* [PATCH 00/26] thud patch review
@ 2019-03-19 2:36 Armin Kuster
2019-03-19 8:55 ` Martin Jansa
2019-03-19 9:05 ` Vincent Prince
0 siblings, 2 replies; 11+ messages in thread
From: Armin Kuster @ 2019-03-19 2:36 UTC (permalink / raw)
To: openembedded-core
Responses should be made by Wed March 20th 22:00:00 UTC 2019
The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib stable/thud-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
Alexander Kanavin (1):
ca-certificates: upgrade 20180409 -> 20190110
André Draszik (1):
systemd: RDEPENDS on util-linux-umount
Changqing Li (1):
libsndfile1: Security fix CVE-2018-19432
Chen Qi (1):
target-sdk-provides-dummy: add more perl modules to avoid populate_sdk
failure
Douglas Royds (1):
libpam: libpamc is licensed under its own BSD-style licence
George McCollister (1):
systemd: fix CVE-2019-6454
Jonathan Rajotte-Julien (3):
lttng-ust: update to 2.10.3
lttng-modules: update to 2.10.9
lttng-tools: update to 2.9.11
Mark Hatle (10):
gitsm.py: Fix when a submodule is defined, but not initialized
gitsm.py: Add support for alternative URL formats from submodule files
tests/fetch.py: Add alternative gitsm test case
gitsm.py: Optimize code and attempt to resolve locking issue
gitsm.py: revise unpack
gitsm.py: Rework the shallow fetcher and test case
gitsm.py: Refactor the functions and simplify the class
gitsm.py: Fix relative URLs
gitsmy.py: Fix unpack of submodules of submodules
gitsm: The fetcher did not process some recursive submodules properly.
Ming Liu (1):
rm_work: sort the value of do_build dependencies
Oleksandr Kravchuk (1):
target-sdk-provides-dummy: add perl-module-overload
Richard Purdie (3):
target-sdk-provides-dummy: Extend to -dev and -src packages
systemd: Update recent CVE patches
kernel: Ensure an initramfs is added if configured
Robert Yang (1):
send-error-report: Add --no-ssl to use http protocol
Ross Burton (1):
libpng: fix CVE-2019-7317
bitbake/lib/bb/fetch2/gitsm.py | 253 +++++++++------------
bitbake/lib/bb/tests/fetch.py | 70 +++++-
meta/classes/kernel.bbclass | 4 +-
meta/classes/rm_work.bbclass | 3 +-
.../recipes-core/meta/target-sdk-provides-dummy.bb | 14 ++
...-not-store-the-iovec-entry-for-process-co.patch | 6 +-
...ld-set-a-limit-on-the-number-of-fields-1k.patch | 56 -----
...nald-set-a-limit-on-the-number-of-fields.patch} | 93 ++++++--
...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 ++++
.../0027-journal-fix-syslog_parse_identifier.patch | 77 -------
...not-remove-multiple-spaces-after-identifi.patch | 84 -------
.../systemd/systemd/CVE-2019-6454.patch | 210 +++++++++++++++++
...e-receive-an-invalid-dbus-message-ignore-.patch | 61 +++++
meta/recipes-core/systemd/systemd_239.bb | 10 +-
meta/recipes-extended/pam/libpam_1.3.0.bb | 4 +-
...ose-sk-wmem-in-sock_exceed_buf_limit-trac.patch | 67 ------
...g-modules_2.10.7.bb => lttng-modules_2.10.9.bb} | 5 +-
...ow-multiple-attempts-to-connect-to-relayd.patch | 17 +-
...{lttng-tools_2.9.5.bb => lttng-tools_2.9.11.bb} | 4 +-
.../{lttng-ust_2.10.1.bb => lttng-ust_2.10.3.bb} | 4 +-
.../libpng/libpng/CVE-2019-7317.patch | 20 ++
meta/recipes-multimedia/libpng/libpng_1.6.36.bb | 3 +-
.../libsndfile/libsndfile1/CVE-2018-19432.patch | 115 ++++++++++
.../libsndfile/libsndfile1_1.0.28.bb | 1 +
...tes_20180409.bb => ca-certificates_20190110.bb} | 2 +-
scripts/send-error-report | 11 +-
26 files changed, 758 insertions(+), 485 deletions(-)
delete mode 100644 meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch
rename meta/recipes-core/systemd/systemd/{0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch => 0025-journald-set-a-limit-on-the-number-of-fields.patch} (47%)
create mode 100644 meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-6454.patch
