Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is a new release happening soon? #2406

Closed
SuperSandro2000 opened this issue Nov 1, 2022 · 86 comments
Closed

Is a new release happening soon? #2406

SuperSandro2000 opened this issue Nov 1, 2022 · 86 comments
Labels

Comments

@SuperSandro2000
Copy link

exiv2 has currently some medium to high opne CVEs in the latest release (like this 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3717 ) which should be patched rather quickly in distros and software distributions. Normally applying a patch for the fixes is rather easy but because of the big formatting patches (see https://github.com/Exiv2/exiv2/blob/main/.git-blame-ignore-revs) the patches/commits no longer apply on the latest release.

Are there any plans for a new release in the new future? If a release is far in the future maybe the patches could be rebased on the latest release and a new security fixes only release could be done?

@risicle
Copy link

risicle commented Nov 4, 2022

I'd like to add to this a bit of feedback on having actionable vulnerability reports. Regarding the 6 recently released CVEs:

https://nvd.nist.gov/vuln/detail/CVE-2022-3717
https://nvd.nist.gov/vuln/detail/CVE-2022-3718
https://nvd.nist.gov/vuln/detail/CVE-2022-3719
https://nvd.nist.gov/vuln/detail/CVE-2022-3755
https://nvd.nist.gov/vuln/detail/CVE-2022-3756
https://nvd.nist.gov/vuln/detail/CVE-2022-3757

For each of these the suggested course of action is patching, but not a single one of the indicated patches apply to the most recent stable release without significant alteration. Any such alteration would also be a rather blind process because the proof of concepts I could find for these issues don't seem to trigger v0.27.5, so it would be hard to verify that it's been fixed.

It's possible these aren't triggering v0.27.5 because of a recent slightly mysterious refactor of the BMFF support that was done in August: 3456f30 which wasn't accompanied by any announcement.

CVE-2022-3717 is of special note because I don't think it affected any versions outside that PR, so I'm not quite sure what the purpose of that was.

So it's difficult for a distributor/user to know what to do now. If the answer is "run an unstable version" (which right now looks like it might be the only sensible option for shipping a safe exiv2), then you may as well make an immediate release because I guess at this point any QA criteria go out the window.

@postscript-dev
Copy link
Collaborator

Are there any plans for a new release in the new future?

After Robin retired from Exiv2, @nehaljwani kindly offered to take over release engineering. The transition is still relatively new and will take time to work smoothly.

As far as I know, @nehaljwani doesn't follow the day-to-day posts but can be contacted by mentioning him.

@clanmills
Copy link
Collaborator

clanmills commented Nov 5, 2022

I will help @nehaljwani and anybody to make a release. I'm pleased to be retired and will not return to the project. I am happy to see Exiv2 move forward and will help when asked.

Please email me if you need my help, as I have unsubscribed from Github notifications.

@clanmills
Copy link
Collaborator

@nehaljwani and I are meeting today (2022-11-12) on Google Meet to discuss this. All welcome.

Robin/Nehal
Saturday, 12 November · 14:00 – 15:00 UTC
Google Meet joining info
Video call link: https://meet.google.com/mfk-zpii-gic

If you want an invitation, email me: at robinwmills@gmail.com

@clanmills
Copy link
Collaborator

The most important matter in this release is the scope and version. Choices:

  1. Release 'main' as version 0.28.0 (or possibly 0.90.0 to make it very clear that this is not a simple successor to 0.27)
  2. Release 'main' as version 1.00.0 (I don't think 'main' is v1.00.0)
  3. Patch v0.27.5 with the security fixes and release v0.27.6

I don't know the status of the 0.27-maintenance branch. If security fixes have to be back-ported to branch 0.27-maintenace, the work involved could be considerable.

@nehaljwani
Copy link
Collaborator

nehaljwani commented Nov 20, 2022

Hello everyone! Robin has shared with me the steps involved in cutting a release.

IIUC, the main branch diverged from 0.27-maintenance right after 0.27.4 with this commit.

If @kevinbackhouse can confirm that the required security fixes are present in the 0.27-maintenance branch (or not needed because of irrelevance), we can proceed with a v0.27.6. As for a release from the main branch, I vote for v0.75.0.

I invite @postscript-dev, @kmilos, @piponazo, @neheb to voice their opinion.

I hope to cut the releases by the end of this month with the versions listed above if no concerns are raised.

@postscript-dev
Copy link
Collaborator

@nehaljwani
Thanks for taking the time to work on this. As I build from source, the new release doesn't affect me much.

I had a couple of thoughts on the release process.

I recently spotted that files used when building the website are duplicated (e.g., https://github.com/Exiv2/exiv2/blob/main/doc/templates/Makefile and https://github.com/Exiv2/team/blob/main/website/Makefile). As far as I know, the Exiv2/team ones are not being kept up to date. There are some differences in Exiv2/Exiv2/docs/templates - particularly on the main branch.

Also on the main branch, the manpage has changed to markdown format (i.e.Exiv2/Exiv2/man/man1/exiv2.1 to Exiv2/Exiv2/exiv2.md). As a result, it wont be automatically added to https://exiv2.org/manpage.html. The manpage text may also need minor reformatting to fit any line limits used by the postscript file. If you need help with the manpage text, then let me know.

It is worth noting that the main branch has diverged a LOT from the commit that you named. For 0.75.0 , apart from the size of the release notes, there could be other minor changes needed to the release process. As a release is needed, perhaps it would be better to complete 0.27.6 first and then work on 0.75.0 after.

@piponazo
Copy link
Collaborator

Hi everybody!
I have not been able to contribute much to the project lately, but I still keep to keep an eye on what's going on and deal with the CI problems when it is needed. Since winter is coming and is full of terrors, I will probably show up more here 😄 .

For me it also sounds like a good plan to make 2 releases:

  • 0.27.6
  • 0.28 or 0.75 (I do not have a strong preference for or or the other)

Whenever we think that main is in a state mature enough we can think about 1.0.

@kevinbackhouse
Copy link
Collaborator

Sorry, I haven't been paying to this issue. I'm quite angry to discover that a bunch of CVEs have been filed without consulting any of us. (I very much doubt it was done by anybody on the Exiv2 team, because we would have used GitHub Security advisories instead.) I haven't checked them all yet, but I'm pretty confident that all of those CVEs are bogus because they were introduced on the development branch (main) and fixed within a few weeks. As an example, CVE-2022-3717, which is cited as the main example in this issue, was fixed as the 8th commit in #2381, so it never even got merged into the main branch.

