On Tue, May 25, 2021 at 2:50 AM Andrej Valek <[email protected]> wrote: > > Hello everyone, > > I have an another question regarding to backporting this to dunfell branch. > Is it possible to apply this upgrade to this branch? I would like to have an > very important fix for CVE-2013-0340 > (https://github.com/libexpat/libexpat/pull/220) there. But there is a lot of > changes, means just applying the patch is not very promising.
It is LTS policy not to do general version upgrades (see "Stable/LTS Patch Acceptance Policies" at https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS) So unless you can make a case that this is a bug/security fix only release I'm not able to take this patch. > How we can handle it? Perhaps take a crack at backporting the minimal set of patches to fix the CVE? Steve > Thanks, > Andrej > > > Subject: [OE-core][PATCH v2] expat: upgrade 2.3.0 -> 2.4.1 > > > > Includes lot of security fixes, especially CVE-2013-0340/CWE-776. > > > > Signed-off-by: Andrej Valek <[email protected]> > > --- > > meta/recipes-core/expat/{expat_2.3.0.bb => expat_2.4.1.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) rename > > meta/recipes-core/expat/{expat_2.3.0.bb => expat_2.4.1.bb} (89%) > > > > diff --git a/meta/recipes-core/expat/expat_2.3.0.bb > > b/meta/recipes-core/expat/expat_2.4.1.bb > > similarity index 89% > > rename from meta/recipes-core/expat/expat_2.3.0.bb > > rename to meta/recipes-core/expat/expat_2.4.1.bb > > index 14d2855df3..a57fc1b23b 100644 > > --- a/meta/recipes-core/expat/expat_2.3.0.bb > > +++ b/meta/recipes-core/expat/expat_2.4.1.bb > > @@ -11,7 +11,7 @@ SRC_URI = > > "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \ > > file://run-ptest \ > > " > > > > -SRC_URI[sha256sum] = > > "f122a20eada303f904d5e0513326c5b821248f2d4d2afbf5c6f1339e511c0586" > > +SRC_URI[sha256sum] = > > "2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40" > > > > EXTRA_OECMAKE_class-native += "-DEXPAT_BUILD_DOCS=OFF" > > > > -- > > 2.11.0 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152242): https://lists.openembedded.org/g/openembedded-core/message/152242 Mute This Topic: https://lists.openembedded.org/mt/83074955/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
