Use ${nonarch_base_libdir}/udev instead. This avoids problems when
usrmerge is enabled in DISTRO_FEATURES and udev support is disabled.
(From OE-Core rev: 0a4372705a030ca54ed420cdfec33d46ab93499c)
(From OE-Core rev: d9f3c803d739a815fe5ee2e1227c5ae571fefb8f)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e9ceff887eb270be34f224811799f86e9dc91a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix CVE-2017-8363:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8363
(From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd)
(From OE-Core rev: 201fa8f6a10469886db6d48c3a3e91712382e561)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix CVE-2017-8362:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8362
(From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274)
(From OE-Core rev: eec5e5ce04cfbd1e41e54be31afee72ecc9ec5dd)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
with minor changes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport the patch to fix two CVEs:
CVE-2017-8361:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted audio file.
CVE-2017-8365:
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8361https://nvd.nist.gov/vuln/detail/CVE-2017-8365
(From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a)
(From OE-Core rev: a23241c1e10c706754c19d7f69fe7c6cbac3732e)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is used in NVD to CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-6892
(From OE-Core rev: 0ee67de1028ea3275b6dfe398235e71c4bdbb704)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit adfb1c7fe28a6ef2bcf698f7415fd86b01bdc489)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-7697
(From OE-Core rev: fca2207f67a51de616f297ee015b9bd22eb3a3a1)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit baafa21919082a8b61af3345c35922d205b254c6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Audio playback in gtk-play is broken with vaapi because the
visualizations do not work: disable visualizations as workaround.
This should be reverted as soon as [YOCTO #11410] is fixed.
(From OE-Core rev: 1092a8d4bc78a53f60ad0137aeb08b31853db9eb)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gstreamer-vaapi fails to play files with specific frame sizes
because of buffer allocation issues. Fix is a backport.
Fixes [YOCTO #11311].
(From OE-Core rev: e01eb9b37ba5512d6fd9893c70b1f4d766fab2ac)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch ensures videometa is added to mem2mem decoder output in case
the output frames have padding rows/columns
(From OE-Core rev: ef94ffee8f11db57ecea398af76dc22576c2068a)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 5acad7f33aebfac4c5a3a68778f5860f954904fe)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch has seemingly never been applied in the recipe (even when
it lived in meta-intel). I don't think we should have unused patches
in the repo: If the patch is useful it could be reintroduced so that
the binaries are packaged into a separate package.
(From OE-Core rev: cd33ae2f21547354e1ef9776b2c4ebcea4eb7e99)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch was only used in the ancient and recently removed git recipe.
(From OE-Core rev: 2d2d4c31d04f5f29250a307c1f3da739ab351ecd)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yet again these were checking out 1.8.2 tags and then trying to apply 1.10.4
patches on top.
Clearly nobody is actually using them, so delete them so they can't go stale
again.
(From OE-Core rev: 2b15451e3f1b9fb9a7f44317f3f9cd22d8712ff5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removing this recipe since we have the latest gstreamer1.0-omx_1.10.4
in place.
(From OE-Core rev: aa06a18d59eb391d1a7ace9daa0681bdf8daf17f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dynamic packaging isn't useful if every library needs to be
listed manually.
This also merges the -dev packages into a single ffmpeg-dev, as is typical.
(From OE-Core rev: 7731035a14e3caf90ae220692ec2def5cb1aaad5)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bug-fix release:
*) Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations (CVE-2017-5847, CVE-2017-5848)
*) gst-libav was updated to ffmpeg 3.2.4, fixing a couple of CVEs
(From OE-Core rev: 6718e2cbb40fb8cb90f98f297fdfb6cbf01d52c8)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Small number of bug fixes and x86 optimizations.
(From OE-Core rev: a8aff2a0e77c401fee5a94a906ab355814505157)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The update contains a small number of bug fixes. Removed one
upstreamed patch.
gst-player does not have releases: this is the current git master.
