Age | Commit message (Collapse) | Author |
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patent on mp3 format due to expire, so remove LICENSE_FLAGS from
lame recipe.
Ref:
https://bugzilla.gnome.org/show_bug.cgi?id=774252
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Release notes:
http://lame.cvs.sourceforge.net/viewvc/lame/lame/doc/html/history.html?revision=1.154
Dropped patches that are included in the release:
- lame-3.99.5_fix_for_automake-1.12.x.patch
- CVE-2017-13712.patch
The CACHED_CONFIGUREVARS thing to disable SSE code on x86 isn't needed
anymore. The build system now correctly detects when SSE isn't
available.
Note for stable branch maintainers: This release includes several fixes
for bugs that have a CVE number associated with them. The bugs (or at
least most of them) are crashes that seem to be considered "remote DoS"
vulnerabilities, probably because it's easy to imagine lame being used
with untrusted audio files from remote sources. If you want to backport
"all sercurity fixes" to the stable brances, that task seems pretty
difficult. The release notes explicitly mention three CVE numbers, but
there are more: for example, OE had a fix for CVE-2017-13712, which is
not mentioned in the release notes but is fixed in the release. The
commit log doesn't keep any track of CVE numbers either. Maybe it would
be best to just upgrade lame to 3.100 also in the stable branches.
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|