<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-multimedia/libvorbis, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-11-07T13:31:53+00:00</updated>
<entry>
<title>The poky repository master branch is no longer being updated.</title>
<updated>2025-11-07T13:31:53+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-11-07T13:31:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8c22ff0d8b70d9b12f0487ef696a7e915b9e3173'/>
<id>urn:sha1:8c22ff0d8b70d9b12f0487ef696a7e915b9e3173</id>
<content type='text'>
You can either:

a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs

b) use the new bitbake-setup

You can find information about either approach in our documentation:
https://docs.yoctoproject.org/

Note that "poky" the distro setting is still available in meta-yocto as
before and we continue to use and maintain that.

Long live Poky!

Some further information on the background of this change can be found
in: https://lists.openembedded.org/g/openembedded-architecture/message/2179

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: Ignore -mfused-madd as well for clang</title>
<updated>2025-05-19T16:55:18+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2025-05-17T14:22:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e0d21f5c4f58f1521d86a39997c4ca62d75ad914'/>
<id>urn:sha1:e0d21f5c4f58f1521d86a39997c4ca62d75ad914</id>
<content type='text'>
This option is not universal for all compilers

(From OE-Core rev: 2d3b08b4327b3b6b2e16f6a19f1f9a2f951fc027)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>recipes: Drop remaining md5sum checksums</title>
<updated>2025-05-01T13:22:53+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-04-30T15:12:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ca65114e5e6b543164c297048c73a51d606c817c'/>
<id>urn:sha1:ca65114e5e6b543164c297048c73a51d606c817c</id>
<content type='text'>
We have long since obsoleted md5sum in favour of sha256sum. Drop the remaining
56 entries (which were showing many recipes hadn't been touched in a long time).
They all do have the corresponding sha256sum entries as is clear from the diff.

(From OE-Core rev: 7e4bfcc9706fa8a09f6a0004174a2c3b21c90df3)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>vorbis: mark patch as Inactive-Upstream</title>
<updated>2024-05-28T08:38:23+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex@linutronix.de</email>
</author>
<published>2024-05-16T11:26:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=058b6d735bcbc2f2331315b1a5f59e232ea419c9'/>
<id>urn:sha1:058b6d735bcbc2f2331315b1a5f59e232ea419c9</id>
<content type='text'>
(From OE-Core rev: 618bb8994d66d7d24cca2fb6885a510d69406437)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>meta: fix some unresponsive homepages and bugtracker links</title>
<updated>2020-10-30T13:22:48+00:00</updated>
<author>
<name>Maxime Roussin-Bélanger</name>
<email>maxime.roussinbelanger@gmail.com</email>
</author>
<published>2020-10-27T02:21:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b11f7236a2231c9d50e85c6434f073052cbec307'/>
<id>urn:sha1:b11f7236a2231c9d50e85c6434f073052cbec307</id>
<content type='text'>
remove some extra whitespaces

(From OE-Core rev: 32ce3716761165b9df12306249418645724122cc)

Signed-off-by: Maxime Roussin-Bélanger &lt;maxime.roussinbelanger@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: upgrade 1.3.6 -&gt; 1.3.7</title>
<updated>2020-07-12T11:21:47+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@cn.fujitsu.com</email>
</author>
<published>2020-07-08T08:52:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=43b35e6f40d3970c52dea05d97e506ca02c27a60'/>
<id>urn:sha1:43b35e6f40d3970c52dea05d97e506ca02c27a60</id>
<content type='text'>
CVE-2017-14160.patch
CVE-2018-10392.patch
removed since they are included in 1.3.7

-License-Update: Copyright year updated to 2020.

license text: URL of Xiph.Org Foundation changed to https://xiph.org/

(From OE-Core rev: 75f97f7f8a9a8b4c029f9fbfe1d1c3a43f6ebb4b)

Signed-off-by: Wang Mingyu &lt;wangmy@cn.fujitsu.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: Clarify BSD license variant</title>
<updated>2019-10-15T13:16:11+00:00</updated>
<author>
<name>Christophe PRIOUZEAU</name>
<email>christophe.priouzeau@st.com</email>
</author>
<published>2019-10-07T13:08:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=59f361aa2c7f418de808e7f4e126afd43bd50a9c'/>
<id>urn:sha1:59f361aa2c7f418de808e7f4e126afd43bd50a9c</id>
<content type='text'>
The license of libvorbis is BSD-3-Clause.

(From OE-Core rev: 27a73929ee51bc7d78cc29ff800a7537f8718c54)

Signed-off-by: Christophe Priouzeau &lt;christophe.priouzeau@st.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: 3 CVE fixes</title>
<updated>2018-08-16T21:40:28+00:00</updated>
<author>
<name>Joe Slater</name>
<email>joe.slater@windriver.com</email>
</author>
<published>2018-08-15T23:13:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7204e57262c5dffe3e2c9a2e59c3f2e9e4e35514'/>
<id>urn:sha1:7204e57262c5dffe3e2c9a2e59c3f2e9e4e35514</id>
<content type='text'>
CVE-2017-14160, CVE-2018-10393 (same as 14160), and CVE-2018-10392.
These fixes should be in libvorbis 1.3.7.

(From OE-Core rev: 45ff20f325a51fe0ed12d58160c08e04781ce341)

Signed-off-by: Joe Slater &lt;joe.slater@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: 1.3.5 -&gt; 1.3.6</title>
<updated>2018-05-29T20:07:15+00:00</updated>
<author>
<name>Tanu Kaskinen</name>
<email>tanuk@iki.fi</email>
</author>
<published>2018-05-22T15:30:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=071cd6feb1d47001c7c465e7caea6106ee1dcb4f'/>
<id>urn:sha1:071cd6feb1d47001c7c465e7caea6106ee1dcb4f</id>
<content type='text'>
Rebased 0001-configure-Check-for-clang.patch.

Removed the backported CVE patches.

License-Update: copyright years refreshed

(From OE-Core rev: d536c0a0e400c27fd7954402195698e2c639338a)

Signed-off-by: Tanu Kaskinen &lt;tanuk@iki.fi&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: CVE-2018-5146</title>
<updated>2018-03-25T08:40:42+00:00</updated>
<author>
<name>Tanu Kaskinen</name>
<email>tanuk@iki.fi</email>
</author>
<published>2018-03-20T08:50:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=21c85626a5fd5dd7ab4968054de0eaf32c20158b'/>
<id>urn:sha1:21c85626a5fd5dd7ab4968054de0eaf32c20158b</id>
<content type='text'>
Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.

References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

(From OE-Core rev: 1f01ce76c76d63f5ffe96baf518e670ae01c4d12)

Signed-off-by: Tanu Kaskinen &lt;tanuk@iki.fi&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
