From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Mar 18 10:50:15 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 582D4106564A for ; Sun, 18 Mar 2012 10:50:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 312928FC12 for ; Sun, 18 Mar 2012 10:50:15 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2IAoFgI048485 for ; Sun, 18 Mar 2012 10:50:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2IAoFjf048484; Sun, 18 Mar 2012 10:50:15 GMT (envelope-from gnats) Resent-Date: Sun, 18 Mar 2012 10:50:15 GMT Resent-Message-Id: <201203181050.q2IAoFjf048484@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Jason E. Hale" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC8D2106564A for ; Sun, 18 Mar 2012 10:45:10 +0000 (UTC) (envelope-from bsdkaffee@gmail.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id B53A88FC08 for ; Sun, 18 Mar 2012 10:45:10 +0000 (UTC) Received: by qcsg15 with SMTP id g15so905144qcs.13 for ; Sun, 18 Mar 2012 03:45:10 -0700 (PDT) Received: by 10.224.138.84 with SMTP id z20mr10788795qat.43.1332067509922; Sun, 18 Mar 2012 03:45:09 -0700 (PDT) Received: from mocha.verizon.net (c-71-61-40-68.hsd1.oh.comcast.net. [71.61.40.68]) by mx.google.com with ESMTPS id eo4sm20341222qab.16.2012.03.18.03.45.09 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 18 Mar 2012 03:45:09 -0700 (PDT) Message-Id: <4f65bcb5.84c6e00a.55ca.ffffa43f@mx.google.com> Date: Sun, 18 Mar 2012 03:45:09 -0700 (PDT) From: "Jason E. Hale" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/166219: [MAINTAINER] audio/taglib: Update to 1.7.1, fix vulnerabilities X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Jason E. Hale" List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2012 10:50:15 -0000 >Number: 166219 >Category: ports >Synopsis: [MAINTAINER] audio/taglib: Update to 1.7.1, fix vulnerabilities >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Mar 18 10:50:14 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Jason E. Hale >Release: FreeBSD 9.0-RELEASE i386 >Organization: none >Environment: System: FreeBSD mocha.verizon.net 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Thu Jan 19 11:42:41 EST 2012 Jason@mocha.verizon.net:/usr/obj/usr/src/sys/MOCHA9 i386 >Description: - Update audio/taglib to 1.7.1 - This fixes multiple security vulnerabilities found in the previous versions - Fixes CVE-2012-1107 and CVE-2012-1108 - As reported by Zubin Mithra: https://bugs.launchpad.net/ubuntu/+source/taglib/+bug/945415 - Arrange MASTER_SITES so most reliable site is tried first - Move LICENSE to satisfy portlint >How-To-Repeat: - Use attached diff >Fix: --- 2012-03-17-taglib.diff begins here --- diff -ruN taglib.orig/Makefile taglib/Makefile --- taglib.orig/Makefile 2012-03-17 20:24:13.000000000 -0400 +++ taglib/Makefile 2012-03-17 20:56:56.000000000 -0400 @@ -6,26 +6,25 @@ # PORTNAME= taglib -PORTVERSION= 1.7 +PORTVERSION= 1.7.1 CATEGORIES= audio -MASTER_SITES= http://developer.kde.org/~wheeler/files/src/ \ - http://cloud.github.com/downloads/taglib/taglib/ \ +MASTER_SITES= http://cloud.github.com/downloads/taglib/taglib/ \ + http://developer.kde.org/~wheeler/files/src/ \ http://launchpad.net/taglib/trunk/${PORTVERSION}/+download/ MAINTAINER= bsdkaffee@gmail.com COMMENT= Library for manipulating ID3 tags and Ogg comments -USE_CMAKE= yes -USE_LDCONFIG= yes -MAKE_JOBS_SAFE= yes - LICENSE= LGPL21 MPL LICENSE_COMB= dual LICENSE_FILE_LGPL21= ${WRKSRC}/COPYING.LGPL LICENSE_FILE_MPL= ${WRKSRC}/COPYING.MPL +USE_CMAKE= yes CMAKE_ARGS= -DWITH_ASF:BOOL=ON \ -DWITH_MP4:BOOL=ON +MAKE_JOBS_SAFE= yes +USE_LDCONFIG= yes OPTIONS= RCC "Build with RusXMMS librcc patches (experimental)" off diff -ruN taglib.orig/distinfo taglib/distinfo --- taglib.orig/distinfo 2012-03-17 20:24:12.000000000 -0400 +++ taglib/distinfo 2012-03-17 20:25:00.000000000 -0400 @@ -1,2 +1,2 @@ -SHA256 (taglib-1.7.tar.gz) = 09defb8dbfc35911179ab23757d744774738664df893c0fc6d8f1398b3ab773f -SIZE (taglib-1.7.tar.gz) = 533974 +SHA256 (taglib-1.7.1.tar.gz) = 52de470997b604b7b2983f7bcf604ca8d2ce0194fbe16f2ce1aff42e53fb87d9 +SIZE (taglib-1.7.1.tar.gz) = 535319 diff -ruN taglib.orig/pkg-plist taglib/pkg-plist --- taglib.orig/pkg-plist 2012-03-17 20:24:13.000000000 -0400 +++ taglib/pkg-plist 2012-03-17 21:00:10.000000000 -0400 @@ -82,7 +82,7 @@ include/taglib/xiphcomment.h lib/libtag.so lib/libtag.so.1 -lib/libtag.so.1.7.0 +lib/libtag.so.1.7.1 lib/libtag_c.so lib/libtag_c.so.0 lib/libtag_c.so.0.0.0 --- 2012-03-17-taglib.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: