From 69e940f97f8a39f4d3f328f4adf2179da7e9875017e2e7cd66baa7a935c41568 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wojtek=20Dziewi=C4=99cki?= Date: Fri, 11 May 2012 10:24:30 +0000 Subject: [PATCH 1/2] -Update to 1.7.2 -This fixes various security issues, see changes. OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/taglib?expand=0&rev=38 --- taglib-1.7.2-doxygen.patch | 13 +++++++++++++ taglib-1.7.2.tar.bz2 | 3 +++ taglib.changes | 14 ++++++++++++++ taglib.spec | 4 +++- 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 taglib-1.7.2-doxygen.patch create mode 100644 taglib-1.7.2.tar.bz2 diff --git a/taglib-1.7.2-doxygen.patch b/taglib-1.7.2-doxygen.patch new file mode 100644 index 0000000..14f389d --- /dev/null +++ b/taglib-1.7.2-doxygen.patch @@ -0,0 +1,13 @@ +Index: taglib-1.7.2/CMakeLists.txt +=================================================================== +--- taglib-1.7.2.orig/CMakeLists.txt ++++ taglib-1.7.2/CMakeLists.txt +@@ -76,7 +76,7 @@ endif(NOT WIN32) + + INSTALL( PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/taglib-config DESTINATION ${BIN_INSTALL_DIR}) + +-CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.cmake ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile) ++CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.cmake ${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile) + file(COPY doc/taglib.png DESTINATION doc) + ADD_CUSTOM_TARGET(docs doxygen) + diff --git a/taglib-1.7.2.tar.bz2 b/taglib-1.7.2.tar.bz2 new file mode 100644 index 0000000..b609086 --- /dev/null +++ b/taglib-1.7.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77e4b50761d59269c591a0ae3f98fd2d6a555fcbf09a8b99f68083809925a1ef +size 459392 diff --git a/taglib.changes b/taglib.changes index e1381fb..b5b186c 100644 --- a/taglib.changes +++ b/taglib.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri May 11 10:22:59 UTC 2012 - vdziewiecki@suse.com + +-Update to 1.7.2: + * Fixed division by zero while parsing corrupted MP4 files (CVE-2012-2396). + * Fixed compilation on Haiku. + * Improved parsing of corrupted WMA, RIFF and OGG files. + * Fixed a memory leak in the WMA parser. + * Fixed a memory leak in the FLAC parser. + * Fixed a possible division by zero in the APE parser. + * Added detection of TTA2 files. + * Fixed saving of multiple identically named tags to Vorbis Comments. +-Fixed a build failure related to doxygen. + ------------------------------------------------------------------- Thu May 10 01:51:54 UTC 2012 - crrodriguez@opensuse.org diff --git a/taglib.spec b/taglib.spec index dae340e..513b31d 100644 --- a/taglib.spec +++ b/taglib.spec @@ -17,7 +17,7 @@ Name: taglib -Version: 1.7 +Version: 1.7.2 Release: 0 Summary: Audio Meta-Data Library License: LGPL-2.1+ ; MPL-1.1 @@ -29,6 +29,7 @@ Source1: %{name}.desktop Source100: baselibs.conf Patch1: taglib-1.6-ds-rusxmms.patch Patch2: taglib-noansiflags.patch +Patch3: taglib-1.7.2-doxygen.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cmake BuildRequires: doxygen @@ -98,6 +99,7 @@ This package contains development files for taglib. %setup -q %patch1 -p1 %patch2 +%patch3 -p1 %build mkdir build cd build From e3c4dc7256374303db4395c8f492bd4db855573fd7de3646bcf620a2c5baea20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wojtek=20Dziewi=C4=99cki?= Date: Fri, 11 May 2012 10:25:34 +0000 Subject: [PATCH 2/2] Remove old tarball. OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/taglib?expand=0&rev=39 --- taglib-1.7.tar.bz2 | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 taglib-1.7.tar.bz2 diff --git a/taglib-1.7.tar.bz2 b/taglib-1.7.tar.bz2 deleted file mode 100644 index cadff1f..0000000 --- a/taglib-1.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89e69f0e28fd28ee1aac11f737943d6d953f682234915b50184b608be7c413cb -size 458587