We have a security policy which spells our very clearly that bugs on the main branch are not security bugs. Only bugs in official releases, such as v0.27.5 are potential security vulnerabilities. I have been paying attention to all the potential security issues and I'm pretty confident that none of the bugs found recently have been reproducible on the 0.27-maintenance branch.

I will contact the CNA to dispute those CVEs and get them removed.

@kevinbackhouse
Copy link
Collaborator

Regarding a new release, I am in favor of doing it soon. I think we should do a v0.27.6 and I think it's time to do a v1.0.0 too. My own main goal for 1.0.0 was to replace all the uses of the long type with something more appropriate, such as size_t. I think that's mostly done - I think there are still some uses in some of the .cpp files, but the header files are mostly clean now so the remaining problems can be fixed without affecting the public API.

@1div0
Copy link
Collaborator

1div0 commented Nov 21, 2022

WRT v1.0.0 I do hope Big Blue Red Hat lawyers will at least state in https://bugzilla.redhat.com/show_bug.cgi?id=1979565 that your camera means your data and no fooced shitware patents apply.

@kmilos
Copy link
Collaborator

kmilos commented Nov 21, 2022

Thanks for stepping up @nehaljwani 👍

If it plugs all the known security holes, I'm in favour of 0.27.6 asap, as it has some useful added functionality and bug fixes backported.

Re the next version, I don't really care what it's called, as long it comes soonish as well (there are projects depending on exiv2 that are slowly starting to require at least C++17). One thing that needs to be sorted out though is the SO version mess (from that vantage point, I'm even ok w/ 0.28.0...)

@kevinbackhouse
Copy link
Collaborator

Those bogus CVEs have been rejected now. For example: https://nvd.nist.gov/vuln/detail/CVE-2022-3717

@postscript-dev
Copy link
Collaborator

@nehaljwani
Support for video was removed from the main branch however, some users requested this to be restored. @mohamedchebbii has worked hard to recover and modernise the code to be compatible with C++17. It would be good to include this in the new main release, if possible. @mohamedchebbii, how close is your work to being merged?

@mohamedchebbii
Copy link
Contributor

Hello @postscript-dev ,
I pushed my three pull requests and they seems good for me:
#2413
#2415
#2416

Please let me know, If I need to fix or add somthing else ?
Regards,

@postscript-dev
Copy link
Collaborator

@mohamedchebbii
Thanks for the update. As I don't have much free time, I was planning to leave your review to someone else.

@benmccann
Copy link
Contributor

The video support has been merged. Since it's a major feature, maybe the next release should be 0.28.0? It would be great to be able to get it out there. We're stuck on an outdated version of exiv2 (the last one with video support before it was removed), and are really looking forward to upgrading soon 😄 Thanks to @mohamedchebbii for all the great work on that feature and thanks to @piponazo for the reviews!

@kevinbackhouse
Copy link
Collaborator

As I just commented in #2450, I would like to roll back the recently merged video support until it has been better tested.

I think Exiv2 was in very good shape before those PRs were merged, so my suggestion is that we start preparing 0.27.6 and 1.0.0 releases based on the state of the code as it was on 2022-12-30.

@postscript-dev
Copy link
Collaborator

@nehaljwani
I was reading some closed issues and was reminded of something. In regards to a new main release, we now require a minimum of Windows 10 for the command line programs (#2090). This applies to the exiv2 app and sample programs that we include in the download. This caveat needs to be added to the Exiv2 website as part of the release.

@neheb
Copy link
Collaborator

neheb commented Jan 7, 2023

According to https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/setlocale-wsetlocale?view=msvc-170 , prior Windows versions can be supported if libc is statically linked.

@nehaljwani
Copy link
Collaborator

nehaljwani commented Jan 16, 2023

Exiv2 v0.27.6 2023-01-18

Topic More Info
Remaining ( 0) https://github.com/Exiv2/exiv2/milestone/10
Completed (41) https://github.com/Exiv2/exiv2/milestone/10?closed=1

Exiv2 v0.27.6 Acknowledgements

According to git shortlog -s -n v0.27.5..v0.27.6

Commits Author
30 Miloš Komarčević
20 Robin Mills
13 Luis Díaz Más
11 Kevin Backhouse
4 Luis Diaz
4 Nehal J Wani
3 Peter S
1 Christoph Hass

Exiv2 v0.27.6 Release Notes (updated 2023-01-16)

Group PR Topic Issue
Documentation #2404 Update docs concerning BMFF-based files #2398
#2328 Fix rename text in manpage #2290
Lens #2315 Add Nikon3.WhiteBalanceBias2
#2291 Add Nikon LensData v0802
#2243 Add some F mount lenses #2193, #2196, #2214
#2167 Initial support for OM System MakerNote #2126
#2046 Add Sony ARW compression to dict
Build #2315 Upgrade conan to version 1.51.0
#2241 Fix CI jobs - Update conan packages
#2142 Update CI actions
#2140 Update Windows CI workflows
#2033 Updating documentation to respect ctest
#2032 Switch Cygwin CI to GHA
#2025 Nightly pre-builds for 0.27 #1984
#2024 Running tests with ctest #2022
#2019 Switch MinGW CI to GHA
#2018 Fix conan ci
#2004 Streamline MinGW package installation for CI
#2003 Fix broken Cygwin/CI
#2002 Fix CMake build type #1558
Bugs & Fixes #2382 Exif start can be at any byte in payload, not word aligned #2381
#2375 Fix exception type when writing BMFF files #2350
#2333 Add more MIME type mappings for TIFF-based raws #2260
#2261 Fix naming of canon EF 35-80mm #2247
#2269 Replace assert with enforce #2268
#2256 PNG: always strip the existing iCCP chunk
#2239 Account for header bytes for Exif and XMP boxes #2233
#2194 Fix Integer overflow in Photoshop::setIptcIrb #2179
#2192 Fix Integer-overflow in sumToLong #2190
#2186 Fix out of bounds read in isValidBoxFileType() #2178
#2153 Fix in Jp2 metadata writing & improvements in reading #2147
#2139 Strip XMP raw packet before decoding #2126
#2045 Add tiff tags #2044
#2026 Add more DNG 1.6 tags
#2037 Fix bug in iterating over the elements of dateStrings #2036
#2030 Use memmove in TiffEncoder::updateDirEntry #2027
#2016 Treat Exif.Sony1.PreviewImage as undefined tag #2001
Tests #2269 Regression test for #2268 #2268

If I've failed to acknowledge anyone's contribution, I apologize. Please let me know and I'll update this comment.

