Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist (#10555) #10650

Merged
merged 1 commit into from
Apr 23, 2022
Merged

[CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist (#10555) #10650

merged 1 commit into from
Apr 23, 2022

Conversation

liushilongbuaa
Copy link
Contributor

@liushilongbuaa liushilongbuaa commented Apr 22, 2022
edited
Loading

Why I did it

cherry-pick security related PR from master branch
#10555

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@richardyu-ms @liushilongbuaa
[CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist (
8edbc9a 
sonic-net#10555)

* [CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>

* add more information in patch

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>

* Update 0003-Remove-minimist-packages.patch

* change the thrift 0.14.1 to package download

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>

* use the series file for patching

* fix a code defect
@xumia xumia requested a review from richardyu-ms April 22, 2022 09:18
@xumia
Copy link
Collaborator

xumia commented Apr 22, 2022

@liushilongbuaa , could you please refine the PR description for the cherry-pick pr.

@liushilongbuaa liushilongbuaa changed the title [CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimis… [CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist (#10555) Apr 22, 2022
@qiluo-msft
Copy link
Collaborator

@liushilongbuaa , could you please add the PR description: the cherry-pick PR link? Not just in the PR title.

@liushilongbuaa liushilongbuaa merged commit 4280a23 into sonic-net:202111 Apr 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richardyu-ms richardyu-ms richardyu-ms approved these changes

@xumia xumia xumia approved these changes

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@liushilongbuaa @xumia @qiluo-msft @richardyu-ms