summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch
Commit message (Collapse)AuthorAgeFilesLines
* libsndfile1: bump to version 1.0.31Alexandru Ardelean2022-02-251-34/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems that the homepage has moved (for a while now) from http://www.mega-nerd.com/libsndfile/ to https://libsndfile.github.io/libsndfile/ On Github, the development group seems to include Erik de Castro Lopo (the original author of libsndfile1). Link: https://github.com/orgs/libsndfile/people All backported CVE patches are in version 1.0.31 (I've checked). The supported format page [1], mentions that Ogg/Opus is supported since 1.0.29, however that isn't currently added in this patch. And it may require libopus. And mp3 is supported at around version 1.1.0, but that version is in beta. This change focuses solely on updating to 1.0.31 and removing all backported patches. [1] https://libsndfile.github.io/libsndfile/formats.html (From OE-Core rev: 6e12ee5f7871150c11dac754145d146ed364b506) Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: update security patchesRoss Burton2019-03-061-0/+34
Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the underlying issue. Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245 and CVE-2017-14246 properly. Add patches for CVE-2017-12562 and CVE-2018-19758. Refresh CVE-2018-13139.patch. (From OE-Core rev: a5625df8031985e9c60c34068a4a01c36da40eec) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 06:06:55 +0000