* [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
@ 2020-09-03 13:58 Joe Slater
2020-09-03 14:46 ` [oe] " Khem Raj
0 siblings, 1 reply; 6+ messages in thread
From: Joe Slater @ 2020-09-03 13:58 UTC (permalink / raw)
To: openembedded-devel; +Cc: joe.slater, randy.macleod
Fix CVE-2020-15890 and CVE-2020-24372.
Also change PV format because the reference to 2.1.0-beta3
was already far behind the SRCREV. Now, base PV on the branch
name and date of SRCREV commit.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
index cc9039416..820722195 100644
--- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
+++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
@@ -3,13 +3,15 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
HOMEPAGE = "http://luajit.org"
-PV = "2.1.0~beta3"
-SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
file://clang.patch \
"
+# Set PV to the branch and date associated with SRCREV.
+PV = "v2.1-200809"
+SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
+
S = "${WORKDIR}/git"
inherit pkgconfig binconfig siteinfo
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
2020-09-03 13:58 [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's Joe Slater
@ 2020-09-03 14:46 ` Khem Raj
0 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-09-03 14:46 UTC (permalink / raw)
To: Joe Slater; +Cc: openembeded-devel, Randy MacLeod
On Thu, Sep 3, 2020 at 6:58 AM Joe Slater <joe.slater@windriver.com> wrote:
>
> Fix CVE-2020-15890 and CVE-2020-24372.
>
> Also change PV format because the reference to 2.1.0-beta3
> was already far behind the SRCREV. Now, base PV on the branch
> name and date of SRCREV commit.
>
> Signed-off-by: Joe Slater <joe.slater@windriver.com>
> ---
> meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> index cc9039416..820722195 100644
> --- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
> +++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> @@ -3,13 +3,15 @@ LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
> HOMEPAGE = "http://luajit.org"
>
> -PV = "2.1.0~beta3"
> -SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
> SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
> file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
> file://clang.patch \
> "
>
> +# Set PV to the branch and date associated with SRCREV.
> +PV = "v2.1-200809"
does this sort above 2.1.0~beta3 ? and below 2.1.0
> +SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
> +
> S = "${WORKDIR}/git"
>
> inherit pkgconfig binconfig siteinfo
> --
> 2.17.1
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
2020-09-14 16:09 ` Joe Slater
@ 2020-09-14 17:34 ` Khem Raj
0 siblings, 0 replies; 6+ messages in thread
From: Khem Raj @ 2020-09-14 17:34 UTC (permalink / raw)
To: Slater, Joseph, openembedded-devel; +Cc: MacLeod, Randy
2.1.0 will be next release whenever it happens, Current naming allows
that to drop the string after ~ and 2.1.0 will sort above that. you
might do somehting like 2.1.0~beta3+<date> perhaps.
On 9/14/20 9:09 AM, Slater, Joseph wrote:
> Yeah, I should have checked that out, but why below 2.1.0? If we change the format, we will never have a 2.1.0,
> But maybe a format of 2.1.0~? or 2.1.0-? would be better.
>
> Joe
>
> -----Original Message-----
> From: Khem Raj <raj.khem@gmail.com>
> Sent: Friday, September 11, 2020 9:49 PM
> To: Slater, Joseph <joe.slater@windriver.com>; openembedded-devel@lists.openembedded.org
> Cc: MacLeod, Randy <Randy.MacLeod@windriver.com>
> Subject: Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
>
>
>
> On 9/11/20 3:06 PM, Joe Slater wrote:
>> No comments on this? I do not see it has been accepted. Joe
>
> Thanks for reminder, there was a comment I made
>
> https://lists.openembedded.org/g/openembedded-devel/topic/76607300#86861
>
> patchwork also noticed it.
>
> https://patchwork.openembedded.org/patch/176016/
>
>>
>> -----Original Message-----
>> From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Joe Slater
>> Sent: Thursday, September 3, 2020 6:58 AM
>> To: openembedded-devel@lists.openembedded.org
>> Cc: Slater, Joseph <joe.slater@windriver.com>; MacLeod, Randy <Randy.MacLeod@windriver.com>
>> Subject: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
>>
>> Fix CVE-2020-15890 and CVE-2020-24372.
