summaryrefslogtreecommitdiff
path: root/meta
AgeCommit message (Collapse)AuthorFiles
2014-05-28libassuan: Improve pkgconfig supportRichard Purdie3
Add api_version and host to the .pc file and use pkg-config in the m4 macros for the package. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28libgpg-error: Extend pkgconfig support to m4 macrosRichard Purdie1
Whilst there is currently .pc file pkgconfig support, it was unused by the m4 macros. This extends the support so they're used instead of the -config scripts. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28devshell: Add interactive python shellRichard Purdie1
Being able to interact with the python context in the Bitbake task execution environment has long been desireable. This patch introduces such a mechanism. Executing "bitbake X -c devpyshell" will open a terminal connected to a python interactive interpretor in the task context so for example you can run commands like "d.getVar('WORKDIR')" This version now includes readline support for command history and various other bug fixes such as exiting cleanly compared to previous versions. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28pseudo: Honor umask againPeter Seebach1
The fchmodat-permissions patch was fine for the fchmod case, but had the unintended side effect of disregarding umask settings for open, mknod, mkdir, and their close relatives. Start tracking umask and masking the umask bits out where appropriate. Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28cmake: Avoid accidentally including libacl.hMike Crowe1
The cmake recipe doesn't depend on libacl yet cmake will detect libacl.h and use it by default. This risks build failures if libacl.h is unstaged during the build and it also means that the build cmake will sometimes support ACLs and sometimes not. This can be avoided by setting ENABLE_ACL=0 but until the fix for http://cmake.org/Bug/view.php?id=14866 is released we also need to set HAVE_ACL_LIBACL_H=0. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-27eglinfo: updated to compile with mesa10+Valentin Popa1
Updated to the newer 4b317648ec6cf39556a9e5d8078f605bc0edd5de. Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23libxshmfence: add it to oe-coreValentin Popa1
mesa 10+ depends on this (if the user builds mesa with dri3 support enabled). So add it to oe-core. Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23dri3proto: add it to oe-coreValentin Popa1
mesa 10+ depends on this (if the user builds mesa with dri3 support enabled). So add it to oe-core. Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23distro_features_check.bbclass: fix searching whole listSebastian Wiegand1
Search whole list of REQUIRED_DISTRO_FEATURES. Print only the missing/conflicting feature on error. Signed-off-by: Sebastian Wiegand <sebastian.wiegand@gersys.de> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23weston: upgrade to 1.5.0Tim Orling4
* replace 0001-remove-dependence-on-wayland-scanner-flags.patch with disable-wayland-scanner-pkg-check.patch * add make-lcms-configureable.patch (WIP... needs work) = fix for JaMa test-dependencies Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23wayland: upgrade to 1.5.0Tim Orling3
* update disable-macro-checks-not-used-for-scanner.patch = trivial change to non-patched text (+ posix_fallocate) * drop just-scanner.patch, no longer needed Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23perl: stop perl-modules recommending perl-ptestRoss Burton1
Change the logic that generates the perl-modules recommends to be an include filter instead of an exclude filter, so that new sub-packages don't become dependants of perl-modules (such as perl-ptest). [ YOCTO #6203 ] Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23babeltrace: fix alignment issueRoy Li2
Fix alignment issue in babeltrace Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23lttng-tools: fix alignment issueRoy Li3
Fix alignment issue in lttng-tools Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23bluez5: upgrade to 5.19Cristian Iorga2
- Fixes to OBEX, AVRCP browsing, HID over GATT and handling of device unpaired events for dual-mode devices. - New features: user space based HID host implementation (for BR/EDR). Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23perl: fix for CVE-2010-4777yanjun.zhu3
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23pseudo: handle fchmodat better, mask out unwanted write bitsPeter Seebach2
It turns out that pseudo's decision not to report errors from the host system's fchmodat() can break GNU tar in a very strange way, resulting in directories being mode 0700 instead of whatever they should have been. Additionally, it turns out that if you make directories in your rootfs mode 777, that results in the local copies being mode 777, which could allow a hypothetical attacker with access to the machine to add files to your rootfs image. We should mask out the 022 bits when making actual mode changes in the rootfs. This patch represents a backport to the 1.5.1 branch of three patches from the 1.6 branch, because it took a couple of tries to get this quite right. Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23python-native : Add patch to fix configure error with gcc 4.8.Philip Balister1
