summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libvorbis
Commit message (Collapse)AuthorAgeFilesLines
* libvorbis: 3 CVE fixesJoe Slater2018-08-163-0/+70
| | | | | | | | | | CVE-2017-14160, CVE-2018-10393 (same as 14160), and CVE-2018-10392. These fixes should be in libvorbis 1.3.7. (From OE-Core rev: 45ff20f325a51fe0ed12d58160c08e04781ce341) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: 1.3.5 -> 1.3.6Tanu Kaskinen2018-05-295-220/+13
| | | | | | | | | | | | | | Rebased 0001-configure-Check-for-clang.patch. Removed the backported CVE patches. License-Update: copyright years refreshed (From OE-Core rev: d536c0a0e400c27fd7954402195698e2c639338a) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2018-5146Tanu Kaskinen2018-03-252-0/+101
| | | | | | | | | | | | | | | Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 (From OE-Core rev: 1f01ce76c76d63f5ffe96baf518e670ae01c4d12) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2017-14632Tanu Kaskinen2018-03-252-0/+63
| | | | | | | | | | | | | | | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 (From OE-Core rev: 5786e39e040f241f6bade29ba2ce61b7715e1b66) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2017-14633Tanu Kaskinen2018-03-252-0/+43
| | | | | | | | | | | | | | | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 (From OE-Core rev: db6c0df30acdb9973f9bd4297a5fce4725c0720d) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: Contain gcc specific compiler flags using configure optionKhem Raj2017-03-242-1/+59
| | | | | | | | (From OE-Core rev: b6cdbf50e5c26c406e4ddecd66202ff7324f5468) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: remove legacy optionsStefan Müller-Klieser2015-09-031-7/+0
| | | | | | | | | | | | | Those code fragments date back to ancient times. EXTRA_OECONF is not required anymore and we should give gcc another try to do it right. Testing on cortex-a8 with thumb and -O2 reveals a performance boost of 82 percent during encoding in comparison to -O0. -O4 gives another 7 percent. (From OE-Core rev: ea04f05710a9a2a1e9561fe87579d0ae9690bd21) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: Update libvorbis_1.3.4.bb -> libvorbis_1.3.5.bbKhem Raj2015-08-301-4/+3
| | | | | | | | | | | | | | | Licence years have changes causing checksum changes -Copyright (c) 2002-2008 Xiph.org Foundation +Copyright (c) 2002-2015 Xiph.org Foundation (From OE-Core rev: cb034175054ae31f7065677ba36b6a45dc067be0) (From OE-Core rev: 49e5f3fca65133a83f124324011d7bee18fd3aa1) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: upgrade to 1.3.4Cristian Iorga2014-02-202-24/+5
| | | | | | | | | | | | | | | - Updated website; - Cleaned up bugtracker web address; - Removed PR; - Switched to ${BP} variable; - removed obsolete_automake_macros.patch, included in upstream; (From OE-Core rev: 8d0f6b39839d14dea5ed5cb8888466ed76afee00) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: replace obsolete automake macros with working onesMarko Lindqvist2013-01-152-2/+19
| | | | | | | | | | | Add obsolete_automake_macros.patch that replaces automake macros no longer supported by automake-1.13 with modern constructs. (From OE-Core rev: 0f2a601b04ac564905942b4d2006dbf348b1517b) Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: upgrade to 1.3.3Shane Wang2012-03-211-2/+2
| | | | | | | (From OE-Core rev: 5205af02970fbbf7c2f9b945f38685e0ef283d6a) Signed-off-by: Shane Wang <shane.wang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-multimedia: Update SUMMARY and DESCRIPTIONSMark Hatle2010-12-161-0/+1
| | | | | | Add SUMMARY and update DESCRIPTIONS as appropriate Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* SRC_URI Checksums AdditionalsSaul Wold2010-12-091-0/+3
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* libvorbis: Upgraded to version 1.3.2Dongxiao Xu2010-11-181-0/+0
| | | | Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
* Major layout change to the packages directoryRichard Purdie2010-08-271-0/+23
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>