diff options
author | Alexandru Ardelean <ardeleanalex@gmail.com> | 2022-02-24 17:30:33 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-02-25 12:41:24 +0000 |
commit | fd2c86b06963345683ac5dc4f47f9da8e0c8c69d (patch) | |
tree | e360ee3b3b03d5a3df55aec435b29b0d4b4f669f /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch | |
parent | e62965346314544919e4a529ca860a242d76b303 (diff) | |
download | poky-fd2c86b06963345683ac5dc4f47f9da8e0c8c69d.tar.gz |
libsndfile1: bump to version 1.0.31
It seems that the homepage has moved (for a while now) from
http://www.mega-nerd.com/libsndfile/
to
https://libsndfile.github.io/libsndfile/
On Github, the development group seems to include Erik de Castro Lopo (the
original author of libsndfile1).
Link: https://github.com/orgs/libsndfile/people
All backported CVE patches are in version 1.0.31 (I've checked).
The supported format page [1], mentions that Ogg/Opus is supported since
1.0.29, however that isn't currently added in this patch. And it may
require libopus.
And mp3 is supported at around version 1.1.0, but that version is in beta.
This change focuses solely on updating to 1.0.31 and removing all
backported patches.
[1] https://libsndfile.github.io/libsndfile/formats.html
(From OE-Core rev: 6e12ee5f7871150c11dac754145d146ed364b506)
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch deleted file mode 100644 index 9ee7e46a6d..0000000000 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001 | ||
2 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
3 | Date: Fri, 14 Apr 2017 15:19:16 +1000 | ||
4 | Subject: [PATCH] src/flac.c: Fix a buffer read overflow | ||
5 | |||
6 | A file (generated by a fuzzer) which increased the number of channels | ||
7 | from one frame to the next could cause a read beyond the end of the | ||
8 | buffer provided by libFLAC. Only option is to abort the read. | ||
9 | |||
10 | Closes: https://github.com/erikd/libsndfile/issues/231 | ||
11 | |||
12 | CVE: CVE-2017-8362 | ||
13 | |||
14 | Upstream-Status: Backport [https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808] | ||
15 | |||
16 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
17 | --- | ||
18 | src/flac.c | 11 +++++++++-- | ||
19 | 1 file changed, 9 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/src/flac.c b/src/flac.c | ||
22 | index 5a4f8c2..e4f9aaa 100644 | ||
23 | --- a/src/flac.c | ||
24 | +++ b/src/flac.c | ||
25 | @@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf) | ||
26 | const int32_t* const *buffer = pflac->wbuffer ; | ||
27 | unsigned i = 0, j, offset, channels, len ; | ||
28 | |||
29 | + if (psf->sf.channels != (int) frame->header.channels) | ||
30 | + { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" | ||
31 | + "Nothing to do but to error out.\n" , | ||
32 | + psf->sf.channels, frame->header.channels) ; | ||
33 | + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; | ||
34 | + return 0 ; | ||
35 | + } ; | ||
36 | + | ||
37 | /* | ||
38 | ** frame->header.blocksize is variable and we're using a constant blocksize | ||
39 | ** of FLAC__MAX_BLOCK_SIZE. | ||
40 | @@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf) | ||
41 | return 0 ; | ||
42 | } ; | ||
43 | |||
44 | - | ||
45 | len = SF_MIN (pflac->len, frame->header.blocksize) ; | ||
46 | |||
47 | if (pflac->remain % channels != 0) | ||
48 | @@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ | ||
49 | { case FLAC__METADATA_TYPE_STREAMINFO : | ||
50 | if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) | ||
51 | { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" | ||
52 | - "Nothing to be but to error out.\n" , | ||
53 | + "Nothing to do but to error out.\n" , | ||
54 | psf->sf.channels, metadata->data.stream_info.channels) ; | ||
55 | psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; | ||
56 | return ; | ||
57 | -- | ||
58 | 2.7.4 | ||
59 | |||