diff --git a/1-bugfix-for-CVE-2025-26623.patch b/1-bugfix-for-CVE-2025-26623.patch deleted file mode 100644 index abcb3ef11d4779c121a0183af829a9274887eed1..0000000000000000000000000000000000000000 --- a/1-bugfix-for-CVE-2025-26623.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 630487ffc5feda28aa62dc91eaeae8b0b7507851 Mon Sep 17 00:00:00 2001 -From: Kevin Backhouse -Date: Wed, 19 Feb 2025 16:21:06 +0000 -Subject: [PATCH] Regression test for - https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7 - -(cherry picked from commit 9f8e1a57b6c6853947360d1187bc24d72056c97a) ---- - test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff | Bin 0 -> 603 bytes - .../github/test_issue_ghsa_38h4_fx85_qcx7.py | 22 ++++++++++++++++++ - .../test_regression_allfiles.py | 1 + - tests/suite.conf | 1 + - 4 files changed, 24 insertions(+) - create mode 100644 test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff - create mode 100644 tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py - -diff --git a/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py -new file mode 100644 -index 0000000000..07082caf62 ---- /dev/null -+++ b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py -@@ -0,0 +1,22 @@ -+# -*- coding: utf-8 -*- -+ -+from system_tests import CaseMeta, path -+ -+ -+class TiffSubIfd_use_after_free(metaclass=CaseMeta): -+ """ -+ Regression test for the bug described in: -+ https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7 -+ """ -+ -+ url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" -+ -+ filename = path("$data_path/issue_ghsa_38h4_fx85_qcx7_poc.tiff") -+ commands = ["$exiv2 -q fi $filename"] -+ stdout = [""] -+ stderr = [ -+ """Exiv2 exception in fixiso action for file $filename: -+$kerImageWriteFailed -+""" -+ ] -+ retval = [1] -diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py -index eb7f7cef2d..53e8de44ae 100644 ---- a/tests/regression_tests/test_regression_allfiles.py -+++ b/tests/regression_tests/test_regression_allfiles.py -@@ -120,6 +120,7 @@ def get_valid_files(data_dir): - "issue_ghsa_mxw9_qx4c_6m8v_poc.jp2", - "issue_ghsa_hrw9_ggg3_3r4r_poc.jpg", - "issue_ghsa_g9xm_7538_mq8w_poc.mov", -+ "issue_ghsa_38h4_fx85_qcx7_poc.tiff", - "pocIssue283.jpg", - "poc_1522.jp2", - "xmpsdk.xmp", -diff --git a/tests/suite.conf b/tests/suite.conf -index c2bf1741e8..249a97fa93 100644 ---- a/tests/suite.conf -+++ b/tests/suite.conf -@@ -41,6 +41,7 @@ jpegparsetest: ${ENV:exiv2_path}/jpegparsetest - kerOffsetOutOfRange: Offset out of range - kerFailedToReadImageData: Failed to read image data - kerInputDataReadFailed: Failed to read input data -+kerImageWriteFailed: Failed to write image - kerCorruptedMetadata: corrupted image metadata - kerInvalidMalloc: invalid memory allocation request - kerInvalidTypeValue: invalid type in tiff structure diff --git a/2-bugfix-for-CVE-2025-26623.patch b/2-bugfix-for-CVE-2025-26623.patch deleted file mode 100644 index 7a14e49ad1352f0e990da3f99753b9cc8db89e53..0000000000000000000000000000000000000000 --- a/2-bugfix-for-CVE-2025-26623.patch +++ /dev/null @@ -1,79 +0,0 @@ -From facce628f3622764e91a8161f89ade8cb34bc120 Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Mon, 17 Feb 2025 16:34:40 -0800 -Subject: [PATCH] Revert "fix copy constructors" - -This reverts commit afb2d998fe62f7e829e93e62506bf9968117c9c5. - -This commit is wrong and ends up resulting in use after frees because of -C pointers. The proper solution is shared_ptr instead of C pointers but -that's a lot more involved than reverting this. - -Signed-off-by: Rosen Penev -(cherry picked from commit ebff8b48820b96c786cfddbf0bebb395cb1317d7) ---- - src/tiffcomposite_int.cpp | 19 +++++++++++++++++++ - src/tiffcomposite_int.hpp | 6 +++--- - 2 files changed, 22 insertions(+), 3 deletions(-) - -diff --git a/src/tiffcomposite_int.cpp b/src/tiffcomposite_int.cpp -index 95ce450c7d..3e6e93d5c5 100644 ---- a/src/tiffcomposite_int.cpp -+++ b/src/tiffcomposite_int.cpp -@@ -127,6 +127,25 @@ TiffEntryBase::TiffEntryBase(const TiffEntryBase& rhs) : - storage_(rhs.storage_) { - } - -+TiffDirectory::TiffDirectory(const TiffDirectory& rhs) : TiffComponent(rhs), hasNext_(rhs.hasNext_) { -+} -+ -+TiffSubIfd::TiffSubIfd(const TiffSubIfd& rhs) : TiffEntryBase(rhs), newGroup_(rhs.newGroup_) { -+} -+ -+TiffBinaryArray::TiffBinaryArray(const TiffBinaryArray& rhs) : -+ TiffEntryBase(rhs), -+ cfgSelFct_(rhs.cfgSelFct_), -+ arraySet_(rhs.arraySet_), -+ arrayCfg_(rhs.arrayCfg_), -+ arrayDef_(rhs.arrayDef_), -+ defSize_(rhs.defSize_), -+ setSize_(rhs.setSize_), -+ origData_(rhs.origData_), -+ origSize_(rhs.origSize_), -+ pRoot_(rhs.pRoot_) { -+} -+ - TiffComponent::UniquePtr TiffComponent::clone() const { - return UniquePtr(doClone()); - } -diff --git a/src/tiffcomposite_int.hpp b/src/tiffcomposite_int.hpp -index 4506a4dca0..307e0bd9e3 100644 ---- a/src/tiffcomposite_int.hpp -+++ b/src/tiffcomposite_int.hpp -@@ -851,7 +851,7 @@ class TiffDirectory : public TiffComponent { - //! @name Protected Creators - //@{ - //! Copy constructor (used to implement clone()). -- TiffDirectory(const TiffDirectory&) = default; -+ TiffDirectory(const TiffDirectory& rhs); - //@} - - //! @name Protected Manipulators -@@ -944,7 +944,7 @@ class TiffSubIfd : public TiffEntryBase { - //! @name Protected Creators - //@{ - //! Copy constructor (used to implement clone()). -- TiffSubIfd(const TiffSubIfd&) = default; -+ TiffSubIfd(const TiffSubIfd& rhs); - TiffSubIfd& operator=(const TiffSubIfd&) = delete; - //@} - -@@ -1346,7 +1346,7 @@ class TiffBinaryArray : public TiffEntryBase { - //! @name Protected Creators - //@{ - //! Copy constructor (used to implement clone()). -- TiffBinaryArray(const TiffBinaryArray&) = default; -+ TiffBinaryArray(const TiffBinaryArray& rhs); - //@} - - //! @name Protected Manipulators diff --git a/v0.28.2.tar.gz b/v0.28.7.tar.gz similarity index 80% rename from v0.28.2.tar.gz rename to v0.28.7.tar.gz index 5916721df3ed837dcaf64f1aba443b5f7ea27f5f..ee6bb1c68e0a2799bc21f7d4ed847c1e1610ee1a 100644 Binary files a/v0.28.2.tar.gz and b/v0.28.7.tar.gz differ