Message ID | 20240819122631.1684155-1-wdouglass@carnegierobotics.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [1/1] package/chicken: Update to 5.4.0 | expand |
Hello Woodrow, On Mon, 19 Aug 2024 08:26:31 -0400 Woodrow Douglass via buildroot <buildroot@buildroot.org> wrote: > This release includes a fix for CVE-2022-45145 Then, could you update the commit title to: package/chicken: security bump to 5.4.0 > > Signed-off-by: Woodrow Douglass <wdouglass@carnegierobotics.com> > --- > package/chicken/chicken.hash | 2 +- > package/chicken/chicken.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/chicken/chicken.hash b/package/chicken/chicken.hash > index 5a553da792..b5df49814b 100644 > --- a/package/chicken/chicken.hash > +++ b/package/chicken/chicken.hash > @@ -1,4 +1,4 @@ > # From https://code.call-cc.org/releases/5.3.0/chicken-5.3.0.tar.gz.sha256 > -sha256 c3ad99d8f9e17ed810912ef981ac3b0c2e2f46fb0ecc033b5c3b6dca1bdb0d76 chicken-5.3.0.tar.gz > +sha256 3c5d4aa61c1167bf6d9bf9eaf891da7630ba9f5f3c15bf09515a7039bfcdec5f chicken-5.3.0.tar.gz Are you sure you tested the build? The tarball here is still named chicken-5.4.0.tar.gz. Also pay attention to the comment in the .hash file, which contains an URL with the version. Thanks! Thomas
On 8/19/24 16:29, Thomas Petazzoni wrote: > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. > > > Hello Woodrow, > > On Mon, 19 Aug 2024 08:26:31 -0400 > Woodrow Douglass via buildroot <buildroot@buildroot.org> wrote: > >> This release includes a fix for CVE-2022-45145 > Then, could you update the commit title to: > > package/chicken: security bump to 5.4.0 > >> Signed-off-by: Woodrow Douglass <wdouglass@carnegierobotics.com> >> --- >> package/chicken/chicken.hash | 2 +- >> package/chicken/chicken.mk | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/package/chicken/chicken.hash b/package/chicken/chicken.hash >> index 5a553da792..b5df49814b 100644 >> --- a/package/chicken/chicken.hash >> +++ b/package/chicken/chicken.hash >> @@ -1,4 +1,4 @@ >> # From https://code.call-cc.org/releases/5.3.0/chicken-5.3.0.tar.gz.sha256 >> -sha256 c3ad99d8f9e17ed810912ef981ac3b0c2e2f46fb0ecc033b5c3b6dca1bdb0d76 chicken-5.3.0.tar.gz >> +sha256 3c5d4aa61c1167bf6d9bf9eaf891da7630ba9f5f3c15bf09515a7039bfcdec5f chicken-5.3.0.tar.gz > Are you sure you tested the build? The tarball here is still named > chicken-5.4.0.tar.gz. Also pay attention to the comment in the .hash > file, which contains an URL with the version. I'm sorry! I ran a test build, but must have absentmindedly tested at the wrong point in my patch-rebase-send cycle. I'll send a new patch soon! > Thanks! > > Thomas > -- > Thomas Petazzoni, co-owner and CEO, Bootlin > Embedded Linux and Kernel engineering and training > https://bootlin.com Sorry again, Woodrow Douglass
diff --git a/package/chicken/chicken.hash b/package/chicken/chicken.hash index 5a553da792..b5df49814b 100644 --- a/package/chicken/chicken.hash +++ b/package/chicken/chicken.hash @@ -1,4 +1,4 @@ # From https://code.call-cc.org/releases/5.3.0/chicken-5.3.0.tar.gz.sha256 -sha256 c3ad99d8f9e17ed810912ef981ac3b0c2e2f46fb0ecc033b5c3b6dca1bdb0d76 chicken-5.3.0.tar.gz +sha256 3c5d4aa61c1167bf6d9bf9eaf891da7630ba9f5f3c15bf09515a7039bfcdec5f chicken-5.3.0.tar.gz # Locally computed sha256 b434ac92e094214136a6b5032f0dc9da97f22cef084ac1d0131b02a09e2caa37 LICENSE diff --git a/package/chicken/chicken.mk b/package/chicken/chicken.mk index 0000fc635e..ca5f756995 100644 --- a/package/chicken/chicken.mk +++ b/package/chicken/chicken.mk @@ -4,7 +4,7 @@ # ################################################################################ -CHICKEN_VERSION = 5.3.0 +CHICKEN_VERSION = 5.4.0 CHICKEN_SITE = https://code.call-cc.org/releases/$(CHICKEN_VERSION) CHICKEN_LICENSE = BSD-3-Clause CHICKEN_LICENSE_FILES = LICENSE
This release includes a fix for CVE-2022-45145 Signed-off-by: Woodrow Douglass <wdouglass@carnegierobotics.com> --- package/chicken/chicken.hash | 2 +- package/chicken/chicken.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)