OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2017.08 2017-05-28T13:23:54+00:00 2017-05-28T13:23:54+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-05-27T16:04:46+00:00 urn:sha1:a7777eecd4eaebd65b28e26fb1075b8609ac8f7c Fixes mpd: http://autobuild.buildroot.net/results/799/7997ccd698f03885f98d00bd150dc3a578e4b161/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-05-28T13:08:26+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2017-05-27T15:44:26+00:00 urn:sha1:a2ad9cf71da39efc4ab942578cdbceb5c30a4025 Fixes CVE-2015-7747 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:18:10+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:34+00:00 urn:sha1:30a3e8d108d46bbd2622b8139c996d52e48a4e10 We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-04-01T13:16:38+00:00 Rahul Bedarkar rahulbedarkar89@gmail.com 2017-03-30T13:43:32+00:00 urn:sha1:af31c309e73ca88ee70c52e591f90e4b89ff5e55 We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-03-31T11:36:31+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-30T21:03:35+00:00 urn:sha1:844a7c6281eb442881330a5d36d5a0719f2870bf Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-31T11:36:26+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-30T21:03:34+00:00 urn:sha1:bd5f84d301c4e74ca200a9336eca88468ec0e1f3 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp https://github.com/mpruett/audiofile/issues/35 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-31T11:36:23+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-30T21:03:33+00:00 urn:sha1:4a1a8277bba490d227f413e218138e39f1fe1203 CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp https://github.com/mpruett/audiofile/issues/34 CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp https://github.com/mpruett/audiofile/issues/38 CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h https://github.com/mpruett/audiofile/issues/40 CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-31T11:36:20+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-30T21:03:32+00:00 urn:sha1:434890df2a7c131b40fec1c49e6239972ab299d2 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp https://github.com/mpruett/audiofile/issues/33 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-31T11:36:17+00:00 Peter Korsgaard peter@korsgaard.com 2017-03-30T21:03:31+00:00 urn:sha1:cc00bde57fc20d11f8fa4e8ec5f193c091714c55 CVE-2017-6827: A heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp https://github.com/mpruett/audiofile/issues/32 CVE-2017-6828: A Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp https://github.com/mpruett/audiofile/issues/31 CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp https://github.com/mpruett/audiofile/issues/36 CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp https://github.com/mpruett/audiofile/issues/37 CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp https://github.com/mpruett/audiofile/issues/39 CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ https://github.com/mpruett/audiofile/issues/41 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-06-06T21:21:59+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-06-04T16:13:52+00:00 urn:sha1:0b69faf716bcf901f59189219d64df56623fa23c Fixes make[3]: Entering directory '/home/buildroot/br7_freeswitch/output/build/audiofile-0.3.6/libaudiofile/modules' /bin/bash ../../libtool --tag=CXX --mode=compile /home/buildroot/br7_freeswitch/output/host/usr/bin/i586-buildroot-linux-uclibc-g++ -DHAVE_CONFIG_H -I. -I../.. -I./.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DNDEBUG -Wall -Wno-multichar -fvisibility=hidden -fno-rtti -fno-exceptions -fvisibility-inlines-hidden -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -c -o ALAC.lo ALAC.cpp libtool: compile: /home/buildroot/br7_freeswitch/output/host/usr/bin/i586-buildroot-linux-uclibc-g++ -DHAVE_CONFIG_H -I. -I../.. -I./.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DNDEBUG -Wall -Wno-multichar -fvisibility=hidden -fno-rtti -fno-exceptions -fvisibility-inlines-hidden -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -c ALAC.cpp -fPIC -DPIC -o .libs/ALAC.o In file included from ALAC.cpp:29:0: SimpleModule.h: In instantiation of 'const int signConverter<(FormatCode)0>::kMinSignedValue': SimpleModule.h:130:52: required from 'signConverter<Format>::UnsignedType signConverter<Format>::signedToUnsigned::operator()(signConverter<Format>::SignedType) [with FormatCode Format = (FormatCode)0; signConverter<Format>::UnsignedType = unsigned char; signConverter<Format>::SignedType = signed char]' /home/buildroot/br7_freeswitch/output/host/usr/i586-buildroot-linux-uclibc/include/c++/6.1.0/bits/stl_algo.h:4184:24: required from '_OIter std::transform(_IIter, _IIter, _OIter, _UnaryOperation) [with _IIter = const signed char*; _OIter = unsigned char*; _UnaryOperation = signConverter<(FormatCode)0>::signedToUnsigned]' SimpleModule.h:104:16: required from 'void transform(const void*, void*, size_t) [with UnaryFunction = signConverter<(FormatCode)0>::signedToUnsigned; size_t = unsigned int]' SimpleModule.h:176:62: required from 'static void ConvertSign::convertSignedToUnsigned(const void*, void*, size_t) [with FormatCode Format = (FormatCode)0; size_t = unsigned int]' SimpleModule.h:183:51: required from here SimpleModule.h:126:40: error: left operand of shift expression '(-1 << 7)' is negative [-fpermissive] static const int kMinSignedValue = -1 << kScaleBits; ~~~^~~~~~~~~~~~~ To reproduce the build error use this defconfig: BR2_GCC_VERSION_6_X=y BR2_TOOLCHAIN_BUILDROOT_CXX=y BR2_PACKAGE_AUDIOFILE=y Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>