mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

exiv2: update 0.28.0 -> 0.28.2

Browse Source 
- Remove outdated comment
- Switch to git fetcher. Otherwise the official download location leads to:
  WARNING: exiv2-0.28.2-r0 do_recipe_qa: QA Issue: exiv2: SRC_URI uses unstable GitHub/GitLab
  archives, convert recipe to use git protocol [src-uri-bad]
- Remove reproducibility hack. Theres no buildpath leakage in exiv2Config.cmake
  anymore.

Changes from version 0.28.1 to 0.28.2
-------------------------------------

Release Notes:

* https://github.com/Exiv2/exiv2/issues/2914
* https://github.com/Exiv2/exiv2/milestone/13?closed=1

This release also fixes two low-severity security issues in quicktimevideo.cpp:

* [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w):
  out-of-bounds read in QuickTimeVideo::NikonTagsDecoder.
* [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36):
  denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder.

These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0,
so earlier versions of Exiv2 are not affected.

Changes from version 0.28.0 to 0.28.1
-------------------------------------

Release Notes:
https://github.com/Exiv2/exiv2/issues/2813

This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r),
an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in
version 0.28.0, so earlier versions of Exiv2 are not affected.

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3a9fc5ba68)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Markus Volk
2024-06-24 21:55:53 +02:00
committed by Armin Kuster
parent 631a67f2e7
commit 496a24bf06
2 changed files with 11 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
-19
View File
@@ -1,19 +0,0 @@
SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
DEPENDS = "zlib expat brotli libinih"
SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
SRC_URI[sha256sum] = "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103491f3d"
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
# inherit dos2unix
S = "${WORKDIR}/${BP}-Source"
inherit cmake gettext
do_install:append:class-target() {
# reproducibility: remove build host path
sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
-e 's:${STAGING_DIR_HOST}::g'
}
meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
+11
View File
@@ -0,0 +1,11 @@
SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
DEPENDS = "zlib expat brotli libinih"
SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
SRCREV = "04207b9c39bf7b3b1a7144f7ed4e4f16b4f29ef6"
S = "${WORKDIR}/git"
inherit cmake gettext