<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-multimedia, branch yocto-4.0.7</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.7</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.7'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-01-26T23:37:05+00:00</updated>
<entry>
<title>tiff: Add packageconfig knob for webp</title>
<updated>2023-01-26T23:37:05+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2023-01-06T09:05:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9fecba6b89c02878e197aeb2c10fb838f6cb09c5'/>
<id>urn:sha1:9fecba6b89c02878e197aeb2c10fb838f6cb09c5</id>
<content type='text'>
tiff-native otherwise falsely detects webp if its installed on build
host. This ensures deterministic behavior regardless of host.

(From OE-Core rev: dafd8cf38d6414ca3102695b5a55a8fd2718e584)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 718c44f282310b2ca85877fed706460ccc1eebea)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ffmpeg: fix for CVE-2022-3341</title>
<updated>2023-01-26T23:37:05+00:00</updated>
<author>
<name>Narpat Mali</name>
<email>narpat.mali@windriver.com</email>
</author>
<published>2023-01-19T17:16:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bba70ce34115151362bfdc49a545ee708eb297ca'/>
<id>urn:sha1:bba70ce34115151362bfdc49a545ee708eb297ca</id>
<content type='text'>
avformat/nutdec: Add check for avformat_new_stream
Check for failure of avformat_new_stream() and propagate
the error code.

(From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1)

Signed-off-by: Narpat Mali &lt;narpat.mali@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ffmpeg: refresh patches to apply cleanly</title>
<updated>2023-01-26T23:37:05+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2023-01-16T12:14:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d95be1c7edc3ce0b7a27c9d8dfbaa178162a89e9'/>
<id>urn:sha1:d95be1c7edc3ce0b7a27c9d8dfbaa178162a89e9</id>
<content type='text'>
* the last patch added in:
  https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&amp;id=874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a
  doesn't apply cleanly.

* fixes:
  ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:

  Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
  patching file libavcodec/vp3.c
  Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).

(From OE-Core rev: 6060dec1fc9d215f6b2ff9d6571bac802ac6a09b)

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>gstreamer1.0: Fix race conditions in gstbin tests</title>
<updated>2023-01-15T11:05:15+00:00</updated>
<author>
<name>Jose Quaresma</name>
<email>quaresma.jose@gmail.com</email>
</author>
<published>2022-12-27T00:10:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cb895466204739126bce05e1d26f6fe47964f385'/>
<id>urn:sha1:cb895466204739126bce05e1d26f6fe47964f385</id>
<content type='text'>
(From OE-Core rev: ae00dd1175263dbdc7c2de5cd98baa44d5ba837e)

Signed-off-by: Jose Quaresma &lt;jose.quaresma@foundries.io&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b57df3fe9c1623ba2f5a9a0e11a85dcdc77e76a5)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"</title>
<updated>2023-01-15T11:05:15+00:00</updated>
<author>
<name>Jose Quaresma</name>
<email>quaresma.jose@gmail.com</email>
</author>
<published>2022-12-27T00:10:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=73cbe478a57b2222ab96363a4e1c107bd755c76f'/>
<id>urn:sha1:73cbe478a57b2222ab96363a4e1c107bd755c76f</id>
<content type='text'>
This reverts commit 220a527d269f146bdabd66040b5bee7de9e3fd3f.

- Drop this patch and use the upstream solution
  https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643

(From OE-Core rev: 865ea5e122a0e6cbfab1c4fe722bb01509b1102a)

Signed-off-by: Jose Quaresma &lt;jose.quaresma@foundries.io&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 9660045d07a2b492ac48a1f1b08aa4288b45d64a)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ffmpeg: fix for CVE-2022-3109</title>
<updated>2023-01-15T11:05:14+00:00</updated>
<author>
<name>Narpat Mali</name>
<email>narpat.mali@windriver.com</email>
</author>
<published>2023-01-04T15:06:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fd2d94582063f8e6fa4131f0393ae2fec3d11cd8'/>
<id>urn:sha1:fd2d94582063f8e6fa4131f0393ae2fec3d11cd8</id>
<content type='text'>
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

CVE: CVE-2022-3109

Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]

(From OE-Core rev: 874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a)

