exiv2: update 0.28.0 -> 0.28.2

- Remove outdated comment - Switch to git fetcher. Otherwise the official download location leads to: WARNING: exiv2-0.28.2-r0 do_recipe_qa: QA Issue: exiv2: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol [src-uri-bad] - Remove reproducibility hack. Theres no buildpath leakage in exiv2Config.cmake anymore. Changes from version 0.28.1 to 0.28.2 ------------------------------------- Release Notes: * https://github.com/Exiv2/exiv2/issues/2914 * https://github.com/Exiv2/exiv2/milestone/13?closed=1 This release also fixes two low-severity security issues in quicktimevideo.cpp: * [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w): out-of-bounds read in QuickTimeVideo::NikonTagsDecoder. * [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36): denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder. These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Changes from version 0.28.0 to 0.28.1 ------------------------------------- Release Notes: https://github.com/Exiv2/exiv2/issues/2813 This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r), an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Markus Volk <f_l_k@t-online.de> 2024-06-24 21:55:53 +0200
committer: Khem Raj <raj.khem@gmail.com> 2024-06-27 09:18:48 -0700
commit: 3a9fc5ba68d8c121e70c018d4f4a782693def40b (patch)
tree: 1a16f434ae732dc56efa9e021a6a946be6e90b42
parent: 5f453c3401e20eb5489fac4d3b54a5bf96d019ab (diff)
download: meta-openembedded-3a9fc5ba68d8c121e70c018d4f4a782693def40b.tar.gz
2 files changed, 11 insertions, 19 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
deleted file mode 100644
index 958810cf7a..0000000000
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb
+++ /dev/null
@@ -1,19 +0,0 @@
-SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
-DEPENDS = "zlib expat brotli libinih"
-SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
-SRC_URI[sha256sum] = "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103491f3d"
-# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
-# inherit dos2unix
-S = "${WORKDIR}/${BP}-Source"
-inherit cmake gettext
-do_install:append:class-target() {
-    # reproducibility: remove build host path
-    sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
-        -e 's:${STAGING_DIR_HOST}::g'
-}
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
new file mode 100644
index 0000000000..faae247998
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
+DEPENDS = "zlib expat brotli libinih"
+SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
+SRCREV = "04207b9c39bf7b3b1a7144f7ed4e4f16b4f29ef6"
+S = "${WORKDIR}/git"
+inherit cmake gettext
author	Markus Volk <f_l_k@t-online.de>	2024-06-24 21:55:53 +0200
committer	Khem Raj <raj.khem@gmail.com>	2024-06-27 09:18:48 -0700
commit	3a9fc5ba68d8c121e70c018d4f4a782693def40b (patch)
tree	1a16f434ae732dc56efa9e021a6a946be6e90b42
parent	5f453c3401e20eb5489fac4d3b54a5bf96d019ab (diff)
download	meta-openembedded-3a9fc5ba68d8c121e70c018d4f4a782693def40b.tar.gz

diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb deleted file mode 100644 index 958810cf7a..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.0.bb +++ /dev/null
@@ -1,19 +0,0 @@
1	SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
2	LICENSE = "GPL-2.0-only"
3	LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
4
5	DEPENDS = "zlib expat brotli libinih"
6
7	SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
8	SRC_URI[sha256sum] = "89af3b5ef7277753ef7a7b5374ae017c6b9e304db3b688f1948e73e103491f3d"
9	# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
10	# inherit dos2unix
11	S = "${WORKDIR}/${BP}-Source"
12
13	inherit cmake gettext
14
15	do_install:append:class-target() {
16	# reproducibility: remove build host path
17	sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
18	-e 's:${STAGING_DIR_HOST}::g'
19	}


diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb new file mode 100644 index 0000000000..faae247998 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.2.bb
@@ -0,0 +1,11 @@
		1	SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
		2	LICENSE = "GPL-2.0-only"
		3	LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
		4
		5	DEPENDS = "zlib expat brotli libinih"
		6
		7	SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
		8	SRCREV = "04207b9c39bf7b3b1a7144f7ed4e4f16b4f29ef6"
		9	S = "${WORKDIR}/git"
		10
		11	inherit cmake gettext