[OE-core] [PATCH 02/33] cdrtools: upgrade to v3.00
Koen Kooi
koen at dominion.thruhere.net
Fri Apr 22 10:57:53 UTC 2011
Op 22 apr 2011, om 12:00 heeft Scott Garman het volgende geschreven:
> On 04/22/2011 12:24 AM, Saul Wold wrote:
>> From: Scott Garman<scott.a.garman at intel.com>
>>
>> * Addresses CVE-2003-0655
>> * Fixes [YOCTO #976]
>>
>> Note that the license has changed to the CDDL for most utilities.
>>
>> Note the following discussion of distribution issues with mixing GPL
>> and CDDL licenses:
>>
>> http://lwn.net/Articles/195167/
>>
>> This should not impact us at this is a -native recipe only.
>>
>> Recipe changes derived from OpenEmbedded.
>>
>> Signed-off-by: Scott Garman<scott.a.garman at intel.com>
>
> Please skip this patch - the CDDL is a weird license and may pose problems for us to distribute its sstate-cache.
>
> The problem reported in the CVE is in a particular utility within cdrtools that we don't need, so I'm going to resolve the security advisory by not packaging that file, and stick with the GPL version we were previously using.
In OE.dev we switched to cdrkit to get rid of the Schilly factor, maybe oe-core can do something similar.
regards,
Koen
More information about the Openembedded-core
mailing list