Update to exiv2 version 0.27

Bump, was anything done with this?

Seems not

At this point, this would require a Feature Freeze Exception to be considered for Ubuntu 18.04 LTS.

https://wiki.ubuntu.com/FreezeExceptionProcess

You would need to be sure that you would be able to complete the transition:
https://people.canonical.com/~ubuntu-archive/transitions/html/exiv2.html

Also, why don't you ask the Debian maintainer why this was uploaded to experimental but not unstable yet?

Exiv2 0.25 as used by ubuntu 18.04 and the upcoming 18.10 is really obsolete and this brings all kinds of annoying problems with darktable - inability to recognize lenses and so on.

Even the current package in 18.10 is obsolete.

The update is still in Debian/experimental and require a transition
https://release.debian.org/transitions/html/auto-exiv2.html
Unsure if it's worth trying to do in Ubuntu before Debian though

This is actually blocked because 0.26 has *new* security issues.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865999#20
and https://security-tracker.debian.org/tracker/source-package/exiv2

Several of those issues are fixed at https://github.com/Exiv2/exiv2 but it's going to be a bit of work to handle all of that in Debian or Ubuntu.

Thanks Jeremy. It's a bit challenging for anyone doing photography work with recent hardware. Key apps like darktable and digicam rely on this library and ubuntu/debian are way behind. Last year's fedora had 0.26.

Flatpaks could help, I tried darktable's and it includes an updated exiv2, but it has a huge drawback, OpenCL doesnt work with flatpaks (or snaps) yet, so its useless in my case (my photography workstation is built specifically for photo editing with opencl)

I guess there is no choice but to try and build exiv2 manually and hope the system doesnt break :)

Is this going to be actioned for 20.04?

it doesn't look like it's going to be actioned at all,

focal (graphics): EXIF/IPTC/XMP metadata manipulation tool [universe]
0.25-4ubuntu3: amd64 arm64 armhf ppc64el s390x

which is awful, unfortunately. It's been 3 years now without an update. Not only for the security implications and all the known vulnerabilities but also for the problems this brings to other photography software that depends on exiv2, e.g. lensfun and all the apps that use lensfun, like darktable

exiv2 (0.27.2-7) just landed in debian unstable

Note that 0.27.2-8ubutnu1 dropped the previously applied patch for CVE-2019-17402 which is still required!

reuploaded thanks Rico!

I got tricked because the very same patch was applied on the function 10 lines above...

Closed via https://launchpad.net/ubuntu/+source/exiv2/0.27.2-8ubuntu2