From: Peter Korsgaard Date: Wed, 26 Apr 2017 11:52:14 +0000 (+0200) Subject: libsndfile: security bump to version 1.0.28 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=c363e070d8ee036052fbcadd153d8c39ce0db55b;p=buildroot.git libsndfile: security bump to version 1.0.28 Fixes: CVE-2017-7585 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer applies. Instead pass --disable-full-suite to disable man pages, documentation and programs, as that was presumably the reason for the patch. Signed-off-by: Peter Korsgaard --- diff --git a/package/libsndfile/0001-srconly.patch b/package/libsndfile/0001-srconly.patch deleted file mode 100644 index 417e34072a..0000000000 --- a/package/libsndfile/0001-srconly.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libsndfile-1.0.18/Makefile.in -=================================================================== ---- libsndfile-1.0.18.orig/Makefile.in -+++ libsndfile-1.0.18/Makefile.in -@@ -260,7 +260,7 @@ - top_srcdir = @top_srcdir@ - DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror - @BUILD_OCTAVE_MOD_TRUE@octave_dir = Octave --SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs -+SUBDIRS = src - DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs - EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh - pkgconfigdir = $(libdir)/pkgconfig diff --git a/package/libsndfile/libsndfile.hash b/package/libsndfile/libsndfile.hash index a87b7c3085..31500cd970 100644 --- a/package/libsndfile/libsndfile.hash +++ b/package/libsndfile/libsndfile.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0 libsndfile-1.0.27.tar.gz +sha256 1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9 libsndfile-1.0.28.tar.gz diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk index 936f4be218..22909ffb62 100644 --- a/package/libsndfile/libsndfile.mk +++ b/package/libsndfile/libsndfile.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBSNDFILE_VERSION = 1.0.27 +LIBSNDFILE_VERSION = 1.0.28 LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files LIBSNDFILE_INSTALL_STAGING = YES LIBSNDFILE_LICENSE = LGPL-2.1+ @@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING LIBSNDFILE_CONF_OPTS = \ --disable-sqlite \ --disable-alsa \ - --disable-external-libs + --disable-external-libs \ + --disable-full-suite $(eval $(autotools-package))