Age | Commit message (Collapse) | Author | Files |
|
v2 changes:
* update format for commit log
* add Upstream-Status for patch
ppm2tiff does not check the return value of the TIFFScanlineSize
function, which allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PPM image that
triggers an integer overflow, a zero-memory allocation, and a heap-based
buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise may do_compile error:
test-cgroups.c:43:23:: fatal error: libcgroup.h: No such file or directory
and:
configure: No package 'gstreamer-plugins-base-1.0' found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A Gstreamer library which provides an API to create an RTSP server (e.g. to stream RTP to VLC clients and similar).
Tested, works with GStreamer 1.2.3 + videotestsrc based pipeline on RPi.
Signed-off-by: Alex J Lennon <ajlennon@dynamicdevices.co.uk>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It seems that 585324fee380109acd9986388f857f413a60b896 is no
longer there in git and it has been rewritten to
ffc3ad4945da69f3caa2b40e4eed715a9a8d9526
Change-Id: I9ffe8bd9bcef0d2dc5e6f6d3a6e4317bada8f4be
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this, configure will fail due to a missing AM_ICONV macro.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Switched to BP variable.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
gstreamer/lame does runtime detection to enable/disable things like SSE code.
Unfortunately it is broken and will try and use this even with i586
compiler flags. This change forces it back to the approach with gcc 4.8
by disabling the problematic headers.
Its suboptimal but less so that the proposed previous forced enabling of
SSE on x86 everywhere.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
However in gstreamer no FILESPATH additions are currently needed so
instead it should be removed.
Signed-off-by: Petter Mabäcker <petter@technux.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GLib 2.40 adds g_ptr_array_insert, but gst-openmax is definining that as a
static helper function. Rename the static function so it doesn't conflict with
GLib's namespace.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* fixes following issue in test-dependencies report:
gstreamer1.0-plugins-good/gstreamer1.0-plugins-good-ximagesrc/latest lost dependency on libxdamage
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* fixes following issues from test-dependencies report:
gst-plugins-good/gst-plugins-good-ximagesrc/latest lost dependency on libxdamage
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* resolve following issues from test-dependencies issues:
gst-plugins-bad/gst-plugins-bad-meta/latest lost dependency on
gst-plugins-bad-dc1394 gst-plugins-bad-faac gst-plugins-bad-schro
Found errors:
gst-plugins-bad/gst-plugins-bad-dc1394/latest doesn't exist
gst-plugins-bad/gst-plugins-bad-dc1394-dev/latest doesn't exist
gst-plugins-bad/gst-plugins-bad-faac/latest doesn't exist
gst-plugins-bad/gst-plugins-bad-faac-dev/latest doesn't exist
gst-plugins-bad/gst-plugins-bad-schro/latest doesn't exist
gst-plugins-bad/gst-plugins-bad-schro-dev/latest doesn't exist
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Fixes CVE-2014-0333
2. There are changes in License checksums. This is due to new
contributor names being added to LICENSE and png.h file
contains version of the new release.So, license remains the same.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When we have opengl in distro features but not x11 and try to
build libav then it calls out to build libsdl which inturn has depependency on libglu
and libglu fails to build
ld: error: cannot find -lGL
| collect2: error: ld returned 1 exit status
| make: *** [libGLU.la] Error 1
| ERROR: oe_runmake failed
since libglu wants glx enabled in mesa and glx in mesa is (righly) enabled only when x11
is in distro features.
This breaks the dependency chain leading to this problem
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch had some new tool (hdajackretask) missing which were
triggering build failures in O.S. Systems' builder as:
,----[ Build error in a clean tmp, without x11 ]
| checking for GTK3... no
| configure: error: Package requirements (gtk+-3.0) were not met:
|
| No package 'gtk+-3.0' found
|
| Consider adjusting the PKG_CONFIG_PATH environment variable if you
| installed software in a non-standard prefix.
|
| Alternatively, you may set the environment variables GTK3_CFLAGS
| and GTK3_LIBS to avoid the need to call pkg-config.
| See the pkg-config man page for more details.
| make: *** [all] Error 1
`----
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop --disable-ffmpegcomponents which is deprecated since libomxil-bellagio-0.9.1
Explicitly disable doc generation to prevent using doxygen from build machine.
Components are external and are available separately here:
http://sourceforge.net/projects/omxil/files/components/
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
cve description:
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via
a crafted GIF image.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since yasm has been moved to OE-core, there is no reason for not enabling
yasm by default anymore. It improves performance of gstreamer1.0-libav
considerably.
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In order to remove WARN-QA message regarding --disable-schemas-install configure option.
Signed-off-by: Alexandru Palalau <alexandrux.palalau@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bluetooth-proximity has been removed in 5.0
pulseaudio now differentiates between bluez4 and bluez5
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Updated patch to work with alsa-tools version 1.0.27
Signed-off-by: Simone Agresta <simone.agresta@bticino.it>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
perl is run as part of the configure process, so we should ensure that
it's available.
Should fix [YOCTO #5768].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Updated patch to work with alsa-tools version 1.0.27
Signed-off-by: Simone Agresta <simone.agresta@bticino.it>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|