* [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211
@ 2023-01-17 16:42 Randy MacLeod
2023-01-23 19:14 ` [OE-core] " contrib
0 siblings, 1 reply; 3+ messages in thread
From: Randy MacLeod @ 2023-01-17 16:42 UTC (permalink / raw)
To: openembedded-core
Includes fixes for:
https://nvd.nist.gov/vuln/detail/CVE-2023-0049
https://nvd.nist.gov/vuln/detail/CVE-2023-0051
https://nvd.nist.gov/vuln/detail/CVE-2023-0054
https://nvd.nist.gov/vuln/detail/CVE-2023-0288
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index d86841efaa..9bc6881fce 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
-PV .= ".0947"
-SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5"
+PV .= ".1211"
+SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211
2023-01-17 16:42 [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211 Randy MacLeod
@ 2023-01-23 19:14 ` contrib
2023-01-23 19:58 ` Alexander Kanavin
0 siblings, 1 reply; 3+ messages in thread
From: contrib @ 2023-01-23 19:14 UTC (permalink / raw)
To: Randy MacLeod; +Cc: openembedded-core
In the recipe it includes following:
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = “1”
Should we attempt to remove it, given that this is now 9.0?
> On Jan 17, 2023, at 11:42 AM, Randy MacLeod <Randy.MacLeod@windriver.com> wrote:
>
> Includes fixes for:
> https://nvd.nist.gov/vuln/detail/CVE-2023-0049
> https://nvd.nist.gov/vuln/detail/CVE-2023-0051
> https://nvd.nist.gov/vuln/detail/CVE-2023-0054
> https://nvd.nist.gov/vuln/detail/CVE-2023-0288
>
> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
> ---
> meta/recipes-support/vim/vim.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
> index d86841efaa..9bc6881fce 100644
> --- a/meta/recipes-support/vim/vim.inc
> +++ b/meta/recipes-support/vim/vim.inc
> @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
> file://no-path-adjust.patch \
> "
>
> -PV .= ".0947"
> -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5"
> +PV .= ".1211"
> +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5"
>
> # Remove when 8.3 is out
> UPSTREAM_VERSION_UNKNOWN = "1"
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#176054): https://lists.openembedded.org/g/openembedded-core/message/176054
> Mute This Topic: https://lists.openembedded.org/mt/96333742/7355053
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [contrib@zhengqiu.net]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211
2023-01-23 19:14 ` [OE-core] " contrib
@ 2023-01-23 19:58 ` Alexander Kanavin
0 siblings, 0 replies; 3+ messages in thread
From: Alexander Kanavin @ 2023-01-23 19:58 UTC (permalink / raw)
To: Zheng Qiu; +Cc: Randy MacLeod, openembedded-core
vim is a 'special' upstream, because:
- they tag every commit with a 'release' tag
https://github.com/vim/vim/tags
- there is a never ending stream of CVE vulnerabilities coming from them
We tried to stick with major versions only and backport the CVEs, but
that quickly became unsustainable. So instead we just bump to the
latest commit, admittedly a random one, whenever new CVEs show up.
The comment in the recipe should be removed or rewritten.
Alex
On Mon, 23 Jan 2023 at 20:14, Zheng Qiu <contrib@zhengqiu.net> wrote:
>
> In the recipe it includes following:
> # Remove when 8.3 is out
> UPSTREAM_VERSION_UNKNOWN = “1”
>
> Should we attempt to remove it, given that this is now 9.0?
>
> > On Jan 17, 2023, at 11:42 AM, Randy MacLeod <Randy.MacLeod@windriver.com> wrote:
> >
> > Includes fixes for:
> > https://nvd.nist.gov/vuln/detail/CVE-2023-0049
> > https://nvd.nist.gov/vuln/detail/CVE-2023-0051
> > https://nvd.nist.gov/vuln/detail/CVE-2023-0054
> > https://nvd.nist.gov/vuln/detail/CVE-2023-0288
> >
> > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
> > ---
> > meta/recipes-support/vim/vim.inc | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
> > index d86841efaa..9bc6881fce 100644
> > --- a/meta/recipes-support/vim/vim.inc
> > +++ b/meta/recipes-support/vim/vim.inc
> > @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
> > file://no-path-adjust.patch \
> > "
> >
> > -PV .= ".0947"
> > -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5"
> > +PV .= ".1211"
> > +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5"
> >
> > # Remove when 8.3 is out
> > UPSTREAM_VERSION_UNKNOWN = "1"
> > --
> > 2.34.1
> >
> >
> >
> >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#176316): https://lists.openembedded.org/g/openembedded-core/message/176316
> Mute This Topic: https://lists.openembedded.org/mt/96333742/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-23 19:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-17 16:42 [PATCH] vim: upgrade 9.0.0947 -> 9.0.1211 Randy MacLeod
2023-01-23 19:14 ` [OE-core] " contrib
2023-01-23 19:58 ` Alexander Kanavin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox