update to 2.5.2

2021-01-26 19:04:44 +08:00 · 2021-01-26 19:04:44 +08:00 · 4a0f7caac9
commit 4a0f7caac9
parent 430f5ac327
4 changed files with 8 additions and 50 deletions
--- a/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
+++ b/CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
@ -1,44 +0,0 @@
 From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001
 From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
 Date: Sat, 18 Aug 2018 13:54:55 +0000
 Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The WEBP::GetLE32 function in
 XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
 NULL pointer dereference.
 https://bugs.freedesktop.org/show_bug.cgi?id=106981
 https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
 Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
 Signed-off-by: Hubert Figuière <hub@figuiere.net>
 Signed-off-by: gaoyi <gaoyi15@huawei.com>
 ---
 XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
 diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
 index ffaf220..4fe705b 100644
 --- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
 +++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
 }
 void VP8XChunk::xmp(bool hasXMP)
 {
 -    XMP_Uns32 flags = GetLE32(&this->data[0]);
 -    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
 -    PutLE32(&this->data[0], flags);
 +    if (&this->data[0] != NULL) {
 +        XMP_Uns32 flags = GetLE32(&this->data[0]);
 +        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
 +        PutLE32(&this->data[0], flags);
 +    }
 }
 Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
 -- 
 2.19.1
--- a/exempi-2.4.5.tar.bz2
+++ b/exempi-2.4.5.tar.bz2
--- a/exempi-2.5.2.tar.bz2
+++ b/exempi-2.5.2.tar.bz2
--- a/exempi.spec
+++ b/exempi.spec
@ -1,15 +1,13 @@
 Name:		exempi
-Version:	2.4.5
+Version:	2.5.2
-Release:	4
+Release:	1
 Summary:	Exempi is an implementation of XMP (Adobe's Extensible Metadata Platform)
 License:	BSD
 URL:		https://wiki.freedesktop.org/libopenraw/Exempi/
 Source0:	http://libopenraw.freedesktop.org/download/%{name}-%{version}.tar.bz2
 Patch6000:	CVE-2018-12648-Issue-9-Fix-null-pointer-dereference-CVE-2018-12648.patch
 BuildRequires:	gcc-c++ autoconf automake libtool
-BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig
+BuildRequires:	boost-devel expat-devel zlib-devel pkgconfig exempi
 Provides:	bundled(md5-polstra)
 %description
@ -31,7 +29,7 @@ Summary:	Help information for user
 Help information for user
 %prep
-%autosetup -n exempi-2.4.5 -p1
+%autosetup -n exempi-2.5.2 -p1
 %build
 libtoolize -vi
@ -47,6 +45,7 @@ make check
 %install
 %make_install
 cp -a %{_libdir}/*.so.* %{buildroot}%{_libdir}
 %files
 %doc AUTHORS ChangeLog COPYING README
@ -64,5 +63,8 @@ make check
 %{_mandir}/man1/exempi.1*
 %changelog
 * Tue Jan 26 2021 wangchen <wangchen137@huawei.com> - 2.5.2-1
 - Update to 2.5.2
 * Fri Sep 06 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.5-4
 - Package init