summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libsndfile
Commit message (Collapse)AuthorAgeFilesLines
* libsndfile1: remove redundant autoconf seedingRoss Burton2019-07-101-6/+0
| | | | | | | | | | | | | | Twelve years ago libsndfile was badly detecting large file handling and generating bad code[1]. The detection code in libsndfile has had many fixes since then and this isn't needed anymore (verified by comparing config.h when built for qemuarm). [1] https://git.openembedded.org/openembedded/commit/?id=875cfc6f23ae68c6215bf32eb01a486f0387cb92 (From OE-Core rev: 86f3a3ce6a80da66c7a53e7cb794c17230bd466d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: disable use of sqlite3 by defaultRoss Burton2019-07-101-1/+2
| | | | | | | | | | | sqlite3 is only used by the regression testing tool, which is of limited use unless you're the developer of libsndfile. Add a PACKAGECONFIG for this, but disable by default. (From OE-Core rev: 5f01497dee9fcd5e5fc6bddb061b6cc55909fe65) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: fix CVE-2019-3832Ross Burton2019-03-262-0/+38
| | | | | | | | | | The previous fix for CVE-2018-19758 wasn't complete, so backport another patch to solve it properly. (From OE-Core rev: aeaca9bb1b1c8bf44818945dc4b2cbd6d4b5cef2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: update security patchesRoss Burton2019-03-066-142/+160
| | | | | | | | | | | | | | | | | Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the underlying issue. Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245 and CVE-2017-14246 properly. Add patches for CVE-2017-12562 and CVE-2018-19758. Refresh CVE-2018-13139.patch. (From OE-Core rev: a5625df8031985e9c60c34068a4a01c36da40eec) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Security fix CVE-2018-19432Changqing Li2019-02-252-0/+116
| | | | | | | | (From OE-Core rev: 6f010c9b7777aae5ce2108122d0c6d3b1d630a21) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Security fix CVE-2017-17456/17457 CVE-2018-19661/19662Changqing Li2019-01-082-0/+102
| | | | | | | | | | fix 4 CVEs, which is backport from https://github.com/erikd/libsndfile/commit/585cc28a93be27d6938f276af0011401b9f7c0ca (From OE-Core rev: 8f4af329df5373db8910726a6b954652623003dd) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2018-13139Changqing Li2018-10-102-0/+36
| | | | | | | | | | | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28. Fixed in https://github.com/erikd/libsndfile/issues/397 (From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2017-14634Jagadeesh Krishnanjanappa2018-08-232-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | double64_init: Check psf->sf.channels against upper bound This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. CVE-2017-14634 Closes: #318 Affects libsndfile1 = 1.0.28 (From OE-Core rev: eee93149a49274dc3deed7d89754ee4bda240575) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2017-14245 CVE-2017-14246Jagadeesh Krishnanjanappa2018-08-232-0/+122
| | | | | | | | | | | | | | | | | | | sfe_copy_data_fp: check value of "max" variable for being normal and check elements of the data[] array for being finite. Both checks use functions provided by the <math.h> header as declared by the C99 standard. Fixes #317 CVE-2017-14245 CVE-2017-14246 Affects libsndfile1 = 1.0.28 (From OE-Core rev: ad842a3a0e6ef78fb9449362753ae3592c775192) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-8363Jackie Huang2017-08-182-0/+38
| | | | | | | | | | | | | | | | Backport the patch to fix CVE-2017-8363: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8363 (From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-8362Jackie Huang2017-08-182-0/+60
| | | | | | | | | | | | | | | | Backport the patch to fix CVE-2017-8362: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8362 (From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365Jackie Huang2017-08-182-0/+74
| | | | | | | | | | | | | | | | | | | | | | | | Backport the patch to fix two CVEs: CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 https://nvd.nist.gov/vuln/detail/CVE-2017-8365 (From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1_1.0.28.bb: set CVE_PRODUCT to libsndfileMikko Rapeli2017-07-241-0/+2
| | | | | | | | | | | | It is used in NVD to CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2017-6892 (From OE-Core rev: adfb1c7fe28a6ef2bcf698f7415fd86b01bdc489) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-6892Fan Xin2017-06-282-1/+37
