[Bug 277146] graphics/exiv2: Update to 0.28.2

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 277146] graphics/exiv2: Update to 0.28.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277146] graphics/exiv2: Update to 0.28.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277146] graphics/exiv2: Update to 0.28.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277146] graphics/exiv2: Update to 0.28.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277146] graphics/exiv2: Update to 0.28.2"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 18 Feb 2024 18:50:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277146

            Bug ID: 277146
           Summary: graphics/exiv2: Update to 0.28.2
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/Exiv2/exiv2/blob/v0.28.2/doc/Change
                    Log
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: multimedia@FreeBSD.org
          Reporter: diizzy@FreeBSD.org
                CC: dumbbell@FreeBSD.org, fuz@FreeBSD.org,
                    mandree@FreeBSD.org
          Assignee: multimedia@FreeBSD.org
             Flags: maintainer-feedback?(multimedia@FreeBSD.org)

Created attachment 248573
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=248573&action=edit
Patch for exiv2

Fixes CVE-2024-24826, CVE-2024-25112 and CVE-2023-44398 (0.28.1)

Compile and runtime tested on FreeBSD 14.0-RELEASE (aarch64) (make, make
check-plist, make test)
Compile and runtime tested on FreeBSD 14.0-RELEASE (amd64) (make, make
check-plist, make test)

References:
https://www.cve.org/CVERecord?id=CVE-2024-24826
https://www.cve.org/CVERecord?id=CVE-2024-25112
https://www.cve.org/CVERecord?id=CVE-2023-44398

Poudriere testport OK 14.0-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in 14.0-RELEASE (amd64) using Poudriere:
graphics/gimp-lensfun-plugin
astro/gpscorrelate
astro/merkaartor
astro/siril
astro/stellarium
deskutils/gnome-photos
deskutils/pinot
devel/kf5-kfilemetadata
graphics/art
graphics/darktable
graphics/digikam
graphics/filmulator
graphics/geeqie
graphics/gexiv2
graphics/gthumb
graphics/gwenview
graphics/gwenview-devel
graphics/hugin
graphics/kphotoalbum
graphics/krita
graphics/libkexiv2
graphics/libkexiv2-devel
graphics/luminance-qt5
graphics/lux
graphics/nomacs
graphics/oyranos
graphics/photivo
graphics/photoqt
graphics/phototonic
graphics/qgis
graphics/qgis-ltr
graphics/rawstudio
graphics/shotwell
graphics/ufraw
graphics/viewnior
multimedia/mythtv
net/gerbera
sysutils/bulk_extractor
sysutils/krename

-- 
You are receiving this mail because:
You are the assignee for the bug.