From 4f2d141d02e8e5a727338c909b0eae6de1456409 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan.van.de.ven@intel.com>
Date: Fri, 22 Oct 2021 17:30:06 +0000
Subject: [PATCH] exiv2: Autospec creation for update from version 0.27.4 to
 version 0.27.5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Antonio Rojas (1):
      Fix build with gtest 1.11

Attila Oláh (1):
      Fix compilation with -Wunused-variable

Christoph Hasse (3):
      fix: avoid processing MOV (quicktime) files when BMFF is enabled
      fix: incorrectly triggered enforce check during preview extraction in LoaderTiff::getData(), closes #1829
      workaround for softprops/action-gh-release#139

David Houlder (2):
      Canon cr3 previews (#1958)
      Performance boost: don't read boxes we're not interested in

Heiko Bauke (1):
      fix out of range access, minor performance improvement

John55h (1):
      Update canonmn_int.cpp

Kevin Backhouse (112):
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
      Don't crash if s > size.
      Print message to stderr when EXIV2_DEBUG_MESSAGES is enabled.
      fix: use vector::at() rather than operator[] (#1735)
      fix: zero initialize local variables. (#1737)
      fix: stricter date parsing in value.cpp (#1720)
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
      Prevent divide-by-zero crash.
      Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE.
      fix: fix incorrect loop condition (#1752)
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
      Throw exception if lens info wasn't found.
      Check that findKey didn't return end().
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
      Better bounds checking in Jp2Image::printStructure
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
      Extra checking to prevent the loop counter from wrapping around.
      Defensive coding changes to avoid integer overflow in loop conditions.
      Better fix for potential integer overflow in `bytes.size() - 3`.
      Type of escapeStart should be size_t.
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
      Check that `type` isn't an empty string.
      Safer std::vector indexing.
      Better way to print the error message.
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
      dirLength == 0 can cause an infinite loop.
      Defensive programming in Image::printIFDStructure
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
      Make sure that read is complete to prevent infinite loop.
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq
      &bytes[0] will crash if bytes has zero elements.
      Skip unittest because -pR is disabled in release builds so the test fails.
      Remove redundant check.
      Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
      bufRead needs to be adjusted after seek()
      Improved handling of jpg segments to avoid out-of-bound reads.
      Fix compiler warning.
      Update src/jpgimage.cpp
      poc from GHSA-9jh3-fcc3-g6hv can now be parsed without error.
      Add comment to explain bounds-check.
      Fix build error when EXIV2_DEBUG_MESSAGES is enabled.
      Fix warning: comparison of integer expressions of different signedness
      Regression test for https://github.com/Exiv2/exiv2/issues/1812
      Check size before allocation to avoid out-of-memory errors.
      Regression test for https://github.com/Exiv2/exiv2/issues/1815
      Add bounds-check to prevent out-of-bounds read in memcmp.
      Regression test for https://github.com/Exiv2/exiv2/issues/1817
      Use DataBuf, rather than new[], for automatic delete when an exception is throw.
      Regression test for https://github.com/Exiv2/exiv2/issues/1819
      Check that the string isn't empty
      Add static_cast to fix build error on Windows.
      Add comment to explain the bounds-check.
      Regression test for https://github.com/Exiv2/exiv2/issues/1827
      Check value is in range before casting from double to uint32_t, to avoid undefined behavior.
      Update src/tags_int.cpp
      Regression test for https://github.com/Exiv2/exiv2/issues/1830
      Safer casting from double to long.
      Replace assertion with an error message.
      Regression test for https://github.com/Exiv2/exiv2/issues/1838
      Check that the float is within the range of an int before casting.
      Regression test for https://github.com/Exiv2/exiv2/issues/1841
      Use DataBuf rather than raw malloc.
      Replace assertion with an error message.
      Test for https://github.com/Exiv2/exiv2/issues/1821
      Regression test for https://github.com/Exiv2/exiv2/issues/1845
      Replace assertion with an error message.
      Regression test for https://github.com/Exiv2/exiv2/issues/1793
      Add `pbox_end` param to `BmffImage::boxHandler` to enforce box nesting.
      Support for 64-bit box lengths looked broken.
      address + box_length == box_end
      Extra protection against large allocations.
      Fix compiler warnings.
      Fix format specifier.
      Backport other minor fixes from main.
      Fix compiler warning.
      Don't use `auto` on 0.27-maintenance.
      Back-port Actions and fuzzer to the 0.27-maintenance branch
      Fix for https://github.com/Exiv2/exiv2/issues/1856
      Set -DEXIV2_ENABLE_BMFF=ON in the Actions workflows.
      Fix mistake in macOS release workflow.
      Update version: 0.27.5.1 (0.27.5 RC1)
      Add doc to release build.
      Remove failing Conan steps from macOS workflow.
      Update releasenotes.txt
      Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37363
      Add test to improve code coverage.
      Don't use C++11 features.
      Fix expat link error on Windows.
      Only build XMLValidator when XMP is enabled.
      Regression test for https://github.com/Exiv2/exiv2/issues/1881
      Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37492
      Add second test file for better code coverage.
      Regression test for https://github.com/Exiv2/exiv2/issues/1887
      Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37889
      Standardize on conan 1.39.0
      Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38887
      Add regression test to https://github.com/Exiv2/exiv2/pull/1918
      Regression test for https://github.com/Exiv2/exiv2/issues/1901
      Comment out bogus code.
      Add more checks to prevent integer overflow.
      Throw an exception on integer overflow.
      Fix indentation
      Fix build error on Fedora.
      We can't use decltype on the 0.27-maintenance branch.
      Add second test to improve code coverage.
      Add third test to improve code coverage.
      Add workaround for conan outage.
      Revert "Fix for https://github.com/Exiv2/exiv2/issues/1856"
      Fix indentation
      Only include expat.h when XMP is enabled.
      DataBuf::read_uint methods don't exist on the 0.27-maintenance branch.
      Add bounds checking.

Luis Díaz Más (4):
      msvc: fix compiler warning on x86
      cmake: ignore PDBs warnings on Win/Debug/Static buils
      Increase the timeout from 20 to 60 seconds
      increase timeout

Miloš Komarčević (8):
      Merge pull request #1548 from Exiv2/add_exif_gamma
      Check if embedded RAF image is really a TIFF
      Clarify comment on old vs new RAF
      Check I/O read result on RAF inspection
      Add test
      Limit CR3 previews to JPEG only
      Limit CR3 previews to JPEG only
      Expose unsupported CR3 previews as binary

Robin Mills (13):
      Fix Ubuntu 20.04/Release/Sanitizer test breaker
      update_docs_for_0.27.5.1
      Good catch, @hassec.  I noticed that change and thought "oh, somebody has update the man page.  I didn't know it searched the current directory."  I added that code 5+ years ago and forgotten what it does.  Right.  My bad.  I've fixed it.
      fix_1516_include_path
      update_docs_again
      update_27.5_docs_again
      Costmetic change to trigger CI.
      The CI is using cmake 3.10.  I've back-ported code from main/src/CMakeLists.txt
      bump_revision_27.5.2
      exiv2_v0.27.5RC3
      Build Trigger.
      Another build trigger.
      Exiv2 v0.27.5
---
 Makefile       |  2 +-
 buildreq_cache |  2 +-
 exiv2.spec     | 32 ++++++++++++++++----------------
 options.conf   |  4 +++-
 release        |  2 +-
 upstream       |  2 +-
 used_libs      |  1 -
 versions       |  2 +-
 8 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/Makefile b/Makefile
index d1168f5..0653e85 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 PKG_NAME := exiv2
-URL = https://github.com/Exiv2/exiv2/archive/v0.27.4/exiv2-0.27.4.tar.gz
+URL = https://github.com/Exiv2/exiv2/archive/v0.27.5/exiv2-0.27.5.tar.gz
 ARCHIVES = 
 
 include ../common/Makefile.common
diff --git a/buildreq_cache b/buildreq_cache
index b9884e2..4680739 100644
--- a/buildreq_cache
+++ b/buildreq_cache
@@ -1,2 +1,2 @@
-0.27.4
+0.27.5
 zlib-dev
\ No newline at end of file
diff --git a/exiv2.spec b/exiv2.spec
index 2f58ae8..9cab004 100644
--- a/exiv2.spec
+++ b/exiv2.spec
@@ -4,10 +4,10 @@
 #
 %define keepstatic 1
 Name     : exiv2
-Version  : 0.27.4
-Release  : 31
-URL      : https://github.com/Exiv2/exiv2/archive/v0.27.4/exiv2-0.27.4.tar.gz
-Source0  : https://github.com/Exiv2/exiv2/archive/v0.27.4/exiv2-0.27.4.tar.gz
+Version  : 0.27.5
+Release  : 32
+URL      : https://github.com/Exiv2/exiv2/archive/v0.27.5/exiv2-0.27.5.tar.gz
+Source0  : https://github.com/Exiv2/exiv2/archive/v0.27.5/exiv2-0.27.5.tar.gz
 Summary  : Exif, Iptc and XMP metadata manipulation library and tools
 Group    : Development/Tools
 License  : BSD-3-Clause GPL-2.0
@@ -85,36 +85,36 @@ staticdev components for the exiv2 package.
 
