Commit Graph

541 Commits

Author SHA1 Message Date
Gyorgy Sarvari bd41441bf3 libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837

Both vulnerabilities have been fixed in 0.10.5.

Relevant commits:
CVE-2025-12474: https://github.com/libjxl/libjxl/commit/5ce68976a5abfaea7b3086036ab9f6543ab5b29e
CVE-2026-1837: https://github.com/libjxl/libjxl/commit/36b0cecaa12f643d03c16bd32e5f83775c912b07

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:15 +05:30
Gyorgy Sarvari 24e8a09f65 libjxl: upgrade 0.10.2 -> 0.10.5
Bug fix release, mostly CVE fixes.
Drop patches that are included.

Changelog:
0.10.5:
fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
fix number of channels for gray-to-gray color transform (CVE-2026-1837)
djxl: reject decoding JXL files if "packed" representation size overflows size_t

0.10.4:
Huffman lookup table size fix (CVE-2024-11403)
Check height limit in modular trees (CVE-2024-11498)

0.10.3:
fixed decoding of some special images

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:02 +05:30
Peter Marko 2aaf663547 libmad: ignore CVE-2017-11552 and CVE-2018-7263
These CVEs are for mpg321, not libmad.
See Debian assessment:
* https://security-tracker.debian.org/tracker/CVE-2017-11552
* https://security-tracker.debian.org/tracker/CVE-2018-7263

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fee86a312f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-26 10:04:48 +05:30
Peter Marko 2ecd7e0156 id3lib: mark CVE-2007-4460 as fixed
This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in
SRC_URI.
Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2.
This can be verified by checking the debian/changelog within this patch
or diffing [1] and [2] and verifying that this can be reverse-applied.

[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz
[2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9fff0040f1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 08:12:26 +05:30
Wang Mingyu 5a5de39bbd libvpx: upgrade 1.14.0 -> 1.14.1
libvpx-configure-support-blank-prefix.patch
refreshed for 1.14.1

Changelog:
============
- Improved the detection of compiler support for AArch64 extensions,
  particularly SVE.
- Added vpx_codec_get_global_headers() support for VP9.
- Added buffer bounds checks to vpx_writer and vpx_write_bit_buffer.
- Fix to GetSegmentationData() crash in aq_mode=0 for RTC rate control.
- Fix to alloc for row_base_thresh_freq_fac.
- Free row mt memory before freeing cpi->tile_data.
- Fix to buffer alloc for vp9_bitstream_worker_data.
- Fix to VP8 race issue for multi-thread with pnsr_calc.
- Fix to uv width/height in vp9_scale_and_extend_frame_ssse3.
- Fix to integer division by zero and overflow in calc_pframe_target_size().
- Fix to integer overflow in vpx_img_alloc() & vpx_img_wrap()(CVE-2024-5197).
- Fix to UBSan error in vp9_rc_update_framerate().
- Fix to UBSan errors in vp8_new_framerate().
- Fix to integer overflow in vp8 encodeframe.c.
- Handle EINTR from sem_wait().

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 911023b521)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 08:12:25 +05:30
Peter Marko da046dd9e0 audiofile: mark CVE-2020-18781 as patched
Per [1] this CVE is already patched by commit [2].

This can be also verified with yocto build.

Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted

Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.

[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68f55c158e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 10:16:55 +05:30
Gyorgy Sarvari ab86e1f967 audiofile: patch CVE-2018-13440 and CVE-2018-17059
Details:
https://nvd.nist.gov/vuln/detail/CVE-2018-13440
https://nvd.nist.gov/vuln/detail/CVE-2018-17059

The patches have been backported from Debian - upstream
has been inactive for almost a decade by now.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e16a7d11d1)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 10:16:55 +05:30
Gyorgy Sarvari 5613d8330c audiofile: patch CVE-2019-13147 and CVE-2022-24599
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147
https://nvd.nist.gov/vuln/detail/CVE-2022-24599

