Disable asm to fix
| You specified a pre-MSA CPU in your CFLAGS.
| If you really want to run on such a CPU, configure with --disable-asm.
(From OE-Core rev: 302124c1cc8353f4d0e13ab9ba9057d6b3862bde)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the current set of PACKAGECONFIG, we end up building with 'gles2' and neither
'opengl', nor 'egl'. As a result we are building -bad with neither 'glx' nor
'egl' platform support. So let's make sure that we at least have egl by default
(since we default to 'gles2').
(From OE-Core rev: 4de8447c6536385ca134866682709efebf7d4e3d)
(From OE-Core rev: a4111417b1b46cc852bf96a443b0edb0a525f346)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
(From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If "opengl" distro feature is not set, libva recipe is skipped. Since
missing libva breaks gstreamer-vaapi-1.0 build, the same check has to be
done in gstreamer-vaapi-1.0 recipe too.
(From OE-Core rev: e87250d801622befa09ddba9ec8ecf7a4dcf902c)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to 1.10.1 at the same time
(From OE-Core rev: cf4d28d7d9820cc8f658670f766267d35133865f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When configure pokes for wayland-protocols isntallations it ended up
using the ones from host, which is because it did not account for sysroot
prefix
Remove MACHINE from variable reference tracking to avoid unnessary rebuilds for different machine
with same arch
(From OE-Core rev: 0d349956417f00831025ccca5c8caa91f4771985)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove backported patches and upstreamed ones
Drop --disable-trace its no more in 1.10.x
Add packageconfig option for kms, keep it disabled by default
in bad plugins recipe
(From OE-Core rev: 309e02b7313398a05e70915560882c880c7f7c76)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is 'libtiff' in NVD.
(From OE-Core rev: 0c8d1523f3ad0ada2d1b8f9abffbc2b898a744ca)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535
Patch from:
3ca657a8796a984bf790
(From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in
readContigTilesIntoBuffer(). Reported as MSVR 35092.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9539
Patch from:
ae9365db1b
(From OE-Core rev: 58bf0a237ca28459eb8c3afa030c0054f5bc1f16)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9540
Patch from:
5ad9d8016f
(From OE-Core rev: cc97dc66006c7892473e3b4790d05e12445bb927)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632http://bugzilla.maptools.org/show_bug.cgi?id=2549https://bugzilla.redhat.com/show_bug.cgi?id=1325095
The patch is from RHEL7.
(From OE-Core rev: 9206c86239717718be840a32724fd1c190929370)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658http://bugzilla.maptools.org/show_bug.cgi?id=2546
Patch from:
45c68450be
(From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- unexport AS variable
- Switch URI to use github mirror for reliabality
- Disable openCL code, its not used
- TEXTRELs are fixed, therefore dont skip QA check
(From OE-Core rev: 8f132ca02c0d8abe309b622cfeef5f21ecc0b242)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The flac dependency was completely bogus. Flac isn't used at all.
FFTW is only used by tests, so we don't need to provide a packageconfig
for that.
ALSA is only used by example code that isn't part of the packaged files,
so even if ALSA is enabled, it doesn't affect the build result.
Nevertheless, I prefer to disable it explicitly to be extra sure.
--disable-alsa resulted in a warning about an unsupported configure
option, although by some magic it seemed to actually work as expected.
A patch is added to get rid of that warning.
(From OE-Core rev: c7cb0ce17dc2ec3999f26d594e755c8fb9609cee)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license has changed to BSD as explained here:
http://www.mega-nerd.com/SRC/license.html
(From OE-Core rev: 053aac136cec74b0ac848337812546df847dc793)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file changes are due to updates in Version and Copyright date
(From OE-Core rev: f231bd63ab82575b2ad6ccfd0a3f5da76b56a125)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop faac package config as upstream ./configure doesn't have it anymore.
(From OE-Core rev: a08b016c04a4e4eca78cd5ffae0226af4cb5226b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the
tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (divide-by-zero error) via a crafted TIFF
image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622http://www.openwall.com/lists/oss-security/2016/04/07/4
Patch from:
92d966a5fc
(From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623http://bugzilla.maptools.org/show_bug.cgi?id=2569
Patch from:
bd024f0701
(From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage
function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (out-of-bounds write) or execute
arbitrary code via a crafted TIFF image with zero tiles.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991http://bugzilla.maptools.org/show_bug.cgi?id=2543
Patch from:
e596d4e27c
(From OE-Core rev: d31267438a654ecb396aefced201f52164171055)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3990 libtiff: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image to tiffcp.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990http://bugzilla.maptools.org/show_bug.cgi?id=2544
Patch from:
6a4dbb07cc
(From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3945 libtiff: Multiple integer overflows in the (1)
cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote
attackers to cause a denial of service (crash) or execute arbitrary code
via a crafted TIFF image, which triggers an out-of-bounds write.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945http://bugzilla.maptools.org/show_bug.cgi?id=2545
Patch from:
7c39352ccd
(From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
inc files are also used by plugins in other layers but they do
not use same srcrev for gst-common repo for various reasons e.g.
https://github.com/ndechesne/meta-qcom/blob/master/recipes-multimedia/gstreamer/gstreamer1.0-plugins-v4l2.bb
Currently, this patch is forced on these external packages too
and fails to patch cleanly in some cases. Therefore its
better to move this SRC_URI_append to the individual .bb files
(From OE-Core rev: a30d8244265f38fddefe438e035ea3bf6fb4447f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'xmlto' package feature is renamed to 'manpages' for consistency
with other manpage-enabled recipes.
