aboutsummaryrefslogtreecommitdiff
path: root/package/libsndfile
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2017-04-26 13:52:14 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-04-27 10:15:05 +0200
commitc363e070d8ee036052fbcadd153d8c39ce0db55b (patch)
treea78c6a0b4996e77c2c70a45d80d363de0c282246 /package/libsndfile
parentc3b548020404b5ca5b52d388d2a5bc9926db0b45 (diff)
downloadbuildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.tar.gz
buildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.tar.bz2
libsndfile: security bump to version 1.0.28
Fixes: CVE-2017-7585 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer applies. Instead pass --disable-full-suite to disable man pages, documentation and programs, as that was presumably the reason for the patch. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libsndfile')
-rw-r--r--package/libsndfile/0001-srconly.patch17
-rw-r--r--package/libsndfile/libsndfile.hash2
-rw-r--r--package/libsndfile/libsndfile.mk5
3 files changed, 4 insertions, 20 deletions
diff --git a/package/libsndfile/0001-srconly.patch b/package/libsndfile/0001-srconly.patch
deleted file mode 100644
index 417e34072a..0000000000
--- a/package/libsndfile/0001-srconly.patch
+++ /dev/null
@@ -1,17 +0,0 @@
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libsndfile-1.0.18/Makefile.in
-===================================================================
---- libsndfile-1.0.18.orig/Makefile.in
-+++ libsndfile-1.0.18/Makefile.in
-@@ -260,7 +260,7 @@
- top_srcdir = @top_srcdir@
- DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
- @BUILD_OCTAVE_MOD_TRUE@octave_dir = Octave
--SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs
-+SUBDIRS = src
- DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs
- EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh
- pkgconfigdir = $(libdir)/pkgconfig
diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash
index a87b7c3085..31500cd970 100644
--- a/package/libsndfile/libsndfile.hash
+++ b/package/libsndfile/libsndfile.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz
+sha256 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 libsndfile-1.0.28.tar.gz
diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
index 936f4be218..22909ffb62 100644
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBSNDFILE_VERSION = 1.0.27
+LIBSNDFILE_VERSION = 1.0.28
LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files
LIBSNDFILE_INSTALL_STAGING = YES
LIBSNDFILE_LICENSE = LGPL-2.1+
@@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING
LIBSNDFILE_CONF_OPTS = \
--disable-sqlite \
--disable-alsa \
- --disable-external-libs
+ --disable-external-libs \
+ --disable-full-suite
$(eval $(autotools-package))