MIRRORS needs to be pairs of values for the original URL to match and the
location find it on the mirror.
(From OE-Core rev: a649f3da630e8ca2d3ca58b610f3918720dd5229)
(From OE-Core rev: 1ea5d9f4d2afab924635462a35badfc55bd43c9c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.
Original idea by Maxin B. John <maxin.john@intel.com>.
(From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6)
(From OE-Core rev: 8ced3de463f97930404fe83a9f30d5d6536ffc9b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Updated for Pyro context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
(From OE-Core rev: e584aca38396db5e3d461f57804519261eecedc2)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
(From OE-Core rev: 3ea65ee8b31a16a20f5c28c19f4c758f8deabf6e)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use ${nonarch_base_libdir}/udev instead. This avoids problems when
usrmerge is enabled in DISTRO_FEATURES and udev support is disabled.
(From OE-Core rev: 0a4372705a030ca54ed420cdfec33d46ab93499c)
(From OE-Core rev: d9f3c803d739a815fe5ee2e1227c5ae571fefb8f)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e9ceff887eb270be34f224811799f86e9dc91a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix CVE-2017-8363:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8363
(From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd)
(From OE-Core rev: 201fa8f6a10469886db6d48c3a3e91712382e561)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix CVE-2017-8362:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8362
(From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274)
(From OE-Core rev: eec5e5ce04cfbd1e41e54be31afee72ecc9ec5dd)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
with minor changes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix two CVEs:
CVE-2017-8361:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted audio file.
CVE-2017-8365:
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8361https://nvd.nist.gov/vuln/detail/CVE-2017-8365
(From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a)
(From OE-Core rev: a23241c1e10c706754c19d7f69fe7c6cbac3732e)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is used in NVD to CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-6892
(From OE-Core rev: 0ee67de1028ea3275b6dfe398235e71c4bdbb704)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit adfb1c7fe28a6ef2bcf698f7415fd86b01bdc489)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-7697
(From OE-Core rev: fca2207f67a51de616f297ee015b9bd22eb3a3a1)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit baafa21919082a8b61af3345c35922d205b254c6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Audio playback in gtk-play is broken with vaapi because the
visualizations do not work: disable visualizations as workaround.
This should be reverted as soon as [YOCTO #11410] is fixed.
(From OE-Core rev: 1092a8d4bc78a53f60ad0137aeb08b31853db9eb)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gstreamer-vaapi fails to play files with specific frame sizes
because of buffer allocation issues. Fix is a backport.
Fixes [YOCTO #11311].
(From OE-Core rev: e01eb9b37ba5512d6fd9893c70b1f4d766fab2ac)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch ensures videometa is added to mem2mem decoder output in case
the output frames have padding rows/columns
(From OE-Core rev: ef94ffee8f11db57ecea398af76dc22576c2068a)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5acad7f33aebfac4c5a3a68778f5860f954904fe)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch has seemingly never been applied in the recipe (even when
it lived in meta-intel). I don't think we should have unused patches
in the repo: If the patch is useful it could be reintroduced so that
the binaries are packaged into a separate package.
(From OE-Core rev: cd33ae2f21547354e1ef9776b2c4ebcea4eb7e99)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch was only used in the ancient and recently removed git recipe.
(From OE-Core rev: 2d2d4c31d04f5f29250a307c1f3da739ab351ecd)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yet again these were checking out 1.8.2 tags and then trying to apply 1.10.4
patches on top.
Clearly nobody is actually using them, so delete them so they can't go stale
again.
(From OE-Core rev: 2b15451e3f1b9fb9a7f44317f3f9cd22d8712ff5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removing this recipe since we have the latest gstreamer1.0-omx_1.10.4
in place.
(From OE-Core rev: aa06a18d59eb391d1a7ace9daa0681bdf8daf17f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dynamic packaging isn't useful if every library needs to be
listed manually.
This also merges the -dev packages into a single ffmpeg-dev, as is typical.
(From OE-Core rev: 7731035a14e3caf90ae220692ec2def5cb1aaad5)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bug-fix release:
*) Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations (CVE-2017-5847, CVE-2017-5848)
*) gst-libav was updated to ffmpeg 3.2.4, fixing a couple of CVEs
(From OE-Core rev: 6718e2cbb40fb8cb90f98f297fdfb6cbf01d52c8)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Small number of bug fixes and x86 optimizations.
(From OE-Core rev: a8aff2a0e77c401fee5a94a906ab355814505157)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The update contains a small number of bug fixes. Removed one
upstreamed patch.
gst-player does not have releases: this is the current git master.
(From OE-Core rev: 72889d45c610c4895c6a2f439439755ef4853fab)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
FFmpeg has complicated licensing options, so it should also
have complicated license statements in its recipe.
(From OE-Core rev: b0881c295e868535a8eb55fc0658a330d0f1465d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As far as I can see, there's no benefit in having separate alsa-conf and
alsa-conf-base packages. libasound depended on both, so it was not
really possible to only install alsa-conf-base.
(From OE-Core rev: 04b57e357bc016d174015a56077bb026ad9bb498)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
EXTRA_OECONF = "--disable-python" overrode the previous EXTRA_OECONF
assignment, so softfloat didn't get enabled when needed. Fixed this by
replacing "=" with "+=".
Bitbake then complained about tabs in alsa-fpu.inc, changed them to
spaces.
(From OE-Core rev: 1ed6f860de22321342404a49ba78658153ff5eb8)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>