Update graphics/exiv2 to 0.25 (security related)

To: pkgsrc-users%netbsd.org@localhost
Subject: Update graphics/exiv2 to 0.25 (security related)
From: Timo Buhrmester <fstd.lkml%gmail.com@localhost>
Date: Fri, 2 Oct 2015 06:45:06 +0200

The attached patch updates graphics/exiv2 from 0.24 to 0.25, which should fix
> Package exiv2-0.24 has a heap-overflow vulnerability, see http://dev.exiv2.org/issues/960

(but probably not)
> Package exiv2-0.24 has a buffer-overflow vulnerability, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781123

This is the first time I'm updating a package I didn't create myself, so it would probably be good if someone gave it a quick look whether it looks reasonable.

diff --git a/graphics/exiv2/Makefile.common b/graphics/exiv2/Makefile.common
index 4f19b57..6b91e55 100644
--- a/graphics/exiv2/Makefile.common
+++ b/graphics/exiv2/Makefile.common
@@ -3,7 +3,7 @@
 # used by graphics/exiv2/Makefile
 # used by graphics/exiv2-organize/Makefile
 
-DISTNAME=	exiv2-0.24
+DISTNAME=	exiv2-0.25
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.exiv2.org/
 
diff --git a/graphics/exiv2/PLIST b/graphics/exiv2/PLIST
index 943ea64..7c522f9 100644
--- a/graphics/exiv2/PLIST
+++ b/graphics/exiv2/PLIST
@@ -1,8 +1,8 @@
-@comment $NetBSD: PLIST,v 1.16 2014/06/05 06:43:53 adam Exp $
+@comment $NetBSD$
 bin/exiv2
-include/exiv2/asfvideo.hpp
 include/exiv2/basicio.hpp
 include/exiv2/bmpimage.hpp
+include/exiv2/config.h
 include/exiv2/convert.hpp
 include/exiv2/cr2image.hpp
 include/exiv2/crwimage.hpp
@@ -13,13 +13,14 @@ include/exiv2/error.hpp
 include/exiv2/exif.hpp
 include/exiv2/exiv2.hpp
 include/exiv2/exv_conf.h
+include/exiv2/exv_msvc.h
 include/exiv2/futils.hpp
 include/exiv2/gifimage.hpp
+include/exiv2/http.hpp
 include/exiv2/image.hpp
 include/exiv2/iptc.hpp
 include/exiv2/jp2image.hpp
 include/exiv2/jpgimage.hpp
-include/exiv2/matroskavideo.hpp
 include/exiv2/metadatum.hpp
 include/exiv2/mrwimage.hpp
 include/exiv2/orfimage.hpp
@@ -28,10 +29,9 @@ include/exiv2/pngimage.hpp
 include/exiv2/preview.hpp
 include/exiv2/properties.hpp
 include/exiv2/psdimage.hpp
-include/exiv2/quicktimevideo.hpp
 include/exiv2/rafimage.hpp
-include/exiv2/riffvideo.hpp
 include/exiv2/rw2image.hpp
+include/exiv2/svn_version.h
 include/exiv2/tags.hpp
 include/exiv2/tgaimage.hpp
 include/exiv2/tiffimage.hpp
@@ -43,10 +43,18 @@ include/exiv2/xmpsidecar.hpp
 lib/libexiv2.la
 lib/pkgconfig/exiv2.pc
 man/man1/exiv2.1
+share/locale/bs/LC_MESSAGES/exiv2.mo
 share/locale/de/LC_MESSAGES/exiv2.mo
 share/locale/es/LC_MESSAGES/exiv2.mo
 share/locale/fi/LC_MESSAGES/exiv2.mo
 share/locale/fr/LC_MESSAGES/exiv2.mo
+share/locale/gl/LC_MESSAGES/exiv2.mo
+share/locale/ms/LC_MESSAGES/exiv2.mo
 share/locale/pl/LC_MESSAGES/exiv2.mo
+share/locale/pt/LC_MESSAGES/exiv2.mo
 share/locale/ru/LC_MESSAGES/exiv2.mo
 share/locale/sk/LC_MESSAGES/exiv2.mo
+share/locale/sv/LC_MESSAGES/exiv2.mo
+share/locale/ug/LC_MESSAGES/exiv2.mo
+share/locale/uk/LC_MESSAGES/exiv2.mo
+share/locale/vi/LC_MESSAGES/exiv2.mo
diff --git a/graphics/exiv2/distinfo b/graphics/exiv2/distinfo
index 433d8e9..09f43bc 100644
--- a/graphics/exiv2/distinfo
+++ b/graphics/exiv2/distinfo
@@ -1,8 +1,11 @@
 $NetBSD: distinfo,v 1.24 2014/06/05 07:12:53 adam Exp $
 