create mode 100644 meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.10.7.bb => lttng-modules_2.10.9.bb} (85%)
rename meta/recipes-kernel/lttng/{lttng-tools_2.9.5.bb => lttng-tools_2.9.11.bb} (97%)
rename meta/recipes-kernel/lttng/{lttng-ust_2.10.1.bb => lttng-ust_2.10.3.bb} (90%)
create mode 100644 meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
rename meta/recipes-support/ca-certificates/{ca-certificates_20180409.bb => ca-certificates_20190110.bb} (98%)
--
2.7.4
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 2:36 [PATCH 00/26] thud patch review Armin Kuster
@ 2019-03-19 8:55 ` Martin Jansa
2019-03-19 10:22 ` Alexander Kanavin
2019-03-19 14:52 ` akuster808
2019-03-19 9:05 ` Vincent Prince
1 sibling, 2 replies; 11+ messages in thread
From: Martin Jansa @ 2019-03-19 8:55 UTC (permalink / raw)
To: Armin Kuster; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 864 bytes --]
On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>
> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>
> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib stable/thud-next
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>
> Alexander Kanavin (1):
> ca-certificates: upgrade 20180409 -> 20190110
This depends on openssl >= 1.1.1 since:
https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
some people might not use new openssl with thud.
More detail in:
http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
Cheers,
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 2:36 [PATCH 00/26] thud patch review Armin Kuster
2019-03-19 8:55 ` Martin Jansa
@ 2019-03-19 9:05 ` Vincent Prince
1 sibling, 0 replies; 11+ messages in thread
From: Vincent Prince @ 2019-03-19 9:05 UTC (permalink / raw)
To: Armin Kuster; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 6296 bytes --]
Hi Armin,
Regarding target-sdk-provides-dummy: add more perl modules to avoid
populate_sdk failure patch, I had to complete it with following bbappend:
DUMMYPROVIDES_append = "\
perl-module-warnings-register \
perl-module-config \
perl-module-overloading \
perl-module-warnings \
perl-module-file-temp \
"
Don't know if we should rework Chen Qi patch or create a new one.
By the way, can't we add every empty perl packages in dummy automatically?
Best regards,
Vincent
Le mar. 19 mars 2019 à 03:37, Armin Kuster <akuster808@gmail.com> a écrit :
> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>
> The following changes since commit
> f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>
> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib stable/thud-next
>
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>
> Alexander Kanavin (1):
> ca-certificates: upgrade 20180409 -> 20190110
>
> André Draszik (1):
> systemd: RDEPENDS on util-linux-umount
>
> Changqing Li (1):
> libsndfile1: Security fix CVE-2018-19432
>
> Chen Qi (1):
> target-sdk-provides-dummy: add more perl modules to avoid populate_sdk
> failure
>
> Douglas Royds (1):
> libpam: libpamc is licensed under its own BSD-style licence
>
> George McCollister (1):
> systemd: fix CVE-2019-6454
>
> Jonathan Rajotte-Julien (3):
> lttng-ust: update to 2.10.3
> lttng-modules: update to 2.10.9
> lttng-tools: update to 2.9.11
>
> Mark Hatle (10):
> gitsm.py: Fix when a submodule is defined, but not initialized
> gitsm.py: Add support for alternative URL formats from submodule files
> tests/fetch.py: Add alternative gitsm test case
> gitsm.py: Optimize code and attempt to resolve locking issue
> gitsm.py: revise unpack
> gitsm.py: Rework the shallow fetcher and test case
> gitsm.py: Refactor the functions and simplify the class
> gitsm.py: Fix relative URLs
> gitsmy.py: Fix unpack of submodules of submodules
> gitsm: The fetcher did not process some recursive submodules properly.