(From OE-Core rev: 9d659a89d6c9b8feb3de0f15af665ac47f230850)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The directive mentioned in the comment was removed in:
commit 326c6802e49e5499e16cf141e1cdb0360fce14aa
Author: Riku Voipio <riku.voipio@linaro.org>
Date: Fri Feb 7 15:38:58 2014 +0200
alsa-lib: heavy pcm atomics cleanup
The following patch comes from the realization that at least ARM code
for atomics is quite broken and nobody has cared for a decade.
A quick dive shows that only snd_atomic_{read,write}_{begin,end}
appear to be used widely. These are implemented using wmb/rmb.
Only other use of atomic functions is in pcm_meter.c.
The #SND_PCM_TYPE_METER plugin type appears rarely, if ever, used.
I presume these days anyone who wants a meter/scope will do in pulseaudio
layer instead of alsa.
It would seem better fit to have pcm_meter in alsa-plugins instead
of alsa-lib, but I guess that would be an ABI break...
So instead, I'm proposing here
1. Removal of all hand-crafted atomics from iatomic.h apart from barriers,
which are used in snd_atomic_{read,write}_{begin,end}.
2. Using __sync_synchronize as the default fallback for barriers. This
has been available since gcc 4.1, so it shouldn't be a problem.
3. Defining the few atomics used by pcm_meter.c withing pcm_meter.c
itself, using gcc atomic builtins[1].
4. Since gcc atomic builtins are available only since gcc 4.7, add a check for
that in gcc configure.in, and don't build pcm meter plugin if using
older gcc.
The last point has the impact, that if there actually is someone who 1)
uses the meter plugin 2) wants to upgrade to 2014 alsa-lib 3) but
does not want to use a 2012+ gcc - that someone will be inconvenienced.
Finally remove the unneeded configure check for cpu type. We can
trust the gcc to set right flags for us.
[1] http://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(From OE-Core rev: dd442652afef1f83fc6c9651976cd3ba28c83c85)
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts oe-core commit b79d1bf49b56a97216fb719ac19e4dd9022f15b4.
Now that xf86-video-intel is upgraded, visualizations can be enabled
by default.
(From OE-Core rev: c0a22a8d3e5d44ae3fba14a52582d39cfc600318)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On some machines, visualizations in gst-player trigger a bug in
xvimagesink. Till we have a proper fix, disable the visualization
rather than downgrading the xvimagesink.
Fixes [YOCTO #10041]
(From OE-Core rev: b79d1bf49b56a97216fb719ac19e4dd9022f15b4)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes following error:
,----
| src/libavutil/log.c:51:31: fatal error: valgrind/valgrind.h: No such file or directory
| #include <valgrind/valgrind.h>
`----
(From OE-Core rev: 262f8180c9037b7e82efe08ce3bb1880fee22ea8)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tried by adding CFLAGS_append = " -fpic " to
the recipe. But that couldn't help resolve the
warning message:
x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel]
It was found that this warning is emitted because of the
assembly files in the source code. And it is not easy to
get rid of TEXTREL's which are coming from the assembly
source files.
Adding textrel to INSANE_SKIP resolves this issue.
This issue was observed in cyclone5 and imx6qsabresd BSP's.
So generalizing the patch.
(From OE-Core rev: 9470e0911838a6f5a23f01c6944906b69aa1317a)
Signed-off-by: Fahad Usman <fahad_usman@mentor.com>
Signed-off-by: Sujith Haridasan <Sujith_Haridasan@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LICENSE file describes how the various pieces are licensed, so add it to the
checksum so we notice when it changes.
(From OE-Core rev: 3309007b423654c1b021d85205f81e68cbd84475)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Define PV in order to avoid package version being plain "git". Use the
version number found from configure.ac plus the git revision.
(From OE-Core rev: 9d4734412c45ef80195707900b1dfdf843f43228)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 58d6cd369a3316a6ba313a2f1982bde5d47c0608)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reintroduces fixes and changes which were introduced in the original
gstreamer1.0-plugins-bad 1.8.1 upgrade commit.
* packageconfigs changed since GStreamer 1.6.3
(they often do between minor version increases like 1.6 -> 1.8)
* hls,tinyalsa packageconfigs moved into the .inc file
* vulkan packageconfig dropped since there are no vulkan libraries in OE
(libxcb alone is not enough)
* reintroduced glimagesink downrank patch (it was removed because it was
dangling before)
* fixed patch line numbers
(From OE-Core rev: ca3f9fbe21407685ed09c60bc4b991b5c6b448f4)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since gstreamer1.0-omx follows the GStreamer versioning style, inherit
upstream-version-is-even for checking the upstream version of the package.
(From OE-Core rev: d4c40d7fed89435dcf6c883343adeff37153f19e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
remotesensing.org domain has been taken over by someone unrelated.
There does not seem to be an up-to-date tiff homepage, but
osgeo.org is a reliable download site.
(From OE-Core rev: f544e1d10e9dc0f750efdb45a78ce9d5c9603070)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj
Nicolas Dechesne
Alexander Kanavin
Joshua Lock
Armin Kuster
Ismo Puustinen
Ross Burton
Andreas Oberritter
Mingli Yu
Zhixiong Chi
Yi Zhao
Tanu Kaskinen
Maxin B. John
Andreas Müller
Jussi Kukkonen
Otavio Salvador
Fahad Usman
Markus Lehtonen
Carlos Rafael Giani