These patches are used by opensuse to mitigate the corresponding vulnerabulities.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8ef997336a)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 10:16:55 +05:30
Gyorgy Sarvari a9fcf0ea77 id3lib: update remote patch SRC_URI
The URL of the patch archive from Debian got out of date - update it.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-12 11:32:41 +05:30
Hitendra Prajapati d18271891f libjxl: fix CVE-2024-11403 & CVE-2024-11498
* CVE-2024-11403 - Upstream-Status: Backport from https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99
* CVE-2024-11498 - Upstream-Status: Backport from https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 15:11:00 +08:00
Ninette Adhikari 0d59e9acda xsp: CVE status update for CVE-2006-2658
The recipe used in the `meta-openembedded` is a different xsp package compared to the one which has the CVE issue.
Package used in `meta-embedded`: maemo xsp http://repository.maemo.org/pool/maemo/ossw/source/x/xsp/
Package with CVE issue: mono xsp https://github.com/mono/xsp

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cb411a057)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:31 +08:00
Peter Marko 84f8102ada audiofile: patch CVE-2017-6839
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 88faae83b2)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:11:25 +08:00
Peter Marko f95b8652fd audiofile: patch CVE-2017-6831
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9d668989b1)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:11:24 +08:00
Peter Marko f9c6481dc0 audiofile: fix multiple CVEs
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 75f2bd2b3b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:11:24 +08:00
Peter Marko 9328cb8675 audiofile: patch CVE-2017-6829
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f29fbaa465)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:11:24 +08:00
Peter Marko e8474b925f audiofile: fix multiple CVEs
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 634cbcb91c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-06 16:11:24 +08:00
Jiaying Song 2a7a09ff10 v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
  which avoids the following QA issue during builds on 32-bit systems:

  WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'

* Undefine _TIME_BITS to fix the build error:

  /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-11 16:58:30 +08:00
Changqing Li 714191caf6 pavucontrol: update SRC_URI
Server's https certificate isn't valid for freedesktop.org without www
prefix, refer [1]. Update SRC_URI to fix do_fetch warning

[1] https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/1537

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-08-10 11:14:22 -04:00
Neel Gandhi 7b3573ea59 v4l-utils: Install media ctrl header and library files
Commit 9389d63fdd removed a previous patch
that caused the recipe to install the header and library files. Restore
this behavior to the new meson based build system.

Signed-off-by: Neel Gandhi <neel.gandhi@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f453c3401)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-07-17 20:00:55 -04:00
Wang Mingyu c03a9a4b84 libopus: upgrade 1.5.1 -> 1.5.2
Changelog:
 fixes a misalignment issue in the AVX2 code that could cause crashes under Windows.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-21 10:52:44 -07:00
Martin Jansa 85612628ba libjxl: drop -mfp16-format=ieee
* causes qemuarm failure as shown in:
  http://errors.yoctoproject.org/Errors/Details/761504/
  and reported in:
  https://lists.openembedded.org/g/openembedded-devel/message/109812

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-21 10:52:41 -07:00
Randy MacLeod 39b3f4ec6b libmad: switch links/SRC_URI to https sites
Switch to the sourceforge SRC_URI since the mars.org site only supports ftp.
Also switch the HOMEPAGE and BUGTRACKER links over to https.
and drop the obsolete SRC_URI[md5sum].

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-14 08:38:39 -07:00
Khem Raj 167d9f39d0 highway,libjxl: Remove -mfp16-format=ieee when using clang compiler
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-03 17:44:23 -07:00
Markus Volk 4b9962630b libjxl: add recipe
Import this recipe from meta-wayland, because it is a prerequisite
for the Gnome desktop. The recently updated gnome-backgrounds package
has converted most of the backgrounds to jxl and to keep them usable
the gdk-pixbuf-loader for jpegxl must be provided. This is included
in the libjxl package itself.

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-03 17:44:21 -07:00
Wang Mingyu 58fe510020 libopus: upgrade 1.4 -> 1.5.1
License-Update: Copyright updated to 2023.

