diff --git a/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch b/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch deleted file mode 100644 index 51bcde59ee9c4a9b14265e77b20b7fdb0b65037a..0000000000000000000000000000000000000000 --- a/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001 -From: Victor Rodriguez -Date: Sat, 18 Aug 2018 13:54:55 +0000 -Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The WEBP::GetLE32 function in -XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a -NULL pointer dereference. - -https://bugs.freedesktop.org/show_bug.cgi?id=106981 -https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 - -Signed-off-by: Victor Rodriguez -Signed-off-by: Hubert Figuière -Signed-off-by: gaoyi ---- - XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -index ffaf220..4fe705b 100644 ---- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp -+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -@@ -160,9 +160,11 @@ bool VP8XChunk::xmp() - } - void VP8XChunk::xmp(bool hasXMP) - { -- XMP_Uns32 flags = GetLE32(&this->data[0]); -- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -- PutLE32(&this->data[0], flags); -+ if (&this->data[0] != NULL) { -+ XMP_Uns32 flags = GetLE32(&this->data[0]); -+ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -+ PutLE32(&this->data[0], flags); -+ } - } - - Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) --- -2.19.1 - diff --git a/exempi-2.4.5.tar.bz2 b/exempi-2.5.2.tar.bz2 similarity index 33% rename from exempi-2.4.5.tar.bz2 rename to exempi-2.5.2.tar.bz2 index 9e3e69bf0b45231958e3c3ace92f41524b80e3ad..036e47aefcde1847fcaebcd3f72b22a08ddc35da 100644 Binary files a/exempi-2.4.5.tar.bz2 and b/exempi-2.5.2.tar.bz2 differ diff --git a/exempi.spec b/exempi.spec index 742b1b75e774a57bcac9831c5ff520c1fe59fa8a..3f18a1df3a740c7b20d3301f1b87273e7a6cda37 100644 --- a/exempi.spec +++ b/exempi.spec @@ -1,15 +1,13 @@ Name: exempi -Version: 2.4.5 -Release: 4 +Version: 2.5.2 +Release: 1 Summary: Exempi is an implementation of XMP (Adobe's Extensible Metadata Platform) License: BSD URL: https://wiki.freedesktop.org/libopenraw/Exempi/ Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 -Patch6000: CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch - BuildRequires: gcc-c++ autoconf automake libtool -BuildRequires: boost-devel expat-devel zlib-devel pkgconfig +BuildRequires: boost-devel expat-devel zlib-devel pkgconfig exempi Provides: bundled(md5-polstra) %description @@ -31,7 +29,7 @@ Summary: Help information for user Help information for user %prep -%autosetup -n exempi-2.4.5 -p1 +%autosetup -n exempi-2.5.2 -p1 %build libtoolize -vi @@ -47,6 +45,7 @@ make check %install %make_install +cp -a %{_libdir}/*.so.* %{buildroot}%{_libdir} %files %doc AUTHORS ChangeLog COPYING README @@ -64,5 +63,8 @@ make check %{_mandir}/man1/exempi.1* %changelog +* Tue Jan 26 2021 wangchen - 2.5.2-1 +- Update to 2.5.2 + * Fri Sep 06 2019 openEuler Buildteam - 2.4.5-4 - Package init