Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
(From OE-Core rev: 0b0299415ec719bb4c3764dfa0740e4ff6cc0362)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9684eba5c543de229108008e29afd1dd021a9799)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
disable asm code if PIC is required, as the provided asm
decidedly is not PIC for x86.
(From OE-Core rev: 03c20ece58f4368ff95241e90063269f75e1b81d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 941fc40ca971f87e61c19e5a0703caa304ec7547)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It appears in testing that modern ffmpeg no longer needs to disable PIC,
so there's no need to ignore textrel warnings.
(From OE-Core rev: 6eebf4c2a9b5d30cf5145df61f1713ec1a6ce91a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98d577fef75d54a59eeacaabb4a45e44b2f6832e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
No need to depend on nasm if we're not going to use it.
(From OE-Core rev: 0830e65afc2e7d828ae1667addb6f7499ea8ddd0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b99ea7f130c3f945af9a09a6ecf85b6ff8f4b710)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The contents of the LICENSE.md file included in the current source
code package match those of libtiff license, which seems to have been
the case since 1999 commit
0ef31e1f62
where it was added with filename COPYRIGHT and was then changed to
LICENSE.md in 2022 commit
fa1d6d787f
(From OE-Core rev: 71d8e8b03349ab18dca558055c2b3a3687785ddf)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Improved detection of ioctl API makes it easier to use the right
implementation rather than bunch of ifdef condition checks.
(From OE-Core rev: a81fa08cada35a1b1163a56b80fa72110dcf1e7f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The most future proof way to not always ship the example files is to
package them separately.
(From OE-Core rev: ee405b4d75ed7361e8fd6220532c4a79b0b6bba6)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
binutils 2.43 is stricter with label names, so rename a label to stop
assembler errors.
[ YOCTO #15570 ]
(From OE-Core rev: 06d29af58521b94518c924468db34d0eed1cb056)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Generated documentation (html) contain absolute paths cources
using buildpaths warnings.
Replace them with relative links.
The file with root path to sources is in my build
/usr/share/doc/flac/api/dir_c122f5d6544f32779f55e8358fb78605.html
which does not looks as stable name, so replace it in all files.
(From OE-Core rev: c7d826c88933d53d550265f1cc382539c5c52994)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add pulseaudio PACKAGECONFIG for optional OSS (Open Sound System) output
support. OSS was a sound system available before ALSA and has since been
deprecated. Lately, this part has started causing build issues when used
with GLIBC_64BIT_TIME_FLAGS. Thus, by default drop OSS output support in
favor of Y2038 compliance.
(From OE-Core rev: c74a7382f4e3c6516c97b1473731a27c57b4e0aa)
Signed-off-by: Primoz Fiser <primoz.fiser@norik.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are three baseparser tests which are causing trouble on the AB,
so disable them as we've filed an upstream bug.
Also fix a typo when we were attempting to disable parser_pull_short_read
where a colon was used instead of a comma.
(From OE-Core rev: 91dbe8d6c57805f38bd287f1b392759df066589b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On ARMv7 compilation of ffmpeg breaks if Vulkan support is enabled.
Backport a patch from the trunk to fix compilation issues:
| src/libavcodec/vulkan_av1.c: In function 'vk_av1_create_params':
| src/libavcodec/vulkan_av1.c:214:43: error: initialization of 'long long unsigned int' from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 214 | .videoSessionParametersTemplate = NULL,
| | ^~~~
| src/libavcodec/vulkan_av1.c:214:43: note: (near initialization for '(anonymous).videoSessionParametersTemplate')
| make: *** [/oe/build/tmp-rpb_wayland-glibc/work/armv7at2hf-neon-linaro-linux-gnueabi/ffmpeg/6.1.1/ffmpeg-6.1.1/ffbuild/common.mak:81: libavcodec/vulkan_av1.o] Error 1
| make: *** Waiting for unfinished jobs....
