This CVE is marked as fixed by Debian.
Extracting Debian jessie Debian sources [1] shows 4 commits uses for
backports. All these commits are already included in current hash
([2]-[5]).
../tmp/work/core2-64-poky-linux/rtmpdump/2.4/git$ git log | grep 'commit \(10b580aabcec1621b25518271ba1ab2b018be88e\|...\|4312322107a94c81d3ec5b98f91bc6b923551dc5\)'
commit 530f9bb2a02a78c1198fb2bf0293a12d225e4691
commit 4312322107a94c81d3ec5b98f91bc6b923551dc5
commit 39ec7eda489717d503bc4cbfaa591c93205695b6
commit 10b580aabcec1621b25518271ba1ab2b018be88e
[1] https://snapshot.debian.org/archive/debian/20170704T094954Z/pool/main/r/rtmpdump/rtmpdump_2.4%2B20150115.gita107cef-1%2Bdeb8u1.debian.tar.xz
[2] 10b580aabc
[3] 39ec7eda48
[4] 530f9bb2a0
[5] 4312322107
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d7758a8d0c)
I performed the above has verification successfully with the Scarthgap
recipe's revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
CVE-2025-48175 got introduced due to following change which is missing in the current recipe version
1b4ce5ca24
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
As detailed in Pipewire documentation [0], the ALSA plugin requires
config files to be symlinked as follow:
```
The plugin will be picked up by alsa when the following files are in /etc/alsa/conf.d/:
/etc/alsa/conf.d/50-pipewire.conf -> /usr/share/alsa/alsa.conf.d/50-pipewire.conf
/etc/alsa/conf.d/99-pipewire-default.conf
```
The above symlinks are missing, thus the pipewire device is not properly
detected.
Fix this by creating the required symlinks and installing them in the
pipewire-alsa package.
[0] https://github.com/PipeWire/pipewire/blob/master/INSTALL.md#alsa-plugin
Link: https://github.com/openembedded/meta-openembedded/issues/704
Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The SPA plugins for bluez depend on D-Bus bindings generated using
gdbus-codegen at build time. Some PACKAGECONFIG combinations appear to
pull this in accidentally. Add an explicit dependency to ensure that
it's in the sysroot when PACKAGECONFIG contains bluez5.
Signed-off-by: Ethan D. Twardy <ethan.twardy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The recipe used in the `meta-openembedded` is a different mpd package compared to the one which has the CVE issue.
Package used in `meta-embedded`: http://www.musicpd.org
Package with CVE issue: https://sourceforge.net/projects/mpd/
No action required.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
For now, the known non-reproducible packages list is stored inside the
autobuilder config.json file. This is not ideal. Let's move this list
into each layers of meta-openembedded.
These lists can be used with, in local.conf:
include conf/include/non-repro-meta-oe.inc
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "${KNOWN_NON_REPRO_META_OE}"
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- dont convert to systemd system service. rygel should be started as
a user service. This is also a requirement to get it working in
gnome-control-center
- build with PACKAGECONFIG media-export to make rygel work out of the box
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- add a patch to fix a buildpath leakage
SRC_URI += did not work, therefore use SRC_URI:append
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: Nothing PROVIDES 'gtk+3' (but meta-oe/meta-multimedia/recipes-multimedia/aravis/aravis_0.8.31.bb DEPENDS on or otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
and
ERROR: QA Issue: Recipe LICENSE includes obsolete licenses LGPL-2.1 [obsolete-license]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fixes:
ERROR: Nothing PROVIDES 'gtk+3' (but meta-oe/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb DEPENDS on or otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The format is obsolete, the code hasn't been touched in well over 10
years and the recipe is about to be removed from oe-core. VLC can still
access such files via its gstreamer module/ffmpeg.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
aravis is a vision library for genicam based cameras.
aravis project allows to stream from genicam and GigE cameras
Signed-off-by: Perceval Arenou <perceval.arenou@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
WirePlumber 0.5.1
~~~~~~~~~~~~~~~~~
Highlights:
- Added a guide documenting how to migrate configuration from 0.4 to 0.5,
also available online at:
https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/migration.html
If you are packaging WirePlumber for a distribution, please consider
informing users about this.
