diff mbox series

[meta-oe,2/6] smarty: upgrade 5.4.5 -> 5.6.0

Message ID 20251118002723.829508-2-ankur.tyagi85@gmail.com
State Accepted
Headers show
Series [meta-oe,1/6] zchunk: upgrade 1.5.1 -> 1.5.2 | expand

Commit Message

Ankur Tyagi Nov. 18, 2025, 12:27 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Also update CVE_PRODUCT.

Changelog:
https://github.com/smarty-php/smarty/blob/v5.6.0/CHANGELOG.md
---
 .../smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb}               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb} (82%)

Comments

Anuj Mittal Nov. 18, 2025, 2:15 a.m. UTC | #1 
On Tue, Nov 18, 2025 at 8:27 AM Ankur Tyagi via lists.openembedded.org
<ankur.tyagi85=gmail.com@lists.openembedded.org> wrote:

> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
>
> Also update CVE_PRODUCT.
>
> Changelog:
> https://github.com/smarty-php/smarty/blob/v5.6.0/CHANGELOG.md
> ---
>  .../smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb}               | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta-oe/recipes-support/smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb}
> (82%)
>
> diff --git a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> similarity index 82%
> rename from meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> rename to meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> index 047f10589d..88afc55c15 100644
> --- a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> +++ b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM =
> "file://LICENSE;md5=2c0f216b2120ffc367e20f2b56df51b3"
>
>  SRC_URI = "git://
> github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v${PV}
> <http://github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v$%7BPV%7D>
> "
>
> -SRCREV = "e26f82d02c4d18fc82094c28fbc65f711e39ed5d"
> +SRCREV = "1fc41e385da8a27a87bec5914392ab662a7bb8ec"
>
>
>  INHIBIT_DEFAULT_DEPS = "1"
> @@ -34,4 +34,4 @@ FILES:${PN} += "${datadir}/php/smarty3/"
>
>  RDEPENDS:${PN} = "php"
>
> -CVE_STATUS[CVE-2020-10375] = "cpe-incorrect: The recipe used in the
> meta-openembedded is a different smarty package compared to the one which
> has the CVE issue."
> +CVE_PRODUCT = "smarty:smarty"
>
>
I think this change should be split into a separate patch so it can be
backported.
Ankur Tyagi Nov. 18, 2025, 2:24 a.m. UTC | #2 
On Tue, Nov 18, 2025 at 3:15 PM Anuj Mittal
<anuj.mittal@oss.qualcomm.com> wrote:
>
>
>
> On Tue, Nov 18, 2025 at 8:27 AM Ankur Tyagi via lists.openembedded.org <ankur.tyagi85=gmail.com@lists.openembedded.org> wrote:
>>
>> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
>>
>> Also update CVE_PRODUCT.
>>
>> Changelog:
>> https://github.com/smarty-php/smarty/blob/v5.6.0/CHANGELOG.md
>> ---
>>  .../smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb}               | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>  rename meta-oe/recipes-support/smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb} (82%)
>>
>> diff --git a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
>> similarity index 82%
>> rename from meta-oe/recipes-support/smarty/smarty_5.4.5.bb
>> rename to meta-oe/recipes-support/smarty/smarty_5.6.0.bb
>> index 047f10589d..88afc55c15 100644
>> --- a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
>> +++ b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
>> @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2c0f216b2120ffc367e20f2b56df51b3"
>>
>>  SRC_URI = "git://github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v${PV}"
>>
>> -SRCREV = "e26f82d02c4d18fc82094c28fbc65f711e39ed5d"
>> +SRCREV = "1fc41e385da8a27a87bec5914392ab662a7bb8ec"
>>
>>
>>  INHIBIT_DEFAULT_DEPS = "1"
>> @@ -34,4 +34,4 @@ FILES:${PN} += "${datadir}/php/smarty3/"
>>
>>  RDEPENDS:${PN} = "php"
>>
>> -CVE_STATUS[CVE-2020-10375] = "cpe-incorrect: The recipe used in the meta-openembedded is a different smarty package compared to the one which has the CVE issue."
>> +CVE_PRODUCT = "smarty:smarty"
>>
>
> I think this change should be split into a separate patch so it can be backported.

