* [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423
@ 2022-05-31 14:16 Davide Gardenal
2022-06-01 7:24 ` [OE-core] " Alexander Kanavin
0 siblings, 1 reply; 4+ messages in thread
From: Davide Gardenal @ 2022-05-31 14:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Davide Gardenal
CVE: CVE-2022-29458
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
---
meta/recipes-core/ncurses/ncurses.inc | 2 +-
.../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index 7a7c7dd227..1abcfae1fe 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -2,7 +2,7 @@ SUMMARY = "The New Curses library"
DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library."
HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27"
SECTION = "libs"
DEPENDS = "ncurses-native"
DEPENDS:class-native = ""
diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
similarity index 77%
rename from meta/recipes-core/ncurses/ncurses_6.3.bb
rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index f0256dad22..f67a3f5bf4 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -5,10 +5,10 @@ SRC_URI += "file://0001-tic-hang.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
"
# commit id corresponds to the revision in package version
-SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced"
+SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
S = "${WORKDIR}/git"
EXTRA_OECONF += "--with-abi-version=5"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$"
# This is needed when using patchlevel versions like 6.1+20181013
-#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
+CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
--
2.32.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423
2022-05-31 14:16 [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423 Davide Gardenal
@ 2022-06-01 7:24 ` Alexander Kanavin
2022-06-01 7:35 ` Davide Gardenal
0 siblings, 1 reply; 4+ messages in thread
From: Alexander Kanavin @ 2022-06-01 7:24 UTC (permalink / raw)
To: Davide Gardenal; +Cc: OE-core, Davide Gardenal
This is effectively updating to a development snapshot, would it be
better to backport just the CVE fix like was just sent for dunfell?
Alex
On Tue, 31 May 2022 at 16:16, Davide Gardenal <davidegarde2000@gmail.com> wrote:
>
> CVE: CVE-2022-29458
>
> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> ---
> meta/recipes-core/ncurses/ncurses.inc | 2 +-
> .../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
> rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)
>
> diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
> index 7a7c7dd227..1abcfae1fe 100644
> --- a/meta/recipes-core/ncurses/ncurses.inc
> +++ b/meta/recipes-core/ncurses/ncurses.inc
> @@ -2,7 +2,7 @@ SUMMARY = "The New Curses library"
> DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library."
> HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html"
> LICENSE = "MIT"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27"
> SECTION = "libs"
> DEPENDS = "ncurses-native"
> DEPENDS:class-native = ""
> diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> similarity index 77%
> rename from meta/recipes-core/ncurses/ncurses_6.3.bb
> rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> index f0256dad22..f67a3f5bf4 100644
> --- a/meta/recipes-core/ncurses/ncurses_6.3.bb
> +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> @@ -5,10 +5,10 @@ SRC_URI += "file://0001-tic-hang.patch \
> file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
> "
> # commit id corresponds to the revision in package version
> -SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced"
> +SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
> S = "${WORKDIR}/git"
> EXTRA_OECONF += "--with-abi-version=5"
> UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$"
>
> # This is needed when using patchlevel versions like 6.1+20181013
> -#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
> +CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
> --
> 2.32.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166312): https://lists.openembedded.org/g/openembedded-core/message/166312
> Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423
2022-06-01 7:24 ` [OE-core] " Alexander Kanavin
@ 2022-06-01 7:35 ` Davide Gardenal
2022-06-01 7:47 ` [OE-core] " Alexander Kanavin
0 siblings, 1 reply; 4+ messages in thread
From: Davide Gardenal @ 2022-06-01 7:35 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 215 bytes --]
Are you sure that this is a development snapshot?
I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423
Sorry I'm not that familiar with ncurses version naming scheme.
Davide
[-- Attachment #2: Type: text/html, Size: 345 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423
2022-06-01 7:35 ` Davide Gardenal
@ 2022-06-01 7:47 ` Alexander Kanavin
0 siblings, 0 replies; 4+ messages in thread
From: Alexander Kanavin @ 2022-06-01 7:47 UTC (permalink / raw)
To: Davide Gardenal; +Cc: OE-core
That is debian-specific versioning, but upstream has its releases here:
https://ftp.gnu.org/pub/gnu/ncurses/
On top of that there are patches, each numbered with a date, but
they're not releases:
https://salsa.debian.org/debian/ncurses/-/commits/upstream/6.3+20220423
Alex
On Wed, 1 Jun 2022 at 09:35, Davide Gardenal <davidegarde2000@gmail.com> wrote:
>
> Are you sure that this is a development snapshot?
> I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423
> Sorry I'm not that familiar with ncurses version naming scheme.
>
> Davide
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166359): https://lists.openembedded.org/g/openembedded-core/message/166359
> Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-01 7:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31 14:16 [master][kirkstone][PATCH] ncurses: update to patchlevel 20220423 Davide Gardenal
2022-06-01 7:24 ` [OE-core] " Alexander Kanavin
2022-06-01 7:35 ` Davide Gardenal
2022-06-01 7:47 ` [OE-core] " Alexander Kanavin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.