.exempi.metadata

@@ -0,0 +1 @@
+a4df1bc3f9c4ef14bbce6b97fb9e55408ef0c71b SOURCES/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2

.gitignore

@@ -1 +1 @@
-SOURCES/exempi-2.4.5.tar.bz2
+SOURCES/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2

SOURCES/0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch

@@ -1,41 +0,0 @@
-From 4f583ff12989f7cea1f81bd2751c321030f1bdbf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
-Date: Sun, 28 Jul 2019 10:15:19 -0400
-Subject: [PATCH] (CVE-2020-18651) Issue #13 - Fix a buffer a overflow in ID3
- support
-
-https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
-(cherry picked from commit fdd4765a699f9700850098b43b9798b933acb32f)
----
- XMPFiles/source/FormatSupport/ID3_Support.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/XMPFiles/source/FormatSupport/ID3_Support.cpp b/XMPFiles/source/FormatSupport/ID3_Support.cpp
-index dd19c16..4619079 100644
---- a/XMPFiles/source/FormatSupport/ID3_Support.cpp
-+++ b/XMPFiles/source/FormatSupport/ID3_Support.cpp
-@@ -669,6 +669,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
- 			std::string tmp ( this->content, this->contentSize );
- 			bool bigEndian = true;	// assume for now (if no BOM follows)
- 
-+			if (pos + 2 > this->contentSize) {
-+				// No enough for the string
-+				break;
-+			}
- 			if ( GetUns16BE ( &this->content[pos] ) == 0xFEFF ) {
- 				pos += 2;
- 				bigEndian = true;
-@@ -686,6 +690,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 majorVersion, XMP_Uns32 logicalID, std
- 		{
- 			if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest!
- 		
-+			if (pos + 4 > this->contentSize) {
-+				// No enough for the string
-+				break;
-+			}
- 			if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) {
- 				pos += 3;	// swallow any BOM, just in case
- 			}
--- 
-2.41.0
-

SOURCES/0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch

@@ -1,38 +0,0 @@
-From a3b1e52e5a5836fe1fd07013a2a098518b1801de Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net>
-Date: Sat, 27 Jul 2019 20:42:51 -0400
-Subject: [PATCH] (CVE-20220-18652) Bug #12 - Invalid WebP cause memory
- overflow.
-
-https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
-(cherry picked from commit acee2894ceb91616543927c2a6e45050c60f98f7)
----
- XMPFiles/source/FormatSupport/WEBP_Support.cpp | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-index ffaf220..0d4b81d 100644
---- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-@@ -120,10 +120,16 @@ VP8XChunk::VP8XChunk(Container* parent)
-     this->data.assign(this->size, 0);
-     XMP_Uns8* bitstream =
-         (XMP_Uns8*)parent->chunks[WEBP_CHUNK_IMAGE][0]->data.data();
-+    XMP_Uns32 width = 0;
-+    XMP_Uns32 height = 0;
-     // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105247
-     // bitstream could be NULL.
--    XMP_Uns32 width = bitstream ? ((bitstream[7] << 8) | bitstream[6]) & 0x3fff : 0;
--    XMP_Uns32 height = bitstream ? ((bitstream[9] << 8) | bitstream[8]) & 0x3fff : 0;
-+    // See bug https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
-+    // image chunk data could be too short (must be 10)
-+    if (parent->chunks[WEBP_CHUNK_IMAGE][0]->data.size() >= 10 && bitstream) {
-+      width = ((bitstream[7] << 8) | bitstream[6]) & 0x3fff;
-+      height = ((bitstream[9] << 8) | bitstream[8]) & 0x3fff;
-+    }
-     this->width(width);
-     this->height(height);
-     parent->vp8x = this;
--- 
-2.41.0
-

SOURCES/CVE-2018-12648.patch

@@ -1,43 +0,0 @@
-From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001
-From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
-Date: Sat, 18 Aug 2018 13:54:55 +0000
-Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The WEBP::GetLE32 function in
-XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
-NULL pointer dereference.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=106981
-https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
-
-Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
-Signed-off-by: Hubert Figuière <hub@figuiere.net>
----
- XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-index ffaf220..4fe705b 100644
---- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
-@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
- }
- void VP8XChunk::xmp(bool hasXMP)
- {
--    XMP_Uns32 flags = GetLE32(&this->data[0]);
--    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
--    PutLE32(&this->data[0], flags);
-+    if (&this->data[0] != NULL) {
-+        XMP_Uns32 flags = GetLE32(&this->data[0]);
-+        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
-+        PutLE32(&this->data[0], flags);
-+    }
- }
- 
- Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
--- 
-2.17.1
-

