| Age | Commit message (Collapse) | Author | Files |
|---|
|
This upgrade fixes the vulnerability: CVE-2016-10087
License file changes are due to updates in Package Version
and Copyright date. ie:
'libpng version 1.6.28, January 5, 2017'
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License file changes are due to updates in Version and Copyright date
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Updates in License files are due to changes in Copyright date
and Version.
Ensure all tools are packaged into $PN-tools.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.6.22 -> 1.6.23
License files changes are due to updates in Copyright date and Version
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.6.21 -> 1.6.22
License files updates are not real license changes (updates in Copyright
date and Version)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1.6.20 -> 1.6.21
License file updates contain new dates and versions. Update checksums
to reflect it.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update SRC_URI to use GENTOO_MIRROR as SOURCEFORGE_MIRROR continue
to move around the release files.
[YOCTO #8739]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.6.17 -> 1.6.19
No changes in License.The license checksums changed because of update
in Copyright dates and other restructuring in png.h
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License files changes are not actual license changes.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License checksum changed because of date change like below
-libpng versions 1.2.6, August 15, 2004, through 1.6.13, August 21, 2014, are
+libpng versions 1.2.6, August 15, 2004, through 1.6.16, December 22, 2014, are
Change-Id: I7a2a950ef06c0bd8950a65b273bde5c214e6d3c7
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The configure override was too restrictive, it needed both 'arm' and
'neon' to trigger, which breaks on aarch64. Since TUNE_FEATURES is the
only qualifier that matters, drop the 'arm' override.
Buildtested for 'genericarmv8' and 'qemux86' machines.
[RP: Added class-target override to avoid failures for libpng-native]
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License terms have not changed. In case of LICENSE and png.h lines 0-15
the version numbers and release dates have changed. In case of png.h lines
229-343 the text has not changed at all, but old line numbers were not
pointing to correctly to the licensing terms segment.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Automake recipe provides automake 1.14.1 anyway
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Fixes CVE-2014-0333
2. There are changes in License checksums. This is due to new
contributor names being added to LICENSE and png.h file
contains version of the new release.So, license remains the same.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Note: license has not changed. MD5 sum of files changed because new
contributors were added to LICENSE and png.h file contains the
version of the new release.
Signed-off-by: Marius Avram <marius.avram@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also don't set DESCRIPTION to the same value, it's superfluous.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License is the same.
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License Checksum changed due to date updates in files and lines moving.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These tools are useful for fixing older or corrupted
PNG files.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
upgrade from 1.6.2 -> 1.6.3
LICENSE and png.h checksum changed caused by
dates and release numbers.
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
upgrade from 1.6.1 -> 1.6.2
- removed patch contained upstream
- minor changes in png.h and LICENSE file ( changes
regarding the date )
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
libpng 1.6.0/1.6.1 emits warnings about function ordering when there isn't a
problem, which causes Cairo to fail loading images. Take the patch from
upstream to fix this.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This attempts to fix [YOCTO #4060] - connman-applet spews warnings, but with this one PNG images still don't work in weston :(
The ARM NEON option was added because the autodetection code in configure.ac is broken:
/usr/lib/weston/weston-desktop-shell: symbol lookup error: /usr/lib/libpng16.so.16: undefined symbol: png_init_filter_functions_neon
License checksums update due to date and package version changes:
index e95d359..d86a7da 100644
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
obsolete_automake_macros.patch removed as it's not part of upstream.
The only changes to license texts are latest libpng version number
and release dates.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add obsolete_automake_macros.patch that replaces automake macros
no longer supported by automake-1.13 with modern constructs.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
* PN-LIBV is not needed, was used to package libpng12 from libpng3 build
now only libpng15 is built.
* if you're not using OEBasicHash + PRserv you need to rebuild and
reinstall a lot of packages to upgrade to libpng-1.5 correctly
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Updating from 1.2.x means also change in actual library name
from libpng12 to libpng15, and slight changes in API.
License md5sums differ only because of license text formatting
changes and because they contain version numbers and release dates.
Signed-off-by: Marko Lindqvist <cazfi74-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Constantin Musca <constantinx.musca@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replaced incorrect "startline" with correct "beginline" for telling
where license segment in file begins. Old md5sum was calculated from
the beginning of the file, not from beginning of the license segment.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License md5sum changed only because libpng version numbers and
release dates mentioned in it.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
License hasn't changed, just updated the md5 checksums due to trivial
date changes within the text (and the position of the license text
within png.h).
Addresses CVE-2011-3045
Fixes [YOCTO #2352]
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dont use autotools, it really not so autoconf like.
the configure script gets updated with every release of zlib
and we overwrite that. Instead use the upstream provided
configure
copyright year was changed in zlib.h which caused change in
LIC_FILE_CHECKSUM
fix.inverted.LFS.logic.patch is already applied upstream so drop it
Drop the configure.ac and Makefile.am scripts since we do not
autoreconf anymore and do not inherit autotools anymore
Bump PR for depending recipes so a rebuild it ensues so that
they dont depend on .la anymore
and add missing dependencies discovered during incremental
build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As for libpng recipe, the libpng.pc is a symbol link to libpng12.pc,
if packaging them into two different packages, we will get a dangling
link for libpng.pc, and when calculating rpm dependency with that file,
we will get nothing.
Only keep one version of dev package to fix the issue.
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
|
|
This addresses the following security advisories:
* CVE-2011-2690
* CVE-2011-2692
This fixes bug [YOCTO #1255]
The LICENSE and png.h checksum changes were due to trivial changes
in the files.
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
As discussed on the mailing list, this variable isn't useful and if wanted
would be better implemented by distros using pn-X overrides.
This patch executes:
find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d'
against the tree removing the referenced. Thanks to Phil Blundell for
the command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I've cleaned up some odd license fields, fixed some license
names and corrected some incorrect licenses. LICENSE really needs
a pass through by the maintainers as some of the licensing is
incorrect.
Also, every license with Artistic should be gone through and noted as
which version of Artistic.
Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
