From patchwork Fri Nov 14 08:24:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E27FCCDE027 for ; Fri, 14 Nov 2025 08:24:57 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13340.1763108692938912596 for ; Fri, 14 Nov 2025 00:24:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XGyGeDQW; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4710022571cso16244745e9.3 for ; Fri, 14 Nov 2025 00:24:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763108691; x=1763713491; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=ZIv/AQLux7cPUndlYw6C653mG7zEpYxpa16l/BL7F/k=; b=XGyGeDQWSgJJxb7/Ht08QCXMPjp5Vhb8zyQhkHxSZHQYs7LkLtc1NI7EZCTJ+b9j0L r4zYLt9TZmLYZh5wZyycU6HYta9HTW+SP+5h/85P1+kYtW///yUuhgRc4yh8/FmFwviN MvXpT/M7ErrZklp6fOAvebV6x6zBE+/QmXPsnfM6++6jkvecgyVJpNBQnBVIY4u2ldJy Ce2K6ptNF3uj/N7/XT3gY/Cor4f1TzVl176Hu4FUpkOMLGyc6MALZu5WfG3/+t3HtN0K Zqma1eFkvEKjNdgvZgf0KWqD+nv4ezGC2mQlDVd0SdPKwyP+kmkqrbdS3QXicxdkpfbz l6Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763108691; x=1763713491; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZIv/AQLux7cPUndlYw6C653mG7zEpYxpa16l/BL7F/k=; b=BDXbhfp7JI7gFQ66aogSLf5DmXtWHRzDUkmR35Dr+28bIUtrFbH4zf9Fy2v/gwKPXA OpqWwuWsRyOBI90ZNYSaI+uZGIAZMw2cx9H5aqlY25izshXjxiAYF7UDaT3ZPwA6q2Iz l8YmJ37i/cnTVZkWKlXo8j/0iOOtVQ/iTkN3jex0lHnKxL3r6douwG2787POgFkzwmKm 5xaJVKgEtJqzJLvg2axoDlLVjOYsUwi+Gx9ckzk0UCtk+XhkfqT1ZGcLOh0X1MBbWti6 4/NhkVZIiACA2ew//+eRfVAobzsv3Jys63B3XK+quLBic3/8f4I8QhSyPJ4d3xgdTM1n EYdg== X-Gm-Message-State: AOJu0YycYU6Is1BPcxeCa3qgVght5LrJXJxhxQ9Tn/i/tMRR88/XG4vZ eWMpVHkIVCwNn21CQY1rNsrL1OoL5IH0l855qBT9km8psFtjFn28NmvG0wxbXwRI X-Gm-Gg: ASbGnctSHiuaKdF+jpAZ7P5EXYDku9JGJjmUD2LlzYG/Ql7jtlF9W2mcOQhXZgkJ8kx YdtwR9lUHkFJUJ4/63KT6H79xSFPMboLtfMSlqGTwrG9zYLihoCoUvRx5oZ4BS3HBWwNBvGsuUu xSlG0RG0WsnfvRg/bR6HOoYgk/m29o0PHI0Od0kxXCk7THuxKrpkkNn4+k1L9fgwbixUBuP+4PK A2sG72cPOLjiZsxhiQXpVKNFa0K9/1Nom6SEWEC1QoPPpSaQ+lWyQuapKSUitytcNiYiA0d+D4r 8iqarpnnrxz976tsP73sf9NNp0OzZQgcFqfLDQ+Py+WxIklbdDFjA0AOP8m8wjnEb08tftRnPV7 sQbIks/mAS1PLIw7/ojqGUok/Tx/a/0eApSdM+5BpimQeF+EVEN+IC138h3qgMLiOJR+mhMz3hA == X-Google-Smtp-Source: AGHT+IHqiYve8X/HDOZHpI0euKNPcAU2gtc4iNtvXZwael/Iexv6NEgxUXs9fFghwGWPn8d4p9inZQ== X-Received: by 2002:a05:600c:1d20:b0:477:7a1a:4b79 with SMTP id 5b1f17b1804b1-4778feaaeb3mr17934545e9.37.1763108691190; Fri, 14 Nov 2025 00:24:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4778f247821sm53838325e9.5.2025.11.14.00.24.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 00:24:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v3 1/5] audiofile: patch CVE-2019-13147 and CVE-2022-24599 Date: Fri, 14 Nov 2025 09:24:46 +0100 Message-ID: <20251114082450.2720967-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 08:24:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121694 Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147 https://nvd.nist.gov/vuln/detail/CVE-2022-24599 These patches are used by opensuse to mitigate the corresponding vulnerabulities. Signed-off-by: Gyorgy Sarvari --- v2: no change v3: no change .../audiofile/audiofile_0.3.6.bb | 2 + .../audiofile/files/CVE-2019-13147.patch | 31 ++++++++++++ .../audiofile/files/CVE-2022-24599.patch | 50 +++++++++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb index 50df31c7b9..fd80729bd2 100644 --- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb +++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb @@ -18,6 +18,8 @@ SRC_URI = " \ file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \ file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \ file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \ + file://CVE-2019-13147.patch \ + file://CVE-2022-24599.patch \ " SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782" diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch b/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch new file mode 100644 index 0000000000..19f6892f69 --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch @@ -0,0 +1,31 @@ +This patch is taken from opensuse: +https://build.opensuse.org/package/show/multimedia:libs/audiofile + +CVE: CVE-2019-13147 +Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30] +Signed-off-by: Gyorgy Sarvari + +diff --unified --recursive --text --new-file --color audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp +--- audiofile-0.3.6/libaudiofile/NeXT.cpp 2013-03-06 13:30:03.000000000 +0800 ++++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp 2025-05-14 10:45:11.685700984 +0800 +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + #include "File.h" + #include "Setup.h" +@@ -122,6 +123,12 @@ + _af_error(AF_BAD_CHANNELS, "invalid file with 0 channels"); + return AF_FAIL; + } ++ /* avoid overflow of INT for double size rate */ ++ if (channelCount > (INT32_MAX / (sizeof(double)))) ++ { ++ _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount); ++ return AF_FAIL; ++ } + + Track *track = allocateTrack(); + if (!track) diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch b/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch new file mode 100644 index 0000000000..9214d80172 --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch @@ -0,0 +1,50 @@ +This patch is taken from opensuse: +https://build.opensuse.org/package/show/multimedia:libs/audiofile + +CVE: CVE-2022-24599 +Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30] +Signed-off-by: Gyorgy Sarvari + +diff --unified --recursive --text --new-file --color audiofile-0.3.6.old/sfcommands/printinfo.c audiofile-0.3.6.new/sfcommands/printinfo.c +--- audiofile-0.3.6.old/sfcommands/printinfo.c 2013-03-06 13:30:03.000000000 +0800 ++++ audiofile-0.3.6.new/sfcommands/printinfo.c 2025-04-30 15:18:24.778177640 +0800 +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + + static char *copyrightstring (AFfilehandle file); + +@@ -147,7 +148,11 @@ + int i, misccount; + + misccount = afGetMiscIDs(file, NULL); +- miscids = (int *) malloc(sizeof (int) * misccount); ++ if (!misccount) ++ return NULL; ++ miscids = (int *)calloc(misccount, sizeof(int)); ++ if (!miscids) ++ return NULL; + afGetMiscIDs(file, miscids); + + for (i=0; i= INT_MAX - 1) ++ goto error; ++ char *data = (char *)calloc(datasize + 1, sizeof(char)); + afReadMisc(file, miscids[i], data, datasize); + copyright = data; + break; + } + ++error: + free(miscids); + + return copyright; From patchwork Fri Nov 14 08:24:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEB13CDE02A for ; Fri, 14 Nov 2025 08:24:57 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13529.1763108693579322012 for ; Fri, 14 Nov 2025 00:24:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HjgqQ7R5; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-42b3ad51fecso1352044f8f.1 for ; Fri, 14 Nov 2025 00:24:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763108692; x=1763713492; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1tVPtj+ZJiOx2gPhoAYFaXwWaOAyhqutzo/vztUKtxI=; b=HjgqQ7R5Y+pJBj7qyBq9U/PEBhuJsS+KeAZDe5Cwx3x0Cktbic4rXpTSZHeZE/COHd BBr6mpb+vSDrmDcW6QmyBMzkeioVwvzUsuDkNd2rplnzhxGJ3A7Op3Z0IB/uSqnMRaRh vj8kLK/X9AvdmeS0c2IYpmH/i3cXtk8JLc4cBRLwkwvz5uEB105uStWBtVT0XagSWIwO L9+OwL0yiMM4d/pQfzJjsX9Qc0J471RyF70QjUWrjqx7EsKpeL+DgHBBIReCt6GKoWMM wEOqYW0C8T3Rd4+lyKf+9c3Hf+CEXDMc3hvLMZakqD5a9RzqaELOnsasc3wNJJxDFeF1 qtGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763108692; x=1763713492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1tVPtj+ZJiOx2gPhoAYFaXwWaOAyhqutzo/vztUKtxI=; b=NyqRdrTglCv2eE1aIGVg8TjZdMzqKdZQTWO+5+EBvsI+DkJskqJQa7MCzy3imsSlwz MUGWR1yaAcFCOVlv5G5fwNDnWWyA9eLLcliZyxwRo2yuIBFucKMATCjmlQgNuIbaKQA7 CQV5PEaVaRiAhNnyord8u/YPUJlcTFEBy+KKCV9PeSfx1UHhaxZ/lGfZVGdC/qeKDIGo ZN+dQFAfgT1ZO1SVjBue/B6z5qvLQMmpfhjz0V3bRQkWqjfEQRScP5//2q30p+DI3JUJ +dFlJ0lHUvkZGVhV23Bab35PA4cQIw7mZJE0Y7laY45qvYOagJ1udYZG+Q0m6BZU83vM X9Zw== X-Gm-Message-State: AOJu0Yx9kyhJtTcV0xkKqeRKor7rS1ReGxZqwHV0XZOchwfarommvKlN