When building bluealsa with building static libraries NOT disabled, you
get the following error:
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found,
failing task.
Fix this by explicitly putting these files in the -staticdev package.
Signed-off-by: Matthias Proske <matthias.p@variscite.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a9744b3cabd440ff0cece448a3b9717da8cfd97)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147
Backport the patch referenced by the NVD advisory.
Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1571c1a8e5e876db9db744d0a3e3256ac585242b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004
The description mentions that this vulnerability overlaps with CVE-2017-18189,
and Debian's investigation[1] confirms that it is solved by the same commit.
Add the ID to the CVE tag of CVE-2017-18189.patch.
[1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao.
Based on their investigation while an issue exists, it is not in libao, however
higher in the audio-toolchain, most likely in libmad or mpg321. There seem to
be nothing to be fixed about this in libao - ignore this CVE due to this.
[1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a993eb8b93f16e3a16c9a1ab2eb0939cb2331593)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Add all relevant items from queries:
$ sqlite3 nvdcve_2-2.db
sqlite> select vendor, product, count(*) from products where product like '%sox%' group by vendor, product;
commugen|sox_365|1
libsox_project|libsox|1
sox|sox|3
sox_project|sox|10
sqlite> select vendor, product, count(*) from products where product like '%sound_exchange%' group by vendor, product;
sound_exchange_project|sound_exchange|16
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a68c3df41cd7049f5b156955d70cb4f76b6d9f76)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This CVE is marked as fixed by Debian.
Extracting Debian jessie Debian sources [1] shows 4 commits uses for
backports. All these commits are already included in current hash
([2]-[5]).
../tmp/work/core2-64-poky-linux/rtmpdump/2.4/git$ git log | grep 'commit \(10b580aabcec1621b25518271ba1ab2b018be88e\|...\|4312322107a94c81d3ec5b98f91bc6b923551dc5\)'
commit 530f9bb2a02a78c1198fb2bf0293a12d225e4691
commit 4312322107a94c81d3ec5b98f91bc6b923551dc5
commit 39ec7eda489717d503bc4cbfaa591c93205695b6
commit 10b580aabcec1621b25518271ba1ab2b018be88e
[1] https://snapshot.debian.org/archive/debian/20170704T094954Z/pool/main/r/rtmpdump/rtmpdump_2.4%2B20150115.gita107cef-1%2Bdeb8u1.debian.tar.xz
[2] 10b580aabc
[3] 39ec7eda48
[4] 530f9bb2a0
[5] 4312322107
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d7758a8d0cf509e2d8db941ca4fd855c39beaafb)
I performed the above has verification successfully with the Scarthgap
recipe's revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
CVE-2025-48175 got introduced due to following change which is missing in the current recipe version
1b4ce5ca24
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
As detailed in Pipewire documentation [0], the ALSA plugin requires
config files to be symlinked as follow:
```
The plugin will be picked up by alsa when the following files are in /etc/alsa/conf.d/:
/etc/alsa/conf.d/50-pipewire.conf -> /usr/share/alsa/alsa.conf.d/50-pipewire.conf
/etc/alsa/conf.d/99-pipewire-default.conf
```
The above symlinks are missing, thus the pipewire device is not properly
detected.
Fix this by creating the required symlinks and installing them in the
pipewire-alsa package.
[0] https://github.com/PipeWire/pipewire/blob/master/INSTALL.md#alsa-plugin
Link: https://github.com/openembedded/meta-openembedded/issues/704
Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The SPA plugins for bluez depend on D-Bus bindings generated using
gdbus-codegen at build time. Some PACKAGECONFIG combinations appear to
pull this in accidentally. Add an explicit dependency to ensure that
it's in the sysroot when PACKAGECONFIG contains bluez5.
Signed-off-by: Ethan D. Twardy <ethan.twardy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The recipe used in the `meta-openembedded` is a different mpd package compared to the one which has the CVE issue.
Package used in `meta-embedded`: http://www.musicpd.org
Package with CVE issue: https://sourceforge.net/projects/mpd/
No action required.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.
These lists can be used with, in local.conf:
include conf/include/non-repro-meta-oe.inc
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- dont convert to systemd system service. rygel should be started as
a user service. This is also a requirement to get it working in
gnome-control-center
- build with PACKAGECONFIG media-export to make rygel work out of the box
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- add a patch to fix a buildpath leakage
SRC_URI += did not work, therefore use SRC_URI:append
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: Nothing PROVIDES 'gtk+3' (but meta-oe/meta-multimedia/recipes-multimedia/aravis/aravis_0.8.31.bb DEPENDS on or otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
and
ERROR: QA Issue: Recipe LICENSE includes obsolete licenses LGPL-2.1 [obsolete-license]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: Nothing PROVIDES 'gtk+3' (but meta-oe/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb DEPENDS on or otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The format is obsolete, the code hasn't been touched in well over 10
years and the recipe is about to be removed from oe-core. VLC can still
access such files via its gstreamer module/ffmpeg.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
aravis is a vision library for genicam based cameras.
aravis project allows to stream from genicam and GigE cameras
Signed-off-by: Perceval Arenou <perceval.arenou@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
WirePlumber 0.5.1
~~~~~~~~~~~~~~~~~
Highlights:
- Added a guide documenting how to migrate configuration from 0.4 to 0.5,
also available online at:
https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/migration.html
If you are packaging WirePlumber for a distribution, please consider
informing users about this.
Fixes:
- Fixed an odd issue where microphones would stop being usable when a
Bluetooth headset was connected in the HSP/HFP profile (#598, !620)
- Fixed an issue where it was not possible to store the volume/mute state of
system notifications (#604)
- Fixed a rare crash that could occur when a node was destroyed while the
'select-target' event was still being processed (!621)
- Fixed deleting all the persistent settings via ``wpctl --delete`` (!622)
- Fixed using Bluetooth autoswitch with A2DP profiles that have an input route
(!624)
- Fixed sending an error to clients when linking fails due to a format
mismatch (!625)
Additions:
- Added a check that prints a verbose warning when old-style 0.4.x Lua
configuration files are found in the system. (#611)
- The "policy-dsp" script, used in Asahi Linux to provide a software DSP
for Apple Sillicon devices, has now been ported to 0.5 properly and
documented (#619, !627)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
PipeWire 1.0.5 (2024-04-15)
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- pw_stream can now report timestamps on buffers and the expected
amount of samples for the resampler.
- The GStreamer element now has more correct timestamps using the new
pw_stream timestamps as a fallback.
- The FFADO module now handles suspend and resume better.
- A regression in v4l2 was fixed when parsing malformed filters.
- A potential memory/fd leak was fixed in client-node.
- Many more small bugfixes and improvements.
PipeWire
- pw_stream now reports the expected resampler input or output size in
the pw_time structure. (#3750)
- pw_stream now also adds a time field to the buffer, which contains the
time of the graph when the buffer was received in the stream.
- Fix a compiler error when compiling with -Werror=shadow. (#3915)
- The config parser will warn when invalid config is detected.
Modules
- The FFADO module now opens and closes when suspending. This fixes some
problems when FFADO properties are changed while suspended. (#3558)
- Filter-chain will now warn when invalid config is detected.
- Echo-cancel will now handle manage the state of the echo-cancel plugin
better, making sure run() is not called after deactivate().
- Fix some potential memory/fd leaks in client-node.
SPA
- Improve reading the bound ALSA controls.
- The resampler can now also report the number of expected output samples.
- The ALSA ACP device objects have some more properties like the card.id
and alsa.components. (#3912)
- Fix a potential string corruption when parsing JSON strings.
