| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.
(From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
(From OE-Core rev: 2b6391599a621e59d48da213f18bbef9b44bec58)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit incorporates changes in following master branch commits:
f3479f74c9 libyaml: Amend CVE status as 'upstream-wontfix'
3ebb2ca832 libyaml: Change CVE status to wontfix
56b6b35626 libyaml: Update status of CVE-2024-35328
which mitigate the following warning with cve-check.bbclass:
WARNING: libyaml-native-0.2.5-r0 do_cve_check: Found unpatched CVE (CVE-2024-35328), for more information check .../tmp/work/x86_64-linux/libyaml-native/0.2.5/temp/cve.log
(From OE-Core rev: a88c83ba93346b62c2a360ab71bacc57585fec60)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Helps building static tools which depend on libyaml during build or
shipped with SDK
libyaml is MIT licensed so static linking would not be as prohibitive
(From OE-Core rev: 1c2be08fc66c09ed7547eda172da4c99e8563091)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: b574c04a26ab49ee0588e37606dd100a939a90a9)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
-License-Update: file name changed from LICENSE to License.
Copyright year updated to 2020.
(From OE-Core rev: 93cd242d3d75492cd67adb59f297505851919eae)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Change all recipes to https where we get an http 301 permanent redirect.
(From OE-Core rev: e514acda9e12bccde6d3974e0fd1a37b3837191a)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Upstream appear to have regenerated the tarball, the new one is the same except the
directory name changed from libyaml to yaml. Adapt to this.
(From OE-Core rev: 9ab05b6ec860078df37c4ea68267ecffaa0ce38c)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
LICENSE checksum was changed due to copyright year change.
(From OE-Core rev: edc7f213ae3f976d367734cde5a1b2ee929b70ac)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
License changed due to copyright dates being added.
(From OE-Core rev: 079df0021b0819f4b88e20ac8f3350a0f153c6bc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 3694176e13442068acfe54b7165d5f828190fe08)
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Drop backported libyaml-CVE-2014-9130.patch
(From OE-Core rev: 2dfdf483e9de5bcb24149f619b0c7fc466221204)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.
This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.
(From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libyaml is a dependency of ruby
(From OE-Core rev: 9c8679acb6e611d2fa6e51299b856394da9ea98d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|