Peter Marko
c7d64c7059
vorbis-tools: patch CVE-2023-43361
...
This is inactive project, so no official CVE fix will be available
anymore. That however does not mean that there is no fix available.
Following tries to prove that patch provided here is valid.
NVD CVE report [1] links issue [2] where this is reported.
Based on the report, fix was proposed in [3].
There was some review however the patch autor was not active.
[4] was later created trying to adddress the comments, but the project
was not active anymore. In this PR the patch was shrunk to a one-liner
in discussion.
I have tested the poc and it is real.
The patch fixes it, while not breaking the execution if good file path
is provided as argument.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361
[2] https://github.com/xiph/vorbis-tools/issues/41
[3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
[4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 67d94fecb0 )
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-02-04 14:29:37 -08:00
Khem Raj
b81f66a09a
vorbis-tools: Fix build on musl
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-08-28 23:57:15 -07:00
Khem Raj
4b50fb02cc
recipes: Update LICENSE variable to use SPDX license identifiers
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2022-03-04 17:41:45 -08:00
Michael Opdenacker
5013bd7b30
vorbis-tools: update to 1.4.2 (latest in 1.4.x series)
...
This allows to get rid of 2 patches,
included in this release
Update the gettext patch, still not applied in this version
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2021-08-09 10:20:30 -07:00
Khem Raj
91f53941b8
vorbis-tools: Use external gettext
...
Fixes build with gettext 0.20.x
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2020-01-02 09:40:29 -08:00
Max Kellermann
a2bce54990
vorbis-tools: add PACKAGECONFIG[ogg123]
...
Signed-off-by: Max Kellermann <max.kellermann@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2018-09-24 11:49:45 -07:00
Khem Raj
401fbd9e50
vorbis-tools: Fix build with security flags
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2017-04-06 13:00:10 +02:00
Kai Kang
9d5b4c712f
vorbis-tools: fix CVE-2015-6749
...
Backport patch to fix CVE-2015-6749 from:
https://trac.xiph.org/ticket/2212
Signed-off-by: Kai Kang <kai.kang@windriver.com >
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
2015-10-23 12:53:22 +02:00
Stefan Müller-Klieser
50d34ad810
vorbis-tools: remove unnecessary options
...
This code is not required for yocto 1.9 any more.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de >
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
2015-09-08 16:22:48 +02:00
Stefan Müller-Klieser
ba0d87692d
vorbis-tools: add new recipe
...
Vorbis tools provide command line editing and playback tools for the
patent free audio codec. Use cases in embedded are audio tests and
performance benchmarks.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de >
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com >
2015-08-24 13:59:43 +02:00