diff --git a/.exiv2.metadata b/.exiv2.metadata index 7a1906f..d57a45e 100644 --- a/.exiv2.metadata +++ b/.exiv2.metadata @@ -1 +1 @@ -b267149993f8637ab9d0782c9cd73a5c3092427b SOURCES/exiv2-0.26-trunk.tar.gz +cd0ae9c67163338fa4a41cfb5e8e1e2a7c36349e SOURCES/exiv2-0.27.0a-Source.tar.gz diff --git a/.gitignore b/.gitignore index f144f3f..2fd671d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/exiv2-0.26-trunk.tar.gz +SOURCES/exiv2-0.27.0a-Source.tar.gz diff --git a/SOURCES/0006-1296-Fix-submitted.patch b/SOURCES/0006-1296-Fix-submitted.patch deleted file mode 100644 index bc3c413..0000000 --- a/SOURCES/0006-1296-Fix-submitted.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2f8681e120d277e418941c4361c83b5028f67fd8 Mon Sep 17 00:00:00 2001 -From: clanmills -Date: Sat, 27 May 2017 10:18:17 +0100 -Subject: [PATCH 6/6] #1296 Fix submitted. - ---- - src/tiffcomposite.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/tiffcomposite.cpp b/src/tiffcomposite.cpp -index c6b860d..0c9b9c4 100644 ---- a/src/tiffcomposite.cpp -+++ b/src/tiffcomposite.cpp -@@ -1611,6 +1611,8 @@ namespace Exiv2 { - uint32_t TiffImageEntry::doWriteImage(IoWrapper& ioWrapper, - ByteOrder /*byteOrder*/) const - { -+ if ( !pValue() ) throw Error(21); // #1296 -+ - uint32_t len = pValue()->sizeDataArea(); - if (len > 0) { - #ifdef DEBUG --- -2.9.4 - diff --git a/SOURCES/0022-cmake-man-pages-only-installed-with-the-exiv2-app.patch b/SOURCES/0022-cmake-man-pages-only-installed-with-the-exiv2-app.patch new file mode 100644 index 0000000..889e8f8 --- /dev/null +++ b/SOURCES/0022-cmake-man-pages-only-installed-with-the-exiv2-app.patch @@ -0,0 +1,41 @@ +From d1c609b320eadbe7089b0482353ffef576813ca2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= +Date: Tue, 18 Dec 2018 08:05:16 +0100 +Subject: [PATCH 22/70] cmake: man pages only installed with the exiv2 app + +--- + CMakeLists.txt | 3 --- + src/CMakeLists.txt | 7 +------ + 2 files changed, 1 insertion(+), 9 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 8dfd9d97..e98cfac1 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -106,6 +106,3 @@ configure_file(cmake/exiv2.pc.in exiv2.pc @ONLY) + install(FILES ${CMAKE_BINARY_DIR}/exiv2.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + include(cmake/printSummary.cmake) +- +-# That's all Folks! +-## +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index ca24006e..0d093924 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -273,11 +273,6 @@ if(EXIV2_BUILD_EXIV2_COMMAND) + endif() + + install(TARGETS exiv2 RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ install( FILES exiv2.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 ) + endif() + +-# ****************************************************************************** +-# Man page +-install( FILES exiv2.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 ) +- +-# That's all Folks! +-## +-- +2.17.2 + diff --git a/SOURCES/0035-cmake-ignore-warnings-about-missing-PDB-files-in-3rd.patch b/SOURCES/0035-cmake-ignore-warnings-about-missing-PDB-files-in-3rd.patch new file mode 100644 index 0000000..84c0722 --- /dev/null +++ b/SOURCES/0035-cmake-ignore-warnings-about-missing-PDB-files-in-3rd.patch @@ -0,0 +1,64 @@ +From e57f311e629762fbf2b08d9a5b1e0cad1035b42f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= +Date: Tue, 18 Dec 2018 10:33:11 +0100 +Subject: [PATCH 35/70] cmake: ignore warnings about missing PDB files in 3rd + party libs + +--- + samples/CMakeLists.txt | 11 +++++++++++ + src/CMakeLists.txt | 4 ++++ + 2 files changed, 15 insertions(+) + +diff --git a/samples/CMakeLists.txt b/samples/CMakeLists.txt +index a3e491e0..4e8c14c6 100644 +--- a/samples/CMakeLists.txt ++++ b/samples/CMakeLists.txt +@@ -43,6 +43,9 @@ foreach(entry ${SAMPLES}) + add_test( ${target}_test ${target} ) + target_include_directories(${target} PRIVATE ${CMAKE_SOURCE_DIR}/src) # To find unused.h + install( TARGETS ${target} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ if (MSVC) ++ set_target_properties(${target} PROPERTIES LINK_FLAGS "/ignore:4099") ++ endif() + endforeach() + + ################################### +@@ -69,6 +72,11 @@ list(APPEND APPLICATIONS exiv2json) + + install( TARGETS metacopy pathtest exiv2json RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + ++if (MSVC) ++ set_target_properties(exiv2json PROPERTIES LINK_FLAGS "/ignore:4099") ++ set_target_properties(metacopy PROPERTIES LINK_FLAGS "/ignore:4099") ++endif() ++ + if( EXPAT_FOUND ) + add_executable( geotag geotag.cpp) + list(APPEND APPLICATIONS geotag) +@@ -103,6 +111,9 @@ foreach(application ${APPLICATIONS}) + if( EXIV2_ENABLE_PNG ) + target_link_libraries( ${application} PRIVATE ${ZLIB_LIBRARIES} ) + endif() ++ if (MSVC) ++ set_target_properties(${application} PROPERTIES LINK_FLAGS "/ignore:4099") ++ endif() + endforeach() + + # ****************************************************************************** +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 0d093924..adb285b1 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -274,5 +274,9 @@ if(EXIV2_BUILD_EXIV2_COMMAND) + + install(TARGETS exiv2 RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + install( FILES exiv2.