>>
>> Also change PV format because the reference to 2.1.0-beta3 was already far behind the SRCREV. Now, base PV on the branch name and date of SRCREV commit.
>>
>> Signed-off-by: Joe Slater <joe.slater@windriver.com>
>> ---
>> meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
>> index cc9039416..820722195 100644
>> --- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
>> +++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
>> @@ -3,13 +3,15 @@ LICENSE = "MIT"
>> LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
>> HOMEPAGE = "http://luajit.org"
>>
>> -PV = "2.1.0~beta3"
>> -SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
>> SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
>> file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
>> file://clang.patch \
>> "
>>
>> +# Set PV to the branch and date associated with SRCREV.
>> +PV = "v2.1-200809"
>> +SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
>> +
>> S = "${WORKDIR}/git"
>>
>> inherit pkgconfig binconfig siteinfo
>> --
>> 2.17.1
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
2020-09-12 4:49 ` Khem Raj
@ 2020-09-14 16:09 ` Joe Slater
2020-09-14 17:34 ` Khem Raj
0 siblings, 1 reply; 6+ messages in thread
From: Joe Slater @ 2020-09-14 16:09 UTC (permalink / raw)
To: Khem Raj, openembedded-devel; +Cc: MacLeod, Randy
Yeah, I should have checked that out, but why below 2.1.0? If we change the format, we will never have a 2.1.0,
But maybe a format of 2.1.0~? or 2.1.0-? would be better.
Joe
-----Original Message-----
From: Khem Raj <raj.khem@gmail.com>
Sent: Friday, September 11, 2020 9:49 PM
To: Slater, Joseph <joe.slater@windriver.com>; openembedded-devel@lists.openembedded.org
Cc: MacLeod, Randy <Randy.MacLeod@windriver.com>
Subject: Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
On 9/11/20 3:06 PM, Joe Slater wrote:
> No comments on this? I do not see it has been accepted. Joe
Thanks for reminder, there was a comment I made
https://lists.openembedded.org/g/openembedded-devel/topic/76607300#86861
patchwork also noticed it.
https://patchwork.openembedded.org/patch/176016/
>
> -----Original Message-----
> From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Joe Slater
> Sent: Thursday, September 3, 2020 6:58 AM
> To: openembedded-devel@lists.openembedded.org
> Cc: Slater, Joseph <joe.slater@windriver.com>; MacLeod, Randy <Randy.MacLeod@windriver.com>
> Subject: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
>
> Fix CVE-2020-15890 and CVE-2020-24372.
>
> Also change PV format because the reference to 2.1.0-beta3 was already far behind the SRCREV. Now, base PV on the branch name and date of SRCREV commit.
>
> Signed-off-by: Joe Slater <joe.slater@windriver.com>
> ---
> meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> index cc9039416..820722195 100644
> --- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
> +++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> @@ -3,13 +3,15 @@ LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
> HOMEPAGE = "http://luajit.org"
>
> -PV = "2.1.0~beta3"
> -SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
> SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
> file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
> file://clang.patch \
> "
>
> +# Set PV to the branch and date associated with SRCREV.
> +PV = "v2.1-200809"
> +SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
> +
> S = "${WORKDIR}/git"
>
> inherit pkgconfig binconfig siteinfo
> --
> 2.17.1
>
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
2020-09-11 22:06 ` Joe Slater
@ 2020-09-12 4:49 ` Khem Raj
2020-09-14 16:09 ` Joe Slater
0 siblings, 1 reply; 6+ messages in thread
From: Khem Raj @ 2020-09-12 4:49 UTC (permalink / raw)
To: Joe Slater, openembedded-devel; +Cc: MacLeod, Randy
[-- Attachment #1: Type: text/plain, Size: 2092 bytes --]
On 9/11/20 3:06 PM, Joe Slater wrote:
> No comments on this? I do not see it has been accepted. Joe
Thanks for reminder, there was a comment I made
https://lists.openembedded.org/g/openembedded-devel/topic/76607300#86861
patchwork also noticed it.
