[MacPorts] #68991: exiv2: Update to 0.28.1
MacPorts
noreply at macports.org
Thu Jan 23 12:05:33 UTC 2025
#68991: exiv2: Update to 0.28.1
----------------------+------------------------
Reporter: alchymy | Owner: ryandesign
Type: update | Status: accepted
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: exiv2 |
----------------------+------------------------
Comment (by 3add3287):
Replying to [comment:4 ryandesign]:
> There are a couple dozen ports that depend on exiv2. I only checked a
handful of them on December 28, but half of those I checked did not build
with this new version and need patches
Considering the newer version(s) include several fixes for security
related bugs, including three CVE and one of those being a out of bounds
write problem it seems sticking with an older exiv2 version is not a good
idea. Breaking ports b/c they still can't be build against a newer version
of one of their dependencies is something that I'd argue should be
avoided. However, exposing ports that depend on exiv2 and are not broken
to documented security bugs in exiv2 b/c the exiv2 port isn't updated
seems worse to me. That not only many ports depend on exiv2 IMHO
highlights the exposure a older version with known security bugs creates.
--
Ticket URL: <https://trac.macports.org/ticket/68991#comment:8>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list