.3.bb > >> index 1ef3d498a5..679228cbb8 100644 > >> --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb > >> +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb > >> @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native > >> > >> CVE_PRODUCT = "apache:subversion" > >> > >> +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only > applies on Windows" > >> + > >> PACKAGECONFIG ?= "" > >> > >> PACKAGECONFIG[boost] = > "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost" > >> -- > >> 2.43.0 > >> > >> > >> -=-=-=-=-=-=-=-=-=-=-=- > >> Links: You receive all messages sent to this group. > >> View/Reply Online (#211653): > https://lists.openembedded.org/g/openembedded-core/message/211653 > >> Mute This Topic: https://lists.openembedded.org/mt/111258880/4316185 > >> Group Owner: openembedded-core+owner@lists.openembedded.org > >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > >> -=-=-=-=-=-=-=-=-=-=-=- > >> > > > > > > -- > > Yoann Congal > > Smile ECS - Tech expert >
diff --git a/meta/recipes-devtools/subversion/subversion_1.14.3.bb b/meta/recipes-devtools/subversion/subversion_1.14.3.bb index 1ef3d498a5..679228cbb8 100644 --- a/meta/recipes-devtools/subversion/subversion_1.14.3.bb +++ b/meta/recipes-devtools/subversion/subversion_1.14.3.bb @@ -19,6 +19,8 @@ inherit autotools pkgconfig gettext python3native CVE_PRODUCT = "apache:subversion" +CVE_STATUS[CVE-2024-45720] = "not-applicable-platform: Issue only applies on Windows" + PACKAGECONFIG ?= "" PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"