| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
https://github.com/uclouvain/openjpeg/commit/c58bc128b4f770e7c89bc8ba3d0273b9a3904aad
Reference:
https://github.com/uclouvain/openjpeg/pull/1547
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-56827:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56827]
[https://github.com/uclouvain/openjpeg/issues/1564]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-56826:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56826]
[https://github.com/uclouvain/openjpeg/issues/1563]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9962d57f7c235873de0a0bb192b5f56747762fc7)
Backport:
* Updated paths to follow PV changes
* Adapted modified recipes to the ones generating warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
| |
This CVE is patched in our version of openjpeg. The NVD database doesn't
include a version range this is why it's still reported.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2022-1122
The defect is undergoing reanalysis and there may be follow-up commits.
Ref:
* https://github.com/uclouvain/openjpeg/issues/1368
Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2021-29338
Ref:
* https://github.com/uclouvain/openjpeg/issues/1338
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-15389.patch
CVE-2020-6851.patch
CVE-2020-8112.patch
Removed since these are included in 2.4.0.
Fixed an error where openjpeg.h could not be found.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
Backport from github meta-xilinx-tools.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Mingde (Matthew) Zeng <matthew.zeng@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Backport from upstream to fix heap-based buffer overflow.
Upstream-Status: Backport
CVE: CVE-2020-8112
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch from upstream to fix heap-based buffer overflow
Upstream-Status: Backport
CVE: CVE-2020-6851
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Sakib Sajal <Sakib.Sajal@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
| |
The License of openjpeg is BSD-2-Clause.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrading fixes CVE-2018-21010 and incorporates other bug fixes
from upstream.
The source upgrade to 2.3.1 changed the way include directories are
identified, so the patch 0001-Ensure-cmake-files-are-installed-at-common-location.patch
is no longer needed to help poppler find cmake files.
The contents of /usr/lib/openjpeg-2.3 were added to the FILES
list since poppler needs them to build.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| ERROR: openjpeg-2.3.0-r0 do_package: QA Issue: openjpeg: Files/directories were installed but not shipped in any package:
| /usr/lib/libopenjp2.a
| /usr/lib/libopenjp2.so
| /usr/lib/libopenjp2.so.2.3.0
| /usr/lib/libopenjp2.so.7
| /usr/lib/cmake
| /usr/lib/pkgconfig
| /usr/lib/cmake/openjpeg-2.3
| /usr/lib/cmake/openjpeg-2.3/OpenJPEGConfig.cmake
| /usr/lib/cmake/openjpeg-2.3/OpenJPEGTargets.cmake
| /usr/lib/cmake/openjpeg-2.3/OpenJPEGTargets-noconfig.cmake
| /usr/lib/pkgconfig/libopenjp2.pc
* Addresses [1]
* Build tested with poppler in multilib and non-multilib environment
[1] https://github.com/openembedded/meta-openembedded/issues/103
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
| |
* Move *,cmake from ${libdir}/cmake to ${libdir}/cmake/<name-and-version>
That is standard location cmake files are installed.
* Do not export executables - they will not be found in dependant's sysroot
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
| |
* fetch by git to avoid github checksum surprises
* 0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch was applied upstream
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Reorder recipe variables according to:
https://www.openembedded.org/wiki/Styleguide
Originally-conceived-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cmake.bbclass in oe-core now ensures that ${libdir}/cmake and
${datadir}/cmake end up in the dev package, so recipes no longer need to
provide custom packaging rules to handles these files.
http://git.openembedded.org/openembedded-core/commit/?id=d91dc4666683a96e9d03cbbd21b8a546f9069c93
Originally-conceived-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
| |
Rename the download file to avoid collisions in DL_DIR.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As the package maintainer said, this is mostly a release with:
"the huge amount of critical bug fixes brought to the library since 2 years"
The full list of bugs fixed and other changes is here:
https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md
The homepage link was broken so that was fixed.
The project also moved to github and does not appear
to provide tarballs other than via github archives so
the SRC_URI was updated.
An explicit dependency on zlib was added even though cmake was finding
the sysroot version.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When MACHINE=qemux86-64 and enable multilib:
ERROR: QA Issue: openjpeg: Files/directories were installed but not
shipped in any package:
/usr/lib
/usr/lib/libopenjp2.so
/usr/lib/libopenjp2.so.2.1.0
/usr/lib/libopenjp2.so.7
/usr/lib/.debug
/usr/lib/pkgconfig
/usr/lib/.debug/libopenjp2.so.2.1.0
/usr/lib/pkgconfig/libopenjp2.pc
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. [installed-vs-shipped]
Pass the correct libdir configuration option to cmake.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|