Commit Graph

55 Commits

Author SHA1 Message Date
Peter Korsgaard
474daa20f8 mpg123: security bump to version 1.25.2
>From the release notes:

 - Extend pow tables for layer III to properly handle files with i-stereo and
   5-bit scalefactors. Never observed them for real, just as fuzzed input to
   trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
   calling remote denial of service. While the accesses are out of bounds for
   the pow tables, they still are safely within libmpg123's memory (other
   static tables). Just wrong values are used for computation, no actual crash
   unless you use something like GCC's AddressSanitizer, nor any information
   disclosure.
 - Avoid left-shifts of negative integers in layer I decoding.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-11 21:31:07 +02:00
Peter Korsgaard
b3a0afd47f mpg123: security bump to version 1.25.1
>From the release notes:

- Avoid memset(NULL, 0, 0) to calm down the paranoid.

- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
  offset from the frame flag bytes (unnoticed in practice for a long time).
  Fuzzers are in the house again.  This one got CVE-2017-10683.

  https://sourceforge.net/p/mpg123/bugs/252/

- Avoid a mostly harmless conditional jump depending on uninitialised
  fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.

- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
  never right in theory).  Code might be a bit faster now, even.  Thanks to
  Agostino Sarubbo for reporting.

dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 21:59:51 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Gustavo Zacarias
ac5fa840df mpg123: security bump to version 1.23.8
Fixes an out-of-bounds memory read in the ID3v2 parser for tags that
claim an unrealistically small length. This crashes mpg123 or any
application using libmpg123 with activated ID3v2 parsing.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-27 16:59:40 +02:00
Gustavo Zacarias
4e5618998f mpg123: bump to version 1.23.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-09-25 23:13:30 +02:00
Gustavo Zacarias
dcd8f6759b mpg123: bump to version 1.23.6
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-01 00:01:34 +02:00
Gustavo Zacarias
0774798591 mpg123: bump to version 1.23.5
Drop upstreamed patch and related autoreconf.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-26 22:25:02 +02:00
Peter Korsgaard
577021e81b Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-01 17:55:16 +02:00
Peter Korsgaard
f9419d752d mpg123: unbreak static linking with alsa/portaudio
Fixes:
http://autobuild.buildroot.org/results/b2b/b2bc143fbd0b34e75a44af41ab6899dd9fa3c21a/
http://autobuild.buildroot.org/results/60d/60d56b0a75d209f2cfeff0727c2f900abc89d263/
http://autobuild.buildroot.org/results/6a8/6a8729ce69055821fdf0b91adcea2ea201d40189/

And many more.

A recent upstream build system change caused LIBS to be ignored at build
time (but still used a configure time), causing our static linking
workarounds to no longer work.

Fix it by adding a patch to cause it to no longer ignore LIBS.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-25 07:44:46 +02:00
Gustavo Zacarias
8af0f65ab8 mpg123: bump to version 1.23.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-15 21:39:22 +02:00
Gustavo Zacarias
61c433b321 mpg123: bump to version 1.23.3
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-25 23:00:09 +01:00
Bernd Kuhls
8dc1095108 package/mpg123: fix static linking issue with alsa
As opposed to the other audio backends, the configure script does NOT
use pkg-config to figure out how to link with alsa, breaking static
linking as alsa uses pthreads.

This patch uses the same fix from Peter used for portaudio:
http://git.buildroot.net/buildroot/commit/package/mpg123/mpg123.mk?id=dea306c78b5d4c571555c50512e212a725b594b9

Fixes
http://autobuild.buildroot.net/results/796/79613fda3f51e969ecd46ae1151bd4c3316639c3/
http://autobuild.buildroot.net/results/b0a/b0a99ff1516602ed42c0cc14d9d2922a01cdf88f/
http://autobuild.buildroot.net/results/5bd/5bdfd2aa9de568d0f7be27ffb18d4541b0e1be0c/
and many others

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-08 14:31:21 +01:00
Gustavo Zacarias
97da7c5521 mpg123: bump to version 1.22.4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-02 21:51:05 +02:00
Arnout Vandecappelle
3d1530f467 mpg123: replace $(shell ...) call with $(subst ...)
There's no reason to use a shell here.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-15 00:42:01 +02:00
Arnout Vandecappelle
7d69a79624 packages: use backtick instead of $(shell ...) make function
It is often difficult to know exactly when make will expand the
variable, and usually it can only be expanded after the dependencies
have been built (e.g. pkg-config or the .pc file). Using a backtick
instead makes it very clear that it will be expanded only while
executing the command.

