| Message ID | 20230117164244.382243-1-Randy.MacLeod@windriver.com |
|---|---|
| State | Accepted, archived |
| Commit | 1c51068c78d12ee02789a6dbecf5e7e91d141af5 |
| Headers | show |
| Series | vim: upgrade 9.0.0947 -> 9.0.1211 | expand |
In the recipe it includes following: # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = “1” Should we attempt to remove it, given that this is now 9.0? > On Jan 17, 2023, at 11:42 AM, Randy MacLeod <Randy.MacLeod@windriver.com> wrote: > > Includes fixes for: > https://nvd.nist.gov/vuln/detail/CVE-2023-0049 > https://nvd.nist.gov/vuln/detail/CVE-2023-0051 > https://nvd.nist.gov/vuln/detail/CVE-2023-0054 > https://nvd.nist.gov/vuln/detail/CVE-2023-0288 > > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> > --- > meta/recipes-support/vim/vim.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc > index d86841efaa..9bc6881fce 100644 > --- a/meta/recipes-support/vim/vim.inc > +++ b/meta/recipes-support/vim/vim.inc > @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ > file://no-path-adjust.patch \ > " > > -PV .= ".0947" > -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" > +PV .= ".1211" > +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" > > # Remove when 8.3 is out > UPSTREAM_VERSION_UNKNOWN = "1" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#176054): https://lists.openembedded.org/g/openembedded-core/message/176054 > Mute This Topic: https://lists.openembedded.org/mt/96333742/7355053 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [contrib@zhengqiu.net] > -=-=-=-=-=-=-=-=-=-=-=- >
vim is a 'special' upstream, because: - they tag every commit with a 'release' tag https://github.com/vim/vim/tags - there is a never ending stream of CVE vulnerabilities coming from them We tried to stick with major versions only and backport the CVEs, but that quickly became unsustainable. So instead we just bump to the latest commit, admittedly a random one, whenever new CVEs show up. The comment in the recipe should be removed or rewritten. Alex On Mon, 23 Jan 2023 at 20:14, Zheng Qiu <contrib@zhengqiu.net> wrote: > > In the recipe it includes following: > # Remove when 8.3 is out > UPSTREAM_VERSION_UNKNOWN = “1” > > Should we attempt to remove it, given that this is now 9.0? > > > On Jan 17, 2023, at 11:42 AM, Randy MacLeod <Randy.MacLeod@windriver.com> wrote: > > > > Includes fixes for: > > https://nvd.nist.gov/vuln/detail/CVE-2023-0049 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0051 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0054 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0288 > > > > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> > > --- > > meta/recipes-support/vim/vim.inc | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc > > index d86841efaa..9bc6881fce 100644 > > --- a/meta/recipes-support/vim/vim.inc > > +++ b/meta/recipes-support/vim/vim.inc > > @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ > > file://no-path-adjust.patch \ > > " > > > > -PV .= ".0947" > > -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" > > +PV .= ".1211" > > +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" > > > > # Remove when 8.3 is out > > UPSTREAM_VERSION_UNKNOWN = "1" > > -- > > 2.34.1 > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#176316): https://lists.openembedded.org/g/openembedded-core/message/176316 > Mute This Topic: https://lists.openembedded.org/mt/96333742/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index d86841efaa..9bc6881fce 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".0947" -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" +PV .= ".1211" +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1"
Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)