Signed-off-by: Narpat Mali &lt;narpat.mali@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>gstreamer1.0: upgrade 1.20.4 -&gt; 1.20.5</title>
<updated>2023-01-06T17:33:23+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2022-12-21T11:05:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=11555b5d2b6bcb7221296c8f617fe17b2ce232b2'/>
<id>urn:sha1:11555b5d2b6bcb7221296c8f617fe17b2ce232b2</id>
<content type='text'>
Changelog:
===========
systemclock waiting fixes for certain 32-bit platforms/libcs
alphacombine: robustness improvements for corner case scenarios
avfvideosrc: Report latency when doing screen capture
d3d11videosink: various thread-safety and stability fixes
decklink: fix performance issue when HDMI signal has been lost for a long time
flacparse: Fix handling of headers advertising 32 bits per sample
mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
opengl: fix automatic dispmanx detection for rpi4 and fix usage of eglCreate/DestroyImage
opusdec: Various channel-related fixes
textrender: event handling fixes, esp. for GAP event
subparse: Fix non-closed tag handling
videoscale: fix handling of unknown buffer metas
videosink: reverse playback handling fixes
qtmux: Prefill mode fixes, especially for raw audio
multiudpsink: allow binding to IPv6 address
rtspsrc: Fix usage of IPv6 connections in SETUP
rtspsrc: Only EOS on timeout if all streams are timed out/EOS
splitmuxsrc: fix playback stall if there are unlinked pads
v4l2: Fix SIGSEGV on state change during format changes
wavparse robustness fixes
Fix static linking on macOS (opengl, vulkan)
gstreamer-vaapi: fix headless build against mesa &gt;= 22.3.0
GStreamer Editing Services library: Fix build with tools disabled
webrtc example/demo fixes
unit test fixes for aesdec and rtpjitterbuffer
Cerbero: Fix ios cross-compile with cmake on M1; some recipe updates and other build fixes
Binary packages: pkg-config file fixes for various recipes (ffmpeg, taglib, gstreamer)
Binary packages: Enable high bitdepth support for libvpx (VP8/VP9 encoding/decoding)
Binary packages: ship aes plugin
Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
Performance improvements

(From OE-Core rev: e9a05c026c6b1f39c4413abea9912542aa608cbe)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
(cherry picked from commit fd8ab6052d88120c58cf84ad7d77d60c12ef3b8a)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libpng: upgrade 1.6.38 -&gt; 1.6.39</title>
<updated>2023-01-06T17:33:23+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2022-12-12T07:29:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7af48055e331e662e6f116ea8b5cc7166dcdfbf8'/>
<id>urn:sha1:7af48055e331e662e6f116ea8b5cc7166dcdfbf8</id>
<content type='text'>
Changelog:
==========
*  Changed the error handler of oversized chunks (i.e. larger than
   PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
*  Fixed a buffer overflow error in contrib/tools/pngfix.
*  Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
*  Disabled the ARM Neon optimizations by default in the CMake file,
   following the default behavior of the configure script.
*  Allowed configure.ac to work with the trunk version of autoconf.
*  Removed the support for "install" targets from the legacy makefiles;
   removed the obsolete makefile.cegcc.
*  Cleaned up the code and updated the internal documentation.

(From OE-Core rev: 63725065af4c74a352984cfe7563e4099199d24d)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
(cherry picked from commit 19799cb50a00561b318cba1c8c20737f20e4a47f)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch</title>
<updated>2022-12-07T15:02:45+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2022-11-28T19:24:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6c79f0424b34a329f6421d9f7b1da820c931b59c'/>
<id>urn:sha1:6c79f0424b34a329f6421d9f7b1da820c931b59c</id>
<content type='text'>
* according to https://bugzilla.redhat.com/show_bug.cgi?id=2118863
  this commit should be the fix for CVE-2022-2868

* resolves false-possitive entry in:
  https://lists.yoctoproject.org/g/yocto-security/message/705

  CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868

(From OE-Core rev: 97ad71541996023075950337e8b133c1a8551e0f)

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Security fix for CVE-2022-3970</title>
<updated>2022-12-07T15:02:45+00:00</updated>
<author>
<name>Qiu, Zheng</name>
<email>Zheng.Qiu@windriver.com</email>
</author>
<published>2022-11-28T19:01:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=38f46024d730735c2fe77616db938dca8265b948'/>
<id>urn:sha1:38f46024d730735c2fe77616db938dca8265b948</id>
<content type='text'>
This patch contains a fix for CVE-2022-3970

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3970
https://security-tracker.debian.org/tracker/CVE-2022-3970

Patch generated from :
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be

(From OE-Core rev: d4b231e1baa0c4c6fa8eaa2e25170eeb29cd1cdf)

Signed-off-by: Zheng Qiu &lt;zheng.qiu@windriver.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
