Bug 277146

Summary: graphics/exiv2: Update to 0.28.2
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: freebsd-multimedia (Nobody) <multimedia>
Status: Closed FIXED    
Severity: Affects Only Me CC: dumbbell, fuz, mandree
Priority: --- Flags: bugzilla: maintainer-feedback? (multimedia)
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/ChangeLog
Attachments:
Description Flags
Patch for exiv2 none

Description Daniel Engberg freebsd_committer freebsd_triage 2024-02-18 18:50:21 UTC 
Created attachment 248573 [details]
Patch for exiv2

Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make check-plist, make test)

References:
https://www.cve.org/CVERecord?id=CVE-2024-24826
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://www.cve.org/CVERecord?id=CVE-2023-44398

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
graphics/gimp-lensfun-plugin
astro/gpscorrelate
astro/merkaartor
astro/siril
astro/stellarium
deskutils/gnome-photos
deskutils/pinot
devel/kf5-kfilemetadata
graphics/art
graphics/darktable
graphics/digikam
graphics/filmulator
graphics/geeqie
graphics/gexiv2
graphics/gthumb
graphics/gwenview
graphics/gwenview-devel
graphics/hugin
graphics/kphotoalbum
graphics/krita
graphics/libkexiv2
graphics/libkexiv2-devel
graphics/luminance-qt5
graphics/lux
graphics/nomacs
graphics/oyranos
graphics/photivo
graphics/photoqt
graphics/phototonic
graphics/qgis
graphics/qgis-ltr
graphics/rawstudio
graphics/shotwell
graphics/ufraw
graphics/viewnior
multimedia/mythtv
net/gerbera
sysutils/bulk_extractor
sysutils/krename
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2024-02-18 18:56:34 UTC 
If you can have a look and do some smoke tests I'd appreciate it.
Comment 2 Matthias Andree freebsd_committer freebsd_triage 2024-02-23 17:57:18 UTC 
graphics/rawtherapee has just been added to the users' list. I have committed the 5.10 update to rawtherapee, and it has now become Exiv2 user.
https://cgit.freebsd.org/ports/commit/?id=7e027ece12342fab2bd29ce325c4a6109677ae8a
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-03-06 21:05:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5a50cca81b15dee32598825a11b7a136fbfa0de6

commit 5a50cca81b15dee32598825a11b7a136fbfa0de6
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2024-03-06 21:02:43 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2024-03-06 21:04:53 +0000

    graphics/exiv2: Update to 0.28.2

    Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

    Changelog:
    https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/ChangeLog

    PR:             277146
    Sponsored by:   Blinkinblox

 graphics/exiv2/Makefile                            | 26 ++-----
 graphics/exiv2/distinfo                            | 18 +----
 .../files/patch-_MSVC_LANG-warning-Wundef (gone)   | 84 ----------------------
 graphics/exiv2/files/patch-src_version.cpp (gone)  | 16 -----
 graphics/exiv2/pkg-plist                           |  5 +-
 5 files changed, 13 insertions(+), 136 deletions(-)