Fixes:
- Fixed an odd issue where microphones would stop being usable when a
Bluetooth headset was connected in the HSP/HFP profile (#598, !620)
- Fixed an issue where it was not possible to store the volume/mute state of
system notifications (#604)
- Fixed a rare crash that could occur when a node was destroyed while the
'select-target' event was still being processed (!621)
- Fixed deleting all the persistent settings via ``wpctl --delete`` (!622)
- Fixed using Bluetooth autoswitch with A2DP profiles that have an input route
(!624)
- Fixed sending an error to clients when linking fails due to a format
mismatch (!625)
Additions:
- Added a check that prints a verbose warning when old-style 0.4.x Lua
configuration files are found in the system. (#611)
- The "policy-dsp" script, used in Asahi Linux to provide a software DSP
for Apple Sillicon devices, has now been ported to 0.5 properly and
documented (#619, !627)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
PipeWire 1.0.5 (2024-04-15)
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- pw_stream can now report timestamps on buffers and the expected
amount of samples for the resampler.
- The GStreamer element now has more correct timestamps using the new
pw_stream timestamps as a fallback.
- The FFADO module now handles suspend and resume better.
- A regression in v4l2 was fixed when parsing malformed filters.
- A potential memory/fd leak was fixed in client-node.
- Many more small bugfixes and improvements.
PipeWire
- pw_stream now reports the expected resampler input or output size in
the pw_time structure. (#3750)
- pw_stream now also adds a time field to the buffer, which contains the
time of the graph when the buffer was received in the stream.
- Fix a compiler error when compiling with -Werror=shadow. (#3915)
- The config parser will warn when invalid config is detected.
Modules
- The FFADO module now opens and closes when suspending. This fixes some
problems when FFADO properties are changed while suspended. (#3558)
- Filter-chain will now warn when invalid config is detected.
- Echo-cancel will now handle manage the state of the echo-cancel plugin
better, making sure run() is not called after deactivate().
- Fix some potential memory/fd leaks in client-node.
SPA
- Improve reading the bound ALSA controls.
- The resampler can now also report the number of expected output samples.
- The ALSA ACP device objects have some more properties like the card.id
and alsa.components. (#3912)
- Fix a potential string corruption when parsing JSON strings.
- V4l2 now sets the latency on the port. (#3910)
- alsa-udev now has an option to expose the device even if busy. (#3914)
- Improve null-audio-sink channel handling. (#3931)
- v4l2 will now drop the first frame because it often contains wrong
timestamps or garbage. (#3910)
- A regression in v4l2 was fixed where invalid/empty properties in the
filter would make it error early. (#3959)
GStreamer
- The source now falls back to the new pw_buffer time for the timestamps.
Docs
- Sync with the master branch.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
dav1d 1.4.1 'Road Runner'
1.4.1 is a small release of dav1d, improving notably ARM and RISC-V
speed and fixing a small security issue.
The ARM speed improvements can be significative, depening on the
samples.
Finally, the binary size of dav1d was reduced on ARM and RISC-V
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace alloca with malloc
Allocate size for struct option array was not correct therefore
multiply the value with sizeof(struct option) to account for it
[YOCTO #15449 ]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- Track memfd better to avoid inconsistent memory. Also make sure the
mixer info is removed correctly in all cases on destroyed ports.
- Correctly handle removed objects in the metadata.
- Add an option to set the server and client priorities instead of using
a hardcoded value of 88.
- The FFADO module has been fixed. Audio and MIDI now works with
the same latency as the JACK driver. This has now also been
tested with a Focusrite Saffire Pro 14.
- The JACK library has seen some important fixes. Some ardour crackling
has been fixed when looping and multiple MIDI ports on a client should
now work.
- Small bugfixes and improvements.
PipeWire
- Track memfd better to avoid inconsistent memory. Also make sure the
mixer info is removed correctly in all cases on destroyed ports.
- Fix Props param emission again in pw_stream. (#3833)
- Add MAPPABLE flag to buffer data to indicate that the fd can be
mmapped directly. Use this on DMABUF from v4l2. (#3840)
- Correctly handle removed object in the metadata.
- FreeBSD build and compatibility fixes.
- Add an option to set the server and client priorities instead of using
a hardcoded value of 88.
- Read config overrides in the right order.
- Fix PIPEWIRE_QUANTUM rate handling in pw_stream and pw_filter.
- Fix pw_context_parse_conf_section(), actually use the conf argument.
- A new pw_stream_get_nsec() and pw_filter_get_nsec() function was added
to get the current time of the stream/filter without having to assume a
particular clock.