>
> Ming Liu (1):
> rm_work: sort the value of do_build dependencies
>
> Oleksandr Kravchuk (1):
> target-sdk-provides-dummy: add perl-module-overload
>
> Richard Purdie (3):
> target-sdk-provides-dummy: Extend to -dev and -src packages
> systemd: Update recent CVE patches
> kernel: Ensure an initramfs is added if configured
>
> Robert Yang (1):
> send-error-report: Add --no-ssl to use http protocol
>
> Ross Burton (1):
> libpng: fix CVE-2019-7317
>
> bitbake/lib/bb/fetch2/gitsm.py | 253
> +++++++++------------
> bitbake/lib/bb/tests/fetch.py | 70 +++++-
> meta/classes/kernel.bbclass | 4 +-
> meta/classes/rm_work.bbclass | 3 +-
> .../recipes-core/meta/target-sdk-provides-dummy.bb | 14 ++
> ...-not-store-the-iovec-entry-for-process-co.patch | 6 +-
> ...ld-set-a-limit-on-the-number-of-fields-1k.patch | 56 -----
> ...nald-set-a-limit-on-the-number-of-fields.patch} | 93 ++++++--
> ...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 ++++
> .../0027-journal-fix-syslog_parse_identifier.patch | 77 -------
> ...not-remove-multiple-spaces-after-identifi.patch | 84 -------
> .../systemd/systemd/CVE-2019-6454.patch | 210 +++++++++++++++++
> ...e-receive-an-invalid-dbus-message-ignore-.patch | 61 +++++
> meta/recipes-core/systemd/systemd_239.bb | 10 +-
> meta/recipes-extended/pam/libpam_1.3.0.bb | 4 +-
> ...ose-sk-wmem-in-sock_exceed_buf_limit-trac.patch | 67 ------
> ...g-modules_2.10.7.bb => lttng-modules_2.10.9.bb} | 5 +-
> ...ow-multiple-attempts-to-connect-to-relayd.patch | 17 +-
> ...{lttng-tools_2.9.5.bb => lttng-tools_2.9.11.bb} | 4 +-
> .../{lttng-ust_2.10.1.bb => lttng-ust_2.10.3.bb} | 4 +-
> .../libpng/libpng/CVE-2019-7317.patch | 20 ++
> meta/recipes-multimedia/libpng/libpng_1.6.36.bb | 3 +-
> .../libsndfile/libsndfile1/CVE-2018-19432.patch | 115 ++++++++++
> .../libsndfile/libsndfile1_1.0.28.bb | 1 +
> ...tes_20180409.bb => ca-certificates_20190110.bb} | 2 +-
> scripts/send-error-report | 11 +-
> 26 files changed, 758 insertions(+), 485 deletions(-)
> delete mode 100644
> meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch
> rename
> meta/recipes-core/systemd/systemd/{0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch
> => 0025-journald-set-a-limit-on-the-number-of-fields.patch} (47%)
> create mode 100644
> meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
> delete mode 100644
> meta/recipes-core/systemd/systemd/0027-journal-fix-syslog_parse_identifier.patch
> delete mode 100644
> meta/recipes-core/systemd/systemd/0028-journal-do-not-remove-multiple-spaces-after-identifi.patch
> create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-6454.patch
> create mode 100644
> meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
> delete mode 100644
> meta/recipes-kernel/lttng/lttng-modules/0001-Fix-net-expose-sk-wmem-in-sock_exceed_buf_limit-trac.patch
> rename meta/recipes-kernel/lttng/{lttng-modules_2.10.7.bb =>
> lttng-modules_2.10.9.bb} (85%)
> rename meta/recipes-kernel/lttng/{lttng-tools_2.9.5.bb =>
> lttng-tools_2.9.11.bb} (97%)
> rename meta/recipes-kernel/lttng/{lttng-ust_2.10.1.bb =>
> lttng-ust_2.10.3.bb} (90%)
> create mode 100644
> meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
> create mode 100644
> meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch
> rename meta/recipes-support/ca-certificates/{ca-certificates_20180409.bb
> => ca-certificates_20190110.bb} (98%)
>
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 9203 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 8:55 ` Martin Jansa
@ 2019-03-19 10:22 ` Alexander Kanavin
2019-03-19 10:40 ` Martin Jansa
2019-03-19 14:52 ` akuster808
1 sibling, 1 reply; 11+ messages in thread
From: Alexander Kanavin @ 2019-03-19 10:22 UTC (permalink / raw)
To: Martin Jansa; +Cc: openembedded-core
The commit you refer to changes the dependency from 1.1.0 to 1.1.1, so ca-certificates currently in thud already needs 1.1.
