On Tue, Mar 16, 2021 at 01:56:43PM +0100, Anatol Belski wrote: > Hi, > > On 3/15/2021 10:36 PM, Denys Dmytriyenko wrote: > >https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#Stable.2FLTS_Patch_Acceptance_Policies > > > >Stable/LTS Patch Acceptance Policies > > > >Potentially Acceptable: > >* Bug fix only version upgrades for upstreams with a good stable process > > > >Unacceptable: > >* General version upgrades > > > > > >So, unless there's a bugfix-only minor release of glibc, e.g. 2.31.1, > >upgrading to 2.32 or 2.33 in stable branches is highly unlikely, as both > >2.32 and 2.33 have long lists of major changes: > > > >https://sourceware.org/pipermail/libc-announce/2020/000029.html > >https://sourceware.org/pipermail/libc-announce/2021/000030.html > > thanks for linking the LTS doc. > > My suggestion was to pull the latest upstream from 2.31 actually, > not upgrading the glibc version. As per > > http://git.yoctoproject.org/clean/cgit.cgi/poky/tree/meta/recipes-core/glibc/glibc-version.inc?h=dunfell > > we consume from the branch release/2.31/master. It already contains > the backported patch fixing this CVE. > > There doesn't seem to be a release process in terms of versions, but > it regularly receives backports. In fact, > > there are already some bug and CVE fixes between the current SRCREV > used and HEAD.
Thanks for clarifying. In this case HEAD of release/2.31/master might make sense. -- Regards, Denys Dmytriyenko <de...@denix.org> PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#149574): https://lists.openembedded.org/g/openembedded-core/message/149574 Mute This Topic: https://lists.openembedded.org/mt/81255047/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