- A new default.clock.quantum-floor property was added to configure the
absolute lowest buffer-size. (#3908)
docs
- Many doc updates.
tools
- Make sure we always quit pw-cli when the server stops. (#3837)
- pw-top now prints all drivers in batch mode. (#3899)
modules
- Don't destroy the client in protocol-simple on EAGAIN.
- Handle IPv6 better in the RTP modules. Fix IPv6 SAP header
parsing. (#3851)
- The FFADO module has been fixed. Audio and MIDI now works with
the same latency as the JACK driver. This has now also been
tested with a Focusrite Saffire Pro 14. (#3558)
pulse-server
- Make sure the peer_name is filled to avoid protocol errors.
SPA
- Small resampler tweaks to improve stability of adaptive resampler.
- Add ALSA option to control htimestamp autodisable.
- Avoid some potential crashes in audioconvert when ports are removed.
- Improve HDMI jack detection on some SOCs.
- The audioconvert now has a monitor.passthrough option to pass the
latency information on the monitor ports. (#3888)
GStreamer
- Don't use timeouts when autoconnect=false in pipewiresrc. (#3884)
- pipewiresrc and pipewiresink can now be automatically selected as
audio source and sink.
- An invalid memory access was fixed when destroying the device
provider.
JACK
- Remove properties correctly with the object id, not serial.
- Improve sync with the data thread by pausing the core. Also improve
handling of port io to avoid invalid buffer access.
- Fix PIPEWIRE_QUANTUM rate handling.
- Support multiple MIDI input ports per client. (#3901)
- The output buffer size is now always correctly set. (#3892)
ALSA
- Handle errors from eventfd_create correctly.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
remove STAGING_DIR_HOST from the crossguid-config.cmake file
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes for 1.4.0 'Road Runner':
------------------------------------------------------
1.4.0 is a medium release of dav1d, focusing on new architecture support and optimizations
- AVX-512 optimizations for z1, z2, z3 in 8bit and high-bitdepth
- New architecture supported: loongarch
- Loongarch optimizations for 8bit
- New architecture supported: RISC-V
- RISC-V optimizations for itx
- Misc improvements in threading and in reducing binary size
- Fix potential integer overflow with extremely large frame sizes
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- remove fd33d2d3bb6333c7d6e74cbaa806bff2d908f589.patch
PipeWire 1.0.3 (2024-02-02)
This is a quick bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- Fix ALSA version check. This should allow the alsa plugin to work again.
- Some small fixes and improvements.
PipeWire
- Escape @DEFAULT_SINK@ in the conf files.
Modules
- Improve logging in module-pipe-tunnel.
SPA
- Always recheck rate matching in ALSA when moving drivers. This fixes a
potential issue where the adaptive resampler would not be activated in
some cases.
ALSA
- Fix version check. This should allow the alsa plugin to work again
with version 1.0.2.
Older versions:
PipeWire 1.0.2 (2024-01-31)
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
Highlights
- Fix v4l2 enumeration with filter. This should fix negotiation in some
GStreamer pipelines with capsfilter. Also probe for EXPBUF support
before using it.
- Fix max-latency property and Buffer param when dealing with small
ALSA device buffers. This should fix stuttering with some AMD
based soundcards.
- More small cleanups an improvements.
Modules
- Improve netjack2 channel positions.
- Improve RAOP module state after suspend/resume. (#3778)
- Avoid crash in some LV2 plugins by configuring the Atom ports. (#3815)
SPA
- Bump libcamera requirements to 0.2.0.
- Try to avoid unaligned load exceptions. (#3790)
- Fix v4l2 enumeration with filter. (#1793)
- Fix max-latency property and Buffer param when dealing with small
ALSA device buffers. This should fix stuttering with some AMD
based soundcards. (#3744,#3622)
- Add a resync.ms option to node.driver to make it possible to resync
fast to clock jumps.
- Probe for EXPBUF support in v4l2 before using it. (#3821)
pulse-server
- Also emit change events when the port list change.
Bluetooth
- Log a more verbose explanation when other soundservers seem to be
interfering with bluetooth.
- Add quirks for Rockbox Brick. (#3786)
- Add quirks for SoundCore mini2. (#2927)
JACK
- Improve check for the running state of clients. (#3794)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a backport patch to fix this issue with libcamera-0.2:
| In file included from ../git/spa/plugins/libcamera/libcamera-source.cpp:188:
| ../git/spa/plugins/libcamera/libcamera-utils.cpp:719:9: error: 'Transform' does not name a type
https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/3782
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release that is API and ABI compatible with previous
1.0.x releases.