Alex
> On 19 Mar 2019, at 9.55, Martin Jansa <martin.jansa@gmail.com> wrote:
>
>> On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
>> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>>
>> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>>
>> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>>
>> are available in the git repository at:
>>
>> git://git.yoctoproject.org/poky-contrib stable/thud-next
>> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>>
>> Alexander Kanavin (1):
>> ca-certificates: upgrade 20180409 -> 20190110
>
> This depends on openssl >= 1.1.1 since:
> https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
> some people might not use new openssl with thud.
>
> More detail in:
> http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
>
> Cheers,
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 10:22 ` Alexander Kanavin
@ 2019-03-19 10:40 ` Martin Jansa
2019-03-19 11:35 ` Alexander Kanavin
0 siblings, 1 reply; 11+ messages in thread
From: Martin Jansa @ 2019-03-19 10:40 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1486 bytes --]
On Tue, Mar 19, 2019 at 11:22:11AM +0100, Alexander Kanavin wrote:
> The commit you refer to changes the dependency from 1.1.0 to 1.1.1, so ca-certificates currently in thud already needs 1.1.
>
> Alex
>
> > On 19 Mar 2019, at 9.55, Martin Jansa <martin.jansa@gmail.com> wrote:
> >
> >> On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
> >> Responses should be made by Wed March 20th 22:00:00 UTC 2019
> >>
> >> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
> >>
> >> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
> >>
> >> are available in the git repository at:
> >>
> >> git://git.yoctoproject.org/poky-contrib stable/thud-next
> >> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
> >>
> >> Alexander Kanavin (1):
> >> ca-certificates: upgrade 20180409 -> 20190110
> >
> > This depends on openssl >= 1.1.1 since:
> > https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
> > some people might not use new openssl with thud.
> >
> > More detail in:
> > http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
hmm right
https://salsa.debian.org/debian/ca-certificates/commit/1bc87e0b41a04551a93d4e784e158b044c18792a
was already included in 20180409, another thing to work around when
upgrading to thud.
Cheers,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 10:40 ` Martin Jansa
@ 2019-03-19 11:35 ` Alexander Kanavin
2019-03-19 13:55 ` Martin Jansa
0 siblings, 1 reply; 11+ messages in thread
From: Alexander Kanavin @ 2019-03-19 11:35 UTC (permalink / raw)
To: Martin Jansa; +Cc: openembedded-core
Just to remind once more, all upstream support for OpenSSL 1.0.2 ceases in 9 months, so shipping products with it may not be the best idea.
Alex
> On 19 Mar 2019, at 11.40, Martin Jansa <martin.jansa@gmail.com> wrote:
>
>> On Tue, Mar 19, 2019 at 11:22:11AM +0100, Alexander Kanavin wrote:
>> The commit you refer to changes the dependency from 1.1.0 to 1.1.1, so ca-certificates currently in thud already needs 1.1.
>>
>> Alex
>>
>>>> On 19 Mar 2019, at 9.55, Martin Jansa <martin.jansa@gmail.com> wrote:
>>>>
>>>> On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
>>>> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>>>>
>>>> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>>>>
>>>> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>>>>
>>>> are available in the git repository at:
>>>>
>>>> git://git.yoctoproject.org/poky-contrib stable/thud-next
>>>> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>>>>
>>>> Alexander Kanavin (1):
>>>> ca-certificates: upgrade 20180409 -> 20190110
>>>
>>> This depends on openssl >= 1.1.1 since:
>>> https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
>>> some people might not use new openssl with thud.
>>>
>>> More detail in:
>>> http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
>
> hmm right
> https://salsa.debian.org/debian/ca-certificates/commit/1bc87e0b41a04551a93d4e784e158b044c18792a
> was already included in 20180409, another thing to work around when
> upgrading to thud.
>
> Cheers,
>
> --
> Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 11:35 ` Alexander Kanavin
@ 2019-03-19 13:55 ` Martin Jansa
2019-03-19 16:31 ` Alexander Kanavin
0 siblings, 1 reply; 11+ messages in thread
From: Martin Jansa @ 2019-03-19 13:55 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 998 bytes --]
On Tue, Mar 19, 2019 at 12:35:59PM +0100, Alexander Kanavin wrote:
> Just to remind once more, all upstream support for OpenSSL 1.0.2 ceases in 9 months, so shipping products with it may not be the best idea.
