* [for-krogoth] Backport of new libarchive release
@ 2016-07-11 14:41 Otavio Salvador
2016-07-12 1:25 ` akuster808
0 siblings, 1 reply; 3+ messages in thread
From: Otavio Salvador @ 2016-07-11 14:41 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
Hello Armin and OE-Core fellows,
The libarchive 3.2.1 fixes several bugs and security related issues so
it seems like a good candidate for backport. I list below the commits
I did in our local fork while testing it:
commit 95e2a448d857659935ecd4762faea851151d1bce (HEAD -> for-krogoth)
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Date: Tue Jun 28 11:06:13 2016 +0300
libarchive: update to 3.2.1
Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52)
commit 088ad58922bd6af83a17c3c0a9ae3b78564e798d
Author: Maxin B. John <maxin.john@intel.com>
Date: Mon Jun 6 00:12:03 2016 +0300
libarchive: respect disable-acl configuration option
Update configure.ac to properly handle --disable-acl option
[YOCTO #9668]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 84fe3f29f2bdaf98c9beefdfede143084fba093b)
commit 71a550d24e1098e34e35da68335d83f893afe169
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sat Jun 4 09:04:26 2016 +0100
libarchive: Add PACKAGECONFIG for lz4 to ensure determinism
This avoids:
WARNING: opkg-1_0.3.1-r0 do_package_qa: QA Issue: libopkg rdepends
on lz4, but it isn't a build dependency, missing lz4 in DEPENDS or
PACKAGECONFIG? [build-deps]
and ERROR:
build-appliance-image-15.0.0-r0 do_rootfs: Unable to install
packages. Command
'/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/sysroots/x86_64-linux/usr/bin/smart
--log-level=warning
--data-dir=/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/work/qemux86_64-poky-linux/build-appliance-image/15.0.0-r0/rootfs/var/lib/smart
install -y packagegroup-core-boot@qemux86_64
packagegroup-core-ssh-openssh@all psplash@core2_64
kernel-dev@qemux86_64 packagegroup-core-x11-base@all
kernel-devsrc@qemux86_64 smartpm@core2_64 packagegroup-self-hosted@all
rpm@core2_64 locale-base-en-us@core2_64 locale-base-en-gb@core2_64'
returned 1:
Loading cache...
Updating cache...
######################################## [100%]
Computing transaction...error: Can't install
libopkg1-1:0.3.1-r0.0@core2_64: no package provides lz4 >=
131+git0+d86dc9167
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f12fe90a78ca1239691e8fd8f7b06ce59b8b72cc)
commit afc19399bfe4e5dfff5243ed14ab806c78c092bb
Author: Paul Barker <paul@paulbarker.me.uk>
Date: Sat May 28 14:26:15 2016 +0100
libarchive: Upgrade to v3.2.0
All patches are removed as they are no longer needed. Most were
merged into this
release of libarchive. "0001-Set-xattrs-after-setting-times.patch"
was dropped
upstream after discussion, see
https://github.com/libarchive/libarchive/pull/664.
The COPYING file in libarchive had a couple of minor changes to
clarify which
files are under which copyrights but the overall license is unaffected.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4976382011106b9515e44359f2f6bb1d0c69fdb3)
Please consider those for next krogoth pull request.
Thanks in advance,
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [for-krogoth] Backport of new libarchive release
2016-07-11 14:41 [for-krogoth] Backport of new libarchive release Otavio Salvador
@ 2016-07-12 1:25 ` akuster808
2016-07-12 11:18 ` Otavio Salvador
0 siblings, 1 reply; 3+ messages in thread
From: akuster808 @ 2016-07-12 1:25 UTC (permalink / raw)
To: Otavio Salvador, Patches and discussions about the oe-core layer
Otavio,
On 07/11/2016 07:41 AM, Otavio Salvador wrote:
> Hello Armin and OE-Core fellows,
>
> The libarchive 3.2.1 fixes several bugs and security related issues so
> it seems like a good candidate for backport. I list below the commits
> I did in our local fork while testing it:
CVE-2016-1541 is the only missing CVE. Are you aware of others? General
bug fixes are good. But If I am not mistaken, there are 803 commits
between 3.1.2 (krogoth) and 3.2.1 (master). The is more than I want to
take at this time.
thanks for keeping an eye out for changes needing to go into krogoth.
