70b2411cee
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
38 lines
953 B
Makefile
38 lines
953 B
Makefile
################################################################################
|
|
#
|
|
# taglib
|
|
#
|
|
################################################################################
|
|
|
|
TAGLIB_VERSION = 1.11.1
|
|
TAGLIB_SITE = http://taglib.github.io/releases
|
|
TAGLIB_INSTALL_STAGING = YES
|
|
TAGLIB_LICENSE = LGPL-2.1 or MPL-1.1
|
|
TAGLIB_LICENSE_FILES = COPYING.LGPL COPYING.MPL
|
|
|
|
# 0002-Don-t-assume-TDRC-is-an-instance-of-TextIdentificationFrame.patch
|
|
TAGLIB_IGNORE_CVES += CVE-2017-12678
|
|
|
|
# 0003-Fixed-OOB-read-when-loading-invalid-ogg-flac-file.patch
|
|
TAGLIB_IGNORE_CVES += CVE-2018-11439
|
|
|
|
ifeq ($(BR2_PACKAGE_ZLIB),y)
|
|
TAGLIB_DEPENDENCIES += zlib
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_TAGLIB_ASF),y)
|
|
TAGLIB_CONF_OPTS += -DWITH_ASF=ON
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_TAGLIB_MP4),y)
|
|
TAGLIB_CONF_OPTS += -DWITH_MP4=ON
|
|
endif
|
|
|
|
define TAGLIB_REMOVE_DEVFILE
|
|
rm -f $(TARGET_DIR)/usr/bin/taglib-config
|
|
endef
|
|
|
|
TAGLIB_POST_INSTALL_TARGET_HOOKS += TAGLIB_REMOVE_DEVFILE
|
|
|
|
$(eval $(cmake-package))
|