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 ) ++ ++ if (MSVC) ++ set_target_properties(exiv2 PROPERTIES LINK_FLAGS "/ignore:4099") ++ endif() + endif() + +-- +2.17.2 + diff --git a/SOURCES/0064-cmake-Rename-xmp-to-exiv2-xmp-to-avoid-name-conflict.patch b/SOURCES/0064-cmake-Rename-xmp-to-exiv2-xmp-to-avoid-name-conflict.patch new file mode 100644 index 0000000..08a3073 --- /dev/null +++ b/SOURCES/0064-cmake-Rename-xmp-to-exiv2-xmp-to-avoid-name-conflict.patch @@ -0,0 +1,82 @@ +From 89509d7a3915ba474cbc3f8c85ab9bec4954ceda Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 2 Jan 2019 10:38:22 +0100 +Subject: [PATCH 64/70] cmake: Rename xmp to exiv2-xmp to avoid name conflicts + +There is already a libxmp file by the xmp project on https://xmp.sf.net. +To avoid issues prefix with exiv2. + +Fixes #624 + +Signed-off-by: Andreas Schneider +--- + src/CMakeLists.txt | 2 +- + xmpsdk/CMakeLists.txt | 14 +++++++------- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index adb285b1..2aeae733 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -147,7 +147,7 @@ target_include_directories(exiv2lib_int PRIVATE ${ZLIB_INCLUDE_DIR}) + target_include_directories(exiv2lib PRIVATE ${ZLIB_INCLUDE_DIR}) + + if (EXIV2_ENABLE_XMP) +- target_link_libraries(exiv2lib PUBLIC xmp) ++ target_link_libraries(exiv2lib PUBLIC exiv2-xmp) + elseif(EXIV2_ENABLE_EXTERNAL_XMP) + target_link_libraries(exiv2lib PUBLIC ${XMPSDK_LIBRARY}) + target_include_directories(exiv2lib PUBLIC ${XMPSDK_INCLUDE_DIR}) +diff --git a/xmpsdk/CMakeLists.txt b/xmpsdk/CMakeLists.txt +index a4c1fe6c..fa521043 100644 +--- a/xmpsdk/CMakeLists.txt ++++ b/xmpsdk/CMakeLists.txt +@@ -1,4 +1,4 @@ +-add_library(xmp STATIC ++add_library(exiv2-xmp STATIC + src/ExpatAdapter.cpp + src/MD5.cpp + src/ParseRDF.cpp +@@ -26,12 +26,12 @@ add_library(xmp STATIC + include/XMP_Version.h + ) + +-target_link_libraries(xmp ++target_link_libraries(exiv2-xmp + PRIVATE + ${EXPAT_LIBRARY} + ) + +-target_include_directories(xmp ++target_include_directories(exiv2-xmp + PUBLIC + $ + PRIVATE +@@ -39,20 +39,20 @@ target_include_directories(xmp + ) + + if (MSVC) +- target_compile_definitions(xmp PRIVATE XML_STATIC) ++ target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC) + endif() + + check_include_file( "stdint.h" EXV_HAVE_STDINT_H ) + if (EXV_HAVE_STDINT_H) +- target_compile_definitions(xmp PRIVATE EXV_HAVE_STDINT_H) ++ target_compile_definitions(exiv2-xmp PRIVATE EXV_HAVE_STDINT_H) + endif() + + if (BUILD_SHARED_LIBS) +- set_property(TARGET xmp PROPERTY POSITION_INDEPENDENT_CODE ON) ++ set_property(TARGET exiv2-xmp PROPERTY POSITION_INDEPENDENT_CODE ON) + endif() + + # 1119 Install libxmp.a for use by third party applications (Thanks, Emmanuel) +-install(TARGETS xmp EXPORT exiv2Config ++install(TARGETS exiv2-xmp EXPORT exiv2Config + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + ) +-- +2.17.2 + diff --git a/SOURCES/0065-cmake-Install-header-files-without-globbing.patch b/SOURCES/0065-cmake-Install-header-files-without-globbing.patch new file mode 100644 index 0000000..4503375 --- /dev/null +++ b/SOURCES/0065-cmake-Install-header-files-without-globbing.patch @@ -0,0 +1,111 @@ +From 0b34ccb9a3b26cd1c5267c6a5c15e9fa1a665adb Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 2 Jan 2019 10:59:30 +0100 +Subject: [PATCH 65/70] cmake: Install header files without globbing + +Fixes #627 + +Signed-off-by: Andreas Schneider +--- + CMakeLists.txt | 1 + + include/CMakeLists.txt | 1 + + include/exiv2/CMakeLists.txt | 51 ++++++++++++++++++++++++++++++++++++ + src/CMakeLists.txt | 4 --- + 4 files changed, 53 insertions(+), 4 deletions(-) + create mode 100644 include/CMakeLists.txt + create mode 100644 include/exiv2/CMakeLists.txt + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 183cdd2e..ce4d2202 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -76,6 +76,7 @@ endif() + + include(cmake/compilerFlagsExiv2.cmake REQUIRED) + ++add_subdirectory( include ) + add_subdirectory( src ) + + if( EXIV2_BUILD_UNIT_TESTS ) +diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt +new file mode 100644 +index 00000000..01b43a6c +--- /dev/null ++++ b/include/CMakeLists.txt +@@ -0,0 +1 @@ ++add_subdirectory(exiv2) +diff --git a/include/exiv2/CMakeLists.txt b/include/exiv2/CMakeLists.txt +new file mode 100644 +index 00000000..60080f1c +--- /dev/null ++++ b/include/exiv2/CMakeLists.txt +@@ -0,0 +1,51 @@ ++install(FILES ++ asfvideo.hpp ++ basicio.hpp ++ bigtiffimage.hpp ++ bmpimage.hpp ++ config.h ++ convert.hpp ++ cr2image.hpp ++ crwimage.hpp ++ datasets.hpp ++ easyaccess.hpp ++ epsimage.hpp ++ error.hpp ++ exif.hpp ++ exiv2.hpp ++ futils.hpp ++ gifimage.hpp ++ http.hpp ++ image.hpp ++ ini.hpp ++ iptc.hpp ++ jp2image.hpp ++ jpgimage.hpp ++ matroskavideo.hpp ++ metadatum.hpp ++ mrwimage.hpp ++ orfimage.hpp ++ pgfimage.hpp ++ pngimage.hpp ++ preview.hpp ++ properties.hpp ++ psdimage.hpp ++ quicktimevideo.hpp ++ rafimage.hpp ++ riffvideo.hpp ++ rw2image.hpp ++ rwlock.hpp ++ slice.hpp ++ ssh.hpp ++ tags.hpp ++ tgaimage.hpp ++ tiffimage.hpp ++ types.hpp ++ utilsvideo.hpp ++ value.hpp ++ version.hpp ++ webpimage.hpp ++ xmp_exiv2.hpp ++ xmpsidecar.hpp ++ DESTINATION ++ ${CMAKE_INSTALL_INCLUDEDIR}/exiv2) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index adb285b1..04d8a2a0 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -225,10 +225,6 @@ install(TARGETS exiv2lib EXPORT exiv2Config + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + ) + +-install(DIRECTORY ../include/exiv2 +- DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} +- FILES_MATCHING PATTERN "*.h*") +- + install(FILES + ${CMAKE_BINARY_DIR}/exv_conf.h + ${CMAKE_BINARY_DIR}/exiv2lib_export.h +-- +2.17.2 + diff --git a/SOURCES/0066-cmake-Use-correct-installation-dir-for-generated-doc.patch b/SOURCES/0066-cmake-Use-correct-installation-dir-for-generated-doc.patch new file mode 100644 index 0000000..5a53c95 --- /dev/null +++ b/SOURCES/0066-cmake-Use-correct-installation-dir-for-generated-doc.patch @@ -0,0 +1,28 @@ +From f8f63a8b4033549d47384c6e2b1972ae1a2775fc Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 2 Jan 2019 10:28:57 +0100 +Subject: [PATCH 66/70] cmake: Use correct installation dir for generated docs + +Fixes #623 + +Signed-off-by: Andreas Schneider +--- + cmake/generateDoc.