package/audiofile: annotate _IGNORE_CVES for the included security patches

author Peter Korsgaard <peter@korsgaard.com>

Wed, 19 Feb 2020 16:01:58 +0000 (17:01 +0100)

committer Peter Korsgaard <peter@korsgaard.com>

Thu, 20 Feb 2020 12:13:23 +0000 (13:13 +0100)
author Peter Korsgaard <peter@korsgaard.com>
Wed, 19 Feb 2020 16:01:58 +0000 (17:01 +0100)
committer Peter Korsgaard <peter@korsgaard.com>
Thu, 20 Feb 2020 12:13:23 +0000 (13:13 +0100)
diff --git a/package/audiofile/audiofile.mk b/package/audiofile/audiofile.mk

index 2f2e8902e94a08d982e3642387d7800ea63be7aa..bb46436d85826950802766d810738a23fcf486fc 100644 (file)
--- a/package/audiofile/audiofile.mk
+++ b/package/audiofile/audiofile.mk
@@ -15,6 +15,22 @@ AUDIOFILE_AUTORECONF = YES
  AUDIOFILE_LICENSE = GPL-2.0+, LGPL-2.1+
  AUDIOFILE_LICENSE_FILES = COPYING COPYING.GPL
  
+# 0003-Always-check-the-number-of-coefficients.patch
+AUDIOFILE_IGNORE_CVES += \
+       CVE-2017-6827 CVE-2017-6828 CVE-2017-6832 \
+       CVE-2017-6833 CVE-2017-6835 CVE-2017-6837
+# 0004-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
+AUDIOFILE_IGNORE_CVES += CVE-2017-6829
+# 0005-Check-for-multiplication-overflow-in-sfconvert.patch
+AUDIOFILE_IGNORE_CVES += \
+       CVE-2017-6830 CVE-2017-6834 CVE-2017-6836 CVE-2017-6838
+# 0006-Actually-fail-when-error-occurs-in-parseFormat.patch
+AUDIOFILE_IGNORE_CVES += CVE-2017-6831
+# 0007-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
+AUDIOFILE_IGNORE_CVES += CVE-2017-6839
+# 0008-CVE-2015-7747.patch
+AUDIOFILE_IGNORE_CVES += CVE-2015-7747
+
  ifeq ($(BR2_PACKAGE_FLAC),y)
  AUDIOFILE_DEPENDENCIES += flac
  AUDIOFILE_CONF_OPTS += --enable-flac
author	Peter Korsgaard <peter@korsgaard.com>
	Wed, 19 Feb 2020 16:01:58 +0000 (17:01 +0100)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 20 Feb 2020 12:13:23 +0000 (13:13 +0100)