diff mbox series

[scarthgap,1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch

Message ID 93ea4608b9ed81e9cd3d34030fb74895598d06a1.1737352688.git.liezhi.yang@windriver.com
State Rejected
Delegated to: Steve Sakoman
Headers show
Series [scarthgap,1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch | expand

Commit Message

Robert Yang Jan. 20, 2025, 6 a.m. UTC 
From: Robert Yang <liezhi.yang@windriver.com>

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
 1 file changed, 1 insertion(+)

Comments

Peter Marko Jan. 21, 2025, 4:41 p.m. UTC | #1 
This is not correct.

The patch CVE-2024-3596_00 does not fix any part of that CVE.
As the commit message says, it's a style commit so that real CVE patches apply cleanly.
If it bothers you that it has CVE in filename but no CVE, maybe rename it instead adding incorrect tag?

Peter

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Robert Yang via
> lists.openembedded.org
> Sent: Monday, January 20, 2025 7:01
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
> 2024-3596_00.patch
> 
> From: Robert Yang <liezhi.yang@windriver.com>
> 
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> ---
>  .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
> supplicant/CVE-2024-3596_00.patch
> index 7a8197d2b4..58e1327f2b 100644
> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch
> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
> 3596_00.patch
> @@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
> no string
> 
>  Signed-off-by: Jouni Malinen <j@w1.fi>
> 
> +CVE: CVE-2024-3596
>  Upstream-Status: Backport
> [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
> 432d1]
>  Signed-off-by: Peter Marko <peter.marko@siemens.com>
>  ---
> --
> 2.44.1
Robert Yang Jan. 22, 2025, 7:34 a.m. UTC | #2 
On 1/22/25 00:41, Marko, Peter wrote:
> This is not correct.
> 
> The patch CVE-2024-3596_00 does not fix any part of that CVE.
> As the commit message says, it's a style commit so that real CVE patches apply cleanly.
> If it bothers you that it has CVE in filename but no CVE, maybe rename it instead adding incorrect tag?

The cve patches can't be applied without it, may we should just leave it as the 
current status.

// Robert

> 
> Peter
> 
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-
>> core@lists.openembedded.org> On Behalf Of Robert Yang via
>> lists.openembedded.org
>> Sent: Monday, January 20, 2025 7:01
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
>> 2024-3596_00.patch
>>
>> From: Robert Yang <liezhi.yang@windriver.com>
>>
>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
>> ---
>>   .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch         | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
>> supplicant/CVE-2024-3596_00.patch
>> index 7a8197d2b4..58e1327f2b 100644
>> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> @@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
>> no string
>>
>>   Signed-off-by: Jouni Malinen <j@w1.fi>
>>
>> +CVE: CVE-2024-3596
>>   Upstream-Status: Backport
>> [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
>> 432d1]
>>   Signed-off-by: Peter Marko <peter.marko@siemens.com>
>>   ---
>> --
>> 2.44.1
>
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
index 7a8197d2b4..58e1327f2b 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
@@ -6,6 +6,7 @@  Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup - no string
 
 Signed-off-by: Jouni Malinen <j@w1.fi>
 
+CVE: CVE-2024-3596
 Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac432d1]
 Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---