openembedded-core.git/meta/recipes-multimedia, branch dizzy Mirror of openembedded-core libsndfile: Security Advisory - libsndfile - CVE-2014-9496 2015-07-20T19:53:06+00:00 Yue Tao Yue.Tao@windriver.com 2015-06-05T07:48:15+00:00 e2fdc340c109bd64b1520443b27bd42a0faef0e0 Backport two commits from libsndfile upstream to fix a segfault and two potential buffer overflows. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Backport two commits from libsndfile upstream to fix a segfault and
two potential buffer overflows.

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pulseaudio: use stricter PACKAGES_DYNAMIC 2015-04-27T14:02:25+00:00 Martin Jansa martin.jansa@gmail.com 2015-04-21T10:53:01+00:00 88dfdf7f87f5ea9f5b6200896fc7e7f5374929df * I don't see any usage for libpulse-* packages * adding '-' resolves the issue when we have separate recipe for pulseaudio-modules-droid which isn't built to satisfy RDEPENDS with the same name, because generic pulseaudio recipe seems to RPROVIDE it through PACKAGES_DYNAMIC Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* I don't see any usage for libpulse-* packages
* adding '-' resolves the issue when we have separate recipe for
  pulseaudio-modules-droid which isn't built to satisfy RDEPENDS
  with the same name, because generic pulseaudio recipe seems to
  RPROVIDE it through PACKAGES_DYNAMIC

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gstreamer1.0-* fix configure for out of tree build on git recipes 2014-12-31T10:17:46+00:00 Awais Belal awais_belal@mentor.com 2014-12-16T15:46:40+00:00 dbb6cb42a9113038e437cf417f0b9cb25a285e9f The autogen.sh script lies in the srcdir ($S) and is required to be run on git based checkouts of gstreamer packages in order to generate initial makefiles. So, we fix this by cd'ing to the specific dir, run the required script and then come back to our initial dir which is builddir ($B). Additionally rather than overriding the whole do_configure step we only _prepend to make it clear what we are doing here. (From OE-Core rev: f4a26b72377380e60d1e7058ba40aaf49b6316e5) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The autogen.sh script lies in the srcdir ($S) and is required to be run on git
based checkouts of gstreamer packages in order to generate initial
makefiles. So, we fix this by cd'ing to the specific dir, run the required
script and then come back to our initial dir which is builddir ($B).
Additionally rather than overriding the whole do_configure step we only _prepend
to make it clear what we are doing here.

(From OE-Core rev: f4a26b72377380e60d1e7058ba40aaf49b6316e5)

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gst-plugins-bad: add PACKAGECONFIG for the RTMP plugin 2014-12-31T10:17:46+00:00 Ross Burton ross.burton@intel.com 2014-12-11T11:25:46+00:00 00b62db6a53c1d47acbcae02ad1fe33aec5839e4 The RTMP plugin was non-deterministic, based on whether rtmpdump from meta-multimedia had been built. Add a PACKAGECONFIG to resolve this. (From OE-Core rev: b34147722b1ea43e960eae10c514325e40cdf0ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The RTMP plugin was non-deterministic, based on whether rtmpdump from
meta-multimedia had been built.  Add a PACKAGECONFIG to resolve this.

(From OE-Core rev: b34147722b1ea43e960eae10c514325e40cdf0ba)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gst-ffmpeg: fixes for CVE-2014-8548 and CVE-2014-8541 2014-12-31T10:16:58+00:00 Roy Li rongqing.li@windriver.com 2014-11-19T03:02:11+00:00 fad70ea3495329a39329532f59de3b14c22c2d15 Issue: LIN7-1755 Issue: LIN7-1739 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8541 libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8548 Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. (From OE-Core rev: 4bd50c5a967af2b8f0fe77b8f9c100169e4fc531) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Issue: LIN7-1755
Issue: LIN7-1739

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
differences, and not bits-per-pixel differences, when determining whether an
image size has changed, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted MJPEG data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote
attackers to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via crafted Quicktime Graphics (aka SMC) video
data.

(From OE-Core rev: 4bd50c5a967af2b8f0fe77b8f9c100169e4fc531)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869 2014-10-18T14:12:56+00:00 Yue Tao Yue.Tao@windriver.com 2014-08-29T06:46:19+00:00 464123172c92d92fa08e2125c04653590ad654c7 The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2
allows remote attackers to have an unspecified impact via crafted H.264
data, related to an SPS and slice mismatch and an out-of-bounds array
access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-4358 2014-10-18T14:12:56+00:00 Yue Tao Yue.Tao@windriver.com 2014-08-29T06:46:18+00:00 6a029bee3da097b9ed8c421fcd5ea61cd1a31b34 libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4358 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to
cause a denial of service (crash) via vectors related to alternating bit
depths in H.264 data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4358

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
alsa-utils: interrupt streaming via signal 2014-09-29T16:49:11+00:00 Muzaffar Mahmood muzaffar_mahmood@mentor.com 2014-09-26T13:28:54+00:00 8e4ab29924c8c5fe2a79e8b0ca41fa45cc8e94a1 aplay/arecord (alsa-utils v1.0.28) cannot interrupt streaming via CTRL-C. Fixed the issue by reverting buggy patches and properly handling 'in_aborting' flag in appropriate functions. Signed-off-by: Anant Agrawal <Anant_Agrawal@mentor.com> Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com> Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com> 
aplay/arecord (alsa-utils v1.0.28) cannot interrupt streaming
via CTRL-C. Fixed the issue by reverting buggy patches and
properly handling 'in_aborting' flag in appropriate functions.

Signed-off-by: Anant Agrawal <Anant_Agrawal@mentor.com>
Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com>
gst-plugins-base: fix build failure for x86 2014-09-29T11:11:48+00:00 Jackie Huang jackie.huang@windriver.com 2014-09-16T08:58:34+00:00 556a19423d15c7c13f60d57528a3b880f95750b9 On x86, EMMINTRIN is defined but not usable without SSE so check for __SSE__ and __SSE2__ as well. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
On x86, EMMINTRIN is defined but not usable without SSE so check for
__SSE__ and __SSE2__ as well.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
gstreamer1.0-plugins-bad: disable libssh2 2014-09-22T11:57:12+00:00 Wenzong Fan wenzong.fan@windriver.com 2014-09-18T08:01:16+00:00 0cc59247ece1ea134d060d3ff064b5561972a92b libssh2 is automatically linked to if present, this undetermined dependency may cause build errors like: .../x86_64-poky-linux/4.9.0/ld: cannot find -lssh2 libssh2 isn't an oe-core recipe, disable it for now. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> 
libssh2 is automatically linked to if present, this undetermined
dependency may cause build errors like:

  .../x86_64-poky-linux/4.9.0/ld: cannot find -lssh2

libssh2 isn't an oe-core recipe, disable it for now.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>