.exiv2.metadata

@@ -1 +1 @@
-376bd1d77e472251d0aeb2f7031163d932df438f SOURCES/exiv2-0.28.3.tar.gz
+775f9c5ddeb92b682da8b7737f9811009595dc6a SOURCES/exiv2-0.27.5-Source.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/exiv2-0.28.3.tar.gz
+SOURCES/exiv2-0.27.5-Source.tar.gz

SOURCES/exiv2-no-rpath.patch

@@ -1,8 +1,8 @@
 diff --git a/cmake/mainSetup.cmake b/cmake/mainSetup.cmake
-index 1ea9deb..36253d1 100644
+index fcaa21f..f69fc46 100644
 --- a/cmake/mainSetup.cmake
 +++ b/cmake/mainSetup.cmake
-@@ -26,8 +26,6 @@ if (UNIX)
+@@ -23,8 +23,6 @@ if (UNIX)
      if (APPLE)
          set(CMAKE_MACOSX_RPATH ON)
          set(CMAKE_INSTALL_RPATH "@loader_path")

SPECS/exiv2.spec

@@ -1,41 +1,37 @@
+
+%undefine __cmake_in_source_build
+
+Summary: Exif and Iptc metadata manipulation library
 Name:    exiv2
-Version:        0.28.3
+Version: 0.27.5
+%global internal_ver %{version}
 Release: 2%{?dist}
-Summary:        Exif and Iptc metadata manipulation library
 
-# GPL-2.0-or-later: main library
+License: GPLv2+
-# BSD-3-Clause: xmpsdk/
-# LicenseRef-Fedora-Public-Domain:
-#  - app/getopt.cpp
-#  - src/properties.cpp
-#  - src/tzfile.h
-#  - xmpsdk/include/MD5.h
-#  - xmpsdk/src/MD5.cpp
-License:        GPL-2.0-or-later AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain
 URL:     http://www.exiv2.org/
-VCS:            https://github.com/Exiv2/exiv2/
 %if 0%{?beta:1}
-Source:         %{vcs}/archive/v%{version}-%{beta}/%{name}-%{version}-%{beta}.tar.gz
+Source0: https://github.com/Exiv2/%{name}/archive/v%{version}-%{beta}.tar.gz
 %else
-Source:         %{vcs}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0: http://exiv2.org/builds/%{name}-%{version}-Source.tar.gz
 %endif
 
+## upstream patches
+
+## security fixes
+
+## upstreamable patches
 Patch0: exiv2-no-rpath.patch
 
 BuildRequires: cmake
+BuildRequires: expat-devel
 BuildRequires: gcc-c++
 BuildRequires: gettext
 BuildRequires: pkgconfig
-BuildRequires:  pkgconfig(expat)
+BuildRequires: zlib-devel
-BuildRequires:  pkgconfig(INIReader)
-BuildRequires:  pkgconfig(libbrotlidec)
-BuildRequires:  pkgconfig(zlib)
 # docs
-BuildRequires:  doxygen
+BuildRequires: doxygen graphviz libxslt
-BuildRequires:  graphviz
-BuildRequires:  libxslt
 
-Requires:       %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
 %description
 A command line utility to access image metadata, allowing one to:
@@ -49,163 +45,152 @@ A command line utility to access image metadata, allowing one to:
 * extract, insert and delete Exif metadata (including thumbnails),
   Iptc metadata and Jpeg comments
 
-
 %package devel
 Summary: Header files, libraries and development documentation for %{name}
-Requires:     %{name}-libs%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-
 %description devel
 %{summary}.
 
-
 %package libs
 Summary: Exif and Iptc metadata manipulation library
 # not strictly required, but convenient and expected
 %if 0%{?rhel} && 0%{?rhel} <= 7
-Requires:     %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires: %{name} = %{version}-%{release}
 %else
-Recommends:   %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+Recommends: %{name} = %{version}-%{release}
 %endif
-
 %description libs
 A C++ library to access image metadata, supporting full read and write access
 to the Exif and Iptc metadata, Exif MakerNote support, extract and delete
 methods for Exif thumbnails, classes to access Ifd and so on.
 
-
 %package doc
-Summary:      API documentation for %{name}
+Summary: Api documentation for %{name}
-# MIT:
-# - clipboard.js
-# - cookie.js
-# - dynsections.js
-# - jquery.js
-# - menu.js
-# - menudata.js
-# - resize.js
-# GPL-2.0-only:
-# - css and icons from Doxygen
-License:      MIT AND GPL-2.0-only
 BuildArch: noarch
-
 %description doc
 %{summary}.
 
-API documentation for %{name}.
-
-
 %prep
-%autosetup -n %{name}-%{version}%{?beta:-%{beta}} -p1
+%autosetup -n %{name}-%{version}-%{?beta}%{!?beta:Source} -p1
-
 
 %build
 %cmake \
   -DCMAKE_INSTALL_DOCDIR="%{_pkgdocdir}" \
   -DEXIV2_BUILD_DOC:BOOL=ON \
-  -DEXIV2_BUILD_SAMPLES:BOOL=OFF \
+  -DEXIV2_ENABLE_NLS:BOOL=ON \
-  -DEXIV2_ENABLE_NLS:BOOL=ON
+  -DEXIV2_BUILD_SAMPLES:BOOL=OFF
+
 %cmake_build
 %cmake_build --target doc
 
 
 %install
 %cmake_install
+
 %find_lang exiv2 --with-man
 
 
 %check
 export PKG_CONFIG_PATH="%{buildroot}%{_libdir}/pkgconfig${PKG_CONFIG_PATH:+:}${PKG_CONFIG_PATH}"
-test "$(pkg-config --modversion exiv2)" = "%{version}"
+test "$(pkg-config --modversion exiv2)" = "%{internal_ver}"
 test "$(pkg-config --variable=libdir exiv2)" = "%{_libdir}"
 test -x %{buildroot}%{_libdir}/libexiv2.so
 
 
 %files -f exiv2.lang
-%license COPYING doc/COPYING-XMPSDK
+%license COPYING
-%doc doc/ChangeLog exiv2.md SECURITY.md
+%doc doc/ChangeLog
+# README is mostly installation instructions
+#doc README.md
 %{_bindir}/exiv2
 %{_mandir}/man1/exiv2*.1*
 
+%ldconfig_scriptlets libs
 
 %files libs
-%{_libdir}/libexiv2.so.28*
+%{_libdir}/libexiv2.so.27*
-%{_libdir}/libexiv2.so.%{version}
+%{_libdir}/libexiv2.so.%{internal_ver}
-
 
 %files devel
 %{_includedir}/exiv2/
-%{_libdir}/cmake/exiv2/
 %{_libdir}/libexiv2.so
 %{_libdir}/pkgconfig/exiv2.pc
-
+%{_libdir}/cmake/exiv2/
+# todo: -static subpkg?  -- rex
+%{_libdir}/libexiv2-xmp.a
 
 %files doc
 %{_pkgdocdir}/
-
+%exclude %{_pkgdocdir}/ChangeLog
 
 
 %changelog
-* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-2
+* Mon Nov 15 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-2
-- Backport RHEL9 patch for RPATH
+- Remove RPATH
-  Resolves: RHEL-45267
+  Resolves: bz#2018421
-
-* Tue Aug 06 2024 Jan Grulich <jgrulich@redhat.com> - 0.28.3-1
-- 0.28.3
-  Resolves: RHEL-45267
-
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.27.6-8
-- Bump release for June 2024 mass rebuild
-
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-6
+* Fri Nov 12 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.5-1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- Exiv2 0.27.5
+  Resolves: bz#2018421
 
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.6-5
+  Fix stack exhaustion issue in the printIFDStructure function leading to DoS
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+  Resolves: bz#2003670
 
-* Tue Jan 31 2023 Jan Grulich <jgrulich@redhat.com> - 0.27.6-1
+* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-7
-- 0.27.6
+- Properly install POC files
-- migrated to SPDX license
+  Resolves: bz#1993247
+  Resolves: bz#1993284
 
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-4
+* Tue Aug 24 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+- Include missing tests for CVEs
+  Resolves: bz#1993247
+  Resolves: bz#1993284
 
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-3
+* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+- Fix test for CVE-2021-29470
+  Resolves: bz#1993284
 
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.5-2
+* Wed Aug 18 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+- Fix out-of-bounds read in Exiv2::Jp2Image::printStructure
+  Resolves: bz#1993247
 
-* Wed Oct 27 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-1
+- Fix out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
-- 0.27.5 (final)
+  Resolves: bz#1993284
 
-* Mon Oct 04 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.3.RC3
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.4-3
-- 0.27-5-RC3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Fri Sep 10 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.2.RC2
+* Thu Aug 05 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-2
-- 0.27.5-RC2 (#2003208)
+- Do not duplicate changelog file
+  Resolves: bz#1989848
 
-* Wed Aug 11 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.5-0.1.RC1
+* Wed Aug 04 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.4-1
-- 0.27.5-RC1 (#1992344)
+- 0.27.4
+  Resolves: bz#1989848
 
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.4-2
+* Tue Jun 01 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Bump version for rebuild (binutils)
+  Resolves: bz#1964183
+  Resolves: bz#1964189
 
-* Fri Jun 18 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.27.4-1
+* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-8
-- 0.27.4 (#1941230)
-
-* Tue May 25 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
 - CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak
-  CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
+  Resolves: bz#1964183
+
+- CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion
+  Resolves: bz#1964189
 
-* Thu Apr 29 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-6
+* Mon May 03 2021 Jan Grulich <jgrulich@redhat.com> - 0.27.3-7
 - CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata()
   CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode
   CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata
   CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
   CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
+  Resolves: bz#1956174
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.27.3-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild