diff --git a/CVE-2022-3755.patch b/CVE-2022-3755.patch deleted file mode 100644 index 9d40f8eca1a4738eca6cef562849b6f3e1bcef05..0000000000000000000000000000000000000000 --- a/CVE-2022-3755.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 789ec5408f885709eef0a820416658b6e3882c0c Mon Sep 17 00:00:00 2001 -From: qz_cx -Date: Mon, 31 Oct 2022 15:13:45 +0800 -Subject: [PATCH] Credit to - OSS-Fuzz:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 - -Avoid null pointer deref #2384 - Merged -kevinbackhouse merged 2 commits into Exiv2 ---- - src/quicktimevideo.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp -index 335d884..ef1a6e5 100644 ---- a/src/quicktimevideo.cpp -+++ b/src/quicktimevideo.cpp -@@ -915,6 +915,7 @@ namespace Exiv2 { - } - - else if(equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) { -+ enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata); - io_->read(buf.pData_, 2); - buf.pData_[2] = '\0' ; - tv_internal = find(cameraByteOrderTags, Exiv2::toString( buf.pData_)); --- -2.33.0 - diff --git a/CVE-2022-3756.patch b/CVE-2022-3756.patch deleted file mode 100644 index 90618e6a4bd4d28b902650a0fee30cf591d92094..0000000000000000000000000000000000000000 --- a/CVE-2022-3756.patch +++ /dev/null @@ -1,30 +0,0 @@ -From be374cc6cd51906eaacc7a4f77c9ac37ea7c69c7 Mon Sep 17 00:00:00 2001 -From: qz_cx -Date: Mon, 31 Oct 2022 14:29:31 +0800 -Subject: [PATCH] Avoid potential integer overflow. - -Merge pull request #2347 from kevinbackhouse/quicktimevideo-size-calc - -Avoid potential integer overflow in QuickTimeVideo::userDataDecoder -@kevinbackhouse -kevinbackhouse committed on 7 Sep ---- - src/quicktimevideo.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp -index 335d884..9b80947 100644 ---- a/src/quicktimevideo.cpp -+++ b/src/quicktimevideo.cpp -@@ -895,7 +895,7 @@ namespace Exiv2 { - - tv = find(userDataReferencetags, Exiv2::toString( buf.pData_)); - -- if(size == 0 || (size - 12) <= 0) -+ if (size <= 12) - break; - - else if(equalsQTimeTag(buf, "DcMD") || equalsQTimeTag(buf, "NCDT")) --- -2.33.0 - diff --git a/v0.27.5.tar.gz b/exiv2-0.28.0.tar.gz similarity index 65% rename from v0.27.5.tar.gz rename to exiv2-0.28.0.tar.gz index 0712df17c98e9e09ecc41b8781ee3dc046a92d6e..bb4d0d05f612b5123537a503b4a4fd1d63194702 100644 Binary files a/v0.27.5.tar.gz and b/exiv2-0.28.0.tar.gz differ diff --git a/exiv2.spec b/exiv2.spec index 18f3cb070d1ce58e714b48672c8775f1c6871514..be90153273d0130bd5a82b9d6f6d8e2367cf545d 100644 --- a/exiv2.spec +++ b/exiv2.spec @@ -1,18 +1,16 @@ Name: exiv2 -Version: 0.27.5 -Release: 4 +Version: 0.28.0 +Release: 1 Summary: Exif, IPTC and XMP metadata and the ICC Profile License: GPLv2+ URL: http://www.exiv2.org/ -Source0: https://github.com/Exiv2/exiv2/archive/refs/tags/v%{version}.tar.gz -Patch0001: CVE-2022-3755.patch -Patch0002: CVE-2022-3756.patch +Source0: https://github.com/Exiv2/exiv2/archive/refs/tags/%{name}-%{version}.tar.gz -Provides: exiv2-libs -Obsoletes: exiv2-libs +Provides: exiv2-libs = %{version}-%{release} +Obsoletes: exiv2-libs < %{version}-%{release} -BuildRequires: cmake expat-devel gcc-c++ gettext pkgconfig -BuildRequires: doxygen graphviz libxslt zlib-devel chrpath +BuildRequires: cmake expat-devel gcc-c++ gettext pkgconfig brotli-devel +BuildRequires: doxygen graphviz libxslt zlib-devel chrpath inih-devel %description Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. @@ -45,7 +43,7 @@ make doc %install %make_install %find_lang exiv2 --with-man -chrpath -d %{buildroot}%{_libdir}/libexiv2.so.0.27.5 +chrpath -d %{buildroot}%{_libdir}/libexiv2.so.0.28.0 chrpath -d %{buildroot}%{_bindir}/%{name} @@ -60,7 +58,7 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %doc doc/ChangeLog %license COPYING %{_bindir}/exiv2 -%{_libdir}/libexiv2.so.27* +%{_libdir}/libexiv2.so.28* %{_libdir}/libexiv2.so.%{version} %exclude %{_libdir}/pkgconfig/exiv2.lsm %exclude %{_libdir}/libxmp.a @@ -71,7 +69,6 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %{_libdir}/libexiv2.so %{_includedir}/exiv2/ %{_libdir}/cmake/exiv2/ -%{_libdir}/libexiv2-xmp.a %files help %defattr(-,root,root) @@ -79,6 +76,9 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %{_pkgdocdir}/ %changelog +* Sat Sep 2 2023 liyanan - 0.28.0-1 +- Upgrade to version 0.28.0 + * Thu Mar 2 2023 liyanan - 0.27.5-4 - Remove rpath