This change is useful for two cases:

1. The per-package staging (and host) directory will be created as part
   of the configure step, so any $(shell ...) variable that is used in
   the configure step will fail because the directory doesn't exist
   yet.

2. 'make printvars' evaluates the variables it prints. It will therefore
   trigger a lot of errors from missing .pc files and others. The
   backticks, on the other hand, are not expanded, so with this change
   the output of 'make printvars' becomes clean again.

This commit contains only the easy changes: replace $(shell ...) with
`...`, and also replace ' with " where needed. Follow-up commits will
tackle the more complicated cases that need additional explanation.

After this change, the following instances of $(shell ...) will remain:

- All assignments that use :=
- All variables that are used in make conditionals (which don't expand
  the backticks).
- All variables that only refer to system executables and make
  variables that don't change.
- The calls to check-host-* in dependencies.mk, because it is eval'ed.

[Original patch by Fabio Porcedda, but extended quite a bit by Arnout.]

Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-15 00:42:01 +02:00
Gustavo Zacarias
74d585b49c mpg123: bump to version 1.22.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-02 22:45:02 +02:00
Peter Korsgaard
dea306c78b portaudio: fix static linking issue with portaudio
Fixes:
http://autobuild.buildroot.net/results/25f/25f8088ecb276ff4559a56fcc4f1b92d11f7deac/

As opposed to the other audio backends, the configure script does NOT use
pkg-config to figure out how to link with portaudio, breaking static linking
as portaudio uses pthreads.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-22 00:00:05 +02:00
Gustavo Zacarias
757e9c4c2a package: kill pointless text justification
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-23 09:47:08 +02:00
Gustavo Zacarias
b776b78bcf mpg123: bump to version 1.22.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-04-02 21:51:06 +02:00
Gustavo Zacarias
bcd353d690 mpg123: bump to version 1.22.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-25 17:15:34 +01:00
Peter Korsgaard
43f8623696 mpg123: needs host-pkgconf
SDL detection is done using pkg-config.

Fixes http://autobuild.buildroot.net/results/437/437f408122d7f21420a7cdc9758caf0ab1ba877d/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-28 10:43:43 +01:00
Gustavo Zacarias
d634737592 mpg132: bump to version 1.21.0
Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-12 09:14:21 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Gustavo Zacarias
c7b13d6b2d mpg123: bump to version 1.20.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-18 13:56:31 +02:00
Peter Korsgaard
0d1f4cc5c3 mpg123: correct powerpc cpu variant selection
Fixes http://autobuild.buildroot.net/results/d8a/d8af8f991b4429cf06081ddf2f08043861842a50/

ppc_nofpu should (as the name indicates) only be used for powerpc.

It is not clear to me if this code works for powerpc64(le) as well, so this
is only selected for classic ppc32.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-02 13:29:11 +02:00
Thomas Petazzoni
1cf2c6ea93 mpg123: bump to 1.20.0, providing better optimizations for ARM and AArch64
As suggested by Gustavo, this patch bumps mpg123 to 1.20.0, and
therefore superseds the patch initially provided by Sven Neumann. In
1.20.0, there is a new CPU type arm_fpu, which will compile code for
both VFP and NEON, and choose at runtime which one to use.

Similarly for AArch64, the option --with-cpu=aarch64 will compile both
the NEON and generic decoders, and select at runtime which one to use.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-01 21:51:17 +02:00
Cody P Schafer
40e58dab0c powerpc: add BR2_POWERPC_CPU_HAS_ALTIVEC to replace adhoc deps/checks
Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-26 21:14:08 +02:00
Ryan Barnett
f0862592b3 mpg123: needs MMU
mpg123 needs MMU because the application that is built with this
package uses fork. Currently it is difficult to only build the
libraries for mpg123 so disabling the package all together when there
is no MMU support.

Note: mpg123 is an optional dependency of mpd but mpd already requires
BR2_USE_MMU so there is no need to add this as a dependency.