@kmilos
Copy link
Collaborator

kmilos commented Jan 16, 2023

Thanks! @nehaljwani

Since this is also driven by security needs, maybe it's worth listing what CVEs have been plugged in the release notes as well? @kevinbackhouse

@kevinbackhouse
Copy link
Collaborator

Thanks! @nehaljwani

Since this is also driven by security needs, maybe it's worth listing what CVEs have been plugged in the release notes as well? @kevinbackhouse

No new CVEs in this release. All known security bugs were caught during development and never made it into an official release.

@kmilos
Copy link
Collaborator

kmilos commented Jan 16, 2023

All known security bugs were caught during development and never made it into an official release.

I just re-read your response a while back - so no valid CVEs against 0.27.5, and the release notes look good then. 👍

@nehaljwani
Copy link
Collaborator

Dear folks, Exiv2 v0.27.6 has been released!

... 1.0.0 releases based on the state of the code as it was on 2022-12-30.

I'll start working on the v1.0.0 major release based on 9ca161d

Please raise concerns, if any.

@kmilos
Copy link
Collaborator

kmilos commented Jan 19, 2023

I'll start working on the v1.0.0 major release based on 9ca161d

Please raise concerns, if any.

See again #2406 (comment)

@jim-easterbrook
Copy link
Contributor

Do you plan to add a Source download to the Linux, Darwin and msvc? The Download Source button on the exiv2.org download page is currently broken.

@postscript-dev
Copy link
Collaborator

@nehaljwani
I noticed that the release notes for 0.27.6 are missing on https://exiv2.org/whatsnew.html . Hopefully a simple fix.

@kmilos
Copy link
Collaborator

kmilos commented Apr 17, 2023

I disagree - main has been in a bad state for a while, best to address it.

@benmccann
Copy link
Contributor

benmccann commented Apr 17, 2023

Sure, but if we're going with 0.28.0, we don't need to block cutting a release on fixing main. Not that we shouldn't still fix main, but it doesn't need to be a blocker

@kmilos
Copy link
Collaborator

kmilos commented Apr 17, 2023

Merged now 😉

@benmccann
Copy link
Contributor

It looks like the votes are evenly split between 0.28.0 and 1.0 currently. Perhaps others would like to weigh in to break the tie?

@neheb
Copy link
Collaborator

neheb commented Apr 19, 2023

https://0ver.org

@1div0
Copy link
Collaborator

1div0 commented Apr 20, 2023

1 dot zero/eu

@benmccann
Copy link
Contributor

It looks like 0.28.0 is the leader. Shall we cut the release as 0.28.0 then @nehaljwani?

@perdrix52
Copy link

perdrix52 commented Apr 21, 2023

@nehaljwani PLEASE release a new release with the auto_ptr to unique_ptr changes ASAP. My project is now converted to C++20 and I cannot use 27.6 . My only other option would be to DL nightly build and I am very wary of doing that.

If the code is considered stable enough for other projects to rely on, I suggest you move to 1.1.0 (Version 1 Release 1 Mod level 0) release not 0.28.0

Thanks
David

@1div0
Copy link
Collaborator

1div0 commented Apr 22, 2023

Better to avoid .0 release.

1.1.0 w/ BMFF & video.

@perdrix52
Copy link

perdrix52 commented Apr 27, 2023

Don't you mean the only thing to be done after fixing the bugs I reported ...

David

@krupkat
Copy link

krupkat commented Apr 27, 2023

Don't you mean the only thing to be done after fixing the bugs I reported ...

Please be more polite to the developers.

@perdrix52
Copy link

I don't see that what I said was impolite - maybe it came over like that? If so I apologise.

However at least one issue I reported meant the code wouldn't link on Windows 11

@neheb
Copy link
Collaborator

neheb commented Apr 30, 2023

Found an issue on big endian with the new video code. I don't think it's a big enough issue to hold back any release.

@benmccann
Copy link
Contributor

Good find. I agree it should not be a blocker as most users will be little endian and it's not a regression since it's in new functionality.

@pkrause1980
Copy link

Can issue #2206 be considered.? Thanks!

@nehaljwani
Copy link
Collaborator

nehaljwani commented Apr 30, 2023

Exiv2 v0.28.0 2023-05-08

Acknowledgements

According to git shortlog -s -n v0.27.6..v0.28.0

Commits Author
433 Rosen Penev
417 Kevin Backhouse
368 Luis Díaz Más
94 Miloš Komarčević
87 Peter S
72 Christoph Hasse
52 Robin Mills
46 Mohamed Ali Chebbi
37 Luis Diaz
36 Alex Esseling
24 Peter
19 Luis Diaz Mas
18 Viktor Schneider
15 norbertwg
8 Sturmflut
7 Alexander Steffen
7 Michael Allman
5 Jim Easterbrook
5 dependabot[bot]
4 Dmitry Fedorov
4 Gribouilleuse
3 Colin Watson
3 mergify[bot]
2 Alan01
2 David Houlder
2 Evan Miller
2 Heiko Bauke
2 Peter Kovář
2 tbeu
1 Andrea Giudiceandrea
1 Antonio Rojas
1 Attila Oláh
1 Ben McCann
1 D4N
1 Daniel Vogelbacher
1 Eli Schwartz
1 Fabrice Fontaine
1 Facundo
1 Jakub Wilk
1 Jeka Pats
1 John55h
1 Josh Soref
1 Matthias Kuhn
1 Moshe Kaplan
1 Nehal J Wani
1 Shawn Baker
1 Steve Robbins
1 andyrtr
1 codesee-maps[bot]
1 mousepotato
1 nulllinie

