| Message ID | cover.1772963425.git.scott.murray@konsulko.com |
|---|---|
| Headers | show |
| Series | Weston 15.0.0 upgrade | expand |
On Sun, 8 Mar 2026, Scott Murray via lists.openembedded.org wrote: > Commit f5b980ad added CVE-2024-42040.patch to the base U-Boot > SRC_URI in u-boot-common.inc as opposed to adding it in the > u-boot recipe where all the other patch additions are. This > breaks at least one downstream BSP that reuses u-boot-common.inc > (meta-sifive), so move that patch addition to the recipe file > with all the others. > > Signed-off-by: Scott Murray <scott.murray@konsulko.com> Please ignore, I accidentally resent this. Scott > --- > meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +--- > meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 + > 2 files changed, 2 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc > index 7a63420642..d366f10398 100644 > --- a/meta/recipes-bsp/u-boot/u-boot-common.inc > +++ b/meta/recipes-bsp/u-boot/u-boot-common.inc > @@ -14,9 +14,7 @@ PE = "1" > # repo during parse > SRCREV = "d637294e264adfeb29f390dfc393106fd4d41b17" > > -SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \ > - file://CVE-2024-42040.patch \ > -" > +SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" > > S = "${WORKDIR}/git" > B = "${WORKDIR}/build" > diff --git a/meta/recipes-bsp/u-boot/u-boot_2022.01.bb b/meta/recipes-bsp/u-boot/u-boot_2022.01.bb > index 0ff2477c39..f0ea3ef9e0 100644 > --- a/meta/recipes-bsp/u-boot/u-boot_2022.01.bb > +++ b/meta/recipes-bsp/u-boot/u-boot_2022.01.bb > @@ -11,6 +11,7 @@ SRC_URI += " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ > file://CVE-2022-30790.patch \ > file://CVE-2022-2347_1.patch \ > file://CVE-2022-2347_2.patch \ > + file://CVE-2024-42040.patch \ > file://CVE-2024-57254.patch \ > file://CVE-2024-57255.patch \ > file://CVE-2024-57256.patch \ >
Per discussion on the dev call this past week, here's an upgrade of the Weston recipe to the recent 15.0.0 release to hopefully make M3. I have successfully tested core-image-weston on all the QEMU platforms, and I believe the couple of failures I saw in my local selftests are explainable (e.g. the tarball not being in YP's download cache). Note that I have left the now deprecated fullscreen-shell and screen-share options in PACkAGECONFIG to avoid causing issues this close to feature freeze. I think it would make sense to take them out of the default options post-LTS and consider removing the RDP example from weston.ini (or replacing it with e.g. VNC). Best rregards, Scott Changes: Scott Murray (1): weston: update to 15.0.0 .../wayland/weston-init/weston.ini | 2 +- ...d-drm-meson.build-allow-libdisplay-i.patch | 28 ------------------- .../{weston_14.0.2.bb => weston_15.0.0.bb} | 17 +++++++---- 3 files changed, 12 insertions(+), 35 deletions(-) delete mode 100644 meta/recipes-graphics/wayland/weston/0001-libweston-backend-drm-meson.build-allow-libdisplay-i.patch rename meta/recipes-graphics/wayland/{weston_14.0.2.bb => weston_15.0.0.bb} (88%)