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmake/generateDoc.cmake b/cmake/generateDoc.cmake +index a3aea727..16823946 100644 +--- a/cmake/generateDoc.cmake ++++ b/cmake/generateDoc.cmake +@@ -21,7 +21,7 @@ macro(generate_documentation DOX_CONFIG_FILE) + set(DOXY_CONFIG "${CMAKE_CURRENT_BINARY_DIR}/doxy.config") + add_custom_target(doc ${DOXYGEN_EXECUTABLE} ${DOXY_CONFIG}) + +- install(DIRECTORY "${PROJECT_BINARY_DIR}/doc/html/" DESTINATION "share/doc/lib${PROJECT_NAME}") ++ install(DIRECTORY "${PROJECT_BINARY_DIR}/doc/html/" DESTINATION ${CMAKE_INSTALL_DOCDIR}) + + set_property(DIRECTORY APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES doc) + endmacro() +-- +2.17.2 + diff --git a/SOURCES/0067-cmake-Use-correct-installation-dir-for-cmake-config-.patch b/SOURCES/0067-cmake-Use-correct-installation-dir-for-cmake-config-.patch new file mode 100644 index 0000000..0bba2af --- /dev/null +++ b/SOURCES/0067-cmake-Use-correct-installation-dir-for-cmake-config-.patch @@ -0,0 +1,124 @@ +From 420e4631da1372da1be06af8f6032429c1f14d02 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 3 Jan 2019 10:18:27 +0100 +Subject: [PATCH 67/70] cmake: Use correct installation dir for cmake config + files + +This is the path cmake will look for those files by default. At least on +UNIX systems. + +Fixes #623 + +Signed-off-by: Andreas Schneider +--- + releasenotes/CYGWIN/ReadMe.txt | 2 +- + releasenotes/Darwin/ReadMe.txt | 2 +- + releasenotes/Linux/ReadMe.txt | 1 + + releasenotes/MinGW/ReadMe.txt | 2 +- + releasenotes/msvc/ReadMe.txt | 2 +- + releasenotes/releasenotes.txt | 5 +++++ + src/CMakeLists.txt | 2 +- + 7 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/releasenotes/CYGWIN/ReadMe.txt b/releasenotes/CYGWIN/ReadMe.txt +index 9161ca34..bba70fe6 100644 +--- a/releasenotes/CYGWIN/ReadMe.txt ++++ b/releasenotes/CYGWIN/ReadMe.txt +@@ -7,9 +7,9 @@ Structure of the bundle: + bin/exiv2.exe exiv2 and sample applications + bin/cygexiv2-27.dll DLL + lib/libexiv2.dll.a & libxmp.a link libraries ++lib/cmake/exiv2 consume CMake files + lib/pkgconfig/exiv2.pc pkg-config file + share/man man pages +-share/exiv2/cmake consume CMake files + samples/exifprint.cpp sample code + logs build and test logs + +diff --git a/releasenotes/Darwin/ReadMe.txt b/releasenotes/Darwin/ReadMe.txt +index d3e61177..57910713 100644 +--- a/releasenotes/Darwin/ReadMe.txt ++++ b/releasenotes/Darwin/ReadMe.txt +@@ -6,10 +6,10 @@ Structure of the bundle + + bin/exiv2 exiv2 and sample applications + lib/libexiv2.0.27.0.0.dylib & libxmp.a libraries ++lib/cmake/exiv2 consume CMake files + lib/pkgconfig/exiv2.pc pkg-config file + include/exiv2/ include files + share/man man pages +-share/exiv2/cmake consume CMake files + samples/exifprint.cpp sample code + logs build and test logs + +diff --git a/releasenotes/Linux/ReadMe.txt b/releasenotes/Linux/ReadMe.txt +index 03348302..0737b3a4 100644 +--- a/releasenotes/Linux/ReadMe.txt ++++ b/releasenotes/Linux/ReadMe.txt +@@ -7,6 +7,7 @@ Structure of the bundle: + bin/exiv2 exiv2 and sample applications + lib/libexiv2.so.0.27.0.0 & libxmp.a libraries + lib/pkgconfig/exiv2.pc pkg-config file ++lib/cmake/exiv2 consume CMake files + include/exiv2/ include files + share/ man pages + samples/exifprint.cpp sample code +diff --git a/releasenotes/MinGW/ReadMe.txt b/releasenotes/MinGW/ReadMe.txt +index 884d7502..98cd7770 100644 +--- a/releasenotes/MinGW/ReadMe.txt ++++ b/releasenotes/MinGW/ReadMe.txt +@@ -7,10 +7,10 @@ Structure of the bundle: + bin/exiv2.exe exiv2 and sample applications + bin/msys-exiv2-27.dll exiv2 dll + lib/libexiv2.dll.a & libxmp.a link libraries ++lib/cmake/exiv2 consume CMake files + lib/pkgconfig/exiv2.pc pkg-config file + include/exiv2/ include files + share/man man pages +-share/exiv2/cmake consume CMake files + samples/exifprint.cpp sample code + logs build and test logs + +diff --git a/releasenotes/msvc/ReadMe.txt b/releasenotes/msvc/ReadMe.txt +index de1dcbfe..e625ab49 100644 +--- a/releasenotes/msvc/ReadMe.txt ++++ b/releasenotes/msvc/ReadMe.txt +@@ -7,8 +7,8 @@ Structure of the bundle: + bin/exiv2.exe exiv2 and sample applications + bin/exiv2.dll dll + lib/exiv2.lib & xmp.lib link libraries ++lib/cmake/exiv2 consume CMake files + include/exiv2/ include files +-share/exiv2/cmake consume CMake files + samples/exifprint.cpp sample code + logs build and test logs + +diff --git a/releasenotes/releasenotes.txt b/releasenotes/releasenotes.txt +index b71b4519..226c078b 100644 +--- a/releasenotes/releasenotes.txt ++++ b/releasenotes/releasenotes.txt +@@ -1,3 +1,8 @@ ++Exiv2 v0.27.1 ++------------- ++ ++#623 Use correct installation path for generated docs and cmake config files ++ + Exiv2 v0.27.0 + ------------- + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index adb285b1..4a05ee4f 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -234,7 +234,7 @@ install(FILES + ${CMAKE_BINARY_DIR}/exiv2lib_export.h + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/exiv2) + +-install(EXPORT exiv2Config DESTINATION "share/exiv2/cmake") ++install(EXPORT exiv2Config DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/exiv2") + + # ****************************************************************************** + # exiv2 