libsamplerate: security bump to version 0.1.9

libsamplerate is relicensed under the 2 clause BSD license. Fixes CVE-2017-7697 - In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. For more details, see: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/ [Peter: add CVE info] Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit bcdaf4ca84) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-16 15:32:01 +01:00 · 2017-03-16 15:32:01 +01:00 · 35f735cd5a
commit 35f735cd5a
parent 392b4a6670
2 changed files with 3 additions and 3 deletions
--- a/package/libsamplerate/libsamplerate.hash
+++ b/package/libsamplerate/libsamplerate.hash
@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	93b54bdf46d5e6d2354b7034395fe329c222a966790de34520702bb9642f1c06	libsamplerate-0.1.8.tar.gz
+sha256  0a7eb168e2f21353fb6d84da152e4512126f7dc48ccb0be80578c565413444c1  libsamplerate-0.1.9.tar.gz
--- a/package/libsamplerate/libsamplerate.mk
+++ b/package/libsamplerate/libsamplerate.mk
@ -4,12 +4,12 @@
 #
 ################################################################################

-LIBSAMPLERATE_VERSION = 0.1.8
+LIBSAMPLERATE_VERSION = 0.1.9
 LIBSAMPLERATE_SITE = http://www.mega-nerd.com/SRC
 LIBSAMPLERATE_INSTALL_STAGING = YES
 LIBSAMPLERATE_DEPENDENCIES = host-pkgconf
 LIBSAMPLERATE_CONF_OPTS = --disable-fftw --program-transform-name=''
-LIBSAMPLERATE_LICENSE = Dual GPLv2+ / libsamplerate commercial use license
+LIBSAMPLERATE_LICENSE = BSD-2c
 LIBSAMPLERATE_LICENSE_FILES = COPYING

 ifeq ($(BR2_PACKAGE_LIBSNDFILE),y)