openembedded-core.git/meta/recipes-extended, branch uninative-1.5 Mirror of openembedded-core recipes: Move out stale GPLv2 versions to a seperate layer 2017-03-07T20:04:58+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-03-02T12:04:08+00:00 19b7e950346fb1dde6505c45236eba6cd9b33b4b These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.

There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.

There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.

Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.

I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tzdata: update to 2017a 2017-03-04T23:18:10+00:00 Armin Kuster akuster@mvista.com 2017-03-01T03:48:31+00:00 784a8379260759700ab8482b1699c9567d6e9f3f Briefly: Southern Chile moves from -04/-03 to -03, and Mongolia discontinues DST. Changes to future time stamps Mongolia no longer observes DST. (Thanks to Ganbold Tsagaankhuu.) Chile's Region of Magallanes moves from -04/-03 to -03 year-round. Its clocks diverge from America/Santiago starting 2017-05-13 at 23:00, hiving off a new zone America/Punta_Arenas. Although the Chilean government says this change expires in May 2019, for now assume it's permanent. (Thanks to Juan Correa and Deborah Goldsmith.) This also affects Antarctica/Palmer. Changes to past time stamps Fix many entries for historical time stamps for Europe/Madrid before 1979, to agree with tables compiled by Pere Planesas of the National Astronomical Observatory of Spain. As a side effect, this changes some time stamps for Africa/Ceuta before 1929, which are probably guesswork anyway. (Thanks to Steve Allen and Pierpaolo Bernardi for the heads-ups, and to Michael Deckers for correcting the 1901 transition.) Ecuador observed DST from 1992-11-28 to 1993-02-05. (Thanks to Alois Treindl.) Asia/Atyrau and Asia/Oral were at +03 (not +04) before 1930-06-21. (Thanks to Stepan Golosunov.) Changes to past and future time zone abbreviations Switch to numeric time zone abbreviations for South America, as part of the ongoing project of removing invented abbreviations. This avoids the need to invent an abbreviation for the new Chilean new zone. Similarly, switch from invented to numeric time zone abbreviations for Afghanistan, American Samoa, the Azores, Bangladesh, Bhutan, the British Indian Ocean Territory, Brunei, Cape Verde, Chatham Is, Christmas I, Cocos (Keeling) Is, Cook Is, Dubai, East Timor, Eucla, Fiji, French Polynesia, Greenland, Indochina, Iran, Iraq, Kiribati, Lord Howe, Macquarie, Malaysia, the Maldives, Marshall Is, Mauritius, Micronesia, Mongolia, Myanmar, Nauru, Nepal, New Caledonia, Niue, Norfolk I, Palau, Papua New Guinea, the Philippines, Pitcairn, Qatar, RĂ©union, St Pierre & Miquelon, Samoa, Saudi Arabia, Seychelles, Singapore, Solomon Is, Tokelau, Tuvalu, Wake, Vanuatu, Wallis & Futuna, and Xinjiang; for 20-minute daylight saving time in Ghana before 1943; for half-hour daylight saving time in Belize before 1944 and in the Dominican Republic before 1975; and for Canary Islands before 1946, for Guinea-Bissau before 1975, for Iceland before 1969, for Indian Summer Time before 1942, for Indonesia before around 1964, for Kenya before 1960, for Liberia before 1973, for Madeira before 1967, for Namibia before 1943, for the Netherlands in 1937-9, for Pakistan before 1971, for Western Sahara before 1977, and for Zaporozhye in 1880-1924. For Alaska time from 1900 through 1967, instead of "CAT" use the abbreviation "AST", the abbreviation commonly used at the time (Atlantic Standard Time had not been standardized yet). Use "AWT" and "APT" instead of the invented abbreviations "CAWT" and "CAPT". Use "CST" and "CDT" instead of invented abbreviations for Macau before 1999 and Taiwan before 1938, and use "JST" instead of the invented abbreviation "JCST" for Japan and Korea before 1938. Change to database entry category Move the Pacific/Johnston link from 'australasia' to 'backward', since Johnston is now uninhabited. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
 Briefly: Southern Chile moves from -04/-03 to -03, and Mongolia
  discontinues DST.

  Changes to future time stamps

    Mongolia no longer observes DST.  (Thanks to Ganbold Tsagaankhuu.)

    Chile's Region of Magallanes moves from -04/-03 to -03 year-round.
    Its clocks diverge from America/Santiago starting 2017-05-13 at
    23:00, hiving off a new zone America/Punta_Arenas.  Although the
    Chilean government says this change expires in May 2019, for now
    assume it's permanent.  (Thanks to Juan Correa and Deborah
    Goldsmith.)  This also affects Antarctica/Palmer.