Changelog:
===========
-Significant improvement to packet loss robustness using Deep Redundancy (DRED)
-Improved packet loss concealment through Deep PLC
-Low-bitrate speech quality enhancement down to 6 kb/s wideband
-Improved x86 (AVX2) and Arm (Neon) optimizations
-Support for 4th and 5th order ambisonics

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-20 09:28:05 -07:00
Martin Jansa e722be5fac recipes: Drop remaining PR values from recipes
* as oe-core did in:
  https://git.openembedded.org/openembedded-core/commit/?id=d4c346e8ab

* when people are have to maintain own PRs for recipes in oe-core, they
  might add them for meta-oe recipes at the same time when upgrading
  to next LTS

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-17 13:10:10 -07:00
Martin Jansa 21f956598d recipes: drop ${SRCPV} usage
* Drop SRCPV similarly like oe-core did in:
  https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=843f82a246a535c353e08072f252d1dc78217872

* SRCPV is deferred now from PV to PKGV since:
  https://git.openembedded.org/openembedded-core/commit/?h=nanbield&id=a8e7b0f932b9ea69b3a218fca18041676c65aba0

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
2024-02-09 09:52:12 -08:00
Martin Jansa 30f7287119 libvpx: restore Upstream-Status
* accidentally dropped in:
  https://git.openembedded.org/meta-openembedded/commit/?id=acfdff6e41f860b31faefb4e449239a6d04d7502

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-30 11:42:59 -08:00
Martin Jansa 2c6caea18f jack: fix build with python3 on host
* first backport from waflib fixes:
| DEBUG: Executing shell function do_configure
| Traceback (most recent call last):
|   File "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/./waf", line 166, in <module>
|     from waflib import Scripting
|   File "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Scripting.py", line 10, in <module>
|     from waflib import Utils, Configure, Logs, Options, ConfigSet, Context, Errors, Build, Node
|   File "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Configure.py", line 16, in <module>
|     from waflib import ConfigSet, Utils, Options, Logs, Context, Build, Errors
|   File "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Options.py", line 14, in <module>
|     from waflib import Logs, Utils, Context, Errors
|   File "/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Context.py", line 9, in <module>
|     import os, re, imp, sys
| ModuleNotFoundError: No module named 'imp'

  the 2nd one avoids SyntaxWarning from waf --version which causes
  waf_preconfigure to fail, because SyntaxWarning ends in
    waf_preconfigure to fail, because SyntaxWarning ends in bb.utils.vercmp_string_op:

jack/1.9.22/git $ python3 waf --version
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Context.py:617: SyntaxWarning: invalid escape sequence '\_'
  """
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Build.py:107: SyntaxWarning: invalid escape sequence '\*'
  """List of targets to build (default: \*)"""
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/Task.py:1047: SyntaxWarning: invalid escape sequence '\w'
  re_cond = re.compile('(?P<var>\w+)|(?P<or>\|)|(?P<and>&)')
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/jack/1.9.22/git/waflib/TaskGen.py:730: SyntaxWarning: invalid escape sequence '\w'
  re_m4 = re.compile('@(\w+)@', re.M)
waf 2.0.12 (54841218840ffa34fddf834680a5a17db69caa12)