(From OE-Core rev: 72889d45c610c4895c6a2f439439755ef4853fab)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
FFmpeg has complicated licensing options, so it should also
have complicated license statements in its recipe.
(From OE-Core rev: b0881c295e868535a8eb55fc0658a330d0f1465d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As far as I can see, there's no benefit in having separate alsa-conf and
alsa-conf-base packages. libasound depended on both, so it was not
really possible to only install alsa-conf-base.
(From OE-Core rev: 04b57e357bc016d174015a56077bb026ad9bb498)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
EXTRA_OECONF = "--disable-python" overrode the previous EXTRA_OECONF
assignment, so softfloat didn't get enabled when needed. Fixed this by
replacing "=" with "+=".
Bitbake then complained about tabs in alsa-fpu.inc, changed them to
spaces.
(From OE-Core rev: 1ed6f860de22321342404a49ba78658153ff5eb8)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog: http://alsa-project.org/main/index.php/Changes_v1.1.2_v1.1.3
Added a patch to fix a build failure with musl (cherry-picked from
upstream).
The new release doesn't any more install the smixer modules when Python
support is disabled. The modules weren't usable without Python support
before either, so this change does not constitute a loss of
functionality [1].
alsa-lib-dev has automatic dependencies on alsa-lib and libasound, but
since the smixer modules were the only thing in the alsa-lib package,
the alsa-lib package doesn't get generated any more. alsa-lib-dev still
has an automatic dependency on alsa-lib, however, so I had to override
the RDEPENDS of alsa-lib-dev to only include libasound.
[1] http://mailman.alsa-project.org/pipermail/alsa-devel/2016-November/114682.html
(From OE-Core rev: dc549b5510bfcf83f6e5e8e3aa7ed663dee83444)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These plugins follow the GStreamer versioning, so inherit this class to ensure
we don't get notified about development releases.
(From OE-Core rev: cde7b38bcbd419799070da92013b4ea98468e643)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now that Tremor isn't enabled by default in oe-core's GStreamer plugins and has
been added to meta-multimedia, it can be removed from oe-core.
(From OE-Core rev: 30f5c80943f69884b3d7323b540c8bb0f1efd8fd)
(From OE-Core rev: a8b476e7d6a5bf43cceb8c7b2610c9b66fe2f33e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Relase notes:
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/10.0/
The checksum of the LICENSE file changed due to some clarifications.
There were no changes to the actual licensing terms.
The LICENSE variable was not accurate, so I made changes to it.
Specifically:
* there's no GPL code in PulseAudio so I dropped GPL from the list
* the LGPL code allows using later versions of the license rather than
limiting to just 2.1
* there are some MIT and BSD licensed bits
I added more files to LIC_FILES_CHKSUM to have better coverage of all
the differently licensed code.
Dropped json-c and gdbm from DEPENDS. The new release doesn't use json-c
any more. gdbm isn't used when --with-database=simple is passed to
configure, so it should have been removed from DEPENDS a long time ago.
The new release dropped the Xen module, so the --without-xen configure
option isn't needed any more.
Added a comment for why --without-fftw is used.
Disabled the adrian echo canceller, because it has an unusual license,
and disabling the code was simpler than adding a new license to OE-Core.
Dropped upstreamed patches.
(From OE-Core rev: 4ddaf28fd36294fd940f26d55973da20eeeeb0d8)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
New bugfix release:
* updated version/checksums
* removed 1 patch in -good which was merged upstream
(From OE-Core rev: f61cdef0a8b2771225c6bc86881a16f8ef747983)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.
Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.
(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrade fixes the vulnerability: CVE-2016-10087
License file changes are due to updates in Package Version
and Copyright date. ie:
'libpng version 1.6.28, January 5, 2017'
(From OE-Core rev: 94bb606b9f21b7fe4c5d7e9ae3fda17da047ece5)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even old hardware these days doesn't really need fixed-integer Vorbis decoding
by default, so disable Tremor out of the box.
