Commit Graph

24 Commits

Author SHA1 Message Date
Bernd Kuhls
a7777eecd4 package/audiofile: Fix static linking with libsndfile
Fixes mpd:
http://autobuild.buildroot.net/results/799/7997ccd698f03885f98d00bd150dc3a578e4b161/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:23:54 +02:00
Bernd Kuhls
a2ad9cf71d package/audiofile: add security fix
Fixes CVE-2015-7747

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-28 15:08:26 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Rahul Bedarkar
af31c309e7 boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.

This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:16:38 +02:00
Peter Korsgaard
844a7c6281 audiofile: add security patch for CVE-2017-6839
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-31 13:36:31 +02:00
Peter Korsgaard
bd5f84d301 audiofile: add security patch for CVE-2017-6831
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-31 13:36:26 +02:00
Peter Korsgaard
4a1a8277bb audiofile: add security patch for CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838
CVE-2017-6830: A heap-based buffer overflow in the alaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/34

CVE-2017-6834: A heap-based buffer overflow in the ulaw2linear_buf function
in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
https://github.com/mpruett/audiofile/issues/38

CVE-2017-6836: A heap-based buffer overflow in the Expand3To4Module::run
function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
https://github.com/mpruett/audiofile/issues/40

CVE-2017-6838: Integer overflow in sfcommands/sfconvert.c in Audio File
Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-31 13:36:23 +02:00
Peter Korsgaard
434890df2a audiofile: add security patch for CVE-2017-6829
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://github.com/mpruett/audiofile/issues/33

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-31 13:36:20 +02:00
Peter Korsgaard
cc00bde57f audiofile: add security patch for CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837
CVE-2017-6827: A heap-based buffer overflow in the
MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka
libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have
unspecified impact via a crafted audio file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/32

CVE-2017-6828: A Heap-based buffer overflow in the readValue function in
FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6
allows remote attackers to have unspecified impact via a crafted WAV file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
https://github.com/mpruett/audiofile/issues/31

CVE-2017-6832: A Heap-based buffer overflow in the decodeBlock in
MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
attackers to cause a denial of service (crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
https://github.com/mpruett/audiofile/issues/36

CVE-2017-6833: The runPull function in libaudiofile/modules/BlockCodec.cpp
in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause
a denial of service (divide-by-zero error and crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/37

CVE-2017-6835: The reset1 function in libaudiofile/modules/BlockCodec.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (divide-by-zero error and crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
https://github.com/mpruett/audiofile/issues/39

CVE-2017-6837: WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows
remote attackers to cause a denial of service (crash) via vectors related to
a large number of coefficients.

http://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-31 13:36:17 +02:00
Bernd Kuhls
0b69faf716 package/audiofile: fix compilation with gcc6
Fixes

make[3]: Entering directory '/home/buildroot/br7_freeswitch/output/build/audiofile-0.3.6/libaudiofile/modules'
/bin/bash ../../libtool  --tag=CXX   --mode=compile /home/buildroot/br7_freeswitch/output/host/usr/bin/i586-buildroot-linux-uclibc-g++ -DHAVE_CONFIG_H -I. -I../.. -I./..  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DNDEBUG -Wall -Wno-multichar    -fvisibility=hidden -fno-rtti -fno-exceptions -fvisibility-inlines-hidden -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -Os  -c -o ALAC.lo ALAC.cpp
libtool: compile:  /home/buildroot/br7_freeswitch/output/host/usr/bin/i586-buildroot-linux-uclibc-g++ -DHAVE_CONFIG_H -I. -I../.. -I./.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DNDEBUG -Wall -Wno-multichar -fvisibility=hidden -fno-rtti -fno-exceptions -fvisibility-inlines-hidden -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -c ALAC.cpp  -fPIC -DPIC -o .libs/ALAC.o
In file included from ALAC.cpp:29:0:
SimpleModule.h: In instantiation of 'const int signConverter<(FormatCode)0>::kMinSignedValue':
SimpleModule.h:130:52:   required from 'signConverter<Format>::UnsignedType signConverter<Format>::signedToUnsigned::operator()(signConverter<Format>::SignedType) [with FormatCode Format = (FormatCode)0; signConverter<Format>::UnsignedType = unsigned char; signConverter<Format>::SignedType = signed char]'
/home/buildroot/br7_freeswitch/output/host/usr/i586-buildroot-linux-uclibc/include/c++/6.1.0/bits/stl_algo.h:4184:24:   required from '_OIter std::transform(_IIter, _IIter, _OIter, _UnaryOperation) [with _IIter = const signed char*; _OIter = unsigned char*; _UnaryOperation = signConverter<(FormatCode)0>::signedToUnsigned]'
SimpleModule.h:104:16:   required from 'void transform(const void*, void*, size_t) [with UnaryFunction = signConverter<(FormatCode)0>::signedToUnsigned; size_t = unsigned int]'
SimpleModule.h:176:62:   required from 'static void ConvertSign::convertSignedToUnsigned(const void*, void*, size_t) [with FormatCode Format = (FormatCode)0; size_t = unsigned int]'
SimpleModule.h:183:51:   required from here
SimpleModule.h:126:40: error: left operand of shift expression '(-1 << 7)' is negative [-fpermissive]
  static const int kMinSignedValue = -1 << kScaleBits;
                                     ~~~^~~~~~~~~~~~~