-SHA1 (exiv2-0.24.tar.gz) = 2f19538e54f8c21c180fa96d17677b7cff7dc1bb
-RMD160 (exiv2-0.24.tar.gz) = 453247926e8626bf888578afd5a0dde42c6f6962
-Size (exiv2-0.24.tar.gz) = 4635028 bytes
-SHA1 (patch-aa) = e98a4f1ae3ff2ad5ce0cd0d107ae21752a4edb45
-SHA1 (patch-configure) = 11b8d348f94eda4b84c61f34ffced54316d70a70
+SHA1 (exiv2-0.25.tar.gz) = adb8ffe63916e7c27bda9792e690d1330ec7273d
+RMD160 (exiv2-0.25.tar.gz) = 2f43f8737dad9ffd7d5759ef4dd9688658125794
+Size (exiv2-0.25.tar.gz) = 5434325 bytes
+SHA1 (patch-aa) = 947061d168d5db0d9969fa91ef837b364c641fcb
+SHA1 (patch-configure) = 39d6589dc82315d7a2bffeb332c21b6f54d69cf1
 SHA1 (patch-contrib_organize_Makefile) = de74227211b79e49126178f27391831507c2948f
+SHA1 (patch-src_Makefile) = 09c51b7da85584aece0147b446bff27ebc7f549f
+SHA1 (patch-src_http.cpp) = 75a64b80c37c54c0f65cc8455bd730ae01df0bae
+SHA1 (patch-src_svn_version.sh) = a80e142ab14ba4f5aad62936c5b5375d2a9b4b58
diff --git a/graphics/exiv2/patches/patch-aa b/graphics/exiv2/patches/patch-aa
index ea5cc53..650ed08 100644
--- a/graphics/exiv2/patches/patch-aa
+++ b/graphics/exiv2/patches/patch-aa
@@ -2,14 +2,14 @@ $NetBSD: patch-aa,v 1.4 2014/06/05 06:43:54 adam Exp $
 
 Fix build on Solaris, from PR 37720.
 
---- config/config.mk.in.orig	2013-12-01 12:13:42.000000000 +0000
-+++ config/config.mk.in
-@@ -133,7 +133,7 @@ ifdef DEP_TRACKING
+--- config/config.mk.in.orig	2015-06-21 16:19:25.000000000 +0200
++++ config/config.mk.in	2015-10-02 05:22:11.000000000 +0200
+@@ -148,7 +148,7 @@
  
-     # Dependency files post-process commands
-     POSTDEPEND = if test ! -d $(DEPDIR); then mkdir $(DEPDIR); fi; \
--                 if test -e $*.d; then cp $*.d $(DEPDIR)/$*.d; \
-+                 if test -f $*.d; then cp $*.d $(DEPDIR)/$*.d; \
-                    sed -e 's/^\#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
+         # Dependency files post-process commands
+         POSTDEPEND = if test ! -d $(DEPDIR); then mkdir $(DEPDIR); fi; \
+-	        if test -e $*.d; then cp $*.d $(DEPDIR)/$*.d; \
++	        if test -f $*.d; then cp $*.d $(DEPDIR)/$*.d; \
+ 	        sed -e 's/^\#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
                      -e '/^$$/ d' -e 's/$$/ :/' < $*.d >> $(DEPDIR)/$*.d; \
-                    $(RM) $*.d; fi
+                 $(RM) $*.d; fi
diff --git a/graphics/exiv2/patches/patch-configure b/graphics/exiv2/patches/patch-configure
index e57f16d..cc092ed 100644
--- a/graphics/exiv2/patches/patch-configure
+++ b/graphics/exiv2/patches/patch-configure
@@ -2,12 +2,12 @@ $NetBSD: patch-configure,v 1.1 2014/06/05 07:12:53 adam Exp $
 
 Don't add -ldl for all OS; this gets auto-detected somewhere else.
 
