libsndfile: security bump to version 1.0.28

Fixes: CVE-2017-7585 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. CVE-2017-7741 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. CVE-2017-7742 - In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer applies. Instead pass --disable-full-suite to disable man pages, documentation and programs, as that was presumably the reason for the patch. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 13:52:14 +02:00 · 2017-04-26 13:52:14 +02:00 · c363e070d8
commit c363e070d8
parent c3b5480204
3 changed files with 4 additions and 20 deletions
--- a/package/libsndfile/0001-srconly.patch
+++ b/package/libsndfile/0001-srconly.patch
@ -1,17 +0,0 @@
---
- Makefile.in |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libsndfile-1.0.18/Makefile.in
-===================================================================
--- libsndfile-1.0.18.orig/Makefile.in
-+++ libsndfile-1.0.18/Makefile.in
-@@ -260,7 +260,7 @@
- top_srcdir = @top_srcdir@
- DISTCHECK_CONFIGURE_FLAGS = --enable-gcc-werror
- @BUILD_OCTAVE_MOD_TRUE@octave_dir = Octave
-SUBDIRS = M4 man doc Win32 src $(octave_dir) examples regtest tests programs
-+SUBDIRS = src
- DIST_SUBDIRS = M4 man doc Win32 src Octave examples regtest tests programs
- EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Mingw-make-dist.sh
- pkgconfigdir = $(libdir)/pkgconfig
--- a/package/libsndfile/libsndfile.hash
+++ b/package/libsndfile/libsndfile.hash
@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	a391952f27f4a92ceb2b4c06493ac107896ed6c76be9a613a4731f076d30fac0	libsndfile-1.0.27.tar.gz
+sha256	1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9	libsndfile-1.0.28.tar.gz
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBSNDFILE_VERSION = 1.0.27
+LIBSNDFILE_VERSION = 1.0.28
 LIBSNDFILE_SITE = http://www.mega-nerd.com/libsndfile/files
 LIBSNDFILE_INSTALL_STAGING = YES
 LIBSNDFILE_LICENSE = LGPL-2.1+
@ -13,6 +13,7 @@ LIBSNDFILE_LICENSE_FILES = COPYING
 LIBSNDFILE_CONF_OPTS = \
 	--disable-sqlite \
 	--disable-alsa \
-	--disable-external-libs
+	--disable-external-libs \
+	--disable-full-suite

 $(eval $(autotools-package))