application +-- +2.17.2 + diff --git a/SOURCES/0068-xmpsdk-Build-with-DBanAllEntityUsage-1.patch b/SOURCES/0068-xmpsdk-Build-with-DBanAllEntityUsage-1.patch new file mode 100644 index 0000000..0983447 --- /dev/null +++ b/SOURCES/0068-xmpsdk-Build-with-DBanAllEntityUsage-1.patch @@ -0,0 +1,34 @@ +From e44d1dbe769f3b60a3d671be310f4af4f9490e6b Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 3 Jan 2019 10:31:25 +0100 +Subject: [PATCH 68/70] xmpsdk: Build with -DBanAllEntityUsage=1 + +Prevent a denial-service-attack related to XML entity expansion +("billion laughs attack"). +See https://bugzilla.redhat.com/show_bug.cgi?id=888769 + +Search for BanAllEntityUsage in xmpsdk/src/ExpatAdapter.cpp + +Signed-off-by: Andreas Schneider +--- + xmpsdk/CMakeLists.txt | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xmpsdk/CMakeLists.txt b/xmpsdk/CMakeLists.txt +index fa521043..ae011dc3 100644 +--- a/xmpsdk/CMakeLists.txt ++++ b/xmpsdk/CMakeLists.txt +@@ -38,6 +38,10 @@ target_include_directories(exiv2-xmp + ${EXPAT_INCLUDE_DIR} + ) + ++# Prevent a denial-service-attack related to XML entity expansion ++# ("billion laughs attack"). ++# See https://bugzilla.redhat.com/show_bug.cgi?id=888769 ++target_compile_definitions(exiv2-xmp PRIVATE BanAllEntityUsage=1) + if (MSVC) + target_compile_definitions(exiv2-xmp PRIVATE XML_STATIC) + endif() +-- +2.17.2 + diff --git a/SOURCES/0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch b/SOURCES/0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch new file mode 100644 index 0000000..7f35124 --- /dev/null +++ b/SOURCES/0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch @@ -0,0 +1,31 @@ +From dac6bb6043fc046f7cbad73c281eb258a981267f Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 3 Jan 2019 10:41:40 +0100 +Subject: [PATCH 69/70] xmpsdk: Fix compile warnings in ExpatAdapter.cpp + +The code has been enabled with -DBanAllEntityUsage=1 + +Signed-off-by: Andreas Schneider +--- + xmpsdk/src/ExpatAdapter.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/xmpsdk/src/ExpatAdapter.cpp b/xmpsdk/src/ExpatAdapter.cpp +index 79669f52..09117c75 100644 +--- a/xmpsdk/src/ExpatAdapter.cpp ++++ b/xmpsdk/src/ExpatAdapter.cpp +@@ -484,7 +484,10 @@ static void CommentHandler ( void * userData, XMP_StringPtr comment ) + static void StartDoctypeDeclHandler ( void * userData, XMP_StringPtr doctypeName, + XMP_StringPtr sysid, XMP_StringPtr pubid, int has_internal_subset ) + { +- IgnoreParam(userData); ++ IgnoreParam(doctypeName); ++ IgnoreParam(sysid); ++ IgnoreParam(pubid); ++ IgnoreParam(has_internal_subset); + + ExpatAdapter * thiz = (ExpatAdapter*)userData; + +-- +2.17.2 + diff --git a/SOURCES/0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch b/SOURCES/0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch new file mode 100644 index 0000000..c65f13b --- /dev/null +++ b/SOURCES/0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch @@ -0,0 +1,27 @@ +From ae9eb90108c0f6a3f2030cf4e4ae907a8b203b6a Mon Sep 17 00:00:00 2001 +From: Luis Diaz Mas +Date: Sat, 12 Jan 2019 13:39:12 +0100 +Subject: [PATCH 79/98] Fixes in .pc file for being compatible with more + distributions + +--- + cmake/exiv2.pc.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cmake/exiv2.pc.in b/cmake/exiv2.pc.in +index e477696d..9018472b 100644 +--- a/cmake/exiv2.pc.in ++++ b/cmake/exiv2.pc.in +@@ -1,7 +1,7 @@ + prefix=@CMAKE_INSTALL_PREFIX@ + exec_prefix=${prefix} +-libdir=${prefix}/lib +-includedir=${prefix}/include ++libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ ++includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ + + Name: exiv2 + Description: @PROJECT_DESCRIPTION@ +-- +2.17.2 + diff --git a/SOURCES/exiv2-CVE-2017-17723.patch b/SOURCES/exiv2-CVE-2017-17723.patch deleted file mode 100644 index f20af24..0000000 --- a/SOURCES/exiv2-CVE-2017-17723.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp -index 64a8ca7..4e9f285 100644 ---- a/include/exiv2/value.hpp -+++ b/include/exiv2/value.hpp -@@ -1658,11 +1658,13 @@ namespace Exiv2 { - ok_ = true; - return static_cast(value_[n]); - } -+// #55 crash when value_[n].first == LONG_MIN -+#define LARGE_INT 1000000 - // Specialization for rational - template<> - inline long ValueType::toLong(long n) const - { -- ok_ = (value_[n].second != 0); -+ ok_ = (value_[n].second != 0 && -LARGE_INT < value_[n].first && value_[n].first < LARGE_INT); - if (!ok_) return 0; - return value_[n].first / value_[n].second; - } -@@ -1670,7 +1672,7 @@ namespace Exiv2 { - template<> - inline long ValueType::toLong(long n) const - { -- ok_ = (value_[n].second != 0); -+ ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT); - if (!ok_) return 0; - return value_[n].first / value_[n].second; - } -diff --git a/src/basicio.cpp b/src/basicio.cpp -index 1ede931..eac756f 100644 ---- a/src/basicio.cpp -+++ b/src/basicio.cpp -@@ -990,6 +990,7 @@ namespace Exiv2 { - DataBuf FileIo::read(long rcount) - { - assert(p_->fp_ != 0); -+ if ( (size_t) rcount > size() ) throw Error(57); - DataBuf buf(rcount); - long readCount = read(buf.pData_, buf.size_); - buf.size_ = readCount; -diff --git a/src/image.cpp b/src/image.cpp -index 31b9b81..eeb1f37 100644 ---- a/src/image.cpp -+++ b/src/image.cpp -@@ -399,7 +399,13 @@ namespace Exiv2 { - ; - - // if ( offset > io.size() ) offset = 0; // Denial of service? -- DataBuf buf(size*count + pad+20); // allocate a buffer -+ -+ // #55 memory allocation crash test/data/POC8 -+ long long allocate = (long