summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
Commit message (Collapse)AuthorAgeFilesLines
...
* libav: fix PACKAGECONFIG for theora and libvorbisMatthieu Crapet2014-07-291-2/+0
| | | | | | | | | | Switches must not be in EXTRA_OECONF anymore. (From OE-Core rev: 251a5cc8c940f54f058588977734fd0ede664c3c) Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-lib: remove non PN based -dev packagesJackie Huang2014-07-251-2/+1
| | | | | | | | | | All dev related items should be packaged in the core PN-dev package not in seperate packages. (From OE-Core rev: 9aa75f06e9e78602ad8e9a5ffa312f71057a90d7) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good: add missing dependency on libcapJackie Huang2014-07-251-1/+1
| | | | | | | | (From OE-Core rev: e1ac22b340a66e3da53182faf0d624db9ccbdee1) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-plugins-good: add missing dependency on libcapJackie Huang2014-07-251-1/+1
| | | | | | | | (From OE-Core rev: ad68fd0e73a549356741bb050c4343ebd4a1e2fb) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: add missing dependency on libcapJackie Huang2014-07-251-1/+1
| | | | | | | | (From OE-Core rev: 4f0a1fc6c324840459919b80a9c096efdd2bf5bd) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libomxil-0.9.3: Remove versioning for bellagio .so files.Drew Moseley2014-07-252-3/+43
| | | | | | | | | | | The so files installed under ${libdir}/bellagio are not versioned and should be installed without version-based symlinks so that omxregister-bellagio can properly find and register them. (From OE-Core rev: 3846b1ec782ba0cc64d389d03116743208e2383f) Signed-off-by: Drew Moseley <drew_moseley@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "libomxil-0.9.3: Remove versioning for .so files."Drew Moseley2014-07-252-80/+6
| | | | | | | | | | | The previous version of this fix was too aggressive and removed versioning from too many of the .so files in the libomxil package. This reverts commit 0ef3734c2f279bf463ba4d1aef5241cd4882d483. (From OE-Core rev: b76d254db92d9c08e8d5d41becb2e60178cebb33) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: Add CVE patchesYue Tao2014-07-2318-0/+917
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Advisory - ffmpeg - CVE-2013-0866 The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0866 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0875 The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0875 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0860 The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0860 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3934 Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3934 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3946 The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3946 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7023 The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7023 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7009 The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7009 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0855 Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0855 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-4351 Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4351 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0848 The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0848 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3944 The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3944 file://0001-huffyuvdec-check-width-more-completely-avoid-out-of-.patch \ gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7010 Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7010 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3941 The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bound write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3941 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0846 Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0846 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2012-6618 The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient frames to estimate rate. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6618 gst-ffmpeg: Security Advisory - ffmpeg - CVE-2012-6617 The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6617 (From OE-Core rev: 58f08a96764094189b5aaf3cc8b4cc0c95e23409) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: get caps from src pad when query caps in gsttagdemuxWang Zidan2014-07-232-0/+45
| | | | | | | (From OE-Core rev: b9a2aacfc0343d522cce9183dae15f1ae042b36d) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: do not change eos event to gap event if no data ↵Wang Zidan2014-07-232-0/+41
| | | | | | | | | has passed to streamsynchronizer. (From OE-Core rev: 8b85075e592e867e7ffba919b10fca150f6a62b0) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: pass rate of input segment to output segment in gstbaseparse.Wang Zidan2014-07-232-1/+35
| | | | | | | (From OE-Core rev: e25c5b228178f13b2f9e25b5bd423d5ef7b40765) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-libav: avoid using non-growable pool for videodecWang Zidan2014-07-232-1/+77
| | | | | | | | | Using growable pool with at least 32 buffers for decoders. (From OE-Core rev: 81ae7794ddbc7e2d97118092e0613249793214ef) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer: fix a bug for gstbaseparseWang Zidan2014-07-232-1/+35
| | | | | | | | | self-comparison will always evaluates to true. (From OE-Core rev: ecd6764843f1bb3a8eeb8580db9e22231ec3c94d) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-plugins-good: fix integer overrun for mulawdecWang Zidan2014-07-232-3/+51
