openembedded-core.git/meta/recipes-extended/tar, branch master Mirror of openembedded-core recipes: Move out stale GPLv2 versions to a seperate layer 2017-03-07T20:04:58+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-03-02T12:04:08+00:00 19b7e950346fb1dde6505c45236eba6cd9b33b4b These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.

There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.

There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.

Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.

I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tar: CVE-2016-6321 2017-03-01T12:54:23+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-02-24T12:49:18+00:00 cfa2b5facd1aa6a2bac4cb04687e1a977c533934 Skip members whose names contain "..". Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 Upstream patch: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Skip members whose names contain "..".

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321

Upstream patch:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tar: upgrade to 1.29 2016-06-14T11:56:30+00:00 Chen Qi Qi.Chen@windriver.com 2016-06-12T02:21:05+00:00 8504817a5707df0f26a3049846532bfa4890f329 Refresh remove-gets.patch for the latest version. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Refresh remove-gets.patch for the latest version.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tar: Fix build for musl based targets 2016-01-22T23:42:50+00:00 Khem Raj raj.khem@gmail.com 2016-01-06T18:45:45+00:00 c17d9a8d7f89b8e855f87d61583075129e4aa72c It only considered linux-gnu hosts when cross compiling here we add linux-musl to the mix as well Fixes errors e.g. 1.28-r0/tar-1.28/src/tar.c:1351:5: error: 'SAVEDIR_SORT_INODE' undeclared here (not in a function) | SAVEDIR_SORT_INODE | ^ Signed-off-by: Khem Raj <raj.khem@gmail.com> 
It only considered linux-gnu hosts when cross compiling
here we add linux-musl to the mix as well

Fixes errors e.g.

1.28-r0/tar-1.28/src/tar.c:1351:5: error: 'SAVEDIR_SORT_INODE'
undeclared here (not in a function)
|      SAVEDIR_SORT_INODE
|      ^

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add "CVE:" tag to current patches in OE-core 2016-01-11T23:23:18+00:00 Mariano Lopez mariano.lopez@linux.intel.com 2016-01-08T12:03:58+00:00 065ebeb3e15311d0d45385e15bf557b1c95b1669 The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.

This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tar: fix install if bindir == base_bindir 2015-09-21T14:20:04+00:00 Dominic Sacré dominic.sacre@gmx.de 2015-09-17T16:13:42+00:00 2c7149633731272df5323dd0bd5165a67b0eb2f4 Don't try to move binaries onto themselves if ${bindir} and ${base_bindir} are the same, as is the case on systems with a merged /usr directory. Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Don't try to move binaries onto themselves if ${bindir} and
${base_bindir} are the same, as is the case on systems with a
merged /usr directory.

Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tar-replacement-native: relocate via NATIVE_PACKAGE_PATH_SUFFIX 2015-08-19T16:57:47+00:00 Patrick Ohly patrick.ohly@intel.com 2015-08-14T16:01:41+00:00 e6fee3ddb5600fc564243a96d6232b4ae097df32 Building tar-replacement-native as replacement of the host's tar in the standard path was meant to be done manually by a user in preparation for the regular bitbake run. Such a usage has been superseeded by installing the pre-compiled buildutils and might have been broken on hosts which need it by the sanity check for tar >= 1.26. Therefore tar-replacement-native_1.28.bb can be removed in favor of adapting the normal tar recipe such that it installs an opt-in binary under a different path. The special do_install logic is explicitly limited to class-target, instead of making it the default and disabling it (which would be the case for class-native and class-nativesdk). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Building tar-replacement-native as replacement of the host's tar in
the standard path was meant to be done manually by a user in
preparation for the regular bitbake run. Such a usage has been
superseeded by installing the pre-compiled buildutils and might have
been broken on hosts which need it by the sanity check for tar >=
1.26.

Therefore tar-replacement-native_1.28.bb can be removed in favor of
adapting the normal tar recipe such that it installs an opt-in binary
under a different path.

The special do_install logic is explicitly limited to class-target,
instead of making it the default and disabling it (which would be the
case for class-native and class-nativesdk).

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tar: Add symlink to tar from gtar 2015-07-13T12:46:45+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-07-13T11:04:46+00:00 18ccd233810869c84af28783a9fa1906c1b30232 dpkg-deb accesses tar via "gtar", add a symlink to ensure that nativesdk for example correctly catches these accesses to tar (for buildtools-tarball). This likely also fixes on target dpkg-deb usage. [YOCTO #7988] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
dpkg-deb accesses tar via "gtar", add a symlink to ensure that nativesdk
for example correctly catches these accesses to tar (for buildtools-tarball).
This likely also fixes on target dpkg-deb usage.

[YOCTO #7988]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tar: set acpaths to avoid "Argument list too long" error 2015-03-22T09:25:50+00:00 Chong Lu Chong.Lu@windriver.com 2015-03-12T06:14:55+00:00 747333764231d0320bdefbcf192b2589e70c58a1 There would be an error when the TMPDIR is long/deep, for example when len(TMPDIR) = 410 while our supported longest value is 410: aclocal: error: cannot open xxx autoreconf: aclocal failed with exit status: 1 ERROR: autoreconf execution failed. Let aclocal use the relative path for the m4 file rather than the absolute would fix the problem. [YOCTO #6138] Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
There would be an error when the TMPDIR is long/deep, for example when
len(TMPDIR) = 410 while our supported longest value is 410:

    aclocal: error: cannot open xxx
    autoreconf: aclocal failed with exit status: 1
    ERROR: autoreconf execution failed.

Let aclocal use the relative path for the m4 file rather than the
absolute would fix the problem.

[YOCTO #6138]

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tar 1.17: fix unknown-configure-option 2015-02-07T18:52:46+00:00 Robert Yang liezhi.yang@windriver.com 2015-01-27T08:31:21+00:00 faf469f9b5fbf794311d83db26cdf7f1042785c0 WARNING: QA Issue: tar: configure was passed unrecognised options: --without-posix-acls [unknown-configure-option] tar 1.17 doesn't support --without-posix-acls, move it from tar.inc to tar_1.28.bb to fix the problem. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
WARNING: QA Issue: tar: configure was passed unrecognised options: --without-posix-acls [unknown-configure-option]

tar 1.17 doesn't support --without-posix-acls, move it from tar.inc to
tar_1.28.bb to fix the problem.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>