libsndfile: Security Advisory - libsndfile - CVE-2014-9496

Backport two commits from libsndfile upstream to fix a segfault and two potential buffer overflows. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Yue Tao <Yue.Tao@windriver.com> 2015-06-05 15:48:15 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-06-08 17:32:45 +0100
commit: 9907e20868397a9823cc1e755ee1b697da6be2f3 (patch)
tree: fddc31a7d9b7b04266ebd18e6ea09dfc5b6cdae8 /meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
parent: 8cc63ea7e1e4838988f61bdedf395d8f5f328450 (diff)
download: openembedded-core-contrib-9907e20868397a9823cc1e755ee1b697da6be2f3.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
index 924629873e..3e02f4ea78 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
@@ -6,7 +6,10 @@ SECTION = "libs/multimedia"
 LICENSE = "LGPLv2.1"
 PR = "r2"
 
-SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz"
+SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
+           file://0001-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch \
+           file://0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch \
+"
 
 SRC_URI[md5sum] = "e2b7bb637e01022c7d20f95f9c3990a2"
 SRC_URI[sha256sum] = "59016dbd326abe7e2366ded5c344c853829bebfd1702ef26a07ef662d6aa4882"
author	Yue Tao <Yue.Tao@windriver.com>	2015-06-05 15:48:15 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-08 17:32:45 +0100
commit	9907e20868397a9823cc1e755ee1b697da6be2f3 (patch)
tree	fddc31a7d9b7b04266ebd18e6ea09dfc5b6cdae8 /meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
parent	8cc63ea7e1e4838988f61bdedf395d8f5f328450 (diff)
download	openembedded-core-contrib-9907e20868397a9823cc1e755ee1b697da6be2f3.tar.gz