| Message ID | 20221028155331.1594577-1-narpat.mali@windriver.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [kirkstone,1/2] wayland: exclude pre-releases from version check | expand |
Upgrades are not usually taken into the stable branches unless there’s a good reason. What’s the rationale for this upgrade? Ross > On 28 Oct 2022, at 16:53, Narpat Mali via lists.openembedded.org <narpat.mali=windriver.com@lists.openembedded.org> wrote: > > Drop the patch, as it is no longer necessary > (genereated .pc defines everything as relative to the .pc path). > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > > Upstream master commit: > https://git.openembedded.org/openembedded-core/commit/?id=e525db4eb9556979c67f6a908f6646363154cd06 > > Signed-off-by: Narpat Mali <narpat.mali@windriver.com> > --- > ...hardcode-the-path-to-wayland-scanner.patch | 27 ------------------- > .../{wayland_1.20.0.bb => wayland_1.21.0.bb} | 3 +-- > 2 files changed, 1 insertion(+), 29 deletions(-) > delete mode 100644 meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > rename meta/recipes-graphics/wayland/{wayland_1.20.0.bb => wayland_1.21.0.bb} (93%) > > diff --git a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch b/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > deleted file mode 100644 > index e3e71925b8..0000000000 > --- a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > +++ /dev/null > @@ -1,27 +0,0 @@ > -From 3e7cd56611aeec274e48a4816bc7c21f74f15be0 Mon Sep 17 00:00:00 2001 > -From: Alexander Kanavin <alex.kanavin@gmail.com> > -Date: Mon, 17 Feb 2020 21:46:18 +0100 > -Subject: [PATCH] Do not hardcode the path to wayland-scanner > - > -This results in host contamination during builds. > - > -Upstream-Status: Inappropriate [oe-core specific] > -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> > - > ---- > - src/meson.build | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/src/meson.build b/src/meson.build > -index 15730a3..61edbc8 100644 > ---- a/src/meson.build > -+++ b/src/meson.build > -@@ -52,7 +52,7 @@ if get_option('scanner') > - 'datarootdir=' + join_paths('${prefix}', get_option('datadir')), > - 'pkgdatadir=' + join_paths('${datarootdir}', meson.project_name()), > - 'bindir=' + join_paths('${prefix}', get_option('bindir')), > -- 'wayland_scanner=${bindir}/wayland-scanner' > -+ 'wayland_scanner=wayland-scanner' > - ], > - filebase: 'wayland-scanner' > - ) > diff --git a/meta/recipes-graphics/wayland/wayland_1.20.0.bb b/meta/recipes-graphics/wayland/wayland_1.21.0.bb > similarity index 93% > rename from meta/recipes-graphics/wayland/wayland_1.20.0.bb > rename to meta/recipes-graphics/wayland/wayland_1.21.0.bb > index dd48a29dc4..2092deac92 100644 > --- a/meta/recipes-graphics/wayland/wayland_1.20.0.bb > +++ b/meta/recipes-graphics/wayland/wayland_1.21.0.bb > @@ -14,10 +14,9 @@ DEPENDS = "expat libffi wayland-native" > > SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ > file://run-ptest \ > - file://0002-Do-not-hardcode-the-path-to-wayland-scanner.patch \ > file://0001-build-Fix-strndup-detection-on-MinGW.patch \ > " > -SRC_URI[sha256sum] = "b8a034154c7059772e0fdbd27dbfcda6c732df29cae56a82274f6ec5d7cd8725" > +SRC_URI[sha256sum] = "6dc64d7fc16837a693a51cfdb2e568db538bfdc9f457d4656285bb9594ef11ac" > > UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" > UPSTREAM_CHECK_REGEX = "wayland-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#172262): https://lists.openembedded.org/g/openembedded-core/message/172262 > Mute This Topic: https://lists.openembedded.org/mt/94629704/6875888 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Ross, This latest version of wayland 1.21.0 has the fix for "CVE-2021-3782" and in master branch, it has already been upgraded to latest 1.21.0 version. Our product is based on "kirkstone" branch and in "kirkstone" branch, it is still with 1.20.0 version due to which "CVE-2021-3782" is vulnerable. Best Regards, Narpat Mali
On 28 Oct 2022, at 17:08, Mali, Narpat <Narpat.Mali@windriver.com> wrote: > > This latest version of wayland 1.21.0 has the fix for "CVE-2021-3782" and in master branch, it has already been upgraded to latest 1.21.0 version. > Our product is based on "kirkstone" branch and in "kirkstone" branch, it is still with 1.20.0 version due to which "CVE-2021-3782" is vulnerable. https://gitlab.freedesktop.org/wayland/wayland/-/compare/1.20.0...1.21.0?from_project_id=121 shows that there’s a lot more than the CVE fix in the upgrade. Can you just backport the specific fix? Ross
Sure, Ross. I will send the patch to backport the "CVE-2021-3782" fix on wayland 1.20.0 version. Best Regards, Narpat
diff --git a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch b/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch deleted file mode 100644 index e3e71925b8..0000000000 --- a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3e7cd56611aeec274e48a4816bc7c21f74f15be0 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Mon, 17 Feb 2020 21:46:18 +0100 -Subject: [PATCH] Do not hardcode the path to wayland-scanner - -This results in host contamination during builds. - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - src/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/meson.build b/src/meson.build -index 15730a3..61edbc8 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -52,7 +52,7 @@ if get_option('scanner') - 'datarootdir=' + join_paths('${prefix}', get_option('datadir')), - 'pkgdatadir=' + join_paths('${datarootdir}', meson.project_name()), - 'bindir=' + join_paths('${prefix}', get_option('bindir')), -- 'wayland_scanner=${bindir}/wayland-scanner' -+ 'wayland_scanner=wayland-scanner' - ], - filebase: 'wayland-scanner' - ) diff --git a/meta/recipes-graphics/wayland/wayland_1.20.0.bb b/meta/recipes-graphics/wayland/wayland_1.21.0.bb similarity index 93% rename from meta/recipes-graphics/wayland/wayland_1.20.0.bb rename to meta/recipes-graphics/wayland/wayland_1.21.0.bb index dd48a29dc4..2092deac92 100644 --- a/meta/recipes-graphics/wayland/wayland_1.20.0.bb +++ b/meta/recipes-graphics/wayland/wayland_1.21.0.bb @@ -14,10 +14,9 @@ DEPENDS = "expat libffi wayland-native" SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ file://run-ptest \ - file://0002-Do-not-hardcode-the-path-to-wayland-scanner.patch \ file://0001-build-Fix-strndup-detection-on-MinGW.patch \ " -SRC_URI[sha256sum] = "b8a034154c7059772e0fdbd27dbfcda6c732df29cae56a82274f6ec5d7cd8725" +SRC_URI[sha256sum] = "6dc64d7fc16837a693a51cfdb2e568db538bfdc9f457d4656285bb9594ef11ac" UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" UPSTREAM_CHECK_REGEX = "wayland-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"