CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-12678
Patch from:
eb9ded1206
(From OE-Core rev: 24ac12ecb19efc7c131c9711ba32e298ba860eb7)
(From OE-Core rev: bb90e08fbcbc7c60731aacdc4b82163507d9afdc)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Forcibly disable Boost as the macros it looks for are also present in our C++
standard library.
Enable c++11 in cmake as well as in CXXFLAGS [Khem Raj]
CXXFLAGS is required due to a cmake bug where it does not honor CMAKE_CXX_FLAGS
during configure time checks [Khem Raj]
(From OE-Core rev: 6a56ff7885f43abdb3b9bfeb733be6fee1de237c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The previous fix for this issue was incomplete. We also need to change
the source file to avoid this error. Grepping the build directory for boost
will show the issue when building taglib after boost has been built.
(From OE-Core rev: 779f92454218ae3758f0768763df3b183a6c724a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Given that bitbake.conf sets the default values:
BP = "${BPN}-${PV}"
S = "${WORKDIR}/${BP}"
there are a number of recipes that set the variable S completely
superfluously, so get rid of them.
(From OE-Core rev: ebe8578df3f162045086cd60a129eb7ac3eacf4c)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
(From OE-Core rev: 5870bd272b0b077d0826fb900b251884c1c05061)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
taglib appears to depend on boost if it finds it in the sysroot. Force
it not to do this. Someone with better cmake skills may be able to
do this in a neater way.
(From OE-Core rev: 2c6c6c98416e5a458a02106524b5aa10a4b71d60)
(From OE-Core rev: 87fd1d7331f6f64a9037d97672dbe66d93f276de)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
(From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* without target zlib it tries to use native one:
| /OE/sysroots/x86_64-linux/usr/lib/libz.so: could not read symbols: File in wrong format
| collect2: error: ld returned 1 exit status
| make[2]: *** [taglib/libtag.so.1.12.0] Error 1
(From OE-Core rev: 663564d14b09073765e2c4657f1e6c94dab6a365)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patches not needed anymore - they switched to cmake.
LGPL license was replaced with the actual LGPL 2.1 file.
License section in audioproperties.h file was modified as it includes the
new address of Free Software Foundation.
libtag static library is not built by default anymore and if cmake is
instructed to build static library than shared library is deactivated.
So actually this is a switch now.
(From OE-Core rev: 312efe73dad8a9baf32578bd11a1654219d759df)
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a couple common typoes, all contained within comments so there
should be no effect on functionality.
(From OE-Core rev: dc52c3cbf3a7b7242d53019f7643495eb40c0566)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some place pnum=1 is used which is removed as well since
striplevel=1 is default
(From OE-Core rev: 4e108857e0d40105f7ecbc55e99bd6c367bb7386)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I've cleaned up some odd license fields, fixed some license
names and corrected some incorrect licenses. LICENSE really needs
a pass through by the maintainers as some of the licensing is
incorrect.
Also, every license with Artistic should be gone through and noted as
which version of Artistic.
(From OE-Core rev: 4786ecdf7cd427089464dcb62579110d494e7cd7)
Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
hostap: add upstream status for hostap-fw-load.patch
lrzsz: add upstream status for lrzsz's patches
bluez: add upstream status for bluez's patches
bluez-dtl1-workaround: add upstream status for COPYING.patch
libgsmd: add upstream status for gsm's patches.
gypsy: add upstream status for gypsy's patch
libpcap: add upstream status for libpcap's patches
ppp: add upstream status for ppp's patches
libtelepathy: add upstream status for libtelepathy's patches
telepathy-python: add upstream status for telepahty-python's patches
wireless-tools: add upstream status for wireless-tools's patches
wpa-supplicant: add upstream status for wpa-supplicant
zeroconf: add upstream status for zeroconf's patch
glibc: add upstream status for glibc's patches
dpkg: add upstream status for dpkg's patches
makedevs: add upstream status for makedevs's patch
opkg: add upstream status for opkg's patches
opkg-utils: add upstream status for opkg-utils's patch
minicom: add upstream status for minicom patches
rpcbind: add upstream status for rpcbind's patch
which: add upstream status for which's patch
clutter-gst: add upstream status for clutter-gst's patches
flac: add upstream status for flac's patches
gst-ffmpeg: add upstream status for gst-ffmpeg's patch
liba52: add upstream status for liba52's patch
libid3tag: add upstream status for libid3tag
libmusicbrainz: add upstream status for libmusicbrainz's patch
pulseaudio: add upstream status for pulseaudio patches
db: add upstream status for db's patch
neon: add upstream status for neon's patch
taglib: add upstream status for taglib's patches
libetpan: add upstream status for libetpan's patch
libopensync: add upstream status for libopensync's patches
libopensync-plugin-evolution2: add upstream status for its patch
libopensync-plugin-syncml: add upstream status for its patch
libsyncml: add upstream status for libsyncml's patch
empathy: add upstream status for empathy's patch
wv: add upstream status for wv's patch
xournal: add upstream status for xournal's patch
(From OE-Core rev: 0f9f0518ac46c2f2beb0224e881ff136f1603d33)
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao
Joshua Lock
Ross Burton
Andreas Müller
Alexander Kanavin
Richard Purdie
Robert P. J. Day
Cristian Iorga
Paul Eggleton
Martin Jansa
Constantin Musca
Andrei Gherzan
Saul Wold
Khem Raj
Beth Flanagan
Dongxiao Xu
Saul Wold