exempi: add upstream patch fixing CVE-2018-12648

srcpkgs/exempi/patches/8ed2f034705fd2d032c81383eee8208fd4eee0ac.patch

@@ -0,0 +1,43 @@
+From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001
+From: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
+Date: Sat, 18 Aug 2018 13:54:55 +0000
+Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The WEBP::GetLE32 function in
+XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
+NULL pointer dereference.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=106981
+https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
+
+Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com>
+Signed-off-by: Hubert Figuière <hub@figuiere.net>
+---
+ XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+index ffaf220..4fe705b 100644
+--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
++++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
+ }
+ void VP8XChunk::xmp(bool hasXMP)
+ {
+-    XMP_Uns32 flags = GetLE32(&this->data[0]);
+-    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
+-    PutLE32(&this->data[0], flags);
++    if (&this->data[0] != NULL) {
++        XMP_Uns32 flags = GetLE32(&this->data[0]);
++        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
++        PutLE32(&this->data[0], flags);
++    }
+ }
+ 
+ Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
+-- 
+2.18.0
+

srcpkgs/exempi/template

@@ -1,7 +1,8 @@
 # Template file for 'exempi'
 pkgname=exempi
 version=2.4.5
-revision=1
+revision=2
+patch_args="-Np1"
 build_style=gnu-configure
 configure_args="--with-boost=${XBPS_CROSS_BASE}/usr --disable-static --disable-unittest"
 makedepends="zlib-devel expat-devel boost-devel"