10 Commits

Author SHA1 Message Date
Peter Marko c7d64c7059 vorbis-tools: patch CVE-2023-43361
This is inactive project, so no official CVE fix will be available
anymore. That however does not mean that there is no fix available.
Following tries to prove that patch provided here is valid.

NVD CVE report [1] links issue [2] where this is reported.
Based on the report, fix was proposed in [3].
There was some review however the patch autor was not active.
[4] was later created trying to adddress the comments, but the project
was not active anymore. In this PR the patch was shrunk to a one-liner
in discussion.

I have tested the poc and it is real.
The patch fixes it, while not breaking the execution if good file path
is provided as argument.

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361
[2] https://github.com/xiph/vorbis-tools/issues/41
[3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
[4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 67d94fecb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Khem Raj b81f66a09a vorbis-tools: Fix build on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-28 23:57:15 -07:00
Khem Raj 4b50fb02cc recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Michael Opdenacker 5013bd7b30 vorbis-tools: update to 1.4.2 (latest in 1.4.x series)
This allows to get rid of 2 patches,
included in this release

Update the gettext patch, still not applied in this version

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-09 10:20:30 -07:00
Khem Raj 91f53941b8 vorbis-tools: Use external gettext
Fixes build with gettext 0.20.x

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-01-02 09:40:29 -08:00
Max Kellermann a2bce54990 vorbis-tools: add PACKAGECONFIG[ogg123]
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-09-24 11:49:45 -07:00
Khem Raj 401fbd9e50 vorbis-tools: Fix build with security flags
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2017-04-06 13:00:10 +02:00
Kai Kang 9d5b4c712f vorbis-tools: fix CVE-2015-6749
Backport patch to fix CVE-2015-6749 from:

https://trac.xiph.org/ticket/2212

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-10-23 12:53:22 +02:00
Stefan Müller-Klieser 50d34ad810 vorbis-tools: remove unnecessary options
This code is not required for yocto 1.9 any more.

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-09-08 16:22:48 +02:00
Stefan Müller-Klieser ba0d87692d vorbis-tools: add new recipe
Vorbis tools provide command line editing and playback tools for the
patent free audio codec. Use cases in embedded are audio tests and
performance benchmarks.

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2015-08-24 13:59:43 +02:00