Age | Commit message (Collapse) | Author | Files |
|
taglib appears to depend on boost if it finds it in the sysroot. Force
it not to do this. Someone with better cmake skills may be able to
do this in a neater way.
(From OE-Core rev: 2c6c6c98416e5a458a02106524b5aa10a4b71d60)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade guile to 2.0.11 version and remove unneeded patch since
it's included in new version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Upgrade byacc to 20140422 version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Upgrade flex to 2.5.39 version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code.
[YOCTO #6349]
Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Backport upstream patch for CUPS issue: STR #4402
[YOCTO #6325]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Upgrade quilt to 0.63 version and add perl-module-text-parsewords to
RDEPENDS of ptest.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Upgrade libpcre to 8.35 version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
changeset: 11063:709d4e597979
user: Kai Engert <kaie@kuix.de>
date: Wed Mar 05 18:38:55 2014 +0100
summary: Bug 903885, address requests to clarify comments from wtc
changeset: 11046:2ffa40a3ff55
tag: tip
user: Wan-Teh Chang <wtc@google.com>
date: Tue Feb 25 18:17:08 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie
changeset: 11045:15ea62260c21
user: Christian Heimes <sites@cheimes.de>
date: Mon Feb 24 17:50:25 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling, r=kaie
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with
world-readable permissions, which might allow local users to obtain
sensitive session information.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Apply the change "lttng-modules: Fix 3.14 bio tracepoints" to
2.3.3 as well as 2.4.0.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
mount.sh in udev-extraconf was modified to use /run/media instead
of /media. Unfortunately, our scripts in initrdscripts have some
dependency on the auto-mounting mechanism proviced by udev-extraconf.
So these scripts should also be fixed to use /run/media instead /media,
otherwise, our live image cannot work correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of using 'ls /dev/sd*' command to list block devices, we
should rather use 'cat /proc/partitions'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The error was introduced by the following commit.
acfe3014d41de5e87cdbc58d0396349c6b9c3ffd
udev-extraconf: update mount.sh to use /run/media instead of /media
It accidently replaced 'device/media' by 'device/run/media' which causes
error for live images to be unable to boot up correctly, complaining
"Cannot find rootfs.img in /media/*".
This patch fixes the above problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be just one warning thrown, instead of 3.
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Install the test suite for ptest. The test suite needs some fonts to be present
to depend on liberation-fonts.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/Makefile file,
install target wants to copy $(SRC)/../gplinclude to
$(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile
file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include
directory. We need to do com32/lib first.
The patch make com32/gpllib depends on com32/lib to fix this issue.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libusb added support for udev, but this causes a circular dependecny between
udev and libusb, so hardcode the disable here.
Also remove the patch that is no longer used.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gstreamer/lame does runtime detection to enable/disable things like SSE code.
Unfortunately it is broken and will try and use this even with i586
compiler flags. This change forces it back to the approach with gcc 4.8
by disabling the problematic headers.
Its suboptimal but less so that the proposed previous forced enabling of
SSE on x86 everywhere.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Commit "rt-tests: bump version 0.87 => 0.89" (SHA1 ID: 7996ca) erroneously
deleted several patch files which were still required for proper function
of the rt-tests recipe. These missing patches adversely affected builds
of the hwlatdetect and hackbench utilities as well as other components.
This commit restores the missing patches and allows the recipe to properly
generate all the components once more. hwlatdetect and hackbench are
built properly and the /usr/src/backfire directory is properly populated
on the target system.
Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This is the adaptation for the a bugfix upstream
The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
interfered with the upstream fix for
https://sourceforge.net/p/curl/bugs/1350/
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Kernel and initramfs built and tested on GCW Zero (jz4770)
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
License checksum changed only because copyright year changed; the actual
license text remains the same.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
* Add a brief subject mentioning what the patch is for
* Add Upstream-Status
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|