diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-04-28 20:02:04 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-04-28 20:02:04 +0100 |
| commit | a4e2a46beb5e4858ef27bdedbb0ff6d2ced430ad (patch) | |
| tree | 852c90a4bf354c30ea66504f70bfab5401fba18d /media-gfx/exiv2/files | |
| parent | 5e8702bcbbed438e6c6cce023e7ef0cc9baa3e02 (diff) | |
gentoo resync : 28.04.2018
Diffstat (limited to 'media-gfx/exiv2/files')
3 files changed, 523 insertions, 52 deletions
diff --git a/media-gfx/exiv2/files/exiv2-0.26-pentaxnikon-crash.patch b/media-gfx/exiv2/files/exiv2-0.26-pentaxnikon-crash.patch deleted file mode 100644 index a66af8d5dc96..000000000000 --- a/media-gfx/exiv2/files/exiv2-0.26-pentaxnikon-crash.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 2dc166b04ca6152d01bff6627a332e89ddef24d1 Mon Sep 17 00:00:00 2001 -From: clanmills <robin@clanmills.com> -Date: Tue, 12 Sep 2017 09:14:42 +0100 -Subject: [PATCH 1/2] Fix http://dev.exiv2.org/issues/1305 - ---- - src/pentaxmn.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/pentaxmn.cpp b/src/pentaxmn.cpp -index 4fc38be0..b22cb43b 100644 ---- a/src/pentaxmn.cpp -+++ b/src/pentaxmn.cpp -@@ -1167,6 +1167,8 @@ namespace Exiv2 { - - std::ostream& PentaxMakerNote::printShutterCount(std::ostream& os, const Value& value, const ExifData* metadata) - { -+ if ( ! metadata ) return os << "undefined" ; -+ - ExifData::const_iterator dateIt = metadata->findKey( - ExifKey("Exif.PentaxDng.Date")); - if (dateIt == metadata->end()) { --- -2.13.6 - - -From 3bc0b91bcecefdad531129b1a934be1251021c95 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?M=C4=81ris=20Narti=C5=A1s?= <mn@sungis.lv> -Date: Mon, 18 Sep 2017 23:37:40 +0300 -Subject: [PATCH 2/2] Fix crash on undefined metadata on some Nikon images. - Identical to commit:5405d61623e82896e498c5c8342dd6f42e689115 - ---- - src/nikonmn.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/nikonmn.cpp b/src/nikonmn.cpp -index 571ab806..34bf601c 100644 ---- a/src/nikonmn.cpp -+++ b/src/nikonmn.cpp -@@ -299,6 +299,8 @@ namespace Exiv2 { - const Value& value, - const ExifData* exifData) - { -+ if ( ! exifData ) return os << "undefined" ; -+ - if ( value.count() >= 9 ) { - ByteOrder bo = getKeyString("Exif.MakerNote.ByteOrder",exifData) == "MM" ? bigEndian : littleEndian; - byte p[4]; --- -2.13.6 - diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch new file mode 100644 index 000000000000..d74ca59e3c01 --- /dev/null +++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch @@ -0,0 +1,484 @@ +From 8e31dd8c14fdc83f387f35dda7b1b70fbdbd70db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> +Date: Tue, 19 Dec 2017 19:52:41 +0100 +Subject: [PATCH 3/8] Only print items (Params::prValue) when size > 0 + +--- + src/actions.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/actions.cpp b/src/actions.cpp +index 9f850097..3963cb67 100644 +--- a/src/actions.cpp ++++ b/src/actions.cpp +@@ -713,8 +713,9 @@ namespace Action { + << std::setfill(' ') << std::right + << md.size(); + } +- if (Params::instance().printItems_ & Params::prValue) { +- if (!first) std::cout << " "; ++ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { ++ if (!first) ++ std::cout << " "; + first = false; + if ( Params::instance().binary_ + && ( md.typeId() == Exiv2::undefined +-- +2.17.0 + + +From 463485e5c1cc716108880f75b9c573715bf402b1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> +Date: Tue, 19 Dec 2017 19:54:17 +0100 +Subject: [PATCH 4/8] Move condition in if statement to discard work earlier + +--- + src/actions.cpp | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/actions.cpp b/src/actions.cpp +index 3963cb67..f51cb488 100644 +--- a/src/actions.cpp ++++ b/src/actions.cpp +@@ -717,11 +717,10 @@ namespace Action { + if (!first) + std::cout << " "; + first = false; +- if ( Params::instance().binary_ +- && ( md.typeId() == Exiv2::undefined ++ if (md.size() > 128 && Params::instance().binary_ && ( ++ md.typeId() == Exiv2::undefined + || md.typeId() == Exiv2::unsignedByte +- || md.typeId() == Exiv2::signedByte) +- && md.size() > 128) { ++ || md.typeId() == Exiv2::signedByte)) { + std::cout << _("(Binary value suppressed)") << std::endl; + return true; + } +-- +2.17.0 + + +From 7fe7501c01e5d1eec16a736062dd0c34d6408833 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> +Date: Tue, 19 Dec 2017 19:55:50 +0100 +Subject: [PATCH 5/8] Apply clang-format to Print::printMetadatum + +--- + src/actions.cpp | 110 ++++++++++++++++++++++++------------------------ + 1 file changed, 55 insertions(+), 55 deletions(-) + +diff --git a/src/actions.cpp b/src/actions.cpp +index f51cb488..b31d6ec6 100644 +--- a/src/actions.cpp ++++ b/src/actions.cpp +@@ -636,91 +636,90 @@ namespace Action { + + bool Print::printMetadatum(const Exiv2::Metadatum& md, const Exiv2::Image* pImage) + { +- if (!grepTag(md.key())) return false; +- if (!keyTag (md.key())) return false; ++ if (!grepTag(md.key())) ++ return false; ++ if (!keyTag(md.key())) ++ return false; + +- if ( Params::instance().unknown_ +- && md.tagName().substr(0, 2) == "0x") { ++ if (Params::instance().unknown_ && md.tagName().substr(0, 2) == "0x") { + return false; + } ++ + bool const manyFiles = Params::instance().files_.size() > 1; + if (manyFiles) { +- std::cout << std::setfill(' ') << std::left << std::setw(20) +- << path_ << " "; ++ std::cout << std::setfill(' ') << std::left << std::setw(20) << path_ << " "; + } ++ + bool first = true; + if (Params::instance().printItems_ & Params::prTag) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << "0x" << std::setw(4) << std::setfill('0') +- << std::right << std::hex +- << md.tag(); ++ std::cout << "0x" << std::setw(4) << std::setfill('0') << std::right << std::hex << md.tag(); + } + if (Params::instance().printItems_ & Params::prSet) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << "set" ; ++ std::cout << "set"; + } + if (Params::instance().printItems_ & Params::prGroup) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::setw(12) << std::setfill(' ') << std::left +- << md.groupName(); ++ std::cout << std::setw(12) << std::setfill(' ') << std::left << md.groupName(); + } + if (Params::instance().printItems_ & Params::prKey) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::setfill(' ') << std::left << std::setw(44) +- << md.key(); ++ std::cout << std::setfill(' ') << std::left << std::setw(44) << md.key(); + } + if (Params::instance().printItems_ & Params::prName) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::setw(27) << std::setfill(' ') << std::left +- << md.tagName(); ++ std::cout << std::setw(27) << std::setfill(' ') << std::left << md.tagName(); + } + if (Params::instance().printItems_ & Params::prLabel) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::setw(30) << std::setfill(' ') << std::left +- << md.tagLabel(); ++ std::cout << std::setw(30) << std::setfill(' ') << std::left << md.tagLabel(); + } + if (Params::instance().printItems_ & Params::prType) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; + std::cout << std::setw(9) << std::setfill(' ') << std::left; + const char* tn = md.typeName(); + if (tn) { + std::cout << tn; +- } +- else { ++ } else { + std::ostringstream os; + os << "0x" << std::setw(4) << std::setfill('0') << std::hex << md.typeId(); + std::cout << os.str(); + } + } + if (Params::instance().printItems_ & Params::prCount) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::dec << std::setw(3) +- << std::setfill(' ') << std::right +- << md.count(); ++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.count(); + } + if (Params::instance().printItems_ & Params::prSize) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- std::cout << std::dec << std::setw(3) +- << std::setfill(' ') << std::right +- << md.size(); ++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.size(); + } + if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { + if (!first) + std::cout << " "; + first = false; +- if (md.size() > 128 && Params::instance().binary_ && ( +- md.typeId() == Exiv2::undefined +- || md.typeId() == Exiv2::unsignedByte +- || md.typeId() == Exiv2::signedByte)) { ++ if (md.size() > 128 && Params::instance().binary_ && ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || ++ md.typeId() == Exiv2::signedByte)) { + std::cout << _("(Binary value suppressed)") << std::endl; + return true; + } +@@ -738,22 +737,22 @@ namespace Action { + } + if (!done) { + // #1114 - show negative values for SByte +- if (md.typeId() != Exiv2::signedByte){ ++ if (md.typeId() != Exiv2::signedByte) { + std::cout << std::dec << md.value(); + } else { + int value = md.value().toLong(); +- std::cout << std::dec << (value<128?value:value-256); ++ std::cout << std::dec << (value < 128 ? value : value - 256); + } + } + } + if (Params::instance().printItems_ & Params::prTrans) { +- if (!first) std::cout << " "; ++ if (!first) ++ std::cout << " "; + first = false; +- if ( Params::instance().binary_ +- && ( md.typeId() == Exiv2::undefined +- || md.typeId() == Exiv2::unsignedByte +- || md.typeId() == Exiv2::signedByte) +- && md.size() > 128) { ++ if (Params::instance().binary_ && ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || ++ md.typeId() == Exiv2::signedByte) && ++ md.size() > 128) { + std::cout << _("(Binary value suppressed)") << std::endl; + return true; + } +@@ -765,16 +764,17 @@ namespace Action { + done = true; + } + } +- if (!done) std::cout << std::dec << md.print(&pImage->exifData()); ++ if (!done) ++ std::cout << std::dec << md.print(&pImage->exifData()); + } + if (Params::instance().printItems_ & Params::prHex) { +- if (!first) std::cout << std::endl; ++ if (!first) ++ std::cout << std::endl; + first = false; +- if ( Params::instance().binary_ +- && ( md.typeId() == Exiv2::undefined +- || md.typeId() == Exiv2::unsignedByte +- || md.typeId() == Exiv2::signedByte) +- && md.size() > 128) { ++ if (Params::instance().binary_ && ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || ++ md.typeId() == Exiv2::signedByte) && ++ md.size() > 128) { + std::cout << _("(Binary value suppressed)") << std::endl; + return true; + } +@@ -784,7 +784,7 @@ namespace Action { + } + std::cout << std::endl; + return true; +- } // Print::printMetadatum ++ } // Print::printMetadatum + + int Print::printComment() + { +-- +2.17.0 + + +From 78ddc7a92afaaf58b78d5c49b5c2ad7b60a4e25f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com> +Date: Thu, 21 Dec 2017 16:39:43 +0100 +Subject: [PATCH 6/8] Do not deference value when it does not exist (Thanks + D4N) + +--- + samples/exiv2json.cpp | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/samples/exiv2json.cpp b/samples/exiv2json.cpp +index 505268d9..a81268f0 100644 +--- a/samples/exiv2json.cpp ++++ b/samples/exiv2json.cpp +@@ -148,6 +148,11 @@ bool isArray(std::string& value) + template <class T> + void push(Jzon::Node& node,const std::string& key,T i) + { ++#define ABORT_IF_I_EMTPY \ ++ if (i->value().size() == 0) { \ ++ return; \ ++ } ++ + std::string value = i->value().toString(); + + switch ( i->typeId() ) { +@@ -179,6 +184,7 @@ void push(Jzon::Node& node,const std::string& key,T i) + + case Exiv2::unsignedRational: + case Exiv2::signedRational: { ++ ABORT_IF_I_EMTPY + Jzon::Array arr; + Exiv2::Rational rat = i->value().toRational(); + arr.Add(rat.first ); +@@ -187,6 +193,7 @@ void push(Jzon::Node& node,const std::string& key,T i) + } break; + + case Exiv2::langAlt: { ++ ABORT_IF_I_EMTPY + Jzon::Object l ; + const Exiv2::LangAltValue& langs = dynamic_cast<const Exiv2::LangAltValue&>(i->value()); + for ( Exiv2::LangAltValue::ValueType::const_iterator lang = langs.value_.begin() +-- +2.17.0 + + +From 871e6e3ced1cdec7e43bf8cb94e269a7f5c09d92 Mon Sep 17 00:00:00 2001 +From: Robin Mills <robin@clanmills.com> +Date: Thu, 15 Mar 2018 10:43:18 +0000 +Subject: [PATCH 8/8] Fix for getopt(), #199. Use src/getopt_win32 code instead + of libc/getopt() + +--- + config/config.mk.in | 2 +- + src/CMakeLists.txt | 6 ++---- + src/Makefile | 13 +++++-------- + src/getopt_win32.c | 9 +++++++++ + src/getopt_win32.h | 7 +++++++ + src/utils.cpp | 9 +++------ + 6 files changed, 27 insertions(+), 19 deletions(-) + +diff --git a/config/config.mk.in b/config/config.mk.in +index 8d920647..4754c722 100644 +--- a/config/config.mk.in ++++ b/config/config.mk.in +@@ -165,7 +165,7 @@ endif + # ********************************************************************** + # Compilation shortcuts + COMPILE.cc = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c +-COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c ++COMPILE.c = $(CC) $(CFLAGS) -c + # LINK.cc does not need $(LIBS), libtool's dark magic takes care of that + # when linking a binary with a libtool library. + LINK.cc = $(CXX) $(LDFLAGS) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index d4dc6375..dceee236 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -218,10 +218,8 @@ IF(NOT HAVE_TIMEGM ) + SET( PATHTEST_SRC ${PATHTEST_SRC} localtime.c ) + ENDIF( NOT HAVE_TIMEGM ) + +-IF( MSVC ) +- SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) +- SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) +-ENDIF( MSVC ) ++SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) ++SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) + + ## + # msvn tuning +diff --git a/src/Makefile b/src/Makefile +index 8a8366fe..d046e331 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -131,8 +131,7 @@ CCSRC += asfvideo.cpp \ + utilsvideo.cpp + endif + +-# Add library C source files to this list +-EXIVCSRC = ++# C source files + ifndef HAVE_TIMEGM + CSRC = localtime.c + endif +@@ -141,9 +140,7 @@ endif + EXIV2MAIN = exiv2.cpp + EXIV2SRC = actions.cpp \ + utils.cpp +- +-# C source files for the Exiv2 application +-EXIVCSRC = ++EXIVCSRC = getopt_win32.c + + # ****************************************************************************** + # Library +@@ -176,7 +173,7 @@ OBJ = $(CCOBJ) $(COBJ) + LOBJ = $(CCLOBJ) $(CLOBJ) + + EXIV2OBJ = $(EXIV2MAIN:.cpp=.o) $(EXIV2SRC:.cpp=.o) +-EXIV2COBJ = $(EXIVCSRC:.c=.o) ++EXIVCOBJ = $(EXIVCSRC:.c=.o) + EXIV2EXE = $(EXIV2MAIN:.cpp=$(EXEEXT)) + + ifdef DEP_TRACKING +@@ -251,9 +248,9 @@ lib: $(OBJ) + $(BINARY): %: %.o lib + @$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir) + +-$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIV2COBJ) ++$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIVCOBJ) + mkdir -pv ../bin 2>&1 > /dev/null +- @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir) ++ @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIVCOBJ) -rpath $(libdir) + + install-header: + $(INSTALL_DIRS) $(DESTDIR)$(incdir) +diff --git a/src/getopt_win32.c b/src/getopt_win32.c +index fca29924..18dfcfbf 100644 +--- a/src/getopt_win32.c ++++ b/src/getopt_win32.c +@@ -194,6 +194,10 @@ permute_args(panonopt_start, panonopt_end, opt_end, nargv) + } + } + ++#ifdef __GETOPT_DEFINE_ARGV__ ++char * const *__argv; ++#endif ++ + /* + * getopt_internal -- + * Parse argc/argv argument vector. Called by user level routines. +@@ -205,6 +209,11 @@ getopt_internal(nargc, nargv, options) + char * const *nargv; + const char *options; + { ++ ++#ifdef __GETOPT_DEFINE_ARGV__ ++ __argv=nargv; ++#endif ++ + char *oli; /* option letter list index */ + int optchar; + +diff --git a/src/getopt_win32.h b/src/getopt_win32.h +index 6b6f643b..cd5760a3 100644 +--- a/src/getopt_win32.h ++++ b/src/getopt_win32.h +@@ -38,6 +38,13 @@ + extern "C" { + #endif + ++#if !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__MINGW__) && !defined(_MSC_VER) ++// the symbol __argv (and __argc and __progname and __env) are defined in Windows environments ++// for *ix environments, __argv is declared here, defined: getopt_win32.c, init'd: getopt_internal() ++#define __GETOPT_DEFINE_ARGV__ ++extern char * const *__argv; ++#endif ++ + extern int opterr; /* if error message should be printed */ + extern int optind; /* index into parent argv vector */ + extern int optopt; /* character checked for validity */ +diff --git a/src/utils.cpp b/src/utils.cpp +index a3d36497..2a092330 100644 +--- a/src/utils.cpp ++++ b/src/utils.cpp +@@ -32,18 +32,15 @@ EXIV2_RCSID("@(#) $Id$") + #include "config.h" + + #include "utils.hpp" +- +-// + standard includes +-#if defined(_MSC_VER) || defined(__MINGW__) +-# include "getopt_win32.h" +-#endif ++#include "getopt_win32.h" + + #if defined(_MSC_VER) + # define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) + #endif + ++// + standard includes + #ifdef EXV_HAVE_UNISTD_H +-# include <unistd.h> // for getopt(), stat() ++# include <unistd.h> // for stat() + #endif + + #include <sys/types.h> +-- +2.17.0 + diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch new file mode 100644 index 000000000000..a594a2bfad13 --- /dev/null +++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch @@ -0,0 +1,39 @@ +From ce4f575e106697c0e513091e95a7cd12ed6a488b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
+Date: Tue, 9 Jan 2018 21:18:36 +0100
+Subject: [PATCH 1/8] Add check for DataBuf.size_ in Jp2Image::readMetadata()
+
+When parsing a subBox that is a ColorHeader, a length is extracted
+from the input file and fed directly into DataBuf() (which calls
+malloc). A crafted input file can provide arbitrarily (up to
+max(uint32_t)-8) large values and result in excessive memory
+allocation.
+
+This commit adds a check for the new size of DataBuf so that it is not
+larger than the remaining size of the file.
+
+This fixes #202 aka CVE-2018-4868
+---
+ src/jp2image.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index a308bfd9..3cebc2a8 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -272,7 +272,12 @@ namespace Exiv2
+ #endif
+
+ const long pad = 3 ; // 3 padding bytes 2 0 0
+- DataBuf data(Safe::add(subBox.length, static_cast<uint32_t>(8)));
++ const size_t data_length = Safe::add(subBox.length, static_cast<uint32_t>(8));
++ // data_length makes no sense if it is larger than the rest of the file
++ if (data_length > io_->size() - io_->tell()) {
++ throw Error(58);
++ }
++ DataBuf data(data_length);
+ io_->read(data.pData_,data.size_);
+ const long iccLength = getULong(data.pData_+pad, bigEndian);
+ // subtracting pad from data.size_ is safe:
+--
+2.17.0
|