  Changes to past time stamps

    Fix many entries for historical time stamps for Europe/Madrid
    before 1979, to agree with tables compiled by Pere Planesas of the
    National Astronomical Observatory of Spain.  As a side effect,
    this changes some time stamps for Africa/Ceuta before 1929, which
    are probably guesswork anyway.  (Thanks to Steve Allen and
    Pierpaolo Bernardi for the heads-ups, and to Michael Deckers for
    correcting the 1901 transition.)

    Ecuador observed DST from 1992-11-28 to 1993-02-05.
    (Thanks to Alois Treindl.)

    Asia/Atyrau and Asia/Oral were at +03 (not +04) before 1930-06-21.
    (Thanks to Stepan Golosunov.)

  Changes to past and future time zone abbreviations

    Switch to numeric time zone abbreviations for South America, as
    part of the ongoing project of removing invented abbreviations.
    This avoids the need to invent an abbreviation for the new Chilean
    new zone.  Similarly, switch from invented to numeric time zone
    abbreviations for Afghanistan, American Samoa, the Azores,
    Bangladesh, Bhutan, the British Indian Ocean Territory, Brunei,
    Cape Verde, Chatham Is, Christmas I, Cocos (Keeling) Is, Cook Is,
    Dubai, East Timor, Eucla, Fiji, French Polynesia, Greenland,
    Indochina, Iran, Iraq, Kiribati, Lord Howe, Macquarie, Malaysia,
    the Maldives, Marshall Is, Mauritius, Micronesia, Mongolia,
    Myanmar, Nauru, Nepal, New Caledonia, Niue, Norfolk I, Palau,
    Papua New Guinea, the Philippines, Pitcairn, Qatar, RĂ©union, St
    Pierre & Miquelon, Samoa, Saudi Arabia, Seychelles, Singapore,
    Solomon Is, Tokelau, Tuvalu, Wake, Vanuatu, Wallis & Futuna, and
    Xinjiang; for 20-minute daylight saving time in Ghana before 1943;
    for half-hour daylight saving time in Belize before 1944 and in
    the Dominican Republic before 1975; and for Canary Islands before
    1946, for Guinea-Bissau before 1975, for Iceland before 1969, for
    Indian Summer Time before 1942, for Indonesia before around 1964,
    for Kenya before 1960, for Liberia before 1973, for Madeira before
    1967, for Namibia before 1943, for the Netherlands in 1937-9, for
    Pakistan before 1971, for Western Sahara before 1977, and for
    Zaporozhye in 1880-1924.

    For Alaska time from 1900 through 1967, instead of "CAT" use the
    abbreviation "AST", the abbreviation commonly used at the time
    (Atlantic Standard Time had not been standardized yet).  Use "AWT"
    and "APT" instead of the invented abbreviations "CAWT" and "CAPT".

    Use "CST" and "CDT" instead of invented abbreviations for Macau
    before 1999 and Taiwan before 1938, and use "JST" instead of the
    invented abbreviation "JCST" for Japan and Korea before 1938.

  Change to database entry category

    Move the Pacific/Johnston link from 'australasia' to 'backward',
    since Johnston is now uninhabited.

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tzcode-native: update to 2017a 2017-03-04T23:18:10+00:00 Armin Kuster akuster@mvista.com 2017-03-01T03:48:30+00:00 6c95fbf51ec538e29083a4a890d106b732c1b182 Changes to code zic no longer mishandles some transitions in January 2038 when it attempts to work around Qt bug 53071. This fixes a bug affecting Pacific/Tongatapu that was introduced in zic 2016e. localtime.c now contains a workaround, useful when loading a file generated by a buggy zic. (Problem and localtime.c fix reported by Bradley White.) zdump -i now outputs non-hour numeric time zone abbreviations without a colon, e.g., "+0530" rather than "+05:30". This agrees with zic %z and with common practice, and simplifies auditing of zdump output. zdump is now buildable again with -DUSE_LTZ=0. (Problem reported by Joseph Myers.) zdump.c now always includes private.h, to avoid code duplication with private.h. (Problem reported by Kees Dekker.) localtime.c no longer mishandles early or late timestamps when TZ is set to a POSIX-style string that specifies DST. (Problem reported by Kees Dekker.) date and strftime now cause %z to generate "-0000" instead of "+0000" when the UT offset is zero and the time zone abbreviation begins with "-". Changes to documentation and commentary The 'Theory' file now better documents choice of historical time zone abbreviations. (Problems reported by Michael Deckers.) tz-link.htm now covers leap smearing, which is popular in clouds. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
  Changes to code

    zic no longer mishandles some transitions in January 2038 when it
    attempts to work around Qt bug 53071.  This fixes a bug affecting
    Pacific/Tongatapu that was introduced in zic 2016e. localtime.c
    now contains a workaround, useful when loading a file generated by
    a buggy zic.  (Problem and localtime.c fix reported by Bradley
    White.)

