pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/taglib taglib: update to 1.12.
details: https://anonhg.NetBSD.org/pkgsrc/rev/2fcc5d3e0342
branches: trunk
changeset: 447644:2fcc5d3e0342
user: wiz <wiz%pkgsrc.org@localhost>
date: Wed Feb 24 12:31:57 2021 +0000
description:
taglib: update to 1.12.
TagLib 1.12 (Feb 16, 2021)
==========================
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
diffstat:
audio/taglib/Makefile | 7 ++---
audio/taglib/PLIST | 5 ++-
audio/taglib/distinfo | 12 ++++------
audio/taglib/patches/patch-CVE-2017-12678 | 28 --------------------------
audio/taglib/patches/patch-CVE-2018-11439 | 33 -------------------------------
5 files changed, 11 insertions(+), 74 deletions(-)
diffs (134 lines):
diff -r b293654ef7ed -r 2fcc5d3e0342 audio/taglib/Makefile
--- a/audio/taglib/Makefile Wed Feb 24 12:29:57 2021 +0000
+++ b/audio/taglib/Makefile Wed Feb 24 12:31:57 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.41 2020/01/18 23:30:06 rillig Exp $
+# $NetBSD: Makefile,v 1.42 2021/02/24 12:31:57 wiz Exp $
-DISTNAME= taglib-1.11.1
-PKGREVISION= 1
+DISTNAME= taglib-1.12
CATEGORIES= audio
MASTER_SITES= http://taglib.github.io/releases/
@@ -31,7 +30,7 @@
#
# depends on builtin functions which enabled with i486 and later with GCC.
#
-.if ${OPSYS} == "NetBSD" && !empty(CC_VERSION:Mgcc-[4-9]*) && !empty(MACHINE_ARCH:Mi386)
+.if ${OPSYS} == "NetBSD" && !empty(CC_VERSION:Mgcc-[4-9]*) && ${MACHINE_ARCH} == i386
GNU_ARCH.i386= i486
CFLAGS+= -march=i486
.endif
diff -r b293654ef7ed -r 2fcc5d3e0342 audio/taglib/PLIST
--- a/audio/taglib/PLIST Wed Feb 24 12:29:57 2021 +0000
+++ b/audio/taglib/PLIST Wed Feb 24 12:31:57 2021 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.19 2016/10/31 16:32:56 wiz Exp $
+@comment $NetBSD: PLIST,v 1.20 2021/02/24 12:31:57 wiz Exp $
bin/taglib-config
include/taglib/aifffile.h
include/taglib/aiffproperties.h
@@ -25,6 +25,7 @@
include/taglib/generalencapsulatedobjectframe.h
include/taglib/id3v1genres.h
include/taglib/id3v1tag.h
+include/taglib/id3v2.h
include/taglib/id3v2extendedheader.h
include/taglib/id3v2footer.h
include/taglib/id3v2frame.h
@@ -107,7 +108,7 @@
include/taglib/xmproperties.h
lib/libtag.so
lib/libtag.so.1
-lib/libtag.so.1.17.0
+lib/libtag.so.1.18.0
lib/libtag_c.so
lib/libtag_c.so.0
lib/libtag_c.so.0.0.0
diff -r b293654ef7ed -r 2fcc5d3e0342 audio/taglib/distinfo
--- a/audio/taglib/distinfo Wed Feb 24 12:29:57 2021 +0000
+++ b/audio/taglib/distinfo Wed Feb 24 12:31:57 2021 +0000
@@ -1,8 +1,6 @@
-$NetBSD: distinfo,v 1.22 2019/07/18 09:36:37 nia Exp $
+$NetBSD: distinfo,v 1.23 2021/02/24 12:31:57 wiz Exp $
-SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e
-RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192
-SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98
-Size (taglib-1.11.1.tar.gz) = 1261620 bytes
-SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841
-SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898
+SHA1 (taglib-1.12.tar.gz) = c06c44223f64ef61d29372659059d6b9e27c2efd
+RMD160 (taglib-1.12.tar.gz) = 2d748aa75c810e9062a18790f1fc560e3cecc0b7
+SHA512 (taglib-1.12.tar.gz) = 7e369faa5e3c6c6401052b7a19e35b0cf8c1e5ed9597053ac731a7718791d5d4803d1b18a93e903ec8c3fc6cb92e34d9616daa2ae4d326965d4c4d5624dcdaba
+Size (taglib-1.12.tar.gz) = 1364231 bytes
diff -r b293654ef7ed -r 2fcc5d3e0342 audio/taglib/patches/patch-CVE-2017-12678
--- a/audio/taglib/patches/patch-CVE-2017-12678 Wed Feb 24 12:29:57 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-$NetBSD: patch-CVE-2017-12678,v 1.1 2019/07/18 09:36:37 nia Exp $
-
-Fix CVE-2017-12678
-
-In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
-has a pointer to cast vulnerability, which allows remote attackers to cause a
-denial of service or possibly have unspecified other impact via a crafted
-audio file.
-
-Upstream commit:
-https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
-
---- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig 2016-10-24 03:03:23.000000000 +0000
-+++ taglib/mpeg/id3v2/id3v2framefactory.cpp
-@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
- tag->frameList("TDAT").size() == 1)
- {
- TextIdentificationFrame *tdrc =
-- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
-+ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
- UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
-
-- if(tdrc->fieldList().size() == 1 &&
-+ if(tdrc &&
-+ tdrc->fieldList().size() == 1 &&
- tdrc->fieldList().front().size() == 4 &&
- tdat->data().size() >= 5)
- {
diff -r b293654ef7ed -r 2fcc5d3e0342 audio/taglib/patches/patch-CVE-2018-11439
--- a/audio/taglib/patches/patch-CVE-2018-11439 Wed Feb 24 12:29:57 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-$NetBSD: patch-CVE-2018-11439,v 1.1 2019/07/18 09:36:37 nia Exp $
-
-Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.
-
-Upstream commit:
-https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
-
---- taglib/ogg/flac/oggflacfile.cpp.orig 2016-10-24 03:03:23.000000000 +0000
-+++ taglib/ogg/flac/oggflacfile.cpp
-@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
-
- if(!metadataHeader.startsWith("fLaC")) {
- // FLAC 1.1.2+
-+ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
-+ if(metadataHeader.size() < 13)
-+ return;
-+
-+ if(metadataHeader[0] != 0x7f)
-+ return;
-+
- if(metadataHeader.mid(1, 4) != "FLAC")
- return;
-
-- if(metadataHeader[5] != 1)
-- return; // not version 1
-+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
-+ return; // not version 1.0
-+
-+ if(metadataHeader.mid(9, 4) != "fLaC")
-+ return;
-
- metadataHeader = metadataHeader.mid(13);
- }
Home |
Main Index |
Thread Index |
Old Index