.exiv2.metadata

@@ -1 +0,0 @@
-775f9c5ddeb92b682da8b7737f9811009595dc6a SOURCES/exiv2-0.27.5-Source.tar.gz

.gitignore

@@ -1 +1,11 @@
-SOURCES/exiv2-0.27.5-Source.tar.gz
+/exiv2-0.27.1-Source.tar.gz
+/v0.27.2-RC2.tar.gz
+/exiv2-0.27.2-Source.tar.gz
+/exiv2-0.27.3-Source.tar.gz
+/exiv2-0.27.4-Source.tar.gz
+/exiv2-0.27.5-RC1.tar.gz
+/exiv2-0.27.5-RC2.tar.gz
+/exiv2-0.27.5-RC3.tar.gz
+/exiv2-0.27.5-Source.tar.gz
+/exiv2-0.27.6-Source.tar.gz
+/exiv2-0.28.3.tar.gz

exiv2-no-rpath.patch

@@ -1,8 +1,8 @@
 diff --git a/cmake/mainSetup.cmake b/cmake/mainSetup.cmake
-index fcaa21f..f69fc46 100644
+index 1ea9deb..36253d1 100644
 --- a/cmake/mainSetup.cmake
 +++ b/cmake/mainSetup.cmake
-@@ -23,8 +23,6 @@ if (UNIX)
+@@ -26,8 +26,6 @@ if (UNIX)
      if (APPLE)
          set(CMAKE_MACOSX_RPATH ON)
          set(CMAKE_INSTALL_RPATH "@loader_path")

exiv2.spec

@@ -1,31 +1,41 @@
-
-Summary: Exif and Iptc metadata manipulation library
 Name:           exiv2
-Version: 0.27.5
+Version:        0.28.3
-%global internal_ver %{version}
+Release:        3%{?dist}
-Release: 2%{?dist}
+Summary:        Exif and Iptc metadata manipulation library
 
-License: GPLv2+
+# GPL-2.0-or-later: main library
+# BSD-3-Clause: xmpsdk/
+# LicenseRef-Fedora-Public-Domain:
+#  - app/getopt.cpp
+#  - src/properties.cpp
+#  - src/tzfile.h
+#  - xmpsdk/include/MD5.h
+#  - xmpsdk/src/MD5.cpp
+License:        GPL-2.0-or-later AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain
 URL:            http://www.exiv2.org/
-Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
+VCS:            https://github.com/Exiv2/exiv2/
+%if 0%{?beta:1}
+Source:         %{vcs}/archive/v%{version}-%{beta}/%{name}-%{version}-%{beta}.tar.gz
+%else
+Source:         %{vcs}/archive/v%{version}/%{name}-%{version}.tar.gz
+%endif
 
-## upstream patches (lookaside cache)
-
-# Security fixes
-
-## upstreamable patches
 Patch0:         exiv2-no-rpath.patch
 
 BuildRequires:  cmake
-BuildRequires: expat-devel
 BuildRequires:  gcc-c++
 BuildRequires:  gettext
 BuildRequires:  pkgconfig
-BuildRequires: zlib-devel
+BuildRequires:  pkgconfig(expat)
+BuildRequires:  pkgconfig(INIReader)
+BuildRequires:  pkgconfig(libbrotlidec)
+BuildRequires:  pkgconfig(zlib)
 # docs
-BuildRequires: doxygen graphviz libxslt
+BuildRequires:  doxygen
+BuildRequires:  graphviz
+BuildRequires:  libxslt
 
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires:       %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 
 %description
 A command line utility to access image metadata, allowing one to:
@@ -39,182 +49,226 @@ A command line utility to access image metadata, allowing one to:
 * extract, insert and delete Exif metadata (including thumbnails),
   Iptc metadata and Jpeg comments
 
+
 %package      devel
 Summary:      Header files, libraries and development documentation for %{name}
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires:     %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+
 %description  devel
 %{summary}.
 
+
 %package      libs
 Summary:      Exif and Iptc metadata manipulation library
 # not strictly required, but convenient and expected
 %if 0%{?rhel} && 0%{?rhel} <= 7
-Requires: %{name} = %{version}-%{release}
+Requires:     %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 %else
-Recommends: %{name} = %{version}-%{release}
+Recommends:   %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 %endif
+
 %description  libs
 A C++ library to access image metadata, supporting full read and write access
 to the Exif and Iptc metadata, Exif MakerNote support, extract and delete
 methods for Exif thumbnails, classes to access Ifd and so on.
 
+
 %package      doc
-Summary: Api documentation for %{name}
+Summary:      API documentation for %{name}
+# MIT:
+# - clipboard.js
+# - cookie.js
+# - dynsections.js
+# - jquery.js
+# - menu.js
+# - menudata.js
+# - resize.js
+# GPL-2.0-only:
+# - css and icons from Doxygen
+License:      MIT AND GPL-2.0-only
 BuildArch:    noarch
+
 %description  doc
 %{summary}.
 
+API documentation for %{name}.
+
 
 %prep
-%autosetup -n %{name}-%{version}-Source -p1
+%autosetup -n %{name}-%{version}%{?beta:-%{beta}} -p1
+
 
 %build
-%{cmake} . \
+%cmake \
   -DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \
   -DEXIV2_BUILD_DOC:BOOL=ON \
-  -DEXIV2_ENABLE_NLS:BOOL=ON \
+  -DEXIV2_BUILD_SAMPLES:BOOL=OFF \
-  -DEXIV2_BUILD_SAMPLES:BOOL=OFF
+  -DEXIV2_ENABLE_NLS:BOOL=ON
+%cmake_build
+%cmake_build --target doc
 
-%make_build
-%make_build doc
 
 %install
-make install/fast DESTDIR=%{buildroot}
+%cmake_install
-
 %find_lang exiv2 --with-man
 
 
 %check
 export PKG_CONFIG_PATH="%{buildroot}%{_libdir}/pkgconfig${PKG_CONFIG_PATH:+:}${PKG_CONFIG_PATH}"
-test "$(pkg-config --modversion exiv2)" = "%{internal_ver}"
+test "$(pkg-config --modversion exiv2)" = "%{version}"
 test "$(pkg-config --variable=libdir exiv2)" = "%{_libdir}"
 test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %files -f exiv2.lang
-%license COPYING
+%license COPYING doc/COPYING-XMPSDK
-%doc doc/ChangeLog
+%doc doc/ChangeLog exiv2.md SECURITY.md
-# README is mostly installation instructions
-#doc README.md
 %{_bindir}/exiv2
 %{_mandir}/man1/exiv2*.1*
 
-%ldconfig_scriptlets libs
 
 %files libs
-%{_libdir}/libexiv2.so.27*
+%{_libdir}/libexiv2.so.28*
-%{_libdir}/libexiv2.so.%{internal_ver}
+%{_libdir}/libexiv2.so.%{version}
+
 
 %files devel
 %{_includedir}/exiv2/
+%{_libdir}/cmake/exiv2/
 %{_libdir}/libexiv2.so
 %{_libdir}/pkgconfig/exiv2.pc
-%{_libdir}/cmake/exiv2/
+
-# todo: -static subpkg?  -- rex
-%{_libdir}/libexiv2-xmp.a
 
 %files doc
 %{_pkgdocdir}/
-%exclude %{_pkgdocdir}/ChangeLog
+
 
 
 %changelog
-* Mon Nov 15 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-2
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.28.3-3
-- Remove RPATH
+- Bump release for October 2024 mass rebuild:
-  Resolves: bz#2018422
+  Resolves: RHEL-64018
 
-* Fri Nov 12 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-1
+* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-2
-- Exiv2 0.27.5
+- Backport RHEL9 patch for RPATH
-  Resolves: bz#2018422
+  Resolves: RHEL-45267
 
-  Fix stack exhaustion issue in the printIFDStructure function leading to DoS
+* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-1
-  Resolves: bz#2003673
+- 0.28.3
+  Resolves: RHEL-45267
 
-* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.27.6-8
-- Include missing tests for CVEs
+- Bump release for June 2024 mass rebuild
-  Resolves: bz#1993282
-  Resolves: bz#1993245
 
-* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-7
-- Fix test for CVE-2021-29470
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-  Resolves: bz#1993245
 
-* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-3
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-6
-- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-  Resolves: bz#1993282
 
-- Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-5
-  Resolves: bz#1993245
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
-* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-2
+* Tue Jan 31 2023 Jan Grulich <jgrulich@redhat.com> - 0.27.6-1
-- Do not duplicate changelog file
+- 0.27.6
-  Resolves: bz#1989860
+- migrated to SPDX license
 
-* Wed Aug 04 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-1
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-4
-- 0.27.4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-  Resolves: bz#1989860
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Oct 27 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-1
+- 0.27.5 (final)
+
+* Mon Oct 04 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.3.RC3
+- 0.27-5-RC3
+
+* Fri Sep 10 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.2.RC2
+- 0.27.5-RC2 (#2003208)
+
+* Wed Aug 11 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.1.RC1
+- 0.27.5-RC1 (#1992344)
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 18 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.4-1
+- 0.27.4 (#1941230)
 
 * Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
 - CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak
-  Resolves: bz#1964182
+  CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
 
-- CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
+* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
-  Resolves: bz#1964188
-
-* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-5
-- CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
-  Resolves: bz#1954065
-
-- CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
-  Resolves: bz#1955014
-
-* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-4
-- CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
-  Resolves: bz#1953758
-
-- CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
-  Resolves: bz#1953772
-
-* Wed Apr 14 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-3
 - CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()
-  Resolves: bz#1947160
+  CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
+  CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
+  CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
+  CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
 
-* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-2
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-5
-- Avoid duplicating Changelog file
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-  Resolves: bz#1880984
 
-* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-1
+* Wed Aug 26 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-4
-- Update to 0.27.3
+- support new cmake macro semantics
-  Resolves: bz#1880984
 
-* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-5
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-3
-- Fix failing test
+- Second attempt - Rebuilt for
-  Resolves: bz#1800472
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-4
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-2
-- Drop test for the previous CVE as we test it manually and we don't have POC available
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-  Resolves: bz#1800472
 
-* Wed Feb 26 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-3
+* Tue Jun 30 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-1
-- Fix infinite loop and hang in Jp2Image::readMetadata()
+- 0.27.3
-  Resolves: bz#1800472
 
-* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-2
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-2
-  Rebuild
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-  Resolves: bz#1651917
 
-* Fri Sep 20 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-1
+* Mon Jul 29 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-1
-- Update to 0.27.2
+- 0.27.2
-  Resolves: bz#1651917
 
-* Tue Sep 11 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-10
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-0.2.RC2
-- Security fix for CVE-2018-16336
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
-* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-9
+* Tue Jul 16 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-0.1.RC2
+- 0.27.2-RC2 (#1720353)
+
+* Fri Apr 26 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.1-1
+- exiv-0.27.1 (#1696117)
+
+* Thu Jan 31 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-3
+- -devel: Requires: expat-devel
+
+* Wed Jan 30 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-2
+- pull in upstream fix for pkgconfig exiv2.pc
+
+* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-1
+- exiv2-0.27.0 (#1665246)
+
+* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.26-13
+- backport pentax DNG crasher (#1585514, exiv2#201)
+
+* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-12
 - Security fix for CVE-2017-17723, CVE-2017-17725, CVE-2018-10958, CVE-2018-10998,
   CVE-2018-11531, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-5772,
   CVE-2018-8976, CVE-2018-8977, CVE-2018-9144
 
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu May 03 2018 Germano Massullo <germano.massullo@gmail.com> - 0.26-10
+- added patches that fix CVE-2017-17723 CVE-2017-17725 CVE-2017-5772
+- moved 0006-1296-Fix-submitted.patch file from sources to package tree
+
+* Tue Feb 20 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.26-9
+- BR: gcc-c++
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

sources

@@ -0,0 +1 @@
+SHA512 (exiv2-0.28.3.tar.gz) = c8338a118feefa104d73932890c732247c884ab9ce1d170c43a22ab5884517a0e2a7fd1febde7705b8290fbbbc29e64738610404816e4db2b56a70fc444ca049