summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
Commit message (Collapse)AuthorAgeFilesLines
* tiff: Security fix for CVE-2017-7602Rajkumar Veer2017-11-212-0/+70
| | | | | | | | (From OE-Core rev: 12325a8ebb5cab1837a6f6092eaa623a1a784eb6) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7601Rajkumar Veer2017-11-212-0/+53
| | | | | | | | (From OE-Core rev: ade8551d6a6810e87e83af72ea217aeca55c65c4) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7598Rajkumar Veer2017-11-212-0/+66
| | | | | | | | (From OE-Core rev: 7e367796d4bf97e299ee966b120f924de0f2bb04) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7596Rajkumar Veer2017-11-212-0/+309
| | | | | | | | (From OE-Core rev: 94daee02cad9930d4ada648fd4bfdb63510643c0) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7595Rajkumar Veer2017-11-212-0/+49
| | | | | | | | (From OE-Core rev: 6536bfecb13b06765fdf6cb6fd70ce64f9077b8e) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7594Rajkumar Veer2017-11-213-0/+95
| | | | | | | | (From OE-Core rev: 7bdb52d06a46ad659fc85db1992f9c6ab2fcf065) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2017-7592Rajkumar Veer2017-11-212-1/+42
| | | | | | | | (From OE-Core rev: 75e953388fa1973cdbd0897894a3e5398de16a10) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2016-10270Rajkumar Veer2017-11-212-0/+135
| | | | | | | | (From OE-Core rev: eeb7197d85435ec73be8b77accc0feea7e1536bb) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2016-10269Rajkumar Veer2017-11-212-0/+132
| | | | | | | | (From OE-Core rev: 46504a224a9f33f1f8752bbcd51a285d19920524) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-10267Rajkumar Veer2017-11-212-0/+71
| | | | | | | | (From OE-Core rev: 87aebc2b02131d2fce0621faf399916c4789c293) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-10266Rajkumar Veer2017-11-212-0/+61
| | | | | | | | (From OE-Core rev: 3a604aa5cb0d35a9df10a5b958eb4a871de76c26) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-10268Rajkumar Veer2017-11-212-0/+31
| | | | | | | | (From OE-Core rev: 24b62c84102116e6531babc68d8d2fb33e3f2d5c) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Secruity fix CVE-2016-10093Rajkumar Veer2017-11-212-0/+48
| | | | | | | | (From OE-Core rev: 6e39b24d003fb4e702097a01142fcfe2861593dd) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2016-10271Rajkumar Veer2017-11-212-0/+31
| | | | | | | | (From OE-Core rev: 8fb9a143e93de5a2de4b7d5fe2712c29d7ca4263) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fixesYi Zhao2017-11-215-0/+395
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix CVE-2017-9147, CVE-2017-9936, CVE-2017-10668, CVE-2017-11335 References: https://nvd.nist.gov/vuln/detail/CVE-2017-9147 https://nvd.nist.gov/vuln/detail/CVE-2017-9936 https://nvd.nist.gov/vuln/detail/CVE-2017-10668 https://nvd.nist.gov/vuln/detail/CVE-2017-11335 Patches from: CVE-2017-9147: https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 CVE-2017-9936: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a CVE-2017-10688: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 CVE-2017-11355: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556 (From OE-Core rev: 5c89539edb17d01ffe82a1b2e7d092816003ecf3) (From OE-Core rev: eaf72d105bed54e332e2e5c0c5c0a0087ecd91dd) (From OE-Core rev: dc7573cd330d1fc2e4bd50c1ba171906e1d5d5c0) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> minor fixes to get to apply Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Security Advisory - libtiff - CVE-2017-5225Li Zhou2017-11-212-0/+93
| | | | | | | | | | | | | | | | | | Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. Porting patch from <https://github.com/vadz/libtiff/commit/ 5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225. (From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f) (From OE-Core rev: d26ea3b9b698fcb059aaa34c2408e3b95ca4f31d) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: use SourceForge mirrorRoss Burton2017-10-101-2/+4
| | | | | | | | | | | | | | | | | | | | The Gentoo mirror also deletes old versions when they're not used, so revert back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to handle new releases moving the version we want. Original idea by Maxin B. John <maxin.john@intel.com>. (From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6) (From OE-Core rev: 16af873638830477a435574f1fedc643af2e2661) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Hand applied to work with morty version Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: Update to 4.0.7Armin Kuster2017-01-1120-2221/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes: The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos. CVEs fixed: CVE-2016-9297 CVE-2016-9448 CVE-2016-9273 CVE-2014-8127 CVE-2016-3658 CVE-2016-5875 CVE-2016-5652 CVE-2016-3632 plus more that are not identified in the changelog. removed patches integrated into update. more info: http://libtiff.maptools.org/v4.0.7.html (From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed) (From OE-Core rev: 009b330591b27bd14d4c8ceb767c78fd7eb924fd) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: set CVE_PRODUCTRoss Burton2017-01-111-1/+1
