[OE-core] [zeus 00/29] Patch review
Schrempf Frieder
frieder.schrempf at kontron.de
Mon Feb 10 08:07:25 UTC 2020
Hi Armin,
On 09.02.20 17:09, Armin Kuster wrote:
> These are the additional changes to help address reproducibility issues and additional fixes
> we would like to be included in 3.0.2
>
> Please have comments back by Tuesday
I have two questions/comments:
1. When I look at the zeus-next branch, why do I see only patches 7 to
29 from this series applied and what about patches 1 to 6? Am I missing
something?
2. Patch 5 (devtool/standard.py: Allow recipe to disable menuconfig
logic) goes hand in hand with a change to the u-boot recipe, that is
also in master (c634b8db1a8b). This patch seems to be missing here.
Regards,
Frieder
>
> The following changes since commit 9b1bf083129be2b849db52d4f0eda9eb6077c97e:
>
> python2: add ntpath (2020-02-02 18:19:50 -0800)
>
> are available in the Git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib stable/zeus-nut
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nut
>
> Alejandro del Castillo (1):
> opkg-utils: upgrade to version 0.4.2
>
> Alexander Kanavin (1):
> perl: do not install files that contain build host specific data
>
> Anuj Mittal (3):
> Revert "bzip2: Fix CVE-2019-12900"
> curl: fix CVE-2019-15601
> cpio: fix CVE-2019-14866
>
> Joshua Watt (2):
> classes/reproducible_build: Read SDE file later
> mc: Fix build reproducibility
>
> Lee Chee Yang (1):
> rsync: whitelist CVE-2017-16548
>
> Richard Purdie (17):
> opkg-utils: Fix reproducibility issues in opkg-build
> oeqa/reproducible: Improve test output and ensure deb+ipk compared
> sudo: Set vardir deterministically
> libxshmfence: Set shm directory deterministically
> mc: Set zipinfo presence determinstically
> mc: Fix manpage date indeterminism
> tar: Fix build determinism, disable rsh
> patch: Extend to native/nativesdk and depend upon
> libidn2: Fix reproducibility issue
> perl: Fix various reproducibile build issues
> openssl: Fix reproducibility issue
> iputils: Fix build determinism
> libinput: Fix determinism issue
> libgcrypt: Fix determinism issue
> sysvinit: Fix Reproducibility issue
> libevdev: Fix determinism issue
> ncurses: Fix reproducibility issue
>
> Ross Burton (2):
> gtk+3: sort resources for reproducible binaries
> sudo: specify where target tools are
>
> Taras Kondratiuk via Openembedded-core (1):
> gcc-9.2: fix bug #91102 'aarch64 ICE on Linux kernel with -Os'
>
> Tom Hochstein (1):
> devtool/standard.py: Allow recipe to disable menuconfig logic
>
> meta/classes/patch.bbclass | 7 +
> meta/classes/reproducible_build.bbclass | 40 ++-
> meta/lib/oeqa/selftest/cases/reproducible.py | 9 +-
> .../openssl/openssl/reproducible.patch | 32 ++
> .../openssl/openssl_1.1.1d.bb | 1 +
> meta/recipes-core/meta/buildtools-tarball.bb | 1 +
> meta/recipes-core/ncurses/ncurses.inc | 1 +
> .../recipes-core/sysvinit/sysvinit_2.88dsf.bb | 1 +
> meta/recipes-devtools/gcc/gcc-9.2.inc | 1 +
> ...02-aarch64-ICE-on-Linux-kernel-with-.patch | 95 ++++++
> ...Switch-all-scripts-to-use-Python-3.x.patch | 113 -------
> ...ld-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch | 44 ---
> .../opkg-utils/fix-reproducibility.patch | 32 ++
> .../opkg-utils/opkg-utils/pipefail.patch | 31 --
> ...pkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} | 13 +-
> meta/recipes-devtools/patch/patch_2.7.6.bb | 3 +
> .../perl/files/determinism.patch | 81 +++++
> meta/recipes-devtools/perl/perl-ptest.inc | 3 +
> meta/recipes-devtools/perl/perl_5.30.0.bb | 4 +
> meta/recipes-devtools/rsync/rsync_3.1.3.bb | 3 +
> .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 --
> .../cpio/cpio-2.12/CVE-2019-14866.patch | 316 ++++++++++++++++++
> meta/recipes-extended/cpio/cpio_2.12.bb | 1 +
> .../iputils/iputils_s20190709.bb | 3 +-
> meta/recipes-extended/libidn/libidn2_2.2.0.bb | 3 +-
> ...Add-option-to-control-configure-args.patch | 99 ++++++
> .../recipes-extended/mc/files/nomandate.patch | 21 ++
> meta/recipes-extended/mc/mc_4.8.23.bb | 7 +-
> meta/recipes-extended/sudo/sudo.inc | 2 +-
> meta/recipes-extended/sudo/sudo_1.8.27.bb | 10 +-
> meta/recipes-extended/tar/tar_1.32.bb | 2 +
> .../gtk+/gtk+3/sort-resources.patch | 19 ++
> meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb | 1 +
> .../wayland/libinput/determinism.patch | 21 ++
> .../wayland/libinput_1.14.1.bb | 4 +-
> .../xorg-lib/libxshmfence_1.3.bb | 2 +
> .../curl/curl/CVE-2019-15601.patch | 46 +++
> meta/recipes-support/curl/curl_7.66.0.bb | 1 +
> .../libevdev/libevdev/determinism.patch | 34 ++
> .../libevdev/libevdev_1.8.0.bb | 3 +-
> .../libgcrypt/files/determinism.patch | 32 ++
> .../libgcrypt/libgcrypt_1.8.4.bb | 1 +
> scripts/lib/devtool/standard.py | 6 +-
> 43 files changed, 933 insertions(+), 252 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch
> create mode 100644 meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch
> delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch
> delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch
> create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch
> delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch
> rename meta/recipes-devtools/opkg-utils/{opkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} (83%)
> create mode 100644 meta/recipes-devtools/perl/files/determinism.patch
> delete mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
> create mode 100644 meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
> create mode 100644 meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
> create mode 100644 meta/recipes-extended/mc/files/nomandate.patch
> create mode 100644 meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch
> create mode 100644 meta/recipes-graphics/wayland/libinput/determinism.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2019-15601.patch
> create mode 100644 meta/recipes-support/libevdev/libevdev/determinism.patch
> create mode 100644 meta/recipes-support/libgcrypt/files/determinism.patch
>
More information about the Openembedded-core
mailing list