[meta-oe,7/8] xdg-desktop-portal: upgrade 1.20.3 -> 1.20.4

Message ID	20260420093323.357053-7-skandigraun@gmail.com
State	Accepted
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 7/8] xdg-desktop-portal: upgrade 1.20.3 -> 1.20.4 Date: Mon, 20 Apr 2026 11:33:22 +0200 Message-ID: <20260420093323.357053-7-skandigraun@gmail.com> In-Reply-To: <20260420093323.357053-1-skandigraun@gmail.com> References: <20260420093323.357053-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-networking,1/8] ngtcp2: upgrade 1.22.0 -> 1.22.1 \| expand [meta-networking,1/8] ngtcp2: upgrade 1.22.0 -> 1.22.1 [meta-oe,2/8] openjpeg: patch CVE-2026-6192 [meta-oe,3/8] protobuf, python3-protobuf: ignore CVE-2026-6409 [meta-python,4/8] python3-grpcio: ignore CVE-2026-33186 [meta-python,5/8] python3-pillow: upgrade 12.1.1 -> 12.2.0 [meta-networking,6/8] wolfssl: mark fixed CVEs as patched [meta-oe,7/8] xdg-desktop-portal: upgrade 1.20.3 -> 1.20.4 [meta-oe,8/8] xrdp: upgrade 0.10.5 -> 0.10.6

Message ID

20260420093323.357053-7-skandigraun@gmail.com

State

Accepted

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 7/8] xdg-desktop-portal: upgrade 1.20.3 -> 1.20.4
Date: Mon, 20 Apr 2026 11:33:22 +0200
Message-ID: <20260420093323.357053-7-skandigraun@gmail.com>
In-Reply-To: <20260420093323.357053-1-skandigraun@gmail.com>
References: <20260420093323.357053-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-networking,1/8] ngtcp2: upgrade 1.22.0 -> 1.22.1 | expand

Commit Message

Gyorgy Sarvari April 20, 2026, 9:33 a.m. UTC

Fixes CVE-2026-40354: https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.20.4

Also mark the CVE explicitly patched, as it is tracked without version info
at this time.

The project now has a dependency on libglnx, which by default it tries to download
from the internet during configuring. To avoid that error, this dependency is added to the SRC_URI.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 ...portal_1.20.3.bb => xdg-desktop-portal_1.20.4.bb} | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/xdg-desktop-portal/{xdg-desktop-portal_1.20.3.bb => xdg-desktop-portal_1.20.4.bb} (71%)

diff --git a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb
similarity index 71%
rename from meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb
rename to meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb
index e0aca558fd..be3c2be069 100644
--- a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.3.bb
+++ b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.20.4.bb
@@ -27,11 +27,17 @@  RDEPENDS:${PN} = "bubblewrap rtkit ${PORTAL_BACKENDS} fuse3-utils"
 inherit meson pkgconfig python3native features_check
 
 SRC_URI = " \
-	git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20 \
+	git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.20;name=main;tag=${PV} \
+	git://gitlab.gnome.org/GNOME/libglnx.git;protocol=https;branch=master;name=libglnx;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/subprojects/libglnx \
 	file://0001-meson.build-add-a-hack-for-crosscompile.patch \
 "
 
-SRCREV = "23a76c392170dbbd26230f85ef56c3a57e52b857"
+SRCREV_main = "f5aec228c9eb0c9a70eadd6424d92c0ca8a78247"
+
+# this revision comes from subprojects/libglnx.wrap file of the main source repo
+SRCREV_libglnx = "ccea836b799256420788c463a638ded0636b1632"
+
+SRCREV_FORMAT = "main"
 
 FILES:${PN} += "${libdir}/systemd ${datadir}/dbus-1"
 
@@ -47,3 +53,5 @@  do_write_config:append() {
 bwrap = '${bindir}/bwrap'
 EOF
 }
+
+CVE_STATUS[CVE-2026-40354] = "fixed-version: fixed in 1.20.4"

[meta-oe,7/8] xdg-desktop-portal: upgrade 1.20.3 -> 1.20.4

Commit Message

Patch