These are the additional changes to help address reproducibility issues and additional fixes we would like to be included in 3.0.2
Please have comments back by Tuesday The following changes since commit 9b1bf083129be2b849db52d4f0eda9eb6077c97e: python2: add ntpath (2020-02-02 18:19:50 -0800) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/zeus-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nut Alejandro del Castillo (1): opkg-utils: upgrade to version 0.4.2 Alexander Kanavin (1): perl: do not install files that contain build host specific data Anuj Mittal (3): Revert "bzip2: Fix CVE-2019-12900" curl: fix CVE-2019-15601 cpio: fix CVE-2019-14866 Joshua Watt (2): classes/reproducible_build: Read SDE file later mc: Fix build reproducibility Lee Chee Yang (1): rsync: whitelist CVE-2017-16548 Richard Purdie (17): opkg-utils: Fix reproducibility issues in opkg-build oeqa/reproducible: Improve test output and ensure deb+ipk compared sudo: Set vardir deterministically libxshmfence: Set shm directory deterministically mc: Set zipinfo presence determinstically mc: Fix manpage date indeterminism tar: Fix build determinism, disable rsh patch: Extend to native/nativesdk and depend upon libidn2: Fix reproducibility issue perl: Fix various reproducibile build issues openssl: Fix reproducibility issue iputils: Fix build determinism libinput: Fix determinism issue libgcrypt: Fix determinism issue sysvinit: Fix Reproducibility issue libevdev: Fix determinism issue ncurses: Fix reproducibility issue Ross Burton (2): gtk+3: sort resources for reproducible binaries sudo: specify where target tools are Taras Kondratiuk via Openembedded-core (1): gcc-9.2: fix bug #91102 'aarch64 ICE on Linux kernel with -Os' Tom Hochstein (1): devtool/standard.py: Allow recipe to disable menuconfig logic meta/classes/patch.bbclass | 7 + meta/classes/reproducible_build.bbclass | 40 ++- meta/lib/oeqa/selftest/cases/reproducible.py | 9 +- .../openssl/openssl/reproducible.patch | 32 ++ .../openssl/openssl_1.1.1d.bb | 1 + meta/recipes-core/meta/buildtools-tarball.bb | 1 + meta/recipes-core/ncurses/ncurses.inc | 1 + .../recipes-core/sysvinit/sysvinit_2.88dsf.bb | 1 + meta/recipes-devtools/gcc/gcc-9.2.inc | 1 + ...02-aarch64-ICE-on-Linux-kernel-with-.patch | 95 ++++++ ...Switch-all-scripts-to-use-Python-3.x.patch | 113 ------- ...ld-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch | 44 --- .../opkg-utils/fix-reproducibility.patch | 32 ++ .../opkg-utils/opkg-utils/pipefail.patch | 31 -- ...pkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} | 13 +- meta/recipes-devtools/patch/patch_2.7.6.bb | 3 + .../perl/files/determinism.patch | 81 +++++ meta/recipes-devtools/perl/perl-ptest.inc | 3 + meta/recipes-devtools/perl/perl_5.30.0.bb | 4 + meta/recipes-devtools/rsync/rsync_3.1.3.bb | 3 + .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 -- .../cpio/cpio-2.12/CVE-2019-14866.patch | 316 ++++++++++++++++++ meta/recipes-extended/cpio/cpio_2.12.bb | 1 + .../iputils/iputils_s20190709.bb | 3 +- meta/recipes-extended/libidn/libidn2_2.2.0.bb | 3 +- ...Add-option-to-control-configure-args.patch | 99 ++++++ .../recipes-extended/mc/files/nomandate.patch | 21 ++ meta/recipes-extended/mc/mc_4.8.23.bb | 7 +- meta/recipes-extended/sudo/sudo.inc | 2 +- meta/recipes-extended/sudo/sudo_1.8.27.bb | 10 +- meta/recipes-extended/tar/tar_1.32.bb | 2 + .../gtk+/gtk+3/sort-resources.patch | 19 ++ meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb | 1 + .../wayland/libinput/determinism.patch | 21 ++ .../wayland/libinput_1.14.1.bb | 4 +- .../xorg-lib/libxshmfence_1.3.bb | 2 + .../curl/curl/CVE-2019-15601.patch | 46 +++ meta/recipes-support/curl/curl_7.66.0.bb | 1 + .../libevdev/libevdev/determinism.patch | 34 ++ .../libevdev/libevdev_1.8.0.bb | 3 +- .../libgcrypt/files/determinism.patch | 32 ++ .../libgcrypt/libgcrypt_1.8.4.bb | 1 + scripts/lib/devtool/standard.py | 6 +- 43 files changed, 933 insertions(+), 252 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch create mode 100644 meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch create mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch delete mode 100644 meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch rename meta/recipes-devtools/opkg-utils/{opkg-utils_0.4.1.bb => opkg-utils_0.4.2.bb} (83%) create mode 100644 meta/recipes-devtools/perl/files/determinism.patch delete mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch create mode 100644 meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch create mode 100644 meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch create mode 100644 meta/recipes-extended/mc/files/nomandate.patch create mode 100644 meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch create mode 100644 meta/recipes-graphics/wayland/libinput/determinism.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2019-15601.patch create mode 100644 meta/recipes-support/libevdev/libevdev/determinism.patch create mode 100644 meta/recipes-support/libgcrypt/files/determinism.patch -- 2.17.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
