From: Robert Yang <liezhi.yang@windriver.com>
To: Joshua Lock <joshua.lock@collabora.co.uk>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 00/70] Proposed changes for fido
Date: Mon, 11 May 2015 16:51:39 +0800 [thread overview]
Message-ID: <55506D9B.7080501@windriver.com> (raw)
In-Reply-To: <cover.1431326066.git.joshua.lock@collabora.co.uk>
On 05/11/2015 04:40 PM, Joshua Lock wrote:
> Please consider the following changes for the fido stable branch.
>
> Regards,
>
> Joshua
>
> The following changes since commit cd3da9c95f48899e134a5b7ed1754fd18985df4f:
>
> curl: several security fixes (2015-04-27 15:25:19 +0100)
>
> are available in the git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib joshuagl/fido-next
> http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=joshuagl/fido-next
>
> Andre McCurdy (2):
> libpcap.inc: remove obsolete libnl1 PACKAGECONFIG
> busybox: remove CVE-2014-9645 patch (already upstream in 1.23.x)
>
> Aníbal Limón (2):
> lzop: Fix build using x32 ABI
> nss: Fix build in x32 ABI
>
> Armin Kuster (1):
> crypto: use bigint in x86-64 perl
>
> Bruno Bottazzini (1):
> systemd 219 -> system 219-stable
>
> Bryan Evenson (1):
> util-linux: Add lastb to alternatives
>
> Carlos Rafael Giani (1):
> u-boot.inc: make sure all counter variables are properly unset
>
> Chen Qi (5):
> shadow: fix `su' behaviour
> uninative-tarball: delete the packagedata task
> populate_sdk_base: avoid executing empty function
> util-linux: split out util-linux-sulogin
> shadow: add 'util-linux-sulogin' to RDEPENDS
>
> Christopher Larson (1):
> oe.sstatesig: align swspec handling with sstate.bbclass
>
> Chunrong Guo (1):
> groff: add runtime dependency on sed
>
> Cristian Iorga (1):
> oeqa/selftest/toaster: fix bad indent
>
> Denys Dmytriyenko (1):
> security_flags.inc: elfutils on ARM fails with PIE flags
>
> Dmitry Eremin-Solenikov (2):
> lsb: provide lsb-core-ARCH
> bitbake.conf: add sed-native to ASSUME_PROVIDED
>
> Gary Thomas (2):
> libgpg-error: Fix native build on i686
> gst-player: Fix typo
>
> Jean-Benoit MARTIN (1):
> package_manager: RpmPM: Fix scriptlet for rpm 4
>
> Joe Slater (1):
> nss: generate debug info
>
> Joshua Lock (1):
> systemd: remove unused patches
>
> Jukka Rissanen (1):
> connman: Create connman.service at proper moment
>
> Jun Zhu (1):
> meta/lib/oe/utils.py: Corrected the return value of both_contain()
>
> Junling Zheng (3):
> uclibc: fix undefinition of '_dl_strchr' in libdl.a
> elfutils: fix an incorrect patch for 0.161
> less: fix CVE-2014-9488
>
> Ken Sharp (2):
> udev-cache: Remove unnecessary tar read from stdin
> udev-cache: improve error handling
>
> Khem Raj (4):
> bluez4: Fix encrypt symbol namespace collision
> libusb-compat: Include sys/types.h in usb.h
> libffi: Use proper compiler define for linux platform
> ppp: Add extra include dirs
>
> Koen Kooi (5):
> gst-ffmpeg: fix internal-libav builds with inherit autotools-brokensep
> gst-ffmpeg: remove bogus patch that leads to build failures
> gst-ffmpeg: fix libav-9.patch
> libgpg-error 1.18: simplify tupple handling and add armv8b support
> strace: fix build for aarch64
>
> Krishnanjanappa, Jagadeesh (2):
> dpkg: add triplet entry to fix build error for armeb
> ghostscript: add objarch.h for armeb
>