Release Notes

Group PR Topic Reference
Documentation #1564 Update security process
#1569 Doc: Update links in main so that the CI badges point to the proper branches
#1605 READMEs: Add whitespace around atx-style headers
#1686 docs: fix example command in man pages. closes #1685
#1693 Update README.md
#1872 Update exiv2 program and manpage
#1892 Update SECURITY.md
#1905 Update website docs
#1914 Update manpage and use in related files
#1964 Fix doc description of Image::iccProfileDefined() #1953
#2034 Updating documentation on main to respect ctest
#2038 Clarify policy on when a bug is considered a security issue
#2043 Update test file location in manpage
#2067 Spelling
#2070 Fix branch names in CONTRIBUTING.md (master was renamed to main)
#2075 Fix branch names in GIT_GUIDELINES.md (master was renamed to main)
#2076 Update markdown documentation
#2088 Upgrade documentation regarding CMake & Tests
#2113 Add tag website build text to README.md
#2122 Use SPDX for licenses
#2293 po: update files
#2331 Add request for exiv2 version/source (bug report)
#2405 Update README.md wrt BMFF
#2445 Update da.po
Build/CI/Fuzz/CodeScan/CodeCov/GHA/Tests #1546 Fix CI for Ubuntu 18.04
#1559 Fix Cmake Build Type #1558
#1560 Re-enable Sanitizers Build
#1565 Fix Include Path #1516
#1582 Main - GitHub actions
#1585 Update conan version & recipes + improvements on GTest & CMake
#1586 Update bmffimage.hpp include order and path
#1588 CI: rescue appveyor config from old-master and backup others
#1597 fix archlinux ci build
#1599 ci-travis: Fix valgrind build
#1613 Increase the number of windows configurations in GitHub Actions + remove appveyor
#1615 Add missing public headers to install target
#1626 Moving all CI jobs to GitHub
#1640 CMake target for creating local coverage reports
#1641 ci - Add coverage run on main branch
#1642 Use Ninja in all the CI jobs
#1649 Usage of CTest
#1654 Show CI status in README.md + Fix linux distros jobs
#1655 Hide windows x86 random failures on CI
#1662 Ci fix python requirement
#1676 feat: Setup github actions workflow to build tagged release and nightly pre-release
#1690 fix: prevent creation of nightly release with draf==true
#1694 fix: workaround for centos-8 ci failure
#1718 Fix building for ios
#1722 Fix build with gtest 1.11
#1747 Codeql analysis
#1756 Add BUILD_WITH_STACK_PROTECTOR option
#1768 Add custom CodeQL query for null iterator deref
#1771 CodeQL query to detect unsafe uses of std::vector::operator[]
#1773 Add fuzz target
#1775 Fix code scanning alert: "Multiplication result converted to larger type"
#1781 Ignore results in the xmpsdk directory
#1803 refactor: small cleanup of test infra to avoid duplicate runs
#1804 Add fuzzing dictionary and test all printStructure() options
#1806 Call Metadatum::print() to increase fuzzing coverage
#1807 Update codecov badge in readme to show results of main branch
#1809 update codecov config
#1813 Add sanitizer flags when fuzzing
#1863 workaround for softprops/action-gh-release#139
#1869 Decouple EXIV2_BUILD_FUZZ_TESTS from EXIV2_TEAM_USE_SANITIZERS
#1875 Add special build mode for OSS-Fuzz
#1876 Add OSS-Fuzz status badge and CIFuzz integration
#1883 Only build XMLValidator when XMP is enabled
#1898 Standardize on conan 1.39.0
#1899 Add doc to release workflow
#1900 Remove unused constructor that was causing a build failure in OSS-Fuzz
#1907 Add custom update-pot target
#1908 Annotate some strings with xgettext:no-c-format
#1915 Pass -fstack-protector-strong to linker
#1916 Explicitly test for libproc.h
#1927 Add second test to improve code coverage
#1940 Add workaround for conan outage
#1942 Fix Conan on macOS
#1943 Fix Conan on macOS (another one)
#1962 Fix macOS build failure
#1976 Try a newer version of Conan.
#1986 Remove Conan from MacOS build
#1987 Remove opensuse/tumbleweed
#1988 Add/Update git templates from old-master
#1992 libcurl is now optional. Updated to the latest versions of libcurl and expat.
#2021 ci: upgrade conan version on github actions
#2035 Forward CI changes
#2047 Revisiting cmake code for generating coverage reports
#2049 Rename GHA workflows for having more intuitive navigation
#2058 Fix pr#2053 for native Windows builds
#2060 Extend unit tests for BMP & Datasets
#2061 Adding static analysis with PVS-Studio
#2066 Upgrade centos:8 to centos-stream
#2080 Revise python test and dependencies to sample applications
#2085 ci-conan: be more explicit about desired compiler in conan profile
#2086 Fix Release pipeline
#2092 ci: remove conanCache from release workflow. Use newer python
#2094 fix(testing): fix codecov.yml
#2098 Remove PR-Status badges from README
#2101 Linux distros jobs on PRs + Fix linking issues on some platforms #2100
#2106 Install new image_types.h header #2105
#2123 Add a workflow build/test for macOS+Sanitizers
#2143 Update CI actions
#2171 also run clang-format check action on pull request
#2185 ci: Try to fix job which is killed due to low memory?
#2187 Produce releases with Interprocedural optimisations (LTO)
#2189 Fix compilation issues when when using Ubuntu 18.04 + clang12
#2210 ci: move pvsStudio job to its own workflow & use new flag
#2222 Addition of CMake presets for common build configurations + Conan automation
#2240 Fix CI jobs - Update conan packages
#2242 Fix special builds for main
#2262 fix nightly release build by disabling webready and curl for release builds
#2264 fix(ci) adapt to breaking changes of upgrading github-script [ci skip]
#2273 Eliminate some false positive results
#2294 CI: cancel running jobs on updates
#2312 mingw fixes
#2314 Upgrade conan to version 1.51.0
#2318 don't use w32 sockets for cygwin
#2334 Update git issue report
#2342 Update git feature request
#2361 Bump conan version to 1.52.0
#2419 improved in-progress job canceling
#2426 Remove deprecated option in conan
#2431 Enable Workflow dispatch on Windows CI jobs
#2433 Replace cygwin github action
#2437 Install the CodeSee workflow
#2439 Update ubuntu-latest tag to ubuntu-22.04
#2457 Add inih dependency to release workflow
#2464 contrib: add meson build
#2465 Add EXIV2_ENABLE_INIH flag to enable building without libinih
#2468 inih now available for Cygwin
#2471 Improve pkg-config file generation
#2496 cmake cleanups
#2497 meson CI: test static library as well
#2498 unitTests: fix old API usage
#2502 link against gtest-main
#2505 meson CI additions
#2510 meson CI changes
#2513 coverity fixes
#2514 github CI: use ilammy/msvc-dev-cmd
#2516 github CI: add dependabot
#2517 Bump actions/cache from 2 to 3
#2518 Bump DoozyX/clang-format-lint-action from 0.14 to 0.15
