diff options
author | wiz <wiz@pkgsrc.org> | 2021-02-24 12:31:57 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2021-02-24 12:31:57 +0000 |
commit | 3ba846080345d1b9e8ad2d52bfb7349e9642d699 (patch) | |
tree | e4c0c4191c463e9828c46d8afac71b483695b431 | |
parent | ac9f0b0437689e488efbaf0dad40076c00c4dcd7 (diff) | |
download | pkgsrc-3ba846080345d1b9e8ad2d52bfb7349e9642d699.tar.gz |
taglib: update to 1.12.
TagLib 1.12 (Feb 16, 2021)
==========================
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
-rw-r--r-- | audio/taglib/Makefile | 7 | ||||
-rw-r--r-- | audio/taglib/PLIST | 5 | ||||
-rw-r--r-- | audio/taglib/distinfo | 12 | ||||
-rw-r--r-- | audio/taglib/patches/patch-CVE-2017-12678 | 28 | ||||
-rw-r--r-- | audio/taglib/patches/patch-CVE-2018-11439 | 33 |
5 files changed, 11 insertions, 74 deletions
diff --git a/audio/taglib/Makefile b/audio/taglib/Makefile index e0cac8fba61..805ffda7653 100644 --- a/audio/taglib/Makefile +++ b/audio/taglib/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.41 2020/01/18 23:30:06 rillig Exp $ +# $NetBSD: Makefile,v 1.42 2021/02/24 12:31:57 wiz Exp $ -DISTNAME= taglib-1.11.1 -PKGREVISION= 1 +DISTNAME= taglib-1.12 CATEGORIES= audio MASTER_SITES= http://taglib.github.io/releases/ @@ -31,7 +30,7 @@ SUBST_MESSAGE.pc= Fixing rpath in taglib-config. # # depends on builtin functions which enabled with i486 and later with GCC. # -.if ${OPSYS} == "NetBSD" && !empty(CC_VERSION:Mgcc-[4-9]*) && !empty(MACHINE_ARCH:Mi386) +.if ${OPSYS} == "NetBSD" && !empty(CC_VERSION:Mgcc-[4-9]*) && ${MACHINE_ARCH} == i386 GNU_ARCH.i386= i486 CFLAGS+= -march=i486 .endif diff --git a/audio/taglib/PLIST b/audio/taglib/PLIST index 74cfc6f2e72..060210d1166 100644 --- a/audio/taglib/PLIST +++ b/audio/taglib/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.19 2016/10/31 16:32:56 wiz Exp $ +@comment $NetBSD: PLIST,v 1.20 2021/02/24 12:31:57 wiz Exp $ bin/taglib-config include/taglib/aifffile.h include/taglib/aiffproperties.h @@ -25,6 +25,7 @@ include/taglib/flacproperties.h include/taglib/generalencapsulatedobjectframe.h include/taglib/id3v1genres.h include/taglib/id3v1tag.h +include/taglib/id3v2.h include/taglib/id3v2extendedheader.h include/taglib/id3v2footer.h include/taglib/id3v2frame.h @@ -107,7 +108,7 @@ include/taglib/xmfile.h include/taglib/xmproperties.h lib/libtag.so lib/libtag.so.1 -lib/libtag.so.1.17.0 +lib/libtag.so.1.18.0 lib/libtag_c.so lib/libtag_c.so.0 lib/libtag_c.so.0.0.0 diff --git a/audio/taglib/distinfo b/audio/taglib/distinfo index 1974b3a7663..e674904830b 100644 --- a/audio/taglib/distinfo +++ b/audio/taglib/distinfo @@ -1,8 +1,6 @@ -$NetBSD: distinfo,v 1.22 2019/07/18 09:36:37 nia Exp $ +$NetBSD: distinfo,v 1.23 2021/02/24 12:31:57 wiz Exp $ -SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e -RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192 -SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 -Size (taglib-1.11.1.tar.gz) = 1261620 bytes -SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841 -SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898 +SHA1 (taglib-1.12.tar.gz) = c06c44223f64ef61d29372659059d6b9e27c2efd +RMD160 (taglib-1.12.tar.gz) = 2d748aa75c810e9062a18790f1fc560e3cecc0b7 +SHA512 (taglib-1.12.tar.gz) = 7e369faa5e3c6c6401052b7a19e35b0cf8c1e5ed9597053ac731a7718791d5d4803d1b18a93e903ec8c3fc6cb92e34d9616daa2ae4d326965d4c4d5624dcdaba +Size (taglib-1.12.tar.gz) = 1364231 bytes diff --git a/audio/taglib/patches/patch-CVE-2017-12678 b/audio/taglib/patches/patch-CVE-2017-12678 deleted file mode 100644 index f9d7764d0aa..00000000000 --- a/audio/taglib/patches/patch-CVE-2017-12678 +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-CVE-2017-12678,v 1.1 2019/07/18 09:36:37 nia Exp $ - -Fix CVE-2017-12678 - -In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp -has a pointer to cast vulnerability, which allows remote attackers to cause a -denial of service or possibly have unspecified other impact via a crafted -audio file. - -Upstream commit: -https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a - ---- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig 2016-10-24 03:03:23.000000000 +0000 -+++ taglib/mpeg/id3v2/id3v2framefactory.cpp -@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame - tag->frameList("TDAT").size() == 1) - { - TextIdentificationFrame *tdrc = -- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); -+ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); - UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); - -- if(tdrc->fieldList().size() == 1 && -+ if(tdrc && -+ tdrc->fieldList().size() == 1 && - tdrc->fieldList().front().size() == 4 && - tdat->data().size() >= 5) - { diff --git a/audio/taglib/patches/patch-CVE-2018-11439 b/audio/taglib/patches/patch-CVE-2018-11439 deleted file mode 100644 index fb6e97bd3b5..00000000000 --- a/audio/taglib/patches/patch-CVE-2018-11439 +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-CVE-2018-11439,v 1.1 2019/07/18 09:36:37 nia Exp $ - -Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file. - -Upstream commit: -https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45 - ---- taglib/ogg/flac/oggflacfile.cpp.orig 2016-10-24 03:03:23.000000000 +0000 -+++ taglib/ogg/flac/oggflacfile.cpp -@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan() - - if(!metadataHeader.startsWith("fLaC")) { - // FLAC 1.1.2+ -+ // See https://xiph.org/flac/ogg_mapping.html for the header specification. -+ if(metadataHeader.size() < 13) -+ return; -+ -+ if(metadataHeader[0] != 0x7f) -+ return; -+ - if(metadataHeader.mid(1, 4) != "FLAC") - return; - -- if(metadataHeader[5] != 1) -- return; // not version 1 -+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) -+ return; // not version 1.0 -+ -+ if(metadataHeader.mid(9, 4) != "fLaC") -+ return; - - metadataHeader = metadataHeader.mid(13); - } |