| | | | | | | | | | | | | This is 'libtiff' in NVD. (From OE-Core rev: 0c8d1523f3ad0ada2d1b8f9abffbc2b898a744ca) (From OE-Core rev: e89a617a64e25036b4f172692c7a461b5291cabb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Fix several CVE issuesMingli Yu2017-01-112-0/+282
| | | | | | | | | | | | | | | | | | | | | | | | Fix CVE-2016-9533, CVE-2016-9534, CVE-2016-9536 and CVE-2016-9537 External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9533 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9534 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9537 Patch from: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f (From OE-Core rev: f75ecefee21ef89b147fff9afae01a6f09c93198) (From OE-Core rev: 48d672e514d730ddda14f25f19f09c6d865a6526) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-9538Mingli Yu2017-01-112-0/+68
| | | | | | | | | | | | | | | | | | | | | * tools/tiffcrop.c: fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16 overflow. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9538 Patch from: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f (From OE-Core rev: 9af5d5ea882c853e4cb15006f990d3814eeea9ae) (From OE-Core rev: 33cad1173f6d1b803b794a2ec57fe8a9ef19fb44) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-9535Mingli Yu2017-01-113-0/+492
| | | | | | | | | | | | | | | | | | | | | | | | * libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) (From OE-Core rev: d55b4470c20f4a4b73b1e6f148a45d94649dfdb5) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: set CVE NAMERoss Burton2017-01-111-0/+2
| | | | | | | | (From OE-Core rev: a28dc4cf7a8f67444f2f88248966478e385491d2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-9539Zhixiong Chi2017-01-112-0/+61
| | | | | | | | | | | | | | | | | | | | | tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9539 Patch from: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 (From OE-Core rev: 58bf0a237ca28459eb8c3afa030c0054f5bc1f16) (From OE-Core rev: 0933a11707a369c8eaefebd31e8eea634084d66e) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-9540Zhixiong Chi2017-01-112-0/+61
| | | | | | | | | | | | | | | | | | | | | | tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9540 Patch from: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 (From OE-Core rev: cc97dc66006c7892473e3b4790d05e12445bb927) (From OE-Core rev: ad2c4710ef15c35f6dd4e7642efbceb2cbf81736) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3632Yi Zhao2017-01-112-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632 http://bugzilla.maptools.org/show_bug.cgi?id=2549 https://bugzilla.redhat.com/show_bug.cgi?id=1325095 The patch is from RHEL7. (From OE-Core rev: 9206c86239717718be840a32724fd1c190929370) (From OE-Core rev: 0c6928f4129e5b1e24fa2d42279353e9d15d39f0) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3658Zhixiong Chi2017-01-112-0/+112
| | | | | | | | | | | | | | | | | | | | | | | The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658 http://bugzilla.maptools.org/show_bug.cgi?id=2546 Patch from: https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d (From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a) (From OE-Core rev: cc266584158c8dfc8583d21534665b6152a4f7ee) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3622Yi Zhao2016-11-162-0/+130
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622 http://www.openwall.com/lists/oss-security/2016/04/07/4 Patch from: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 (From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb) (From OE-Core rev: 928eadf8442cf87fb2d4159602bd732336d74bb7) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3623Yi Zhao2016-11-162-0/+53
| | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623 http://bugzilla.maptools.org/show_bug.cgi?id=2569 Patch from: https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b (From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9) (From OE-Core rev: f0e77ffa6bbc3adc61a2abd5dbc9228e830c055d) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3991Yi Zhao2016-11-162-0/+148
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991 http://bugzilla.maptools.org/show_bug.cgi?id=2543 Patch from: https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba (From OE-Core rev: d31267438a654ecb396aefced201f52164171055) (From OE-Core rev: cf58711f12425fc1c29ed1e3bf3919b3452aa2b2) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3990Yi Zhao2016-11-162-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3990 libtiff: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990 http://bugzilla.maptools.org/show_bug.cgi?id=2544 Patch from: https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 (From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62) (From OE-Core rev: d7165cd738ac181fb29d2425e360f2734b0d1107) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3945Yi Zhao2016-11-162-0/+119
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3945 libtiff: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945 http://bugzilla.maptools.org/show_bug.cgi?id=2545 Patch from: https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6 (From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131) (From OE-Core rev: 3a4d2618c50aed282af335ef213c5bc0c9f0534e) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-lib: allow building ARM thumb againAndreas Müller2016-10-051-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The directive mentioned in the comment was removed in: commit 326c6802e49e5499e16cf141e1cdb0360fce14aa Author: Riku Voipio <riku.voipio@linaro.org> Date: Fri Feb 7 15:38:58 2014 +0200 alsa-lib: heavy pcm atomics cleanup The following patch comes from the realization that at least ARM code for atomics is quite broken and nobody has cared for a decade. A quick dive shows that only snd_atomic_{read,write}_{begin,end} appear to be used widely. These are implemented using wmb/rmb. Only other use of atomic functions is in pcm_meter.c. The #SND_PCM_TYPE_METER plugin type appears rarely, if ever, used. I presume these days anyone who wants a meter/scope will do in pulseaudio layer instead of alsa. It would seem better fit to have pcm_meter in alsa-plugins instead of alsa-lib, but I guess that would be an ABI break... So instead, I'm proposing here 1. Removal of all hand-crafted atomics from iatomic.h apart from barriers, which are used in snd_atomic_{read,write}_{begin,end}. 2. Using __sync_synchronize as the default fallback for barriers. This has been available since gcc 4.1, so it shouldn't be a problem. 3. Defining the few atomics used by pcm_meter.c withing pcm_meter.c itself, using gcc atomic builtins[1]. 4. Since gcc atomic builtins are available only since gcc 4.7, add a check for that in gcc configure.in, and don't build pcm meter plugin if using older gcc. The last point has the impact, that if there actually is someone who 1) uses the meter plugin 2) wants to upgrade to 2014 alsa-lib 3) but does not want to use a 2012+ gcc - that someone will be inconvenienced. Finally remove the unneeded configure check for cpu type. We can trust the gcc to set right flags for us. [1] http://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html Signed-off-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> (From OE-Core rev: dd442652afef1f83fc6c9651976cd3ba28c83c85) Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "gst-player: Disable visualizations"Jussi Kukkonen2016-10-052-37/+0
| | | | | | | | | | | | This reverts oe-core commit b79d1bf49b56a97216fb719ac19e4dd9022f15b4. Now that xf86-video-intel is upgraded, visualizations can be enabled by default. (From OE-Core rev: c0a22a8d3e5d44ae3fba14a52582d39cfc600318) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: Disable visualizationsMaxin B. John2016-09-282-0/+37
| | | | | | | | | | | | | On some machines, visualizations in gst-player trigger a bug in xvimagesink. Till we have a proper fix, disable the visualization rather than downgrading the xvimagesink. Fixes [YOCTO #10041] (From OE-Core rev: b79d1bf49b56a97216fb719ac19e4dd9022f15b4) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-libav: Add 'valgrind' config optionOtavio Salvador2016-09-231-0/+1
| | | | | | | | | | | | | | | This fixes following error: ,---- | src/libavutil/log.c:51:31: fatal error: valgrind/valgrind.h: No such file or directory | #include <valgrind/valgrind.h> `---- (From OE-Core rev: 262f8180c9037b7e82efe08ce3bb1880fee22ea8) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: add textrel to INSANE_SKIPFahad Usman2016-09-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Tried by adding CFLAGS_append = " -fpic " to the recipe. But that couldn't help resolve the warning message: x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel] It was found that this warning is emitted because of the assembly files in the source code. And it is not easy to get rid of TEXTREL's which are coming from the assembly source files. Adding textrel to INSANE_SKIP resolves this issue. This issue was observed in cyclone5 and imx6qsabresd BSP's. So generalizing the patch. (From OE-Core rev: 9470e0911838a6f5a23f01c6944906b69aa1317a) Signed-off-by: Fahad Usman <fahad_usman@mentor.com> Signed-off-by: Sujith Haridasan <Sujith_Haridasan@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: add ${S}/LICENSE to LIC_FILES_CHKSUMRoss Burton2016-09-161-1/+2