As reported in
https://lists.openembedded.org/g/openembedded-core/message/194348

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-27 09:48:32 -08:00
Wang Mingyu acfdff6e41 libvpx: upgrade 1.13.1 -> 1.14.0
Changelog:
===========
  Fix to missing prototypes from the rtcd header.
  Fix to segfault when total size is enlarged but width is smaller.
  Fix to the build for arm64ec using MSVC.
  Fix to copy BLOCK_8X8's mi to PICK_MODE_CONTEXT::mic.
  Fix to -Wshadow warnings.
  Fix to heap overflow in vpx_get4x4sse_cs_neon.
  Fix to buffer overrun in highbd Neon subpel variance filters.
  Added bitexact encode test script.
  Fix to -Wl,-z,defs with Clang's sanitizers.
  Fix to decoder stability after error & continued decoding.
  Fix to mismatch of VP9 encode with NEON intrinsics with C only version.
  Fix to Arm64 MSVC compile vpx_highbd_fdct4x4_neon.
  Fix to fragments count before use.
  Fix to a case where target bandwidth is 0 for SVC.
  Fix mask in vp9_quantize_avx2,highbd_get_max_lane_eob.
  Fix to int overflow in vp9_calc_pframe_target_size_one_pass_cbr.
  Fix to integer overflow in vp8,ratectrl.c.
  Fix to integer overflow in vp9 svc.
  Fix to avg_frame_bandwidth overflow.
  Fix to per frame qp for temporal layers.
  Fix to unsigned integer overflow in sse computation.
  Fix to uninitialized mesh feature for BEST mode.
  Fix to overflow in highbd temporal_filter.
  Fix to unaligned loads w/w==4 in vpx_convolve_copy_neon.
  Skip arm64_neon.h workaround w/VS >= 2019.
  Fix to c vs avx mismatch of diamond_search_sad().
  Fix to c vs intrinsic mismatch of vpx_hadamard_32x32() function.
  Fix to a bug in vpx_hadamard_32x32_neon().
  Fix to Clang -Wunreachable-code-aggressive warnings.
  Fix to a bug in vpx_highbd_hadamard_32x32_neon().
  Fix to -Wunreachable-code in mfqe_partition.
  Force mode search on 64x64 if no mode is selected.
  Fix to ubsan failure caused by left shift of negative.
  Fix to integer overflow in calc_pframe_target_size.
  Fix to float-cast-overflow in vp8_change_config().
  Fix to a null ptr before use.
  Conditionally skip using inter frames in speed features.
  Remove invalid reference frames.
  Disable intra mode search speed features conditionally.
  Set nonrd keyframe under dynamic change of deadline for rtc.
  Fix to scaled reference offsets.
  Set skip_recode=0 in nonrd_pick_sb_modes.
  Fix to an edge case when downsizing to one.
  Fix to a bug in frame scaling.
  Fix to pred buffer stride.
  Fix to a bug in simple motion search.
  Update frame size in actual encoding.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-22 18:02:28 -08:00
Fabio Estevam ca628a65c7 v4l-utils: Remove unneeded musl patch
The musl issue that 0004-Do-not-use-getsubopt.patch fixes has already
been addressed by the following v4l-utils upstream commit:

commit 6e19bb895a16a9a247524ac526ab47f576cc36f6
Author: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Date:   Thu Nov 25 10:59:22 2021 +0100

    v4l-utils: use v4l_getsubopt instead of getsubopt

    Android doesn't have getsubopt at all, and some libc implementations
    use a getsubopt variant that behaves slightly different.

    So add a new v4l-getsubopt.h header that either just uses the glibc
    function (if glibc is detected) or uses a static inline v4l_getsubopt
    that is copied from glibc. This should avoid such problems.

    Reported-by: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
    Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>

Remove the unneeded patch.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-19 09:51:05 -08:00
Fabio Estevam 9389d63fdd v4l-utils: Update to 1.26.1
Update to 1.26.1.

Remove the Makefile.am patches as they no longer apply due to
the switch to Meson.

Backport a fix that prevents installing 50-rc_keymap.conf in systems
without systemd.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-12 08:51:11 -08:00
alperak 03cfdf3d07 wavpack: upgrade 5.1.0 -> 5.6.0
* Added patches to fix -> unversioned.so was causing incorrect packaging and errors.