| | | | | | | | | | There might be more than 65535 samples in a chunk of data, so use 32 bit integer instead of 16 bit. (From OE-Core rev: 60de6e5d9d3dec482256ea4db8837204ca3ba628) Signed-off-by: Wang Zidan <b50113@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-tools: Disable use of GTK+ when not using X11Otavio Salvador2014-07-211-3/+3
| | | | | | | | | | | | | | The GTK+3 does not provide support for DirectFB backend so we cannot enable GTK+ features of alsa-tools in this case; GTK+2 does not provide support for Wayland. This patch changes GTK+ support to be enabled only when X11 support is enabled. (From OE-Core rev: 3af5ed10f93de6def9342f710f3c6b94219a4c7e) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libomxil-0.9.3: Remove versioning for .so files.Drew Moseley2014-07-212-6/+80
| | | | | | | | | | | The so files installed by libomxil are not versioned and should be installed without version-based symlinks so that omxregister-bellagio can properly find and register them. (From OE-Core rev: aa99817ad02c153361b2707d6fc81c09e72f4b8f) Signed-off-by: Drew Moseley <drew_moseley@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libatomics-ops: Extend to nativesdkRichard Purdie2014-07-191-1/+1
| | | | | | (From OE-Core rev: df41a457eb467489ef57974cfa12db3a51d59ab1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libatomic-ops: Add BBCLASSEXTEND for native (to support bdwgc-native)Richard Purdie2014-07-171-0/+2
| | | | | | (From OE-Core rev: ebe518d6bb8af6b53805e554e4a61e6534cfb479) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flac: explicitly disable checking for nasmMing Liu2014-07-171-0/+1
| | | | | | | | | | Automatical checking for nasm program will lead flac to a implicit build result depending on nasm is built before or after it. (From OE-Core rev: 3db77bfb5f02dae841f24eba66ac5747bbe10b9f) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libmad: use "foreign" automake strictnessRoss Burton2014-07-162-0/+13
| | | | | | | | | | libmad doesn't want GNU-levels of automake strictness so tell it to be "foreign". (From OE-Core rev: 60da074fea280d8190e7439361712dcc86177f12) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libid3tag: use "foreign" automake strictnessRoss Burton2014-07-161-1/+2
| | | | | | | | | | libid3tag doesn't want GNU-levels of automake strictness so tell it to be "foreign". (From OE-Core rev: e1e2069f93885d09c920b1a2453fd822578d83e1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-omx: Use variables for CORE_NAME processing.Drew Moseley2014-07-161-2/+2
| | | | | | | | | | | Use the "libdir" and "sysconfdir" variables rather than hard-coding "/usr/lib" and "/etc". (From OE-Core rev: 1ae73bb41436bf7e97d83052fbe1541074b4a4ac) Signed-off-by: Drew Moseley <drew_moseley@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-utils-native: add missing dep for xmltoHongxu Jia2014-07-161-1/+1
| | | | | | | | | | | | | Add docbook-xml-dtd4-native and docbook-xsl-stylesheets-native to PACKAGECONFIG[xmlto]'s dep. [YOCTO #2416] (From OE-Core rev: f0ece09f7d32afa80383ed87158ec39d7c411a59) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-utils: add PACKAGECONFIG for xmltoHongxu Jia2014-07-101-1/+1
| | | | | | | | | | | | Support xmlto for documentation generation and disable it by default. [YOCTO #2416] (From OE-Core rev: 14f4a3e9458b967e74a4a39f6ce9a4672a6302cf) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libav: add PACKAGECONFIG for theora, libvorbis, speex and opensslMatthieu Crapet2014-07-031-8/+22
| | | | | | | | | | | | | | | | | | | | | Dropped libvorvis dependency because there is already a (better) builtin vorbis codec. Don't confuse codec names: "vorbis" (builtin) and "libvorbis" (using external library). Changes: - add --enable-nonfree when faac or openssl are used - add DESCRIPTION - sort PACKAGECONFIG entries Tested with libav-0.8.11 & libav-9.13. Note: Be sure to have a recent version of bitbake (2014-06-11 or better) including this: http://cgit.openembedded.org/bitbake/commit/?id=2e742c03e8dfdfa67899e7f5d579ed14bd87e139 It affects behavior of bb.utils.contains_any (From OE-Core rev: 62eede9de6fa1c76fa97ca5c6ba2d31309759b10) Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-openmax: Add missing pkgconfig inheritRichard Purdie2014-06-251-1/+1
| | | | | | (From OE-Core rev: 0f11090e566ae13fe76c4273655db320a87ba7ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Security Advisory - CVE-2012-4564Yue Tao2014-06-172-1/+101
| | | | | | | | | | | | | | | | | | | | v2 changes: * update format for commit log * add Upstream-Status for patch ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564 (From OE-Core rev: 9f02922d44de483ef4d02ce95b55efe79a8b09a2) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binconfig-disabled: Add class and useRichard Purdie2014-06-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | This adds a binconfig-disabled class which can be used by recipes where a -config file is installed but we wish to disable it and just rely on the .pc files instead. Rather than simply deleting it, we make the script "exit 1" so that it can be found in PATH and raise a build error rather than something silently falling back to the build system for example. Rather than randomly finding -config files, this adds in the specification of a list of binconfig scripts which is more deterministic and maintainable moving forward. This patch converts various users in OE-Core to use this, a world build of OE-Core tests out ok with this change. There will likely be issues in other layers however, hence this being a RFT. (From OE-Core rev: 5870bd272b0b077d0826fb900b251884c1c05061) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-tools: Add missing pkgconfg dependencyRichard Purdie2014-06-141-1/+1
