| Message ID | 0173f3da37397b1c9fb379b677310f379fba5fec.camel@lists.verisure.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,dunfell] c-ares: Fix forgotten PV bump to 1.16.1 | expand |
Hi all, I think during https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/dunfell-nut&id=9ce3df8c2a10b45aa3695cf257aa27fd346d52a7 patch merge, PV variable is not updated and so CVE-2020-14354 is reported by cve tool. So removing PV can solve this. I have verified using "bitbake -c cve_check c-ares" and after removing the PV variable, cve tool is not reporting CVE-2020-14354 anymore. Thanks, Ranjitsinh
Hi Armin, did you see this updated patch? It just aligns the PV with the actual version, and it silences cve-check also. Regards //Ernst On Wed, 2022-01-12 at 08:06 +0100, Ernst Sjöstrand wrote: > Since SRCREV is pointing to the release tag we can drop the PV part and > just use it from the filename. > > Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> > --- > meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta- > oe/recipes-support/c-ares/c-ares_1.16.1.bb > index b77604797..462ed5c45 100644 > --- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb > +++ b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb > @@ -5,8 +5,6 @@ SECTION = "libs" > LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" > > -PV = "1.16.0+gitr${SRCPV}" > - > SRC_URI = "\ > git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ > file://cmake-install-libcares.pc.patch \
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb index b77604797..462ed5c45 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb @@ -5,8 +5,6 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -PV = "1.16.0+gitr${SRCPV}" - SRC_URI = "\ git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ file://cmake-install-libcares.pc.patch \
Since SRCREV is pointing to the release tag we can drop the PV part and just use it from the filename. Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> --- meta-oe/recipes-support/c-ares/c-ares_1.16.1.bb | 2 -- 1 file changed, 2 deletions(-)