| | | | | | | | | | | | Backport upstream patch to fix CVE-2017-6892. CVE: CVE-2017-6892 (From OE-Core rev: cc9b8d0afe64b83f585843f3aff1c077f69fd656) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: 1.0.27 -> 1.0.28Huang Qiyu2017-05-231-2/+2
| | | | | | | | | | Upgrade libsndfile1 from 1.0.27 to 1.0.28. (From OE-Core rev: 86009f82c8c8206cc79f68d14d68c7c0b3ffe491) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: 1.0.26 -> 1.0.27Tanu Kaskinen2016-07-261-2/+2
| | | | | | | | (From OE-Core rev: e5128874a93519ff5ef8a66dbccd4d89feaba32b) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove redundant ac_cv_sizeof_off_t assignmentsRoss Burton2016-04-121-1/+0
| | | | | | | | | | | | | | ac_cv_sizeof_off_t was previously in the site cache files, which was breaking large file support and required a workaround in each recipe that actually wanted to use large files. Now that the entry has been removed from the site cache, we can remove the workarounds. (From OE-Core rev: 1485d7cae88adb3575c6eaa47784fe50820d2740) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: enable FLAC/Ogg/Vorbis supportTanu Kaskinen2015-12-281-3/+1
| | | | | | | | | | | | | | | | | | | This makes it possible to handle FLAC and Vorbis files in programs that use libsndfile. It seems that the external dependencies were disabled just as a routine measure to make builds deterministic, since the dependencies were missing from DEPENDS[1]. Therefore it seems likely that nobody particularly wants to have libsndfile without support for these formats. [1] http://git.openembedded.org/openembedded-core/commit/?id=34a14ce3ea78be299175e1a803f92519aa02355b (From OE-Core rev: 7c7d436e660a8869179c4e5579aa2a992d636c22) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: 1.0.25 -> 1.0.26Tanu Kaskinen2015-12-164-292/+3
| | | | | | | | | | | | | | | | | | | | | Main points from the release announcement: * Fix for CVE-2014-9496, SD2 buffer read overflow. * Fix for CVE-2014-9756, file_io.c divide by zero. * Fix for CVE-2015-7805, AIFF heap write overflow. * Add support for ALAC encoder in a CAF container. * Add support for Cart chunks in WAV files. * Minor bug fixes and improvements. All patches we had are included in the new release. Dropped PR from the recipe. (From OE-Core rev: 5a4b8f7f643a4b95a7036eab02c7f74aa4077982) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile: fix CVE-2014-9756Maxin B. John2015-11-252-0/+25
| | | | | | | | | | Fix divide by zero bug (CVE-2014-9756) (From OE-Core rev: f47cf07ab9d00ed7eddc8e867138481f7bd2bb7d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile: Security Advisory - libsndfile - CVE-2014-9496Yue Tao2015-06-083-1/+264
| | | | | | | | | | | Backport two commits from libsndfile upstream to fix a segfault and two potential buffer overflows. (From OE-Core rev: 9907e20868397a9823cc1e755ee1b697da6be2f3) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2014-04-251-1/+1
| | | | | | | | | | | The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: bump PRsMartin Jansa2014-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * resolves following warnings: WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends) WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends) (From OE-Core rev: c6825ec6e92e20bb64a051d1576f363c16e98d68) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-021-1/+1
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: use PACKAGECONFIG for alsa distro featureChristopher Larson2012-05-031-1/+4
| | | | | | | (From OE-Core rev: af593b5a3a8e1e552b34ca2785894ac468763024) Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: upgrade to version 1.0.25Dongxiao Xu2011-10-311-3/+3
| | | | | | | (From OE-Core rev: 44da39789bcf0554a82586ebc611b49a4665333d) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Disable external codec librbaries since we don't list in DEPENDSRichard Purdie2011-09-251-1/+3
| | | | | | (From OE-Core rev: 34a14ce3ea78be299175e1a803f92519aa02355b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: upgrade to version 1.0.24Dongxiao Xu2011-04-283-46/+2
| | | | | | | (From OE-Core rev: 71794b266e3fcd9661f57a4ba70abc87e74b7326) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* SRC_URI Checksums AdditionalsSaul Wold2010-12-091-0/+3
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* libsndfile: remove patches that are no longer required by upstreamSaul Wold2010-11-221-3/+1
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* libsndfile: Upgrade to 1.0.23Saul Wold2010-11-183-0/+68
Renamed and moved to recipes-multimedia Signed-off-by: Saul Wold <Saul.Wold@intel.com>