 
 %prep
-%setup -q -n exiv2-0.27.4
-cd %{_builddir}/exiv2-0.27.4
+%setup -q -n exiv2-0.27.5
+cd %{_builddir}/exiv2-0.27.5
 
 %build
 export http_proxy=http://127.0.0.1:9/
 export https_proxy=http://127.0.0.1:9/
 export no_proxy=localhost,127.0.0.1,0.0.0.0
 export LANG=C.UTF-8
-export SOURCE_DATE_EPOCH=1623778344
+export SOURCE_DATE_EPOCH=1634923790
 mkdir -p clr-build
 pushd clr-build
 export GCC_IGNORE_WERROR=1
 export AR=gcc-ar
 export RANLIB=gcc-ranlib
 export NM=gcc-nm
-export CFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -fzero-call-used-regs=used "
-export FCFLAGS="$FFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -fzero-call-used-regs=used "
-export FFLAGS="$FFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -fzero-call-used-regs=used "
-export CXXFLAGS="$CXXFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -fzero-call-used-regs=used "
+export CFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=auto -fstack-protector-strong -fzero-call-used-regs=used "
+export FCFLAGS="$FFLAGS -O3 -ffat-lto-objects -flto=auto -fstack-protector-strong -fzero-call-used-regs=used "
+export FFLAGS="$FFLAGS -O3 -ffat-lto-objects -flto=auto -fstack-protector-strong -fzero-call-used-regs=used "
+export CXXFLAGS="$CXXFLAGS -O3 -ffat-lto-objects -flto=auto -fstack-protector-strong -fzero-call-used-regs=used "
 %cmake ..
 make  %{?_smp_mflags}
 popd
 
 %install
-export SOURCE_DATE_EPOCH=1623778344
+export SOURCE_DATE_EPOCH=1634923790
 rm -rf %{buildroot}
 mkdir -p %{buildroot}/usr/share/package-licenses/exiv2
-cp %{_builddir}/exiv2-0.27.4/COPYING %{buildroot}/usr/share/package-licenses/exiv2/be0b40ce8f9532b75966a20d14af123d3c6b05aa
-cp %{_builddir}/exiv2-0.27.4/doc/COPYING-XMPSDK %{buildroot}/usr/share/package-licenses/exiv2/e70d36a2ced771e55c1c902dd740bf95013ce59c
-cp %{_builddir}/exiv2-0.27.4/test/data/COPYRIGHT %{buildroot}/usr/share/package-licenses/exiv2/e24a9903abce58262de5ec8c9a4b54247c89191a
+cp %{_builddir}/exiv2-0.27.5/COPYING %{buildroot}/usr/share/package-licenses/exiv2/be0b40ce8f9532b75966a20d14af123d3c6b05aa
+cp %{_builddir}/exiv2-0.27.5/doc/COPYING-XMPSDK %{buildroot}/usr/share/package-licenses/exiv2/e70d36a2ced771e55c1c902dd740bf95013ce59c
+cp %{_builddir}/exiv2-0.27.5/test/data/COPYRIGHT %{buildroot}/usr/share/package-licenses/exiv2/e24a9903abce58262de5ec8c9a4b54247c89191a
 pushd clr-build
 %make_install
 popd
@@ -202,7 +202,7 @@ popd
 
 %files lib
 %defattr(-,root,root,-)
-/usr/lib64/libexiv2.so.0.27.4
+/usr/lib64/libexiv2.so.0.27.5
 /usr/lib64/libexiv2.so.27
 
 %files license
diff --git a/options.conf b/options.conf
index 746571c..569e4e9 100644
--- a/options.conf
+++ b/options.conf
@@ -1,6 +1,6 @@
 [package]
 name = exiv2
-url = https://github.com/Exiv2/exiv2/archive/v0.27.4/exiv2-0.27.4.tar.gz
+url = https://github.com/Exiv2/exiv2/archive/v0.27.5/exiv2-0.27.5.tar.gz
 archives = 
 giturl = https://github.com/Exiv2/exiv2.git
 domain = 
@@ -47,6 +47,8 @@ optimize_size = false
 pgo = false
 # set flags for security-sensitive builds
 security_sensitive = true
+# package is only used by servers
+server = false
 # do not run test suite
 skip_tests = false
 # add .so files to the lib package instead of dev
diff --git a/release b/release
index e85087a..f5c8955 100644
--- a/release
+++ b/release
@@ -1 +1 @@
-31
+32
diff --git a/upstream b/upstream
index 83437ec..bc31997 100644
--- a/upstream
+++ b/upstream
@@ -1 +1 @@
-8952e0b7dfba74f07d37b53b652bf43884a89004/exiv2-0.27.4.tar.gz
+e55a8db2d55a251814a39385d364592f12927a7a/exiv2-0.27.5.tar.gz
diff --git a/used_libs b/used_libs
index fb3aeae..600dde6 100644
--- a/used_libs
+++ b/used_libs
@@ -2,6 +2,5 @@ libc.so.6
 libexpat.so.1
 libgcc_s.so.1
 libm.so.6
-libpthread.so.0
 libstdc++.so.6
 libz.so.1
diff --git a/versions b/versions
index 9f22292..69bf493 100644
--- a/versions
+++ b/versions
@@ -1 +1 @@
-0.27.4
+0.27.5