long) size*count + pad+20; -+ if ( allocate > (long long) io.size() ) { -+ throw Error(57); -+ } -+ DataBuf buf(allocate); // allocate a buffer - std::memcpy(buf.pData_,dir.pData_+8,4); // copy dir[8:11] into buffer (short strings) - if ( count*size > 4 ) { // read into buffer - size_t restore = io.tell(); // save diff --git a/SOURCES/exiv2-CVE-2017-17725.patch b/SOURCES/exiv2-CVE-2017-17725.patch deleted file mode 100644 index f461cb7..0000000 --- a/SOURCES/exiv2-CVE-2017-17725.patch +++ /dev/null @@ -1,420 +0,0 @@ -diff --git a/src/actions.cpp b/src/actions.cpp -index 35c7965..cb905f6 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -59,6 +59,7 @@ EXIV2_RCSID("@(#) $Id: actions.cpp 4719 2017-03-08 20:42:28Z robinwmills $") - #include - #include - #include -+#include - #include // for stat() - #include // for stat() - #ifdef EXV_HAVE_UNISTD_H -@@ -236,33 +237,43 @@ namespace Action { - } - - int Print::run(const std::string& path) -- try { -- path_ = path; -- int rc = 0; -- Exiv2::PrintStructureOption option = Exiv2::kpsNone ; -- switch (Params::instance().printMode_) { -- case Params::pmSummary: rc = printSummary(); break; -- case Params::pmList: rc = printList(); break; -- case Params::pmComment: rc = printComment(); break; -- case Params::pmPreview: rc = printPreviewList(); break; -- case Params::pmStructure: rc = printStructure(std::cout,Exiv2::kpsBasic) ; break; -- case Params::pmRecursive: rc = printStructure(std::cout,Exiv2::kpsRecursive) ; break; -- -- case Params::pmXMP: -- option = option == Exiv2::kpsNone ? Exiv2::kpsXMP : option; // drop -- case Params::pmIccProfile:{ -- option = option == Exiv2::kpsNone ? Exiv2::kpsIccProfile : option; -- _setmode(_fileno(stdout),O_BINARY); -- rc = printStructure(std::cout,option); -- } break; -+ { -+ try { -+ path_ = path; -+ int rc = 0; -+ Exiv2::PrintStructureOption option = Exiv2::kpsNone ; -+ switch (Params::instance().printMode_) { -+ case Params::pmSummary: rc = printSummary(); break; -+ case Params::pmList: rc = printList(); break; -+ case Params::pmComment: rc = printComment(); break; -+ case Params::pmPreview: rc = printPreviewList(); break; -+ case Params::pmStructure: rc = printStructure(std::cout,Exiv2::kpsBasic) ; break; -+ case Params::pmRecursive: rc = printStructure(std::cout,Exiv2::kpsRecursive) ; break; -+ -+ case Params::pmXMP: -+ if (option == Exiv2::kpsNone) -+ option = Exiv2::kpsXMP; -+ // drop -+ case Params::pmIccProfile: -+ if (option == Exiv2::kpsNone) -+ option = Exiv2::kpsIccProfile; -+ _setmode(_fileno(stdout),O_BINARY); -+ rc = printStructure(std::cout,option); -+ break; -+ } -+ return rc; -+ } -+ catch(const Exiv2::AnyError& e) { -+ std::cerr << "Exiv2 exception in print action for file " -+ << path << ":\n" << e << "\n"; -+ return 1; -+ } -+ catch(const std::overflow_error& e) { -+ std::cerr << "std::overflow_error exception in print action for file " -+ << path << ":\n" << e.what() << "\n"; -+ return 1; - } -- return rc; - } -- catch(const Exiv2::AnyError& e) { -- std::cerr << "Exiv2 exception in print action for file " -- << path << ":\n" << e << "\n"; -- return 1; -- } // Print::run - - int Print::printStructure(std::ostream& out, Exiv2::PrintStructureOption option) - { -diff --git a/src/jp2image.cpp b/src/jp2image.cpp -index ac31257..4c072d7 100644 ---- a/src/jp2image.cpp -+++ b/src/jp2image.cpp -@@ -41,6 +41,7 @@ EXIV2_RCSID("@(#) $Id: jp2image.cpp 4759 2017-04-23 10:58:54Z robinwmills $") - #include "error.hpp" - #include "futils.hpp" - #include "types.hpp" -+#include "safe_op.hpp" - - // + standard includes - #include -@@ -269,8 +270,9 @@ namespace Exiv2 - std::cout << "Exiv2::Jp2Image::readMetadata: " - << "Color data found" << std::endl; - #endif -+ - long pad = 3 ; // 3 padding bytes 2 0 0 -- DataBuf data(subBox.length+8); -+ DataBuf data(Safe::add(subBox.length, static_cast(8))); - io_->read(data.pData_,data.size_); - long iccLength = getULong(data.pData_+pad, bigEndian); - DataBuf icc(iccLength); -diff --git a/src/safe_op.hpp b/src/safe_op.hpp -new file mode 100644 -index 0000000..014b7f3 ---- /dev/null -+++ b/src/safe_op.hpp -@@ -0,0 +1,310 @@ -+// ********************************************************* -*- C++ -*- -+/* -+ * Copyright (C) 2004-2017 Exiv2 maintainers -+ * -+ * This program is part of the Exiv2 distribution. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version 2 -+ * of the License, or (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA. -+ */ -+/*! -+ @file safe_op.hpp -+ @brief Overflow checks for integers -+ @author Dan Čermák (D4N) -+ dan.cermak@cgc-instruments.com -+ @date 14-Dec-17, D4N: created -+ */ -+ -+#ifndef SAFE_OP_HPP_ -+#define SAFE_OP_HPP_ -+ -+#include -+#include -+ -+#ifdef _MSC_VER -+#include -+#endif -+ -+/*! -+ * @brief Arithmetic operations with overflow checks -+ */ -+namespace Safe -+{ -+ /*! -+ * @brief Helper structs for providing integer overflow checks. -+ * -+ * This namespace contains the internal helper structs fallback_add_overflow -+ * and builtin_add_overflow. Both have a public static member function add -+ * with the following interface: -+ * -+ * bool add(T summand_1, T summand_2, T& result) -+ * -+ * where T is the type over which the struct is templated. -+ * -+ * The function performs a check whether the addition summand_1 + summand_2 -+ * can be performed without an overflow. If the operation would overflow, -+ * true is returned and the addition is not performed if it would result in -+ * undefined behavior. If no overflow occurs, the sum is saved in result and -+ * false