SOURCES/exempi-e23c213-typeinfos.patch

@@ -0,0 +1,27 @@
+From d45c06270576493e1537080fa43c1af667c4337a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Tue, 12 Oct 2021 14:15:17 +0200
+Subject: [PATCH] Avoid multiple definitions of typeinfos
+
+---
+ XMPFiles/source/XMPFiles_Impl.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/XMPFiles/source/XMPFiles_Impl.cpp b/XMPFiles/source/XMPFiles_Impl.cpp
+index 2f918ac..ff45040 100644
+--- a/XMPFiles/source/XMPFiles_Impl.cpp
++++ b/XMPFiles/source/XMPFiles_Impl.cpp
+@@ -47,7 +47,9 @@ using namespace std;
+ /// This file ...
+ ///
+ // =================================================================================================
+-#include "public/include/XMP.incl_cpp"
++#if ! XMP_StaticBuild
++	#include "public/include/XMP.incl_cpp"
++#endif
+ 
+ #if XMP_WinBuild
+ 	#pragma warning ( disable : 4290 )	// C++ exception specification ignored except to indicate a function is not __declspec(nothrow)
+-- 
+2.33.0
+

SPECS/exempi.spec

@@ -1,18 +1,20 @@
+%global commit e23c21380f467f1f1c9dc397e0a08405fb4afa7a
+%global shortcommit %%(c=%{commit}; echo ${c:0:7})
+%global date 20211007
+
 Summary:	Library for easy parsing of XMP metadata
 Name:		exempi
-Version:	2.4.5
-Release:	4%{?dist}
+Version:	2.6.0
+Release:	0.2.%{date}git%{shortcommit}%{?dist}
 License:	BSD
-Group:		System Environment/Libraries
 URL:		http://libopenraw.freedesktop.org/wiki/Exempi
-Source0:	http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
-Patch0:		CVE-2018-12648.patch
-Patch0001:  0001-CVE-2020-18651-Issue-13-Fix-a-buffer-a-overflow-in-I.patch
-Patch0002:  0002-CVE-20220-18652-Bug-12-Invalid-WebP-cause-memory-ove.patch
+Source0:	https://gitlab.freedesktop.org/libopenraw/%{name}/-/archive/%{commit}/%{name}-%{commit}.tar.bz2
+Patch0:		exempi-e23c213-typeinfos.patch
 BuildRequires:	gcc-c++
 BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig
 # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327)
 BuildRequires:	autoconf automake libtool
+BuildRequires: make
 Provides:	bundled(md5-polstra)
 
 %description
@@ -22,7 +24,6 @@ It includes XMPCore and XMPFiles.
 
 %package devel
 Summary:	Headers for developing programs that will use %{name}
-Group:		Development/Libraries
 Requires:	%{name} = %{version}-%{release}
 Requires:	pkgconfig
 
@@ -31,14 +32,11 @@ This package contains the libraries and header files needed for
 developing with exempi.
 
 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+%autosetup -p1 -n %{name}-%{commit}
 
 %build
 libtoolize -vi
-./autogen.sh
+NOCONFIGURE=1 ./autogen.sh
 # BanEntityUsage needed for #888765
 %configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1"
 
@@ -46,44 +44,88 @@ libtoolize -vi
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 
-make %{?_smp_mflags} V=1
+%make_build
 
 %check
+%ifarch s390x
+# testcore test fails on big endian arches since exempi 2.5.2:
+# https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/23
+make check || [ "$(grep '^FAIL:' exempi/test-suite.log)" = "FAIL: tests/testcore" ]
+%else
 make check
+%endif
 
 %install
-make DESTDIR=%{buildroot} install
+%make_install
 
 rm -rf %{buildroot}%{_libdir}/*.la
 rm -rf %{buildroot}%{_libdir}/*.a
 
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-
 %files
 %doc AUTHORS ChangeLog COPYING README
 %{_bindir}/exempi
-%{_libdir}/*.so.*
+%{_libdir}/libexempi.so.8*
 %{_mandir}/man1/exempi.1*
 
 %files devel
 %{_includedir}/exempi-2.0/
-%{_libdir}/*.so
+%{_libdir}/libexempi.so
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
-* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-4
-- Fix CVE-2020-18652
-- Resolves: RHEL-5416
+* Wed Nov 03 2021 Nikola Forró <nforro@redhat.com> - 2.6.0-0.2.20211007gite23c213
+- Add modified upstream test suite as a gating test
+  Related #1989405
 
-* Mon Jan 08 2024 Matej Mužila <mmuzila@redhat.com> - 2.4.5-3
-- Fix CVE-2020-18651
-- Resolves: RHEL-5415
+* Wed Oct 20 2021 Nikola Forró <nforro@redhat.com> - 2.6.0-0.1.20211007gite23c213
+- Update to (unreleased) version 2.6.0 to resolve licensing issues
+  Resolves #1989405
 
-* Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-8
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Jeff Law <law@redhat.com> - 2.5.1-5
+- Force C++14 as this code is not C++17 ready
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.5.1-3
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Aug 30 2019 Nikola Forró <nforro@redhat.com> - 2.5.1-1
+- Update to version 2.5.1
+  Resolves #1747391
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Oct  9 2018 Owen Taylor <otaylor@redhat.com> - 2.4.5-5
+- Set NOCONFIGURE when running autogen.sh to avoid running configure twice
+
+* Wed Sep 26 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-4
 - Fix CVE-2018-12648
-  Resolves #1594644
+  Resolves #1594643
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Jun 28 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-2
+- Remove ldconfig from scriptlets
 
 * Tue Mar 13 2018 Nikola Forró <nforro@redhat.com> - 2.4.5-1
 - Update to version 2.4.5