summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/taglib/taglib_1.11.1.bb
Commit message (Collapse)AuthorAgeFilesLines
* taglib: upgrade 1.11.1 -> 1.12Wang Mingyu2021-03-061-45/+0
| | | | | | | | | CVE-2017-12678.patch CVE-2018-11439.patch removed since they are included in 1.12 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipesMeh Mbeh Ida Delphine2021-03-021-0/+1
| | | | | | | Fixes: [YOCTO #13471] Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Fix license "names"/versions.Filip JareŇ°2019-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were broken in commit 4786ecdf7cd427089464dcb62579110d494e7cd7 which performed a cleanup to avoid non-standard field names. There is an SPDX License list at https://spdx.org/licenses/ which aims to be a standard. Yocto also uses a substitution map SPDXLICENSEMAP, default one stored at meta/conf/licenses.conf. According to meta/conf/licenses.conf, "AFL-2" corresponds to "AFL-2.0" which is not correct for dbus. According to the same licenses.conf file "MPL-1" corresponds to "MPL-1.0", which is correct for libical but since SPDX aims to be a standard I am updating the identifier in libical's .bb file as well. To verify the actual license used you can use: dbus: cd /tmp/ wget http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-0.110.tar.gz tar -xaf dbus-glib-0.110.tar.gz cd dbus-glib-0.110 grep -A1 "^The Academic Free License$" COPYING cd /tmp/ wget http://dbus.freedesktop.org/releases/dbus/dbus-1.12.14.tar.gz tar -xaf dbus-1.12.14.tar.gz cd dbus-1.12.14 grep -A1 "^The Academic Free License$" COPYING cairo: wget --quiet -O - https://cgit.freedesktop.org/cairo/plain/COPYING-MPL-1.1?h=1.16.0 | grep -A1 "MOZILLA PUBLIC LICENSE" libical: wget --quiet -O - https://raw.githubusercontent.com/libical/libical/v2.0.0/COPYING | grep "Mozilla Public License" taglib: wget --quiet -O - https://raw.githubusercontent.com/taglib/taglib/v1.11.1/COPYING.MPL | grep -A1 "MOZILLA PUBLIC LICENSE" Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* taglib: Security fix CVE-2018-11439Yi Zhao2018-09-071-0/+1
| | | | | | | | | | | | | | | | CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. References: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 Patch from: https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* taglib: Security fix CVE-2017-12678Yi Zhao2017-08-251-1/+4
| | | | | | | | | | | | | | | | CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 Patch from: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-161-1/+1
| | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* taglib: Update to 1.11.1Ross Burton2016-11-301-0/+40
Forcibly disable Boost as the macros it looks for are also present in our C++ standard library. Enable c++11 in cmake as well as in CXXFLAGS [Khem Raj] CXXFLAGS is required due to a cmake bug where it does not honor CMAKE_CXX_FLAGS during configure time checks [Khem Raj] Signed-off-by: Ross Burton <ross.burton@intel.com>