#2519 Bump actions/setup-python from 3 to 4
#2523 mostly meson CI updates
#2525 coverity: remove dead code
#2536 meson updates
#2537 github CI: update conan
#2540 update conan
#2546 meson CI: use vc++latest
#2553 meson CI: add FreeBSD and MSYS
#2554 meson: compile convert.cpp separately, with just iconv
#2560 meson updates
#2575 don't compile WIN32 stuff when iconv is present
#2576 meson: fix tests when zlib is disabled
#2577 geotag: fix compilation with MSYS
#2580 meson CI changes
#2584 Bump cygwin/cygwin-install-action from 3 to 4
#2587 Add test case (complements #2567)
#2595 Bump DoozyX/clang-format-lint-action from 0.15 to 0.16
#2600 Make CMake summary for samples depend on app
Bugs/Security Fixes #1612 Add bounds check in Jp2Image::doWriteMetadata() GHSA-7569-phvm-vwc2
#1547 fix_1416_iptc_DateCreated
#1573 Fix out-of-bounds read in bmffimage.cpp
#1583 Fix -Werror=shadow warning after recovering EPS
#1620 Prevent large allocation. (backport #1592)
#1621 Fix infinite loop caused by subBox with zero size
#1625 Early access is always compiled
#1635 fix bad for range loop
#1636 Use readOrThrow to check error conditions of io.read() (backport #1627)
#1644 fix compilation with EXIV2_DEBUG_MESSAGES
#1658 Fix quadratic complexity performance bug (backport #1657)
#1684 fix gcc fanalyzer problems
#1689 Fix issues detected with PVS-Studio + other little improvements
#1691 correct identification for Tamron SP 24-70mm G2 A032
#1714 Fix compilation with -Wunused-variable
#1753 Avoid integer divide by zero (backport #1750)
#1755 Fix incorrect loop condition (backport #1752)
#1761 Check that the iterator is not end() after calling findKey (backport #1758)
#1767 Fix null iterator deref in printCsLensTypeByMetadata #1763
#1774 Avoid processing MOV (quicktime) files when BMFF is enabled #1724
#1779 Fix assertion failure in crwimage_int.cpp (backport #1739)
#1780 Fix infinite loop in Image::printIFDStructure GHSA-m479-7frc-gqqg
#1783 fix: SIGSEGV on parsing of config file.
#1784 fix: add Sigma 30mm f/1.4 DC DN C to canon lens detection
#1786 Safer std::vector indexing GHSA-v5g7-46xf-h728
#1787 Extra checking to prevent loop counter from wrapping around GHSA-hqjh-hpv8-8r9p
#1794 Enforce BMFF box nesting #1793
#1797 Make sure that read is complete to prevent infinite loop GHSA-9jh3-fcc3-g6hv
#1798 &bytes[0] (std::vector) will crash if bytes has zero elements https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq
#1799 bufRead needs to be adjusted after seek() GHSA-mvc4-g5pv-4qqq
#1822 Add bounds-check to prevent out-of-bounds read in memcmp #1815
#1823 Fix memory leak in pngimage.cpp #1817
#1824 Corrected JPEG XL file type
#1825 jp2image.cpp: check size before allocation to avoid out-of-memory errors #1812
#1826 Check that the string isn't empty #1819
#1832 Check value is in range before casting from double to uint32_t #1827
#1835 fix: incorrectly triggered enforce check during preview extraction
#1836 Replace assertion with an error message #1833
#1837 Safer casting from double to long in value.hpp #1830
#1843 Check that the float is within the range of an int before casting #1838
#1844 Use DataBuf rather than raw malloc in WebPImage::decodeChunks #1841
#1849 Replace assertion with an error message #1847
#1851 Check if embedded RAF image is really a TIFF (backport #1796)
#1852 Replace assertion with error message in TiffDirectory::writeDirEntry() #1845
#1853 Add test for issue 1821 #1821
#1857 Fix compiler warning on Apple/M1/Clang #1856
#1878 Add some XML validation to avoid xmpsdk bugs #1877
#1882 Throw an error if the size of the preview is greater than 1MB #1881
#1886 Make fields of DataBuf private
#1888 Avoid reading 1 byte off the end when the string does not contain a '\0' byte #1887
#1902 Comment out bogus code in XMPUtils.cpp #1901
#1910 Fix quadratic loops in pentaxmn_int.cpp #1909
#1913 Fix integer overflow in print0x0007 #1912
#1918 fix out of range access, minor performance improvement https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1942799
#1919 fix for reading jpeg-xr images
#1921 Fix UBSAN failure caused by left-shift of negative number #1920
#1929 Fix exiv2 -pR for Sony images #1805
#1932 Update canonmn_int.cpp to correct lens "Canon EF 80-200mm f/4.5-5.6 II" #1906
#1947 Hide "static constexpr auto" from SWIG
#1955 Fix integer overflow in leap year calculation #1954
#1973 Only include expat.h when XMP is enabled. (backport #1972)
#1979 Add exiv2 extract thumb to stdout #1934
#1999 Restore modified tags after TZ manipulation #1998
#2000 Fix exiv2: verbose extract to stdout #1934
#2007 Fix integer overflow in PanasonicMakerNote::printAccelerometer #2006
#2015 Treat Exif.Sony1.PreviewImage as undefined tag #2001
#2028 Use memmove in TiffEncoder::updateDirEntry #2027
#2039 Fix bug in loop. It wasn't iterating over the elements of dateStrings as intended #2036
#2053 Update XMP tags for IPTC 2021.1 #1959
#2068 Fix exiv2: verbose extract stdout mutli-file
#2078 Revert "Delete dead code"
#2090 Get argv from main entry point encoded as UTF-8 #1996
#2111 Catch std::exception in iptcprint
#2112 Fix test_pr_1905.py for native 2019msvc64 (#2108)
#2133 Strip XMP raw packet before decoding #2126
#2137 Recover IptDataSets::recordId in the API
#2146 DateValue is now a bit more permissive with malformed dates #2144
#2155 Fix in Jp2 metadata writing & improvements in reading (2) #2147
#2161 Use std::round() in float_to_integer_helper #2160
#2180 Fix out of bounds read in isValidBoxFileType() #2178
#2181 Fix integer overflow #2179
#2191 Detect integer-overflow and throw in that case #2190
#2205 Fix issues on ARM builds
#2219 fix mmap compilation
#2232 Fix UNIX-like system installation script
#2234 Account for header bytes for Exif and XMP boxes #2233
#2236 add missing memory header for std::unique_ptr in values.hpp
#2244 More bounds checking in Adjust::adjustDateTime
#2248 fix naming of canon EF 35-80mm. #2247
#2254 PNG: always strip the existing iCCP chunk
#2265 Fix some incorrect format specifiers
#2272 Replace assert with enforce #2268
#2275 Fix some "unsafe vector access" warnings
#2321 Fix integer overflow in printDegrees #2320
#2341 fix(quicktimevideo) avoid out of bounds read, closes #2340
#2343 Fix UBSAN failure in floatToRationalCast
#2346 Fix buffer overflow in QuickTimeVideo::tagDecoder #2345
#2347 Avoid potential integer overflow in QuickTimeVideo::userDataDecoder
#2348 Don't allow zero width/height in WebPImage::inject_VP8X #2270
#2353 Fix bounds-checking bug in floatToRationalCast
#2364 Fix/add exceptions for BMFF based files
#2365 attempt to fix &(*x) MSVC thing
#2378 Fix bugs in QuickTimeVideo::userDataDecoder #2376, #2377
#2384 Avoid null pointer deref #2383
#2386 Avoid integer overflow when temp == INT_MIN
#2387 Fix bug in (unused) non-mmap code
#2394 stop looping when eof is hit #2393
#2403 Fix seg fault when using iconv_open()
#2424 Fix long-running loop in QuickTimeVideo::sampleDesc #2423
#2428 Fix memory leak in BmffImage::brotliUncompress #2427
#2440 Prefer writing PNG eXIf chunk #2250
#2466 Silence unused parameter warning when EXV_ENABLE_INIH is undefined
#2473 fix WIN32 macro
#2475 xmpsdk: Fix dangling pointer warning
#2476 fix C++20 deprecation warning
#2479 Export QuickTimeVideo
#2509 check that block is not corrupted before decoding
#2527 Fix test failures on 32-bit platforms (attempt 3)
#2530 asfvideo fuzz issue : nb_headers should not exceed the max value of uint32
#2533 Fix long-running loop
#2534 Fix integer overflow which enables enforce to be bypassed
#2544 Check that the pointer isn't NULL
#2551 Minor refactorings to stop UBSAN from complaining #2539
#2552 fix compilation under FreeBSD
#2567 makernotes: workaround for Olympus header corruption
#2581 fix asfvideo unicode handling
#2585 Uppercase Pentax to PENTAX at lines 819 to 822
#2586 Current master fails with image #2565
Library Features/Improvements #1545 bump_v1.00_version
#1548 Add Exif Gamma tag
#1551 Improve printing of GPS info #1541
#1554 Enable BMFF by default
#1562 Main drop deprecated stuff
#1578 Main jp2 image bounts
#1579 Main WebPImage bounds
#1580 Main - Recover EPS
#1584 Main jp2 image fixes
#1600 Replace RWLock with c++11 utils
#1601 Move include/CMake content to src
#1633 Copy mergify file from 0.27-maintenance
#1666 jzon changes
#1692 New Canon Lens Identification + Automatic Test of all Lenses
#1725 add lens: Olympus M.ZUIKO DIGITAL ED 12-45mm F4.0 PRO
#1729 Use official Canon RF lens model names
#1738 Add –lint to exifprint
#1744 Stricter date parsing in value.cpp (backport #1720)
#1746 Three tag descriptions corrected
#1762 Better bounds checking in Jp2Image::printStructure (backport #1759)
#1765 Add Exif.Image.PageName tag
#1772 Add SonyMisc1 (Tag 0x9403) makernote tags #280
#1777 Update Sony2Fp tags
#1792 Add SonyMisc2b makernote tags (tag 9404)
#1800 Add SonyMisc3c makernote tags (tag 9400)
#1802 feat: support matching of Canon EF 100-400 2x lens
#1808 Add SonySInfo1 makernote tags (tag 3000)
#1922 Add SonyMisc(2b|3c) Groups for Sony TIFF files
#1926 Add conditions to 2 Sony temperature tags
#1944 Extending Nikon3.ColorBalance version coverage
#1946 JPEG-XR test file
#1949 add support for more fujifilm tags
#1958 Canon cr3 previews
#1963 Add NikonFl7 makernotes group #1941
#1967 Add readOrThrow and seekOrThrow to BasicIo
#1970 Output of -PV was not suitable for inputting to -m-,key was missing.
#1974 BMFF Performance boost: don't read boxes we're not interested in #1961
#1978 Limit CR3 previews to JPEG only #1893
#1994 Add camera models for NikonFl3 makernotes group
#2023 Add more DNG 1.6 tags
#2051 More tests for PNG code
#2069 Add Sigma 12-24mm F4 DG HSM Art lens for Nikon
#2071 Add instructions for adding new Nikon F mount lenses
#2072 [nikon] Add Tokina ATX-i 11-20mm F2.8 CF lens
#2073 Add Tokina AT-X 14-20 F2 PRO DX lens
#2087 Update canon tags 2
#2091 feat(testing) add new regression test to run exiv2 over every test file
#2093 New ImageTypes enum class
#2110 Make Nikon ContrastDetectAFInFocus tags Bytes that print as "Yes" or "No"
#2149 Add key name to "Value not set" error message
#2172 Initial support for OM System MakerNote #2126
#2183 Remove exiv2json sample and tests depending on it
#2203 Create da.po
#2215 Add some F mount lenses #2193, #2196, #2214
#2216 Add more Canon RF lenses
#2249 Update olympus tags (#2246)
#2257 C++11 compatibility for headers
#2274 Update Nikon flash tags
#2279 Add tag description option to exiv2 app
#2287 Add Nikon LensData v0802
#2311 Add Nikon3.WhiteBalanceBias2
#2323 Update Sony(1|2) tags
#2337 Restore some video capabilities by restoring quicktimevideo.cpp
#2374 several keys added to easyaccess #2338
#2381 Support brotli compressed boxes in JPEG XL
#2389 Update makernote model ID tags
#2412 Remove duplicate tag info entries fujifilm
#2413 1748 Video Support in V1.0: part 1/3 : support MatroskaViedo
#2415 1748 Video Support in V1.0: part 2/3 : support Riffvideo
#2416 1748 Video Support in V1.0: part 3/3 : support Asfvideo
#2417 Add Canon R6m2 ID
#2420 Update Exif.SonyMisc3c.* and Exif.Sony(1|2).SonyModelID
#2422 Interpretation for Exif.Photo.LensSpecification
#2434 Rename resp. remove duplicate exif keys
#2443 Remove libinih from codebase and add it as a dependency instead #1811
#2444 Lens Recognition HD PENTAX-DA* 11-18mm F2.8 ED DC AW #2388
#2448 Encapsulate video support with compilation variable EXV_ENABLE_VIDEO
#2458 Rework Asf, Riff video, test data and fix OSS-Fuzz issues
#2461 Delete contrib/organize directory
#2472 Fix shared object versioning
#2501 Update some Canon IDs
#2506 Enable video support by default
#2507 Video code enhancements
#2535 Enable video support by default
#2568 Add some more Nikon Z lenses
#2569 Add Sony ZV-E1 ID
#2574 Minimal support for parsing DCP files
#2582 Update Sony file format table #2569
#2583 Addition of 4 lenses Pentax
Code Improvements #1555 C++ Modernization: auto_ptr→unique_ptr
#1563 xmpsdk: don't use register
#1568 Clean wdeprecated-copy warnings and others
#1572 Use auto for iterators
#1593 clang-tidy: use = delete
#1594 convert Pair to std::pair
#1595 clang-tidy: use braced init list
#1596 clang-tidy: range for loop conversions
#1607 clang-tidy: use = default
#1608 clang-tidy: simplify boolean expressions
#1609 clang-tidy: don't check for NULL with delete
#1610 clang-tidy: use using
#1611 clang-tidy: remove pointless static
#1614 clang-tidy: use default member init
#1617 clang-tidy: use override
#1618 clang-tidy: use empty() instead of comparing size
#1619 clang-tidy string cleanups
#1629 default con/destructors in headers
#1630 clang-tidy: fix declartation names
#1631 clang-tidy: remove redundant member init
#1634 clang-tidy: remove duplicate public
#1637 clang-tidy: remove pointless const
#1638 clang-tidy: range loop conversions
#1645 clang-tidy: add ending namespace comments
#1646 clang-tidy: use uppercase numeric literals
#1647 clang-tidy: fix badly indented if
#1650 clang-tidy: make several member functions const
#1651 clang-tidy: don't use else after return
#1652 replace {} initialization with fill
#1653 manual for range conversions
