Re: [for-krogoth] Backport of new libarchive release

All of lore.kernel.org
 help / color / mirror / Atom feed

From: akuster808 <akuster808@gmail.com>
To: Otavio Salvador <otavio.salvador@ossystems.com.br>,
	Patches and discussions about the oe-core layer
	<openembedded-core@lists.openembedded.org>
Subject: Re: [for-krogoth] Backport of new libarchive release
Date: Mon, 11 Jul 2016 18:25:22 -0700	[thread overview]
Message-ID: <57844702.9050108@gmail.com> (raw)
In-Reply-To: <CAP9ODKp17vE1xOJiePAq6d3poMvCkkK-BCdf4_m6yAUXgsWsPw@mail.gmail.com>


Otavio,

On 07/11/2016 07:41 AM, Otavio Salvador wrote:
> Hello Armin and OE-Core fellows,
>
> The libarchive 3.2.1 fixes several bugs and security related issues so
> it seems like a good candidate for backport. I list below the commits
> I did in our local fork while testing it:

CVE-2016-1541 is the only missing CVE. Are you aware of others? General 
bug fixes are good.  But If I am not mistaken, there are 803 commits 
between 3.1.2 (krogoth) and 3.2.1 (master). The is more than I want to 
take at this time.

thanks for keeping an eye out for changes needing to go into krogoth.

kind regards,
Armin

>
> commit 95e2a448d857659935ecd4762faea851151d1bce (HEAD -> for-krogoth)
> Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> Date:   Tue Jun 28 11:06:13 2016 +0300
>
>      libarchive: update to 3.2.1
>
>      Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch
>
>      Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
>      Signed-off-by: Ross Burton <ross.burton@intel.com>
>      (cherry picked from commit 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52)
>
> commit 088ad58922bd6af83a17c3c0a9ae3b78564e798d
> Author: Maxin B. John <maxin.john@intel.com>
> Date:   Mon Jun 6 00:12:03 2016 +0300
>
>      libarchive: respect disable-acl configuration option
>
>      Update configure.ac to properly handle --disable-acl option
>
>      [YOCTO #9668]
>
>      Signed-off-by: Maxin B. John <maxin.john@intel.com>
>      Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>      (cherry picked from commit 84fe3f29f2bdaf98c9beefdfede143084fba093b)
>
> commit 71a550d24e1098e34e35da68335d83f893afe169
> Author: Richard Purdie <richard.purdie@linuxfoundation.org>
> Date:   Sat Jun 4 09:04:26 2016 +0100
>
>      libarchive: Add PACKAGECONFIG for lz4 to ensure determinism
>
>      This avoids:
>
>      WARNING: opkg-1_0.3.1-r0 do_package_qa: QA Issue: libopkg rdepends
> on lz4, but it isn't a build dependency, missing lz4 in DEPENDS or
> PACKAGECONFIG? [build-deps]
>
>      and ERROR:
>
>      build-appliance-image-15.0.0-r0 do_rootfs: Unable to install
> packages. Command
> '/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/sysroots/x86_64-linux/usr/bin/smart
> --log-level=warning
> --data-dir=/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/work/qemux86_64-poky-linux/build-appliance-image/15.0.0-r0/rootfs/var/lib/smart
> install -y packagegroup-core-boot@qemux86_64
> packagegroup-core-ssh-openssh@all psplash@core2_64
> kernel-dev@qemux86_64 packagegroup-core-x11-base@all
> kernel-devsrc@qemux86_64 smartpm@core2_64 packagegroup-self-hosted@all
> rpm@core2_64 locale-base-en-us@core2_64 locale-base-en-gb@core2_64'
> returned 1:
>      Loading cache...
>      Updating cache...
> ######################################## [100%]
>
>      Computing transaction...error: Can't install
> libopkg1-1:0.3.1-r0.0@core2_64: no package provides lz4 >=
> 131+git0+d86dc9167
>
>      Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>      (cherry picked from commit f12fe90a78ca1239691e8fd8f7b06ce59b8b72cc)
>
> commit afc19399bfe4e5dfff5243ed14ab806c78c092bb
> Author: Paul Barker <paul@paulbarker.me.uk>
> Date:   Sat May 28 14:26:15 2016 +0100
>
>      libarchive: Upgrade to v3.2.0
>
>      All patches are removed as they are no longer needed. Most were
> merged into this
>      release of libarchive. "0001-Set-xattrs-after-setting-times.patch"
> was dropped
>      upstream after discussion, see
> https://github.com/libarchive/libarchive/pull/664.
>
>      The COPYING file in libarchive had a couple of minor changes to
> clarify which
>      files are under which copyrights but the overall license is unaffected.
>
>      Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
>      Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>      (cherry picked from commit 4976382011106b9515e44359f2f6bb1d0c69fdb3)
>
> Please consider those for next krogoth pull request.
>
> Thanks in advance,
>

next prev parent reply	other threads:[~2016-07-12  1:25 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-11 14:41 [for-krogoth] Backport of new libarchive release Otavio Salvador
2016-07-12  1:25 ` akuster808 [this message]
2016-07-12 11:18   ` Otavio Salvador

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57844702.9050108@gmail.com \
    --to=akuster808@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=otavio.salvador@ossystems.com.br \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.