> Li Zhou (5):
> xorg-server: Security Advisory - xorg-server - CVE-2015-0255
> libarchive: Security Advisory - libarchive - CVE-2015-2304
> libxfont: Security Advisory - libxfont - CVE-2015-1802
> libxfont: Security Advisory - libxfont - CVE-2015-1803
> libxfont: Security Advisory - libxfont - CVE-2015-1804
>
> Mariano Lopez (1):
> kexec-tools: Add support for build with x32 ABI in x86_64
>
> Mario Domenech Goulart (1):
> useradd_base.bbclass: typo fixes (s/scucess/success/)
>
> Martin Jansa (2):
> pango: fix postinst
> tzdata: fix postinst
>
> Matt Madison (1):
> shadow: split files needed for PAM use into separate package
>
> Matthieu Crapet (1):
> util-linux: add lastb.1 and nologin.8 to update-alternatives
>
> Mike Looijmans (1):
> alsa-utils: Remove double dependency on udev
>
> Nathan Rossi (1):
> python: Change python 2.7.9 to use libffi from the system
>
> Paul Eggleton (4):
> devtool: force use of bash when running build within extensible SDK
> classes/populate_sdk_ext: disable network connectivity check
> mkefidisk.sh: use script mode when running parted
> mkefidisk.sh: fix hanging on non-writeable device
>
> Reinette Chatre (1):
> init-install-efi.sh: fix gummiboot entry installation
>
> Richard Purdie (1):
> autotools: Fix find races on source directory
>
> Robert Yang (5):
> pcmciautils: fix for parallel build
> aspell: inherit binconfig-disabled
> cracklib: add python support back
Hi Joshua,
I'm leaning to not backport "cracklib: add python support back" since
it is more likely a function enabled rather than a bug fix.
// Robert
> gnu-efi: fix parallel issue
> kernel-devsrc: depends on virtual/kernel:do_install
>
> Ross Burton (1):
> systemd: bring back the patch to customise root's $HOME
>
> Roy Li (1):
> rsync: backport a patch to fix CVE-2014-9512
>
> Wenzong Fan (1):
> perl: module overload rdpends on overloading
>
> tprrt (1):
> image: zap_empty_root_password doesn't handle passwd file in shadow
> case
>
> meta/classes/autotools.bbclass | 8 +-
> meta/classes/image.bbclass | 3 +-
> meta/classes/populate_sdk_base.bbclass | 4 +-
> meta/classes/populate_sdk_ext.bbclass | 3 +
> meta/classes/useradd_base.bbclass | 14 +-
> meta/conf/bitbake.conf | 1 +
> meta/conf/distro/include/security_flags.inc | 1 +
> meta/lib/oe/package_manager.py | 6 +-
> meta/lib/oe/sstatesig.py | 8 +-
> meta/lib/oe/utils.py | 2 +-
> meta/lib/oeqa/selftest/_toaster.py | 2 +-
> .../gnu-efi/lib-Makefile-fix-parallel-issue.patch | 38 ++++++
> meta/recipes-bsp/gnu-efi/gnu-efi_3.0.1.bb | 1 +
> .../Makefile-fix-for-parallel-build.patch | 10 +-
> meta/recipes-bsp/u-boot/u-boot.inc | 5 +
> .../bluez/bluez4-4.101/fix_encrypt_collision.patch | 110 +++++++++++++++
> meta/recipes-connectivity/bluez/bluez4_4.101.bb | 1 +
> meta/recipes-connectivity/connman/connman.inc | 6 +-
> meta/recipes-connectivity/libpcap/libpcap.inc | 1 -
> .../openssl/crypto_use_bigint_in_x86-64_perl.patch | 35 +++++
> .../recipes-connectivity/openssl/openssl_1.0.2a.bb | 1 +
> meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 6 +-
> ..._busybox_reject_module_names_with_slashes.patch | 41 ------
> meta/recipes-core/busybox/busybox_1.23.1.bb | 1 -
> .../initrdscripts/files/init-install-efi.sh | 6 +-
> meta/recipes-core/meta/uninative-tarball.bb | 1 +