jknUo3skze3lbs70GnHlxxilLkz005xmhWazhRiDVv8EYN+2xTFeZMEUXe10Dvmo X-Gm-Gg: ASbGncshHx+SE0tCx1oGstmVapUNharlbnEH7AWllcGYZjgFsMsPg96dOXegOhPG1Na YWUjdV2hI7eCLRbuxDSU3cmBUSuBCv+UkKwnxU1ktJR9b8CrG4FDEXYNxJ2acOxxTxXITtAXcW5 myFtTCGOB+uObiJoT0NrF2S8BlncMH1TyNx6rjjSUp751EyjEdYY1ia5VOXv47X2Af3UDAIfieM YM6WnwVythSUGQfuiUtaC1xwFAZbFvLQzHbhqtTatBes8Z0dQ2PhqG3KNxky+7AAJGgNe0Pihwn +iKK2pxXnEM5SoYpHanit6lHlg3YiAwRKRjSDVtIZZe09KKID0huBvan9VNJwlR22ulWKWsoGPw M4jFkkspYNaLRU7y9Uz+euIOWzTf3ZHWdZzFefQETDdLnjgWIawUut8UxZD6PxleZAigVjmfvqw == X-Google-Smtp-Source: AGHT+IEzoRiBNcQVy7b3xXj3j4bI/F1A3jxGhVf1IO6Xml5+nEx9W/ANHgJ9bGjaKdB1YcQz6++XVw== X-Received: by 2002:a05:600c:4752:b0:46f:b42e:ed87 with SMTP id 5b1f17b1804b1-4778feabe57mr15799165e9.40.1763108691794; Fri, 14 Nov 2025 00:24:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4778f247821sm53838325e9.5.2025.11.14.00.24.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 00:24:51 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v3 2/5] audiofile: add ptest support Date: Fri, 14 Nov 2025 09:24:47 +0100 Message-ID: <20251114082450.2720967-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114082450.2720967-1-skandigraun@gmail.com> References: <20251114082450.2720967-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 08:24:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121695 It's under 15 seconds to execute it. Signed-off-by: Gyorgy Sarvari --- v2: removed trailing whitespace from run-ptest script v3: no change .../include/ptest-packagelists-meta-oe.inc | 1 + .../audiofile/audiofile_0.3.6.bb | 18 +++++++++++++++++- .../audiofile/files/run-ptest | 14 ++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/run-ptest diff --git a/meta-oe/conf/include/ptest-packagelists-meta-oe.inc b/meta-oe/conf/include/ptest-packagelists-meta-oe.inc index 1d5932c315..96e0d87bd4 100644 --- a/meta-oe/conf/include/ptest-packagelists-meta-oe.inc +++ b/meta-oe/conf/include/ptest-packagelists-meta-oe.inc @@ -8,6 +8,7 @@ # ptests which take less than ~30s each PTESTS_FAST_META_OE = "\ asio \ + audiofile \ cli11 \ cmocka \ cunit \ diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb index fd80729bd2..f734a41dfc 100644 --- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb +++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = " \ ${GNOME_MIRROR}/audiofile/0.3/${BP}.tar.xz \ + file://run-ptest \ file://0001-fix-negative-shift-constants.patch \ file://0002-fix-build-on-gcc6.patch \ file://0003-fix-CVE-2015-7747.patch \ @@ -23,7 +24,7 @@ SRC_URI = " \ " SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782" -inherit autotools lib_package pkgconfig +inherit autotools lib_package pkgconfig ptest CXXFLAGS += "-std=c++14" @@ -33,3 +34,18 @@ DEPENDS = " \ libogg \ flac \ " + +do_compile_ptest(){ + oe_runmake -C gtest libgtest.la + cd test + # Query the TESTS variable value, remove the $(...) parts from it, + # compile as make target along with FLAC (which is an optional test) + oe_runmake `make -p | grep "^TESTS = " | sed 's/$([^)]*)//g' | cut -d= -f2` FLAC +} + +do_install_ptest(){ + install -d ${D}${PTEST_PATH}/test + for t in test/.libs/*; do + install $t ${D}${PTEST_PATH}/test/ + done +} diff --git a/meta-oe/recipes-multimedia/audiofile/files/run-ptest b/meta-oe/recipes-multimedia/audiofile/files/run-ptest new file mode 100644 index 0000000000..4e41ef3cda --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/run-ptest @@ -0,0 +1,14 @@ +#!