[PATCH 0/7] Version updates

[PATCH 0/7] Version updates

[Alexander Kanavin]

A few version updates and fixes that have piled up.
The following changes since commit 7d5d8d0cd985edf507c8d00e2e162d1b9fff3589:

  scripts/lib/bsp/engine: trailing whitespace cleanup (2016-02-08 10:54:56 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib akanavin/package-version-updates
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akanavin/package-version-updates

Alexander Kanavin (7):
  ffmpeg: update to 2.8.6
  gstreamer1.0: fix upstream check for unstable versions from git
  bash-completion: fix upstream version check
  iso-codes: update to 3.65
  libwnck3: update to 3.14.1
  webkitgtk: update to 2.10.7
  pixz: fix upstream version check

 meta/recipes-extended/pixz/pixz_1.0.6.bb                          | 1 +
 .../libwnck/{libwnck3_3.14.0.bb => libwnck3_3.14.1.bb}            | 4 ++--
 .../ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb}                   | 8 ++++----
 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb       | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb | 1 +
 .../recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb | 1 +
 .../recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb | 1 +
 .../recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb             | 1 +
 .../webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb}           | 4 ++--
 meta/recipes-support/bash-completion/bash-completion_2.1.bb       | 1 +
 .../iso-codes/{iso-codes_3.64.bb => iso-codes_3.65.bb}            | 4 ++--
 12 files changed, 18 insertions(+), 10 deletions(-)
 rename meta/recipes-gnome/libwnck/{libwnck3_3.14.0.bb => libwnck3_3.14.1.bb} (77%)
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb} (94%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb} (96%)
 rename meta/recipes-support/iso-codes/{iso-codes_3.64.bb => iso-codes_3.65.bb} (76%)

-- 
2.7.0

[PATCH 1/7] ffmpeg: update to 2.8.6

[Alexander Kanavin]

Add libxv dependency only when libavdevice is enabled (as nothing else needs it).

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 .../ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb}                   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb} (94%)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
similarity index 94%
rename from meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
rename to meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
index 7107803..72393b3 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
@@ -15,19 +15,19 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
 
-SRC_URI[md5sum] = "b34164bd181f4f81c21da3dd131d919d"
-SRC_URI[sha256sum] = "76fb83a267d2d1cb332742dadf28ad8b58af7958165f51bb1a2c226a122f0ac7"
+SRC_URI[md5sum] = "0cff5dae51375f0a31a651f986ed1534"
+SRC_URI[sha256sum] = "25bcedbdafadac3d09c325c1d46a51f53d858b26a260d5aed6b4f17fea6e07fa"
 
 # Should be API compatible with libav (which was a fork of ffmpeg)
 # libpostproc was previously packaged from a separate recipe
 PROVIDES = "libav libpostproc"
 
-DEPENDS = "alsa-lib zlib libogg yasm-native libxv"
+DEPENDS = "alsa-lib zlib libogg yasm-native"
 
 inherit autotools pkgconfig
 
 PACKAGECONFIG ??= "avdevice avfilter gpl theora x264 ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}"
-PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice"
+PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice, libxv"
 PACKAGECONFIG[avfilter] = "--enable-avfilter,--disable-avfilter"
 PACKAGECONFIG[faac] = "--enable-libfaac,--disable-libfaac,faac"
 PACKAGECONFIG[gpl] = "--enable-gpl,--disable-gpl"
-- 
2.7.0

[PATCH 2/7] gstreamer1.0: fix upstream check for unstable versions from git

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb        | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb  | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb | 1 +
 meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb              | 1 +
 6 files changed, 6 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb
index 0937be2..4cd51cd 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_git.bb
@@ -23,6 +23,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "0993ec8fa5cf6b09e33741f268c938719a1534d5"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb
index 0ebf622..e22a210 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_git.bb
@@ -16,6 +16,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "3a088ecc9330d5cb8888ff43de0fe4f61c23a607"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb
index 956b24a..a07c35b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_git.bb
@@ -13,6 +13,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "641428966e09d16b0a46540040f2faf3791eb7c9"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb
index 915be73..20dfb83 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_git.bb
@@ -14,6 +14,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "e016a70a7c97fc61c6cb5cd3821d38bc5ae5c9a4"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb
index f99b300..ccf6ece 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_git.bb
@@ -11,6 +11,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "c9c37983babad909d01c1c4c417d42a0cf252c1d"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb
index 4fff533..cb55c9a 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_git.bb
@@ -11,6 +11,7 @@ SRC_URI = " \
 "
 
