rpms
/
exiv2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c9/exiv2-0.27.5-2.el9
rpms:imports/c8/exiv2-0.27.5-2.el8
rpms:imports/c8-beta/exiv2-0.27.5-2.el8
rpms:imports/c9-beta/exiv2-0.27.5-2.el9
rpms:imports/c9-beta/exiv2-0.27.4-7.el9
rpms:imports/c8s/exiv2-0.27.5-2.el8
rpms:imports/c8/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.3-2.el8
rpms:imports/c8-beta/exiv2-0.27.2-5.el8
rpms:imports/c8-beta/exiv2-0.27.2-2.el8
rpms:imports/c8-beta/exiv2-0.26-10.el8
rpms:imports/c8s/exiv2-0.27.4-5.el8
rpms:imports/c8s/exiv2-0.27.4-4.el8
rpms:imports/c8s/exiv2-0.27.4-2.el8
rpms:imports/c8s/exiv2-0.27.3-6.el8
rpms:imports/c8s/exiv2-0.27.3-5.el8
rpms:imports/c8/exiv2-0.27.3-3.el8_4
rpms:imports/c8/exiv2-0.27.3-2.el8
rpms:imports/c8/exiv2-0.27.2-5.el8
rpms:imports/c8/exiv2-0.26-10.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9s
rpms:c9
rpms:c8
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c9/exiv2-0.27.5-2.el9
rpms:imports/c8/exiv2-0.27.5-2.el8
rpms:imports/c8-beta/exiv2-0.27.5-2.el8
rpms:imports/c9-beta/exiv2-0.27.5-2.el9
rpms:imports/c9-beta/exiv2-0.27.4-7.el9
rpms:imports/c8s/exiv2-0.27.5-2.el8
rpms:imports/c8/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.4-5.el8
rpms:imports/c8-beta/exiv2-0.27.3-2.el8
rpms:imports/c8-beta/exiv2-0.27.2-5.el8
rpms:imports/c8-beta/exiv2-0.27.2-2.el8
rpms:imports/c8-beta/exiv2-0.26-10.el8
rpms:imports/c8s/exiv2-0.27.4-5.el8
rpms:imports/c8s/exiv2-0.27.4-4.el8
rpms:imports/c8s/exiv2-0.27.4-2.el8
rpms:imports/c8s/exiv2-0.27.3-6.el8
rpms:imports/c8s/exiv2-0.27.3-5.el8
rpms:imports/c8/exiv2-0.27.3-3.el8_4
rpms:imports/c8/exiv2-0.27.3-2.el8
rpms:imports/c8/exiv2-0.27.2-5.el8
rpms:imports/c8/exiv2-0.26-10.el8

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

1 changed files with 100 additions and 65 deletions
Show Stats Expand all files Collapse all files

165
SPECS/exiv2.spec
View File

@ -1,4 +1,6 @@
%undefine __cmake_in_source_build
Summary: Exif and Iptc metadata manipulation library
Name: exiv2
Version: 0.27.5
@ -7,11 +9,15 @@ Release: 2%{?dist}
License: GPLv2+
URL: http://www.exiv2.org/
%if 0%{?beta:1}
Source0: https://github.com/Exiv2/%{name}/archive/v%{version}-%{beta}.tar.gz
%else
Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
%endif
## upstream patches (lookaside cache)
## upstream patches
# Security fixes
## security fixes
## upstreamable patches
Patch0: exiv2-no-rpath.patch
@ -64,22 +70,22 @@ BuildArch: noarch
%description doc
%{summary}.
%prep
%autosetup -n %{name}-%{version}-Source -p1
%autosetup -n %{name}-%{version}-%{?beta}%{!?beta:Source} -p1
%build
%{cmake} . \
%cmake \
-DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \
-DEXIV2_BUILD_DOC:BOOL=ON \
-DEXIV2_ENABLE_NLS:BOOL=ON \
-DEXIV2_BUILD_SAMPLES:BOOL=OFF
%make_build
%make_build doc
%cmake_build
%cmake_build --target doc
%install
make install/fast DESTDIR=%{buildroot}
%cmake_install
%find_lang exiv2 --with-man
@ -121,100 +127,129 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
%changelog
* Mon Nov 15 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-2
- Remove RPATH
Resolves: bz#2018422
Resolves: bz#2018421
* Fri Nov 12 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-1
- Exiv2 0.27.5
Resolves: bz#2018422
Resolves: bz#2018421
Fix stack exhaustion issue in the printIFDStructure function leading to DoS
Resolves: bz#2003673
Resolves: bz#2003670
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-7
- Properly install POC files
Resolves: bz#1993247
Resolves: bz#1993284
* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-6
- Include missing tests for CVEs
Resolves: bz#1993282
Resolves: bz#1993245
Resolves: bz#1993247
Resolves: bz#1993284
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
- Fix test for CVE-2021-29470
Resolves: bz#1993284
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
- Fix test for CVE-2021-29470
Resolves: bz#1993245
* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-3
- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
Resolves: bz#1993282
Resolves: bz#1993247
- Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
Resolves: bz#1993245
Resolves: bz#1993284
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.4-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-2
- Do not duplicate changelog file
Resolves: bz#1989860
Resolves: bz#1989848
* Wed Aug 04 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-1
- 0.27.4
Resolves: bz#1989860
Resolves: bz#1989848
* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-9
- Bump version for rebuild (binutils)
Resolves: bz#1964183
Resolves: bz#1964189
* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-8
- CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak
Resolves: bz#1964182
Resolves: bz#1964183
- CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
Resolves: bz#1964188
Resolves: bz#1964189
* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-5
- CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1954065
- CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
Resolves: bz#1955014
* Wed Apr 28 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-4
- CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
Resolves: bz#1953758
- CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1953772
* Wed Apr 14 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-3
* Mon May 03 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-7
- CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()
Resolves: bz#1947160
CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
Resolves: bz#1956174
* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-2
- Avoid duplicating Changelog file
Resolves: bz#1880984
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.3-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Oct 7 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.3-1
- Update to 0.27.3
Resolves: bz#1880984
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-5
- Fix failing test
Resolves: bz#1800472
* Wed Aug 26 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-4
- support new cmake macro semantics
* Wed Mar 04 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-4
- Drop test for the previous CVE as we test it manually and we don't have POC available
Resolves: bz#1800472
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Feb 26 2020 Jan Grulich <jgrulich@redhat.com> - 0.27.2-3
- Fix infinite loop and hang in Jp2Image::readMetadata()
Resolves: bz#1800472
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Oct 29 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-2
Rebuild
Resolves: bz#1651917
* Tue Jun 30 2020 Rex Dieter <rdieter@fedoraproject.org> - 0.27.3-1
- 0.27.3
* Fri Sep 20 2019 Jan Grulich <jgrulich@redhat.com> - 0.27.2-1
- Update to 0.27.2
Resolves: bz#1651917
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 11 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-10
- Security fix for CVE-2018-16336
* Mon Jul 29 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-1
- 0.27.2
* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-9
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.2-0.2.RC2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 16 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.2-0.1.RC2
- 0.27.2-RC2 (#1720353)
* Fri Apr 26 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.1-1
- exiv-0.27.1 (#1696117)
* Thu Jan 31 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-3
- -devel: Requires: expat-devel
* Wed Jan 30 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-2
- pull in upstream fix for pkgconfig exiv2.pc
* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.27.0-1
- exiv2-0.27.0 (#1665246)
* Thu Jan 10 2019 Rex Dieter <rdieter@fedoraproject.org> - 0.26-13
- backport pentax DNG crasher (#1585514, exiv2#201)
* Tue Jul 24 2018 Jan Grulich <jgrulich@redhat.com> - 0.26-12
- Security fix for CVE-2017-17723, CVE-2017-17725, CVE-2018-10958, CVE-2018-10998,
CVE-2018-11531, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-5772,
CVE-2018-8976, CVE-2018-8977, CVE-2018-9144
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 03 2018 Germano Massullo <germano.massullo@gmail.com> - 0.26-10
- added patches that fix CVE-2017-17723 CVE-2017-17725 CVE-2017-5772
- moved 0006-1296-Fix-submitted.patch file from sources to package tree
* Tue Feb 20 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.26-9
- BR: gcc-c++
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.26-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild