diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-multimedia/libvorbis | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-multimedia/libvorbis')
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch | 20 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch | 15 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch | 62 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch | 42 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch | 13 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch | 100 | ||||
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb (renamed from poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb) | 12 |
7 files changed, 31 insertions, 233 deletions
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch index 7dad0cd8a5..b06029b98b 100644 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch @@ -1,4 +1,4 @@ -From 44b4511784f9b51c514dff4ceb3cbeaf9c374d08 Mon Sep 17 00:00:00 2001 +From d619ccf6c11ab574466914c57994a82fb99401af Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 22 Mar 2017 16:06:55 +0000 Subject: [PATCH] configure: Check for clang @@ -13,12 +13,12 @@ Upstream-Status: Pending 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac -index eddd02d..00ecba5 100644 +index 28b0a14..2d4e984 100644 --- a/configure.ac +++ b/configure.ac -@@ -93,6 +93,16 @@ AC_ARG_ENABLE(examples, - - AM_CONDITIONAL(BUILD_EXAMPLES, [test "x$enable_examples" = xyes]) +@@ -98,6 +98,16 @@ AC_ARG_ENABLE(examples, + + AM_CONDITIONAL(BUILD_EXAMPLES, [test "x$enable_examples" = xyes]) +AC_MSG_CHECKING([whether C compiler is clang]) +$CC -x c /dev/null -dM -E > conftest.txt 2>&1 @@ -33,9 +33,9 @@ index eddd02d..00ecba5 100644 dnl -------------------------------------------------- dnl Set build flags based on environment dnl -------------------------------------------------- -@@ -127,10 +137,15 @@ else +@@ -132,10 +142,15 @@ else AC_MSG_RESULT([$GCC_VERSION]) - case $host in + case $host in *86-*-linux*) + if test "$CC_CLANG" = "1"; then + ieeefp="" @@ -43,8 +43,8 @@ index eddd02d..00ecba5 100644 + ieefp="-mno-ieee-fp" + fi DEBUG="-g -Wall -Wextra -D_REENTRANT -D__NO_MATH_INLINES -fsigned-char" -- CFLAGS="-O3 -ffast-math -mno-ieee-fp -D_REENTRANT -fsigned-char" -+ CFLAGS="-O3 -ffast-math -D_REENTRANT -fsigned-char ${ieefp}" +- CFLAGS="-O3 -Wall -Wextra -ffast-math -mno-ieee-fp -D_REENTRANT -fsigned-char" ++ CFLAGS="-O3 -Wall -Wextra -ffast-math -D_REENTRANT -fsigned-char ${ieefp}" # PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math -D_REENTRANT -fsigned-char -fno-inline -static" - PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math -mno-ieee-fp -D_REENTRANT -fsigned-char -fno-inline" + PROFILE="-Wall -Wextra -pg -g -O3 -ffast-math ${ieefp} -D_REENTRANT -fsigned-char -fno-inline" @@ -52,5 +52,5 @@ index eddd02d..00ecba5 100644 # glibc < 2.1.3 has a serious FP bug in the math inline header # that will cripple Vorbis. Look to see if the magic FP stack -- -1.8.3.1 +2.17.0 diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch index 7564d92879..b7603c3b13 100644 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch @@ -3,14 +3,15 @@ From: Thomas Daede <daede003@umn.edu> Date: Wed, 9 May 2018 14:56:59 -0700 Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. -CVE: CVE-2017-14160 -CVE: CVE-2018-10393 -Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 +--- +CVE: CVE-2017-14160 CVE-2018-10393 + +Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/018ca26d...] -Signed-off-by: Thomas Daede <daede003@umn.edu> -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- --- - lib/psy.c | 3 ++- + lib/psy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/psy.c b/lib/psy.c @@ -29,5 +30,5 @@ index 422c6f1..1310123 100644 tN = N[hi] + N[-lo]; tX = X[hi] - X[-lo]; -- -2.7.4 +1.7.9.5 diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch deleted file mode 100644 index 4036b966fe..0000000000 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> -Date: Wed, 15 Nov 2017 18:22:59 +0100 -Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb - if not initialized - -If the number of channels is not within the allowed range -we call oggback_writeclear altough it's not initialized yet. - -This fixes - - =23371== Invalid free() / delete / delete[] / realloc() - ==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530) - ==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2) - ==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652) - ==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) - ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x10D82A: open_output_file (sox.c:1556) - ==23371== by 0x10D82A: process (sox.c:1753) - ==23371== by 0x10D82A: main (sox.c:3012) - ==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd - ==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) - ==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) - ==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) - ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x10D82A: open_output_file (sox.c:1556) - ==23371== by 0x10D82A: process (sox.c:1753) - ==23371== by 0x10D82A: main (sox.c:3012) - -as seen when using the testcase from CVE-2017-11333 with -008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was -there before. - -Upstream-Status: Backport -CVE: CVE-2017-14632 - -Reference to upstream patch: -https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f - -Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> ---- - lib/info.