 PV = "1.7.1+git${SRCPV}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
 
 SRCREV_base = "2a188848eb2af3c3b357978ff7786a78aad9dd55"
 SRCREV_common = "86e46630ed8af8d94796859db550a9c3d89c9f65"
-- 
2.7.0

[PATCH 3/7] bash-completion: fix upstream version check

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 meta/recipes-support/bash-completion/bash-completion_2.1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/bash-completion/bash-completion_2.1.bb b/meta/recipes-support/bash-completion/bash-completion_2.1.bb
index 5c39863..8b257d2 100644
--- a/meta/recipes-support/bash-completion/bash-completion_2.1.bb
+++ b/meta/recipes-support/bash-completion/bash-completion_2.1.bb
@@ -11,6 +11,7 @@ SRC_URI="http://bash-completion.alioth.debian.org/files/${BPN}-${PV}.tar.bz2"
 
 SRC_URI[md5sum] = "4e2a9f11a4042a38ee79ddcd048e8b9e"
 SRC_URI[sha256sum] = "2b606804a7d5f823380a882e0f7b6c8a37b0e768e72c3d4107c51fbe8a46ae4f"
+UPSTREAM_CHECK_REGEX = "bash-completion-(?P<pver>(?!2008).+)\.tar"
 
 PARALLEL_MAKE = ""
 
-- 
2.7.0

[PATCH 4/7] iso-codes: update to 3.65

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 .../iso-codes/{iso-codes_3.64.bb => iso-codes_3.65.bb}                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/iso-codes/{iso-codes_3.64.bb => iso-codes_3.65.bb} (76%)

diff --git a/meta/recipes-support/iso-codes/iso-codes_3.64.bb b/meta/recipes-support/iso-codes/iso-codes_3.65.bb
similarity index 76%
rename from meta/recipes-support/iso-codes/iso-codes_3.64.bb
rename to meta/recipes-support/iso-codes/iso-codes_3.65.bb
index 44c8735..0b78dc4 100644
--- a/meta/recipes-support/iso-codes/iso-codes_3.64.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_3.65.bb
@@ -3,8 +3,8 @@ LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fbc093901857fcd118f065f900982c24"
 
 SRC_URI = "https://pkg-isocodes.alioth.debian.org/downloads/iso-codes-${PV}.tar.xz"
-SRC_URI[md5sum] = "01c02633ede9d6fdf4b5f99d5dbd47b2"
-SRC_URI[sha256sum] = "5ef061381e37e9576760df1ad504d4bbc84c270da30512b2891baed9add70729"
+SRC_URI[md5sum] = "890a08d4f962748e0a0758a8aa471896"
+SRC_URI[sha256sum] = "834de5193c8489eedeaf6509457a9b13476702386ae1f3ed4f391a349d630320"
 
 # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
 # are inhibited by allarch
-- 
2.7.0

[PATCH 5/7] libwnck3: update to 3.14.1

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 meta/recipes-gnome/libwnck/{libwnck3_3.14.0.bb => libwnck3_3.14.1.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-gnome/libwnck/{libwnck3_3.14.0.bb => libwnck3_3.14.1.bb} (77%)

diff --git a/meta/recipes-gnome/libwnck/libwnck3_3.14.0.bb b/meta/recipes-gnome/libwnck/libwnck3_3.14.1.bb
similarity index 77%
rename from meta/recipes-gnome/libwnck/libwnck3_3.14.0.bb
rename to meta/recipes-gnome/libwnck/libwnck3_3.14.1.bb
index 3ee1ae9..97d6b88 100644
--- a/meta/recipes-gnome/libwnck/libwnck3_3.14.0.bb
+++ b/meta/recipes-gnome/libwnck/libwnck3_3.14.1.bb
@@ -11,8 +11,8 @@ PACKAGECONFIG ??= "startup-notification"
 PACKAGECONFIG[startup-notification] = "--enable-startup-notification,--disable-startup-notification,startup-notification"
 
 inherit gnomebase
-SRC_URI[archive.md5sum] = "4538672e0d775fadedf10abeb8020047"
-SRC_URI[archive.sha256sum] = "f5080076346609b4c36394b879f3a86b92ced3b90a37cb54c8e9a14f00e7921c"
+SRC_URI[archive.md5sum] = "d96c0b74c4dc5fdae758964098603c90"
+SRC_URI[archive.sha256sum] = "bb643c9c423c8aa79c59973ce27ce91d3b180d1e9907902278fb79391f52befa"
 
