diff --git a/.gitignore b/.gitignore index f44a7ac..6e3e988 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ Image-ExifTool-8.25.tar.gz /Image-ExifTool-11.70.tar.gz /Image-ExifTool-11.85.tar.gz /Image-ExifTool-12.00.tar.gz +/Image-ExifTool-12.16.tar.gz diff --git a/Image-ExifTool-12.16-CVE-2021-22204.patch b/Image-ExifTool-12.16-CVE-2021-22204.patch new file mode 100644 index 0000000..6a200f0 --- /dev/null +++ b/Image-ExifTool-12.16-CVE-2021-22204.patch @@ -0,0 +1,28 @@ +diff -up Image-ExifTool-12.16/lib/Image/ExifTool/DjVu.pm.CVE-2021-22204 Image-ExifTool-12.16/lib/Image/ExifTool/DjVu.pm +--- Image-ExifTool-12.16/lib/Image/ExifTool/DjVu.pm.CVE-2021-22204 2021-04-26 11:06:57.868813858 -0400 ++++ Image-ExifTool-12.16/lib/Image/ExifTool/DjVu.pm 2021-04-26 11:07:46.734614214 -0400 +@@ -18,7 +18,7 @@ use strict; + use vars qw($VERSION); + use Image::ExifTool qw(:DataAccess :Utils); + +-$VERSION = '1.06'; ++$VERSION = '1.07'; + + sub ParseAnt($); + sub ProcessAnt($$$); +@@ -227,10 +227,11 @@ Tok: for (;;) { + last unless $tok =~ /(\\+)$/ and length($1) & 0x01; + $tok .= '"'; # quote is part of the string + } +- # must protect unescaped "$" and "@" symbols, and "\" at end of string +- $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge; +- # convert C escape sequences (allowed in quoted text) +- $tok = eval qq{"$tok"}; ++ # convert C escape sequences, allowed in quoted text ++ # (note: this only converts a few of them!) ++ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n", ++ r => "\r", t => "\t", '"' => '"', '\\' => '\\' ); ++ $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs; + } else { # key name + pos($$dataPt) = pos($$dataPt) - 1; + # allow anything in key but whitespace, braces and double quotes diff --git a/perl-Image-ExifTool.spec b/perl-Image-ExifTool.spec index d751222..4cedda1 100644 --- a/perl-Image-ExifTool.spec +++ b/perl-Image-ExifTool.spec @@ -1,10 +1,12 @@ Name: perl-Image-ExifTool -Version: 12.00 -Release: 1%{?dist} +Version: 12.16 +Release: 3%{?dist} License: GPL+ or Artistic Summary: Utility for reading and writing image meta info URL: http://www.sno.phy.queensu.ca/%7Ephil/exiftool/ Source0: http://www.sno.phy.queensu.ca/%7Ephil/exiftool/Image-ExifTool-%{version}.tar.gz +# https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 +Patch0: Image-ExifTool-12.16-CVE-2021-22204.patch BuildArch: noarch BuildRequires: coreutils BuildRequires: findutils @@ -54,6 +56,7 @@ Sigma/Foveon, and Sony. %prep %setup -q -n Image-ExifTool-%{version} +%patch0 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor @@ -73,6 +76,7 @@ make test %files %doc README Changes +%doc arg_files %{_bindir}/exiftool %{perl_vendorlib}/File/ %{perl_vendorlib}/Image/ @@ -80,6 +84,21 @@ make test %{_mandir}/man3/*.3* %changelog +* Mon Apr 26 2021 Tom Callaway - 12.16-3 +- apply upstream fix for CVE-2021-22204 + +* Wed Jan 27 2021 Fedora Release Engineering - 12.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 22 2021 Tom Callaway - 12.16-1 +- update to latest stable (12.16) + +* Tue Jan 19 2021 Tom Callaway - 12.00-3 +- add arg_files as doc + +* Tue Jul 28 2020 Fedora Release Engineering - 12.00-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Thu Jul 9 2020 Tom Callaway - 12.00-1 - update to latest stable (12.00) diff --git a/sources b/sources index 75632d7..b4b0150 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (Image-ExifTool-12.00.tar.gz) = 458a0cbab18202f796645656ba431b5179b79392d91064f7c4d6d3cab60a28b1cd0a45e6ea1d0ba9296b7ccd00088e320e95f020fddfc4a41e22c00d2e9d1c1d +SHA512 (Image-ExifTool-12.16.tar.gz) = adfd21834ccf06277903712b3c5e328b29c56f3b30ee68f6802dca0820823b627622e55f53238690525d1d19df2a59cb57f9d80a1bb2e99da37fb7d963ee16ee