kind regards,
Armin
>
> commit 95e2a448d857659935ecd4762faea851151d1bce (HEAD -> for-krogoth)
> Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> Date: Tue Jun 28 11:06:13 2016 +0300
>
> libarchive: update to 3.2.1
>
> Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch
>
> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> (cherry picked from commit 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52)
>
> commit 088ad58922bd6af83a17c3c0a9ae3b78564e798d
> Author: Maxin B. John <maxin.john@intel.com>
> Date: Mon Jun 6 00:12:03 2016 +0300
>
> libarchive: respect disable-acl configuration option
>
> Update configure.ac to properly handle --disable-acl option
>
> [YOCTO #9668]
>
> Signed-off-by: Maxin B. John <maxin.john@intel.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 84fe3f29f2bdaf98c9beefdfede143084fba093b)
>
> commit 71a550d24e1098e34e35da68335d83f893afe169
> Author: Richard Purdie <richard.purdie@linuxfoundation.org>
> Date: Sat Jun 4 09:04:26 2016 +0100
>
> libarchive: Add PACKAGECONFIG for lz4 to ensure determinism
>
> This avoids:
>
> WARNING: opkg-1_0.3.1-r0 do_package_qa: QA Issue: libopkg rdepends
> on lz4, but it isn't a build dependency, missing lz4 in DEPENDS or
> PACKAGECONFIG? [build-deps]
>
> and ERROR:
>
> build-appliance-image-15.0.0-r0 do_rootfs: Unable to install
> packages. Command
> '/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/sysroots/x86_64-linux/usr/bin/smart
> --log-level=warning
> --data-dir=/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/work/qemux86_64-poky-linux/build-appliance-image/15.0.0-r0/rootfs/var/lib/smart
> install -y packagegroup-core-boot@qemux86_64
> packagegroup-core-ssh-openssh@all psplash@core2_64
> kernel-dev@qemux86_64 packagegroup-core-x11-base@all
> kernel-devsrc@qemux86_64 smartpm@core2_64 packagegroup-self-hosted@all
> rpm@core2_64 locale-base-en-us@core2_64 locale-base-en-gb@core2_64'
> returned 1:
> Loading cache...
> Updating cache...
> ######################################## [100%]
>
> Computing transaction...error: Can't install
> libopkg1-1:0.3.1-r0.0@core2_64: no package provides lz4 >=
> 131+git0+d86dc9167
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit f12fe90a78ca1239691e8fd8f7b06ce59b8b72cc)
>
> commit afc19399bfe4e5dfff5243ed14ab806c78c092bb
> Author: Paul Barker <paul@paulbarker.me.uk>
> Date: Sat May 28 14:26:15 2016 +0100
>
> libarchive: Upgrade to v3.2.0
>
> All patches are removed as they are no longer needed. Most were
> merged into this
> release of libarchive. "0001-Set-xattrs-after-setting-times.patch"
> was dropped
> upstream after discussion, see
> https://github.com/libarchive/libarchive/pull/664.
>
> The COPYING file in libarchive had a couple of minor changes to
> clarify which
> files are under which copyrights but the overall license is unaffected.
>
> Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 4976382011106b9515e44359f2f6bb1d0c69fdb3)
>
> Please consider those for next krogoth pull request.
>
> Thanks in advance,
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [for-krogoth] Backport of new libarchive release
2016-07-12 1:25 ` akuster808
@ 2016-07-12 11:18 ` Otavio Salvador
0 siblings, 0 replies; 3+ messages in thread
From: Otavio Salvador @ 2016-07-12 11:18 UTC (permalink / raw)
To: akuster808; +Cc: Patches and discussions about the oe-core layer
On Mon, Jul 11, 2016 at 10:25 PM, akuster808 <akuster808@gmail.com> wrote:
> On 07/11/2016 07:41 AM, Otavio Salvador wrote:
>> The libarchive 3.2.1 fixes several bugs and security related issues so
>> it seems like a good candidate for backport. I list below the commits
>> I did in our local fork while testing it:
>
> CVE-2016-1541 is the only missing CVE. Are you aware of others? General bug
> fixes are good. But If I am not mistaken, there are 803 commits between
> 3.1.2 (krogoth) and 3.2.1 (master). The is more than I want to take at this
> time.
No; I am not aware of other. On OE-Core side has fixes which might be
worth check if they apply, even if not bumping the base version.
> thanks for keeping an eye out for changes needing to go into krogoth.
You're welcome. We are using it a lot so we keep finding issues worth
fixing, with low risk.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-07-12 11:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-11 14:41 [for-krogoth] Backport of new libarchive release Otavio Salvador
2016-07-12 1:25 ` akuster808
2016-07-12 11:18 ` Otavio Salvador
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.