 inherit distro_features_check
 # libxres means x11 only
-- 
2.7.0

[PATCH 6/7] webkitgtk: update to 2.10.7

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 meta/recipes-sato/webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-sato/webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb} (96%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.10.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
similarity index 96%
rename from meta/recipes-sato/webkit/webkitgtk_2.10.5.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
index fba3108..8812967 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.10.5.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
@@ -16,8 +16,8 @@ SRC_URI = "\
   file://0001-Enable-backtrace-on-linux-when-using-glibc.patch \
   file://0001-Fix-build-with-non-glibc-libraries-on-linux.patch \
   "
-SRC_URI[md5sum] = "bb3bd727960630bb4cbaddf8b1632d18"
-SRC_URI[sha256sum] = "785d5e98eaf07be15fb8891b7d5b13a2df7072c609b3ee631ca07d5dea1d79fa"
+SRC_URI[md5sum] = "84832b9d8329413b4f1d87df5f7e8efe"
+SRC_URI[sha256sum] = "990d62c82ed6dede31a6ff0a82d847f16b812842ff3e1093d17113627652864e"
 
 inherit cmake lib_package pkgconfig perlnative pythonnative distro_features_check upstream-version-is-even
 
-- 
2.7.0

[PATCH 7/7] pixz: fix upstream version check

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
 meta/recipes-extended/pixz/pixz_1.0.6.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-extended/pixz/pixz_1.0.6.bb b/meta/recipes-extended/pixz/pixz_1.0.6.bb
index 279fb54..67681d4 100644
--- a/meta/recipes-extended/pixz/pixz_1.0.6.bb
+++ b/meta/recipes-extended/pixz/pixz_1.0.6.bb
@@ -10,6 +10,7 @@ LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5cf6d164086105f1512ccb81bfff1926"
 
 SRC_URI += "file://936d8068ae19d95260d3058f41dd6cf718101cd6.patch"
+UPSTREAM_CHECK_URI = "https://github.com/vasi/pixz/releases"
 
 EXTRA_OECONF += "--without-manpage"
 
-- 
2.7.0

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[akuster808]

This update includes  CVE-2016-2213

Fixes out of array read
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4


On 02/10/2016 04:42 AM, Alexander Kanavin wrote:
> Add libxv dependency only when libavdevice is enabled (as nothing else needs it).
> 
> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> ---
>  .../ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb}                   | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>  rename meta/recipes-multimedia/ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb} (94%)
> 
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> similarity index 94%
> rename from meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
> rename to meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> index 7107803..72393b3 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> @@ -15,19 +15,19 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>  
>  SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
>  
> -SRC_URI[md5sum] = "b34164bd181f4f81c21da3dd131d919d"
> -SRC_URI[sha256sum] = "76fb83a267d2d1cb332742dadf28ad8b58af7958165f51bb1a2c226a122f0ac7"
> +SRC_URI[md5sum] = "0cff5dae51375f0a31a651f986ed1534"
> +SRC_URI[sha256sum] = "25bcedbdafadac3d09c325c1d46a51f53d858b26a260d5aed6b4f17fea6e07fa"
>  
>  # Should be API compatible with libav (which was a fork of ffmpeg)
>  # libpostproc was previously packaged from a separate recipe
>  PROVIDES = "libav libpostproc"
>  
> -DEPENDS = "alsa-lib zlib libogg yasm-native libxv"
> +DEPENDS = "alsa-lib zlib libogg yasm-native"
>  
>  inherit autotools pkgconfig
>  
>  PACKAGECONFIG ??= "avdevice avfilter gpl theora x264 ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}"
> -PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice"
> +PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice, libxv"
>  PACKAGECONFIG[avfilter] = "--enable-avfilter,--disable-avfilter"
>  PACKAGECONFIG[faac] = "--enable-libfaac,--disable-libfaac,faac"
>  PACKAGECONFIG[gpl] = "--enable-gpl,--disable-gpl"
> 

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[akuster808]

this update includes:


CVE-2015-7096
    Versions affected: WebKitGTK+ before 2.10.5.

