diff options
author | Peter Korsgaard <peter@korsgaard.com> | 2017-04-26 13:52:14 +0200 |
---|---|---|
committer | Peter Korsgaard <peter@korsgaard.com> | 2017-04-27 10:15:05 +0200 |
commit | c363e070d8ee036052fbcadd153d8c39ce0db55b (patch) | |
tree | a78c6a0b4996e77c2c70a45d80d363de0c282246 /package/libsndfile | |
parent | c3b548020404b5ca5b52d388d2a5bc9926db0b45 (diff) | |
download | buildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.tar.gz buildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.zip |
libsndfile: security bump to version 1.0.28
Fixes:
CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libsndfile')
-rw-r--r-- | package/libsndfile/0001-srconly.patch | 17 | ||||
-rw-r--r-- | package/libsndfile/libsndfile.hash | 2 | ||||
-rw-r--r-- | package/libsndfile/libsndfile.mk | 5 |
3 files changed, 4 insertions, 20 deletions
diff --git a/package/libsndfile/0001-srconly.patch b/package/libsndfile/0001-srconly.patch deleted file mode 100644 index 417e34072a..0000000000 --- a/package/libsndfile/0001-srconly.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libsndfile-1.0.18/Makefile.in -=================================================================== ---- libsndfile-1.0.18.orig/Makefile.in -+++ libsndfile-1.0.18/Makefile.in -@@ -260,7 +260,7 @@ - top_srcdir = @top_srcdir@ - DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror - @BUILD_OCTAVE_MOD_TRUE@octave_dir = Octave --SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs -+SUBDIRS = src - DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs - EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh - pkgconfigdir = $(libdir)/pkgconfig diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash index a87b7c3085..31500cd970 100644 --- a/package/libsndfile/libsndfile.hash +++ b/package/libsndfile/libsndfile.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz +sha256 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 libsndfile-1.0.28.tar.gz diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk index 936f4be218..22909ffb62 100644 --- a/package/libsndfile/libsndfile.mk +++ b/package/libsndfile/libsndfile.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBSNDFILE_VERSION = 1.0.27 +LIBSNDFILE_VERSION = 1.0.28 LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files LIBSNDFILE_INSTALL_STAGING = YES LIBSNDFILE_LICENSE = LGPL-2.1+ @@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING LIBSNDFILE_CONF_OPTS = \ --disable-sqlite \ --disable-alsa \ - --disable-external-libs + --disable-external-libs \ + --disable-full-suite $(eval $(autotools-package)) |