Updating libtiff

Updating libtiff

[Tom Rini]

Hey all,

I'm looking to update libtiff to cover some security issues in the 
version we ship, and I noticed something funny about how we do it today. 
  Currently tiff_3.9.2.bb sets PV to 3.9.2+4.0.0beta5 and grabs and 
builds 4.0.0beta5.  While it's possible that in the past 3.9.2 was 
intended to be the last 3.9.x, it wasn't.

I think we should go with:
- Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will 
get upgrades right.
- Add tiff_3.9.4.bb as well, in case someone wants to stay on the 
released line.

Anyone see a problem with that?

-- 
Tom Rini
Mentor Graphics Corporation

Re: Updating libtiff

[Holger Freyther]

On 10/07/2010 09:46 PM, Tom Rini wrote:

> I think we should go with:
> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will get
> upgrades right.

but not with tiff_4.0.0.bb... then you would need to bump PE...

Re: Updating libtiff

[Frans Meulenbroeks]

2010/10/7 Tom Rini <tom_rini@mentor.com>:
> Hey all,
>
> I'm looking to update libtiff to cover some security issues in the version
> we ship, and I noticed something funny about how we do it today.  Currently
> tiff_3.9.2.bb sets PV to 3.9.2+4.0.0beta5 and grabs and builds 4.0.0beta5.
>  While it's possible that in the past 3.9.2 was intended to be the last
> 3.9.x, it wasn't.
>
> I think we should go with:
> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will get
> upgrades right.
> - Add tiff_3.9.4.bb as well, in case someone wants to stay on the released
> line.
>
> Anyone see a problem with that?
>

Fine with me. I made the PV after discussion on ML or irc.
People told me that as it was a beta I could not call the recipe 4.0.0.

This is the commit log:

commit c860f51f04d41680100a7fecd2341ecf8f657fe1
Author: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Date:   Thu Mar 11 21:08:45 2010 +0100

    tiff: moved to 4.0.0 beta5

    also renamed to 3.9.2 as that is the latest version before 4.0.0

Frans.

Re: Updating libtiff

[Martin Jansa]

On Thu, Oct 07, 2010 at 06:46:06AM -0700, Tom Rini wrote:
> Hey all,
> 
> I'm looking to update libtiff to cover some security issues in the 
> version we ship, and I noticed something funny about how we do it today. 
>   Currently tiff_3.9.2.bb sets PV to 3.9.2+4.0.0beta5 and grabs and 
> builds 4.0.0beta5.  While it's possible that in the past 3.9.2 was 
> intended to be the last 3.9.x, it wasn't.
> 
> I think we should go with:
> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will 
> get upgrades right.
> - Add tiff_3.9.4.bb as well, in case someone wants to stay on the 
> released line.
> 
> Anyone see a problem with that?

Isn't PV="4.0.0" < PV="4.0.0beta5"?

Then it would be better to stay with 3.9.2+4.0.0beta* sheme for easy
upgrade path to 4.0.0 release.

at least that's the reason why I have ie:
KERNEL_RELEASE = "2.6.36-rc7"
OLD_KERNEL_RELEASE = "2.6.35"
PV = "${OLD_KERNEL_RELEASE}+${KERNEL_RELEASE}+gitr${SRCPV}"

Regards,

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

Re: Updating libtiff

[Frans Meulenbroeks]

2010/10/7 Holger Freyther <holger+oe@freyther.de>:
> On 10/07/2010 09:46 PM, Tom Rini wrote:
>
>> I think we should go with:
>> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will get
>> upgrades right.
>
> but not with tiff_4.0.0.bb... then you would need to bump PE...
>

Yeah, that's why I was told to use the 3.9.2+ construct.

Forgot if there was a reason (e.g. security vulnerability) not to keep 3.9.2

Frans

Re: Updating libtiff

[Tom Rini]

Frans Meulenbroeks wrote:
> 2010/10/7 Holger Freyther <holger+oe@freyther.de>:
>> On 10/07/2010 09:46 PM, Tom Rini wrote:
>>
>>> I think we should go with:
>>> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will get
>>> upgrades right.
>> but not with tiff_4.0.0.bb... then you would need to bump PE...
>>
> 
> Yeah, that's why I was told to use the 3.9.2+ construct.
> 
> Forgot if there was a reason (e.g. security vulnerability) not to keep 3.9.2

Why not just have this:
# Bump for 4.0.0 release!
PE = 1

In tiff_4.0.0beta6.bb ?

-- 
Tom Rini
Mentor Graphics Corporation

Re: Updating libtiff

[Tom Rini]

Martin Jansa wrote:
> On Thu, Oct 07, 2010 at 06:46:06AM -0700, Tom Rini wrote:
>> Hey all,
>>
>> I'm looking to update libtiff to cover some security issues in the 
>> version we ship, and I noticed something funny about how we do it today. 
>>   Currently tiff_3.9.2.bb sets PV to 3.9.2+4.0.0beta5 and grabs and 
>> builds 4.0.0beta5.  While it's possible that in the past 3.9.2 was 
>> intended to be the last 3.9.x, it wasn't.
>>
>> I think we should go with:
>> - Add tiff_4.0.0beta6.bb which should be compatible with beta5 and will 
>> get upgrades right.
>> - Add tiff_3.9.4.bb as well, in case someone wants to stay on the 
>> released line.
>>
>> Anyone see a problem with that?
> 
> Isn't PV="4.0.0" < PV="4.0.0beta5"?
> 
> Then it would be better to stay with 3.9.2+4.0.0beta* sheme for easy
> upgrade path to 4.0.0 release.
> 
> at least that's the reason why I have ie:
> KERNEL_RELEASE = "2.6.36-rc7"
> OLD_KERNEL_RELEASE = "2.6.35"
> PV = "${OLD_KERNEL_RELEASE}+${KERNEL_RELEASE}+gitr${SRCPV}"

Ah right.  But the problem is that we're more like back in the "not 
quite 2.6.0" days of the kernel.  Unless we just skip out on doing 3.9.4 
itself, which I guess is possible.

-- 
Tom Rini
Mentor Graphics Corporation