* Added openssl as a depends because trying to link with native libcrypto in some builds -> lib32-wavpack/5.6.0/recipe-sysroot-native/usr/lib/libcrypto.so: file not recognized: file format not recognized

License-Update: Copyright year changes

Changelog:

* added: AIFF file import/export support
* added: WATCOM compiler and OS/2 support
* added: cmake support for mingw, builds Cooledit + Winamp plugins
* added: --force-even-byte-depth option for rounding up bit depths
* fixed: detect and report PCM files having non-zero padding bits
* fixed: possible crash when displaying long channel assignments
* fixed: big-endian-sourced "raw" files gave big-endian "wav"s
* fixed: numerous minor issues
* fixed: CVE-2021-44269 (encoding crafted DSD file triggers OOB read crash)
* fixed: very long filenames cause stack-overflow crash in all CLI programs
* fixed: the length stored in WAV headers not always corrected when using -i
* fixed: attempting to encode raw DSD audio from stdin sometimes causes crash
* fixed: DSD to PCM decimation: small clicks between tracks and tiny DC offset
* fixed: length update in library-generated WAV headers on big-endian machines
* fixed: sanitize custom extensions read from WavPack files to be alphanumeric
* added: accepting brace-delimited options in the wavpack executable filename
* added: "--drop" option to Windows executables for multi-file "drag-and-drop"
* added" "--raw-pcm" option to wvunpack executable (does DSD --> 24-bit PCM)
* added: "--no-overwrite" option to wavpack executable (to resume sessions)
* improved: build system clean-up including switch to non-recursive "make"
* fixed: potential security issue CVE-2020-35738
* fixed: disable A32 asm code when building for Apple silicon
* fixed: issues with Adobe-style floating-point WAV files
* added: -vv option to wvunpack to quickly verify using just
     block checksums (ideal for detecting corrupted files)
* added: --normalize-floats option to wvunpack for correctly
     exporting un-normalized floating-point files
* updated: Visual Studio 2019 for Windows builds
* dropped: WinXP support in official binaries
* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
      (no CVEs or vulnerabilities)
* fixed: trailing garbage characters on imported ID3v2 TXXX tags
* fixed: various minor undefined behavior and memory access issues
* fixed: sanitize tag extraction names for length and path inclusion
* improved: reformat wvunpack "help" and split into long + short versions
* added: regression testing to Travis CI for OSS-Fuzz crashers
* fixed: potential security issues including the following CVEs:
     CVE-2018-19840 CVE-2018-19841 CVE-2018-10536
     CVE-2018-10537 CVE-2018-10538 CVE-2018-10539
     CVE-2018-10540 CVE-2018-7254  CVE-2018-7253
     CVE-2018-6767
* added: support for CMake, Travis CI, and Google's OSS-fuzz
* fixed: use correction file for encode verify (pipe input, Windows)
* fixed: correct WAV header with actual length (pipe input, -i option)
* fixed: thumb interworking and not needing v6 architecture (ARM asm)
* added: handle more ID3v2.3 tag items and from all file types
* fixed: coredump on Sparc64 (changed MD5 implementation)
* fixed: handle invalid ID3v2.3 tags from sacd-ripper
* fixed: several corner-case memory leaks

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-09 10:05:02 -08:00
Robert Yang 9ef06c6319 v4l-utils: Add PACKAGECONFIG for v4l2-tracer to fix determinstic build
Fixed do_package error when json-c is in the build dependencies chain:
ERROR: QA Issue: -dev package libv4l-dev contains non-symlink .so '/usr/lib/libv4l2tracer.so' [dev-elf]

This recipe builds out files such as av4l1compat.so v4l2convert.so and
libv4l2tracer.so which are not symlinks.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-02 08:24:09 -08:00
Marek Vasut 1867ce60e2 faad2: Upgrade 2.10.0 -> 2.11.1
Update faad2 to latest 2.11.1 release. Use SRCREV matching tag 2.11.1 .

Switch to cmake .

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-20 11:12:59 -08:00
skandigraun 82d0508039 libvpx: don't specify armv5 and armv6 toolchains explicitly
The libvpx project has removed the support for these values, and
the recipe can't be built anymore for these arch's when these values
are used. The correct value for these arch's is `generic-gnu`,
which is used as a default fallthrough value for all platforms
in the recipe for arch's that are not specified explicitly.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-19 19:47:47 -08:00
Peter Kjellerstedt 3b942172ba jack: Revert to 1.9.22
There is no version "2". The tag "jack2-control-api-relicense-nedko"
incorrectly triggered AUH to identify it as version "2". Additionally,
the previous recipe version "1.19.22" was also incorrect. It should
actually have been "1.9.22".