#1659 constexpr and member init changes.
#1660 clang-tidy: use auto
#1661 clang-tidy performance checks
#1663 clang-tidy: convert to static
#1664 clang-tidy: use C++ casting
#1665 clang-tidy: add missing explicit
#1667 default con/destructors in headers
#1668 clang-tidy: fix ending namespace comnments
#1669 use auto in template
#1670 clang-tidy: use dynamic cast
#1671 clang-tidy: no else after return
#1672 clang-tidy: remove pointless member init
#1673 clang-tidy: remove pointless return
#1674 clang-tidy: avoid global non const variables
#1677 remove initializers
#1678 clang-tidy: use nullptr
#1687 Remove free() function from DataBuf
#1695 con/destructor fixes
#1697 clang-tidy: use = default
#1698 clang-tidy: use default member init
#1699 clang-tidy: use braced init list
#1701 clang-tidy: do not use else after return
#1702 clang-tidy: simplify bools
#1704 remove old MSVC hacks
#1707 clang-tidy: replace virtual with override
#1708 clang-tidy: do not use 0 for bool
#1709 clang-tidy: add explicit
#1710 clang-tidy: use override
#1711 clang-tidy: use auto
#1712 clang-tidy: pass by value
#1727 Replace sprintf with snprintf.
#1730 clang-tidy: replace throw with noexcept
#1731 clang-tidy: remove redundant specifiers
#1734 clang-tidy: remove dedundant initializer
#1736 Remove obsolete snprintf macros.
#1741 Use vector::at() rather than operator[] (backport #1735)
#1743 Zero initialize local variables.
#1749 clang-tidy: use nullptr
#1751 Defensive coding to avoid 0x80000000/0xFFFFFFFF FPE
#1785 Replace use of Linux only regex.h with STL <regex>
#1874 remove most usages of std::make_pair
#1930 Clarify ownership model of CiffComponent::pData_
#1956 Use std::move to transfer ownership of DataBufs
#2040 Use std::shared_ptr for storage in TiffEntryBase
#2052 Upgrade C++ standard to c++17
#2062 Replace Value::toLong with Value::toInt64.
#2063 Modernise code around iterators & smart pointers
#2099 Separate exiv2 app source files from exiv2lib src folder
#2107 Replace Metadatum::toLong() with Metadatum::toInt64()
#2109 Refactoring & cleanup
#2118 Refactoring & Cleanup (Moving to size_t usage & less naked new/deletes)
#2124 mostly clang-tidy cleanups
#2125 some clang-tidy
#2127 use make_unsigned_t
#2129 conversions to make_unique
#2130 misc stuff
#2131 Include what you use + more SPDX identifiers + few other cleanups
#2132 misc cleanups
#2135 manual nullptr removals
#2141 Improvements in the Error class #2116
#2145 More migration to size_t
#2148 some std::array conversions
#2152 clang-format whole project + new CI workflow for checking style
#2154 clang-tidy: C array to std::array conversions
#2158 array and constexpr conversions
#2163 Another cleanup round in main
#2169 remove various usages of memset
#2170 add .git-blame-ignore-revs file and add clang-format commit to it
#2175 mostly nodiscard
#2176 remove unused var from deleted stuff
#2177 clang-tidy and manual stuff
#2182 Update .clang-format to align pointers to the types
#2195 structured binding conversions
#2197 Refactoring in JpegImage and Photoshop classes
#2198 some clang-tidy
#2200 clang-tidy with headers
#2201 clang-tidy
#2207 add constexpr constructor
#2209 Improvements around TODO comments
#2211 clang-tidy: default member init
#2212
#2213 minor clang-tidy fixes
#2218 replace readlink with std::filesystem
#2228 use _v
#2231 types cleanup exiv2app.hpp
#2245 clang-tidy 14 fixes
#2251 Change return type of BasicIo::tell() to size_t
#2252 clang-tidy: use default member init
#2266 Fix some "signed shift" warnings
#2267 mostly clang-tidy fixes
#2271 Fix some "signed shift" warnings
#2276 Move enums from tags_int.hpp to tags.hpp
#2277 Simplify the iptcDataSegs logic in jpgimage.cpp
#2278 various manual cleanups
#2280 Use int32_t in TimeValue
#2281 Change the return type of the 2Data functions to size_t
#2282 Don't use long in floatToRationalCast
#2283 Convert type of depth parameter to size_t
#2284 remove friend operator
#2286 some sonarlint cleanups
#2288 make_unique conversions
#2289 return make_unique directly
#2296 Use size_t for the offset argument in TiffComponent
#2297 misc sonarlint changes
#2298 Fix clang-tidy warning about double move
#2299 Use std::map for faster lookup
#2300 replace structs with std::pair
#2301 strcmp to == conversions
#2302 get rid of extern const
#2304 Use std::unordered_set for tiffImageTags
#2305 Use std::unordered_map for TiffTreeStruct lookup
#2306 remove GroupName struct
#2307 Use startsWith
#2309 misc cleanups
#2313 revert std::function back to function pointers
#2317 manual replacement of [0] with front()
#2319 misc stuff
#2329 mostly string changes
#2330 replace custom gcd function with std
#2332 remove using
#2335 move structured bindings up
#2336 misc sonarlint stuff
#2363 Use getULong to read unsigned numbers
#2367 Resize buffer to avoid overflow in QuickTimeVideo::userDataDecoder
#2369 cland-tidy: simplify booleans
#2372 get rid of nested if conditions
#2390 Use Safe::add() in tiffvisitor_int.cpp
#2392 Avoid buffer reallocation
#2395 Use std::is_signed and std::enable_if
#2396 replace find/rfind with startsWith
#2397 replace while loop with for range.
#2399 Change return type of getFileLength() to int64_t
#2400 Change the interface of tiffcomposite_int.hpp to use size_t
#2447 clang-tidy fixes
#2449 more clang-tidy
#2452 clang-tidy on Windows
#2453 wmain: build as c++ instead of c
#2455 manual fixes
#2462 find changes
#2474 use gnu_printf
#2477 static_cast
#2478 cppcheck fixes
#2480 move inline to declaration
#2481 safe_op: C++17 improvements
#2482 add static to inline
#2483 clang-tidy: add const to parameter
#2484 add support for gcc and clang 7
#2485 use __has_include
#2486 xmpsdk: Unconditionally use <stdint.h>
#2488 remove manual math
#2489 work around windows.h min/max macros
#2492 remove deleted functions
#2493 small clang-tidy fixes
#2494 meson: g++-[789] build
#2495 meson: add unit tests
#2499 add missing &
#2500 add contains function
#2503 remove base constructor
#2504 fixes
#2508 more fixes
#2520 Use double type to improve floating point accuracy
#2528 SonarLint cleanups
#2531 more SonarLint cleanups
#2543 Convert tail-recursion to loop to avoid stack exhaustion
#2545 Use enforce, not assert, to avoid crash
#2548 add various moves
#2555 get rid of EXV_CALL_MEMBER_FN
#2556 various clang fixes
#2558 Explicitly include stdint
#2559 std::array removals
#2562 easyaccess const changes
#2563 remove codecvt
#2564 sonarlint cleanups
#2570 direct initialize some structs
#2571 use using in slice
#2572 clang-tidy: remove const from data members

