summaryrefslogtreecommitdiff
path: root/meta/recipes-multimedia
AgeCommit message (Collapse)AuthorFiles
2017-01-11tiff: Fix several CVE issuesMingli Yu2
Fix CVE-2016-9533, CVE-2016-9534, CVE-2016-9536 and CVE-2016-9537 External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9533 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9534 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9537 Patch from: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f (From OE-Core rev: f75ecefee21ef89b147fff9afae01a6f09c93198) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-9538Mingli Yu2
* tools/tiffcrop.c: fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16 overflow. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9538 Patch from: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f (From OE-Core rev: 9af5d5ea882c853e4cb15006f990d3814eeea9ae) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-9535Mingli Yu3
* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: set CVE NAMERoss Burton1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-9539Zhixiong Chi2
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9539 Patch from: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 (From OE-Core rev: 58bf0a237ca28459eb8c3afa030c0054f5bc1f16) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-9540Zhixiong Chi2
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9540 Patch from: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 (From OE-Core rev: cc97dc66006c7892473e3b4790d05e12445bb927) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-3632Yi Zhao2
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632 http://bugzilla.maptools.org/show_bug.cgi?id=2549 https://bugzilla.redhat.com/show_bug.cgi?id=1325095 The patch is from RHEL7. (From OE-Core rev: 9206c86239717718be840a32724fd1c190929370) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tiff: Security fix CVE-2016-3658Zhixiong Chi2
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658 http://bugzilla.maptools.org/show_bug.cgi?id=2546 Patch from: https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d (From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3622Yi Zhao2
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622 http://www.openwall.com/lists/oss-security/2016/04/07/4 Patch from: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 (From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3623Yi Zhao2
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623 http://bugzilla.maptools.org/show_bug.cgi?id=2569 Patch from: https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b (From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3991Yi Zhao2
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991 http://bugzilla.maptools.org/show_bug.cgi?id=2543 Patch from: https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba (From OE-Core rev: d31267438a654ecb396aefced201f52164171055) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3990Yi Zhao2
CVE-2016-3990 libtiff: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990 http://bugzilla.maptools.org/show_bug.cgi?id=2544 Patch from: https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 (From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3945Yi Zhao2
CVE-2016-3945 libtiff: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945 http://bugzilla.maptools.org/show_bug.cgi?id=2545 Patch from: https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6 (From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-05alsa-lib: allow building ARM thumb againAndreas Müller1
The directive mentioned in the comment was removed in: commit 326c6802e49e5499e16cf141e1cdb0360fce14aa Author: Riku Voipio <riku.voipio@linaro.org> Date: Fri Feb 7 15:38:58 2014 +0200 alsa-lib: heavy pcm atomics cleanup The following patch comes from the realization that at least ARM code for atomics is quite broken and nobody has cared for a decade. A quick dive shows that only snd_atomic_{read,write}_{begin,end} appear to be used widely. These are implemented using wmb/rmb. Only other use of atomic functions is in pcm_meter.c. The #SND_PCM_TYPE_METER plugin type appears rarely, if ever, used. I presume these days anyone who wants a meter/scope will do in pulseaudio layer instead of alsa. It would seem better fit to have pcm_meter in alsa-plugins instead of alsa-lib, but I guess that would be an ABI break... So instead, I'm proposing here 1. Removal of all hand-crafted atomics from iatomic.h apart from barriers, which are used in snd_atomic_{read,write}_{begin,end}. 2. Using __sync_synchronize as the default fallback for barriers. This has been available since gcc 4.1, so it shouldn't be a problem. 3. Defining the few atomics used by pcm_meter.c withing pcm_meter.c itself, using gcc atomic builtins[1]. 4. Since gcc atomic builtins are available only since gcc 4.7, add a check for that in gcc configure.in, and don't build pcm meter plugin if using older gcc. The last point has the impact, that if there actually is someone who 1) uses the meter plugin 2) wants to upgrade to 2014 alsa-lib 3) but does not want to use a 2012+ gcc - that someone will be inconvenienced. Finally remove the unneeded configure check for cpu type. We can trust the gcc to set right flags for us. [1] http://gcc.gnu.org/onlinedocs/gcc/_005f_005fatomic-Builtins.html Signed-off-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-10-05Revert "gst-player: Disable visualizations"Jussi Kukkonen2
