From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
ro
From: Yue Tao
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE
From: Yue Tao
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.n
From: Yue Tao
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http:
From: Roy Li
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/subversion-1
http://git.pokylinux.org/cgit.cgi/poky-co
From: Yue Tao
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao
Signed-off-by: Roy Li
---
.../subversion/subversion-CVE-2013-1849.patch | 25
.../subversion/subversion_1.6.15.bb
ping
On 04/09/2014 05:44 PM, Chong Lu wrote:
There would be an error when the TMPDIR is long/deep, for example when
len(TMPDIR) = 410 while our supported longest value is 410:
aclocal: error: cannot open xxx
autoreconf: aclocal failed with exit status: 1
ERROR: autoreconf executi
Hello Saul,
On Thu, May 15, 2014 at 5:58 PM, Saul Wold wrote:
> Signed-off-by: Saul Wold
> ---
> .../{libusb1-1.0.9 => libusb1}/obsolete_automake_macros.patch | 0
> .../recipes-support/libusb/{libusb1_1.0.9.bb => libusb1_1.0.18.bb} | 7
> ++-
> 2 files changed, 2 insertions(+), 5 del
On Thu, May 15, 2014 at 7:05 PM, ChenQi wrote:
> On 05/15/2014 08:24 PM, Otavio Salvador wrote:
>>
>> On Wed, May 14, 2014 at 7:04 PM, Khem Raj wrote:
>>>
>>> On Wed, May 14, 2014 at 1:30 PM, Otavio Salvador
>>> wrote:
+ install -d ${D}${systemd_unitdir}/system
+ insta
From: Yue Tao
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
http://web.nvd.nist.gov/view/vuln/detail?vulnI
From: Yue Tao
The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850
Signed-off-by: Yue T
From: Yue Tao
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854
Signed-off-by: Yue Tao
Signed-off-by: Roy Li
--
From: Yue Tao
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856
Signed
From: Yue Tao
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851
Sig
From: Yue Tao
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858
Sign
From: Yue Tao
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845
Signed-off-by: Yue Tao
Signed-off-by: Roy Li
---
...
From: Yue Tao
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852
Signed-off-by:
From: Yue Tao
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.
http://web.nvd.nist.gov/view/vuln/detail?
From: Yue Tao
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data
From: Yue Tao
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.
http://web.nv
From: Yue Tao
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?
From: Roy Li
Diff with V1: use ffmpeg as prefix of commit header
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/ff
On 05/15/2014 08:24 PM, Otavio Salvador wrote:
On Wed, May 14, 2014 at 7:04 PM, Khem Raj wrote:
On Wed, May 14, 2014 at 1:30 PM, Otavio Salvador
wrote:
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/tcf-agent.service
${D}${systemd_unitdir}/system
+
Max,
we has a failure on the Autobuilder when attempting to build the world
build.
This has some texinfo related failures, please check them out.
https://autobuilder.yoctoproject.org/main/builders/nightly-world/builds/95/steps/BuildImages/logs/stdio
Thanks
Sau!
On 05/14/2014 02:35 PM, Max
Richard,
This is a subset of patches pending, these have been through
the Autobuilder and some local testing.
Sau!
The following changes since commit 58417093d7ce83c8a2f683a356fddc23aaee5e8e:
wic: Extend indirect string connection to support image names and rootfs
(2014-05-13 19:35:06 +010
Sure, I could do that. My understanding of the convention was that there was
one directory per upstream project, and all the different recipes in that
directory implemented different targets or versions of that upstream project--
is that not correct?
-Max
___
On Thu, May 15, 2014 at 5:51 AM, Paul Eggleton
wrote:
> Hi Roy,
>
> On Thursday 15 May 2014 10:03:50 rongqing...@windriver.com wrote:
>> From: Roy Li
>>
>> The following changes since commit 58417093d7ce83c8a2f683a356fddc23aaee5e8e:
>>
>> wic: Extend indirect string connection to support image
On Mon, May 5, 2014 at 4:45 PM, Tudor Florea wrote:
> This is the adaptation for the a bugfix upstream
> The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
> interfered with the upstream fix for
> https://sourceforge.net/p/curl/bugs/1350/
>
> Signed-off-by: Tudor Florea
Signed-off-by: Saul Wold
---
.../{libusb1-1.0.9 => libusb1}/obsolete_automake_macros.patch | 0
.../recipes-support/libusb/{libusb1_1.0.9.bb => libusb1_1.0.18.bb} | 7 ++-
2 files changed, 2 insertions(+), 5 deletions(-)
rename meta/recipes-support/libusb/{libusb1-1.0.9 =>
libusb1}/obs
On 05/15/2014 05:07 PM, Martin Jansa wrote:
On Thu, May 15, 2014 at 04:25:50PM +0300, Valentin Popa wrote:
On 05/15/2014 02:13 PM, Martin Jansa wrote:
On Tue, May 06, 2014 at 05:01:05PM +, g...@git.openembedded.org wrote:
Module: openembedded-core.git
Branch: master
Commit: e0e5eaee72e49c0
On 05/14/2014 02:36 PM, Max Eliaser wrote:
More work toward eliminating the dependency on the host system's Texinfo--
Python scripts that understand the same command-line options as the Texinfo
utilities, and create blank output files if appropriate, but don't actually
do any of the work done by
There should be just one warning thrown, instead of 3.