| | | | | | (From OE-Core rev: 12bab2d828836c8926f753caff80b61dbe6390a5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-rtsp-server: depends on libcgroup and gstreamer1.0-plugins-baseRobert Yang2014-06-141-1/+1
| | | | | | | | | | | | | | | Otherwise may do_compile error: test-cgroups.c:43:23:: fatal error: libcgroup.h: No such file or directory and: configure: No package 'gstreamer-plugins-base-1.0' found (From OE-Core rev: bef49e8e8bf0a7f900f4ad44c2cbb6dec1d5d180) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-rtsp-server: Add recipe to support gst-rtsp-serverAlex J Lennon2014-06-062-0/+23
| | | | | | | | | | | | A Gstreamer library which provides an API to create an RTSP server (e.g. to stream RTP to VLC clients and similar). Tested, works with GStreamer 1.2.3 + videotestsrc based pipeline on RPi. (From OE-Core rev: 228736f2ffba6c2e06e72042a1fdf3fc0807f9b7) Signed-off-by: Alex J Lennon <ajlennon@dynamicdevices.co.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: Update SRCREV to match commit in upstream git repoKhem Raj2014-06-031-1/+1
| | | | | | | | | | | | | It seems that 585324fee380109acd9986388f857f413a60b896 is no longer there in git and it has been rewritten to ffc3ad4945da69f3caa2b40e4eed715a9a8d9526 Change-Id: I9ffe8bd9bcef0d2dc5e6f6d3a6e4317bada8f4be (From OE-Core rev: b193c7f251542aa76cb5a4d6dcb71d15b27005eb) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lame: Add missing DEPENDS on gettext-nativeRichard Purdie2014-06-031-1/+1
| | | | | | | | Without this, configure will fail due to a missing AM_ICONV macro. (From OE-Core rev: 36ace50aea4e47a0ddf9365a6dec1e0db0b31107) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Add missing pkgconfig class inheritsRichard Purdie2014-06-034-4/+4
| | | | | | | | | These recipes all use pkg-config in some way but were missing dependencies on the tool, this patch adds them. (From OE-Core rev: 2543b14dd0ca13005be0df027543431fc8e882ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libogg: upgrade to 1.3.2Cristian Iorga2014-06-011-3/+3
| | | | | | | | | - Switched to BP variable. (From OE-Core rev: 0697cf110a847ebb14809e92c7b98698026da8f7) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0849Yue Tao2014-05-212-0/+37
| | | | | | | | | | | | | | | | The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849 (From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0850Yue Tao2014-05-212-0/+30
| | | | | | | | | | | | | | | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850 (From OE-Core rev: 69f3f0f94f4fd224e5a6b275207adf0539d085c3) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0856Yue Tao2014-05-212-0/+31
| | | | | | | | | | | | | | | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856 (From OE-Core rev: 571ccce77859435ff8010785e11627b20d8b31f4) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0854Yue Tao2014-05-212-0/+33
| | | | | | | | | | | | | | | The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854 (From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0851Yue Tao2014-05-212-0/+30
| | | | | | | | | | | | | | | | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851 (From OE-Core rev: 8c9868d074f5d09022efc9419ee09eb805f68394) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0858Yue Tao2014-05-212-0/+38
| | | | | | | | | | | | | | | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858 (From OE-Core rev: 0ee8754c973f5eff3ba4d00319a5308888c12b17) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0852Yue Tao2014-05-212-0/+35
| | | | | | | | | | | | | | | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852 (From OE-Core rev: 37f9371b44bd914fdd64e4c4e4448a2908512203) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0845Yue Tao2014-05-212-0/+62
| | | | | | | | | | | | | | | libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845 (From OE-Core rev: cc6e2ee53c49206aa3377c512c3bd1de2e14a7b7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0868Yue Tao2014-05-213-0/+150
| | | | | | | | | | | | | | | | libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) len==0 cases. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868 (From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2099Yue Tao2014-05-212-0/+51
| | | | | | | | | | | | | | | | | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099 (From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0865Yue Tao2014-05-212-0/+52
| | | | | | | | | | | | | | | | The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865 (From OE-Core rev: 4a93fc0a63cedbebfdc9577e2f1deb3598fb5851) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2263Yue Tao2014-05-212-0/+70
| | | | | | | | | | | | | | | | The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263 (From OE-Core rev: 70bf8c8dea82e914a6dcf67aefb6386dbc7706cd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libav: upgrade 9.x version to 9.13Paul Eggleton2014-05-211-2/+2
| | | | | | | | (From OE-Core rev: 937a0da0861abb7656762b2a3fb69eb275dd4a9a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libav: upgrade 0.8.x version to 0.8.11Paul Eggleton2014-05-211-2/+2
| | | | | | | | (From OE-Core rev: 206f34ac0c0b65768ec2b553a0cb8b93fe7e5ae3) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for Security Advisory CVE-2013-4231Yue Tao2014-05-212-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 (From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>