(From OE-Core rev: 958926dd51d5e18ef983280a6e3b50fc8f33eb12)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the only remaining svn url in OE-Core and building subversion-native
for things like the url checker is wearing and slows down builds. Since
this rarely changes, use the mirror tarball instead.
(From OE-Core rev: 0be6f3b5a69a65107b49a90bee98815a5a7ac9d8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Cus428Midi-Explicitly-cast-constant-to-char-type.patch,
because the new release has an equivalent fix (and that's actually the
only change in the new release).
(From OE-Core rev: df748d5b9f1cc0166cb8de5d770e001171cc3926)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog: https://xiph.org/flac/changelog.html
The license checksum changes are due to simple copyright year updates.
(From OE-Core rev: 2383cfd61e7be076b2079f159a3df1d237d28bb8)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch is comparatively large and invasive. It does only do one thing, switching the
system to build using recipe specific sysroots and where changes could be isolated from it,
that has been done.
With the current single sysroot approach, its possible for software to find things which
aren't in their dependencies. This leads to a determinism problem and is a growing issue in
several of the market segments where OE makes sense. The way to solve this problem for OE is
to have seperate sysroots for each recipe and these will only contain the dependencies for
that recipe.
Its worth noting that this is not task specific sysroots and that OE's dependencies do vary
enormously by task. This did result in some implementation challenges. There is nothing stopping
the implementation of task specific sysroots at some later point based on this work but
that as deemed a bridge too far right now.
Implementation details:
* Rather than installing the sysroot artefacts into a combined sysroots, they are now placed in
TMPDIR/sysroot-components/PACKAGE_ARCH/PN.
* WORKDIR/recipe-sysroot and WORKDIR/recipe-sysroot-native are built by hardlinking in files
from the sysroot-component trees. These new directories are known as RECIPE_SYSROOT and
RECIPE_SYSROOT_NATIVE.
* This construction is primarily done by a new do_prepare_recipe_sysroot task which runs
before do_configure and consists of a call to the extend_recipe_sysroot function.
* Other tasks need things in the sysroot before/after this, e.g. do_patch needs quilt-native
and do_package_write_deb needs dpkg-native. The code therefore inspects the dependencies
for each task and adds extend_recipe_sysroot as a prefunc if it has populate_sysroot
dependencies.
* We have to do a search/replace 'fixme' operation on the files installed into the sysroot to
change hardcoded paths into the correct ones. We create a fixmepath file in the component
directory which lists the files which need this operation.
* Some files have "postinstall" commands which need to run against them, e.g. gdk-pixbuf each
time a new loader is added. These are handled by adding files in bindir with the name
prefixed by "postinst-" and are run in each sysroot as its created if they're present.
This did mean most sstate postinstalls have to be rewritten but there shouldn't be many of them.
* Since a recipe can have multiple tasks and these tasks can run against each other at the same
time we have to have a lock when we perform write operations against the sysroot. We also have
to maintain manifests of what we install against a task checksum of the dependency. If the
checksum changes, we remove its files and then add the new ones.
* The autotools logic for filtering the view of m4 files is no longer needed (and was the model
for the way extend_recipe_sysroot works).
* For autotools, we used to build a combined m4 macros directory which had both the native and
target m4 files. We can no longer do this so we use the target sysroot as the default and add
the native sysroot as an extra backup include path. If we don't do this, we'd have to build
target pkg-config before we could built anything using pkg-config for example (ditto gettext).
Such dependencies would be painful so we haven't required that.
* PKDDATA_DIR was moved out the sysroot and works as before using sstate to build a hybrid copy
for each machine. The paths therefore changed, the behaviour did not.
* The ccache class had to be reworked to function with rss.
* The TCBOOTSTRAP sysroot for compiler bootstrap is no longer needed but the -initial data
does have to be filtered out from the main recipe sysroots. Putting "-initial" in a normal
recipe name therefore remains a bad idea.
* The logic in insane needed tweaks to deal with the new path layout, as did the debug source
file extraction code in package.bbclass.
* The logic in sstate.bbclass had to be rewritten since it previously only performed search and
replace on extracted sstate and we now need this to happen even if the compiled path was
"correct". This in theory could cause a mild performance issue but since the sysroot data
was the main data that needed this and we'd have to do it there regardless with rss, I've opted
just to change the way the class for everything. The built output used to build the sstate output
is now retained and installed rather than deleted.
* The search and replace logic used in sstate objects also seemed weak/incorrect and didn't hold
up against testing. This has been rewritten too. There are some assumptions made about paths, we
save the 'proper' search and replace operations to fixmepath.cmd but then ignore this. What is
here works but is a little hardcoded and an area for future improvement.
* In order to work with eSDK we need a way to build something that looks like the old style sysroot.
"bitbake build-sysroots" will construct such a sysroot based on everything in the components
directory that matches the current MACHINE. It will allow transition of external tools and can
built target or native variants or both. It also supports a clean task. I'd suggest not relying on
this for anything other than transitional purposes though. To see XXX in that sysroot, you'd have
to have built that in a previous bitbake invocation.
* pseudo is run out of its components directory. This is fine as its statically linked.
* The hacks for wayland to see allarch dependencies in the multilib case are no longer needed
and can be dropped.
* wic needed more extensive changes to work with rss and the fixes are in a separate commit series
* Various oe-selftest tweaks were needed since tests did assume the location to binaries and the
combined sysroot in several cases.
* Most missing dependencies this work found have been sent out as separate patches as they were found
but a few tweaks are still included here.
* A late addition is that extend_recipe_sysroot became multilib aware and able to populate multilib
sysroots. I had hoped not to have to add that complexity but the meta-environment recipe forced my
hand. That implementation can probably be neater but this is on the list of things to cleanup later
at this point.
In summary, the impact people will likely see after this change:
* Recipes may fail with missing dependencies, particularly native tools like gettext-native,
glib-2.0-native and libxml2.0-native. Some hosts have these installed and will mask these errors
* Any recipe/class using SSTATEPOSTINSTFUNCS will need that code rewriting into a postinst
* There was a separate patch series dealing with roots postinst native dependency issues. Any postinst
which expects native tools at rootfs time will need to mark that dependency with PACKAGE_WRITE_DEPS.
There could well be other issues. This has been tested repeatedly against our autobuilders and oe-selftest
and issues found have been fixed. We believe at least OE-Core is in good shape but that doesn't mean
we've found all the issues.
Also, the logging is a bit chatty at the moment. It does help if something goes wrong and goes to the
task logfiles, not the console so I've intentionally left this like that for now. We can turn it down
easily enough in due course.
(From OE-Core rev: 809746f56df4b91af014bf6a3f28997d6698ac78)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These recipes use glib-2.0 NLS tools so we need to depend on glib-2.0-native.
(From OE-Core rev: 3e521148bbec01ccd1818b0a26221ab6342a3299)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise libunwind support will be based on the contents of the sysroot, which
can cause problems.
(From OE-Core rev: 14cb8fe36fcb2dc20830fb4ba63ed1302255b61b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We should probably patch it to stop adding the -m argument to CFLAGS/LDFLAGS
in the first place, since we pass it in via CC, but this will do for now.
(From OE-Core rev: 5d2b0816a92965cdbbb2dca5d3009fbd5064b9ca)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Kjellerstedt
Yi Zhao
Jackie Huang
Fan Xin
Mikko Rapeli
Jussi Kukkonen
Carlos Rafael Giani
Khem Raj
Joshua Lock
Ross Burton
Maxin B. John
Andreas Oberritter
Alexander Kanavin
Tanu Kaskinen
Nicolas Dechesne
Li Zhou
Richard Purdie
Andreas Müller
Andre McCurdy
Christopher Larson