is returned. -+ * -+ * fallback_add_overflow implements a portable but slower overflow check. -+ * builtin_add_overflow uses compiler builtins (when available) and should -+ * be considerably faster. As builtins are not available for all types, -+ * builtin_add_overflow falls back to fallback_add_overflow when no builtin -+ * is available. -+ */ -+ namespace Internal -+ { -+ /*! -+ * @brief Helper struct to determine whether a type is signed or unsigned -+ -+ * This struct is a backport of std::is_signed from C++11. It has a public -+ * enum with the property VALUE which is true when the type is signed or -+ * false if it is unsigned. -+ */ -+ template -+ struct is_signed -+ { -+ enum -+ { -+ VALUE = T(-1) < T(0) -+ }; -+ }; -+ -+ /*! -+ * @brief Helper struct for SFINAE, from C++11 -+ -+ * This struct has a public typedef called type typedef'd to T if B is -+ * true. Otherwise there is no typedef. -+ */ -+ template -+ struct enable_if -+ { -+ }; -+ -+ /*! -+ * @brief Specialization of enable_if for the case B == true -+ */ -+ template -+ struct enable_if -+ { -+ typedef T type; -+ }; -+ -+ /*! -+ * @brief Fallback overflow checker, specialized via SFINAE -+ * -+ * This struct implements a 'fallback' addition with an overflow check, -+ * i.e. it does not rely on compiler intrinsics. It is specialized via -+ * SFINAE for signed and unsigned integer types and provides a public -+ * static member function add. -+ */ -+ template -+ struct fallback_add_overflow; -+ -+ /*! -+ * @brief Overload of fallback_add_overflow for signed integers -+ */ -+ template -+ struct fallback_add_overflow::VALUE>::type> -+ { -+ /*! -+ * @brief Adds the two summands only if no overflow occurs -+ * -+ * This function performs a check if summand_1 + summand_2 would -+ * overflow and returns true in that case. If no overflow occurs, -+ * the sum is saved in result and false is returned. -+ * -+ * @return true on overflow, false on no overflow -+ * -+ * The check for an overflow is performed before the addition to -+ * ensure that no undefined behavior occurs. The value in result is -+ * only valid when the function returns false. -+ * -+ * Further information: -+ * https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow -+ */ -+ static bool add(T summand_1, T summand_2, T& result) -+ { -+ if (((summand_2 >= 0) && (summand_1 > std::numeric_limits::max() - summand_2)) || -+ ((summand_2 < 0) && (summand_1 < std::numeric_limits::min() - summand_2))) { -+ return true; -+ } else { -+ result = summand_1 + summand_2; -+ return false; -+ } -+ } -+ }; -+ -+ /*! -+ * @brief Overload of fallback_add_overflow for unsigned integers -+ */ -+ template -+ struct fallback_add_overflow::VALUE>::type> -+ { -+ /*! -+ * @brief Adds the two summands only if no overflow occurs -+ * -+ * This function performs a check if summand_1 + summand_2 would -+ * overflow and returns true in that case. If no overflow occurs, -+ * the sum is saved in result and false is returned. -+ * -+ * @return true on overflow, false on no overflow -+ * -+ * Further information: -+ * https://wiki.sei.cmu.edu/confluence/display/c/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap -+ */ -+ static bool add(T summand_1, T summand_2, T& result) -+ { -+ if (summand_1 > std::numeric_limits::max() - summand_2) { -+ return true; -+ } else { -+ result = summand_1 + summand_2; -+ return false; -+ } -+ } -+ }; -+ -+ /*! -+ * @brief Overflow checker using compiler intrinsics -+ * -+ * This struct provides an add function with the same interface & -+ * behavior as fallback_add_overload::add but it relies on compiler -+ * intrinsics instead. This version should be considerably faster than -+ * the fallback version as it can fully utilize available CPU -+ * instructions & the compiler's diagnostic. -+ * -+ * However, as some compilers don't provide intrinsics for certain -+ * types, the default implementation of add is the version from falback. -+ * -+ * The struct is explicitly specialized for each type via #ifdefs for -+ * each compiler. -+ */ -+ template -+ struct builtin_add_overflow -+ { -+ /*! -+ * @brief Add summand_1 and summand_2 and check for overflows. -+ * -+ * This is the default add() function that uses -+ * fallback_add_overflow::add(). All specializations must have -+ * exactly the same interface and behave the same way. -+ */ -+ static inline bool add(T summand_1, T summand_2, T& result) -+ { -+ return fallback_add_overflow::add(summand_1, summand_2, result); -+ } -+ }; -+ -+#if defined(__GNUC__) || defined(__clang__) -+#if __GNUC__ >= 5 -+ -+/*! -+ * This macro pastes a specialization of builtin_add_overflow using gcc's & -+ * clang's __builtin_(s/u)add(l)(l)_overlow() -+ * -+ * The add function is implemented by forwarding the parameters to the intrinsic -+ * and returning its value. -+ * -+ * The intrinsics are documented here: -+ * https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html#Integer-Overflow-Builtins -+ */ -+#define SPECIALIZE_builtin_add_overflow(type, builtin_name) \ -+ template <> \ -+ struct builtin_add_overflow \ -+ { \ -+ static inline bool add(type summand_1, type summand_2, type& result) \ -+ { \ -+ return builtin_name(summand_1, summand_2, &result); \ -+ } \ -+ } -+ -+ SPECIALIZE_builtin_add_overflow(int, __builtin_sadd_overflow); -+ SPECIALIZE_builtin_add_overflow(long, __builtin_saddl_overflow); -+ SPECIALIZE_builtin_add_overflow(long long, __builtin_saddll_overflow); -+ -+ SPECIALIZE_builtin_add_overflow(unsigned int, __builtin_uadd_overflow); -+ SPECIALIZE_builtin_add_overflow(unsigned