Otavio,
On 07/11/2016 07:41 AM, Otavio Salvador wrote:
Hello Armin and OE-Core fellows, The libarchive 3.2.1 fixes several bugs and security related issues so it seems like a good candidate for backport. I list below the commits I did in our local fork while testing it:
CVE-2016-1541 is the only missing CVE. Are you aware of others? General bug fixes are good. But If I am not mistaken, there are 803 commits between 3.1.2 (krogoth) and 3.2.1 (master). The is more than I want to take at this time.
thanks for keeping an eye out for changes needing to go into krogoth. kind regards, Armin
commit 95e2a448d857659935ecd4762faea851151d1bce (HEAD -> for-krogoth) Author: Alexander Kanavin <alexander.kana...@linux.intel.com> Date: Tue Jun 28 11:06:13 2016 +0300 libarchive: update to 3.2.1 Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch Signed-off-by: Alexander Kanavin <alexander.kana...@linux.intel.com> Signed-off-by: Ross Burton <ross.bur...@intel.com> (cherry picked from commit 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52) commit 088ad58922bd6af83a17c3c0a9ae3b78564e798d Author: Maxin B. John <maxin.j...@intel.com> Date: Mon Jun 6 00:12:03 2016 +0300 libarchive: respect disable-acl configuration option Update configure.ac to properly handle --disable-acl option [YOCTO #9668] Signed-off-by: Maxin B. John <maxin.j...@intel.com> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit 84fe3f29f2bdaf98c9beefdfede143084fba093b) commit 71a550d24e1098e34e35da68335d83f893afe169 Author: Richard Purdie <richard.pur...@linuxfoundation.org> Date: Sat Jun 4 09:04:26 2016 +0100 libarchive: Add PACKAGECONFIG for lz4 to ensure determinism This avoids: WARNING: opkg-1_0.3.1-r0 do_package_qa: QA Issue: libopkg rdepends on lz4, but it isn't a build dependency, missing lz4 in DEPENDS or PACKAGECONFIG? [build-deps] and ERROR: build-appliance-image-15.0.0-r0 do_rootfs: Unable to install packages. Command '/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/sysroots/x86_64-linux/usr/bin/smart --log-level=warning --data-dir=/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/work/qemux86_64-poky-linux/build-appliance-image/15.0.0-r0/rootfs/var/lib/smart install -y packagegroup-core-boot@qemux86_64 packagegroup-core-ssh-openssh@all psplash@core2_64 kernel-dev@qemux86_64 packagegroup-core-x11-base@all kernel-devsrc@qemux86_64 smartpm@core2_64 packagegroup-self-hosted@all rpm@core2_64 locale-base-en-us@core2_64 locale-base-en-gb@core2_64' returned 1: Loading cache... Updating cache... ######################################## [100%] Computing transaction...error: Can't install libopkg1-1:0.3.1-r0.0@core2_64: no package provides lz4 >= 131+git0+d86dc9167 Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit f12fe90a78ca1239691e8fd8f7b06ce59b8b72cc) commit afc19399bfe4e5dfff5243ed14ab806c78c092bb Author: Paul Barker <p...@paulbarker.me.uk> Date: Sat May 28 14:26:15 2016 +0100 libarchive: Upgrade to v3.2.0 All patches are removed as they are no longer needed. Most were merged into this release of libarchive. "0001-Set-xattrs-after-setting-times.patch" was dropped upstream after discussion, see https://github.com/libarchive/libarchive/pull/664. The COPYING file in libarchive had a couple of minor changes to clarify which files are under which copyrights but the overall license is unaffected. Signed-off-by: Paul Barker <p...@paulbarker.me.uk> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> (cherry picked from commit 4976382011106b9515e44359f2f6bb1d0c69fdb3) Please consider those for next krogoth pull request. Thanks in advance,
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core