Just to remind once more, shipping products isn't as easy as building
the few recipes included in oe-core.
For example:
Believe it or not, some projects need to use old Qt 5.6 due to license
change in newer version and 5.6 doesn't support openssl 1.1,
backporting the necessary changes would violate the license as well.
Providing clean room re-implementation is also difficult, because there
aren't many other options how to implement this than how it was done in
newer qt already, see:
https://bugreports.qt.io/browse/QTBUG-71623
https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9
Yes, it's not the best idea, but even backporting security fixes to old
openssl might be cheaper than buying commercial qt license...
Cheeers,
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 8:55 ` Martin Jansa
2019-03-19 10:22 ` Alexander Kanavin
@ 2019-03-19 14:52 ` akuster808
2019-03-19 15:40 ` Alexander Kanavin
1 sibling, 1 reply; 11+ messages in thread
From: akuster808 @ 2019-03-19 14:52 UTC (permalink / raw)
To: Martin Jansa; +Cc: openembedded-core
[-- Attachment #1.1: Type: text/plain, Size: 959 bytes --]
On 3/19/19 1:55 AM, Martin Jansa wrote:
> On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
>> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>>
>> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>>
>> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>>
>> are available in the git repository at:
>>
>> git://git.yoctoproject.org/poky-contrib stable/thud-next
>> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>>
>> Alexander Kanavin (1):
>> ca-certificates: upgrade 20180409 -> 20190110
then this gets dropped
> This depends on openssl >= 1.1.1 since:
> https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
> some people might not use new openssl with thud.
>
> More detail in:
> http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
>
> Cheers,
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 14:52 ` akuster808
@ 2019-03-19 15:40 ` Alexander Kanavin
0 siblings, 0 replies; 11+ messages in thread
From: Alexander Kanavin @ 2019-03-19 15:40 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
Nope, we determined that it’s actually ok.
Alex
> On 19 Mar 2019, at 15.52, akuster808 <akuster808@gmail.com> wrote:
>
>
>
>> On 3/19/19 1:55 AM, Martin Jansa wrote:
>>> On Mon, Mar 18, 2019 at 07:36:29PM -0700, Armin Kuster wrote:
>>> Responses should be made by Wed March 20th 22:00:00 UTC 2019
>>>
>>> The following changes since commit f5a57e939e626a5b7c6de5b51799ca602ed355ed:
>>>
>>> mesa: ship /etc/drirc in mesa-megadriver (2019-03-05 22:24:13 +0000)
>>>
>>> are available in the git repository at:
>>>
>>> git://git.yoctoproject.org/poky-contrib stable/thud-next
>>> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=stable/thud-next
>>>
>>> Alexander Kanavin (1):
>>> ca-certificates: upgrade 20180409 -> 20190110
> then this gets dropped
>> This depends on openssl >= 1.1.1 since:
>> https://salsa.debian.org/debian/ca-certificates/commit/d5e425c8405448e5034d1e16ca52be6a10cb3334
>> some people might not use new openssl with thud.
>>
>> More detail in:
>> http://lists.openembedded.org/pipermail/openembedded-core/2019-March/280234.html
>>
>> Cheers,
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 13:55 ` Martin Jansa
@ 2019-03-19 16:31 ` Alexander Kanavin
2019-03-19 17:07 ` Martin Jansa
0 siblings, 1 reply; 11+ messages in thread
From: Alexander Kanavin @ 2019-03-19 16:31 UTC (permalink / raw)
To: Martin Jansa; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1438 bytes --]
For what it’s worth, OpenSSL is also being relicensed to Apache 2.0, so backporting their fixes may not be an option either.
https://license.openssl.org/
Please be careful with your language: I’m sure you know that recipe maintenance is a tedious, thankless task. Having it belittled doesn’t help.
Alex
> On 19 Mar 2019, at 14.55, Martin Jansa <martin.jansa@gmail.com> wrote:
>
>> On Tue, Mar 19, 2019 at 12:35:59PM +0100, Alexander Kanavin wrote:
>> Just to remind once more, all upstream support for OpenSSL 1.0.2 ceases in 9 months, so shipping products with it may not be the best idea.