long, __builtin_uaddl_overflow); -+ SPECIALIZE_builtin_add_overflow(unsigned long long, __builtin_uaddll_overflow); -+ -+#undef SPECIALIZE_builtin_add_overflow -+#endif -+ -+#elif defined(_MSC_VER) -+ -+/*! -+ * This macro pastes a specialization of builtin_add_overflow using MSVC's -+ * U(Int/Long/LongLong)Add. -+ * -+ * The add function is implemented by forwarding the parameters to the -+ * intrinsic. As MSVC's intrinsics return S_OK on success, this specialization -+ * returns whether the intrinsics return value does not equal S_OK. This ensures -+ * a uniform interface of the add function (false is returned when no overflow -+ * occurs, true on overflow). -+ * -+ * The intrinsics are documented here: -+ * https://msdn.microsoft.com/en-us/library/windows/desktop/ff516460(v=vs.85).aspx -+ */ -+#define SPECIALIZE_builtin_add_overflow_WIN(type, builtin_name) \ -+ template <> \ -+ struct builtin_add_overflow \ -+ { \ -+ static inline bool add(type summand_1, type summand_2, type& result) \ -+ { \ -+ return builtin_name(summand_1, summand_2, &result) != S_OK; \ -+ } \ -+ } -+ -+ SPECIALIZE_builtin_add_overflow_WIN(unsigned int, UIntAdd); -+ SPECIALIZE_builtin_add_overflow_WIN(unsigned long, ULongAdd); -+ SPECIALIZE_builtin_add_overflow_WIN(unsigned long long, ULongLongAdd); -+ -+#undef SPECIALIZE_builtin_add_overflow_WIN -+ -+#endif -+ -+ } // namespace Internal -+ -+ /*! -+ * @brief Safe addition, throws an exception on overflow. -+ * -+ * This function returns the result of summand_1 and summand_2 only when the -+ * operation would not overflow, otherwise an exception of type -+ * std::overflow_error is thrown. -+ * -+ * @param[in] summand_1, summand_2 summands to be summed up -+ * @return the sum of summand_1 and summand_2 -+ * @throws std::overflow_error if the addition would overflow -+ * -+ * This function utilizes compiler builtins when available and should have a -+ * very small performance hit then. When builtins are unavailable, a more -+ * extensive check is required. -+ * -+ * Builtins are available for the following configurations: -+ * - GCC/Clang for signed and unsigned int, long and long long (not char & short) -+ * - MSVC for unsigned int, long and long long -+ */ -+ template -+ T add(T summand_1, T summand_2) -+ { -+ T res = 0; -+ if (Internal::builtin_add_overflow::add(summand_1, summand_2, res)) { -+ throw std::overflow_error("Overflow in addition"); -+ } -+ return res; -+ } -+ -+} // namespace Safe -+ -+#endif // SAFE_OP_HPP_ diff --git a/SOURCES/exiv2-CVE-2017-5772.patch b/SOURCES/exiv2-CVE-2017-5772.patch deleted file mode 100644 index f553d7d..0000000 --- a/SOURCES/exiv2-CVE-2017-5772.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff --git a/src/cr2image.cpp b/src/cr2image.cpp -index 516e170..8a752b0 100644 ---- a/src/cr2image.cpp -+++ b/src/cr2image.cpp -@@ -107,8 +107,6 @@ namespace Exiv2 { - throw Error(3, "CR2"); - } - clearMetadata(); -- std::ofstream devnull; -- printStructure(devnull, kpsRecursive, 0); - ByteOrder bo = Cr2Parser::decode(exifData_, - iptcData_, - xmpData_, -diff --git a/src/crwimage.cpp b/src/crwimage.cpp -index 232919c..58240fd 100644 ---- a/src/crwimage.cpp -+++ b/src/crwimage.cpp -@@ -131,15 +131,8 @@ namespace Exiv2 { - throw Error(33); - } - clearMetadata(); -- // read all metadata into memory -- // we should put this into clearMetadata(), however it breaks the test suite! -- try { -- std::ofstream devnull; -- printStructure(devnull,kpsRecursive,0); -- } catch (Exiv2::Error& /* e */) { -- DataBuf file(io().size()); -- io_->read(file.pData_,file.size_); -- } -+ DataBuf file( (long) io().size()); -+ io_->read(file.pData_,file.size_); - - CrwParser::decode(this, io_->mmap(), io_->size()); - -diff --git a/src/orfimage.cpp b/src/orfimage.cpp -index 25651bd..9bd7a02 100644 ---- a/src/orfimage.cpp -+++ b/src/orfimage.cpp -@@ -119,8 +119,6 @@ namespace Exiv2 { - throw Error(3, "ORF"); - } - clearMetadata(); -- std::ofstream devnull; -- printStructure(devnull, kpsRecursive, 0); - ByteOrder bo = OrfParser::decode(exifData_, - iptcData_, - xmpData_, -diff --git a/src/rw2image.cpp b/src/rw2image.cpp -index 07de437..5922602 100644 ---- a/src/rw2image.cpp -+++ b/src/rw2image.cpp -@@ -130,8 +130,6 @@ namespace Exiv2 { - throw Error(3, "RW2"); - } - clearMetadata(); -- std::ofstream devnull; -- printStructure(devnull, kpsRecursive, 0); - ByteOrder bo = Rw2Parser::decode(exifData_, - iptcData_, - xmpData_, -diff --git a/src/tiffimage.cpp b/src/tiffimage.cpp -index de66068..98da12b 100644 ---- a/src/tiffimage.cpp -+++ b/src/tiffimage.cpp -@@ -185,10 +185,6 @@ namespace Exiv2 { - } - clearMetadata(); - -- // recursively print the structure to /dev/null to ensure all metadata is in memory -- // must be recursive to handle NEFs which stores the raw image in a subIFDs -- std::ofstream devnull; -- printStructure(devnull,kpsRecursive,0); - ByteOrder bo = TiffParser::decode(exifData_, - iptcData_, - xmpData_, -@@ -200,7 +196,7 @@ namespace Exiv2 { - Exiv2::ExifKey key("Exif.Image.InterColorProfile"); - Exiv2::ExifData::iterator pos = exifData_.findKey(key); - if ( pos != exifData_.end() ) { -- iccProfile_.alloc(pos->count()); -+ iccProfile_.alloc(pos->count()*pos->typeSize()); - pos->copy(iccProfile_.pData_,bo); - } - diff --git a/SOURCES/exiv2-doxygen.patch b/SOURCES/exiv2-doxygen.patch deleted file mode 100644 index 9508b97..0000000 --- a/SOURCES/exiv2-doxygen.