CVE-2015-7098
    Versions affected: WebKitGTK+ before 2.10.5.


http://webkitgtk.org/security.html


On 02/10/2016 04:42 AM, Alexander Kanavin wrote:
> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> ---
>  meta/recipes-sato/webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb} | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta/recipes-sato/webkit/{webkitgtk_2.10.5.bb => webkitgtk_2.10.7.bb} (96%)
> 
> diff --git a/meta/recipes-sato/webkit/webkitgtk_2.10.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
> similarity index 96%
> rename from meta/recipes-sato/webkit/webkitgtk_2.10.5.bb
> rename to meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
> index fba3108..8812967 100644
> --- a/meta/recipes-sato/webkit/webkitgtk_2.10.5.bb
> +++ b/meta/recipes-sato/webkit/webkitgtk_2.10.7.bb
> @@ -16,8 +16,8 @@ SRC_URI = "\
>    file://0001-Enable-backtrace-on-linux-when-using-glibc.patch \
>    file://0001-Fix-build-with-non-glibc-libraries-on-linux.patch \
>    "
> -SRC_URI[md5sum] = "bb3bd727960630bb4cbaddf8b1632d18"
> -SRC_URI[sha256sum] = "785d5e98eaf07be15fb8891b7d5b13a2df7072c609b3ee631ca07d5dea1d79fa"
> +SRC_URI[md5sum] = "84832b9d8329413b4f1d87df5f7e8efe"
> +SRC_URI[sha256sum] = "990d62c82ed6dede31a6ff0a82d847f16b812842ff3e1093d17113627652864e"
>  
>  inherit cmake lib_package pkgconfig perlnative pythonnative distro_features_check upstream-version-is-even
>  
> 

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[Alexander Kanavin]

On 02/11/2016 09:08 PM, akuster808 wrote:
> this update includes:
>
>
> CVE-2015-7096
>      Versions affected: WebKitGTK+ before 2.10.5.
>
> CVE-2015-7098
>      Versions affected: WebKitGTK+ before 2.10.5.
>
>
> http://webkitgtk.org/security.html

Yes, which means that jethro (which has 2.8.5) needs the same update.

Generally, this manual check for vulnerabilities is error-prone and 
doesn't scale. We really should automate cve checks (using 
cve-check-tool or something similar) when doing package builds, I'll try 
to look if it's feasible. There's been an open bug for a long time:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515


Alex

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[akuster808]

On 02/16/2016 06:34 AM, Alexander Kanavin wrote:
> On 02/11/2016 09:08 PM, akuster808 wrote:
>> this update includes:
>>
>>
>> CVE-2015-7096
>>      Versions affected: WebKitGTK+ before 2.10.5.
>>
>> CVE-2015-7098
>>      Versions affected: WebKitGTK+ before 2.10.5.
>>
>>
>> http://webkitgtk.org/security.html
> 
> Yes, which means that jethro (which has 2.8.5) needs the same update.

there is a bug open for that 8877. there are a huge number of CVE's that
need fixing.

- armin
> 
> Generally, this manual check for vulnerabilities is error-prone and
> doesn't scale. We really should automate cve checks (using
> cve-check-tool or something similar) when doing package builds, I'll try
> to look if it's feasible. There's been an open bug for a long time:
> 
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515
> 
> 
> Alex

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 4102 bytes --]

Fails to build for qemuarm when thumb is enabled.

Why was:
ARM_INSTRUCTION_SET = "arm"

removed in
http://git.openembedded.org/openembedded-core/commit/?id=77dbf07293df15cd5473422abd678930d6277bb0

without checking if it works?

| {standard input}: Assembler messages:
| {standard input}:288: Error: instruction not supported in Thumb16 mode --
`adds r3,r1,r0,lsr#31'
| {standard input}:289: Error: selected processor does not support `itet
ne' in Thumb mode
| {standard input}:290: Error: Thumb does not support conditional execution
| {standard input}:291: Error: Thumb does not support conditional execution
| {standard input}:292: Error: Thumb does not support conditional execution
| {standard input}:536: Error: instruction not supported in Thumb16 mode --
`adds r3,r1,r0,lsr#31'
| {standard input}:537: Error: selected processor does not support `itet
ne' in Thumb mode
| {standard input}:538: Error: Thumb does not support conditional execution
| {standard input}:539: Error: Thumb does not support conditional execution
| {standard input}:540: Error: Thumb does not support conditional execution
| make: *** [libavfilter/af_dcshift.o] Error 1
| make: *** Waiting for unfinished jobs....
| CC libavfilter/af_pan.o
| WARNING: exit code 1 from a shell command.
| ERROR: oe_runmake failed
| ERROR: Function failed: do_compile (log file is located at
/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/ffmpeg/2.8.6-r0/temp/log.do_compile.32728)
NOTE: recipe ffmpeg-2.8.6-r0: task do_compile: Failed
ERROR: Task 18801
(/home/jenkins/oe/world/shr-core/openembedded-core/meta/recipes-multimedia/ffmpeg/
ffmpeg_2.8.6.bb, do_compile) failed with exit code '1'

