diff --git a/CVE-2018-12648.patch b/CVE-2018-12648.patch deleted file mode 100644 index 0e960c036450fedacf26377d9447bc06b0bdb929..0000000000000000000000000000000000000000 --- a/CVE-2018-12648.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001 -From: Victor Rodriguez -Date: Sat, 18 Aug 2018 13:54:55 +0000 -Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The WEBP::GetLE32 function in -XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a -NULL pointer dereference. - -https://bugs.freedesktop.org/show_bug.cgi?id=106981 -https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 - -Signed-off-by: Victor Rodriguez -Signed-off-by: Hubert Figuière ---- - XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -index ffaf220..4fe705b 100644 ---- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp -+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -@@ -160,9 +160,11 @@ bool VP8XChunk::xmp() - } - void VP8XChunk::xmp(bool hasXMP) - { -- XMP_Uns32 flags = GetLE32(&this->data[0]); -- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -- PutLE32(&this->data[0], flags); -+ if (&this->data[0] != NULL) { -+ XMP_Uns32 flags = GetLE32(&this->data[0]); -+ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -+ PutLE32(&this->data[0], flags); -+ } - } - - Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) --- -2.17.1 - diff --git a/exempi-2.4.5.tar.bz2 b/exempi-2.4.5.tar.bz2 deleted file mode 100644 index 9e3e69bf0b45231958e3c3ace92f41524b80e3ad..0000000000000000000000000000000000000000 Binary files a/exempi-2.4.5.tar.bz2 and /dev/null differ diff --git a/exempi-e23c213-typeinfos.patch b/exempi-e23c213-typeinfos.patch new file mode 100644 index 0000000000000000000000000000000000000000..0e05bf30a87bcaabd1860fcca3c233fda7d32135 --- /dev/null +++ b/exempi-e23c213-typeinfos.patch @@ -0,0 +1,27 @@ +From d45c06270576493e1537080fa43c1af667c4337a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 12 Oct 2021 14:15:17 +0200 +Subject: [PATCH] Avoid multiple definitions of typeinfos + +--- + XMPFiles/source/XMPFiles_Impl.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/XMPFiles/source/XMPFiles_Impl.cpp b/XMPFiles/source/XMPFiles_Impl.cpp +index 2f918ac..ff45040 100644 +--- a/XMPFiles/source/XMPFiles_Impl.cpp ++++ b/XMPFiles/source/XMPFiles_Impl.cpp +@@ -47,7 +47,9 @@ using namespace std; + /// This file ... + /// + // ================================================================================================= +-#include "public/include/XMP.incl_cpp" ++#if ! XMP_StaticBuild ++ #include "public/include/XMP.incl_cpp" ++#endif + + #if XMP_WinBuild + #pragma warning ( disable : 4290 ) // C++ exception specification ignored except to indicate a function is not __declspec(nothrow) +-- +2.33.0 + diff --git a/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2 b/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..1e3f0359afdfe4efbc80c0a831403c6c9bd38a38 Binary files /dev/null and b/exempi-e23c21380f467f1f1c9dc397e0a08405fb4afa7a.tar.bz2 differ diff --git a/exempi.spec b/exempi.spec index 6fa157c341d2e2bb95d5da3b232356ec551cd43e..c5626fe650476b50dfdb3f010aa95240be28a925 100644 --- a/exempi.spec +++ b/exempi.spec @@ -1,40 +1,29 @@ -%define anolis_release .0.1 +%global commit e23c21380f467f1f1c9dc397e0a08405fb4afa7a +%global shortcommit %%(c=%{commit}; echo ${c:0:7}) +%global date 20211007 + Summary: Library for easy parsing of XMP metadata Name: exempi -Version: 2.4.5 -Release: 2%{anolis_release}%{?dist} +Version: 2.6.0 +Release: 0.2.