18 Commits

Author SHA1 Message Date
Peter Marko 35b9a26750 audiofile: mark CVE-2020-18781 as patched
Per [1] this CVE is already patched by commit [2].

This can be also verified with yocto build.

Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted

Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.

[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68f55c158e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 23bd451257 audiofile: patch CVE-2017-6839
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 88faae83b2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 2bdeebd11f audiofile: patch CVE-2017-6831
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9d668989b1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 85c8b0ab7a audiofile: fix multiple CVEs
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 75f2bd2b3b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko beefbac3d7 audiofile: patch CVE-2017-6829
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f29fbaa465)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 9ed3377c2c audiofile: fix multiple CVEs
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 634cbcb91c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Martin Jansa be8c765c7c *.patch: add Upstream-Status to all patches
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

5 (26%) 	meta-xfce
6 (50%) 	meta-perl
15 (42%)        meta-webserver
21 (36%)        meta-gnome
25 (57%)        meta-filesystems
26 (43%)        meta-initramfs
45 (45%)        meta-python
47 (55%)        meta-multimedia
312 (63%)       meta-networking
756 (61%)       meta-oe

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-21 09:15:20 -07:00
Khem Raj 195c2045fd audiofile: Stick to c++14 std
It uses std::unary_function which is removed from c++17 onwards, until
this is removed/replaced we can not move beyond c++14

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-01-21 10:02:02 -08:00
Khem Raj 14c7d8a0d7 recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Khem Raj 93ff33b564 audiofile: Inherit pkgconfig instead of binconfig
Fixes build with musl
../audiofile-0.3.6/configure: line 16964: PKG_PROG_PKG_CONFIG: command not found
../audiofile-0.3.6/configure: line 16971: syntax error near unexpected token `FLAC,'

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-06-12 06:56:43 +02:00
Andreas Müller 765ac51257 audiofile: add alsa-lib to DEPENDS
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-02-13 18:43:37 +01:00
Andreas Müller 58fbe56044 audiofile: update to 0.3.6
License checksum changed by altering address of FSF

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-12-26 08:24:07 +01:00
Khem Raj 96446b4117 audiofile: Use gnome mirrors for SRC_URI
original uri seems to be down now

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-10-30 09:00:08 +01:00
Robert Yang 05de0ca43d meta-oe: use BPN in SRC_URI
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}

Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-07-15 14:56:55 +02:00
Martin Jansa 4d62e7f575 recipes: Remove PR = r0 from all recipes
* Remove all PR = "r0" from all .bb files in meta-oe repo. This was done
  with the command sed -e '/^PR.*=.*r0\"/d' meta*/recipes*/*/*.bb -i

* We've switching to the PR server, PR bumps are no longer needed and
  this saves people either accidentally bumping them or forgetting to
  remove the lines (r0 is the default anyway).

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2013-11-01 15:33:16 +01:00
Andrei Gherzan 3767262f9e In LICENSE "&&" should be replaced with "&"
In this way meta-oe recipes will be parsed correctly in yocto.

Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
2012-01-16 22:29:22 +01:00
Michael Lippautz 6aa6fddea9 audiofile: Update 0.2.6 to 0.2.7
0.2.7 fixes various bugs of 0.2.6 and adds further support for WAVE and AIFF-C
formats.

Drop patches:
* CVE-2008-5824 is already fixed in 0.2.7 (patch has just been a workaround):
  https://github.com/mpruett/audiofile/commit/e8cf0095b3f319739f9aa1ab5a1aa52b76be8cdd
* oldstyle patch is not needed , since current toolchain compiles C files
  with old style function declarations
* audiofile-0.2.6 patch is already applied in 0.2.7
* audiofile-m4_quote_fix is already applied in 0.2.7

Signed-off-by: Michael Lippautz <michael.lippautz@gmail.com>
2011-07-09 11:35:36 +02:00
Koen Kooi 3e32248ba1 audiofile: import from OE rev 7ae56b81f8cc22f9ef13a48cde000e32138948ea
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
2011-06-03 19:20:18 +02:00