diff --git a/.gitignore b/.gitignore index 60563e7..dbfcbae 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ exempi-2.1.1.tar.gz /exempi-2.4.2.tar.bz2 /exempi-2.4.4.tar.bz2 /exempi-2.4.5.tar.bz2 +/exempi-2.5.1.tar.bz2 diff --git a/CVE-2018-12648.patch b/CVE-2018-12648.patch deleted file mode 100644 index 0e960c0..0000000 --- a/CVE-2018-12648.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001 -From: Victor Rodriguez -Date: Sat, 18 Aug 2018 13:54:55 +0000 -Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The WEBP::GetLE32 function in -XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a -NULL pointer dereference. - -https://bugs.freedesktop.org/show_bug.cgi?id=106981 -https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 - -Signed-off-by: Victor Rodriguez -Signed-off-by: Hubert Figuière ---- - XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -index ffaf220..4fe705b 100644 ---- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp -+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp -@@ -160,9 +160,11 @@ bool VP8XChunk::xmp() - } - void VP8XChunk::xmp(bool hasXMP) - { -- XMP_Uns32 flags = GetLE32(&this->data[0]); -- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -- PutLE32(&this->data[0], flags); -+ if (&this->data[0] != NULL) { -+ XMP_Uns32 flags = GetLE32(&this->data[0]); -+ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); -+ PutLE32(&this->data[0], flags); -+ } - } - - Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) --- -2.17.1 - diff --git a/exempi.spec b/exempi.spec index 41e7c27..22b929b 100644 --- a/exempi.spec +++ b/exempi.spec @@ -1,11 +1,10 @@ Summary: Library for easy parsing of XMP metadata Name: exempi -Version: 2.4.5 -Release: 7%{?dist} +Version: 2.5.1 +Release: 1%{?dist} License: BSD URL: http://libopenraw.freedesktop.org/wiki/Exempi Source0: http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2 -Patch0: CVE-2018-12648.patch BuildRequires: gcc-c++ BuildRequires: boost-devel expat-devel zlib-devel pkgconfig # Work around for aarch64 support (https://bugzilla.redhat.com/show_bug.cgi?id=925327) @@ -28,7 +27,6 @@ developing with exempi. %prep %setup -q -%patch0 -p1 %build libtoolize -vi @@ -54,15 +52,19 @@ rm -rf %{buildroot}%{_libdir}/*.a %files %doc AUTHORS ChangeLog COPYING README %{_bindir}/exempi -%{_libdir}/*.so.* +%{_libdir}/libexempi.so.8* %{_mandir}/man1/exempi.1* %files devel %{_includedir}/exempi-2.0/ -%{_libdir}/*.so +%{_libdir}/libexempi.so %{_libdir}/pkgconfig/*.pc %changelog +* Fri Aug 30 2019 Nikola Forró - 2.5.1-1 +- Update to version 2.5.1 + Resolves #1747391 + * Thu Jul 25 2019 Fedora Release Engineering - 2.4.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index 334aff6..ddfad2f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (exempi-2.4.5.tar.bz2) = da0ba2c79037f49218c4b64b552f286a471608eb0a5be435dcea14833a3da2a79271e394918803a1fe5c27a0c03b8200db8a5a560b70b619b4c4a5a48f737df6 +SHA512 (exempi-2.5.1.tar.bz2) = 97f2a688e1f92e219d0b68b077608112373cf3e6cbfe4141bbb9c3d1f416926bfd568957c1d0a081b95b524cbd500da0b7bca0ce45e1e8611818f66bcb1b6518