Message ID | 20220531141645.3401821-1-davide.gardenal@huawei.com |
---|---|
State | New, archived |
Headers | show |
Series | [master,kirkstone] ncurses: update to patchlevel 20220423 | expand |
This is effectively updating to a development snapshot, would it be better to backport just the CVE fix like was just sent for dunfell? Alex On Tue, 31 May 2022 at 16:16, Davide Gardenal <davidegarde2000@gmail.com> wrote: > > CVE: CVE-2022-29458 > > Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > --- > meta/recipes-core/ncurses/ncurses.inc | 2 +- > .../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%) > > diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc > index 7a7c7dd227..1abcfae1fe 100644 > --- a/meta/recipes-core/ncurses/ncurses.inc > +++ b/meta/recipes-core/ncurses/ncurses.inc > @@ -2,7 +2,7 @@ SUMMARY = "The New Curses library" > DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library." > HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html" > LICENSE = "MIT" > -LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27" > +LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27" > SECTION = "libs" > DEPENDS = "ncurses-native" > DEPENDS:class-native = "" > diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb > similarity index 77% > rename from meta/recipes-core/ncurses/ncurses_6.3.bb > rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb > index f0256dad22..f67a3f5bf4 100644 > --- a/meta/recipes-core/ncurses/ncurses_6.3.bb > +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb > @@ -5,10 +5,10 @@ SRC_URI += "file://0001-tic-hang.patch \ > file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ > " > # commit id corresponds to the revision in package version > -SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced" > +SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" > S = "${WORKDIR}/git" > EXTRA_OECONF += "--with-abi-version=5" > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$" > > # This is needed when using patchlevel versions like 6.1+20181013 > -#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}" > +CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}" > -- > 2.32.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#166312): https://lists.openembedded.org/g/openembedded-core/message/166312 > Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Are you sure that this is a development snapshot? I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423 Sorry I'm not that familiar with ncurses version naming scheme. Davide
That is debian-specific versioning, but upstream has its releases here: https://ftp.gnu.org/pub/gnu/ncurses/ On top of that there are patches, each numbered with a date, but they're not releases: https://salsa.debian.org/debian/ncurses/-/commits/upstream/6.3+20220423 Alex On Wed, 1 Jun 2022 at 09:35, Davide Gardenal <davidegarde2000@gmail.com> wrote: > > Are you sure that this is a development snapshot? > I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423 > Sorry I'm not that familiar with ncurses version naming scheme. > > Davide > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#166359): https://lists.openembedded.org/g/openembedded-core/message/166359 > Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index 7a7c7dd227..1abcfae1fe 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc @@ -2,7 +2,7 @@ SUMMARY = "The New Curses library" DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library." HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27" +LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27" SECTION = "libs" DEPENDS = "ncurses-native" DEPENDS:class-native = "" diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb similarity index 77% rename from meta/recipes-core/ncurses/ncurses_6.3.bb rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb index f0256dad22..f67a3f5bf4 100644 --- a/meta/recipes-core/ncurses/ncurses_6.3.bb +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb @@ -5,10 +5,10 @@ SRC_URI += "file://0001-tic-hang.patch \ file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ " # commit id corresponds to the revision in package version -SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced" +SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" S = "${WORKDIR}/git" EXTRA_OECONF += "--with-abi-version=5" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$" # This is needed when using patchlevel versions like 6.1+20181013 -#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}" +CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
CVE: CVE-2022-29458 Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- meta/recipes-core/ncurses/ncurses.inc | 2 +- .../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)