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/info.c b/lib/info.c -index 81b7557..4d82568 100644 ---- a/lib/info.c -+++ b/lib/info.c -@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, - private_state *b=v->backend_state; - - if(!b||vi->channels<=0||vi->channels>256){ -+ b = NULL; - ret=OV_EFAULT; - goto err_out; - } --- -2.16.2 - diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch deleted file mode 100644 index 9c9e688d43..0000000000 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> -Date: Tue, 31 Oct 2017 18:32:46 +0100 -Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels - -Otherwise - - for(i=0;i<vi->channels;i++){ - /* the encoder setup assumes that all the modes used by any - specific bitrate tweaking use the same floor */ - int submap=info->chmuxlist[i]; - -overreads later in mapping0_forward since chmuxlist is a fixed array of -256 elements max. - -Upstream-Status: Backport -CVE: CVE-2017-14633 - -Reference to upstream patch: -https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f - -Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> ---- - lib/info.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/info.c b/lib/info.c -index e447a0c..81b7557 100644 ---- a/lib/info.c -+++ b/lib/info.c -@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, - oggpack_buffer opb; - private_state *b=v->backend_state; - -- if(!b||vi->channels<=0){ -+ if(!b||vi->channels<=0||vi->channels>256){ - ret=OV_EFAULT; - goto err_out; - } --- -2.16.2 - diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch index f1ef6fb9c7..b7936b4b4d 100644 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -4,14 +4,19 @@ Date: Thu, 17 May 2018 16:19:19 -0700 Subject: [PATCH] Sanity check number of channels in setup. Fixes #2335. + +--- CVE: CVE-2018-10392 -Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b] -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/112d3bd...] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> --- - lib/vorbisenc.c | 1 + + + lib/vorbisenc.c | 1 + 1 file changed, 1 insertion(+) + diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c index 4fc7b62..64a51b5 100644 --- a/lib/vorbisenc.c @@ -25,5 +30,5 @@ index 4fc7b62..64a51b5 100644 /* too low/high an ATH floater is nonsensical, but doesn't break anything */ -- -2.13.3 +1.7.9.5 diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch deleted file mode 100644 index 6d4052a872..0000000000 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001 -From: Thomas Daede <daede003@umn.edu> -Date: Thu, 15 Mar 2018 14:15:31 -0700 -Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook - decoding. - -Codebooks that are not an exact divisor of the partition size are now -truncated to fit within the partition. - -Upstream-Status: Backport -CVE: CVE-2018-5146 - -Reference to upstream patch: -https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f - -Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> ---- - lib/codebook.c | 48 ++++++++++-------------------------------------- - 1 file changed, 10 insertions(+), 38 deletions(-) - -diff --git a/lib/codebook.c b/lib/codebook.c -index 8b766e8..7022fd2 100644 ---- a/lib/codebook.c -+++ b/lib/codebook.c -@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float *a,oggpack_buffer *b,int n){ - t[i] = book->valuelist+entry[i]*book->dim; - } - for(i=0,o=0;i<book->dim;i++,o+=step) -- for (j=0;j<step;j++) -+ for (j=0;o+j<n && j<step;j++) - a[o+j]+=t[j][i]; - } - return(0); -@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *book,float *a,oggpack_buffer *b,int n){ - int i,j,entry; - float *t; - -- if(book->dim>8){ -- for(i=0;i<n;){ -- entry = decode_packed_entry_number(book,b); -- if(entry==-1)return(-1); -- t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;) -- a[i++]+=t[j++]; -- } -- }else{ -- for(i=0;i<n;){ -- entry = decode_packed_entry_number(book,b); -- if(entry==-1)return(-1); -- t = book->valuelist+entry*book->dim; -- j=0; -- switch((int)book->dim){ -- case 8: -- a[i++]+=t[j++]; -- case 7: -- a[i++]+=t[j++]; -- case 6: -- a[i++]+=t[j++]; -- case 5: -- a[i++]+=t[j++]; -- case 4: -- a[i++]+=t[j++]; -- case 3: -- a[i++]+=t[j++]; -- case 2: -- a[i++]+=t[j++]; -- case 1: -- a[i++]+=t[j++]; -- case 0: -- break; -- } -- } -+ for(i=0;i<n;){ -+ entry = decode_packed_entry_number(book,b); -+ if(entry==-1)return(-1); -+ t = book->valuelist+entry*book->dim; -+ for(j=0;i<n && j<book->dim;) -+ a[i++]+=t[j++]; - } - } - return(0); -@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float **a,long offset,int ch, - long i,j,entry; - int chptr=0; - if(book->used_entries>0){ -- for(i=offset/ch;i<(offset+n)/ch;){ -+ int m=(offset+n)/ch; -+ for(i=offset/ch;i<m;){ - entry = decode_packed_entry_number(book,b); - if(entry==-1)return(-1); - { - const float *t = book->valuelist+entry*book->dim; -- for (j=0;j<book->dim;j++){ -+ for (j=0;i<m && j<book->dim;j++){ - a[chptr++][i]+=t[j]; - if(chptr==ch){ - chptr=0; --- -2.16.2 - diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb index 615b53963b..cbda6dc2fc 100644 --- a/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis_1.3.6.bb @@ -6,20 +6,16 @@ HOMEPAGE = "http://www.vorbis.com/" BUGTRACKER = "https://trac.xiph.org" SECTION = "libs" LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ +LIC_FILES_CHKSUM = "file://COPYING;md5=70c7063491d2d9f76a098d62ed5134f1 \ file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" DEPENDS = "libogg" -PR = "r1" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ - file://CVE-2017-14633.patch \ - file://CVE-2017-14632.patch \ - file://CVE-2018-5146.patch \ - file://CVE-2017-14160.patch \ file://CVE-2018-10392.patch \ + file://CVE-2017-14160.patch \ " -SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" -SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" +SRC_URI[md5sum] = "b7d1692f275c73e7833ed1cc2697cd65" +SRC_URI[sha256sum] = "af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415" inherit autotools pkgconfig |