> ...iles-avoid-creating-duplicate-acl-entries.patch | 134 ------------------
> ...ietly-ignore-ACLs-on-unsupported-filesyst.patch | 86 ------------
> ...0-Make-root-s-home-directory-configurable.patch | 3 +-
> ...ix-Inappropriate-ioctl-for-device-on-ext4.patch | 37 -----
> meta/recipes-core/systemd/systemd_219.bb | 9 +-
> meta/recipes-core/uclibc/uclibc-git.inc | 2 +-
> ...ldso-limited-support-for-ORIGIN-in-rpath.patch} | 92 +++++++++----
> meta/recipes-core/udev/udev/udev-cache | 10 +-
> meta/recipes-core/util-linux/util-linux.inc | 18 ++-
> .../dpkg/dpkg/add_armeb_triplet_entry.patch | 38 ++++++
> meta/recipes-devtools/dpkg/dpkg_1.17.21.bb | 1 +
> .../uclibc-support-for-elfutils-0.148.patch} | 0
> .../uclibc-support-for-elfutils-0.161.patch | 106 +++++++++++++++
> meta/recipes-devtools/elfutils/elfutils_0.148.bb | 2 +-
> meta/recipes-devtools/elfutils/elfutils_0.161.bb | 2 +-
> .../recipes-devtools/perl/perl-rdepends_5.20.0.inc | 1 +
> meta/recipes-devtools/python/python_2.7.9.bb | 4 +-
> ...-an-inc-recursive-path-is-not-right-for-i.patch | 135 ++++++++++++++++++
> meta/recipes-devtools/rsync/rsync_3.1.1.bb | 4 +-
> .../0001-Add-linux-aarch64-arch_regs.h.patch | 25 ++++
> meta/recipes-devtools/strace/strace_4.9.bb | 1 +
> meta/recipes-extended/cracklib/cracklib_2.9.2.bb | 28 +++-
> .../ghostscript/ghostscript/armeb/objarch.h | 40 ++++++
> meta/recipes-extended/groff/groff_1.22.2.bb | 1 +
> ...ossible-buffer-overrun-with-invalid-UTF-8.patch | 49 +++++++
> meta/recipes-extended/less/less_471.bb | 4 +-
> ...IVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch | 151 +++++++++++++++++++++
> .../libarchive/libarchive_3.1.2.bb | 1 +
> meta/recipes-extended/lsb/lsb_4.1.bb | 5 +
> .../0001-su.c-fix-to-exec-command-correctly.patch | 25 ----
> meta/recipes-extended/shadow/shadow.inc | 27 +++-
> meta/recipes-extended/tzdata/tzdata.inc | 4 +-
> ...ps-Use-compiler-internal-define-for-linux.patch | 32 +++++
> meta/recipes-gnome/libffi/libffi_3.2.1.bb | 4 +-
> meta/recipes-graphics/pango/pango.inc | 10 +-
> ...acters-bailout-if-a-char-s-bitmap-cannot-.patch | 40 ++++++
> ...acters-ensure-metrics-fit-into-xCharInfo-.patch | 80 +++++++++++
> ...erties-property-count-needs-range-check-C.patch | 38 ++++++
> meta/recipes-graphics/xorg-lib/libxfont_1.5.0.bb | 5 +
> ...Check-strings-length-against-request-size.patch | 145 ++++++++++++++++++++
> ...wap-XkbSetGeometry-data-in-the-input-buff.patch | 109 +++++++++++++++
> .../xorg-xserver/xserver-xorg_1.16.3.bb | 2 +
> .../kexec/kexec-tools/kexec-x32.patch | 113 +++++++++++++++
> meta/recipes-kernel/kexec/kexec-tools_2.0.9.bb | 3 +-
> meta/recipes-kernel/linux/kernel-devsrc.bb | 2 +-
> meta/recipes-multimedia/alsa/alsa-utils_1.0.28.bb | 2 +-
> ...check-width-more-completely-avoid-out-of-.patch | 30 ----
> .../gstreamer/gst-ffmpeg-0.10.13/libav-9.patch | 2 +-
> .../gstreamer/gst-ffmpeg_0.10.13.bb | 3 +-
> .../gstreamer/gst-player/gst-player.desktop | 2 +-
> meta/recipes-support/aspell/aspell_0.60.6.1.bb | 4 +-
> .../libgpg-error/libgpg-error_1.18.bb | 10 +-
> .../0001-usb.h-Include-sys-types.h.patch | 30 ++++
> meta/recipes-support/libusb/libusb-compat_0.1.5.bb | 4 +-
> .../lzop/lzop/x32_abi_miniacc_h.patch | 36 +++++
> meta/recipes-support/lzop/lzop_1.03.bb | 3 +-
