Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=zeus-next 2020-02-11T23:05:12+00:00 2020-02-11T23:05:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-05T15:37:19+00:00 urn:sha1:e91261050ea0e81eed84698e020bc492ed0030ca rsh is insecure and obsolete but tar will enable support if the binary is on the host system. Some systems point it at ssh. Lets explictly disable it for now unless someone actually needs/uses this at which point it could become a packageconfig. (From OE-Core rev: d14a4b0db92a9a7d1ff72a2e0faca7f1a23a0b68) (From OE-Core rev: 6bdc5f787af46e9c849947cad06ad40aa401b767) (From OE-Core rev: af4a284bb6fbfd8b58d10d4a5f0f10297c949912) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-05-27T16:06:34+00:00 Adrian Bunk bunk@stusta.de 2019-05-22T18:18:47+00:00 urn:sha1:2c0f37d2da3e662dd81b62b911e8135cc7e4b98f When the original problem was fixed in gnulib the patches were rebased on top of the upstream fix... (From OE-Core rev: d93ad85d94ea99e3fad7e4c2f6be999088e2f9f9) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-05-08T11:15:17+00:00 Hongxu Jia hongxu.jia@windriver.com 2019-05-05T10:04:24+00:00 urn:sha1:6c1ddb540944f43784af929d02eb56d7efc350fb The rmt in cpio-native and tar-native is clashing, since tar-native has set var-NATIVE_PACKAGE_PATH_SUFFIX, we move rmt to sbindir, and add suffix NATIVE_PACKAGE_PATH_SUFFIX to sbindir could avoid the clashing. And in Ubuntu, rmt is in sbindir $ which rmt /usr/sbin/rmt (From OE-Core rev: e9ac5ac2f4d135734f549d17cce3ebc52132b7d0) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-04-12T13:05:37+00:00 Oleksandr Kravchuk open.source@oleksandr-kravchuk.com 2019-03-31T16:21:51+00:00 urn:sha1:7b0599e44ad93895eb74fa3dd8061bb4e8b639a2 (From OE-Core rev: 472258c7bf25672d6b8922061e8ea382d7be478a) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-02-20T11:30:35+00:00 Chen Qi Qi.Chen@windriver.com 2019-02-20T01:40:37+00:00 urn:sha1:ec7ffc38d15a6b28999940938424b2df2d3ca9e3 Remove the musl specific do_install, as it's not suitable for this version. (From OE-Core rev: 348a96a5b4016a7615f8d22c03ec1ced60367c3b) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-04T12:28:05+00:00 Andre McCurdy armccurdy@gmail.com 2018-04-26T17:49:41+00:00 urn:sha1:5c526c37ff54117eaaa0fecc3ac973312e724f1c (From OE-Core rev: fa8f3bda2680d9890ff6d2bc0ce9737a4d40b4f7) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-04T12:28:05+00:00 Andre McCurdy armccurdy@gmail.com 2018-04-26T17:49:40+00:00 urn:sha1:b6c35d1c5bea5c651c5261cd034f4848180c8664 There's only one user of tar.inc (meta-gplv2 has its own copy), so merge the .inc file into the tar recipe. (From OE-Core rev: cce7b627f9046c15dde49c001481003cee33fc9c) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-02-06T11:06:28+00:00 Huang Qiyu huangqy.fnst@cn.fujitsu.com 2018-01-31T08:56:34+00:00 urn:sha1:1bd9013c31c38c0fbfe35aa548acd3cb3ca1ce0b 1.Upgrade tar from 1.29 to 1.30. 2.Modify musl_dirent.patch, since the data has been changed. 3.Delete CVE-2016-6321.patch, since it is integrated upstream. (From OE-Core rev: 9dc417ef8f94b51140fe2befcd492f6ea9726a4a) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-07T20:05:31+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-03-02T12:04:08+00:00 urn:sha1:2345af9b4829ed3eed5abf60f2483055649f8af7 These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-01T23:27:10+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-02-24T12:49:18+00:00 urn:sha1:a38ab4ddb786b4d692d4ae891144da576cc190e3 Skip members whose names contain "..". Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 Upstream patch: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671 (From OE-Core rev: cfa2b5facd1aa6a2bac4cb04687e1a977c533934) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>