| src/libavcodec/vulkan_decode.c: In function 'ff_vk_decode_prepare_frame':
| src/libavcodec/vulkan_decode.c:191:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 191 | vkpic->img_view_ref = NULL;
| | ^
| src/libavcodec/vulkan_decode.c:192:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 192 | vkpic->img_view_out = NULL;
| | ^
| src/libavcodec/vulkan_decode.c:193:26: error: assignment to 'VkImageView' {aka 'long long unsigned int'} from 'void *' makes integer from pointer without a cast [-Wint-conversion]
| 193 | vkpic->img_view_dest = NULL;
| | ^
| make: *** [/oe/build/tmp-rpb_wayland-glibc/work/armv7at2hf-neon-linaro-linux-gnueabi/ffmpeg/6.1.1/ffmpeg-6.1.1/ffbuild/common.mak:81: libavcodec/vulkan_decode.o] Error 1
(From OE-Core rev: 52001cabd021b7c856acf426b668b99a72561de0)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since d5755744 (MR !2943; landed in 1.23.1), gstreamer switched to
webrtc-audio-processing-1. This fixes:
./gst-plugins-bad-1.24.3/ext/webrtcdsp/meson.build:7:13: ERROR: Dependency "webrtc-audio-processing-1" not found, tried pkgconfig
(From OE-Core rev: 28f8502727ef29ee2fc52fc739af9c4be9ef0ee1)
Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now-removed gstreamer omx plugin was the only consumer, and it's all very obsolete and
hasn't seen development in years.
(From OE-Core rev: 63535ce55141e7d4184a1f19efc3f49946f506ae)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The mirror was out of date; meanwhile x264 remains in active development.
Drop unsuitable x32 patch and declare x264 incompatible with the target
(by every sign it's an extinct target; if not so please work with upstream
to develop a solution there).
Replace don-t-default-to-cortex-a9-with-neon.patch with a configure
option passing in target compiler options so that configure can make
correct decisions and we don't have to patch it.
(From OE-Core rev: 1018619f1b18f8045ae84d65d16becf3fe21ffe0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The baseparse:parser_pull_short_read test is known to be unreliable,
according to the list of known bad tests in gst-devtools.
Also clean up an incorrect comment.
(From OE-Core rev: be58657b3ee32af5a00f6bfecb9264751915dabd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we want to be able to stop unpacking to WORKDIR, correct the WORKDIR
references in recipe do_compile/do_install tasks to use UNPACKDIR in the
appropraite places instead.
(From OE-Core rev: d73595df69667fe9d12ecd407b77a0b8dae2109c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The qttools provide 'lrelease' tool, which is checked by recent
versions of meson build system. Unless the qttools are available
in sysroot, meson will fail to detect qt5 installation at build
time and the gstreamer build will fail. Fix this by including
the qttools-native.
(From OE-Core rev: ae2ca4af54695003638da38f8548aa8573d18201)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
At some point this patch became unnecessary as the respective qt5 plugin is building without issues
without it (checked on qemuarm/qemuarm64).
(From OE-Core rev: 093575753b928d36a21dca6ff2378b4e299ff4af)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* API changes:
- libwebpmux: WebPAnimEncoderSetChunk, WebPAnimEncoderGetChunk,
WebPAnimEncoderDeleteChunk
- libsharpyuv: SharpYuvOptionsInit, SharpYuvConvertWithOptions
- extras: SharpYuvEstimate420Risk
* further security related hardening in libwebp & examples
* some minor optimizations in the lossless encoder
* added WEBP_NODISCARD to report unused result warnings; enable with
-DWEBP_ENABLE_NODISCARD=1
* improvements and corrections in webp-container-spec.txt and
webp-lossless-bitstream-spec.txt
* miscellaneous warning, bug & build fixes
(From OE-Core rev: 604f81b833472913db5001242ede5ea8397a2104)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is as well inactive for over 10 years, and has been superseded by ffmpeg long time ago.
