Fix test name in rpminspect.yaml

Add rpminspect.yaml
Remove RPATH
2023-05-18 11:07:29 +00:00 · 2021-12-14 13:02:37 +01:00 · 2021-11-15 09:10:09 +01:00 · 2021-11-12 10:28:24 +01:00 · 2021-08-24 17:49:36 +02:00 · 2021-08-24 13:26:09 +02:00
6 changed files with 60 additions and 4 deletions
--- a/.exiv2.metadata
+++ b/.exiv2.metadata
@ -0,0 +1 @@
+775f9c5ddeb92b682da8b7737f9811009595dc6a exiv2-0.27.5-Source.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,6 @@
 /exiv2-0.27.2-Source.tar.gz
 /exiv2-0.27.3-Source.tar.gz
 /exiv2-0.27.4-Source.tar.gz
+/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
+/issue_ghsa_583f_w9pm_99r2_poc.jp2
+/exiv2-0.27.5-Source.tar.gz
--- a/exiv2-no-rpath.patch
+++ b/exiv2-no-rpath.patch
@ -0,0 +1,13 @@
+diff --git a/cmake/mainSetup.cmake b/cmake/mainSetup.cmake
+index fcaa21f..f69fc46 100644
+--- a/cmake/mainSetup.cmake
+++ b/cmake/mainSetup.cmake
+@@ -23,8 +23,6 @@ if (UNIX)
+     if (APPLE)
+         set(CMAKE_MACOSX_RPATH ON)
+         set(CMAKE_INSTALL_RPATH "@loader_path")
+-    else()
+-        join_paths(CMAKE_INSTALL_RPATH "$ORIGIN" ".." "${CMAKE_INSTALL_LIBDIR}")
+     endif()
+ endif()
+ 
--- a/exiv2.spec
+++ b/exiv2.spec
@ -3,7 +3,7 @@

 Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
-Version: 0.27.4
+Version: 0.27.5
 %global internal_ver %{version}
 Release: 2%{?dist}

@ -20,6 +20,7 @@ Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
 ## security fixes

 ## upstreamable patches
+Patch0: exiv2-no-rpath.patch

 BuildRequires: cmake
 BuildRequires: expat-devel
@ -69,11 +70,9 @@ BuildArch: noarch
 %description doc
 %{summary}.

-
 %prep
 %autosetup -n %{name}-%{version}-%{?beta}%{!?beta:Source} -p1

-
 %build
 %cmake \
  -DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \
@ -126,6 +125,42 @@ test -x %{buildroot}%{_libdir}/libexiv2.so


 %changelog
+* Mon Nov 15 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-2
+- Remove RPATH
+  Resolves: bz#2018421
+
+* Fri Nov 12 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-1
+- Exiv2 0.27.5
+  Resolves: bz#2018421
+
+  Fix stack exhaustion issue in the printIFDStructure function leading to DoS
+  Resolves: bz#2003670
+
+* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-7
+- Properly install POC files
+  Resolves: bz#1993247
+  Resolves: bz#1993284
+
+* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-6
+- Include missing tests for CVEs
+  Resolves: bz#1993247
+  Resolves: bz#1993284
+
+* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
+- Fix test for CVE-2021-29470
+  Resolves: bz#1993284
+
+* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
+- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
+  Resolves: bz#1993247
+
+- Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
+  Resolves: bz#1993284
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.4-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
 * Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-2
 - Do not duplicate changelog file
  Resolves: bz#1989848
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -0,0 +1,4 @@
+---
+badfuncs:
+  ignore:
+  - /usr/lib*/libexiv2.so*
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (exiv2-0.27.4-Source.tar.gz) = f6798baafb36a54ba5bc65c2d28d4f4469e298582c90b417eb437b5dbda8e11963fb3314e8419717b3815ee8c3a68955cddc79e45351d9f2c165a0b73eb7b7be
+SHA512 (exiv2-0.27.5-Source.tar.gz) = 0f2d2dfbc976052a428dfeb597225d3ea3c725f584d05b99316bd4aa9cbf0ba5e1e37bcde71f9041975cf003b4fdb578c559adb144268d784bfd64494f451491
Author	SHA1	Message	Date
Jan Grulich	d006d9d330	Fix test name in rpminspect.yaml	2023-05-18 11:07:29 +00:00
Jan Grulich	849ba0bdf9	Add rpminspect.yaml	2021-12-14 13:02:37 +01:00
Jan Grulich	56d4420af0	Remove RPATH Resolves: bz#2018421	2021-11-15 09:10:09 +01:00
Jan Grulich	81d2c76e0d	Exiv2 0.27.5 Resolves: bz#2018421 Fix stack exhaustion issue in the printIFDStructure function leading to DoS Resolves: bz#2003670	2021-11-12 10:28:24 +01:00
Jan Grulich	0f6bad762c	Properly install POC files Resolves: bz#1993247 Resolves: bz#1993284	2021-08-24 17:49:36 +02:00
Jan Grulich	20a28a73c0	Bump build version Resolves: bz#1993247 Resolves: bz#1993284	2021-08-24 13:26:09 +02:00
Jan Grulich	c39924fe20	Include missing tests for CVEs Resolves: bz#1993247 Resolves: bz#1993284	2021-08-24 13:17:10 +02:00
Jan Grulich	160330c325	Fix test for CVE-2021-29470 Resolves: bz#1993284	2021-08-19 12:26:02 +02:00
Jan Grulich	3c72a01f6b	Fix out-of-bounds read in Exiv2::Jp2Image::printStructure Resolves: bz#1993247 Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Resolves: bz#1993284	2021-08-18 08:48:10 +02:00
Mohan Boddu	c11c9e4733	Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 Signed-off-by: Mohan Boddu <mboddu@redhat.com>	2021-08-09 19:57:50 +00:00
				`@ -0,0 +1 @@`
				`775f9c5ddeb92b682da8b7737f9811009595dc6a exiv2-0.27.5-Source.tar.gz`