Update to version 2.5.1

- resolves #1747391
2019-08-30 13:01:42 +02:00 · 2019-08-30 13:01:42 +02:00 · 90a751de82
commit 90a751de82
parent 8b54323987
4 changed files with 10 additions and 50 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@ exempi-2.1.1.tar.gz
 /exempi-2.4.2.tar.bz2
 /exempi-2.4.4.tar.bz2
 /exempi-2.4.5.tar.bz2
+/exempi-2.5.1.tar.bz2
--- a/CVE-2018-12648.patch
+++ b/CVE-2018-12648.patch
@ -1,43 +0,0 @@
-From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001
-From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
-Date: Sat, 18 Aug 2018 13:54:55 +0000
-Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The WEBP::GetLE32 function in
-XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
-NULL pointer dereference.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=106981
-https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
-
-Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
-Signed-off-by: Hubert Figuière <hub@figuiere.net>
---
- XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-index ffaf220..4fe705b 100644
--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
- }
- void VP8XChunk::xmp(bool hasXMP)
- {
-    XMP_Uns32 flags = GetLE32(&this->data[0]);
-    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
-    PutLE32(&this->data[0], flags);
-+    if (&this->data[0] != NULL) {
-+        XMP_Uns32 flags = GetLE32(&this->data[0]);
-+        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
-+        PutLE32(&this->data[0], flags);
-+    }
- }
- 
- Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
-- 
-2.17.1
-
--- a/exempi.spec
+++ b/exempi.spec
@ -1,11 +1,10 @@
 Summary:	Library for easy parsing of XMP metadata
 Name:		exempi
-Version:	2.4.5
-Release:	7%{?dist}
+Version:	2.5.1
+Release:	1%{?dist}
 License:	BSD
 URL:		http://libopenraw.freedesktop.org/wiki/Exempi
 Source0:	http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
-Patch0:		CVE-2018-12648.patch
 BuildRequires:	gcc-c++
 BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig
 # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327)
@ -28,7 +27,6 @@ developing with exempi.

 %prep
 %setup -q
-%patch0 -p1

 %build
 libtoolize -vi
@ -54,15 +52,19 @@ rm -rf %{buildroot}%{_libdir}/*.a
 %files
 %doc AUTHORS ChangeLog COPYING README
 %{_bindir}/exempi
-%{_libdir}/*.so.*
+%{_libdir}/libexempi.so.8*
 %{_mandir}/man1/exempi.1*

 %files devel
 %{_includedir}/exempi-2.0/
-%{_libdir}/*.so
+%{_libdir}/libexempi.so
 %{_libdir}/pkgconfig/*.pc

 %changelog
+* Fri Aug 30 2019 Nikola Forró <nforro@redhat.com> - 2.5.1-1
+- Update to version 2.5.1
+  Resolves #1747391
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (exempi-2.4.5.tar.bz2) = da0ba2c79037f49218c4b64b552f286a471608eb0a5be435dcea14833a3da2a79271e394918803a1fe5c27a0c03b8200db8a5a560b70b619b4c4a5a48f737df6
+SHA512 (exempi-2.5.1.tar.bz2) = 97f2a688e1f92e219d0b68b077608112373cf3e6cbfe4141bbb9c3d1f416926bfd568957c1d0a081b95b524cbd500da0b7bca0ce45e1e8611818f66bcb1b6518