https://patchwork.openembedded.org/patch/176016/
>
> -----Original Message-----
> From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Joe Slater
> Sent: Thursday, September 3, 2020 6:58 AM
> To: openembedded-devel@lists.openembedded.org
> Cc: Slater, Joseph <joe.slater@windriver.com>; MacLeod, Randy <Randy.MacLeod@windriver.com>
> Subject: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
>
> Fix CVE-2020-15890 and CVE-2020-24372.
>
> Also change PV format because the reference to 2.1.0-beta3 was already far behind the SRCREV. Now, base PV on the branch name and date of SRCREV commit.
>
> Signed-off-by: Joe Slater <joe.slater@windriver.com>
> ---
> meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> index cc9039416..820722195 100644
> --- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
> +++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
> @@ -3,13 +3,15 @@ LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
> HOMEPAGE = "http://luajit.org"
>
> -PV = "2.1.0~beta3"
> -SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
> SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
> file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
> file://clang.patch \
> "
>
> +# Set PV to the branch and date associated with SRCREV.
> +PV = "v2.1-200809"
> +SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
> +
> S = "${WORKDIR}/git"
>
> inherit pkgconfig binconfig siteinfo
> --
> 2.17.1
>
>
>
>
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 2373 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
[not found] <16314ABFB8306B25.8972@lists.openembedded.org>
@ 2020-09-11 22:06 ` Joe Slater
2020-09-12 4:49 ` Khem Raj
0 siblings, 1 reply; 6+ messages in thread
From: Joe Slater @ 2020-09-11 22:06 UTC (permalink / raw)
To: Slater, Joseph, openembedded-devel; +Cc: MacLeod, Randy
No comments on this? I do not see it has been accepted. Joe
-----Original Message-----
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Joe Slater
Sent: Thursday, September 3, 2020 6:58 AM
To: openembedded-devel@lists.openembedded.org
Cc: Slater, Joseph <joe.slater@windriver.com>; MacLeod, Randy <Randy.MacLeod@windriver.com>
Subject: [oe] [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's
Fix CVE-2020-15890 and CVE-2020-24372.
Also change PV format because the reference to 2.1.0-beta3 was already far behind the SRCREV. Now, base PV on the branch name and date of SRCREV commit.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
meta-oe/recipes-devtools/luajit/luajit_git.bb | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta-oe/recipes-devtools/luajit/luajit_git.bb b/meta-oe/recipes-devtools/luajit/luajit_git.bb
index cc9039416..820722195 100644
--- a/meta-oe/recipes-devtools/luajit/luajit_git.bb
+++ b/meta-oe/recipes-devtools/luajit/luajit_git.bb
@@ -3,13 +3,15 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d739bb9250a55c124a545b588fd76771"
HOMEPAGE = "http://luajit.org"
-PV = "2.1.0~beta3"
-SRCREV = "0ad60ccbc3768fa8e3e726858adf261950edbc22"
SRC_URI = "git://luajit.org/git/luajit-2.0.git;protocol=http;branch=v2.1 \
file://0001-Do-not-strip-automatically-this-leaves-the-stripping.patch \
file://clang.patch \
"
+# Set PV to the branch and date associated with SRCREV.
+PV = "v2.1-200809"
+SRCREV = "94d4abcca966df2cc423e821bcacd04898f73117"
+
S = "${WORKDIR}/git"
inherit pkgconfig binconfig siteinfo
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-09-14 17:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-03 13:58 [meta-oe][PATCH 1/1] luajit: advance SRCREV to fix two CVE's Joe Slater
2020-09-03 14:46 ` [oe] " Khem Raj
[not found] <16314ABFB8306B25.8972@lists.openembedded.org>
2020-09-11 22:06 ` Joe Slater
2020-09-12 4:49 ` Khem Raj
2020-09-14 16:09 ` Joe Slater
2020-09-14 17:34 ` Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.