| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2017-12678.patch
CVE-2018-11439.patch
removed since they are included in 1.12
(From OE-Core rev: dc999d351ec599e4c534281585152087ff16d345)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Fixes: [YOCTO #13471]
(From OE-Core rev: 6db24928d62aeb093a0e6da6619713eaca57a96f)
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were broken in commit 4786ecdf7cd427089464dcb62579110d494e7cd7
which performed a cleanup to avoid non-standard field names.
There is an SPDX License list at https://spdx.org/licenses/ which
aims to be a standard. Yocto also uses a substitution map SPDXLICENSEMAP,
default one stored at meta/conf/licenses.conf.
According to meta/conf/licenses.conf, "AFL-2" corresponds to "AFL-2.0"
which is not correct for dbus.
According to the same licenses.conf file "MPL-1" corresponds to "MPL-1.0",
which is correct for libical but since SPDX aims to be a standard
I am updating the identifier in libical's .bb file as well.
To verify the actual license used you can use:
dbus:
cd /tmp/
wget http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-0.110.tar.gz
tar -xaf dbus-glib-0.110.tar.gz
cd dbus-glib-0.110
grep -A1 "^The Academic Free License$" COPYING
cd /tmp/
wget http://dbus.freedesktop.org/releases/dbus/dbus-1.12.14.tar.gz
tar -xaf dbus-1.12.14.tar.gz
cd dbus-1.12.14
grep -A1 "^The Academic Free License$" COPYING
cairo:
wget --quiet -O - https://cgit.freedesktop.org/cairo/plain/COPYING-MPL-1.1?h=1.16.0 | grep -A1 "MOZILLA PUBLIC LICENSE"
libical:
wget --quiet -O - https://raw.githubusercontent.com/libical/libical/v2.0.0/COPYING | grep "Mozilla Public License"
taglib:
wget --quiet -O - https://raw.githubusercontent.com/taglib/taglib/v1.11.1/COPYING.MPL | grep -A1 "MOZILLA PUBLIC LICENSE"
(From OE-Core rev: 85cdf2ddfbfa956f9fcb705f886645f1884149c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439
Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278
(From OE-Core rev: a300c4917b6c22ef039158be7ae92055c35658d4)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-12678
Patch from:
https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
(From OE-Core rev: 24ac12ecb19efc7c131c9711ba32e298ba860eb7)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
Forcibly disable Boost as the macros it looks for are also present in our C++
standard library.
Enable c++11 in cmake as well as in CXXFLAGS [Khem Raj]
CXXFLAGS is required due to a cmake bug where it does not honor CMAKE_CXX_FLAGS
during configure time checks [Khem Raj]
(From OE-Core rev: 6a56ff7885f43abdb3b9bfeb733be6fee1de237c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