/bin/sh + +RES=0 +cd test +for t in *; do + if ./$t; then + echo PASS: $t + else + echo FAIL: $t + RES=1 + fi +done + +exit $RES From patchwork Fri Nov 14 08:24:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEB68CDE02F for ; Fri, 14 Nov 2025 08:24:57 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13530.1763108694129730709 for ; Fri, 14 Nov 2025 00:24:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=a4sPR2e6; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so18788945e9.1 for ; Fri, 14 Nov 2025 00:24:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763108692; x=1763713492; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eabQXPSIesa9YAPEomivrFrSw55M1dPcM9oPHGwpng0=; b=a4sPR2e6v0oWzHesL9n7876SBQ5yGT4iwiXZW++qAc5W6CIawJOLVcDNk3z9HFyBIO XoIIiM4OsBvswcUVNvFlgGzB5q/wLlMzIICI/aGCpoIhbqyTMVaIkFglQPqA5uDWCvN6 gzwLG5K51qtpfjRGINxeO3Vcx/51A+enTq6mCwlcPFNWRvcNGzjgSYA0OPRmb8lwr9Kj Flr57bb8e5PDTZWc0vq9mewzre5n22VeHwDxSmHS/v8Y4pmkjN4lLSW0Uf3geAGlTVmZ 0Os4ov2FuGTyXrBMySHJnEHnVsbRpF0RD1YPO3pX+Wm3xH5ms8VuFlQphHdFFnpokA7w q6Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763108692; x=1763713492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eabQXPSIesa9YAPEomivrFrSw55M1dPcM9oPHGwpng0=; b=TvwbRZups2yOuB84zyoa6Iojlg+6D/99+rUKwu3GDKhJlV7dS68OKDOo7V+A4Fm1Dd p6wCSdWVDDWGxdWQzb19mlu13v2XVA45tSINdDijN2VVMzC2Uq2aQrWc0ztE3GVVBMYx 2aeK4LW/fXwXOykfPMf3QLpxyZl8Wjo8Rndah0O/uiTEOuWqt6V5dtGZpW3fJyCcRD9N vteaOF/LRJj3/XSNH0m/t8exv0Ezo/ynpX/0kHHw2y9464+PK6P5FNCd6unSh21r0CE3 OWvpEAzPx9w6byCiZrkROQ5QF6c7ggqLisTEl6ccoIjqvrZ0mJj482T4e0gSbRBQoed7 km+g== X-Gm-Message-State: AOJu0Yw4ew0enRMKXSjFjWxqSG0T0NBJ4RnPN0LwnGb6M6ToptbrA9/8 nWHPyqNR9J5w82lHl/R4NxKd4ReFHbrS0oBeEHSAUPlKYyLwkbRF7EggN6SFlIVW X-Gm-Gg: ASbGnct7SzJKnpMNbA853fPaCcgF9pKkGynQN3fR4LjjBLOOFrxN5Hs1zuNajyWjnga S9VK5dkbKTdMf0AUZ9+blsSXI5aZ3brMaZYjxpau84/YmfDxZuxp5+0FdWBceRjf8gKhEbTqTKA U7XvOR5l8/ClGchI8ervcAGZr4xjCoV6knKl3EyCebcX24EAf087IDrsLKvRr1cGV5Uee3bobKo NxBJVKySFXBJTe5qD7BKPF8iw0YySizX3v9bLBewMOUDuQRyTlsGkFzcSwv4YrkSdNOkD7aLT0b OkU2Y9Kg2oqZ+Sqb9Lm8LgcYutY8aAaqS8ZswTsk0gaR7fIdQQ2bq06zTSO/rOdkNSXfJAkW7MD OWyDV/ViiD9QuWK3y1hepwYw/Ddipy3CX/FiwTT9WRP+WCJ4GT5m1ZBcJlLJxF77rk8YlQHwggA == X-Google-Smtp-Source: AGHT+IHYJeQlKuZBOjMgrRetiERtfO1bCr69wY9pcj5h8i08RDtePA7DokIhiJUp3XqqxtuuSAkd3g== X-Received: by 2002:a05:600c:4505:b0:477:5c45:8100 with SMTP id 5b1f17b1804b1-4778fe9638dmr15520765e9.24.1763108692417; Fri, 14 Nov 2025 00:24:52 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4778f247821sm53838325e9.5.2025.11.14.00.24.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 00:24:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v3 3/5] audiofile: backport test for CVE-2015-7747 Date: Fri, 14 Nov 2025 09:24:48 +0100 Message-ID: <20251114082450.2720967-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114082450.2720967-1-skandigraun@gmail.com> References: <20251114082450.2720967-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 08:24:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121696 This is a backported patch from opensuse, which contains a testcase for CVE-2015-7747 (which is already patched in ths recipe, but not tested explicitly). Signed-off-by: Gyorgy Sarvari --- v2: no change v3: no change .../audiofile/audiofile_0.3.6.bb | 1 + .../files/test-for-CVE-2015-7747.patch | 166 ++++++++++++++++++ 2 files changed, 167 insertions(+) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb index f734a41dfc..b14b4792b3 100644 --- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb +++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb @@ -19,6 +19,7 @@ SRC_URI = " \ file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \ file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \ file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \ + file://test-for-CVE-2015-7747.patch \ file://CVE-2019-13147.patch \ file://CVE-2022-24599.patch \ " diff --git a/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch b/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch new file mode 100644 index 0000000000..a62cc7589b --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch @@ -0,0 +1,166 @@ +From 1debf51f3a89d44c0bd46e7bc45c07342087dd7c Mon Sep 17 00:00:00 2001 +From: Fabrizio Gennari +Date: Sun, 4 Oct 2015 01:14:00 +0200 +Subject: [PATCH 2/2] Add a test case for conversion of both sample format and + number of channels + +This patch