The recipe used in the `meta-openembedded` is a different mpd package compared to the one which has the CVE issue.
Package used in `meta-embedded`: http://www.musicpd.org
Package with CVE issue: https://sourceforge.net/projects/mpd/
No action required.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3e3c25698124dd82163d966fa9d7e7e807cfecbe)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This update contains minor bugfixes.
Changelog:
3.0.17.4:
Service Discovery: Fix UPnP regression on Windows
3.0.17.3:
Demux: Fix a regression causing a lack of audio in adaptive streaming
3.0.17.2:
Interface: Qt: Fix right click support on video
Misc: Update YouTube script
This commit has been detached from all branches. The version format
change does not cause version-going-backwards issues.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is a bugfix release, fixing some memory leaks and compiler warning
(and it also has a couple of commits related to the project's own CI system,
which doesn't affect the application)
Changelog: https://gitlab.gnome.org/GNOME/libmediaart/-/blob/master/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes around a second to execute the suite.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65c2f6de55fa662bce0281046ed3f291c414ff82)
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It takes almost 50 seconds on my machine to execute.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7878d69abd4d1cfaad3f5e5ba9cf7ad00f136bd)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It is quick, it finished under 20 seconds on my machine.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 27865a96d576160a0e3a0fda6b7e604f19edbc6c)
Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao.
Based on their investigation while an issue exists, it is not in libao, however
higher in the audio-toolchain, most likely in libmad or mpg321. There seem to
be nothing to be fixed about this in libao - ignore this CVE due to this.
[1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a993eb8b93f16e3a16c9a1ab2eb0939cb2331593)
Reworked for Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1253
Pick the patch from the nvd report.
The patch is only partially backported, because part of the vulnerable
code was introuced only in a later version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This CVE is marked as fixed by Debian.
Extracting Debian jessie Debian sources [1] shows 4 commits uses for
backports. All these commits are already included in current hash
([2]-[5]).
../tmp/work/core2-64-poky-linux/rtmpdump/2.4/git$ git log | grep 'commit \(10b580aabcec1621b25518271ba1ab2b018be88e\|...\|4312322107a94c81d3ec5b98f91bc6b923551dc5\)'
commit 530f9bb2a02a78c1198fb2bf0293a12d225e4691
commit 4312322107a94c81d3ec5b98f91bc6b923551dc5
commit 39ec7eda489717d503bc4cbfaa591c93205695b6
commit 10b580aabcec1621b25518271ba1ab2b018be88e
[1] https://snapshot.debian.org/archive/debian/20170704T094954Z/pool/main/r/rtmpdump/rtmpdump_2.4%2B20150115.gita107cef-1%2Bdeb8u1.debian.tar.xz
[2] 10b580aabc
[3] 39ec7eda48
[4] 530f9bb2a0
[5] 4312322107
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d7758a8d0cf509e2d8db941ca4fd855c39beaafb)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
I have performed the above verification with the Kirkstone revision successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This patch is mentioned in [1] and [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-47021
[2] https://github.com/xiph/opusfile/issues/36
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 95b8d055db83af01aed7f6ab98bc08cfa576f15b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
0.1.6
- Fixed an infinite loop when decoding some AMR-NB samples
- Fixed noise spikes when decoding non-voice frames for both AMR-NB and AMR-WB
0.1.5
- Fix an autotools issue with cross compiling from the 0.1.4 release
0.1.4
- Autotools cleanups
- Fixes for SID/DTX in the AMR-WB decoder, fixes for handling of bad
frames in both AMR-WB and AMR-NB
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 55274f650e304074783d171a406454748b2d456e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The sniffer PACKAGECONFIG will make gssdp depend on gtk4 as below.
PACKAGECONFIG[sniffer] = "-Dsniffer=true,-Dsniffer=false,gtk4,"
But gtk4 needs the opengl DISTRO_FEATURES enabled, so also check
opengl in gssdp recipe to keep consistent.
Fixes:
ERROR: Nothing PROVIDES 'gtk4' (but /build/layers/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.4.0.1.bb DEPENDS on or otherwise requires it)
gtk4 was skipped: missing required distro feature 'opengl' (not in DISTRO_FEATURES)
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'gssdp', 'gtk4']
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 491a703c41644b6ab4db62920774e6ea23bc8308)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Because they get renamed, it is better to ignore them and let a
dependency build them
Fixes errors like
ERROR: packagegroup-meta-multimedia-1.0-r0 do_package_write_ipk: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (gssdp to libgssdp-1.2-0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit eafecde2aedae38879b4c45dd213ff9483f209ad)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* it was removed in:
https://git.openembedded.org/meta-openembedded/commit/?id=deb11a823c32d4090b3724a589641810e06df6bc
* but still needed as shown in world build without x11 in DISTRO_FEATURES:
ERROR: Nothing RPROVIDES 'projucer' (but /OE/build/luneos-nanbield/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb RDEPENDS on or otherwise requires it)
projucer was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
NOTE: Runtime target 'projucer' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['projucer']
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove branch 2.2.x from SRC_URI as fluidsynth github removed the branch.
The SRCREV is on master branch.
Signed-off-by: Preeti Sachan <preeti.sachan@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 534d04af483d5f3d4fc73162c110449f169677a5)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libcamera.so.0 and libcamera-base.so.0 are packaged in ${PN}-dev although
they should be packaged in ${PN}. See poky/meta/conf/bitbake.conf.
This trigger the following error when trying to run the `cam` utility
(packaged inside ${PN}):
$ cam -l
cam: error while loading shared libraries: libcamera.so.0: cannot open shared object file: No such file or directory
$ read-elf -d /usr/bin/cam
Dynamic section at offset 0x2c740 contains 37 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libcamera.so.0]
0x0000000000000001 (NEEDED) Shared library: [libcamera-base.so.0]
[...]
So package libcamera is broken and need to be installed along with
libcamera-dev to be functionnal. Fix it by packaging libcamera.so.0 and
libcamera-base.so.0 into ${PN}
Signed-off-by: Julien STEPHAN <jstephan@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3de996474e0b7fdff1d265fcad747bd60851b1eb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
rateconv.c looks like BSD-2 but it has second clause modified
significantly, therefore be specific about it.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit d901de434d2fee62e2a37c4150108921b2dd13e5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a bugfix release. Notably, this makes pw-dot work again - it
required workarounds via pw-dump to output a non-empty dot graph in 0.3.49.
Full changelog:
https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/0.3.50
0001-meson-Add-option-to-enable-disable-legacy-RTKit-modu.patch
is no no longer needed since it has been merged and is part of 0.3.50.
Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9754901bb0bc85b4a41f0944a4dd18fddcd87d8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fluidsynth 2.2.5
* Fix a build failure with CMake < 3.12 (#1003, thanks to @komh)
* OSS and MidiShare drivers are now deprecated (#1010)
* Prevent samples accidentally having their loops disabled (#1017)
* Fix framework installation on MacOS (#1029, thanks to @pedrolcl)
Pls. note that fluidsynth 2.3.0 will require CMake >= 3.13
fluidsynth 2.2.6
* Undeprecation and minor revisal of the OSS driver (#1038)
* Minor improvements to CoreAudio and CoreMidi drivers (#1047, thanks to @bradhowes)
* Fix sustained voices being held after ALL_CTRL_OFF (#1049)
* Fix clobbering of PORTAMENTO_CTRL after ALL_CRTL_OFF (#1050)
* Prevent Modulation Envelope from being stuck in decay phase, causing detuned voices and potentially other audible glitches for some soundfonts (#1059)
* Fix a compilation issue with recent glib (#1063, thanks to @devingryu)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This code block used to be necessary when both SDL1 and SDL2 were
supported. Nowadays, libopenmpt only supports SDL2, so drop this.
Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
v0.2.2 is from 2017. meanwhile there have been some important improvements
and also some renaming of headers and such but unfortunately there has never
been a new release. Kodi uses the latest crossguid. Update it accordingly to
avoid having to patch Kodi.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog (from NEWS file):
ncmpc 0.46 - (2021-11-26)
* eliminate Boost dependency
* install Lithuanian translation
* migrate to PCRE2
DEPENDS has been updated to remove boost and add libpcre2 to match
the changes.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog (from NEWS file):
0.34 (2021/11/30)
* add commands "albumart", "readpicture"
* don't print status after error
* custom status format
* support grouping "list" results
* meson: auto-build libmpdclient if not available
* require libmpdclient 2.16 or newer
* require MPD 0.21 or newer
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>