(From OE-Core rev: d46660e6c083baf7a7cf68a0eb98260246ccdcaf)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The component has been superseded by ffmpeg long ago, tarballs have
disappeared from sourceforge, no work on it has happened in over 10 years.
(From OE-Core rev: 90fbfe9fe1dab1568b85ee497520e789417d41f6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- build: Detect forced 64 bit offsets on a dual-mode system that used
to default to 32 bits and drop ambiguous suffix-less symbols in that
case.
(From OE-Core rev: 5e76967536191ac42fdd0c016e92a273dc4908e2)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
-Fixed the row width check in png_check_IHDR().
-Added eXIf chunk support to the push-mode reader in pngpread.c.
-Added contrib/pngexif for the benefit of the users who would like
to inspect the content of eXIf chunks.
-Added contrib/conftest/basic.dfa, a basic build-time configuration.
-Fixed a preprocessor condition in pngread.c that broke build-time
configurations like contrib/conftest/pngcp.dfa.
-Added CMake build support for LoongArch LSX.
-Fixed a CMake build error that occurred under a peculiar state of the
dependency tree. This was a regression introduced in libpng-1.6.41.
-Marked the installed libpng headers as system headers in CMake.
-Updated the build support for RISCOS.
-Updated the makefiles to allow cross-platform builds to initialize
conventional make variables like AR and ARFLAGS.
-Added various improvements to the CI scripts in areas like version
consistency verification and text linting.
Added version consistency verification to pngtest.c also.
(From OE-Core rev: d36edc338fde6879390c322fb6333812a2c2ed74)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
https://gstreamer.freedesktop.org/releases/1.22/#1.22.11
Change the Upstream-Status URL for patch:
0002-ssaparse-enhance-SSA-text-lines-parsing.patch
since the bug tracker moved but the bug is not yet resolved.
"gstreamer 1.22.9 and 1.22.10 contain a regression that cause the audio
output to freeze when muting. this regression has been fixed in 1.22.11"
[YOCTO #15456]
(From OE-Core rev: cad5d53e13093ac2fc6f5ba1d0e26fb16e3d88f7)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
First, libcheck has the ability to increase all test timeouts by an arbitrary
multiplier. Because we run our tests on loaded build machines,
increase all timeouts by 10x to reduce the chance of load causing failures.
Second, use GST_CHECKS_IGNORE to list test cases that should be skipped.
Drop skip-aggregator-test.patch as this is now redundant, and also skip
gstnetclientclock.c:test_functioning as this is very sensitive to load.
[ YOCTO #14808 ]
(From OE-Core rev: 669d0df81f651f7c033c8cb7872cac5bfe670a4f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently we're hitting permanent redirects on the urls. Tweak them
to avoid that overhead/noise/inefficiency.
(From OE-Core rev: 6b81db486e760483cf373559dc0b5ee71e410b09)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
============
- build:
-- CMake port uses CFLAGS for pulse/jack/tinyalsa properly now (bug 366).
-- CMake port links libsyn123 with libm now (bug 370).
- libmpg123:
-- Fix --enable-portable (no usage of LFS_WRAP_NONE, bug 368).
-- Fix dct36 wrapper usage for x86-64 and NEON. Stupid (bug 367) and
also avoid returning void.
-- Make ARM builds work with nagging (missing feature macros for std=c99)
(From OE-Core rev: 038313876c68b4b2c71f869f09c0f831cebf2d29)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
Fixed the implementation of the macro function png_check_sig().
(From OE-Core rev: b92fb50237f394cae663e4e88b1b85f30693439e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The aggregator testcase test_infinite_seek_50_src_live is known upstream
to be flaky[1] and when this fails in their CI they just ignore it.
It's failing often on our autobuilder, so disable the test case for now
until upstream have resolved this issue.
[ YOCTO #15054 ]
[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410
(From OE-Core rev: c2c9cbc107e5428122ad26b5c478602f0c8c0fbe)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
