summaryrefslogtreecommitdiffstats
path: root/README.qemu
diff options
context:
space:
mode:
authorTanu Kaskinen <tanuk@iki.fi>2017-11-27 18:39:30 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-12-10 22:45:18 +0000
commite310fbff97490615f8ab46dd8029092abe461616 (patch)
treefc3c08d970bfec041457403759114eb35dfc10a8 /README.qemu
parent7e1ee95d1aca9320090912e88a606fb4815a8d08 (diff)
downloadpoky-e310fbff97490615f8ab46dd8029092abe461616.tar.gz
lame: 3.99.5 -> 3.100
Release notes: http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/history.html?revision=1.154 Dropped patches that are included in the release: - lame-3.99.5_fix_for_automake-1.12.x.patch - CVE-2017-13712.patch The CACHED_CONFIGUREVARS thing to disable SSE code on x86 isn't needed anymore. The build system now correctly detects when SSE isn't available. Note for stable branch maintainers: This release includes several fixes for bugs that have a CVE number associated with them. The bugs (or at least most of them) are crashes that seem to be considered "remote DoS" vulnerabilities, probably because it's easy to imagine lame being used with untrusted audio files from remote sources. If you want to backport "all sercurity fixes" to the stable brances, that task seems pretty difficult. The release notes explicitly mention three CVE numbers, but there are more: for example, OE had a fix for CVE-2017-13712, which is not mentioned in the release notes but is fixed in the release. The commit log doesn't keep any track of CVE numbers either. Maybe it would be best to just upgrade lame to 3.100 also in the stable branches. (From OE-Core rev: 930f8873e0e180da7242f65bfd5c60f9d6c19424) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'README.qemu')
0 files changed, 0 insertions, 0 deletions