kumquat-buildroot/package/mp4v2/mp4v2.mk

################################################################################
#
# mp4v2
#
################################################################################

MP4V2_VERSION = 4.1.3
MP4V2_SITE = \
	$(call github,TechSmith,mp4v2,Release-ThirdParty-MP4v2-$(MP4V2_VERSION))
MP4V2_INSTALL_STAGING = YES
MP4V2_LICENSE = MPL-1.1
MP4V2_LICENSE_FILES = COPYING

# help2man expects to be able to run utilities on the build machine to
# grab --help output which doesn't work when cross compiling, so
# disable it
MP4V2_CONF_ENV = ac_cv_prog_FOUND_HELP2MAN=no

ifeq ($(BR2_PACKAGE_MP4V2_UTIL),y)
MP4V2_CONF_OPTS += --enable-util
else
MP4V2_CONF_OPTS += --disable-util
endif

$(eval $(autotools-package))
mp4v2: new package [Thomas: use --enable-largefile/--disable-largefile as appropriate.] Signed-off-by: Jörg Krause <jkrause@posteo.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-20 10:16:59 +02:00			`################################################################################`
			`#`
			`# mp4v2`
			`#`
			`################################################################################`

package/mp4v2: security bump to version 4.1.3 - Switch site to an active fork - Send patch upstream - Update indentation in hash file (two spaces) - Fix the following CVEs: - CVE-2018-14054: A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. Fixed by https://github.com/TechSmith/mp4v2/commit/f09cceeee5bd7f783fd31f10e8b3c440ccf4c743 - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Fixed by https://github.com/TechSmith/mp4v2/commit/e475013c6ef78093055a02b0d035eda0f9f01451 - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. Fixed by https://github.com/TechSmith/mp4v2/commit/70d823ccd8e2d7d0ed9e62fb7e8983d21e6acbeb - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. Fixed by https://github.com/TechSmith/mp4v2/commit/73f38b4296aeb38617fa3923018bb78671c3b833 - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. Fixed by https://github.com/TechSmith/mp4v2/commit/51cb6b36f6c8edf9f195d5858eac9ba18b334a16 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2020-05-15 23:13:27 +02:00			`MP4V2_VERSION = 4.1.3`
			`MP4V2_SITE = \`
			`$(call github,TechSmith,mp4v2,Release-ThirdParty-MP4v2-$(MP4V2_VERSION))`
mp4v2: new package [Thomas: use --enable-largefile/--disable-largefile as appropriate.] Signed-off-by: Jörg Krause <jkrause@posteo.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-20 10:16:59 +02:00			`MP4V2_INSTALL_STAGING = YES`
package: use SPDX short identifier for MPL family licenses We want to use SPDX identifier for license string as much as possible. SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/ MPL-2.0. This change is done using following command. find . -name "*.mk" \| xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-03-30 15:43:42 +02:00			`MP4V2_LICENSE = MPL-1.1`
mp4v2: new package [Thomas: use --enable-largefile/--disable-largefile as appropriate.] Signed-off-by: Jörg Krause <jkrause@posteo.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-20 10:16:59 +02:00			`MP4V2_LICENSE_FILES = COPYING`

mp4v2: fix help2man-related build failure Fixes: http://autobuild.buildroot.net/results/62a/62af25aace6b17492135e3567f3fa14cc05fef75/ http://autobuild.buildroot.net/results/043/043e23a8a1575f249d4654e2ce5f4a24e29d080a/ http://autobuild.buildroot.net/results/c6f/c6f1f7eef34025f736e35b5714029f5190bcb648/ http://autobuild.buildroot.net/results/bc4/bc4beb415491fdfb65639c0d51ae75a1789c68dd/ And many others. Help2man expects to be able to run utilities on the build machine to grab --help output which doesn't work when cross compiling, so disable it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-10-31 15:54:58 +01:00			`# help2man expects to be able to run utilities on the build machine to`
			`# grab --help output which doesn't work when cross compiling, so`
			`# disable it`
			`MP4V2_CONF_ENV = ac_cv_prog_FOUND_HELP2MAN=no`

mp4v2: new package [Thomas: use --enable-largefile/--disable-largefile as appropriate.] Signed-off-by: Jörg Krause <jkrause@posteo.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-10-20 10:16:59 +02:00			`ifeq ($(BR2_PACKAGE_MP4V2_UTIL),y)`
			`MP4V2_CONF_OPTS += --enable-util`
			`else`
			`MP4V2_CONF_OPTS += --disable-util`
			`endif`

			`$(eval $(autotools-package))`