On Wed, Feb 10, 2016 at 1:42 PM, Alexander Kanavin <
alexander.kanavin@linux.intel.com> wrote:

> Add libxv dependency only when libavdevice is enabled (as nothing else
> needs it).
>
> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> ---
>  .../ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb}                   | 8
> ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>  rename meta/recipes-multimedia/ffmpeg/{ffmpeg_2.8.5.bb => ffmpeg_2.8.6.bb}
> (94%)
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> similarity index 94%
> rename from meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
> rename to meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> index 7107803..72393b3 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.5.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_2.8.6.bb
> @@ -15,19 +15,19 @@ LIC_FILES_CHKSUM =
> "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>
>  SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
>
> -SRC_URI[md5sum] = "b34164bd181f4f81c21da3dd131d919d"
> -SRC_URI[sha256sum] =
> "76fb83a267d2d1cb332742dadf28ad8b58af7958165f51bb1a2c226a122f0ac7"
> +SRC_URI[md5sum] = "0cff5dae51375f0a31a651f986ed1534"
> +SRC_URI[sha256sum] =
> "25bcedbdafadac3d09c325c1d46a51f53d858b26a260d5aed6b4f17fea6e07fa"
>
>  # Should be API compatible with libav (which was a fork of ffmpeg)
>  # libpostproc was previously packaged from a separate recipe
>  PROVIDES = "libav libpostproc"
>
> -DEPENDS = "alsa-lib zlib libogg yasm-native libxv"
> +DEPENDS = "alsa-lib zlib libogg yasm-native"
>
>  inherit autotools pkgconfig
>
>  PACKAGECONFIG ??= "avdevice avfilter gpl theora x264
> ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}"
> -PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice"
> +PACKAGECONFIG[avdevice] = "--enable-avdevice,--disable-avdevice, libxv"
>  PACKAGECONFIG[avfilter] = "--enable-avfilter,--disable-avfilter"
>  PACKAGECONFIG[faac] = "--enable-libfaac,--disable-libfaac,faac"
>  PACKAGECONFIG[gpl] = "--enable-gpl,--disable-gpl"
> --
> 2.7.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 6983 bytes --]

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[Alexander Kanavin]

On 02/16/2016 05:55 PM, akuster808 wrote:

>> Yes, which means that jethro (which has 2.8.5) needs the same update.
>
> there is a bug open for that 8877. there are a huge number of CVE's that
> need fixing.

I wrote a comment in that bug, but I think it bears repeating here:

Please read this, it's a bit long, but worth it:

https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

Summary: the upstream will not backport CVE fixes, and they will not be 
making point releases in old branches with any kind of lifecycle 
guarantee. Providing ongoing updates to the latest stable release of 
webkit is the only way to stay secure.

So I believe that you indeed have to update webkit to 2.10.7, or 
whatever is the latest stable release, and keep doing this for as long 
as a yocto release needs to be supported.

Regards,
Alex

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[Alexander Kanavin]

On 02/24/2016 03:55 AM, Martin Jansa wrote:
> Fails to build for qemuarm when thumb is enabled.
>
> Why was:
> ARM_INSTRUCTION_SET = "arm"
>
> removed in
> http://git.openembedded.org/openembedded-core/commit/?id=77dbf07293df15cd5473422abd678930d6277bb0
>
> without checking if it works?

That line has no explanation of its intent and dates back to before 
2009. I had also checked that ffmpeg builds fine with default qemuarm 
configuration (and just checked that it still does), so it was dropped 
as old cruft.

I see that 'thumb' is in TUNE_FEATURES for qemuarm, but not sure if that 
is same as 'thumb is enabled'. How do I make it break?