Fixes:
  http://autobuild.buildroot.net/results/5b0/5b053af566dd122ae7e58893e77d5d5f3070fb9e

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-22 21:56:57 +01:00
Gustavo Zacarias
f628dc41ab mpg132: bump to version 1.18.0
Fixes a couple of buffer overflows so it should be considered as a
security bump (no CVEs though).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-04 15:27:04 +01:00
Gustavo Zacarias
2194440bfd mpg123: bump to version 1.17.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-13 23:22:12 +01:00
Sven Neumann
73343f2135 mpg123: do not disable optimizations
It seems pointless to disable even the default optimizations.
If at all this should be made dependant on the values of the
BR2_OPTIMIZE variables.

Signed-off-by: Sven Neumann <neumann@teufel.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-22 23:34:14 +01:00
Axel Lin
334e4737df mpg123: bump to version 1.16.0
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-07 11:54:17 +02:00
Jérôme Pouiller
adf6511013 Remove multimedia subdirectory
Unless it was a group of sub-packages, packages was never regrouped by
category. multimedia/ was an exception to this rule.

This patch move packages/multimedia/ sub-directories to packages/. It
keeps two subdirectories for gstream 0.10 and gstreamer 1.X.

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-08 21:41:39 +02:00
Daniel Laird
76235a15b3 audio: Move all audio packages into audio subdir
Moved all audio packages into a subdir called audio.
I then created a Config.in and made sure that a audio.mk 
existed.

Daniel Laird
2008-09-05 12:06:50 +00:00
Peter Korsgaard
4683420c4c Kconfig: remove 'default n'
'default n' is the default, so there's no need to say it explicitly.
2008-07-17 20:01:44 +00:00
Bernhard Reutner-Fischer
14a71561a3 - just use the strip binary to avoid confusing libtool (quotes)
- use $(STRIPCMD) in packages to avoid clashes with $(STRIP)
2007-10-01 16:15:31 +00:00
Ulf Samuelsson
ca9f31b697 Use correct location of mpg123 binary 2007-09-23 14:24:13 +00:00
Ulf Samuelsson
e4b442f8d8 Remove renamed mpg123 patch 2007-08-28 19:36:40 +00:00
Ulf Samuelsson
456c9090b8 Remove mpg123 patch from current build, full removal pending 2007-08-28 18:18:10 +00:00
Bernhard Reutner-Fischer
6c6cb06709 - sed -i -e "/;$/s/;$//g" $(egrep ";$" package/* package/*/*.mk toolchain/* toolchain/*/*.mk */Makefile.in -l) 2007-08-21 19:20:18 +00:00
Ulf Samuelsson
e4ead9c13c Remove switches if sstrip is run 2007-08-21 01:53:57 +00:00
Ulf Samuelsson
cf55419b3f SED away some whitespace 2007-08-20 17:21:16 +00:00
Ulf Samuelsson
419cdf292e Revert bad patch of mpg123 2007-08-01 08:54:56 +00:00
Ulf Samuelsson
fc3fd8afd2 Use TARGET_CONFIGURE_ARGS in some packages lacking 2007-07-30 18:17:13 +00:00
Ulf Samuelsson
5de012b0c7 Bump version of mpg123,use configure, change site to Sourceforge 2007-07-28 17:05:38 +00:00
Peter Korsgaard
961229caf5 Cleanup, get rid of MPG123_WORKDIR, use $@, libmad not needed 2007-05-31 15:42:33 +00:00
Bernhard Reutner-Fischer
ef3aec0bb0 - forgot to add the cross patch. 2006-12-14 16:03:40 +00:00
Bernhard Reutner-Fischer
e0f08154bf - Ulrich Hecht writes: The current mpg123 package
- ignores TARGET_CC (overwritten in Makefile)
- ignores TARGET_CFLAGS
- is hardcoded to use the i386 target
2006-12-14 15:55:33 +00:00
Bernhard Reutner-Fischer
6e2823c1fa - add and use BR2_BZCAT config option. 2006-11-17 15:43:51 +00:00
Eric Andersen
d06645d8ed There is no need to have a separate 'Makefile.in' file in the
general case, therefore, combine the toplevel Makefile options
such as setting TARGETS into the per-package *.mk file
2005-02-10 03:06:39 +00:00