thanks Anuj, good suggestion.
Khem Raj Nov. 18, 2025, 2:32 a.m. UTC | #3 
On Mon, Nov 17, 2025 at 6:24 PM Ankur Tyagi via lists.openembedded.org
<ankur.tyagi85=gmail.com@lists.openembedded.org> wrote:

> On Tue, Nov 18, 2025 at 3:15 PM Anuj Mittal
> <anuj.mittal@oss.qualcomm.com> wrote:
> >
> >
> >
> > On Tue, Nov 18, 2025 at 8:27 AM Ankur Tyagi via lists.openembedded.org
> <ankur.tyagi85=gmail.com@lists.openembedded.org> wrote:
> >>
> >> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
> >>
> >> Also update CVE_PRODUCT.
> >>
> >> Changelog:
> >> https://github.com/smarty-php/smarty/blob/v5.6.0/CHANGELOG.md
> >> ---
> >>  .../smarty/{smarty_5.4.5.bb => smarty_5.6.0.bb}               | 4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)
> >>  rename meta-oe/recipes-support/smarty/{smarty_5.4.5.bb =>
> smarty_5.6.0.bb} (82%)
> >>
> >> diff --git a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> >> similarity index 82%
> >> rename from meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> >> rename to meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> >> index 047f10589d..88afc55c15 100644
> >> --- a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
> >> +++ b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
> >> @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM =
> "file://LICENSE;md5=2c0f216b2120ffc367e20f2b56df51b3"
> >>
> >>  SRC_URI = "git://
> github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v${PV}
> <http://github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v$%7BPV%7D>
> "
> >>
> >> -SRCREV = "e26f82d02c4d18fc82094c28fbc65f711e39ed5d"
> >> +SRCREV = "1fc41e385da8a27a87bec5914392ab662a7bb8ec"
> >>
> >>
> >>  INHIBIT_DEFAULT_DEPS = "1"
> >> @@ -34,4 +34,4 @@ FILES:${PN} += "${datadir}/php/smarty3/"
> >>
> >>  RDEPENDS:${PN} = "php"
> >>
> >> -CVE_STATUS[CVE-2020-10375] = "cpe-incorrect: The recipe used in the
> meta-openembedded is a different smarty package compared to the one which
> has the CVE issue."
> >> +CVE_PRODUCT = "smarty:smarty"
> >>
> >
> > I think this change should be split into a separate patch so it can be
> backported.
>
> thanks Anuj, good suggestion.
>

I agree. Just resend this patch reworked, no need to send full series again.


>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#121800):
> https://lists.openembedded.org/g/openembedded-devel/message/121800
> Mute This Topic: https://lists.openembedded.org/mt/116349300/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
similarity index 82%
rename from meta-oe/recipes-support/smarty/smarty_5.4.5.bb
rename to meta-oe/recipes-support/smarty/smarty_5.6.0.bb
index 047f10589d..88afc55c15 100644
--- a/meta-oe/recipes-support/smarty/smarty_5.4.5.bb
+++ b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
@@ -12,7 +12,7 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=2c0f216b2120ffc367e20f2b56df51b3"
 
 SRC_URI = "git://github.com/smarty-php/smarty.git;protocol=https;branch=master;tag=v${PV}"
 
-SRCREV = "e26f82d02c4d18fc82094c28fbc65f711e39ed5d"
+SRCREV = "1fc41e385da8a27a87bec5914392ab662a7bb8ec"
 
 
 INHIBIT_DEFAULT_DEPS = "1"
@@ -34,4 +34,4 @@  FILES:${PN} += "${datadir}/php/smarty3/"
 
 RDEPENDS:${PN} = "php"
 
-CVE_STATUS[CVE-2020-10375] = "cpe-incorrect: The recipe used in the meta-openembedded is a different smarty package compared to the one which has the CVE issue."
+CVE_PRODUCT = "smarty:smarty"