| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 is disputed and
also Debian considers it not a vulnerability:
https://security-tracker.debian.org/tracker/CVE-2018-13410
http://seclists.org/fulldisclosure/2018/Jul/24
"Negligible security impact, would involve that a untrusted party controls the -TT value."
https://nvd.nist.gov/vuln/detail/CVE-2018-13684 is not for zip, also Debian concludes this:
https://security-tracker.debian.org/tracker/CVE-2018-13684
"NOT-FOR-US: smart contract implementation for ZIP"
(From OE-Core rev: 06b72a91b6dcf63fed437fd2105c59e922ba6525)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This patch has been applied in several Linux distributions
(From OE-Core rev: 8e662fced80c98c5495d49c905cc0008cb812589)
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Applies a patch from Debian to remove the build date from zip.
(From OE-Core rev: 222d485e4eb789307093d57cb3c8d373c2e695b8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
... instead of a global exception list which was problematic.
[YOCTO #11896]
(From OE-Core rev: 89dfede4ca795ba085f1ee7290c6dede573c11db)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The infozip FTP server appears to have been taken down, so change the SRC_URI to
point at their SourceForge project.
Also as the SRC_URI can't be generated from the version and there is no other
user of the .inc, merge the .bb and .inc together.
[ YOCTO #9655 ]
(From OE-Core rev: 5cb1e0ec46e4fde1c15aeb6812eaaece4840ac1c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
recipes
(From OE-Core rev: 1eb9e190ef3bb1170b3eaabd9f7900e7ce176624)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makefile makes use of CFLAGS_NOOPT. If we set that
when calling make we can options like -g. The Makefile
will override any optimization to -O3.
Upstream-Status: Pending
(From OE-Core rev: df2c260f9cda2e291c72f7debe1e6d53846ce058)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a quick audit of only the most obviously wrong licenses
found within OECore. These fixes fall into four areas:
- LICENSE field had incorrect format so that the parser choked
- LICENSE field has a license with no version
- LICENSE field was actually incorrect
- LICENSE field has an imaginary license that didn't exist
This fixes most of the LICENSE warnings thrown, along with my prior
commit adding additional licenses to common-licenses and additional
SPDXLICENSEMAP entries.
HOWEVER..... there is much to be done on the license front.
For a list of recipes with licenses that need obvious fixing see:
https://wiki.yoctoproject.org/wiki/License_Audit
That said, I would suggest another license audit as I've found
enough inconsistencies. A good suggestion is when in doubt, look at
how openSuse or Gentoo or Debian license the package.
(From OE-Core rev: 3083dd70b3a9fa01fcc3cf00373b05502505996e)
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
| |
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|