From 5a4b8f7f643a4b95a7036eab02c7f74aa4077982 Mon Sep 17 00:00:00 2001 From: Tanu Kaskinen Date: Sat, 12 Dec 2015 04:23:12 +0200 Subject: libsndfile1: 1.0.25 -> 1.0.26 Main points from the release announcement: * Fix for CVE-2014-9496, SD2 buffer read overflow. * Fix for CVE-2014-9756, file_io.c divide by zero. * Fix for CVE-2015-7805, AIFF heap write overflow. * Add support for ALAC encoder in a CAF container. * Add support for Cart chunks in WAV files. * Minor bug fixes and improvements. All patches we had are included in the new release. Dropped PR from the recipe. Signed-off-by: Tanu Kaskinen Signed-off-by: Ross Burton --- .../files/libsndfile-fix-CVE-2014-9756.patch | 24 ---------------------- 1 file changed, 24 deletions(-) delete mode 100644 meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch (limited to 'meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch') diff --git a/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch b/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch deleted file mode 100644 index b54b3ba669..0000000000 --- a/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch +++ /dev/null @@ -1,24 +0,0 @@ -src/file_io.c : Prevent potential divide-by-zero. - -Closes: https://github.com/erikd/libsndfile/issues/92 - -Upstream-Status: Backport - -Fixes CVE-2014-9756 - -Signed-off-by: Erik de Castro Lopo -Signed-off-by: Maxin B. John ---- -diff -Naur libsndfile-1.0.25-orig/src/file_io.c libsndfile-1.0.25/src/file_io.c ---- libsndfile-1.0.25-orig/src/file_io.c 2011-01-19 12:12:28.000000000 +0200 -+++ libsndfile-1.0.25/src/file_io.c 2015-11-04 15:02:04.337395618 +0200 -@@ -358,6 +358,9 @@ - { sf_count_t total = 0 ; - ssize_t count ; - -+ if (bytes == 0 || items == 0) -+ return 0 ; -+ - if (psf->virtual_io) - return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ; - -- cgit 1.2.3-korg