To reproduce the build error use this defconfig:

BR2_GCC_VERSION_6_X=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_AUDIOFILE=y

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-06 23:21:59 +02:00
Gustavo Zacarias
13a3cf6643 audiofile: comma separate licenses
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 22:05:14 +01:00
Jörg Krause
1a0645851c package/audiofile: add patch to fix static linking issue
Static linking userspace programs such as MPD against libaudiofile fails if
FLAC is available, because libaudiofile is linked against FLAC, but this isn't
expressed in the pkg-config file:

[..]
arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libaudiofile.a(FLAC.o): In function `FLACDecoder::reset2()':
FLAC.cpp:(.text+0x58): undefined reference to `FLAC__stream_decoder_seek_absolute'
/home/buildroot/build/instance-1/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libaudiofile.a(FLAC.o): In function `FLACEncoder::sync2()':
FLAC.cpp:(.text+0x88): undefined reference to `FLAC__stream_encoder_finish'
/home/buildroot/build/instance-1/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libaudiofile.a(FLAC.o): In function `FLACDecoder::~FLACDecoder()':
FLAC.cpp:(.text+0xc4): undefined reference to `FLAC__stream_decoder_delete'
/home/buildroot/build/instance-1/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libaudiofile.a(FLAC.o): In function `FLACEncoder::~FLACEncoder()':
FLAC.cpp:(.text+0x164): undefined reference to `FLAC__stream_encoder_delete'
/home/buildroot/build/instance-1/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libaudiofile.a(FLAC.o): In function `FLACDecoder::runPull()':
[..]

The Libs.private field is specifically designed for such usage:

>From pkg-config documentation:

  Libs.private:

    This line should list any private libraries in use.  Private
    libraries are libraries which are not exposed through your
    library, but are needed in the case of static linking.

Therefore, this patch adds a reference to FLAC as well as to lcov in the
Libs.private field of the pkg-config file.

Patch status: Pending
https://github.com/mpruett/audiofile/pull/26

Fixes:
http://autobuild.buildroot.net/results/e95/e959e703a8db81032da27bece295c121e53d830d/
http://autobuild.buildroot.net/results/10b/10bd00209f098e8782016355cb2f46d1d3e7d3a3/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-11-26 07:14:59 +01:00
André Hentschel
616adb2e44 audiofile: Add hash file
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-12 23:45:36 +01:00
Maxime Hadjinlian
05a710e0d5 packages/*.mk: Remove duplicate options
These flags are already defined in pkg-autotools.mk.
There is no need to have them twice.

[Thomas: restore += instead of = in the opus package, as suggested by
Yann E. Morin.]

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-19 11:42:36 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Thomas De Schampheleire
66bb10b7b0 Config.in files: unify comments of toolchain option dependencies
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-14 22:45:57 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
5ee57c60ce audiofile: regenerate configure to fix issues
Audiofile's shipped configure script is outdated so regenerate to fix
issues like:
http://autobuild.buildroot.net/results/659fd28b0a3fa15ecd1b32e8a08dd441465459c1/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-05 21:01:56 +02:00
Gustavo Zacarias
61aa05cc89 audiofile: bump to version 0.3.6
Now with FLAC support.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-19 17:05:36 +01:00
Peter Korsgaard
045603fd65 audiofile: fix license
Somehow this didn't get committed in 1eb9845ad6 (add license information)

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-22 08:44:52 +01:00
Gustavo Zacarias
1eb9845ad6 audiofile: add license information
[Peter: License is GPLv2+ LGPLv2+]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-01-21 23:46:33 +01:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
50ed5342a1 audiofile: bump to version 0.3.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-23 22:26:00 +02:00
Gustavo Zacarias
5d6f32878f package/multimedia: move audio libraries out
Move audio libraries out of the Audio and Video category into the
Libraries/Audio one.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-05 23:41:11 +02:00