summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
Commit message (Collapse)AuthorAgeFilesLines
* tiff: Security fix CVE-2016-3622Yi Zhao2016-11-162-0/+130
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622 http://www.openwall.com/lists/oss-security/2016/04/07/4 Patch from: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 (From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb) (From OE-Core rev: 928eadf8442cf87fb2d4159602bd732336d74bb7) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3623Yi Zhao2016-11-162-0/+53
| | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623 http://bugzilla.maptools.org/show_bug.cgi?id=2569 Patch from: https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b (From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9) (From OE-Core rev: f0e77ffa6bbc3adc61a2abd5dbc9228e830c055d) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3991Yi Zhao2016-11-162-0/+148
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991 http://bugzilla.maptools.org/show_bug.cgi?id=2543 Patch from: https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba (From OE-Core rev: d31267438a654ecb396aefced201f52164171055) (From OE-Core rev: cf58711f12425fc1c29ed1e3bf3919b3452aa2b2) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3990Yi Zhao2016-11-162-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3990 libtiff: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990 http://bugzilla.maptools.org/show_bug.cgi?id=2544 Patch from: https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 (From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62) (From OE-Core rev: d7165cd738ac181fb29d2425e360f2734b0d1107) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3945Yi Zhao2016-11-162-0/+119
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-3945 libtiff: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945 http://bugzilla.maptools.org/show_bug.cgi?id=2545 Patch from: https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6 (From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131) (From OE-Core rev: 3a4d2618c50aed282af335ef213c5bc0c9f0534e) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-lib: allow building ARM thumb againAndreas Müller2016-10-051-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The directive mentioned in the comment was removed in: commit 326c6802e49e5499e16cf141e1cdb0360fce14aa Author: Riku Voipio <riku.voipio@linaro.org> Date: Fri Feb 7 15:38:58 2014 +0200 alsa-lib: heavy pcm atomics cleanup The following patch comes from the realization that at least ARM code for atomics is quite broken and nobody has cared for a decade. A quick dive shows that only snd_atomic_{read,write}_{begin,end} appear to be used widely. These are implemented using wmb/rmb. Only other use of atomic functions is in pcm_meter.c. The #SND_PCM_TYPE_METER plugin type appears rarely, if ever, used. I presume these days anyone who wants a meter/scope will do in pulseaudio layer instead of alsa. It would seem better fit to have pcm_meter in alsa-plugins instead of alsa-lib, but I guess that would be an ABI break... So instead, I'm proposing here 1. Removal of all hand-crafted atomics from iatomic.h apart from barriers, which are used in snd_atomic_{read,write}_{begin,end}. 2. Using __sync_synchronize as the default fallback for barriers. This has been available since gcc 4.1, so it shouldn't be a problem. 3. Defining the few atomics used by pcm_meter.c withing pcm_meter.c itself, using gcc atomic builtins[1]. 4. Since gcc atomic builtins are available only since gcc 4.7, add a check for that in gcc configure.in, and don't build pcm meter plugin if using older gcc. The last point has the impact, that if there actually is someone who 1) uses the meter plugin 2) wants to upgrade to 2014 alsa-lib 3) but does not want to use a 2012+ gcc - that someone will be inconvenienced. Finally remove the unneeded configure check for cpu type. We can trust the gcc to set right flags for us. [1] http://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html Signed-off-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> (From OE-Core rev: dd442652afef1f83fc6c9651976cd3ba28c83c85) Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "gst-player: Disable visualizations"Jussi Kukkonen2016-10-052-37/+0
| | | | | | | | | | | | This reverts oe-core commit b79d1bf49b56a97216fb719ac19e4dd9022f15b4. Now that xf86-video-intel is upgraded, visualizations can be enabled by default. (From OE-Core rev: c0a22a8d3e5d44ae3fba14a52582d39cfc600318) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: Disable visualizationsMaxin B. John2016-09-282-0/+37
| | | | | | | | | | | | | On some machines, visualizations in gst-player trigger a bug in xvimagesink. Till we have a proper fix, disable the visualization rather than downgrading the xvimagesink. Fixes [YOCTO #10041] (From OE-Core rev: b79d1bf49b56a97216fb719ac19e4dd9022f15b4) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-libav: Add 'valgrind' config optionOtavio Salvador2016-09-231-0/+1
| | | | | | | | | | | | | | | This fixes following error: ,---- | src/libavutil/log.c:51:31: fatal error: valgrind/valgrind.h: No such file or directory | #include <valgrind/valgrind.h> `---- (From OE-Core rev: 262f8180c9037b7e82efe08ce3bb1880fee22ea8) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: add textrel to INSANE_SKIPFahad Usman2016-09-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Tried by adding CFLAGS_append = " -fpic " to the recipe. But that couldn't help resolve the warning message: x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel] It was found that this warning is emitted because of the assembly files in the source code. And it is not easy to get rid of TEXTREL's which are coming from the assembly source files. Adding textrel to INSANE_SKIP resolves this issue. This issue was observed in cyclone5 and imx6qsabresd BSP's. So generalizing the patch. (From OE-Core rev: 9470e0911838a6f5a23f01c6944906b69aa1317a) Signed-off-by: Fahad Usman <fahad_usman@mentor.com> Signed-off-by: Sujith Haridasan <Sujith_Haridasan@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: add ${S}/LICENSE to LIC_FILES_CHKSUMRoss Burton2016-09-161-1/+2
| | | | | | | | | | The LICENSE file describes how the various pieces are licensed, so add it to the checksum so we notice when it changes. (From OE-Core rev: 3309007b423654c1b021d85205f81e68cbd84475) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: specify PVMarkus Lehtonen2016-09-141-0/+1
| | | | | | | | | | | Define PV in order to avoid package version being plain "git". Use the version number found from configure.ac plus the git revision. (From OE-Core rev: 9d4734412c45ef80195707900b1dfdf843f43228) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good.inc: Fix libv4l2 packageconfig dependencyCarlos Rafael Giani2016-09-141-1/+1
| | | | | | | | (From OE-Core rev: 58d6cd369a3316a6ba313a2f1982bde5d47c0608) Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: Fix packageconfigs and patchesCarlos Rafael Giani2016-09-145-63/+51
| | | | | | | | | | | | | | | | | | | | This reintroduces fixes and changes which were introduced in the original gstreamer1.0-plugins-bad 1.8.1 upgrade commit. * packageconfigs changed since GStreamer 1.6.3 (they often do between minor version increases like 1.6 -> 1.8) * hls,tinyalsa packageconfigs moved into the .inc file * vulkan packageconfig dropped since there are no vulkan libraries in OE (libxcb alone is not enough) * reintroduced glimagesink downrank patch (it was removed because it was dangling before) * fixed patch line numbers (From OE-Core rev: ca3f9fbe21407685ed09c60bc4b991b5c6b448f4) Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-omx: inherit upstream-version-is-evenMaxin B. John2016-09-141-1/+1
| | | | | | | | | | | Since gstreamer1.0-omx follows the GStreamer versioning style, inherit upstream-version-is-even for checking the upstream version of the package. (From OE-Core rev: d4c40d7fed89435dcf6c883343adeff37153f19e) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Update download URLJussi Kukkonen2016-09-141-2/+1
| | | | | | | | | | | | remotesensing.org domain has been taken over by someone unrelated. There does not seem to be an up-to-date tiff homepage, but osgeo.org is a reliable download site. (From OE-Core rev: f544e1d10e9dc0f750efdb45a78ce9d5c9603070) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good: enable v4l2-probeNicolas Dechesne2016-09-141-1/+1
| | | | | | | | | | | | | | | | | | A new mechanism to probe v4l2 M2M devices was implemented in gst 1.8 series, in order to get such devices probed we now need to enable v4l2-probe compile option which upstream decided to keep disabled by default (unfortunately), see [1]. With this feature disabled, it is not possible to get v4l2 M2M device to work in Gstreamer which is a common use case on many embedded platforms. This patch enables this new option as soon as v4l2 support is enabled in gstreamer -good. [1] https://bugzilla.gnome.org/show_bug.cgi?id=758085 (From OE-Core rev: c1f08c04a95f6ec089d4a62d90119df01c94cd80) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer: remove packaged copy of gtk-doc.m4Ross Burton2016-09-092-0/+2
| | | | | | | | | | The gstreamer common module ships a copy of gtk-doc.m4 that will be used in preference to our patched form, so delete it before configure is executed. (From OE-Core rev: 50768af29ce8524f7bae387996aaed657a1ff80f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: enable gtk-doc supportAlexander Kanavin2016-09-095-10/+42
| | | | | | | | | | check support is no longer disabled by default because it is a requirement of gtk-doc support in gstreamer. (From OE-Core rev: 628a849ff14e165b8c00c6649d042225f5a35732) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libwebp: sepcify neon availability for armJoe Slater2016-09-091-0/+5
| | | | | | | | | Defeat automatic neon detection. (From OE-Core rev: 1a563214caf6bd5b3a026ebe953f8c692ebd640a) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-0/+2
| | | | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. (From OE-Core rev: de6b65a85cb3c3efa7a46b9fd9e1831ff6448c0c) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: add packageconfig for eglNicolas Dechesne2016-09-031-2/+3
| | | | | | | | | | | | | | | In commit 9c3a94aea1d (gstreamer1.0-plugins-bad: Move EGL requirement for Wayland), --enable-egl was explicitely added to the wayland packageconfig. While this is correct that enabling wayland requires egl, it should be possible to enable egl without wayland, even when using X11. For example, glimagesink can be used for GPU based color conversion using EGL/GLES. As such, let's make egl and wayland two separate PACKAGECONFIG flags. (From OE-Core rev: c1ab87caae92a58b1dfab7abc1a856fab102e3ed) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: remove EXTRA_OEMAKE workaroundStefan Müller-Klieser2016-09-031-2/+0
| | | | | | | | | | | | The default of EXTRA_OEMAKE is already empty since commit: OE-Core rev: aeb653861a0ec39ea7a014c0622980edcbf653fa bitbake.conf: Remove unhelpful default value for EXTRA_OEMAKE (From OE-Core rev: 408b1f1879e4b90c90f6d139b08d2b6f8e555655) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: update to 3.1.3Alexander Kanavin2016-09-031-2/+2
| | | | | | | (From OE-Core rev: ff6a73adf306cb80edae9d6025dcb62b9e4fa241) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: upgrade to 1.8.3Maxin B. John2016-09-0310-66/+18
| | | | | | | | | | | | 1.8.2 -> 1.8.3 Remove backported patch from 1.8.3: 0007-glplugin-gleffects-fix-little-rectangel-appears-at-t.patch (From OE-Core rev: 0190736ef89447b81ab9a95e83ec205c5c1f4618) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mpg123: update to 1.23.6Alexander Kanavin2016-09-031-2/+2
| | | | | | | (From OE-Core rev: 7dd246aaacc7128d7c4860438714862af6ac050a) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: update to 3.1.2Alexander Kanavin2016-09-031-2/+2
| | | | | | | (From OE-Core rev: 0aeb601b9e211063aeedec5600354245c0491ff9) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libwebp: upgrade to 0.5.1Alexander Kanavin2016-09-031-2/+2
| | | | | | | (From OE-Core rev: c896b61db5c8abe0b96f7c8468cbf1ba2b36f435) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-utils: 1.1.1 -> 1.1.2Tanu Kaskinen2016-08-182-3/+3
| | | | | | | | | | | | | | Changelog: http://www.alsa-project.org/main/index.php/Changes_v1.1.1_v1.1.2 The FFT code in alsabat changed from double precision to single precision floating point numbers, which is why the fftw dependency changed to fftwf. (From OE-Core rev: 2b44e468d20a0256fba896562e2e7d1ae593a4c8) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-lib: 1.1.1 -> 1.1.2Tanu Kaskinen2016-08-183-150/+12
| | | | | | | | | | | | | | | Changelog: http://www.alsa-project.org/main/index.php/Changes_v1.1.1_v1.1.2 Removed upstreamed patch: 0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch Rebased avoid-including-sys-poll.h-directly.patch (From OE-Core rev: 4d3ec9312d9f721f57d0afc08ec1512709f75d17) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: update 1.6.23 -> 1.6.24Maxin B. John2016-08-171-5/+5
| | | | | | | | | | | | | Updates in License files are due to changes in Copyright date and Version. Ensure all tools are packaged into $PN-tools. (From OE-Core rev: e28b6042b1a81fe449b772b4698ad139edf46332) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: Pas CC and CXX to configureKhem Raj2016-08-171-0/+2
| | | | | | | | | | | | | | This helps in compiling it with with toolchain coming from a sstate server where its built using a different build time sysroot. Secondly, also helps compiling with non-gcc ( clang ) compiler (From OE-Core rev: 25deaf1368cc0a99d7b5b3f2d08d7fead51296e2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-5323Yi Zhao2016-08-172-0/+108
| | | | | | | | | | | | | | | | | | CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323 http://bugzilla.maptools.org/show_bug.cgi?id=2559 Patch from: https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31 (From OE-Core rev: 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-5321Yi Zhao2016-08-172-0/+50
| | | | | | | | | | | | | | | | | | CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321 http://bugzilla.maptools.org/show_bug.cgi?id=2558 Patch from: https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0 (From OE-Core rev: 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3186Yi Zhao2016-08-172-0/+25
