Otavio,
On 07/11/2016 07:41 AM, Otavio Salvador wrote:
Hello Armin and OE-Core fellows,
The libarchive 3.2.1 fixes several bugs and security related issues so
it seems like a good candidate for backport. I list below the commits
I did in our local fork while testing it:
CVE-2016-1541 is the only missing CVE. Are you aware of others? General
bug fixes are good. But If I am not mistaken, there are 803 commits
between 3.1.2 (krogoth) and 3.2.1 (master). The is more than I want to
take at this time.
thanks for keeping an eye out for changes needing to go into krogoth.
kind regards,
Armin
commit 95e2a448d857659935ecd4762faea851151d1bce (HEAD -> for-krogoth)
Author: Alexander Kanavin
Date: Tue Jun 28 11:06:13 2016 +0300
libarchive: update to 3.2.1
Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch
Signed-off-by: Alexander Kanavin
Signed-off-by: Ross Burton
(cherry picked from commit 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52)
commit 088ad58922bd6af83a17c3c0a9ae3b78564e798d
Author: Maxin B. John
Date: Mon Jun 6 00:12:03 2016 +0300
libarchive: respect disable-acl configuration option
Update configure.ac to properly handle --disable-acl option
[YOCTO #9668]
Signed-off-by: Maxin B. John
Signed-off-by: Richard Purdie
(cherry picked from commit 84fe3f29f2bdaf98c9beefdfede143084fba093b)
commit 71a550d24e1098e34e35da68335d83f893afe169
Author: Richard Purdie
Date: Sat Jun 4 09:04:26 2016 +0100
libarchive: Add PACKAGECONFIG for lz4 to ensure determinism
This avoids:
WARNING: opkg-1_0.3.1-r0 do_package_qa: QA Issue: libopkg rdepends
on lz4, but it isn't a build dependency, missing lz4 in DEPENDS or
PACKAGECONFIG? [build-deps]
and ERROR:
build-appliance-image-15.0.0-r0 do_rootfs: Unable to install
packages. Command
'/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/sysroots/x86_64-linux/usr/bin/smart
--log-level=warning
--data-dir=/home/pokybuild/yocto-autobuilder/yocto-worker/build-appliance/build/build/tmp/work/qemux86_64-poky-linux/build-appliance-image/15.0.0-r0/rootfs/var/lib/smart
install -y packagegroup-core-boot@qemux86_64
packagegroup-core-ssh-openssh@all psplash@core2_64
kernel-dev@qemux86_64 packagegroup-core-x11-base@all
kernel-devsrc@qemux86_64 smartpm@core2_64 packagegroup-self-hosted@all
rpm@core2_64 locale-base-en-us@core2_64 locale-base-en-gb@core2_64'
returned 1:
Loading cache...
Updating cache...
[100%]
Computing transaction...error: Can't install
libopkg1-1:0.3.1-r0.0@core2_64: no package provides lz4 >=
131+git0+d86dc9167
Signed-off-by: Richard Purdie
(cherry picked from commit f12fe90a78ca1239691e8fd8f7b06ce59b8b72cc)
commit afc19399bfe4e5dfff5243ed14ab806c78c092bb
Author: Paul Barker
Date: Sat May 28 14:26:15 2016 +0100
libarchive: Upgrade to v3.2.0
All patches are removed as they are no longer needed. Most were
merged into this
release of libarchive. "0001-Set-xattrs-after-setting-times.patch"
was dropped
upstream after discussion, see
https://github.com/libarchive/libarchive/pull/664.
The COPYING file in libarchive had a couple of minor changes to
clarify which
files are under which copyrights but the overall license is unaffected.
Signed-off-by: Paul Barker
Signed-off-by: Richard Purdie
(cherry picked from commit 4976382011106b9515e44359f2f6bb1d0c69fdb3)
Please consider those for next krogoth pull request.
Thanks in advance,
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core