- Remove outdated comment - Switch to git fetcher. Otherwise the official download location leads to: WARNING: exiv2-0.28.2-r0 do_recipe_qa: QA Issue: exiv2: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol [src-uri-bad] - Remove reproducibility hack. Theres no buildpath leakage in exiv2Config.cmake anymore.
Changes from version 0.28.1 to 0.28.2 ------------------------------------- Release Notes: * https://github.com/Exiv2/exiv2/issues/2914 * https://github.com/Exiv2/exiv2/milestone/13?closed=1 This release also fixes two low-severity security issues in quicktimevideo.cpp: * [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w): out-of-bounds read in QuickTimeVideo::NikonTagsDecoder. * [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36): denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder. These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Changes from version 0.28.0 to 0.28.1 ------------------------------------- Release Notes: https://github.com/Exiv2/exiv2/issues/2813 This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r), an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Signed-off-by: Markus Volk <f_...@t-online.de> --- meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb | 19 ------------------- meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb | 11 +++++++++++ 2 files changed, 11 insertions(+), 19 deletions(-) delete mode 100644 meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb create mode 100644 meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb deleted file mode 100644 index 958810cf7..000000000 --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb +++ /dev/null @@ -1,19 +0,0 @@ -SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" - -DEPENDS = "zlib expat brotli libinih" - -SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz" -SRC_URI[sha256sum] = "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103491f3d" -# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either -# inherit dos2unix -S = "${WORKDIR}/${BP}-Source" - -inherit cmake gettext - -do_install:append:class-target() { - # reproducibility: remove build host path - sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \ - -e 's:${STAGING_DIR_HOST}::g' -} diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb new file mode 100644 index 000000000..faae24799 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb @@ -0,0 +1,11 @@ +SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" + +DEPENDS = "zlib expat brotli libinih" + +SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x" +SRCREV = "04207b9c39bf7b3b1a7144f7ed4e4f16b4f29ef6" +S = "${WORKDIR}/git" + +inherit cmake gettext -- 2.45.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111007): https://lists.openembedded.org/g/openembedded-devel/message/111007 Mute This Topic: https://lists.openembedded.org/mt/106857248/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-