---- configure.orig	2014-06-05 06:53:10.000000000 +0000
-+++ configure
-@@ -17069,8 +17069,6 @@ fi
+--- configure.orig	2015-10-02 05:19:31.000000000 +0200
++++ configure	2015-10-02 05:19:34.000000000 +0200
+@@ -17321,8 +17321,6 @@
  case "$host_os" in
  *mingw* | *cygwin*)
-     LDFLAGS="$LDFLAGS -no-undefined -lpsapi" ;;
+     LDFLAGS="$LDFLAGS -no-undefined -lpsapi -lwldap32 -lws2_32" ;;
 -*)
 -    LDFLAGS="$LDFLAGS -ldl" ;;
  esac
diff --git a/graphics/exiv2/patches/patch-src_Makefile b/graphics/exiv2/patches/patch-src_Makefile
new file mode 100644
index 0000000..300784d
--- /dev/null
+++ b/graphics/exiv2/patches/patch-src_Makefile
@@ -0,0 +1,26 @@
+$NetBSD$
+
+Do not rely on bash being in /bin, especially when sh will do just fin...
+Remove needless use of -v with mkdir; It's not POSIX and NetBSD doesn't have it.
+
+
+--- src/Makefile.orig	2015-06-21 16:20:11.000000000 +0200
++++ src/Makefile	2015-10-02 05:40:26.000000000 +0200
+@@ -150,7 +150,7 @@
+ 
+ # ******************************************************************************
+ # Initialisations
+-SHELL = /bin/bash
++SHELL = /bin/sh
+ 
+ .SUFFIXES:
+ .SUFFIXES: .c .cpp .o .so
+@@ -252,7 +252,7 @@
+ 	@$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir)
+ 
+ $(EXIV2BIN): lib $(EXIV2OBJ) $(EXIV2COBJ)
+-	mkdir -pv ../bin 2>&1 > /dev/null
++	mkdir -p ../bin 2>&1 > /dev/null
+ 	@$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir)
+ 
+ install-header:
diff --git a/graphics/exiv2/patches/patch-src_http.cpp b/graphics/exiv2/patches/patch-src_http.cpp
new file mode 100644
index 0000000..ff46586
--- /dev/null
+++ b/graphics/exiv2/patches/patch-src_http.cpp
@@ -0,0 +1,18 @@
+$NetBSD$
+
+Include <errno.h> rather than <sys/errno.h> because the latter doesn't
+actually make `errno` available on NetBSD; while the former is required
+to by the C standard
+
+
+--- src/http.cpp.orig	2015-10-02 05:47:47.000000000 +0200
++++ src/http.cpp	2015-10-02 05:47:52.000000000 +0200
+@@ -70,7 +70,7 @@
+ 
+ #include <unistd.h>
+ #include <strings.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <sys/socket.h>
+ #include <sys/un.h>
+ #include <sys/uio.h>
diff --git a/graphics/exiv2/patches/patch-src_svn_version.sh b/graphics/exiv2/patches/patch-src_svn_version.sh
new file mode 100644
index 0000000..c50e5f4
--- /dev/null
+++ b/graphics/exiv2/patches/patch-src_svn_version.sh
@@ -0,0 +1,21 @@
+$NetBSD$
+
+Replace an unneeded dependency on bash; do not use == with test(1)
+
+--- src/svn_version.sh.orig	2015-10-02 05:32:33.000000000 +0200
++++ src/svn_version.sh	2015-10-02 05:32:19.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ ## 
+ # update svn_version_h when revision changes
+@@ -11,7 +11,7 @@
+ ##
+ # from Jenkins, svn is almost always a disaster because
+ # Jenkins SVN Plugin is 1.7 and the build machine is normally at least 1.8
+-if [ "$s" == "0" ]; then
++if [ "$s" = "0" ]; then
+ 	svn_version=$(svn info .. | grep ^Revision | cut -f 2 -d' ')
+     if [ -z "$svn_version"   ]; then svn_version=0 ; fi
+ else

Follow-Ups:
- Re: Update graphics/exiv2 to 0.25 (security related)
  - From: Benny Siegert

Prev by Date: pkgsrc on Mac OS X now supports X11_TYPE=modular, please test it
Next by Date: Signing vs pbulk in 2015Q3 and current
Previous by Thread: pkgsrc on Mac OS X now supports X11_TYPE=modular, please test it
Next by Thread: Re: Update graphics/exiv2 to 0.25 (security related)
Indexes:

Home | Main Index | Thread Index | Old Index