This reverts oe-core commit b79d1bf49b56a97216fb719ac19e4dd9022f15b4. Now that xf86-video-intel is upgraded, visualizations can be enabled by default. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-28gst-player: Disable visualizationsMaxin B. John2
On some machines, visualizations in gst-player trigger a bug in xvimagesink. Till we have a proper fix, disable the visualization rather than downgrading the xvimagesink. Fixes [YOCTO #10041] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-23gstreamer1.0-libav: Add 'valgrind' config optionOtavio Salvador1
This fixes following error: ,---- | src/libavutil/log.c:51:31: fatal error: valgrind/valgrind.h: No such file or directory | #include <valgrind/valgrind.h> `---- Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-22x264: add textrel to INSANE_SKIPFahad Usman1
Tried by adding CFLAGS_append = " -fpic " to the recipe. But that couldn't help resolve the warning message: x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel] It was found that this warning is emitted because of the assembly files in the source code. And it is not easy to get rid of TEXTREL's which are coming from the assembly source files. Adding textrel to INSANE_SKIP resolves this issue. This issue was observed in cyclone5 and imx6qsabresd BSP's. So generalizing the patch. Signed-off-by: Fahad Usman <fahad_usman@mentor.com> Signed-off-by: Sujith Haridasan <Sujith_Haridasan@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-16pulseaudio: add ${S}/LICENSE to LIC_FILES_CHKSUMRoss Burton1
The LICENSE file describes how the various pieces are licensed, so add it to the checksum so we notice when it changes. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-14gst-player: specify PVMarkus Lehtonen1
Define PV in order to avoid package version being plain "git". Use the version number found from configure.ac plus the git revision. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-14gstreamer1.0-plugins-good.inc: Fix libv4l2 packageconfig dependencyCarlos Rafael Giani1
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-13gstreamer1.0-plugins-bad: Fix packageconfigs and patchesCarlos Rafael Giani5
This reintroduces fixes and changes which were introduced in the original gstreamer1.0-plugins-bad 1.8.1 upgrade commit. * packageconfigs changed since GStreamer 1.6.3 (they often do between minor version increases like 1.6 -> 1.8) * hls,tinyalsa packageconfigs moved into the .inc file * vulkan packageconfig dropped since there are no vulkan libraries in OE (libxcb alone is not enough) * reintroduced glimagesink downrank patch (it was removed because it was dangling before) * fixed patch line numbers Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-13gstreamer1.0-omx: inherit upstream-version-is-evenMaxin B. John1
Since gstreamer1.0-omx follows the GStreamer versioning style, inherit upstream-version-is-even for checking the upstream version of the package. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-13tiff: Update download URLJussi Kukkonen1
remotesensing.org domain has been taken over by someone unrelated. There does not seem to be an up-to-date tiff homepage, but osgeo.org is a reliable download site. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-13gstreamer1.0-plugins-good: enable v4l2-probeNicolas Dechesne1
A new mechanism to probe v4l2 M2M devices was implemented in gst 1.8 series, in order to get such devices probed we now need to enable v4l2-probe compile option which upstream decided to keep disabled by default (unfortunately), see [1]. With this feature disabled, it is not possible to get v4l2 M2M device to work in Gstreamer which is a common use case on many embedded platforms. This patch enables this new option as soon as v4l2 support is enabled in gstreamer -good. [1] https://bugzilla.gnome.org/show_bug.cgi?id=758085 Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-09gstreamer: remove packaged copy of gtk-doc.m4Ross Burton2
The gstreamer common module ships a copy of gtk-doc.m4 that will be used in preference to our patched form, so delete it before configure is executed. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-09-09gstreamer1.0: enable gtk-doc supportAlexander Kanavin5
