summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
Commit message (Collapse)AuthorAgeFilesLines
* libpng: Add ptestPoonam Jadhav2025-06-202-2/+47
| | | | | | | | | | | Install libpng test-suite to run it as a ptest. As the test-suite takes more than 30 seconds to run, add libpng-ptest to PTESTS_SLOW in ptest-packagelists.inc (From OE-Core rev: 1b52b7ebe5f8fb490088622181cdb95e6b7f5a29) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-1373Colin Pinnell McAllister2025-06-201-0/+4
| | | | | | | | | | CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been marked as "fixed-version". (From OE-Core rev: 0ffe159d9a4ee434b4c995e1ca9a85b01e0a5d05) Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: upgrade 6.1.1 -> 6.1.2Divyanshu Rathore2025-06-029-281/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ffmpeg_6.1.2 is the newest available stable release for 6.1. It introduces quite a few bug and CVE fixes, which should help all. CVEs that are fixed in the upgrade: CVE-2024-32230 CVE-2024-35366 CVE-2024-36613 CVE-2024-36616 CVE-2024-36617 CVE-2024-36619 CVE-2024-7055 During upgrade it was noticed that the CVE scan doesn't pick up the CVEs as unpatched (CVE-2025-0518, CVE-2025-22919, CVE-2025-22921, CVE-2025-25473, CVE-2024-36618, CVE-2024-35369, CVE-2024-35368, CVE-2024-35367, CVE-2024-35365, CVE-2024-28661, CVE-2023-50007, CVE-2023-49528, CVE-2023-49501), due to improper versioning in NVD, they are affecting 6.1.2 and hence we are leaving the patches in. check the changelog mention below for information about fixes. changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n6.1.2 This upgrade fixes CVE's hence remove those patches. Refresh vulkan_av1_stable_API.patch as per new codebase. (From OE-Core rev: 57e25585abf34677451c68d581374245e5b4b418) Signed-off-by: Divyanshu Rathore <divyanshurathore2022@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* mpg123: upgrade 1.32.6 -> 1.32.10Zhang Peng2025-03-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== 1.32.10 - scripts/tag_lyrics.py: fix for python3 - libout123: Use strtok_r() to avoid conflicts multithreaded contexts - libmpg123: Un-break DLL builds that need I/O functions defined in libmpg123.c - ports/cmake: More fixup to also produce .pc files with Libs.private. 1.32.9 - libmpg123: -- enable 64 bit offset path for MSVCRT and avoid warnings about MS's game about POSIX API with and without underscores -- Increase the library patchlevel, as was forgotten on previous release. 1.32.8 Update: The buffer overflow got assigned the CVE ID CVE-2024-10573. - libmpg123: -- Add sections to assembly to support PAC/BTI code for aarch64 (-mbranch-protection variants) -- Prevent premature application of header info into decoding structure, at worst having triggered out-of-bounds writes of decoded PCM data - out123: Show --quiet in --longhelp. 1.32.7 - ports/cmake: Work around bug in CMake that does not detect FPU on Apple ARM CPUs. - Fix some laziness (func() to func(void)) for standards conformance. (From OE-Core rev: a3db638932e76ac0972d7905072cc7ab3f2abb75) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: Correct the CVE ID to fix CVE-2025-22919Archana Polampalli2025-03-082-2/+2
| | | | | | | | | | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. (From OE-Core rev: bf0ad79c46d8a01aafc91620ddf415749aa8849a) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-0518Archana Polampalli2025-03-082-0/+35
| | | | | | | | | | | | | | | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosma (From OE-Core rev: 75ad6e004de95ff6208820ccf2c0af01d9363749) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-22921Archana Polampalli2025-03-082-0/+35
| | | | | | | | | | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. (From OE-Core rev: bc9cdf3701b937d40964903a3489898a69525d17) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-25471Archana Polampalli2025-03-082-0/+40
| | | | | | | | | | FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (From OE-Core rev: a8331b11d5d7aa8f1997eaa189b74aaab7cc44da) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2025-25473Archana Polampalli2025-03-082-0/+37
| | | | | | | | | | FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (From OE-Core rev: abc6b3180b87c665ff04204b7163d1f074d99747) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-rtsp-server: fix CVE-2024-44331Archana Polampalli2025-02-142-1/+47
| | | | | | | | | | | Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. (From OE-Core rev: 3e7b7697ec32b0fa2808efcff4a6bd544261b3fe) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35369Archana Polampalli2025-02-142-0/+38
| | | | | | | | | | | | | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. (From OE-Core rev: c46bb37a76582ee7352f2bc027920e8ba76e5c15) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36619Archana Polampalli2025-02-142-0/+37
| | | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. (From OE-Core rev: 161711ba2ef14fa77fba4740b1933c68043c57c7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36618Archana Polampalli2025-02-142-0/+37
| | | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. (From OE-Core rev: 21230d5dfe908533958712e06316a253e16b9d2e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36617Archana Polampalli2025-02-142-0/+37
| | | | | | | | | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. (From OE-Core rev: 8057ba630477a7aeedf057b7e1ce25ab0c445665) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36616Archana Polampalli2025-02-142-0/+36
| | | | | | | | | | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. (From OE-Core rev: fe7df1727d8ea4868091236ddfff7ea862c1ada8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-36613Archana Polampalli2025-02-142-0/+38
| | | | | | | | | | | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. (From OE-Core rev: 5661bac10db7e20064c10660c47c361b7d2418ee) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35365Archana Polampalli2025-02-142-0/+63
| | | | | | | | | | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. (From OE-Core rev: 051bc7afc01e72d5ef0fc14683689ab45e4eaab8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pulseaudio: fix webrtc audio depdencyEsben Haabendal2025-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | Since pulseaudio v16.99.1, the library needed is webrtc-audio-processing-1. This fixes Run-time dependency webrtc-audio-processing-1 found: NO (tried pkgconfig and cmake) Looking for a fallback subproject for the dependency webrtc-audio-processing-1 ../pulseaudio-17.0/meson.build:730:15: ERROR: Automatic wrap-based subproject downloading is disabled The library is available in meta-openembedded/meta-multimedia. (cherry picked from commit 4661c49eb4f0ed89a3d027d9a003c40744baaf38) (From OE-Core rev: e80c3ca36f08a259e13fd94f1c87a7f5bf485a8b) Signed-off-by: Esben Haabendal <esben@geanix.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Esben Haabendal <esben@geanix.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: ignore CVEs fixed in plugins recipesPeter Marko2025-01-091-0/+13
| | | | | | | | | These were fixed in previous commits. (From OE-Core rev: 5c582778954a05f102e292a0516b73b010d289a0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47835Peter Marko2025-01-092-0/+40
| | | | | | | | | | Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039 (From OE-Core rev: e9113fafef9cb2f060c9728d1e1bebdd76baad47) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch several CVEsPeter Marko2025-01-098-0/+452
| | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 (From OE-Core rev: 4763e9911e82c886a02727bf654872280138d83e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch CVE-2024-47774Peter Marko2025-01-092-0/+47
| | | | | | | | | | Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043 (From OE-Core rev: cc560b159f6629bc018ce6d832551a81d4c3f8c8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch CVE-2024-47606Peter Marko2025-01-092-0/+57
| | | | | | | | | | Pick commit related to gstreamer from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 (From OE-Core rev: d68a84dd3419811ec7f487907d7412c6105979d0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch CVE-2024-47606Peter Marko2025-01-092-0/+45
| | | | | | | | | | Pick commit related to plugins-good from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 (From OE-Core rev: 30f2b1c6b10e064ce0f0f1910d2740e6ccc86251) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47600Peter Marko2025-01-092-0/+39
| | | | | | | | | | Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034 (From OE-Core rev: 13e66d4e616e66d278cd96bb04da4cc7e599626b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch CVE-2024-47599Peter Marko2025-01-092-0/+100
| | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040 (From OE-Core rev: ba5545302daee0fb5ac2f3ca45cf8524cee278dc) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47542Peter Marko2025-01-092-0/+65
| | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033 (From OE-Core rev: 8a0c3c92ec3bf150c0697d25c70ad149b2d82f0e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47541Peter Marko2025-01-093-0/+139
| | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036 (From OE-Core rev: c81dae9e755d28eb514bfa32426ef2d8fff78e56) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch several CVEsPeter Marko2025-01-098-0/+335
| | | | | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 (From OE-Core rev: 4edd9caa9703e067167c4a185c7338c4e89f795b) Signed-off-by: Peter Marko <peter.marko@siemens.com> fixup! gstreamer1.0-plugins-good: patch CVE-2024-47540 and CVE-2024-47601 Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: patch CVE-2024-47613Peter Marko2025-01-092-0/+54
| | | | | | | | | | Pick commit from: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 (From OE-Core rev: 6236088fc43f7d2e8a01bb6e3937969ced8a7f6d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47615Peter Marko2025-01-093-0/+250
| | | | | | | | | | Pick commits from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038 (From OE-Core rev: fbf7092a67703ff3101cce55bf33bcfc24339503) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47607Peter Marko2025-01-092-0/+42
| | | | | | | | | | Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037 (From OE-Core rev: 0cdac58a6a7ec25404b8a67508604844d282345a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-base: patch CVE-2024-47538Peter Marko2025-01-092-0/+36
| | | | | | | | | | Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035 (From OE-Core rev: e7dbf6d73a11e6e9ec16035711179f451044eb09) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0-plugins-good: fix several CVEsPeter Marko2025-01-0914-1/+1261
| | | | | | | | | | | | | Cherry-pick commits from branch 1.22 per [1]. Also cherry-pick [2] so these apply cleanly. [1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/62de06c7a443a5ac40ab2a4f2589625932bf9632 (From OE-Core rev: 33c2611c3998f25bf606b5a940c09b70ce04674c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35368Archana Polampalli2024-12-232-0/+42
| | | | | | | | | | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. (From OE-Core rev: 53528caafa576a2f6417436cc0dba8be06e75048) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35367Archana Polampalli2024-12-232-0/+48
| | | | | | | | | | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer (From OE-Core rev: 64d77d422d3c99d8a246ab03edfb54d9d185326e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-35366Archana Polampalli2024-12-232-0/+36
| | | | | | | | | | | | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. (From OE-Core rev: a07bc254011736c0f0445607c56609be677ea8a7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-7055Archana Polampalli2024-12-132-0/+39
| | | | | | | | | | | | | | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. (From OE-Core rev: 71a9c2d01ad8ed83f9da6e6b9541fcf1d9baed48) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2023-49528Archana Polampalli2024-12-132-0/+59
| | | | | | | | | | | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. (From OE-Core rev: a5e0e1f8be3c6611c09158c80e26848ae3d4f4e7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2023-50007Archana Polampalli2024-12-132-0/+79
| | | | | | | | | | | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in the libavutil/samplefmt.c:260:9 component. (From OE-Core rev: b63ba0bff9e5b5e73d50b2b3ff805418fa98d7e5) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-28661Archana Polampalli2024-12-132-0/+38
| | | | | | | | | | | | | Some of the changes are already present in recipe version Ref: https://github.com/FFmpeg/FFmpeg/commit/148ada5577262c6c18ae97604df8fe1c18b096e2 https://ffmpeg.org/security.html (From OE-Core rev: 4ca1544e95e327c7060efa845aa69c2a1eb1d782) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2023-49501Archana Polampalli2024-12-132-0/+31
| | | | | | | | | | | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. (From OE-Core rev: 873025145d42ffe75d421884160ec299d85d21ef) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libsndfile: fix CVE-2024-50612Hitendra Prajapati2024-12-062-0/+413
| | | | | | | | | Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba (From OE-Core rev: c427c0e22775a615e442d76b45bb3ec5dae067e2) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: set status for CVE-2024-0444Peter Marko2024-11-181-0/+2
| | | | | | | | | | | | | This is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9 via [1]. cpe product is set to gstreamer, they share source git repository. [1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe (From OE-Core rev: 5ea630617daf0897e5a1edd7482f705e1e7997fe) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* liba52: fix do_fetch errorJiaying Song2024-10-301-1/+1
| | | | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: liba52-0.7.4-r0.vr2401 do_fetch: Failed to fetch URL http://liba52.sourceforge.net/files/a52dec-0.7.4.tar.gz, attempting MIRRORS if available (From OE-Core rev: 2a95bb8acf3f212ceb5347bade00a7bdbc525022) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCTaszh072024-10-301-0/+2
| | | | | | | | | | | | | | | | Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". However, there are also vulnerabilities where the product is "libswresample", and "libavcodec" as shown below. https://app.opencve.io/vendors/?vendor=ffmpeg Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities where the product is "libswresample libavcodec" as well. (From OE-Core rev: cebbbf76c029c5bf5563aca515b1c025c3644bf8) Signed-off-by: aszh07 <mail2szahir@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pulseaudio, desktop-file-utils: correct freedesktop.org -> ↵Alexander Kanavin2024-10-021-1/+1
| | | | | | | | | | | | | www.freedesktop.org SRC_URI Server's https certificate isn't valid for freedesktop.org without www prefix. (From OE-Core rev: 60f411d19a9ea5297911eed64902e1cb65358e35) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d7ce9da33498869384b26a6fda05c37e7b2c3565) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tiff: Fix LICENSENiko Mauno2024-09-191-1/+1
| | | | | | | | | | | | | | | | | | The contents of the LICENSE.md file included in the current source code package match those of libtiff license, which seems to have been the case since 1999 commit https://gitlab.com/libtiff/libtiff/-/commit/0ef31e1f62aa7a8b1c488a59c4930775ee0046e4 where it was added with filename COPYRIGHT and was then changed to LICENSE.md in 2022 commit https://gitlab.com/libtiff/libtiff/-/commit/fa1d6d787fc67a1eeb3abccb790b5bee969d424b (From OE-Core rev: 71d8e8b03349ab18dca558055c2b3a3687785ddf) (From OE-Core rev: 5495cf45ce74e79be3b8d9b1195f65e253c62828) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ffmpeg: fix CVE-2024-32230Archana Polampalli2024-09-032-0/+37
| | | | | | | | | | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 (From OE-Core rev: b78fd9322b80734ec54440a01a36323a9b1b83f1) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gstreamer1.0: disable flaky baseparser testsRoss Burton2024-08-261-1/+6
| | | | | | | | | | | | | | | There are three baseparser tests which are causing trouble on the AB, so disable them as we've filed an upstream bug. Also fix a typo when we were attempting to disable parser_pull_short_read where a colon was used instead of a comma. (From OE-Core rev: 90a510acd11fe342d01c62e3b247425836711c50) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91dbe8d6c57805f38bd287f1b392759df066589b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 20:34:30 +0000