%{date}git%{shortcommit}%{?dist} License: BSD -Group: System Environment/Libraries URL: http://libopenraw.freedesktop.org/wiki/Exempi -Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 -Patch0: CVE-2018-12648.patch +Source0: https://gitlab.freedesktop.org/libopenraw/%{name}/-/archive/%{commit}/%{name}-%{commit}.tar.bz2 +Patch0: exempi-e23c213-typeinfos.patch BuildRequires: gcc-c++ BuildRequires: boost-devel expat-devel zlib-devel pkgconfig # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327) BuildRequires: autoconf automake libtool +BuildRequires: make Provides: bundled(md5-polstra) -Requires: glibc -Provides: /usr/bin/exempi - %description Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - - -%description doc -Doc pages for %{name}. - - %package devel Summary: Headers for developing programs that will use %{name} -Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: pkgconfig @@ -43,12 +32,11 @@ This package contains the libraries and header files needed for developing with exempi. %prep -%setup -q -%patch0 -p1 +%autosetup -p1 -n %{name}-%{commit} %build libtoolize -vi -./autogen.sh +NOCONFIGURE=1 ./autogen.sh # BanEntityUsage needed for #888765 %configure CPPFLAGS="-I%{_includedir} -fno-strict-aliasing -DBanAllEntityUsage=1" @@ -56,41 +44,88 @@ libtoolize -vi sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -make %{?_smp_mflags} V=1 +%make_build %check +%ifarch s390x +# testcore test fails on big endian arches since exempi 2.5.2: +# https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/23 +make check || [ "$(grep '^FAIL:' exempi/test-suite.log)" = "FAIL: tests/testcore" ] +%else make check +%endif %install -make DESTDIR=%{buildroot} install +%make_install rm -rf %{buildroot}%{_libdir}/*.la rm -rf %{buildroot}%{_libdir}/*.a -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - %files +%doc AUTHORS ChangeLog COPYING README %{_bindir}/exempi -%{_libdir}/*.so.* +%{_libdir}/libexempi.so.8* %{_mandir}/man1/exempi.1* -%files doc -%doc AUTHORS ChangeLog COPYING README - %files devel %{_includedir}/exempi-2.0/ -%{_libdir}/*.so +%{_libdir}/libexempi.so %{_libdir}/pkgconfig/*.pc %changelog -* Sat Jul 16 2022 mgb01105731 - 2.4.5-2.0.1 -- Add doc sub package +* Wed Nov 03 2021 Nikola Forró - 2.6.0-0.2.20211007gite23c213 +- Add modified upstream test suite as a gating test + Related #1989405 + +* Wed Oct 20 2021 Nikola Forró - 2.6.0-0.1.20211007gite23c213 +- Update to (unreleased) version 2.6.0 to resolve licensing issues + Resolves #1989405 + +* Mon Aug 09 2021 Mohan Boddu - 2.5.1-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 -* Wed Sep 26 2018 Nikola Forró - 2.4.5-2 +* Thu Apr 15 2021 Mohan Boddu - 2.5.1-7 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.5.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Jeff Law - 2.5.1-5 +- Force C++14 as this code is not C++17 ready + +* Mon Jul 27 2020 Fedora Release Engineering - 2.5.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Tom Stellard - 2.5.1-3 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jan 28 2020 Fedora Release Engineering - 2.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Aug 30 2019 Nikola Forró - 2.5.1-1 +- Update to version 2.5.1 + Resolves #1747391 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.4.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 2.4.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Oct 9 2018 Owen Taylor - 2.4.5-5 +- Set NOCONFIGURE when running autogen.sh to avoid running configure twice + +* Wed Sep 26 2018 Nikola Forró - 2.4.5-4 - Fix CVE-2018-12648 - Resolves #1594644 + Resolves #1594643 + +* Fri Jul 13 2018 Fedora Release Engineering - 2.4.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 28 2018 Nikola Forró - 2.4.5-2 +- Remove ldconfig from scriptlets * Tue Mar 13 2018 Nikola Forró - 2.4.5-1 - Update to version 2.4.5