Commit 42eb123f authored by Leonardo Arena's avatar Leonardo Arena

main/exiv2: security upgrade to 0.27.2

CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111,
CVE-2019-13112, CVE-2019-13113, CVE-2019-13114

Fixes #10725
parent c54edf64
From 620ef04e96f4c0d0894d976fc361588b6526a116 Mon Sep 17 00:00:00 2001
From: clanmills <robin@clanmills.com>
Date: Tue, 20 Jun 2017 20:41:30 +0100
Subject: [PATCH] https://github.com/Exiv2/exiv2/issues/9 Fix submitted.
---
src/actions.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/actions.cpp b/src/actions.cpp
index 0ebe8505..17444c5b 100644
--- a/src/actions.cpp
+++ b/src/actions.cpp
@@ -2045,9 +2045,13 @@ namespace {
#else
/* Unix/Linux/Cygwin/MacOSX */
#include <pthread.h>
+ /* This is the critical section object (statically allocated). */
#if defined(__APPLE__)
- /* This is the critical section object (statically allocated). */
- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER;
+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER)
+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER;
+ #else
+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
+ #endif
#else
static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
#endif
From d775683f579543c35463ab2a8d9425da10d2f016 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Wed, 4 Oct 2017 00:15:30 -0500
Subject: [PATCH] Amend fix for #9 to apply to other Unix systems
At least the musl libc on Linux has the same issue as Mac OS X: the
PTHREAD_RECURSIVE_* static initialiser does not exist. This is a
documented and purposeful omission:
http://www.openwall.com/lists/musl/2017/02/20/3
This commit uses similar logic to the Apple test on other Unixes.
---
src/actions.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/actions.cpp b/src/actions.cpp
index fe14de4..aa15ec7 100644
--- a/src/actions.cpp
+++ b/src/actions.cpp
@@ -2051,7 +2051,11 @@ namespace {
static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
#endif
#else
- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP)
+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
+ #else
+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
+ #endif
#endif
#endif
--
2.10.0
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=exiv2
pkgver=0.26
pkgver=0.27.2
pkgrel=0
pkgdesc="Exif and Iptc metadata manipulation library and tools."
url="http://exiv2.org"
......@@ -9,33 +9,43 @@ options="!check" # No test suite.
license="GPL-2.0-or-later"
depends=""
depends_dev="expat-dev zlib-dev"
makedepends="$depends_dev bash"
makedepends="$depends_dev cmake"
subpackages="$pkgname-dev $pkgname-doc"
source="http://exiv2.org/releases/exiv2-$pkgver-trunk.tar.gz
0000-pthread-init-fix.patch
0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
"
source="https://exiv2.org/builds/$pkgname-$pkgver-Source.tar.gz"
builddir="$srcdir"/$pkgname-$pkgver-Source
# secfixes:
# 0.27.2-r0:
# - CVE-2019-13108
# - CVE-2019-13109
# - CVE-2019-13110
# - CVE-2019-13111
# - CVE-2019-13112
# - CVE-2019-13113
# - CVE-2019-13114
builddir="$srcdir"/exiv2-trunk
prepare() {
default_prepare
cd "$builddir"
update_config_sub
mkdir build
}
build() {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr
make
cd "$builddir"/build
cmake .. \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_INSTALL_LIBDIR=lib
cmake --build .
}
check() {
cd "$builddir"/build
make test
}
package() {
cd "$builddir"
cd "$builddir"/build
make DESTDIR="$pkgdir" install
}
sha512sums="d1e9cab886e279b045768dd9ec781f07d2d36d573119403d0b76dc571442173aae6972f86ec55c3ea53fb3ee9ca3571eb8fd63a2a6643a970852813e88634a86 exiv2-0.26-trunk.tar.gz
9721d359708c385be7c86a8f8a63de43b05b2578a29b4339861e82873aa81a98a7ee7252847b6c55529341187d40f552c488589b416fd9d1e27418925929c018 0000-pthread-init-fix.patch
485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch"
sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment