linux/meta-openembedded.git/meta-oe/recipes-multimedia, branch whinlatter

libdvdread: use https for fetching code

2026-04-24T15:43:21+00:00

Signed-off-by: Markus Volk Signed-off-by: Khem Raj (cherry picked from commit 7bf89d06a41405b48fa3af260da36bc686973afc) Signed-off-by: Anuj Mittal

libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

2026-03-09T11:44:04+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474 https://nvd.nist.gov/vuln/detail/CVE-2026-1837 Both CVEs have been fixed in v0.11.2, but NVD tracks these vulnerabilities without version information. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal

libjxl: upgrade 0.11.1 -> 0.11.2

2026-03-06T04:39:08+00:00

- fix tile dimension in low memory rendering pipeline (CVE-2025-12474) - fix number of channels for gray-to-gray color transform (CVE-2026-1837) - djxl: reject decoding JXL files if "packed" representation size overflows size_t https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Signed-off-by: Ankur Tyagi Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal

libcdio: patch CVE-2024-36600

2026-02-03T02:37:26+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600 Backport the patch from the PR that is referenced in the NVD advisory. Note that there are two PRs mentioned: one is the fix, and the other is just readme update with the CVE ID. The latter wasn't backported. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal

libjxl: Fix build error with arm and musl

2026-01-20T04:45:19+00:00

Build fails for qemuarm with musl with following error: /build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc | error: out of range pc-relative fixup value Signed-off-by: Ankur Tyagi Signed-off-by: Khem Raj (cherry picked from commit 63ae47a70d6d81937f5122c535d890678ed3c13e) Signed-off-by: Ankur Tyagi Signed-off-by: Anuj Mittal

audiofile: Fix build with clang++

2025-11-14T15:36:56+00:00

When tests are enabled additional C++ code is compiled and clang does not like the code. Cc: Gyorgy Sarvari Signed-off-by: Khem Raj

audiofile: patch CVE-2018-13440 and CVE-2018-17059

2025-11-14T15:36:56+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2018-13440 https://nvd.nist.gov/vuln/detail/CVE-2018-17059 The patches have been backported from Debian - upstream has been inactive for almost a decade by now. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

audiofile: backport test for CVE-2015-7747

2025-11-14T15:36:56+00:00

This is a backported patch from opensuse, which contains a testcase for CVE-2015-7747 (which is already patched in ths recipe, but not tested explicitly). Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

audiofile: add ptest support

2025-11-14T15:36:55+00:00

It's under 15 seconds to execute it. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

audiofile: patch CVE-2019-13147 and CVE-2022-24599

2025-11-14T15:36:55+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147 https://nvd.nist.gov/vuln/detail/CVE-2022-24599 These patches are used by opensuse to mitigate the corresponding vulnerabulities. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj