Changelog: http://alsa-project.org/main/index.php/Changes_v1.1.2_v1.1.3
Added a patch to fix a build failure with musl (cherry-picked from
upstream).
The new release doesn't any more install the smixer modules when Python
support is disabled. The modules weren't usable without Python support
before either, so this change does not constitute a loss of
functionality [1].
alsa-lib-dev has automatic dependencies on alsa-lib and libasound, but
since the smixer modules were the only thing in the alsa-lib package,
the alsa-lib package doesn't get generated any more. alsa-lib-dev still
has an automatic dependency on alsa-lib, however, so I had to override
the RDEPENDS of alsa-lib-dev to only include libasound.
[1] http://mailman.alsa-project.org/pipermail/alsa-devel/2016-November/114682.html
(From OE-Core rev: dc549b5510bfcf83f6e5e8e3aa7ed663dee83444)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These plugins follow the GStreamer versioning, so inherit this class to ensure
we don't get notified about development releases.
(From OE-Core rev: cde7b38bcbd419799070da92013b4ea98468e643)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now that Tremor isn't enabled by default in oe-core's GStreamer plugins and has
been added to meta-multimedia, it can be removed from oe-core.
(From OE-Core rev: 30f5c80943f69884b3d7323b540c8bb0f1efd8fd)
(From OE-Core rev: a8b476e7d6a5bf43cceb8c7b2610c9b66fe2f33e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Relase notes:
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/10.0/
The checksum of the LICENSE file changed due to some clarifications.
There were no changes to the actual licensing terms.
The LICENSE variable was not accurate, so I made changes to it.
Specifically:
* there's no GPL code in PulseAudio so I dropped GPL from the list
* the LGPL code allows using later versions of the license rather than
limiting to just 2.1
* there are some MIT and BSD licensed bits
I added more files to LIC_FILES_CHKSUM to have better coverage of all
the differently licensed code.
Dropped json-c and gdbm from DEPENDS. The new release doesn't use json-c
any more. gdbm isn't used when --with-database=simple is passed to
configure, so it should have been removed from DEPENDS a long time ago.
The new release dropped the Xen module, so the --without-xen configure
option isn't needed any more.
Added a comment for why --without-fftw is used.
Disabled the adrian echo canceller, because it has an unusual license,
and disabling the code was simpler than adding a new license to OE-Core.
Dropped upstreamed patches.
(From OE-Core rev: 4ddaf28fd36294fd940f26d55973da20eeeeb0d8)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
New bugfix release:
* updated version/checksums
* removed 1 patch in -good which was merged upstream
(From OE-Core rev: f61cdef0a8b2771225c6bc86881a16f8ef747983)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.
Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.
(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This upgrade fixes the vulnerability: CVE-2016-10087
License file changes are due to updates in Package Version
and Copyright date. ie:
'libpng version 1.6.28, January 5, 2017'
(From OE-Core rev: 94bb606b9f21b7fe4c5d7e9ae3fda17da047ece5)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even old hardware these days doesn't really need fixed-integer Vorbis decoding
by default, so disable Tremor out of the box.
(From OE-Core rev: 958926dd51d5e18ef983280a6e3b50fc8f33eb12)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the only remaining svn url in OE-Core and building subversion-native
for things like the url checker is wearing and slows down builds. Since
this rarely changes, use the mirror tarball instead.
(From OE-Core rev: 0be6f3b5a69a65107b49a90bee98815a5a7ac9d8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Cus428Midi-Explicitly-cast-constant-to-char-type.patch,
because the new release has an equivalent fix (and that's actually the
only change in the new release).
(From OE-Core rev: df748d5b9f1cc0166cb8de5d770e001171cc3926)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog: https://xiph.org/flac/changelog.html
The license checksum changes are due to simple copyright year updates.
(From OE-Core rev: 2383cfd61e7be076b2079f159a3df1d237d28bb8)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch is comparatively large and invasive. It does only do one thing, switching the
system to build using recipe specific sysroots and where changes could be isolated from it,
that has been done.
With the current single sysroot approach, its possible for software to find things which
aren't in their dependencies. This leads to a determinism problem and is a growing issue in
several of the market segments where OE makes sense. The way to solve this problem for OE is
to have seperate sysroots for each recipe and these will only contain the dependencies for
that recipe.
Its worth noting that this is not task specific sysroots and that OE's dependencies do vary
enormously by task. This did result in some implementation challenges. There is nothing stopping
the implementation of task specific sysroots at some later point based on this work but
that as deemed a bridge too far right now.
Implementation details:
* Rather than installing the sysroot artefacts into a combined sysroots, they are now placed in
TMPDIR/sysroot-components/PACKAGE_ARCH/PN.
* WORKDIR/recipe-sysroot and WORKDIR/recipe-sysroot-native are built by hardlinking in files
from the sysroot-component trees. These new directories are known as RECIPE_SYSROOT and
RECIPE_SYSROOT_NATIVE.
* This construction is primarily done by a new do_prepare_recipe_sysroot task which runs
before do_configure and consists of a call to the extend_recipe_sysroot function.
* Other tasks need things in the sysroot before/after this, e.g. do_patch needs quilt-native
and do_package_write_deb needs dpkg-native. The code therefore inspects the dependencies
for each task and adds extend_recipe_sysroot as a prefunc if it has populate_sysroot
dependencies.
* We have to do a search/replace 'fixme' operation on the files installed into the sysroot to
change hardcoded paths into the correct ones. We create a fixmepath file in the component
directory which lists the files which need this operation.
* Some files have "postinstall" commands which need to run against them, e.g. gdk-pixbuf each
time a new loader is added. These are handled by adding files in bindir with the name
prefixed by "postinst-" and are run in each sysroot as its created if they're present.
This did mean most sstate postinstalls have to be rewritten but there shouldn't be many of them.
* Since a recipe can have multiple tasks and these tasks can run against each other at the same
time we have to have a lock when we perform write operations against the sysroot. We also have
to maintain manifests of what we install against a task checksum of the dependency. If the
checksum changes, we remove its files and then add the new ones.
* The autotools logic for filtering the view of m4 files is no longer needed (and was the model
for the way extend_recipe_sysroot works).
* For autotools, we used to build a combined m4 macros directory which had both the native and
target m4 files. We can no longer do this so we use the target sysroot as the default and add
the native sysroot as an extra backup include path. If we don't do this, we'd have to build
target pkg-config before we could built anything using pkg-config for example (ditto gettext).
Such dependencies would be painful so we haven't required that.
* PKDDATA_DIR was moved out the sysroot and works as before using sstate to build a hybrid copy
for each machine. The paths therefore changed, the behaviour did not.
* The ccache class had to be reworked to function with rss.
* The TCBOOTSTRAP sysroot for compiler bootstrap is no longer needed but the -initial data
does have to be filtered out from the main recipe sysroots. Putting "-initial" in a normal
recipe name therefore remains a bad idea.
* The logic in insane needed tweaks to deal with the new path layout, as did the debug source
file extraction code in package.bbclass.
* The logic in sstate.bbclass had to be rewritten since it previously only performed search and
replace on extracted sstate and we now need this to happen even if the compiled path was
"correct". This in theory could cause a mild performance issue but since the sysroot data
was the main data that needed this and we'd have to do it there regardless with rss, I've opted
just to change the way the class for everything. The built output used to build the sstate output
is now retained and installed rather than deleted.
* The search and replace logic used in sstate objects also seemed weak/incorrect and didn't hold
up against testing. This has been rewritten too. There are some assumptions made about paths, we
save the 'proper' search and replace operations to fixmepath.cmd but then ignore this. What is
here works but is a little hardcoded and an area for future improvement.
* In order to work with eSDK we need a way to build something that looks like the old style sysroot.
"bitbake build-sysroots" will construct such a sysroot based on everything in the components
directory that matches the current MACHINE. It will allow transition of external tools and can
built target or native variants or both. It also supports a clean task. I'd suggest not relying on
this for anything other than transitional purposes though. To see XXX in that sysroot, you'd have
to have built that in a previous bitbake invocation.
* pseudo is run out of its components directory. This is fine as its statically linked.
* The hacks for wayland to see allarch dependencies in the multilib case are no longer needed
and can be dropped.
* wic needed more extensive changes to work with rss and the fixes are in a separate commit series
* Various oe-selftest tweaks were needed since tests did assume the location to binaries and the
combined sysroot in several cases.
* Most missing dependencies this work found have been sent out as separate patches as they were found
but a few tweaks are still included here.
* A late addition is that extend_recipe_sysroot became multilib aware and able to populate multilib
sysroots. I had hoped not to have to add that complexity but the meta-environment recipe forced my
hand. That implementation can probably be neater but this is on the list of things to cleanup later
at this point.
In summary, the impact people will likely see after this change:
* Recipes may fail with missing dependencies, particularly native tools like gettext-native,
glib-2.0-native and libxml2.0-native. Some hosts have these installed and will mask these errors
* Any recipe/class using SSTATEPOSTINSTFUNCS will need that code rewriting into a postinst
* There was a separate patch series dealing with roots postinst native dependency issues. Any postinst
which expects native tools at rootfs time will need to mark that dependency with PACKAGE_WRITE_DEPS.
There could well be other issues. This has been tested repeatedly against our autobuilders and oe-selftest
and issues found have been fixed. We believe at least OE-Core is in good shape but that doesn't mean
we've found all the issues.
Also, the logging is a bit chatty at the moment. It does help if something goes wrong and goes to the
task logfiles, not the console so I've intentionally left this like that for now. We can turn it down
easily enough in due course.
(From OE-Core rev: 809746f56df4b91af014bf6a3f28997d6698ac78)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These recipes use glib-2.0 NLS tools so we need to depend on glib-2.0-native.
(From OE-Core rev: 3e521148bbec01ccd1818b0a26221ab6342a3299)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise libunwind support will be based on the contents of the sysroot, which
can cause problems.
(From OE-Core rev: 14cb8fe36fcb2dc20830fb4ba63ed1302255b61b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We should probably patch it to stop adding the -m argument to CFLAGS/LDFLAGS
in the first place, since we pass it in via CC, but this will do for now.
(From OE-Core rev: 5d2b0816a92965cdbbb2dca5d3009fbd5064b9ca)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the usual way this is handled in desktop distros (see debian, gentoo).
I wasn't able to track down a patch to add proper x32 support to ffmpeg. There
was, however, a libav patch series which may be worth investigating.
(From OE-Core rev: 94bfdb0accab0a2638e3bea1271cb80596f38e00)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The included libav lacks support for x32, so disable the assembly
optimizations.
(From OE-Core rev: 7bac614503d0d9fda03b087501690e5f8262d966)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the file is expected to exist, then we should always be using require
so that if it doesn't we get an error rather than some other more
obscure failure later on.
(From OE-Core rev: 603ae6eb487489e65da69c68e532cb767ccc1fc2)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Disable asm to fix
| You specified a pre-MSA CPU in your CFLAGS.
| If you really want to run on such a CPU, configure with --disable-asm.
(From OE-Core rev: 302124c1cc8353f4d0e13ab9ba9057d6b3862bde)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the current set of PACKAGECONFIG, we end up building with 'gles2' and neither
'opengl', nor 'egl'. As a result we are building -bad with neither 'glx' nor
'egl' platform support. So let's make sure that we at least have egl by default
(since we default to 'gles2').
(From OE-Core rev: 4de8447c6536385ca134866682709efebf7d4e3d)
(From OE-Core rev: a4111417b1b46cc852bf96a443b0edb0a525f346)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
(From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If "opengl" distro feature is not set, libva recipe is skipped. Since
missing libva breaks gstreamer-vaapi-1.0 build, the same check has to be
done in gstreamer-vaapi-1.0 recipe too.
(From OE-Core rev: e87250d801622befa09ddba9ec8ecf7a4dcf902c)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to 1.10.1 at the same time
(From OE-Core rev: cf4d28d7d9820cc8f658670f766267d35133865f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When configure pokes for wayland-protocols isntallations it ended up
using the ones from host, which is because it did not account for sysroot
prefix
Remove MACHINE from variable reference tracking to avoid unnessary rebuilds for different machine
with same arch
(From OE-Core rev: 0d349956417f00831025ccca5c8caa91f4771985)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove backported patches and upstreamed ones
Drop --disable-trace its no more in 1.10.x
Add packageconfig option for kms, keep it disabled by default
in bad plugins recipe
(From OE-Core rev: 309e02b7313398a05e70915560882c880c7f7c76)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is 'libtiff' in NVD.
(From OE-Core rev: 0c8d1523f3ad0ada2d1b8f9abffbc2b898a744ca)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535
Patch from:
3ca657a8796a984bf790
(From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in
readContigTilesIntoBuffer(). Reported as MSVR 35092.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9539
Patch from:
ae9365db1b
(From OE-Core rev: 58bf0a237ca28459eb8c3afa030c0054f5bc1f16)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9540
Patch from:
5ad9d8016f
(From OE-Core rev: cc97dc66006c7892473e3b4790d05e12445bb927)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632http://bugzilla.maptools.org/show_bug.cgi?id=2549https://bugzilla.redhat.com/show_bug.cgi?id=1325095
The patch is from RHEL7.
(From OE-Core rev: 9206c86239717718be840a32724fd1c190929370)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658http://bugzilla.maptools.org/show_bug.cgi?id=2546
Patch from:
45c68450be
(From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- unexport AS variable
- Switch URI to use github mirror for reliabality
- Disable openCL code, its not used
- TEXTRELs are fixed, therefore dont skip QA check
(From OE-Core rev: 8f132ca02c0d8abe309b622cfeef5f21ecc0b242)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The flac dependency was completely bogus. Flac isn't used at all.
FFTW is only used by tests, so we don't need to provide a packageconfig
for that.
ALSA is only used by example code that isn't part of the packaged files,
so even if ALSA is enabled, it doesn't affect the build result.
Nevertheless, I prefer to disable it explicitly to be extra sure.
--disable-alsa resulted in a warning about an unsupported configure
option, although by some magic it seemed to actually work as expected.
A patch is added to get rid of that warning.
(From OE-Core rev: c7cb0ce17dc2ec3999f26d594e755c8fb9609cee)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The license has changed to BSD as explained here:
http://www.mega-nerd.com/SRC/license.html
(From OE-Core rev: 053aac136cec74b0ac848337812546df847dc793)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License file changes are due to updates in Version and Copyright date
(From OE-Core rev: f231bd63ab82575b2ad6ccfd0a3f5da76b56a125)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop faac package config as upstream ./configure doesn't have it anymore.
(From OE-Core rev: a08b016c04a4e4eca78cd5ffae0226af4cb5226b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the
tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (divide-by-zero error) via a crafted TIFF
image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622http://www.openwall.com/lists/oss-security/2016/04/07/4
Patch from:
92d966a5fc
(From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623http://bugzilla.maptools.org/show_bug.cgi?id=2569
Patch from:
bd024f0701
(From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage
function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (out-of-bounds write) or execute
arbitrary code via a crafted TIFF image with zero tiles.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991http://bugzilla.maptools.org/show_bug.cgi?id=2543
Patch from:
e596d4e27c
(From OE-Core rev: d31267438a654ecb396aefced201f52164171055)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3990 libtiff: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image to tiffcp.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990http://bugzilla.maptools.org/show_bug.cgi?id=2544
Patch from:
6a4dbb07cc
(From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3945 libtiff: Multiple integer overflows in the (1)
cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote
attackers to cause a denial of service (crash) or execute arbitrary code
via a crafted TIFF image, which triggers an out-of-bounds write.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945http://bugzilla.maptools.org/show_bug.cgi?id=2545
Patch from:
7c39352ccd
(From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
inc files are also used by plugins in other layers but they do
not use same srcrev for gst-common repo for various reasons e.g.
https://github.com/ndechesne/meta-qcom/blob/master/recipes-multimedia/gstreamer/gstreamer1.0-plugins-v4l2.bb
Currently, this patch is forced on these external packages too
and fails to patch cleanly in some cases. Therefore its
better to move this SRC_URI_append to the individual .bb files
(From OE-Core rev: a30d8244265f38fddefe438e035ea3bf6fb4447f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'xmlto' package feature is renamed to 'manpages' for consistency
with other manpage-enabled recipes.
(From OE-Core rev: 9d659a89d6c9b8feb3de0f15af665ac47f230850)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The directive mentioned in the comment was removed in:
commit 326c6802e49e5499e16cf141e1cdb0360fce14aa
Author: Riku Voipio <riku.voipio@linaro.org>
Date: Fri Feb 7 15:38:58 2014 +0200
alsa-lib: heavy pcm atomics cleanup
The following patch comes from the realization that at least ARM code
for atomics is quite broken and nobody has cared for a decade.
