diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2021-05-04 22:28:33 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2021-05-04 22:28:33 +0100 |
| commit | a978c074e4272bb901fbe4a10de0a7b2af574f17 (patch) | |
| tree | 8c764c1cc0576389ce22abd317bceba71ea5732d /media-libs/exiftool | |
| parent | 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (diff) | |
gentoo resync : 04.05.2021
Diffstat (limited to 'media-libs/exiftool')
| -rw-r--r-- | media-libs/exiftool/Manifest | 2 | ||||
| -rw-r--r-- | media-libs/exiftool/exiftool-12.16-r1.ebuild | 27 | ||||
| -rw-r--r-- | media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch | 30 |
3 files changed, 59 insertions, 0 deletions
diff --git a/media-libs/exiftool/Manifest b/media-libs/exiftool/Manifest index 38889f2e0011..d2cb11ea2b51 100644 --- a/media-libs/exiftool/Manifest +++ b/media-libs/exiftool/Manifest @@ -1,5 +1,7 @@ +AUX exiftool-12.16-CVE-2021-22204.patch 1607 BLAKE2B 1cfcdb7c002ba24785b9a7c5e806f2d4cdd5054905858de3d322f81919f37b472f58ebaff14fbce49fb2c88e512488e26dfda603de7e271d0c8a4a1093f6539a SHA512 7a24dfc1962e10e05d14090ede26d292352d9e8d0e1eec2289527bb7577e59eb4e618c7b1b5773dd3a8295b124af10c4082a395d38a6893b5548b3e5a06bf1b7 DIST Image-ExifTool-12.08.tar.gz 4842868 BLAKE2B 0ad8228f5b40bf51f1e29e4676ecd012de2dec6229452f7655adb543d44e59825a21311f2d09ece5190fdda06b21fbd8cc6a697b164cf6aae94c401d082459e1 SHA512 66e445fe1aca640d4b984cfacb4972f2bc64bcab61dbb014a0486a7d04612ecbd249a2691bcff704957c93467533b383c53883bb409a2064bb8c839ae7c2d4a5 DIST Image-ExifTool-12.16.tar.gz 4888506 BLAKE2B d262f087b4334c01ed927945aa0b072c90eaf7322af017030ef193b8b20fc7ce7008b69c483bc83d1dbe0ceab5bcb7e894e5085cae853a1d9d74f72b9c8a360e SHA512 adfd21834ccf06277903712b3c5e328b29c56f3b30ee68f6802dca0820823b627622e55f53238690525d1d19df2a59cb57f9d80a1bb2e99da37fb7d963ee16ee EBUILD exiftool-12.08.ebuild 543 BLAKE2B 3c64bd7b7a5a26358572ebb599df5c815200cee69bb7121a60d51f94eac2ffec1d6b19027150acf57474e05d8921272c1012dc71d95b1bfcf4abe54d2be44d2d SHA512 d98a45ba549b24053b9fb21a2bf61250fd73f5ca478dd24db1f1925e7d0c6956d183f235b7a4542b96794500284916e10d6c2eef73a82ea94338f74f5c35dfac +EBUILD exiftool-12.16-r1.ebuild 609 BLAKE2B 0f00d05c49ab0bd21777725ef01e8198bcd5b4b56811d579c11628f81726dfbe9f70b2f927a796f1c5c66170d54f05de238dc065fad420822b19543368ab4d90 SHA512 e946de1f26f99ae982ee2b27e281158415bd2b675b680fbe9304cd9d52818762c227954530b471f13a5b894fc496b549088633d900e109296120e4bc5584175e EBUILD exiftool-12.16.ebuild 548 BLAKE2B 4fe20c6aff48822e2830453d416740ccbd257ef0fb28164793f8cc3ff9e4ccd5448983e2a2008546f9ccd57a8e57685f2e06d01d5d7ab6bd5caae0f0fab79aeb SHA512 8ee2add456ad6eb6ce386075e6498e9cdd250434e0e881a6201febdc8fa9abfa1b7e5041d63bad0907c23df0e8d412476081bc33c1bf17ea6a9f664fcdd0c842 MISC metadata.xml 10039 BLAKE2B da44aad7d46d49683f89fa75db8c92230b9088cd14a5c8715a9f3a982843d8a348393f1bd10bdcc08d5d6dc4e5f2fbf0fdd517ce88df2180807796fbd5c06b32 SHA512 c4647e7055ffcae7226aa2bdff458576cc0fef14f6d782a16695902f4af96740a96f0388398eafbdca22ee76a0c808c81dafc2ccc583f8218c718f69c8fd0da9 diff --git a/media-libs/exiftool/exiftool-12.16-r1.ebuild b/media-libs/exiftool/exiftool-12.16-r1.ebuild new file mode 100644 index 000000000000..3c8849a0fcc9 --- /dev/null +++ b/media-libs/exiftool/exiftool-12.16-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DIST_NAME=Image-ExifTool +inherit perl-module + +DESCRIPTION="Read and write meta information in image, audio and video files" +HOMEPAGE="https://exiftool.org/" +SRC_URI="https://exiftool.org/${DIST_P}.tar.gz" + +SLOT="0" +KEYWORDS="amd64 ~arm64 ppc ~ppc64 ~x86 ~x64-macos" +IUSE="doc" + +PATCHES=( "${FILESDIR}"/exiftool-12.16-CVE-2021-22204.patch ) + +SRC_TEST="do" + +src_install() { + perl-module_src_install + use doc && dodoc -r html/ + + insinto /usr/share/${PN} + doins -r fmt_files config_files arg_files +} diff --git a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch new file mode 100644 index 000000000000..1c9e7921c6bb --- /dev/null +++ b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch @@ -0,0 +1,30 @@ +Description: Fix 'eval injection". + CVE-2021-22204: Improper neutralization of user data in the DjVu file + format in ExifTool versions 7.44 and up allows arbitrary code execution + when parsing the malicious image +Origin: upstream release 12.24 +Bug-Debian: https://bugs.debian.org/987505 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1925985 +Author: Phil Harvey <philharvey66@gmail.com> +Reviewed-by: gregor herrmann <gregoa@debian.org> +Last-Update: 2021-04-24 +Applied-Upstream: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 + +--- a/lib/Image/ExifTool/DjVu.pm ++++ b/lib/Image/ExifTool/DjVu.pm +@@ -227,10 +227,11 @@ + last unless $tok =~ /(\\+)$/ and length($1) & 0x01; + $tok .= '"'; # quote is part of the string + } +- # must protect unescaped "$" and "@" symbols, and "\" at end of string +- $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge; +- # convert C escape sequences (allowed in quoted text) +- $tok = eval qq{"$tok"}; ++ # convert C escape sequences, allowed in quoted text ++ # (note: this only converts a few of them!) ++ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n", ++ r => "\r", t => "\t", '"' => '"', '\\' => '\\' ); ++ $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs; + } else { # key name + pos($$dataPt) = pos($$dataPt) - 1; + # allow anything in key but whitespace, braces and double quotes |