Skip to content

jazzy: Backport Patch CVE-2024-42002 #998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 3, 2025
Merged

jazzy: Backport Patch CVE-2024-42002 #998

merged 2 commits into from
Apr 3, 2025

Conversation

mjcarroll
Copy link
Member

No description provided.

@florcabral @mjcarroll
Patch CVE-2024-42002
8c574ed 
Signed-off-by: Florencia <[email protected]>
Signed-off-by: Michael Carroll <[email protected]>
@mjcarroll mjcarroll self-assigned this Apr 2, 2025
@mjcarroll mjcarroll marked this pull request as ready for review April 2, 2025 22:24
@mjcarroll

This comment was marked as outdated.

Sign in to view
@mjcarroll
Copy link
Member Author

Pulls: #998
Gist: https://gist.githubusercontent.com/mjcarroll/16994426a24e3caeb9ac8b407231ba6f/raw/356c16eaefb63cd2ba433923073be5992a55f1e6/ros2.repos
BUILD args: --packages-up-to ros2cli
TEST args: --packages-select ros2topic
ROS Distro: jazzy
Job: ci_launcher
ci_launcher ran: https://ci.ros2.org/job/ci_launcher/15554

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

christophebedard
christophebedard reviewed Apr 2, 2025
View reviewed changes
@mjcarroll
Fix merge
ed662bd 
Signed-off-by: Michael Carroll <[email protected]>
@mjcarroll mjcarroll changed the title Backport CVE-2024-42002 Patch jazzy: Backport Patch CVE-2024-42002 Apr 2, 2025
@mjcarroll
Copy link
Member Author

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

fujitatomoya
fujitatomoya reviewed Apr 2, 2025
View reviewed changes
Copy link
Collaborator

@fujitatomoya fujitatomoya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjcarroll can you share more context or background here? i am not sure where this is come from, and why we are targeting jazzy but rolling?

@mjcarroll
Copy link
Member Author

@fujitatomoya This was reported a little while back and was landed in rolling here, this just represents the backport: 644310d

It sort of looks like it came from nowhere because of the way that Github does security advisories. You can see the rest of the context here: GHSA-xgqj-p3j3-8jw4 Basically, we iterated in a private fork and did the reviews there before merging to rolling.

fujitatomoya
fujitatomoya approved these changes Apr 3, 2025
View reviewed changes
Copy link
Collaborator

@fujitatomoya fujitatomoya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjcarroll i see, thanks for the explanation.

@fujitatomoya
Copy link
Collaborator

CI:

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

ahcorde
ahcorde approved these changes Apr 3, 2025
View reviewed changes
Copy link
Contributor

@ahcorde ahcorde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Linux Build Status
  • Linux-aarch64 Build Status
  • Linux-rhel Build Status
  • Windows Build Status

@ahcorde ahcorde merged commit f037c19 into jazzy Apr 3, 2025
2 checks passed
@ahcorde ahcorde deleted the mjcarroll/backport_2024_42002_fix branch April 3, 2025 15:39
@christophebedard christophebedard mentioned this pull request Apr 4, 2025
Closed
christophebedard
christophebedard reviewed Apr 4, 2025
View reviewed changes
Copy link
Member

@christophebedard christophebedard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just documenting some findings here for #1002

@christophebedard christophebedard mentioned this pull request Apr 4, 2025
Open
@christophebedard
Copy link
Member

Just documenting some findings here for #1002

Fixing those in #1003

christophebedard added a commit that referenced this pull request Apr 4, 2025
@christophebedard
Revert "jazzy: Backport Patch CVE-2024-42002 (#998)"
dd5b35b 
This reverts commit f037c19.
@christophebedard christophebedard mentioned this pull request Apr 4, 2025
Merged
christophebedard added a commit that referenced this pull request Apr 4, 2025
@christophebedard
Revert "jazzy: Backport Patch CVE-2024-42002 (#998)"
a7bc000 
This reverts commit f037c19.

Signed-off-by: Christophe Bedard <[email protected]>
christophebedard added a commit that referenced this pull request Apr 4, 2025
@christophebedard
Revert "jazzy: Backport Patch CVE-2024-42002 (#998)" (#1004)
2b92566 
This reverts commit f037c19.

Signed-off-by: Christophe Bedard <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christophebedard christophebedard christophebedard left review comments

@ahcorde ahcorde ahcorde approved these changes

@fujitatomoya fujitatomoya fujitatomoya approved these changes

Assignees

@mjcarroll mjcarroll

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mjcarroll @fujitatomoya @christophebedard @ahcorde @florcabral