Alex

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 1242 bytes --]

On Wed, Feb 24, 2016 at 02:34:32PM +0200, Alexander Kanavin wrote:
> On 02/24/2016 03:55 AM, Martin Jansa wrote:
> > Fails to build for qemuarm when thumb is enabled.
> >
> > Why was:
> > ARM_INSTRUCTION_SET = "arm"
> >
> > removed in
> > http://git.openembedded.org/openembedded-core/commit/?id=77dbf07293df15cd5473422abd678930d6277bb0
> >
> > without checking if it works?
> 
> That line has no explanation of its intent and dates back to before 
> 2009. I had also checked that ffmpeg builds fine with default qemuarm 
> configuration (and just checked that it still does), so it was dropped 
> as old cruft.
> 
> I see that 'thumb' is in TUNE_FEATURES for qemuarm, but not sure if that 
> is same as 'thumb is enabled'. How do I make it break?

"thumb" in TUNE_FEATURES only means that given MACHINE (with given
DEFAULTTUNE) is capable of executing thumb binaries.

The distro needs to set ARM_INSTRUCTION_SET to "thumb" in order to enable
actually using this TUNE_FEATURE.

With recent improvements in tune files you should clearly see that
default qemuarm builds are using TUNE_PKGARCH without "t" in it which
means that "thumb" isn't enabled.

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[Alexander Kanavin]

On 02/24/2016 03:16 PM, Martin Jansa wrote:

> The distro needs to set ARM_INSTRUCTION_SET to "thumb" in order to enable
> actually using this TUNE_FEATURE.
>
> With recent improvements in tune files you should clearly see that
> default qemuarm builds are using TUNE_PKGARCH without "t" in it which
> means that "thumb" isn't enabled.

Should we actually test this on autobuilders then? The change passed 
them fine, even though it shouldn't have.

Alex

Re: [PATCH 1/7] ffmpeg: update to 2.8.6

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 710 bytes --]

On Wed, Feb 24, 2016 at 03:28:16PM +0200, Alexander Kanavin wrote:
> On 02/24/2016 03:16 PM, Martin Jansa wrote:
> 
> > The distro needs to set ARM_INSTRUCTION_SET to "thumb" in order to enable
> > actually using this TUNE_FEATURE.
> >
> > With recent improvements in tune files you should clearly see that
> > default qemuarm builds are using TUNE_PKGARCH without "t" in it which
> > means that "thumb" isn't enabled.
> 
> Should we actually test this on autobuilders then? The change passed 
> them fine, even though it shouldn't have.

Yes, that's what I was suggesting in:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[akuster808]

On 02/24/2016 03:55 AM, Alexander Kanavin wrote:
> On 02/16/2016 05:55 PM, akuster808 wrote:
> 
>>> Yes, which means that jethro (which has 2.8.5) needs the same update.
>>
>> there is a bug open for that 8877. there are a huge number of CVE's that
>> need fixing.
> 
> I wrote a comment in that bug, but I think it bears repeating here:
> 
> Please read this, it's a bit long, but worth it:
> 
> https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
> 
> Summary: the upstream will not backport CVE fixes, and they will not be
> making point releases in old branches with any kind of lifecycle
> guarantee. Providing ongoing updates to the latest stable release of
> webkit is the only way to stay secure.
> 

Many vulnerability notifications will make the same statements.

Updating a package that other packages depend on can cause a cascading
set of failures. Now you have a bigger set of problems to contend with.

> So I believe that you indeed have to update webkit to 2.10.7, or
> whatever is the latest stable release, and keep doing this for as long
> as a yocto release needs to be supported.

From the commercial side you just can't move your install base to the
latest package versions for every security issue. The Yocto maintenance
policy operates very close to this too.

Yeah, Backporting fixes to stable branches is a lot of work once it
moves away from a simple cherry-pick from master.


regards,
- armin

> 
> Regards,
> Alex
> 

Re: [PATCH 6/7] webkitgtk: update to 2.10.7

[Alexander Kanavin]

On 02/24/2016 07:19 PM, akuster808 wrote:

> Many vulnerability notifications will make the same statements.
>
> Updating a package that other packages depend on can cause a cascading
> set of failures. Now you have a bigger set of problems to contend with.

I don't think the possibility of failures is a bigger problem than the 
certainty of having to backport a huge number of CVE fixes within a 
codebase that you don't understand.

Many of those are not a matter of cherry-picking the right patch; they 
require actual webkit expertise, because the code has changed too much 
in the meantime. Also, each webkit build takes hours, which slows things 
down even more. Do you have the resources for all of that?

>  From the commercial side you just can't move your install base to the
> latest package versions for every security issue. The Yocto maintenance
> policy operates very close to this too.

I think you need to make an exception for webkit, and explain this to 
your customers.

Alex