> meta/recipes-support/nss/nss.inc | 17 ++-
> scripts/contrib/mkefidisk.sh | 21 +--
> scripts/lib/devtool/__init__.py | 5 +
> 85 files changed, 1634 insertions(+), 478 deletions(-)
> create mode 100644 meta/recipes-bsp/gnu-efi/gnu-efi/lib-Makefile-fix-parallel-issue.patch
> create mode 100644 meta/recipes-connectivity/bluez/bluez4-4.101/fix_encrypt_collision.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
> delete mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles-avoid-creating-duplicate-acl-entries.patch
> delete mode 100644 meta/recipes-core/systemd/systemd/0002-tmpfiles-quietly-ignore-ACLs-on-unsupported-filesyst.patch
> delete mode 100644 meta/recipes-core/systemd/systemd/0013-journal-fix-Inappropriate-ioctl-for-device-on-ext4.patch
> rename meta/recipes-core/uclibc/uclibc-git/{orign_path.patch => 0001-ldso-limited-support-for-ORIGIN-in-rpath.patch} (63%)
> create mode 100644 meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch
> rename meta/recipes-devtools/elfutils/{elfutils/uclibc-support.patch => elfutils-0.148/uclibc-support-for-elfutils-0.148.patch} (100%)
> create mode 100644 meta/recipes-devtools/elfutils/elfutils-0.161/uclibc-support-for-elfutils-0.161.patch
> create mode 100644 meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
> create mode 100644 meta/recipes-devtools/strace/strace/0001-Add-linux-aarch64-arch_regs.h.patch
> create mode 100644 meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h
> create mode 100644 meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
> create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch
> delete mode 100644 meta/recipes-extended/shadow/files/0001-su.c-fix-to-exec-command-correctly.patch
> create mode 100644 meta/recipes-gnome/libffi/libffi/0001-mips-Use-compiler-internal-define-for-linux.patch
> create mode 100644 meta/recipes-graphics/xorg-lib/libxfont/0001-bdfReadCharacters-bailout-if-a-char-s-bitmap-cannot-.patch
> create mode 100644 meta/recipes-graphics/xorg-lib/libxfont/0001-bdfReadCharacters-ensure-metrics-fit-into-xCharInfo-.patch
> create mode 100644 meta/recipes-graphics/xorg-lib/libxfont/0001-bdfReadProperties-property-count-needs-range-check-C.patch
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Check-strings-length-against-request-size.patch
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch
> create mode 100644 meta/recipes-kernel/kexec/kexec-tools/kexec-x32.patch
> delete mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-check-width-more-completely-avoid-out-of-.patch
> create mode 100644 meta/recipes-support/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch
> create mode 100644 meta/recipes-support/lzop/lzop/x32_abi_miniacc_h.patch
>
next prev parent reply other threads:[~2015-05-11 8:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 8:40 [PATCH 00/70] Proposed changes for fido Joshua Lock
2015-05-11 8:51 ` Robert Yang [this message]
2015-05-11 15:07 ` Joshua Lock
2015-05-11 12:40 ` Bryan Evenson
2015-05-11 15:07 ` Joshua Lock
2015-05-11 15:46 ` Bryan Evenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55506D9B.7080501@windriver.com \
--to=liezhi.yang@windriver.com \
--cc=joshua.lock@collabora.co.uk \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.