check support is no longer disabled by default because it is a requirement of gtk-doc support in gstreamer. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
2016-09-09libwebp: sepcify neon availability for armJoe Slater1
Defeat automatic neon detection. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03pulseaudio: control ipv6 support based on DISTRO_FEATURESJackie Huang1
Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03gstreamer1.0-plugins-bad: add packageconfig for eglNicolas Dechesne1
In commit 9c3a94aea1d (gstreamer1.0-plugins-bad: Move EGL requirement for Wayland), --enable-egl was explicitely added to the wayland packageconfig. While this is correct that enabling wayland requires egl, it should be possible to enable egl without wayland, even when using X11. For example, glimagesink can be used for GPU based color conversion using EGL/GLES. As such, let's make egl and wayland two separate PACKAGECONFIG flags. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03x264: remove EXTRA_OEMAKE workaroundStefan Müller-Klieser1
The default of EXTRA_OEMAKE is already empty since commit: OE-Core rev: aeb653861a0ec39ea7a014c0622980edcbf653fa bitbake.conf: Remove unhelpful default value for EXTRA_OEMAKE Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03ffmpeg: update to 3.1.3Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03gstreamer1.0: upgrade to 1.8.3Maxin B. John10
1.8.2 -> 1.8.3 Remove backported patch from 1.8.3: 0007-glplugin-gleffects-fix-little-rectangel-appears-at-t.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03mpg123: update to 1.23.6Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03ffmpeg: update to 3.1.2Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-09-03libwebp: upgrade to 0.5.1Alexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-18alsa-utils: 1.1.1 -> 1.1.2Tanu Kaskinen2
Changelog: http://www.alsa-project.org/main/index.php/Changes_v1.1.1_v1.1.2 The FFT code in alsabat changed from double precision to single precision floating point numbers, which is why the fftw dependency changed to fftwf. Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-18alsa-lib: 1.1.1 -> 1.1.2Tanu Kaskinen3
Changelog: http://www.alsa-project.org/main/index.php/Changes_v1.1.1_v1.1.2 Removed upstreamed patch: 0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch Rebased avoid-including-sys-poll.h-directly.patch Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-17libpng: update 1.6.23 -> 1.6.24Maxin B. John1
Updates in License files are due to changes in Copyright date and Version. Ensure all tools are packaged into $PN-tools. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17ffmpeg: Pas CC and CXX to configureKhem Raj1
This helps in compiling it with with toolchain coming from a sstate server where its built using a different build time sysroot. Secondly, also helps compiling with non-gcc ( clang ) compiler Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17tiff: Security fix CVE-2016-5323Yi Zhao2
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323 http://bugzilla.maptools.org/show_bug.cgi?id=2559 Patch from: https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17tiff: Security fix CVE-2016-5321Yi Zhao2
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321 http://bugzilla.maptools.org/show_bug.cgi?id=2558 Patch from: https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17tiff: Security fix CVE-2016-3186Yi Zhao2
CVE-2016-3186 libtiff: buffer overflow in the readextension function in gif2tiff.c allows remote attackers to cause a denial of service via a crafted GIF file External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 https://bugzilla.redhat.com/show_bug.cgi?id=1319503 Patch from: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17tiff: Security fix CVE-2015-8784Armin Kuster2
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-17tiff: Security fix CVE-2015-8781Armin Kuster2
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-10gst-player: update the callback for delete-eventMaxin B. John2
provide similar behaviour for Media Player's quit and close callback functions. [YOCTO #10045] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-10alsa-utils: fix installed-vs-shipped for batStefan Müller-Klieser2
The bat PACKAGECONFIG does not install the test script correctly. Fix this by following the packaging used for the other bash scripts. While at it, fix some tabs. Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-08-07alsa-utils: remove dangling patchStefan Müller-Klieser1
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-07gstreamer1.0-plugins-bad: remove two dangling patchesStefan Müller-Klieser2
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-04gstreamer1.0-plugins-bad: Backport GstGLMemoryEGL implementationKhem Raj2
Backports fix for https://bugzilla.gnome.org/show_bug.cgi?id=760916 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>