Bug 277146 - graphics/exiv2: Update to 0.28.2
Summary: graphics/exiv2: Update to 0.28.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-multimedia (Nobody)
URL: https://github.com/Exiv2/exiv2/blob/v...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-18 18:50 UTC by Daniel Engberg
Modified: 2024-03-06 21:13 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (multimedia)

Attachments
Patch for exiv2 (9.57 KB, patch)
2024-02-18 18:50 UTC, Daniel Engberg 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2024-02-18 18:50:21 UTC 
Created attachment 248573 [details]
Patch for exiv2

Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make check-plist, make test)

References:
https://www.cve.org/CVERecord?id=CVE-2024-24826
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://www.cve.org/CVERecord?id=CVE-2023-44398

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
graphics/gimp-lensfun-plugin
astro/gpscorrelate
astro/merkaartor
astro/siril
astro/stellarium
deskutils/gnome-photos
deskutils/pinot
devel/kf5-kfilemetadata
graphics/art
graphics/darktable
graphics/digikam
graphics/filmulator
graphics/geeqie
graphics/gexiv2
graphics/gthumb
graphics/gwenview
graphics/gwenview-devel
graphics/hugin
graphics/kphotoalbum
graphics/krita
graphics/libkexiv2
graphics/libkexiv2-devel
graphics/luminance-qt5
graphics/lux
graphics/nomacs
graphics/oyranos
graphics/photivo
graphics/photoqt
graphics/phototonic
graphics/qgis
graphics/qgis-ltr
graphics/rawstudio
graphics/shotwell
graphics/ufraw
graphics/viewnior
multimedia/mythtv
net/gerbera
sysutils/bulk_extractor
sysutils/krename
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2024-02-18 18:56:34 UTC 
If you can have a look and do some smoke tests I'd appreciate it.
Comment 2 Matthias Andree freebsd_committer freebsd_triage 2024-02-23 17:57:18 UTC 
graphics/rawtherapee has just been added to the users' list. I have committed the 5.10 update to rawtherapee, and it has now become Exiv2 user.
https://cgit.freebsd.org/ports/commit/?id=7e027ece12342fab2bd29ce325c4a6109677ae8a
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-03-06 21:05:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5a50cca81b15dee32598825a11b7a136fbfa0de6

commit 5a50cca81b15dee32598825a11b7a136fbfa0de6
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2024-03-06 21:02:43 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2024-03-06 21:04:53 +0000

    graphics/exiv2: Update to 0.28.2

    Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

    Changelog:
    https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/ChangeLog

    PR:             277146
    Sponsored by:   Blinkinblox

 graphics/exiv2/Makefile                            | 26 ++-----
 graphics/exiv2/distinfo                            | 18 +----
 .../files/patch-_MSVC_LANG-warning-Wundef (gone)   | 84 ----------------------
 graphics/exiv2/files/patch-src_version.cpp (gone)  | 16 -----
 graphics/exiv2/pkg-plist                           |  5 +-
 5 files changed, 13 insertions(+), 136 deletions(-)