License-Update: Update the licenses based on analysis of the code
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-07 19:59:58 -08:00
Khem Raj 41c848d001 jack: upgrade 1.19.22 -> 2
License-Update: Update license field to reflect missing AFL-2.1 and MIT licenses

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-05 22:26:30 -08:00
Richard Purdie 9962d57f7c meta-oe: Drop broken BBCLASSEXTEND variants
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.

In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.

Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-24 09:08:45 -07:00
Benjamin Bara 06faef7244 libvpx: upgrade 1.13.0 -> 1.13.1
Changelog:
=========
This release contains two security related fixes. One each for VP8 and
VP9.

- Upgrading:
  This release is ABI compatible with the previous release.

- Bug fixes:
  https://crbug.com/1486441 (CVE-2023-5217)
  Fix to a crash related to VP9 encoding (#1642)

Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-04 13:10:06 -07:00
Benjamin Bara 9156898cc5 ne10: set incompatible for armv7 without neon
ne10 requires NEON[1], therefore set incompatible for incompatible
machines. In this case, don't depend on it in libopus, as it is optional
anyways.

[1] https://github.com/projectNe10/Ne10/blob/v1.2.1/CMakeLists.txt#L139

Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-29 00:04:04 -07:00
Emil Kronborg Andersen 8ff8621c4a libopus: add CVE_PRODUCT
Signed-off-by: Emil Kronborg Andersen <emkan@prevas.dk>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-26 17:32:45 -07:00
Benjamin Bara 0324259cd6 libvpx: fix VPXTARGET for non-neon armv7a
The compiler might use non-supported instructions, as the build config
requires armv7-linux-gcc targets to have NEON[1] and drops the mtune
value[2], which also might use d32 registers on d16 cpus.

Falling back to the generic-gnu target respects the toolchain-set values
and should therefore be used instead.

[1] https://chromium.googlesource.com/webm/libvpx/+/626ff35955c2c35b806b3e0ecf551a1a8611cdbf/build/make/configure.sh#955
[2] https://chromium.googlesource.com/webm/libvpx/+/626ff35955c2c35b806b3e0ecf551a1a8611cdbf/build/make/configure.sh#973

Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-22 13:12:38 -07:00
Kirk Hays 4bacc11b3a jack: Drop dependency on readline
Since Jack version 1.19.22, "readline" is no longer used [1]

[1] https://jackaudio.org/news/

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-08-17 16:54:40 -07:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Marek Vasut 9e0a8642b1 v4l-utils: Update 1.23.0+9431e4b2 -> 1.24.1
Update V4L2 utils to actual release version 1.24.1 .

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-28 16:35:00 -07:00
Khem Raj 55d92033a2 mpv: Remove references to builddir from mpv binary
Fixes
WARNING: mpv-0.35.1-r0 do_package_qa: QA Issue: File /usr/bin/mpv in package mpv contains reference to TMPDIR [buildpaths]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-23 08:48:18 -07:00
Khem Raj 0474e0b870 libmad: Add a patch to pass cflags to build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-16 22:31:14 -07:00
Wang Mingyu 4a28c6452f wavpack: upgrade 4.60.1 -> 5.1.0
Changelog:

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-16 22:31:14 -07:00
Martin Jansa 63bd614209 paprefs: add x11 to REQUIRED_DISTRO_FEATURES
* This doesn't build with any gtk3 DISTRO_FEATURES, without x11 in
  DISTRO_FEATURES gtk3+ doesn't provide gdkx.h and paprefs build fails with:
  http://errors.yoctoproject.org/Errors/Details/704195/

../paprefs-1.2/src/paprefs.cc:30:10: fatal error: gdk/gdkx.h: No such file or directory
   30 | #include <gdk/gdkx.h>
      |          ^~~~~~~~~~~~

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-15 09:37:58 -07:00