[yocto] [PATCH 5/7][meta-openembedded] Update nginx to 1.9.5
Jens Rehsack
rehsack at gmail.com
Thu Oct 8 07:52:30 PDT 2015
> Am 02.10.2015 um 03:25 schrieb Khem Raj <raj.khem at gmail.com>:
>
> Jens
>
>
>> On Oct 1, 2015, at 11:18 AM, Jens Rehsack <rehsack at gmail.com> wrote:
>>
>>
>> many bux-fixes, optmizations and features added:
>>
>> Changes with nginx 1.9.5 22 Sep 2015
>>
>> [...]
>> *) Security: a stack-based buffer overflow might occur in a worker
>> process while handling a specially crafted request, potentially
>> resulting in arbitrary code execution (CVE-2013-2028); the bug had
>> appeared in 1.3.9.
>> Thanks to Greg MacManus, iSIGHT Partners Labs.
>>
>
>
> This is good info. Although a link to diff in cgit or web view of whatever SCM nginx uses would have done too.
That's simply the Changelog. It's an update, not a fix for a critical issue.
Do you really ask me to list each fixed bug from nginx' ticket list?
>> Signed-off-by: Jens Rehsack <sno at netbsd.org>
>> [...]
>> --- a/meta-webserver/recipes-httpd/nginx/nginx_1.4.4.bb
>> +++ /dev/null
>
>
> please user git format-patch -M to let git work harder on detecting renames, its way easier to review the changes that way
> this patch belongs to openembedded-devel list so please resend it there with prefixing the layer in meta-openembedded repo [meta-webserver] where the patch is applied.
Sure, will do when I have feedback regarding above question.
Regarding the other 6 patches - is just the right layer and "-M" missing?
Do I have to improve them anyhow (beside what Martin Jansa and Khem criticized: missing description here and there)?
>> [...]
Cheers
--
Jens Rehsack - rehsack at gmail.com
More information about the yocto
mailing list