    zdump -i now outputs non-hour numeric time zone abbreviations
    without a colon, e.g., "+0530" rather than "+05:30".  This agrees
    with zic %z and with common practice, and simplifies auditing of
    zdump output.

    zdump is now buildable again with -DUSE_LTZ=0.
    (Problem reported by Joseph Myers.)

    zdump.c now always includes private.h, to avoid code duplication
    with private.h.  (Problem reported by Kees Dekker.)

    localtime.c no longer mishandles early or late timestamps
    when TZ is set to a POSIX-style string that specifies DST.
    (Problem reported by Kees Dekker.)

    date and strftime now cause %z to generate "-0000" instead of
    "+0000" when the UT offset is zero and the time zone abbreviation
    begins with "-".

  Changes to documentation and commentary

    The 'Theory' file now better documents choice of historical time
    zone abbreviations.  (Problems reported by Michael Deckers.)

    tz-link.htm now covers leap smearing, which is popular in clouds.

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
core-image-lsb-sdk: Lower IMAGE_OVERHEAD_FACTOR 2017-03-01T23:09:01+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-03-01T23:07:15+00:00 0116e4814aa55feb0f8944deb98e39b4534bab0c We're on the margin of the 4GB size limit for certain image types with this configuration. This is a temporary workaround to avoid total failures whilst we figure out better ways to save space. On such a large image, the standard 1.3 is large and 1.2 is reasonable. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We're on the margin of the 4GB size limit for certain image types with
this configuration. This is a temporary workaround to avoid total
failures whilst we figure out better ways to save space. On such a
large image, the standard 1.3 is large and 1.2 is reasonable.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tar: CVE-2016-6321 2017-03-01T12:54:23+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-02-24T12:49:18+00:00 cfa2b5facd1aa6a2bac4cb04687e1a977c533934 Skip members whose names contain "..". Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 Upstream patch: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Skip members whose names contain "..".

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321

Upstream patch:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f671

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ltp: upgrade to 20170116 2017-03-01T12:54:22+00:00 Dengke Du dengke.du@windriver.com 2017-02-22T10:04:50+00:00 25c71d320198d41cf760dbea96840d352681dced 1. Upgrade ltp from 20160126 to 20170116. 2. Delete some patches because these have been integrated in upstream. 0001-ltp-Don-t-link-against-libfl.patch 0006-sendfile-Use-off64_t-instead-of-__off64_t.patch 0007-replace-SIGCLD-with-SIGCHLD.patch 0009-Guard-error.h-with-__GLIBC__.patch 0012-fsstress.c-Replace-__int64_t-with-int64_t.patch 0013-include-fcntl.h-for-getting-O_-definitions.patch 0014-hyperthreading-Include-sys-types.h-for-pid_t-definit.patch 0015-mincore01-Rename-PAGESIZE-to-pagesize.patch 0016-ustat-Change-header-from-ustat.h-to-sys-ustat.h.patch 0017-replace-sigval_t-with-union-sigval.patch 0019-tomoyo-Replace-canonicalize_file_name-with-realpath.patch 0022-include-sys-types.h.patch 0029-trace_shed-Fix-build-with-musl.patch 0031-vma03-fix-page-size-offset-as-per-page-size-alignmen.patch 0032-regen.sh-Include-asm-unistd.h-explicitly.patch 0037-containers-netns_netlink-Avoid-segmentation-fault.patch 0038-run-posix-option-group-test-replace-CWD-qith-PWD.patch 0040-containers-userns05-use-unsigned-int-for-ns-id.patch 3. Add new patch based on Khem Raj's 0007-replace-SIGCLD-with-SIGCHLD.patch 0001-add-_GNU_SOURCE-to-pec_listener.c.patch 4. Add new patches fix building errors with musl: 0006-fix-PATH_MAX-undeclared-when-building-with-musl.patch 0007-fix-__WORDSIZE-undeclared-when-building-with-musl.patch 0009-fix-redefinition-of-struct-msgbuf-error-building-wit.patch Add new patch fix building errors, when the distro is poky-lsb 0012-fix-faccessat01.c-build-fails-with-security-flags.patch 5. Modify some patches because the upstream contains changes, those patches maybe failed when they apply to the new version of ltp. 0011-Rename-sigset-variable-to-sigset1.patch 0027-sysconf01-Use-_SC_2_C_VERSION-conditionally.patch 0030-lib-Use-PTHREAD_MUTEX_RECURSIVE-in-place-of-PTHREAD_.patch 0035-fix-test_proc_kill-hang.patch 6. Rename and modify this patch. fcntl-fix-the-time-def-to-use-time_t.patch to 0039-fcntl-fix-the-time-def-to-use-time_t.patch 7. The new version of ltp add the checking for ksh and csh, we doesn't support ksh and csh in oe-core, so remove the checking files when the system executes do_install function. Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
1. Upgrade ltp from 20160126 to 20170116.

