[Bug 277146] graphics/exiv2: Update to 0.28.2

Discussion:

(too old to reply)

b***@freebsd.org

2024-02-18 18:50:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

Bug ID: 277146
Summary: graphics/exiv2: Update to 0.28.2
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/Change
Log
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ***@FreeBSD.org
Reporter: ***@FreeBSD.org
CC: ***@FreeBSD.org, ***@FreeBSD.org,
***@FreeBSD.org
Assignee: ***@FreeBSD.org
Flags: maintainer-feedback?(***@FreeBSD.org)

Created attachment 248573
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=248573&action=edit
Patch for exiv2

Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make
check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make
check-plist, make test)

References:
https://www.cve.org/CVERecord?id=CVE-2024-24826
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://www.cve.org/CVERecord?id=CVE-2023-44398

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
graphics/gimp-lensfun-plugin
astro/gpscorrelate
astro/merkaartor
astro/siril
astro/stellarium
deskutils/gnome-photos
deskutils/pinot
devel/kf5-kfilemetadata
graphics/art
graphics/darktable
graphics/digikam
graphics/filmulator
graphics/geeqie
graphics/gexiv2
graphics/gthumb
graphics/gwenview
graphics/gwenview-devel
graphics/hugin
graphics/kphotoalbum
graphics/krita
graphics/libkexiv2
graphics/libkexiv2-devel
graphics/luminance-qt5
graphics/lux
graphics/nomacs
graphics/oyranos
graphics/photivo
graphics/photoqt
graphics/phototonic
graphics/qgis
graphics/qgis-ltr
graphics/rawstudio
graphics/shotwell
graphics/ufraw
graphics/viewnior
multimedia/mythtv
net/gerbera
sysutils/bulk_extractor
sysutils/krename

--
You are receiving this mail because:
You are the assignee for the bug.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

b***@freebsd.org

2024-02-18 18:50:21 UTC

Permalink

Bugzilla Automation <***@FreeBSD.org> has asked freebsd-multimedia
(Nobody) <***@FreeBSD.org> for maintainer-feedback:
Bug 277146: graphics/exiv2: Update to 0.28.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

--- Description ---
Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make
check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make
check-plist, make test)

References:
https://www.cve.org/CVERecord?id=CVE-2024-24826
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://www.cve.org/CVERecord?id=CVE-2023-44398

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
graphics/gimp-lensfun-plugin
astro/gpscorrelate
astro/merkaartor
astro/siril
astro/stellarium
deskutils/gnome-photos
deskutils/pinot
devel/kf5-kfilemetadata
graphics/art
graphics/darktable
graphics/digikam
graphics/filmulator
graphics/geeqie
graphics/gexiv2
graphics/gthumb
graphics/gwenview
graphics/gwenview-devel
graphics/hugin
graphics/kphotoalbum
graphics/krita
graphics/libkexiv2
graphics/libkexiv2-devel
graphics/luminance-qt5
graphics/lux
graphics/nomacs
graphics/oyranos
graphics/photivo
graphics/photoqt
graphics/phototonic
graphics/qgis
graphics/qgis-ltr
graphics/rawstudio
graphics/shotwell
graphics/ufraw
graphics/viewnior
multimedia/mythtv
net/gerbera
sysutils/bulk_extractor
sysutils/krename

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

b***@freebsd.org

2024-02-18 18:56:34 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

--- Comment #1 from Daniel Engberg <***@FreeBSD.org> ---
If you can have a look and do some smoke tests I'd appreciate it.

b***@freebsd.org

2024-02-23 17:57:18 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

--- Comment #2 from Matthias Andree <***@FreeBSD.org> ---
graphics/rawtherapee has just been added to the users' list. I have committed
the 5.10 update to rawtherapee, and it has now become Exiv2 user.
https://cgit.freebsd.org/ports/commit/?id=7e027ece12342fab2bd29ce325c4a6109677ae8a

b***@freebsd.org

2024-03-06 21:05:54 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

--- Comment #3 from commit-***@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=5a50cca81b15dee32598825a11b7a136fbfa0de6

commit 5a50cca81b15dee32598825a11b7a136fbfa0de6
Author: Daniel Engberg <***@FreeBSD.org>
AuthorDate: 2024-03-06 21:02:43 +0000
Commit: Daniel Engberg <***@FreeBSD.org>
CommitDate: 2024-03-06 21:04:53 +0000

graphics/exiv2: Update to 0.28.2

Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Changelog:
https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/ChangeLog

PR: 277146
Sponsored by: Blinkinblox

graphics/exiv2/Makefile | 26 ++-----
graphics/exiv2/distinfo | 18 +----
.../files/patch-_MSVC_LANG-warning-Wundef (gone) | 84 ----------------------
graphics/exiv2/files/patch-src_version.cpp (gone) | 16 -----
graphics/exiv2/pkg-plist | 5 +-
5 files changed, 13 insertions(+), 136 deletions(-)

b***@freebsd.org

2024-03-06 21:13:32 UTC

Permalink