contains the testcase backport to version 0.3.6. +Author: Stanislav Brabec + +https://bugzilla.novell.com/show_bug.cgi?id=949399#c7 + + +This patch is from opensuse, to verify a CVE fix: +https://build.opensuse.org/projects/multimedia:libs/packages/audiofile/files/audiofile-CVE-2015-7747.patch: + +Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30] +Signed-off-by: Gyorgy Sarvari +--- + test/Makefile.am | 2 + + test/sixteen-stereo-to-eight-mono.c | 118 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 120 insertions(+) + create mode 100644 test/sixteen-stereo-to-eight-mono.c + +diff --git a/test/Makefile.am b/test/Makefile.am +index 7bbf8e4..d311719 100644 +--- a/test/Makefile.am ++++ b/test/Makefile.am +@@ -27,6 +27,7 @@ TESTS = \ + VirtualFile \ + floatto24 \ + query2 \ ++ sixteen-stereo-to-eight-mono \ + sixteen-to-eight \ + testchannelmatrix \ + testdouble \ +@@ -143,6 +144,7 @@ printmarkers_SOURCES = printmarkers.c + printmarkers_LDADD = $(LIBAUDIOFILE) -lm + + sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h ++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h + + testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h + +diff --git a/test/sixteen-stereo-to-eight-mono.c b/test/sixteen-stereo-to-eight-mono.c +new file mode 100644 +index 0000000..0f14636 +--- /dev/null ++++ b/test/sixteen-stereo-to-eight-mono.c +@@ -0,0 +1,117 @@ ++/* ++ Audio File Library ++ ++ Copyright 2000, Silicon Graphics, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License along ++ with this program; if not, write to the Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++*/ ++ ++/* ++ sixteen-stereo-to-eight-mono.c ++ ++ This program tests the conversion from 2-channel 16-bit integers to ++ 1-channel 8-bit integers. ++*/ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++#include "TestUtilities.h" ++ ++int main (int argc, char **argv) ++{ ++ AFfilehandle file; ++ AFfilesetup setup; ++ int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921}; ++ int8_t frames8[] = {28, 6, -2}; ++ int i, frameCount = 3; ++ int8_t byte; ++ AFframecount result; ++ ++ setup = afNewFileSetup(); ++ ++ afInitFileFormat(setup, AF_FILE_WAVE); ++ ++ afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16); ++ afInitChannels(setup, AF_DEFAULT_TRACK, 2); ++ ++ char testFileName[PATH_MAX]; ++ if (!createTemporaryFile("sixteen-to-eight", testFileName)) ++ { ++ fprintf(stderr, "Could not create temporary file.\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ file = afOpenFile(testFileName, "w", setup); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for writing\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afFreeFileSetup(setup); ++ ++ afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount); ++ ++ afCloseFile(file); ++ ++ file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for reading\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8); ++ afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1); ++ ++ for (i=0; i X-Patchwork-Id: 74521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B617CDE031 for ; Fri, 14 Nov 2025 08:24:58 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13531.1763108694792309520 for ; Fri, 14 Nov 2025 00:24:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GhKEgEWY; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-477775d3728so17033305e9.2 for ; Fri, 14 Nov 2025 00:24:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763108693; x=1763713493; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MCf+ZAPnPOxpf0joqsQd7PqPXLfQk4+dFJMHo2No3VM=; b=GhKEgEWYm1BaXyU4hWLYjR/Dwop8cWS4CUWGe5Eg2XHT5CgRfv9NFMIH5oHzwj8VDV kY3mdqmQrz2hebRW/hnQ/7/7ERTlP/4ld+tcIwVQ0jet2ozpZPGbb45kvZKU/lBquW7W 4O3PppR/CUDUbEIp2OzO2cq7ElkSo95XfA5mPtA+uc6+PqPm2Gd6Cq32cMcEGVLqXTG/ qx6KOPatppfkCwxWVzkmRrDlcWRYaBqd/TrUA/8Qzkz6V95Xhx8sBqulJ5nnTbaBpdZY 9gh9WgsmduAfmGdJci5ZBIv9iOxA2CRE7qrr5mGN/FTWOpCf2sW/OpySkwCh948xeWXl ktlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763108693; x=1763713493; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MCf+ZAPnPOxpf0joqsQd7PqPXLfQk4+dFJMHo2No3VM=; b=oE0eePE0YY3PZV0iy3j9v0RgKiLOBnQvPb4hgfEpmW7QjngYxA/taxuQjhwVeu+gcB huOQccDac7DZkBqf5TU6+eZ94RLJyR13NY4ZUfaHkakfrXWouYnwJgY7iX+QZB2PAQqk yisnswA3iEcblNGohOSyU+ddmPcNxESXz2OCtywjRPpSIju5z3dscs7oy1eoGVS5rXv/ jJ1MQ3pIsmMbhpYgv578kJsenGKLv7LbcF2BAeR2hrKdIw7nPQSBfryUe2ihEdciY2W7 gn87Qj50OJMHjQSLRt7Aos0NXWIFmUIJp1yxAFTBSsv4dDHUsifsrUKM9nl9ibL2R3eN CaKQ== X-Gm-Message-State: AOJu0YziAclnxNWT09fPPpl/wRJdrPr8QP021xRLFpT2xJ8Gl/01SjYw oFfe6lL1ZEi3VWzV810ceCjR6HenH8FJr4sf4vckmSdxMF61HJHG8MMT/lEX4md6 X-Gm-Gg: ASbGncuXSbOqFHAgZhKlnsA2sVh0dLSXEDEiB4wM1hMfrTIQmGQuAFmcU9bJIz5vuxv sCMNC8Wm1ApfBF3diLDaTR2PxuKs14tYmWveaYHWZhrS0LsA99T5+ZoQzps6gn6cqbgAcEvh7j0 ndZCM4erXRI3tM+EuVYoovu6X38LYaUc9LLGaB2Pp4OE56VDE82vF0W0FCFaiHFpYoStEK96rbl +RYT0J0lCvTVLLFRwVftH17U6RSJj9rITGMTK5AVGyk8bP6p09nOOpMxzcVBIGh36lyPHEXE/Ty 7Z1W7vR75x2BaYjkcTYFr3ctiU9qrJan4M72K5AUg7fB/YsH9a3hYRaplV1Mq0yHDoBpkvP4iUo ZDHj+0vjAZcUBjCPsWSxaCMaOtVOJTkYE6mnvrLdPEImCDkLbV7SkleCt93M2GEDc2iaA4NVBEQ == X-Google-Smtp-Source: AGHT+IFpTFnxPoLljzg+mRiiHnQVlfFPhIuzR+WnoH35eBnUumvHfMjoPRVjpAJLIBk1bkSSSvlpyg== X-Received: by 2002:a05:600c:3b0f:b0:477:557b:691d with SMTP id 5b1f17b1804b1-4778fe9b23amr17738475e9.25.1763108693012; Fri, 14 Nov 2025 00:24:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4778f247821sm53838325e9.5.2025.11.14.00.24.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 00:24:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v3 4/5] audiofile: patch CVE-2018-13440 and CVE-2018-17059 Date: Fri, 14 Nov 2025 09:24:49 +0100 Message-ID: <20251114082450.2720967-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114082450.2720967-1-skandigraun@gmail.com> References: <20251114082450.2720967-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 08:24:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121697 Details: https://nvd.nist.gov/vuln/detail/CVE-2018-13440 https://nvd.nist.gov/vuln/detail/CVE-2018-17059 The patches have been backported from Debian - upstream has been inactive for almost a decade by now. Signed-off-by: Gyorgy Sarvari --- v2: no change v3: no change .../audiofile/audiofile_0.3.6.bb | 2 ++ .../audiofile/files/CVE-2018-13440.patch | 36 +++++++++++++++++++ .../audiofile/files/CVE-2018-17059.patch | 35 ++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2018-13440.patch create mode 100644 meta-oe/recipes-multimedia/audiofile/files/CVE-2018-17059.patch diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb index b14b4792b3..cc7fef2a26 100644 --- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb +++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb @@ -22,6 +22,8 @@ SRC_URI = " \ file://test-for-CVE-2015-7747.patch \ file://CVE-2019-13147.patch \ file://CVE-2022-24599.patch \ + file://CVE-2018-13440.patch \ + file://CVE-2018-17059.patch \ " SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782" diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-13440.patch b/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-13440.patch new file mode 100644 index 0000000000..f468696845 --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-13440.patch @@ -0,0 +1,36 @@ +From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 10:48:45 +0200 +Subject: [PATCH] ModuleState: handle compress/decompress init failure + +When the unit initcompress or initdecompress function fails, +m_fileModule is NULL. Return AF_FAIL in that case instead of +causing NULL pointer dereferences later. + +Fixes #49 + +This patch has been backported from Debian: +https://sources.debian.org/src/audiofile/0.3.6-7/debian/patches/11_CVE-2018-13440.patch + +CVE: CVE-2018-13440 +Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30] +Signed-off-by: Gyorgy Sarvari + +--- + libaudiofile/modules/ModuleState.