| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 04-hardening-cppflags.patch | pass CPPFLAGS (hardening) | gregor herrmann <gregoa@debian.org> | no | vendor | 2022-12-01 | |
| 10-fix-CVE-2020-14940.patch | fix CVE-2020-14940 see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14940 https://sourceforge.net/p/tuxguitar/bugs/126/ https://bugzilla.opensuse.org/show_bug.cgi?id=1173633 https://logicaltrust.net/blog/2020/06/tuxguitar.html https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html Issue could be reproduced on Linux before the fix, as described by sourceforge page listed above Not all TuxGuitar files mentioned in this page have been modified, as some of them do not parse input xml files. Then they should not be concerned by vulnerability: - TuxGuitar-musicxml/src/org/herac/tuxguitar/io/musicxml/MusicXMLWriter.java - TuxGuitar/src/org/herac/tuxguitar/app/system/keybindings/xml/KeyBindingWriter.java - TuxGuitar/src/org/herac/tuxguitar/app/tools/browser/xml/TGBrowserWriter.java activate it, and ignore if it fails (or else Android version can no more open .gp and .gpx files) also (independent from CVE): |
guiv42 <129443524+guiv42@users.noreply.github.com> | no | https://github.com/helge17/tuxguitar/commit/bcaa280e93b0d67dc6f903b6e23a051a7894ba0c | 2023-10-10 | |
| 11-eclipse-swt.patch | Use Debian's Eclipse SWT | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2022-12-01 | |
| 12-remove-thirth-party-libs.patch | Don't build libs already in Debian | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2022-12-01 | |
| 13-remove-vst.patch | Do not build non-free VST plugin | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2022-12-01 | |
| 14-replace-soundfont.patch | Replace MagicSFver2.sf2 with FluidR3_GM.sf2 | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2023-01-14 | |
| 15-path-to-lv2.patch | Fix path to tuxguitar-synth-lv2.bin | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2022-12-01 | |
| 16-fix-cflags.patch | Add -g flag for debugging symbols needed in dbgsym packages Remove -m64 to build on different architectures | Helmar Gerloni <helmar@gerloni.net> | no | vendor | 2022-12-10 |