diff mbox series

[master,kirkstone] ncurses: update to patchlevel 20220423

Message ID 20220531141645.3401821-1-davide.gardenal@huawei.com
State New, archived
Headers show
Series [master,kirkstone] ncurses: update to patchlevel 20220423 | expand

Commit Message

Davide Gardenal May 31, 2022, 2:16 p.m. UTC 
CVE: CVE-2022-29458

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
---
 meta/recipes-core/ncurses/ncurses.inc                         | 2 +-
 .../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb}       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)

Comments

Alexander Kanavin June 1, 2022, 7:24 a.m. UTC | #1 
This is effectively updating to a development snapshot, would it be
better to backport just the CVE fix like was just sent for dunfell?

Alex

On Tue, 31 May 2022 at 16:16, Davide Gardenal <davidegarde2000@gmail.com> wrote:
>
> CVE: CVE-2022-29458
>
> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> ---
>  meta/recipes-core/ncurses/ncurses.inc                         | 2 +-
>  .../ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb}       | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
>  rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)
>
> diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
> index 7a7c7dd227..1abcfae1fe 100644
> --- a/meta/recipes-core/ncurses/ncurses.inc
> +++ b/meta/recipes-core/ncurses/ncurses.inc
> @@ -2,7 +2,7 @@ SUMMARY = "The New Curses library"
>  DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library."
>  HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html"
>  LICENSE = "MIT"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27"
>  SECTION = "libs"
>  DEPENDS = "ncurses-native"
>  DEPENDS:class-native = ""
> diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> similarity index 77%
> rename from meta/recipes-core/ncurses/ncurses_6.3.bb
> rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> index f0256dad22..f67a3f5bf4 100644
> --- a/meta/recipes-core/ncurses/ncurses_6.3.bb
> +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> @@ -5,10 +5,10 @@ SRC_URI += "file://0001-tic-hang.patch \
>             file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
>             "
>  # commit id corresponds to the revision in package version
> -SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced"
> +SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
>  S = "${WORKDIR}/git"
>  EXTRA_OECONF += "--with-abi-version=5"
>  UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$"
>
>  # This is needed when using patchlevel versions like 6.1+20181013
> -#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
> +CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
> --
> 2.32.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166312): https://lists.openembedded.org/g/openembedded-core/message/166312
> Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Davide Gardenal June 1, 2022, 7:35 a.m. UTC | #2 
Are you sure that this is a development snapshot?
I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423
Sorry I'm not that familiar with ncurses version naming scheme.

Davide
Alexander Kanavin June 1, 2022, 7:47 a.m. UTC | #3 
That is debian-specific versioning, but upstream has its releases here:
https://ftp.gnu.org/pub/gnu/ncurses/

On top of that there are patches, each numbered with a date, but
they're not releases:
https://salsa.debian.org/debian/ncurses/-/commits/upstream/6.3+20220423

Alex

On Wed, 1 Jun 2022 at 09:35, Davide Gardenal <davidegarde2000@gmail.com> wrote:
>
> Are you sure that this is a development snapshot?
> I took this branch https://salsa.debian.org/debian/ncurses/-/tree/upstream/6.3+20220423
> Sorry I'm not that familiar with ncurses version naming scheme.
>
> Davide
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166359): https://lists.openembedded.org/g/openembedded-core/message/166359
> Mute This Topic: https://lists.openembedded.org/mt/91451965/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index 7a7c7dd227..1abcfae1fe 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -2,7 +2,7 @@  SUMMARY = "The New Curses library"
 DESCRIPTION = "SVr4 and XSI-Curses compatible curses library and terminfo tools including tic, infocmp, captoinfo. Supports color, multiple highlights, forms-drawing characters, and automatic recognition of keypad and function-key sequences. Extensions include resizable windows and mouse support on both xterm and Linux console using the gpm library."
 HOMEPAGE = "http://www.gnu.org/software/ncurses/ncurses.html"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=9529289636145d1bf093c96af067695a;endline=27"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c5a4600fdef86384c41ca33ecc70a4b8;endline=27"
 SECTION = "libs"
 DEPENDS = "ncurses-native"
 DEPENDS:class-native = ""
diff --git a/meta/recipes-core/ncurses/ncurses_6.3.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
similarity index 77%
rename from meta/recipes-core/ncurses/ncurses_6.3.bb
rename to meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index f0256dad22..f67a3f5bf4 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -5,10 +5,10 @@  SRC_URI += "file://0001-tic-hang.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
            "
 # commit id corresponds to the revision in package version
-SRCREV = "51d0fd9cc3edb975f04224f29f777f8f448e8ced"
+SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
 S = "${WORKDIR}/git"
 EXTRA_OECONF += "--with-abi-version=5"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$"
 
 # This is needed when using patchlevel versions like 6.1+20181013
-#CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"
+CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}"