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up exiv2-trunk/config/Doxyfile.doxygen exiv2-trunk/config/Doxyfile ---- exiv2-trunk/config/Doxyfile.doxygen 2017-05-02 09:17:33.631909015 -0500 -+++ exiv2-trunk/config/Doxyfile 2017-05-02 09:18:03.019200824 -0500 -@@ -1688,7 +1688,7 @@ HIDE_UNDOC_RELATIONS = YES - # toolkit from AT&T and Lucent Bell Labs. The other options in this section - # have no effect if this option is set to NO (the default) - --HAVE_DOT = YES -+#HAVE_DOT = YES - - # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is - # allowed to run in parallel. When set to 0 (the default) doxygen will -@@ -1705,7 +1705,7 @@ DOT_NUM_THREADS = 0 - # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the - # directory containing the font. - --DOT_FONTNAME = Arial -+#DOT_FONTNAME = Arial - - # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. - # The default size is 10pt. diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec index d9ad662..1c40614 100644 --- a/SPECS/exiv2.spec +++ b/SPECS/exiv2.spec @@ -1,23 +1,30 @@ Summary: Exif and Iptc metadata manipulation library Name: exiv2 -Version: 0.26 -Release: 3%{?dist} +Version: 0.27.0 +Release: 2%{?dist} License: GPLv2+ URL: http://www.exiv2.org/ -Source0: http://www.exiv2.org/builds/exiv2-%{version}-trunk.tar.gz - -## upstream patches (lookaside cache) -Patch6: 0006-1296-Fix-submitted.patch - -Patch10: exiv2-CVE-2017-17723.patch -Patch11: exiv2-CVE-2017-17725.patch -Patch12: exiv2-CVE-2017-5772.patch - -## upstreamable patches -Patch100: exiv2-doxygen.patch - +#Source0: https://github.com/Exiv2/%{name}/archive/exiv2-%{version}.tar.gz +Source0: http://exiv2.org/builds/%{name}-%{version}a-Source.tar.gz + +## upstream patches +Patch22: 0022-cmake-man-pages-only-installed-with-the-exiv2-app.patch +Patch35: 0035-cmake-ignore-warnings-about-missing-PDB-files-in-3rd.patch +Patch64: 0064-cmake-Rename-xmp-to-exiv2-xmp-to-avoid-name-conflict.patch +Patch65: 0065-cmake-Install-header-files-without-globbing.patch +Patch66: 0066-cmake-Use-correct-installation-dir-for-generated-doc.patch +Patch67: 0067-cmake-Use-correct-installation-dir-for-cmake-config-.patch +Patch68: 0068-xmpsdk-Build-with-DBanAllEntityUsage-1.patch +Patch69: 0069-xmpsdk-Fix-compile-warnings-in-ExpatAdapter.cpp.patch +Patch79: 0079-Fixes-in-.pc-file-for-being-compatible-with-more-dis.patch + +%if 0%{?rhel} == 7 +BuildRequires: llvm-toolset-7-cmake +%else +BuildRequires: cmake +%endif BuildRequires: expat-devel BuildRequires: gettext BuildRequires: pkgconfig @@ -28,7 +35,6 @@ BuildRequires: doxygen graphviz libxslt Requires: %{name}-libs%{?_isa} = %{version}-%{release} - %description A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, @@ -49,6 +55,12 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %package libs Summary: Exif and Iptc metadata manipulation library +# not strictly required, but convenient and expected +%if 0%{?rhel} && 0%{?rhel} <= 7 +Requires: %{name} = %{version}-%{release} +%else +Recommends: %{name} = %{version}-%{release} +%endif %description libs A C++ library to access image metadata, supporting full read and write access to the Exif and Iptc metadata, Exif MakerNote support, extract and delete @@ -62,55 +74,41 @@ BuildArch: noarch %prep -%autosetup -n %{name}-trunk -p1 +%autosetup -n %{name}-%{version}-Source -p1 %build -# exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage -# https://bugzilla.redhat.com/show_bug.cgi?id=888769 -export CPPFLAGS="-DBanAllEntityUsage=1" - -%configure \ - --disable-rpath \ - --disable-static +%if 0%{?rhel} == 7 +source /opt/rh/llvm-toolset-7/enable +%define __cmake /opt/rh/llvm-toolset-7/root/usr/bin/cmake +%endif -# rpath -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool +%{cmake} . \ + -DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \ + -DEXIV2_BUILD_DOC:BOOL=ON \ + -DEXIV2_BUILD_PO:BOOL=ON \ + -DEXIV2_BUILD_SAMPLES:BOOL=OFF -make %{?_smp_mflags} -make doc -k ||: +%make_build +%make_build doc %install -rm -rf %{buildroot} - -make install DESTDIR=%{buildroot} - -%find_lang exiv2 - -## Unpackaged files -rm -fv %{buildroot}%{_libdir}/libexiv2.la - -## fix perms on installed lib -ls -l %{buildroot}%{_libdir}/libexiv2.so.* -chmod 755 %{buildroot}%{_libdir}/libexiv2.so.* - +make install/fast DESTDIR=%{buildroot} %find_lang exiv2 --with-man ## unpackaged files rm -fv %{buildroot}%{_libdir}/libexiv2.la +#rm -fv %{buildroot}%{_libdir}/pkgconfig/exiv2.lsm %check -export PKG_CONFIG_PATH=%{buildroot}%{_libdir}/pkgconfig +export PKG_CONFIG_PATH="%{buildroot}%{_libdir}/pkgconfig${PKG_CONFIG_PATH:+:}${PKG_CONFIG_PATH}" test "$(pkg-config --modversion exiv2)" = "%{version}" +test "$(pkg-config --variable=libdir exiv2)" = "%{_libdir}" test -x %{buildroot}%{_libdir}/libexiv2.so %files -f exiv2.lang %license COPYING -%doc doc/ChangeLog -# README is mostly installation instructions -#doc README %{_bindir}/exiv2 %{_mandir}/man1/exiv2*.1* @@ -118,17 +116,29 @@ test -x %{buildroot}%{_libdir}/libexiv2.so %postun libs -p /sbin/ldconfig %files libs -%{_libdir}/libexiv2.so.26* +%{_libdir}/libexiv2.so.27* +%{_libdir}/libexiv2.so.%{version} %files devel %{_includedir}/exiv2/ %{_libdir}/libexiv2.so %{_libdir}/pkgconfig/exiv2.pc +%{_libdir}/cmake/exiv2/ +%{_libdir}/libexiv2-xmp.a %files doc -%doc doc/html +%{_pkgdocdir}/ + %changelog +* Mon Feb 04 2019 Jan Grulich - 0.27.0-2 +- Minor improvements + Resolves: bz#1652637 + +* Tue Jan 15 2019 Jan Grulich - 0.27.0-1 +- Exiv2 0.27.0 + Resolves: bz#1652637 + * Fri Feb 23 2018 Jan Grulich - 0.26-3 - Fix uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() which can allow a remote attacker to cause a denial of service via a crafted tif file