We apply this patch to the python recipe already. Without this patch the zeroc-ice-native recipe will not build. See: http://bugs.python.org/issue17547 for more details. Signed-off-by: Philip Balister <philip@balister.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23bitbake.conf: add default ${CPAN_MIRROR}Tim Orling1
* Set default to http://search.cpan.org/CPAN/, as it should be Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23mirrors.bbclass: add ${CPAN_MIRROR} optionTim Orling1
* Perl modules fail to fetch because default CPAN site has been flaky lately. * Create option to use metacpan.org as a mirror. Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23initramfs-live-install: avoid using grub.d/40_customRobert Yang1
We have this in recipes-bsp/grub/grub/40_custom: [snip] menuentry "Linux" { set root=(hd0,1) linux /vmlinuz root=__ROOTFS__ rw __CONSOLE__ __VIDEO_MODE__ __VGA_MODE__ quiet } [snip] These lines are only for initrdscripts/files/init-install.sh, the side effect is that it would make the target's grub-mkconfig doesn't work well since the 40_custom will be installed to /etc/grub.d/40_custom, the grub-mkconfig will run the 40_custom, and there will always be a 'menuentry "Linux"' menu in grub.cfg no matter it is valid or not, we can do this in init-install.sh rather than grub to fix the problem, which is also much simpler. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-23taglib: Force a disable of the floating dependency on boostRichard Purdie1
taglib appears to depend on boost if it finds it in the sysroot. Force it not to do this. Someone with better cmake skills may be able to do this in a neater way. (From OE-Core rev: 2c6c6c98416e5a458a02106524b5aa10a4b71d60) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-21guile: Update to 2.0.11 versionChong Lu2
Upgrade guile to 2.0.11 version and remove unneeded patch since it's included in new version. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21byacc: Update to 20140422 versionChong Lu1
Upgrade byacc to 20140422 version. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21flex: Update to 2.5.39 versionChong Lu1
Upgrade flex to 2.5.39 version. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0849Yue Tao2
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0850Yue Tao2
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0856Yue Tao2
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0854Yue Tao2
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0851Yue Tao2
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0858Yue Tao2
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0852Yue Tao2
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0845Yue Tao2
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0868Yue Tao3
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) len==0 cases. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2014-2099Yue Tao2
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2013-0865Yue Tao2
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21gst-ffmpeg: fix for Security Advisory CVE-2014-2263Yue Tao2
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21distro_features_check.bbclass: fix wrong indentationSebastian Wiegand1
To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code. [YOCTO #6349] Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21cups: fix for cups not building without avahiSaul Wold1
Backport upstream patch for CUPS issue: STR #4402 [YOCTO #6325] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21harfbuzz: upgrade to 0.9.28Cristian Iorga1
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21libav: upgrade 9.x version to 9.13Paul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21libav: upgrade 0.8.x version to 0.8.11Paul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21quilt: Update to 0.63 versionChong Lu3
Upgrade quilt to 0.63 version and add perl-module-text-parsewords to RDEPENDS of ptest. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21libpcre: Update to 8.35 versionChong Lu1
Upgrade libpcre to 8.35 version. Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21openssl: fix for CVE-2010-5298Yue Tao1
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21tiff: fix for Security Advisory CVE-2013-4231Yue Tao2
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21nss: CVE-2013-1740Li Wang2
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 https://bugzilla.mozilla.org/show_bug.cgi?id=919877 https://bugzilla.mozilla.org/show_bug.cgi?id=713933 changeset: 10946:f28426e944ae user: Wan-Teh Chang <wtc@google.com> date: Tue Nov 26 16:44:39 2013 -0800 summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls changeset: 10945:774c7dec7565 user: Wan-Teh Chang <wtc@google.com> date: Mon Nov 25 19:16:23 2013 -0800 summary: Bug 713933: Declare the |falseStart| local variable in the smallest changeset: 10848:141fae8fb2e8 user: Wan-Teh Chang <wtc@google.com> date: Mon Sep 23 11:25:41 2013 -0700 summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org changeset: 10898:1b9c43d28713 user: Brian Smith <brian@briansmith.org> date: Thu Oct 31 15:40:42 2013 -0700 summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21nss: CVE-2014-1492Li Wang2
the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21subversion: fix for Security Advisory CVE-2013-4277Yue Tao4
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-21subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846Yue Tao2
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>