buildroot/package/libsndfile, branch 2019.02-op-build

package/libsndfile: add upstream post-1.0.28 security fixes

2019-01-19T15:33:14+00:00

Fixes the following security vulnerabilities: CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file CVE-2017-17456: The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245 CVE-2017-17457: The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246 CVE-2018-13139: A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave CVE-2018-19661: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service CVE-2018-19662: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service Signed-off-by: Peter Korsgaard

package/lib*: fix wrapping of Config.in help text

2017-07-31T17:10:08+00:00

The check-package script when ran gives warnings on text wrapping on all of these Config files. This patch cleans up all warnings related to the text wrapping for the Config files starting with lib in the package directory. The appropriate indentation is: <2 spaces><62 chars> See http://nightly.buildroot.org/#writing-rules-config-in for more information. Signed-off-by: Adam Duskett Signed-off-by: Thomas Petazzoni

libsndfile: security bump to version 1.0.28

2017-04-27T08:15:05+00:00

Fixes: CVE-2017-7585 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer applies. Instead pass --disable-full-suite to disable man pages, documentation and programs, as that was presumably the reason for the patch. Signed-off-by: Peter Korsgaard

boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+

2017-04-01T13:18:10+00:00

We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g' Signed-off-by: Rahul Bedarkar Signed-off-by: Thomas Petazzoni

libsndfile: disable external library dependencies

2017-01-20T02:22:14+00:00

Fixes static linking of pifmrds [1]: host/usr/bin/arm-linux-gcc -static -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -lsndfile -lm .../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(flac.o): In function `sf_flac_error_callback': flac.c:(.text+0x44c): undefined reference to `FLAC__StreamDecoderErrorStatusString' host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg.o): In function `ogg_close': ogg.c:(.text+0x10): undefined reference to `ogg_sync_clear' host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libsndfile.a(ogg_vorbis.o): In function `vorbis_read_sample': ogg_vorbis.c:(.text+0x26c): undefined reference to `vorbis_synthesis_pcmout' [1] http://autobuild.buildroot.net/results/9b7/9b7638caa8f3e82e38fb68b0321cb649618a0131 Signed-off-by: Peter Seiderer Signed-off-by: Thomas Petazzoni

package/libsndfile: bump version to 1.0.27

2016-07-07T09:48:50+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

libsndfile: security bump to version 1.0.26

2015-12-15T20:36:02+00:00

Fixes: CVE-2014-9496 - SD2 buffer read overflow. CVE-2014-9756 - file_io.c divide by zero. CVE-2015-7805 - AIIF heap write overflow. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

libsndfile: add hash file

2015-07-16T20:36:36+00:00

Signed-off-by: Gustavo Zacarias

packages: remove (non-)lfs dependencies and tweaks

2015-04-01T20:47:22+00:00

Now that largefile is mandatory removes package dependencies and conditionals. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

package/*: rename patches according to the new policy

2015-02-03T13:52:56+00:00

Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345) Signed-off-by: Samuel Martin Signed-off-by: Peter Korsgaard