vim is a 'special' upstream, because: - they tag every commit with a 'release' tag https://github.com/vim/vim/tags
- there is a never ending stream of CVE vulnerabilities coming from them We tried to stick with major versions only and backport the CVEs, but that quickly became unsustainable. So instead we just bump to the latest commit, admittedly a random one, whenever new CVEs show up. The comment in the recipe should be removed or rewritten. Alex On Mon, 23 Jan 2023 at 20:14, Zheng Qiu <[email protected]> wrote: > > In the recipe it includes following: > # Remove when 8.3 is out > UPSTREAM_VERSION_UNKNOWN = “1” > > Should we attempt to remove it, given that this is now 9.0? > > > On Jan 17, 2023, at 11:42 AM, Randy MacLeod <[email protected]> > > wrote: > > > > Includes fixes for: > > https://nvd.nist.gov/vuln/detail/CVE-2023-0049 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0051 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0054 > > https://nvd.nist.gov/vuln/detail/CVE-2023-0288 > > > > Signed-off-by: Randy MacLeod <[email protected]> > > --- > > meta/recipes-support/vim/vim.inc | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-support/vim/vim.inc > > b/meta/recipes-support/vim/vim.inc > > index d86841efaa..9bc6881fce 100644 > > --- a/meta/recipes-support/vim/vim.inc > > +++ b/meta/recipes-support/vim/vim.inc > > @@ -20,8 +20,8 @@ SRC_URI = > > "git://github.com/vim/vim.git;branch=master;protocol=https \ > > file://no-path-adjust.patch \ > > " > > > > -PV .= ".0947" > > -SRCREV = "cc762a48d42b579fb7bdec2c614636b830342dd5" > > +PV .= ".1211" > > +SRCREV = "f7d1c6e1884c76680980571f1cf15e0928d247b5" > > > > # Remove when 8.3 is out > > UPSTREAM_VERSION_UNKNOWN = "1" > > -- > > 2.34.1 > > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176317): https://lists.openembedded.org/g/openembedded-core/message/176317 Mute This Topic: https://lists.openembedded.org/mt/96333742/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