I've tried to categorize commits based on relevance to the closest group.

If I've failed to acknowledge anyone's contribution, I apologize. Please let me know and I'll update this comment.

I'll attempt to cut a release based on the state of votes at #2406 (comment), on the weekend following Cinco De Mayo. Please go through the changelog (maybe it will make you reconsider your vote 😉) .

@nehaljwani
Copy link
Collaborator

nehaljwani commented May 5, 2023

@piponazo @hassec Could you please cast your vote in #2406 (comment) as well?

@nehaljwani
Copy link
Collaborator

Exiv2 v0.28.0 has been released.

@kevinbackhouse
Copy link
Collaborator

Thanks @nehaljwani!

@benmccann
Copy link
Contributor

Yes, thank you @nehaljwani! I'm so appreciative!!

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue May 16, 2023
No short list of changes found, long version here:
Exiv2/exiv2#2406 (comment)
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this issue Jul 1, 2023
https://build.opensuse.org/request/show/1096176
by user dirkmueller + dimstar_suse
- add a x86-64-v3 build, remove 32bit build (not used)

- drop old C++ standard hack (patched line dropped in 0.28)
- use g++-11 for Leap 15 builds (fix for failed std::filesystem
  check)

- update to 0.28.0:
  - long list of improvements and security fixes, see
   Exiv2/exiv2#2406 (comment)
- drop always-use-signed-char-for-conversion.patch (code no longer exists)
- drop CVE-2022-3953.patch (merged upstream)
- drop xml-static subpackage, cannot be built from shared builds anymore
  and appears to be unused
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Sep 26, 2023
digiKam 8.1.0 - Release date: 2023-07-09

NEW FEATURES:

Print Creator: Add 4 new templates for 6.8 inchs photo paper.
General      : Improve usability of Image Properties sidebar tab.
Libraw       : Update to snapshot 2023-05-14
Bundles      : Update Exiv2 to last 0.28 release: Exiv2/exiv2#2406 (comment)
Bundles      : Update KF5 framework to last 5.106
Bundles      : Includes Breeze widgets style in MacOS package to render properly GUI contents.
Tags         : Add possibility to remove all face tags from selected items.
Tags         : Add possibility to remove all tags from selected items except face tags.

AND LOTS OF BUGFIXES.
ReillyBrogan added a commit to getsolus/packages that referenced this issue Oct 8, 2023
Release notes:
- [0.27.7](Exiv2/exiv2#2567 (comment))
- [0.27.6](Exiv2/exiv2#2406 (comment))

Signed-off-by: Reilly Brogan <reilly@reillybrogan.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests