Name: compat-exiv2-026 Version: 0.26 Release: 7%{?dist} Summary: Compatibility package with the exiv2 library in version 0.26 License: GPLv2+ URL: http://www.exiv2.org/ Source0: https://github.com/Exiv2/%{name}/archive/exiv2-%{version}.tar.gz Patch0: exiv2-simplify-compiler-info-in-cmake.patch Patch1: exiv2-do-not-build-documentation.patch ## upstream patches (lookaside cache) Patch6: 0006-1296-Fix-submitted.patch # Security fixes Patch10: exiv2-CVE-2017-17723-1.patch Patch11: exiv2-CVE-2017-17723-2.patch Patch12: exiv2-wrong-brackets.patch Patch13: exiv2-CVE-2017-11683.patch Patch14: exiv2-CVE-2017-14860.patch Patch15: exiv2-CVE-2017-14864-CVE-2017-14862-CVE-2017-14859.patch Patch16: exiv2-CVE-2017-17725.patch Patch17: exiv2-CVE-2017-17669.patch Patch18: exiv2-additional-security-fixes.patch Patch19: exiv2-CVE-2018-10958.patch Patch20: exiv2-CVE-2018-10998.patch Patch21: exiv2-CVE-2018-11531.patch Patch22: exiv2-CVE-2018-12264-CVE-2018-12265.patch Patch23: exiv2-CVE-2018-14046.patch Patch24: exiv2-CVE-2018-5772.patch Patch25: exiv2-CVE-2018-8976.patch Patch26: exiv2-CVE-2018-8977.patch Patch27: exiv2-CVE-2018-16336.patch Patch28: exiv2-CVE-2021-31291.patch Patch29: exiv2-CVE-2021-31292.patch Patch30: exiv2-CVE-2021-37618.patch Patch31: exiv2-CVE-2021-37619.patch Patch32: exiv2-CVE-2020-18898.patch ## upstreamable patches BuildRequires: cmake BuildRequires: expat-devel BuildRequires: gettext BuildRequires: pkgconfig BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libssh) BuildRequires: zlib-devel Conflicts: exiv2-libs < 0.27 %description A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments %prep %autosetup -n exiv2-%{version} -p1 %build # exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage # https://bugzilla.redhat.com/show_bug.cgi?id=888769 export CPPFLAGS="-DBanAllEntityUsage=1" %{cmake} \ -DEXIV2_ENABLE_BUILD_PO:BOOL=OFF \ -DEXIV2_ENABLE_BUILD_SAMPLES:BOOL=OFF \ -DEXIV2_ENABLE_LIBXMP:BOOL=ON . # FIXME: build this because it adds Threads library and it doesn't build without # it from some reason make %{?_smp_mflags} %install make install/fast DESTDIR=%{buildroot} ## unpackaged files rm -rf %{buildroot}%{_bindir}/exiv2 rm -rf %{buildroot}%{_includedir}/exiv2 rm -rf %{buildroot}%{_libdir}/libexiv2.la rm -rf %{buildroot}%{_libdir}/libxmp.a rm -rf %{buildroot}%{_libdir}/pkgconfig/exiv2.pc rm -rf %{buildroot}%{_libdir}/pkgconfig/exiv2.lsm rm -rf %{buildroot}%{_datadir}/locale/* rm -rf %{buildroot}%{_mandir}/* rm -rf mv %{buildroot}%{_libdir}/libexiv2.so %files %doc COPYING README %{_libdir}/libexiv2.so.26* %changelog * Wed Oct 13 2021 Jan Grulich - 0.26-7 - Fix stack exhaustion issue in the printIFDStructure function Resolves: bz#2003669 * Wed Aug 18 2021 Jan Grulich - 0.26-6 - Fix out-of-bounds read in Exiv2::Jp2Image::printStructure Resolves: bz#1993283 - Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header Resolves: bz#1993246 * Thu Aug 05 2021 Jan Grulich - 0.26-4 - Fix heap-based buffer overflow vulnerability in jp2image.cpp that may lead to DoS Resolves: bz#1990398 - Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS Resolves: bz#1990399 * Thu Nov 21 2019 Jan Grulich - 0.26-3 - Remove pre-built msvc binaries Resolves: bz#1757349 * Wed Oct 09 2019 Tomas Pelka - 0.26-2 - bump version in order to pick up with gating * Mon Oct 07 2019 Jan Grulich - 0.26-1 - Spec file based on exiv2 package to provide old libraries before API change Resolves: bz#1757349