A quick dive shows that only snd_atomic_{read,write}_{begin,end}
appear to be used widely. These are implemented using wmb/rmb.
Only other use of atomic functions is in pcm_meter.c.
The #SND_PCM_TYPE_METER plugin type appears rarely, if ever, used.
I presume these days anyone who wants a meter/scope will do in pulseaudio
layer instead of alsa.
It would seem better fit to have pcm_meter in alsa-plugins instead
of alsa-lib, but I guess that would be an ABI break...
So instead, I'm proposing here
1. Removal of all hand-crafted atomics from iatomic.h apart from barriers,
which are used in snd_atomic_{read,write}_{begin,end}.
2. Using __sync_synchronize as the default fallback for barriers. This
has been available since gcc 4.1, so it shouldn't be a problem.
3. Defining the few atomics used by pcm_meter.c withing pcm_meter.c
itself, using gcc atomic builtins[1].
4. Since gcc atomic builtins are available only since gcc 4.7, add a check for
that in gcc configure.in, and don't build pcm meter plugin if using
older gcc.
The last point has the impact, that if there actually is someone who 1)
uses the meter plugin 2) wants to upgrade to 2014 alsa-lib 3) but
does not want to use a 2012+ gcc - that someone will be inconvenienced.
Finally remove the unneeded configure check for cpu type. We can
trust the gcc to set right flags for us.
[1] http://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(From OE-Core rev: dd442652afef1f83fc6c9651976cd3ba28c83c85)
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts oe-core commit b79d1bf49b56a97216fb719ac19e4dd9022f15b4.
Now that xf86-video-intel is upgraded, visualizations can be enabled
by default.
(From OE-Core rev: c0a22a8d3e5d44ae3fba14a52582d39cfc600318)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On some machines, visualizations in gst-player trigger a bug in
xvimagesink. Till we have a proper fix, disable the visualization
rather than downgrading the xvimagesink.
Fixes [YOCTO #10041]
(From OE-Core rev: b79d1bf49b56a97216fb719ac19e4dd9022f15b4)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes following error:
,----
| src/libavutil/log.c:51:31: fatal error: valgrind/valgrind.h: No such file or directory
| #include <valgrind/valgrind.h>
`----
(From OE-Core rev: 262f8180c9037b7e82efe08ce3bb1880fee22ea8)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tried by adding CFLAGS_append = " -fpic " to
the recipe. But that couldn't help resolve the
warning message:
x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel]
It was found that this warning is emitted because of the
assembly files in the source code. And it is not easy to
get rid of TEXTREL's which are coming from the assembly
source files.
Adding textrel to INSANE_SKIP resolves this issue.
This issue was observed in cyclone5 and imx6qsabresd BSP's.
So generalizing the patch.
(From OE-Core rev: 9470e0911838a6f5a23f01c6944906b69aa1317a)
Signed-off-by: Fahad Usman <fahad_usman@mentor.com>
Signed-off-by: Sujith Haridasan <Sujith_Haridasan@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LICENSE file describes how the various pieces are licensed, so add it to the
checksum so we notice when it changes.
(From OE-Core rev: 3309007b423654c1b021d85205f81e68cbd84475)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Define PV in order to avoid package version being plain "git". Use the
version number found from configure.ac plus the git revision.
(From OE-Core rev: 9d4734412c45ef80195707900b1dfdf843f43228)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 58d6cd369a3316a6ba313a2f1982bde5d47c0608)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reintroduces fixes and changes which were introduced in the original
gstreamer1.0-plugins-bad 1.8.1 upgrade commit.
* packageconfigs changed since GStreamer 1.6.3
(they often do between minor version increases like 1.6 -> 1.8)
* hls,tinyalsa packageconfigs moved into the .inc file
* vulkan packageconfig dropped since there are no vulkan libraries in OE
(libxcb alone is not enough)
* reintroduced glimagesink downrank patch (it was removed because it was
dangling before)
* fixed patch line numbers
(From OE-Core rev: ca3f9fbe21407685ed09c60bc4b991b5c6b448f4)
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since gstreamer1.0-omx follows the GStreamer versioning style, inherit
upstream-version-is-even for checking the upstream version of the package.
(From OE-Core rev: d4c40d7fed89435dcf6c883343adeff37153f19e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
remotesensing.org domain has been taken over by someone unrelated.
There does not seem to be an up-to-date tiff homepage, but
osgeo.org is a reliable download site.
(From OE-Core rev: f544e1d10e9dc0f750efdb45a78ce9d5c9603070)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A new mechanism to probe v4l2 M2M devices was implemented in gst 1.8 series, in
order to get such devices probed we now need to enable v4l2-probe compile option
which upstream decided to keep disabled by default (unfortunately), see [1].
With this feature disabled, it is not possible to get v4l2 M2M device to work in
Gstreamer which is a common use case on many embedded platforms. This patch
enables this new option as soon as v4l2 support is enabled in gstreamer -good.
[1] https://bugzilla.gnome.org/show_bug.cgi?id=758085
(From OE-Core rev: c1f08c04a95f6ec089d4a62d90119df01c94cd80)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The gstreamer common module ships a copy of gtk-doc.m4 that will be used in
preference to our patched form, so delete it before configure is executed.
(From OE-Core rev: 50768af29ce8524f7bae387996aaed657a1ff80f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
check support is no longer disabled by default because it is a requirement
of gtk-doc support in gstreamer.
(From OE-Core rev: 628a849ff14e165b8c00c6649d042225f5a35732)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: de6b65a85cb3c3efa7a46b9fd9e1831ff6448c0c)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In commit 9c3a94aea1d (gstreamer1.0-plugins-bad: Move EGL requirement for
Wayland), --enable-egl was explicitely added to the wayland packageconfig. While
this is correct that enabling wayland requires egl, it should be possible to
enable egl without wayland, even when using X11. For example, glimagesink can be
used for GPU based color conversion using EGL/GLES.
As such, let's make egl and wayland two separate PACKAGECONFIG flags.
(From OE-Core rev: c1ab87caae92a58b1dfab7abc1a856fab102e3ed)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The default of EXTRA_OEMAKE is already empty since commit:
OE-Core rev: aeb653861a0ec39ea7a014c0622980edcbf653fa
bitbake.conf: Remove unhelpful default value for EXTRA_OEMAKE
(From OE-Core rev: 408b1f1879e4b90c90f6d139b08d2b6f8e555655)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
http://www.alsa-project.org/main/index.php/Changes_v1.1.1_v1.1.2
The FFT code in alsabat changed from double precision to single
precision floating point numbers, which is why the fftw dependency
changed to fftwf.
(From OE-Core rev: 2b44e468d20a0256fba896562e2e7d1ae593a4c8)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Updates in License files are due to changes in Copyright date
and Version.
Ensure all tools are packaged into $PN-tools.
(From OE-Core rev: e28b6042b1a81fe449b772b4698ad139edf46332)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This helps in compiling it with with toolchain coming from
a sstate server where its built using a different build time
sysroot.
Secondly, also helps compiling with non-gcc ( clang ) compiler
(From OE-Core rev: 25deaf1368cc0a99d7b5b3f2d08d7fead51296e2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323http://bugzilla.maptools.org/show_bug.cgi?id=2559
Patch from:
2f79856097
(From OE-Core rev: 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321http://bugzilla.maptools.org/show_bug.cgi?id=2558
Patch from:
d9783e4a14
(From OE-Core rev: 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
provide similar behaviour for Media Player's quit and close callback
functions.
[YOCTO #10045]
(From OE-Core rev: 5cf3ae34df0a39deead8b029353b41a60e48c24a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bat PACKAGECONFIG does not install the test script correctly. Fix
this by following the packaging used for the other bash scripts. While
at it, fix some tabs.
(From OE-Core rev: 3a9551479678f97a83db22f213a54169ab4fc989)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tanu Kaskinen
Ross Burton
Nicolas Dechesne
Andreas Oberritter
Li Zhou
Maxin B. John
Richard Purdie
Andreas Müller
Andre McCurdy
Khem Raj
Christopher Larson
Paul Eggleton
Alexander Kanavin
Joshua Lock
Armin Kuster
Ismo Puustinen
Mingli Yu
Zhixiong Chi
Yi Zhao
Jussi Kukkonen
Otavio Salvador
Fahad Usman
Markus Lehtonen
Carlos Rafael Giani
Joe Slater
Jackie Huang
Stefan Müller-Klieser
Armin Kuster