| | | | | | | | | | | | | | | | | | | CVE-2016-3186 libtiff: buffer overflow in the readextension function in gif2tiff.c allows remote attackers to cause a denial of service via a crafted GIF file External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 https://bugzilla.redhat.com/show_bug.cgi?id=1319503 Patch from: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff (From OE-Core rev: 3d818fc862b1d85252443fefa2222262542a10ae) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2015-8784Armin Kuster2016-08-172-0/+74
| | | | | | | | | | | | | | CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784 (From OE-Core rev: 36097da9679ab2ce3c4044cd8ed64e5577e3f63e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2015-8781Armin Kuster2016-08-172-0/+196
| | | | | | | | | | | | | | CVE-2015-8781 libtiff: out-of-bounds writes for invalid images External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781 (From OE-Core rev: 9e97ff5582fab9f157ecd970c7c3559265210131) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: update the callback for delete-eventMaxin B. John2016-08-102-0/+33
| | | | | | | | | | | | | provide similar behaviour for Media Player's quit and close callback functions. [YOCTO #10045] (From OE-Core rev: 5cf3ae34df0a39deead8b029353b41a60e48c24a) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-utils: fix installed-vs-shipped for batStefan Müller-Klieser2016-08-102-3/+8
| | | | | | | | | | | | The bat PACKAGECONFIG does not install the test script correctly. Fix this by following the packaging used for the other bash scripts. While at it, fix some tabs. (From OE-Core rev: 3a9551479678f97a83db22f213a54169ab4fc989) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* alsa-utils: remove dangling patchStefan Müller-Klieser2016-08-101-153/+0
| | | | | | | (From OE-Core rev: 2b0f3ddda38336664c59711e6952e608b31de4bf) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: remove two dangling patchesStefan Müller-Klieser2016-08-102-67/+0
| | | | | | | (From OE-Core rev: f45c7e195b23524accd4309d49516bc44acc4a49) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: Backport GstGLMemoryEGL implementationKhem Raj2016-08-042-0/+496
| | | | | | | | | | | Backports fix for https://bugzilla.gnome.org/show_bug.cgi?id=760916 (From OE-Core rev: 3715cdec309b5b62035798e77a9a77b98a9f779a) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: Upgrade to 3.1.1Khem Raj2016-08-042-4/+37
| | | | | | | | | | | Fix build on mips64 while on it. It was failing for mips64 with 3.1 too (From OE-Core rev: e6e228b36f2603540d33b06f515aed7d2f5b8a6d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: add missing wayland-native dependencyRoss Burton2016-08-011-1/+1
| | | | | | | | | | The wayland support requires wayland-scanner, so add a dependency on wayland-native. (From OE-Core rev: 951417b7a3a6388ddb0e9d89802e50d60f02e146) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: fix floating dependency on webrtc-audio-processingTanu Kaskinen2016-07-261-0/+1
| | | | | | | | | | | | The webrtc-audio-processing library isn't yet packaged for OpenEmbedded, but let's add a packageconfig entry for it anyway to avoid problems in the future. (From OE-Core rev: afcdc3d9d83cc72eb22c00160770282cd72dbca7) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pulseaudio: 8.0 -> 9.0Tanu Kaskinen2016-07-269-695/+373
| | | | | | | | | | | | | | | | | | | | | Release notes: https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/9.0/ Rebased 0001-client-conf-Add-allow-autospawn-for-root.patch. Removed 0001-Revert-module-switch-on-port-available-Route-to-pref.patch, because the issues that were caused by the reverted commit have been fixed. The patch set that fixes the initial selection of HDMI profiles (YOCTO#8448) is replaced with updated patches cherry-picked from upstream. (From OE-Core rev: 319595e8264af32c54ba6324e220eb4ec43b7565) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: 1.0.26 -> 1.0.27Tanu Kaskinen2016-07-261-2/+2
| | | | | | | | (From OE-Core rev: e5128874a93519ff5ef8a66dbccd4d89feaba32b) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: update to 1.6.23Maxin B. John2016-07-201-4/+4
| | | | | | | | | | | | 1.6.22 -> 1.6.23 License files changes are due to updates in Copyright date and Version (From OE-Core rev: 83a43b1bd124b6306e0f852ad3961f4672fbc7dd) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: Fix little rectangel appears at the center when ↵Yuqing Zhu2016-07-202-0/+47
| | | | | | | | | | use squeeze and tunnel effects (From OE-Core rev: 061990f9aa97f2dac88e473b9852aed6f3f00f32) Signed-off-by: Yuqing Zhu <carol.zhu@nxp.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: Use the newer texture() function in glcolorconvertYuqing Zhu2016-07-202-0/+52
| | | | | | | | | | | GLES3 deprecates texture2D() and it does not work at all in newer versions than 3.3. The new function can fix it. (From OE-Core rev: dc1859a1dda854b1302d046713a3bd15e99c3f5b) Signed-off-by: Yuqing Zhu <carol.zhu@nxp.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>