| | | | | | | | | | The LICENSE file describes how the various pieces are licensed, so add it to the checksum so we notice when it changes. (From OE-Core rev: 3309007b423654c1b021d85205f81e68cbd84475) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: specify PVMarkus Lehtonen2016-09-141-0/+1
| | | | | | | | | | | Define PV in order to avoid package version being plain "git". Use the version number found from configure.ac plus the git revision. (From OE-Core rev: 9d4734412c45ef80195707900b1dfdf843f43228) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good.inc: Fix libv4l2 packageconfig dependencyCarlos Rafael Giani2016-09-141-1/+1
| | | | | | | | (From OE-Core rev: 58d6cd369a3316a6ba313a2f1982bde5d47c0608) Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: Fix packageconfigs and patchesCarlos Rafael Giani2016-09-145-63/+51
| | | | | | | | | | | | | | | | | | | | This reintroduces fixes and changes which were introduced in the original gstreamer1.0-plugins-bad 1.8.1 upgrade commit. * packageconfigs changed since GStreamer 1.6.3 (they often do between minor version increases like 1.6 -> 1.8) * hls,tinyalsa packageconfigs moved into the .inc file * vulkan packageconfig dropped since there are no vulkan libraries in OE (libxcb alone is not enough) * reintroduced glimagesink downrank patch (it was removed because it was dangling before) * fixed patch line numbers (From OE-Core rev: ca3f9fbe21407685ed09c60bc4b991b5c6b448f4) Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-omx: inherit upstream-version-is-evenMaxin B. John2016-09-141-1/+1
| | | | | | | | | | | Since gstreamer1.0-omx follows the GStreamer versioning style, inherit upstream-version-is-even for checking the upstream version of the package. (From OE-Core rev: d4c40d7fed89435dcf6c883343adeff37153f19e) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Update download URLJussi Kukkonen2016-09-141-2/+1
| | | | | | | | | | | | remotesensing.org domain has been taken over by someone unrelated. There does not seem to be an up-to-date tiff homepage, but osgeo.org is a reliable download site. (From OE-Core rev: f544e1d10e9dc0f750efdb45a78ce9d5c9603070) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good: enable v4l2-probeNicolas Dechesne2016-09-141-1/+1
| | | | | | | | | | | | | | | | | | A new mechanism to probe v4l2 M2M devices was implemented in gst 1.8 series, in order to get such devices probed we now need to enable v4l2-probe compile option which upstream decided to keep disabled by default (unfortunately), see [1]. With this feature disabled, it is not possible to get v4l2 M2M device to work in Gstreamer which is a common use case on many embedded platforms. This patch enables this new option as soon as v4l2 support is enabled in gstreamer -good. [1] https://bugzilla.gnome.org/show_bug.cgi?id=758085 (From OE-Core rev: c1f08c04a95f6ec089d4a62d90119df01c94cd80) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer: remove packaged copy of gtk-doc.m4Ross Burton2016-09-092-0/+2
| | | | | | | | | | The gstreamer common module ships a copy of gtk-doc.m4 that will be used in preference to our patched form, so delete it before configure is executed. (From OE-Core rev: 50768af29ce8524f7bae387996aaed657a1ff80f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: enable gtk-doc supportAlexander Kanavin2016-09-095-10/+42
| | | | | | | | | | check support is no longer disabled by default because it is a requirement of gtk-doc support in gstreamer. (From OE-Core rev: 628a849ff14e165b8c00c6649d042225f5a35732) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libwebp: sepcify neon availability for armJoe Slater2016-09-091-0/+5
| | | | | | | | | Defeat automatic neon detection. (From OE-Core rev: 1a563214caf6bd5b3a026ebe953f8c692ebd640a) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-0/+2
| | | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. (From OE-Core rev: de6b65a85cb3c3efa7a46b9fd9e1831ff6448c0c) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: add packageconfig for eglNicolas Dechesne2016-09-031-2/+3
| | | | | | | | | | | | | | | In commit 9c3a94aea1d (gstreamer1.0-plugins-bad: Move EGL requirement for Wayland), --enable-egl was explicitely added to the wayland packageconfig. While this is correct that enabling wayland requires egl, it should be possible to enable egl without wayland, even when using X11. For example, glimagesink can be used for GPU based color conversion using EGL/GLES. As such, let's make egl and wayland two separate PACKAGECONFIG flags. (From OE-Core rev: c1ab87caae92a58b1dfab7abc1a856fab102e3ed) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: remove EXTRA_OEMAKE workaroundStefan Müller-Klieser2016-09-031-2/+0
| | | | | | | | | | | | The default of EXTRA_OEMAKE is already empty since commit: OE-Core rev: aeb653861a0ec39ea7a014c0622980edcbf653fa bitbake.conf: Remove unhelpful default value for EXTRA_OEMAKE (From OE-Core rev: 408b1f1879e4b90c90f6d139b08d2b6f8e555655) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>