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp +index 0c29d7a..070fd9b 100644 +--- a/libaudiofile/modules/ModuleState.cpp ++++ b/libaudiofile/modules/ModuleState.cpp +@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track) + m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok, + file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames); + ++ if (!m_fileModule) ++ return AF_FAIL; ++ + if (unit->needsRebuffer) + { + assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP); diff --git a/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-17059.patch b/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-17059.patch new file mode 100644 index 0000000000..e9b560102a --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2018-17059.patch @@ -0,0 +1,35 @@ +From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 12:11:12 +0200 +Subject: [PATCH] SimpleModule: set output chunk framecount after pull + +After pulling the data, set the output chunk to the amount of +frames we pulled so that the next module in the chain has the correct +frame count. + +Fixes #50 and #51 + +This patch has been backported from Debian: +https://sources.debian.org/src/audiofile/0.3.6-7/debian/patches/12_CVE-2018-17095.patch + +CVE: CVE-2018-17095 + +Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30] +Signed-off-by: Gyorgy Sarvari + +--- + libaudiofile/modules/SimpleModule.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libaudiofile/modules/SimpleModule.cpp b/libaudiofile/modules/SimpleModule.cpp +index 2bae1eb..e87932c 100644 +--- a/libaudiofile/modules/SimpleModule.cpp ++++ b/libaudiofile/modules/SimpleModule.cpp +@@ -26,6 +26,7 @@ + void SimpleModule::runPull() + { + pull(m_outChunk->frameCount); ++ m_outChunk->frameCount = m_inChunk->frameCount; + run(*m_inChunk, *m_outChunk); + } + From patchwork Fri Nov 14 08:24:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E187DCDE029 for ; Fri, 14 Nov 2025 08:24:57 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13341.1763108695526668797 for ; Fri, 14 Nov 2025 00:24:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=V8mBopoG; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-477619f8ae5so12504145e9.3 for ; Fri, 14 Nov 2025 00:24:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763108694; x=1763713494; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3FOSvOzj8ihocHNsuxiuD6YDvQYvQJVyLwUV0QwwOyo=; b=V8mBopoGNePdIKTK85J+lIZ307V/ueyQoD/QbapDBjVKf8rgngttAfJKb+YYPj2oqa LqF4gHNg71ios40hBTU2vIEi8vcCNuHpJWzQLjC+EFaUEMCa3xS53wZjsFSd6lDo3wqW 4qB0W50iDhIn8Y5ykWx2xXFhdR+guTyxx2gfnOJuqB9XbA1eWYIubObrEehAsgEHthBd IKDWwlVSzuea9msm0NCkiyEzdUDe1q5Ju/1NzL8EcVkNScs9irrIrdbKFVneFncDzzmm sdfqVd1n43hvESSGzBfoTN4x02WmLZ9SPUJHtp2xR25PFqRalJ/0yKe8weoeuJC3zZcl +Vwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763108694; x=1763713494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3FOSvOzj8ihocHNsuxiuD6YDvQYvQJVyLwUV0QwwOyo=; b=SRo3q7n721xoct8xttkIclS0YnJ7xVs/jLUTmspt9Eth5s8uKi9rSzsafOd76HnGLE N4yZpKMR2tSzXVjS60aHCiE4/gdaFEIsg2E9ib1OyNext5a2T2cSgmFPo+itHJJsfYPE Pp/w138bi/Z+PXIy8iqtl+yqWw747bL1Di4AbwrB3tjzckFhxzy4Bii3OpdclWzdnw1F BCL7tnanX7QtGhIwhpP9bDQZnuc7OKzKpYH2j//cGZqWRA8NmsjZ1TY0khMi6VAqMogV YWrW1Ip029jCk7T+6eMfddI7AE2iLMaR2acCiFAaYbyHd66m1okzaDkfJxB+/+uBuf9S XKwA== X-Gm-Message-State: AOJu0YxMgPa0edOShpuBMaJl/gCjItB4ZZtRmxaTiusYzeXuiNPJrrEt 2uWoIuhPRVz9/qFqfIJP8BxlQbWAUpI5eNMGqb1WlnCpX0CiEmpcM/j+LvOVaeQH X-Gm-Gg: ASbGncv58tyCo/RiQDHEdt14RvIQCjveu0jUlsxMF7SnW9c3I9UWdqO+PcFPG0du1Zt XtzlKt6YnQkMTel+uxCVg29RP3X+5SRzaInT/+l+rOXzVZiFE/rnNUBrVZxVFozGF3s5KW+aKJQ T8KP/B5HqH1ZToeW6srWrTHUh5eCUyXeIDu5kAoBZwUYwR2ATaZiAluA63OMlda79VWflUoJRq7 e1wns0pYeiQOS3YFm8w3np4yGDrkdXkka49I7++FRe1WX5CJQ8TZEtp5Pj0RVjdWEFM7jNf0HM2 0LY62WIqJOcbDZ4l5oJOdoBL1ufrM2DpIu6R7fsb7BTeVcSF+adRyffGKA9LTm/7rimdRfPsxlN MsXKXxDVoNR0IRHNi7R+OBSA6U0rate1BMm4JB02BvHly9scCSNeqNnlmZ/y7sAhXZ9MCsEI3Bi xsI4PgyL+u X-Google-Smtp-Source: AGHT+IHagomjG353SNsfXqnNwF4fRzRQM0yp73iwU74e/cY7zSe7vzHyAB77k/qH2DoZRSlNoFu1Yw== X-Received: by 2002:a05:600c:c4a3:b0:46e:32dd:1b1a with SMTP id 5b1f17b1804b1-4778fe603ccmr19505525e9.7.1763108693668; Fri, 14 Nov 2025 00:24:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4778f247821sm53838325e9.5.2025.11.14.00.24.