<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-multimedia, branch pyro</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=pyro</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=pyro'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2018-05-07T14:57:43+00:00</updated>
<entry>
<title>libpng: update SRC_URI to use osl</title>
<updated>2018-05-07T14:57:43+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2018-04-19T16:00:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cc9ab83f7fa390e42742e18efe56009146c2de0b'/>
<id>urn:sha1:cc9ab83f7fa390e42742e18efe56009146c2de0b</id>
<content type='text'>
ERROR: libpng-1.6.28-r0 do_checkuri: Fetcher failure for URL: 'http://downloads.sourceforge.net/project/libpng/libpng16/1.6.28/libpng-1.6.28.tar.xz'. URL http://downloads.sourceforge.net/project/libpng/libpng16/1.6.28/libpng-1.6.28.tar.xz doesn't work
ERROR: libpng-1.6.28-r0 do_checkuri: Function failed: do_checkuri

(From OE-Core rev: c53d61712a50c5243b14b6aa39e034e080fa0bd3)

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libpng: fix MIRRORS usage</title>
<updated>2018-05-07T14:57:43+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-07-28T15:55:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2574cef768575407960301e344408a1f525ac865'/>
<id>urn:sha1:2574cef768575407960301e344408a1f525ac865</id>
<content type='text'>
MIRRORS needs to be pairs of values for the original URL to match and the
location find it on the mirror.

(From OE-Core rev: a649f3da630e8ca2d3ca58b610f3918720dd5229)

(From OE-Core rev: 1ea5d9f4d2afab924635462a35badfc55bd43c9c)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libpng: use SourceForge mirror</title>
<updated>2018-05-07T14:57:43+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-07-24T20:34:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=26425355877cf78d60ce8866df02563ad5a66166'/>
<id>urn:sha1:26425355877cf78d60ce8866df02563ad5a66166</id>
<content type='text'>
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.

Original idea by Maxin B. John &lt;maxin.john@intel.com&gt;.

(From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6)

(From OE-Core rev: 8ced3de463f97930404fe83a9f30d5d6536ffc9b)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
[Updated for Pyro context]
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: CVE-2018-5146</title>
<updated>2018-04-02T16:06:25+00:00</updated>
<author>
<name>Tanu Kaskinen</name>
<email>tanuk@iki.fi</email>
</author>
<published>2018-03-31T05:21:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d74851311644caa24f439e911e0fde55010eaf05'/>
<id>urn:sha1:d74851311644caa24f439e911e0fde55010eaf05</id>
<content type='text'>
Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.

References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

(From OE-Core rev: 5c880fe974907195c563b5580cb43b3b2fb92203)

Signed-off-by: Tanu Kaskinen &lt;tanuk@iki.fi&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: CVE-2017-14632</title>
<updated>2018-04-02T16:06:25+00:00</updated>
<author>
<name>Tanu Kaskinen</name>
<email>tanuk@iki.fi</email>
</author>
<published>2018-03-31T05:21:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8950d4ffc4ea677b7900b6de5a3dce65cb4d2ccb'/>
<id>urn:sha1:8950d4ffc4ea677b7900b6de5a3dce65cb4d2ccb</id>
<content type='text'>
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi-&gt;channels&lt;=0, a similar issue to Mozilla bug 550184.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632

(From OE-Core rev: e584aca38396db5e3d461f57804519261eecedc2)

Signed-off-by: Tanu Kaskinen &lt;tanuk@iki.fi&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libvorbis: CVE-2017-14633</title>
<updated>2018-04-02T16:06:25+00:00</updated>
<author>
<name>Tanu Kaskinen</name>
<email>tanuk@iki.fi</email>
</author>
<published>2018-03-31T05:21:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=20d103d88179e2c46e9e014eb629db411d4544f3'/>
<id>urn:sha1:20d103d88179e2c46e9e014eb629db411d4544f3</id>
<content type='text'>
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633

(From OE-Core rev: 3ea65ee8b31a16a20f5c28c19f4c758f8deabf6e)

Signed-off-by: Tanu Kaskinen &lt;tanuk@iki.fi&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Security fix for CVE-2017-7593</title>
<updated>2017-11-05T22:39:49+00:00</updated>
<author>
<name>Rajkumar Veer</name>
<email>rveer@mvista.com</email>
</author>
<published>2017-11-04T05:35:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a2ad903fa96790a7a529b4bee7c1bb3da0234cdc'/>
<id>urn:sha1:a2ad903fa96790a7a529b4bee7c1bb3da0234cdc</id>
<content type='text'>
(From OE-Core rev: b6ec8ab42befaa07c859a5c5cc14611b821a1304)

Signed-off-by: Rajkumar Veer &lt;rveer@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Security fix for CVE-2017-7602</title>
<updated>2017-11-05T22:39:49+00:00</updated>
<author>
<name>Rajkumar Veer</name>
<email>rveer@mvista.com</email>
</author>
<published>2017-11-04T05:33:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2aed68963f5c73985d02f3d378a7614169e09602'/>
<id>urn:sha1:2aed68963f5c73985d02f3d378a7614169e09602</id>
<content type='text'>
(From OE-Core rev: 957e9f92b17c6b268e6c037666d2f32ef23f7bf9)

Signed-off-by: Rajkumar Veer &lt;rveer@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Security fix for CVE-2017-7601</title>
<updated>2017-11-05T22:39:49+00:00</updated>
<author>
<name>Rajkumar Veer</name>
<email>rveer@mvista.com</email>
</author>
<published>2017-11-04T05:31:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a05828ec79f0930fa247a2a4caecbfc521792eb3'/>
<id>urn:sha1:a05828ec79f0930fa247a2a4caecbfc521792eb3</id>
<content type='text'>
(From OE-Core rev: 7423b8318a381d139590f6ab2c50874d0eb775a6)

Signed-off-by: Rajkumar Veer &lt;rveer@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Security fix for CVE-2017-7598</title>
<updated>2017-11-05T22:39:49+00:00</updated>
<author>
<name>Rajkumar Veer</name>
<email>rveer@mvista.com</email>
</author>
<published>2017-11-04T05:30:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=599438440e7ed71731ef27b16cce89ac166c67fb'/>
<id>urn:sha1:599438440e7ed71731ef27b16cce89ac166c67fb</id>
<content type='text'>
(From OE-Core rev: 13704be6d172eef2459bb3a5ceed47711ef08b99)

Signed-off-by: Rajkumar Veer &lt;rveer@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