>
> Just to remind once more, shipping products isn't as easy as building
> the few recipes included in oe-core.
>
> For example:
> Believe it or not, some projects need to use old Qt 5.6 due to license
> change in newer version and 5.6 doesn't support openssl 1.1,
> backporting the necessary changes would violate the license as well.
> Providing clean room re-implementation is also difficult, because there
> aren't many other options how to implement this than how it was done in
> newer qt already, see:
>
> https://bugreports.qt.io/browse/QTBUG-71623
> https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9
>
> Yes, it's not the best idea, but even backporting security fixes to old
> openssl might be cheaper than buying commercial qt license...
>
> Cheeers,
[-- Attachment #2: Type: text/html, Size: 2280 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 00/26] thud patch review
2019-03-19 16:31 ` Alexander Kanavin
@ 2019-03-19 17:07 ` Martin Jansa
0 siblings, 0 replies; 11+ messages in thread
From: Martin Jansa @ 2019-03-19 17:07 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3106 bytes --]
On Tue, Mar 19, 2019 at 05:31:52PM +0100, Alexander Kanavin wrote:
> For what it’s worth, OpenSSL is also being relicensed to Apache 2.0, so backporting their fixes may not be an option either.
> https://license.openssl.org/
>
> Please be careful with your language: I’m sure you know that recipe maintenance is a tedious, thankless task. Having it belittled doesn’t help.
I'm sorry, I don't want to belittle the recipe maintenance task.
I'm just saying that using OE to build commercial products is another
level of complexity and if we as a project ignore the issues companies
might have while upgrading to newer OE releases, then we shouldn't be
surprised that there are too many products built with really ancient and
unsupported OE releases.
I'm not recommending to anyone to use openssl10 forever, I've replied to
this thread mostly to warn other people (who might be in the same hole
with openssl10) that this is another pain point and suggested possible
way how to work around it.
More commercial users closer to master might also help with lack of
resources, upstreaming something from danny based build to master is
much less likely to happen than from e.g. thud. Having a bit easier
upgrade paths or at least a bit sympathy for people having troubles
persuading management that spending a lot of time and money to rebuild
all native apps, just to get newer build system (which no customer will
ever notice in the end product) might help as well.
With app store filled by native apps from 3rd party companies and
required backward compatibility with older products, the stable ABI
might be more important for some people than latest, greatest versions
and we shouldn't ignore such use-cases for OE (or at least not assume
that nobody needs openssl10 just because oe-core recipes can already
build without it).
Cheers,
> > On 19 Mar 2019, at 14.55, Martin Jansa <martin.jansa@gmail.com> wrote:
> >
> >> On Tue, Mar 19, 2019 at 12:35:59PM +0100, Alexander Kanavin wrote:
> >> Just to remind once more, all upstream support for OpenSSL 1.0.2 ceases in 9 months, so shipping products with it may not be the best idea.
> >
> > Just to remind once more, shipping products isn't as easy as building
> > the few recipes included in oe-core.
> >
> > For example:
> > Believe it or not, some projects need to use old Qt 5.6 due to license
> > change in newer version and 5.6 doesn't support openssl 1.1,
> > backporting the necessary changes would violate the license as well.
> > Providing clean room re-implementation is also difficult, because there
> > aren't many other options how to implement this than how it was done in
> > newer qt already, see:
> >
> > https://bugreports.qt.io/browse/QTBUG-71623
> > https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9
> >
> > Yes, it's not the best idea, but even backporting security fixes to old
> > openssl might be cheaper than buying commercial qt license...
> >
> > Cheeers,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-03-19 17:07 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-19 2:36 [PATCH 00/26] thud patch review Armin Kuster
2019-03-19 8:55 ` Martin Jansa
2019-03-19 10:22 ` Alexander Kanavin
2019-03-19 10:40 ` Martin Jansa
2019-03-19 11:35 ` Alexander Kanavin
2019-03-19 13:55 ` Martin Jansa
2019-03-19 16:31 ` Alexander Kanavin
2019-03-19 17:07 ` Martin Jansa
2019-03-19 14:52 ` akuster808
2019-03-19 15:40 ` Alexander Kanavin
2019-03-19 9:05 ` Vincent Prince
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.