Signed-off-by: Cristiana Voicu
---
.../packagegroups/packagegroup-core-lsb.bb |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb
b/meta/recipes-e
On Thu, May 15, 2014 at 04:25:50PM +0300, Valentin Popa wrote:
> On 05/15/2014 02:13 PM, Martin Jansa wrote:
> > On Tue, May 06, 2014 at 05:01:05PM +, g...@git.openembedded.org wrote:
> >> Module: openembedded-core.git
> >> Branch: master
> >> Commit: e0e5eaee72e49c01e76d56cd03fbfb3e20febbb0
>
Install the test suite for ptest. The test suite needs some fonts to be present
to depend on liberation-fonts.
Signed-off-by: Ross Burton
---
meta/recipes-graphics/pango/pango.inc| 21 +++--
meta/recipes-graphics/pango/pango/no-tests.patch | 15 ---
m
On 05/15/2014 02:13 PM, Martin Jansa wrote:
On Tue, May 06, 2014 at 05:01:05PM +, g...@git.openembedded.org wrote:
Module: openembedded-core.git
Branch: master
Commit: e0e5eaee72e49c01e76d56cd03fbfb3e20febbb0
URL:
http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=e0e5eaee72
On 05/15/2014 01:40 PM, Chen Qi wrote:
The purpose of this patchset is to make our live image work correctly after the
following commit.
commit acfe3014d41de5e87cdbc58d0396349c6b9c3ffd
udev-extraconf: update mount.sh to use /run/media instead of /media
These patches are tested against
This build still contains huge patch setting B = S or inherit for
autotools-brokensep for all recipes which were failing in earlier
master builds.
abiword, libssh broken by libgcrypt upgrade (possible fix for libssh was sent
to ML today)
firefox broken by freetype upgrade (possible fix for harfbu
On Wed, May 14, 2014 at 7:04 PM, Khem Raj wrote:
> On Wed, May 14, 2014 at 1:30 PM, Otavio Salvador
> wrote:
>> + install -d ${D}${systemd_unitdir}/system
>> + install -m 0644 ${WORKDIR}/tcf-agent.service
>> ${D}${systemd_unitdir}/system
>> + sed -i -e 's,@SBINDIR@,${sbindir},g
Signed-off-by: Martin Jansa
---
meta/recipes-kernel/lttng/lttng-modules_2.3.3.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.3.3.bb
b/meta/recipes-kernel/lttng/lttng-modules_2.3.3.bb
index dd06546..4f18ddc 100644
--- a/meta/reci
On Mon, May 12, 2014 at 01:34:54PM +0200, Martin Jansa wrote:
> From: Khem Raj
>
> Update the structure to work with immutable bio_vecs
Please don't merge this patch to daisy, there is different one already!
It's actually master which should be updated with patch from daisy:
http://lists.openem
* forward port this patch from daisy:
commit c11b29ff4f24af0445c3c6a694b8dc2037dcd7e4
Author: Tom Zanussi
Date: Thu Mar 6 22:26:20 2014 -0600
lttng-modules: Fix 3.14 bio tracepoints
* how is it possible that it's in daisy but not in master?
Signed-off-by: Martin Jansa
---
.../lttn
On Tue, May 06, 2014 at 05:01:05PM +, g...@git.openembedded.org wrote:
> Module: openembedded-core.git
> Branch: master
> Commit: e0e5eaee72e49c01e76d56cd03fbfb3e20febbb0
> URL:
> http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=e0e5eaee72e49c01e76d56cd03fbfb3e20febbb0
>
> A
The error was introduced by the following commit.
acfe3014d41de5e87cdbc58d0396349c6b9c3ffd
udev-extraconf: update mount.sh to use /run/media instead of /media
It accidently replaced 'device/media' by 'device/run/media' which causes
error for live images to be unable to boot up correctly, comp
Instead of using 'ls /dev/sd*' command to list block devices, we
should rather use 'cat /proc/partitions'.
Signed-off-by: Chen Qi
---
meta/recipes-core/initrdscripts/files/init-live.sh |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/initrdscripts/files/in
The purpose of this patchset is to make our live image work correctly after the
following commit.
commit acfe3014d41de5e87cdbc58d0396349c6b9c3ffd
udev-extraconf: update mount.sh to use /run/media instead of /media
These patches are tested against the core-image-minimal iso image for both
mount.sh in udev-extraconf was modified to use /run/media instead
of /media. Unfortunately, our scripts in initrdscripts have some
dependency on the auto-mounting mechanism proviced by udev-extraconf.
So these scripts should also be fixed to use /run/media instead /media,
otherwise, our live image
On 05/05/2014 04:39, "David Nyström" wrote:
>How do I trace a buggy package
>installed on my target rootfs, back to an item in the locked sstate?
FWIW, you should be able to do that with Toaster, as long as you know
which one is the buggy package :) With Toaster you can navigate the build
proces
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/M
The following changes since commit d6900a5fe7670cb4514969d60e0ca65372121c87:
wic: Extend indirect string connection to support image names and rootfs
(2014-05-13 19:35:11 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib chonglu/syslinux
http://git.pokyli
Hi Roy,
On Thursday 15 May 2014 10:03:50 rongqing...@windriver.com wrote:
> From: Roy Li
>
> The following changes since commit 58417093d7ce83c8a2f683a356fddc23aaee5e8e:
>
> wic: Extend indirect string connection to support image names and rootfs
> (2014-05-13 19:35:06 +0100)
>
> are availab
51 matches
Mail list logo