- Work around the buggy ALSA backend in libcanberra by forcing the pulse
backend in module-x11-bell.
- Fix a race in the device info updates in pulse-server.
- Fix timing and rate matching in ALSA sequencer.
- Improve timing information in JACK and from the ALSA driver.
- More small fixes and improvements.
- Fix a build issue when examples where disabled.
- Avoid some compiler warnings.
- Avoid some bitfield data races. (#3706)
- Bump the PTP driver priority. (#3217)
- Support the previous "allowed" permission in the access module.
- Fix filename leak in module-filter-chain.
- Work around the buggy ALSA backend in libcanberra by forcing the pulse
backend in module-x11-bell. (#3688)
- Fix a race in the device info updates in pulse-server.
- Fix compatibility in RAOP. (#3698)
- Handle ALSA picth control errors correctly
- Clamp buffer-frames correctly. (#3000)
- Fix timing and rate matching in ALSA sequencer. (#3657)
- Revert a commit that could result in current time in the future in the
timing updates.
- Improve adapter state checks.
- Remove the timer from the ALSA pcm.
- Fix timeout in freewheel driver.
- Also handle active ports for monitor sources.
- Fix zeroconf-publish format properties.
- Improve timing and transport calculations.
- Handle -ENOENT from the core and don't error out.
- Handle node port removal in the device provider. (#3708)
- Improve error handling while connecting.
- Fix dts_offset.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
44e5095317faf33a0ba318b98a04fc5d60a192dc NEWS: add entry about invalid memory access bug fix
f3249a701df76185103c978f3693684bb0c84b74 MemIOCallback: fix buffer overflow when writing too much data
4c0d757d6de529e8dda6bb6ca08369d5f9bffdb3 MemIOCallback: fix buffer overflow when reading too much data
f4eb4ae863bad23b70964931dcb1464d091ba2df [1.x] add a GitHub action to test ABI breakage
3b582725864b33100902761cb8438503c163e5dd [1.x] do 1.x build actions when pushing to the v1.x branch
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* 0001-Fix-build-against-fmt-10.patch dropped because fixed in the new version
* Expat dropped from DEPENDS because has been replaced with pugixml at version 1.5.0
* Required dependencies updated and added to DEPENDS
* Optional packages added and those enable by default have been enabled.
Changelog:
NEW Features
Staged importing that allows updating the virtual layout instead of deleting and recreating it each time (import-mode="grb")
Config options as command line arguments (--set-option OPT=VAL with --print-options)
Allow configuration of follow-symlinks per autoscan directory
Configuration of containers in virtual layout: title can be changed, some nodes can be disabled
New mode of loading Javascript plugins with cleanup of global variables
Generation of example configuration via command line option --create-example-config
Case insensitive sorting for databases
New config options for URL handling and host redirection
Use .nomedia to hide directory, incl. config option
Support for UPnP commands GetFeatureList and GetSortExtensionCapabilities
Build for Ubuntu 23.04 and 23.10
FIXES
Autoscan: Keep track of renamed directories
Docker: add JPEG and update description
Runtime issues in request handling
Configurable handling of HOME directory
Transcoding: parsing issue of requests
Stability for sqlite database access
Browsing on Samsung devices
Code Improvements
Update Javascript libraries
Update versions of googletest (1.14), pupnp (1.14.18), libexiv2 (v0.28.1), libebml (1.4.5), fmt (10.2.0), pugixml (1.14), spdlog (1.12.0) and taglib (1.13.1)
Compatibility with gcc14
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recent changes to oe-core[1] mean that if a configure.ac uses gtk-doc
then gtkdocize will be called. This means that recipes that don't
inherit gtk-doc (to depend on gtk-doc-native) but don't explicitly
disable the use of gtkdocize will fail to configure.
Inheriting gtk-doc both solves the configure failure, and allows us to
build the API documentation.
[1] oe-core 891ec38d4c5cc5ac7bc34938276261ebd6f6d54e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recent changes to oe-core[1] mean that if a configure.ac uses gtk-doc
then gtkdocize will be called. This means that recipes that don't
inherit gtk-doc (to depend on gtk-doc-native) but don't explicitly
disable the use of gtkdocize will fail to configure.
Inheriting gtk-doc both solves the configure failure, and allows us to
build the API documentation.
[1] oe-core 891ec38d4c5cc5ac7bc34938276261ebd6f6d54e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