2. Delete some patches because these have been integrated in upstream.

	0001-ltp-Don-t-link-against-libfl.patch
	0006-sendfile-Use-off64_t-instead-of-__off64_t.patch
	0007-replace-SIGCLD-with-SIGCHLD.patch
	0009-Guard-error.h-with-__GLIBC__.patch
	0012-fsstress.c-Replace-__int64_t-with-int64_t.patch
	0013-include-fcntl.h-for-getting-O_-definitions.patch
	0014-hyperthreading-Include-sys-types.h-for-pid_t-definit.patch
	0015-mincore01-Rename-PAGESIZE-to-pagesize.patch
	0016-ustat-Change-header-from-ustat.h-to-sys-ustat.h.patch
	0017-replace-sigval_t-with-union-sigval.patch
	0019-tomoyo-Replace-canonicalize_file_name-with-realpath.patch
	0022-include-sys-types.h.patch
	0029-trace_shed-Fix-build-with-musl.patch
	0031-vma03-fix-page-size-offset-as-per-page-size-alignmen.patch
	0032-regen.sh-Include-asm-unistd.h-explicitly.patch
	0037-containers-netns_netlink-Avoid-segmentation-fault.patch
	0038-run-posix-option-group-test-replace-CWD-qith-PWD.patch
	0040-containers-userns05-use-unsigned-int-for-ns-id.patch

3. Add new patch based on Khem Raj's 0007-replace-SIGCLD-with-SIGCHLD.patch

	0001-add-_GNU_SOURCE-to-pec_listener.c.patch

4. Add new patches fix building errors with musl:

	0006-fix-PATH_MAX-undeclared-when-building-with-musl.patch
	0007-fix-__WORDSIZE-undeclared-when-building-with-musl.patch
	0009-fix-redefinition-of-struct-msgbuf-error-building-wit.patch

   Add new patch fix building errors, when the distro is poky-lsb

	0012-fix-faccessat01.c-build-fails-with-security-flags.patch

5. Modify some patches because the upstream contains changes, those patches
   maybe failed when they apply to the new version of ltp.

	0011-Rename-sigset-variable-to-sigset1.patch
	0027-sysconf01-Use-_SC_2_C_VERSION-conditionally.patch
	0030-lib-Use-PTHREAD_MUTEX_RECURSIVE-in-place-of-PTHREAD_.patch
	0035-fix-test_proc_kill-hang.patch

6. Rename and modify this patch.

	fcntl-fix-the-time-def-to-use-time_t.patch to
	0039-fcntl-fix-the-time-def-to-use-time_t.patch

7. The new version of ltp add the checking for ksh and csh, we doesn't support
   ksh and csh in oe-core, so remove the checking files when the system executes
   do_install function.

Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ed: update to 1.14.1 2017-03-01T12:54:22+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2017-02-22T14:51:08+00:00 007c624781076264fab88cc355146ec68cdd15b4 Revert to the upstream server, now that we can handle .lz files. License checksum changes are due to copyright years. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Revert to the upstream server, now that we can handle .lz files.
License checksum changes are due to copyright years.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
lzip: add a recipe from meta-oe 2017-03-01T12:54:22+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2017-02-22T14:51:07+00:00 ad2afeab2128835a56ed20fef97b77041149105a ed tarballs are now available only in .lz format, which saves them an amazing 30 kilobytes over gz. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
ed tarballs are now available only in .lz format, which saves them
an amazing 30 kilobytes over gz.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
slang: 2.3.1 -> 2.3.1a 2017-03-01T12:54:22+00:00 Robert Yang liezhi.yang@windriver.com 2017-02-22T01:44:28+00:00 8fd956d4706ee115b03b02a91c7e761576b42d0a Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
unzip: CVE-2014-9913 CVE-2016-9844 2017-03-01T12:54:21+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2017-02-22T07:14:42+00:00 fc386ed4afb76bd3e5a3afff54d7dc8dde14fe9c Backport the patches for CVE-2014-9913 CVE-2016-9844 CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVE-2014-9913: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Patches come from: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/ or https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff Bug-Debian: https://bugs.debian.org/847486 Bug-Ubuntu: https://launchpad.net/bugs/1643750 (LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Backport the patches for CVE-2014-9913 CVE-2016-9844

CVE-2016-9844:
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via a large compression method value in the central
directory file header.
CVE-2014-9913:
Buffer overflow in the list_files function in list.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service
(crash) via vectors related to the compression method.

Patches come from:
https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/archivers/unzip/  or
https://release.debian.org/proposed-updates/stable_diffs/unzip_6.0-16+deb8u3.debdiff

Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750

(LOCAL REV: NOT UPSTREAM) --send to oe-core on 20170222

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>