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 00:24:53 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH v3 5/5] audiofile: Fix build with clang++ Date: Fri, 14 Nov 2025 09:24:50 +0100 Message-ID: <20251114082450.2720967-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114082450.2720967-1-skandigraun@gmail.com> References: <20251114082450.2720967-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 08:24:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121698 From: Khem Raj When tests are enabled additional C++ code is compiled and clang does not like the code. Signed-off-by: Khem Raj Cc: Gyorgy Sarvari --- v3: included in this series, no change compared to the original submission .../audiofile/audiofile_0.3.6.bb | 1 + ...test-sign.cpp-Fix-C-narrowing-errors.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0001-test-sign.cpp-Fix-C-narrowing-errors.patch diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb index cc7fef2a26..6ebb54e261 100644 --- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb +++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb @@ -19,6 +19,7 @@ SRC_URI = " \ file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \ file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \ file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \ + file://0001-test-sign.cpp-Fix-C-narrowing-errors.patch \ file://test-for-CVE-2015-7747.patch \ file://CVE-2019-13147.patch \ file://CVE-2022-24599.patch \ diff --git a/meta-oe/recipes-multimedia/audiofile/files/0001-test-sign.cpp-Fix-C-narrowing-errors.patch b/meta-oe/recipes-multimedia/audiofile/files/0001-test-sign.cpp-Fix-C-narrowing-errors.patch new file mode 100644 index 0000000000..83c573a873 --- /dev/null +++ b/meta-oe/recipes-multimedia/audiofile/files/0001-test-sign.cpp-Fix-C-narrowing-errors.patch @@ -0,0 +1,41 @@ +From bed0eb57c3294bac1c743cbe4404168c1007287d Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 13 Nov 2025 17:00:59 -0800 +Subject: [PATCH] test/sign.cpp: Fix C++ narrowing errors + +The error is because -kMinInt32 is both overflowing and a narrowing conversion in a brace initializer. +Fix it by doing the negation in a wider type and explicitly casting to uint32_t in the initializer. + +Fixes + +../../sources/audiofile-0.3.6/test/Sign.cpp:160:39: error: non-constant-expression cannot be narrowed from type 'int32_t' (aka 'int') to 'uint32_t' (aka 'unsigned int') in initializer list [-Wc++11-narrowing] + 160 | const uint32_t expectedData[] = { 0, -kMinInt32, kMaxUInt32 }; + | ^~~~~~~~~~ +../../sources/audiofile-0.3.6/test/Sign.cpp:160:39: note: insert an explicit cast to silence this issue + 160 | const uint32_t expectedData[] = { 0, -kMinInt32, kMaxUInt32 }; + | ^~~~~~~~~~ + | static_cast( ) +../../sources/audiofile-0.3.6/test/Sign.cpp:160:39: warning: overflow in expression; result is -2'147'483'648 with type 'int32_t' (aka 'int') [-Winteger-overflow] + 160 | const uint32_t expectedData[] = { 0, -kMinInt32, kMaxUInt32 }; + | ^~~~~~~~~~ +1 warning and 1 error generated. + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + test/Sign.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/Sign.cpp b/test/Sign.cpp +index c339514..0d80fe6 100644 +--- a/test/Sign.cpp ++++ b/test/Sign.cpp +@@ -157,7 +157,7 @@ TEST_F(SignConversionTest, Int32) + AFframecount framesRead = afReadFrames(file, AF_DEFAULT_TRACK, readData, frameCount); + ASSERT_EQ(framesRead, frameCount); + afCloseFile(file); +- const uint32_t expectedData[] = { 0, -kMinInt32, kMaxUInt32 }; ++ const uint32_t expectedData[] = { 0, static_cast(-static_cast(kMinInt32)), kMaxUInt32 }; + for (int i=0; i