- V4l2 now sets the latency on the port. (#3910)
- alsa-udev now has an option to expose the device even if busy. (#3914)
- Improve null-audio-sink channel handling. (#3931)
- v4l2 will now drop the first frame because it often contains wrong
timestamps or garbage. (#3910)
- A regression in v4l2 was fixed where invalid/empty properties in the
filter would make it error early. (#3959)
GStreamer
- The source now falls back to the new pw_buffer time for the timestamps.
Docs
- Sync with the master branch.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dav1d 1.4.1 'Road Runner'
1.4.1 is a small release of dav1d, improving notably ARM and RISC-V
speed and fixing a small security issue.
The ARM speed improvements can be significative, depening on the
samples.
Finally, the binary size of dav1d was reduced on ARM and RISC-V
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace alloca with malloc
Allocate size for struct option array was not correct therefore
multiply the value with sizeof(struct option) to account for it
[YOCTO #15449 ]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- Track memfd better to avoid inconsistent memory. Also make sure the
mixer info is removed correctly in all cases on destroyed ports.
- Correctly handle removed objects in the metadata.
- Add an option to set the server and client priorities instead of using
a hardcoded value of 88.
- The FFADO module has been fixed. Audio and MIDI now works with
the same latency as the JACK driver. This has now also been
tested with a Focusrite Saffire Pro 14.
- The JACK library has seen some important fixes. Some ardour crackling
has been fixed when looping and multiple MIDI ports on a client should
now work.
- Small bugfixes and improvements.
PipeWire
- Track memfd better to avoid inconsistent memory. Also make sure the
mixer info is removed correctly in all cases on destroyed ports.
- Fix Props param emission again in pw_stream. (#3833)
- Add MAPPABLE flag to buffer data to indicate that the fd can be
mmapped directly. Use this on DMABUF from v4l2. (#3840)
- Correctly handle removed object in the metadata.
- FreeBSD build and compatibility fixes.
- Add an option to set the server and client priorities instead of using
a hardcoded value of 88.
- Read config overrides in the right order.
- Fix PIPEWIRE_QUANTUM rate handling in pw_stream and pw_filter.
- Fix pw_context_parse_conf_section(), actually use the conf argument.
- A new pw_stream_get_nsec() and pw_filter_get_nsec() function was added
to get the current time of the stream/filter without having to assume a
particular clock.
- A new default.clock.quantum-floor property was added to configure the
absolute lowest buffer-size. (#3908)
docs
- Many doc updates.
tools
- Make sure we always quit pw-cli when the server stops. (#3837)
- pw-top now prints all drivers in batch mode. (#3899)
modules
- Don't destroy the client in protocol-simple on EAGAIN.
- Handle IPv6 better in the RTP modules. Fix IPv6 SAP header
parsing. (#3851)
- The FFADO module has been fixed. Audio and MIDI now works with
the same latency as the JACK driver. This has now also been
tested with a Focusrite Saffire Pro 14. (#3558)
pulse-server
- Make sure the peer_name is filled to avoid protocol errors.
SPA
- Small resampler tweaks to improve stability of adaptive resampler.
- Add ALSA option to control htimestamp autodisable.
- Avoid some potential crashes in audioconvert when ports are removed.
- Improve HDMI jack detection on some SOCs.
- The audioconvert now has a monitor.passthrough option to pass the
latency information on the monitor ports. (#3888)
GStreamer
- Don't use timeouts when autoconnect=false in pipewiresrc. (#3884)
- pipewiresrc and pipewiresink can now be automatically selected as
audio source and sink.
- An invalid memory access was fixed when destroying the device
provider.
JACK
- Remove properties correctly with the object id, not serial.
- Improve sync with the data thread by pausing the core. Also improve
handling of port io to avoid invalid buffer access.
- Fix PIPEWIRE_QUANTUM rate handling.
- Support multiple MIDI input ports per client. (#3901)
- The output buffer size is now always correctly set. (#3892)
ALSA
- Handle errors from eventfd_create correctly.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
