Hi Ross, This latest version of wayland 1.21.0 has the fix for "CVE-2021-3782" and in master branch, it has already been upgraded to latest 1.21.0 version. Our product is based on "kirkstone" branch and in "kirkstone" branch, it is still with 1.20.0 version due to which "CVE-2021-3782" is vulnerable.
Best Regards, Narpat Mali ________________________________ From: Ross Burton <ross.bur...@arm.com> Sent: Friday, October 28, 2022 9:29 PM To: Mali, Narpat <narpat.m...@windriver.com> Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>; Polampalli, Archana <archana.polampa...@windriver.com>; G Pillai, Hari <hari.gpil...@windriver.com>; Alexander Kanavin <a...@linutronix.de>; Alexandre Belloni <alexandre.bell...@bootlin.com> Subject: Re: [OE-core][kirkstone][PATCH 2/2] wayland: update 1.20.0 -> 1.21.0 [Please note: This e-mail is from an EXTERNAL e-mail address] Upgrades are not usually taken into the stable branches unless there’s a good reason. What’s the rationale for this upgrade? Ross > On 28 Oct 2022, at 16:53, Narpat Mali via lists.openembedded.org > <narpat.mali=windriver....@lists.openembedded.org> wrote: > > Drop the patch, as it is no longer necessary > (genereated .pc defines everything as relative to the .pc path). > > Signed-off-by: Alexander Kanavin <a...@linutronix.de> > Signed-off-by: Alexandre Belloni <alexandre.bell...@bootlin.com> > > Upstream master commit: > https://git.openembedded.org/openembedded-core/commit/?id=e525db4eb9556979c67f6a908f6646363154cd06 > > Signed-off-by: Narpat Mali <narpat.m...@windriver.com> > --- > ...hardcode-the-path-to-wayland-scanner.patch | 27 ------------------- > .../{wayland_1.20.0.bb => wayland_1.21.0.bb} | 3 +-- > 2 files changed, 1 insertion(+), 29 deletions(-) > delete mode 100644 > meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > rename meta/recipes-graphics/wayland/{wayland_1.20.0.bb => wayland_1.21.0.bb} > (93%) > > diff --git > a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > > b/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > deleted file mode 100644 > index e3e71925b8..0000000000 > --- > a/meta/recipes-graphics/wayland/wayland/0002-Do-not-hardcode-the-path-to-wayland-scanner.patch > +++ /dev/null > @@ -1,27 +0,0 @@ > -From 3e7cd56611aeec274e48a4816bc7c21f74f15be0 Mon Sep 17 00:00:00 2001 > -From: Alexander Kanavin <alex.kana...@gmail.com> > -Date: Mon, 17 Feb 2020 21:46:18 +0100 > -Subject: [PATCH] Do not hardcode the path to wayland-scanner > - > -This results in host contamination during builds. > - > -Upstream-Status: Inappropriate [oe-core specific] > -Signed-off-by: Alexander Kanavin <alex.kana...@gmail.com> > - > ---- > - src/meson.build | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/src/meson.build b/src/meson.build > -index 15730a3..61edbc8 100644 > ---- a/src/meson.build > -+++ b/src/meson.build > -@@ -52,7 +52,7 @@ if get_option('scanner') > - 'datarootdir=' + join_paths('${prefix}', > get_option('datadir')), > - 'pkgdatadir=' + join_paths('${datarootdir}', > meson.project_name()), > - 'bindir=' + join_paths('${prefix}', > get_option('bindir')), > -- 'wayland_scanner=${bindir}/wayland-scanner' > -+ 'wayland_scanner=wayland-scanner' > - ], > - filebase: 'wayland-scanner' > - ) > diff --git a/meta/recipes-graphics/wayland/wayland_1.20.0.bb > b/meta/recipes-graphics/wayland/wayland_1.21.0.bb > similarity index 93% > rename from meta/recipes-graphics/wayland/wayland_1.20.0.bb > rename to meta/recipes-graphics/wayland/wayland_1.21.0.bb > index dd48a29dc4..2092deac92 100644 > --- a/meta/recipes-graphics/wayland/wayland_1.20.0.bb > +++ b/meta/recipes-graphics/wayland/wayland_1.21.0.bb > @@ -14,10 +14,9 @@ DEPENDS = "expat libffi wayland-native" > > SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ > file://run-ptest \ > - file://0002-Do-not-hardcode-the-path-to-wayland-scanner.patch \ > file://0001-build-Fix-strndup-detection-on-MinGW.patch \ > " > -SRC_URI[sha256sum] = > "b8a034154c7059772e0fdbd27dbfcda6c732df29cae56a82274f6ec5d7cd8725" > +SRC_URI[sha256sum] = > "6dc64d7fc16837a693a51cfdb2e568db538bfdc9f457d4656285bb9594ef11ac" > > UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html"; > UPSTREAM_CHECK_REGEX = "wayland-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#172264): https://lists.openembedded.org/g/openembedded-core/message/172264 Mute This Topic: https://lists.openembedded.org/mt/94629704/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
