Bug 256803 - graphics/exiv2: Update to 0.27.4 (bug and security fixes)
Summary: graphics/exiv2: Update to 0.27.4 (bug and security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tobias C. Berner
URL: https://github.com/Exiv2/exiv2/issues...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-24 10:58 UTC by Daniel Engberg
Modified: 2021-07-06 20:13 UTC (History)
2 users (show)

See Also:
tcberner: maintainer-feedback+
antoine: exp-run+


Attachments
Patch for exiv2 (4.99 KB, patch)
2021-06-24 10:58 UTC, Daniel Engberg
no flags Details | Diff
VuXML entry (3.06 KB, patch)
2021-06-30 18:09 UTC, Daniel Engberg
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer 2021-06-24 10:58:32 UTC
Created attachment 226029 [details]
Patch for exiv2

Update exiv2 to 0.27.4

Addressed CVEs (compared to 0.27.3 unpatched)
CVE-2021-29457
CVE-2021-29458
CVE-2021-29463
CVE-2021-29464
CVE-2021-29470
CVE-2021-29473
CVE-2021-29623
CVE-2021-32617
CVE-2021-3482

Backport commit c069e36605f05e8e58bf964e5ecbde04efb90a20 to fix compilation with Googletest >= 1.11.0

Compile tested on 13.0-STABLE #0 stable/13-n245227-5ec4eb443e8 (amd64) (make, make check-plist, make test)
Poudriere testport OK 12.2-RELEASE (amd64)
Poudriere testport OK 11.4-RELEASE (amd64)
Comment 1 Daniel Engberg freebsd_committer 2021-06-24 10:58:55 UTC
I also briefly tested this with Gerbera and it appears to work fine
Comment 2 Daniel Engberg freebsd_committer 2021-06-24 11:02:30 UTC
I'll try to write up a vuxml entry in a few days unless someone beats me to it.
Comment 3 Daniel Engberg freebsd_committer 2021-06-30 18:09:16 UTC
Created attachment 226137 [details]
VuXML entry

VuXML entry
Comment 4 Tobias C. Berner freebsd_committer 2021-07-04 17:39:01 UTC
Moin moin 

multimedia@ would like to ask for an exp-run of the attached patch.


mfg Tobias
Comment 5 commit-hook freebsd_committer 2021-07-04 20:57:12 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0e1cf83190b530cb73a9c086a4a2ca1d30776996

commit 0e1cf83190b530cb73a9c086a4a2ca1d30776996
Author:     Daniel Engberg <daniel.engberg.lists@pyret.net>
AuthorDate: 2021-07-04 20:55:14 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-07-04 20:55:52 +0000

    security/vuxml: document vulnerabilities in graphics/exiv2

    PR:     256803

 security/vuxml/vuln-2021.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
Comment 6 Antoine Brodin freebsd_committer 2021-07-06 19:09:58 UTC
Exp-run looks fine
Comment 7 commit-hook freebsd_committer 2021-07-06 20:13:08 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0317bd0d24c06dd611c764b237462c62c4b92e95

commit 0317bd0d24c06dd611c764b237462c62c4b92e95
Author:     Daniel Engberg <daniel.engberg.lists@pyret.net>
AuthorDate: 2021-07-06 20:06:33 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-07-06 20:11:41 +0000

    graphics/exiv2: update to 0.27.4

    Exiv2 v0.27.4 Features:

     1.   bmff support (.CR3, .AVIF, .HEIC, .HIF, .JXL/bmff) files.
     2.   Rewrite 0.27 bash test scripts in python.
     3.   Support for Exif 2.32 and DNG 1.6.
     4.   Crowdin Localisation Support
     5.   Completion of Image Metadata and Exiv2 Architecture https://clanmills.com/exiv2/book/
     6.   Improved documentation.
     7.   Various minor bugs and fixes.
     8.   RC3 issued to deal with 12 security issues. After 18 months without a CVE, we were attacked between RC2 and GM.
     9.   Security policy defined and published on GitHub.

    PR:             256803
    Exp-run by:     antoine

 graphics/exiv2/Makefile                            |  6 +++--
 graphics/exiv2/distinfo                            |  6 ++---
 .../files/patch-cmake_compilerFlags.cmake (gone)   | 15 -----------
 ...-c069e36605f05e8e58bf964e5ecbde04efb90a20 (new) | 30 ++++++++++++++++++++++
 graphics/exiv2/pkg-plist                           |  4 +--
 5 files changed, 39 insertions(+), 22 deletions(-)
Comment 8 commit-hook freebsd_committer 2021-07-06 20:13:09 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=febddefea7957e6c49d7608af398aa12413e3068

commit febddefea7957e6c49d7608af398aa12413e3068
Author:     Daniel Engberg <daniel.engberg.lists@pyret.net>
AuthorDate: 2021-07-06 20:06:33 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-07-06 20:12:27 +0000

    graphics/exiv2: update to 0.27.4

    Exiv2 v0.27.4 Features:

     1.   bmff support (.CR3, .AVIF, .HEIC, .HIF, .JXL/bmff) files.
     2.   Rewrite 0.27 bash test scripts in python.
     3.   Support for Exif 2.32 and DNG 1.6.
     4.   Crowdin Localisation Support
     5.   Completion of Image Metadata and Exiv2 Architecture https://clanmills.com/exiv2/book/
     6.   Improved documentation.
     7.   Various minor bugs and fixes.
     8.   RC3 issued to deal with 12 security issues. After 18 months without a CVE, we were attacked between RC2 and GM.
     9.   Security policy defined and published on GitHub.

    PR:             256803
    Exp-run by:     antoine

    (cherry picked from commit 0317bd0d24c06dd611c764b237462c62c4b92e95)

 graphics/exiv2/Makefile                            |  6 +++--
 graphics/exiv2/distinfo                            |  6 ++---
 .../files/patch-cmake_compilerFlags.cmake (gone)   | 15 -----------
 ...-c069e36605f05e8e58bf964e5ecbde04efb90a20 (new) | 30 ++++++++++++++++++++++
 graphics/exiv2/pkg-plist                           |  4 +--
 5 files changed, 39 insertions(+), 22 deletions(-)
Comment 9 Tobias C. Berner freebsd_committer 2021-07-06 20:13:37 UTC
Committed, thanks for the patch and for the exp-run.