<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-multimedia/audiofile/files, branch master</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-11-14T15:36:56+00:00</updated>
<entry>
<title>audiofile: Fix build with clang++</title>
<updated>2025-11-14T15:36:56+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2025-11-14T08:24:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=78f49691d74db266fc94ac5581eb71d71c7c45e0'/>
<id>urn:sha1:78f49691d74db266fc94ac5581eb71d71c7c45e0</id>
<content type='text'>
When tests are enabled additional C++ code is compiled and clang does
not like the code.

Cc: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: patch CVE-2018-13440 and CVE-2018-17059</title>
<updated>2025-11-14T15:36:56+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-14T08:24:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e16a7d11d1dc0c577cb17652085b0c183c791883'/>
<id>urn:sha1:e16a7d11d1dc0c577cb17652085b0c183c791883</id>
<content type='text'>
Details:
https://nvd.nist.gov/vuln/detail/CVE-2018-13440
https://nvd.nist.gov/vuln/detail/CVE-2018-17059

The patches have been backported from Debian - upstream
has been inactive for almost a decade by now.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: backport test for CVE-2015-7747</title>
<updated>2025-11-14T15:36:56+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-14T08:24:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6c98db2449a52de0f9533ab84e31c7a1d2bd7e49'/>
<id>urn:sha1:6c98db2449a52de0f9533ab84e31c7a1d2bd7e49</id>
<content type='text'>
This is a backported patch from opensuse, which contains a testcase
for CVE-2015-7747 (which is already patched in ths recipe, but not
tested explicitly).

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: add ptest support</title>
<updated>2025-11-14T15:36:55+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-14T08:24:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=85ded08df0ad850928eea9919674161d94da5454'/>
<id>urn:sha1:85ded08df0ad850928eea9919674161d94da5454</id>
<content type='text'>
It's under 15 seconds to execute it.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: patch CVE-2019-13147 and CVE-2022-24599</title>
<updated>2025-11-14T15:36:55+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-11-14T08:24:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8ef997336aec6f51318f1a7fa55d57e3990914e8'/>
<id>urn:sha1:8ef997336aec6f51318f1a7fa55d57e3990914e8</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147
https://nvd.nist.gov/vuln/detail/CVE-2022-24599

These patches are used by opensuse to mitigate the corresponding vulnerabulities.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: Fix Upstream-Status</title>
<updated>2025-10-24T16:06:24+00:00</updated>
<author>
<name>Leon Anavi</name>
<email>leon.anavi@konsulko.com</email>
</author>
<published>2025-10-22T08:37:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d804fb389fe7fa7b02f91f8900a7b0fee6b1ca27'/>
<id>urn:sha1:d804fb389fe7fa7b02f91f8900a7b0fee6b1ca27</id>
<content type='text'>
Fix a minor typo in the patches by replacing "Upstrem-Status" with
"Upstream-Status". The typo was not triggering a QA Issue because
there is a second "Upstream-Status" line in each patch.

Signed-off-by: Leon Anavi &lt;leon.anavi@konsulko.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: mark CVE-2020-18781 as patched</title>
<updated>2025-01-18T00:39:40+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-01-17T19:33:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=68f55c158e15a5d35702ae5c730586001e487f86'/>
<id>urn:sha1:68f55c158e15a5d35702ae5c730586001e487f86</id>
<content type='text'>
Per [1] this CVE is already patched by commit [2].

This can be also verified with yocto build.

Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted

Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.

[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: patch CVE-2017-6839</title>
<updated>2024-12-27T17:21:44+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-12-27T10:56:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=88faae83b2b0e68827c457f4f348f7d7868f5258'/>
<id>urn:sha1:88faae83b2b0e68827c457f4f348f7d7868f5258</id>
<content type='text'>
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: patch CVE-2017-6831</title>
<updated>2024-12-27T17:21:44+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-12-27T10:56:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9d668989b1447fb19aff55c1a47acdf8d4e8c5e2'/>
<id>urn:sha1:9d668989b1447fb19aff55c1a47acdf8d4e8c5e2</id>
<content type='text'>
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audiofile: fix multiple CVEs</title>
<updated>2024-12-27T17:21:44+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-12-27T10:56:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=75f2bd2b3b145d8282db9926d8212c6d81bde99e'/>
<id>urn:sha1:75f2bd2b3b145d8282db9926d8212c6d81bde99e</id>
<content type='text'>
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
