From e748ba9741f6540f4675c23e3e37b73e822c13a4 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 31 May 2021 20:59:14 +0100 Subject: gentoo resync : 31.05.2021 --- media-libs/exiftool/Manifest | 5 +--- media-libs/exiftool/exiftool-12.16-r1.ebuild | 27 ------------------- media-libs/exiftool/exiftool-12.26.ebuild | 2 +- .../files/exiftool-12.16-CVE-2021-22204.patch | 30 ---------------------- 4 files changed, 2 insertions(+), 62 deletions(-) delete mode 100644 media-libs/exiftool/exiftool-12.16-r1.ebuild delete mode 100644 media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch (limited to 'media-libs/exiftool') diff --git a/media-libs/exiftool/Manifest b/media-libs/exiftool/Manifest index c20b2aea0941..d50474a1da35 100644 --- a/media-libs/exiftool/Manifest +++ b/media-libs/exiftool/Manifest @@ -1,6 +1,3 @@ -AUX exiftool-12.16-CVE-2021-22204.patch 1607 BLAKE2B 1cfcdb7c002ba24785b9a7c5e806f2d4cdd5054905858de3d322f81919f37b472f58ebaff14fbce49fb2c88e512488e26dfda603de7e271d0c8a4a1093f6539a SHA512 7a24dfc1962e10e05d14090ede26d292352d9e8d0e1eec2289527bb7577e59eb4e618c7b1b5773dd3a8295b124af10c4082a395d38a6893b5548b3e5a06bf1b7 -DIST Image-ExifTool-12.16.tar.gz 4888506 BLAKE2B d262f087b4334c01ed927945aa0b072c90eaf7322af017030ef193b8b20fc7ce7008b69c483bc83d1dbe0ceab5bcb7e894e5085cae853a1d9d74f72b9c8a360e SHA512 adfd21834ccf06277903712b3c5e328b29c56f3b30ee68f6802dca0820823b627622e55f53238690525d1d19df2a59cb57f9d80a1bb2e99da37fb7d963ee16ee DIST Image-ExifTool-12.26.tar.gz 4933296 BLAKE2B e45683243b82f8276aee498d52a88d5b34eaf8b28aebdd631f70e30bb91ceb52224dc994ed189b914f024be4eb471b07bf9f1d860d96af2ab211e482b9ea194e SHA512 15bbff738e151d3ed5c77a17c99ded6cc3da2050fe7df94c42aea544aa31d7f539d70d07fd5336ae018af05b7f168712f1367046d8004861fce58442c03f82bd -EBUILD exiftool-12.16-r1.ebuild 606 BLAKE2B cf68bfa66a01d97d577a6e2dc3a120e2b609ea0d30c841948098b199d52860afe219f87fa3ee55899b15aad3bf7ce4c318af7ff290281d2c6dc7b236dd10edb6 SHA512 16e2e2c7a85f0848978a2388022437823dde88d82bae36c6ba0c2a543d04d94da228bc835fe9374fbf95c843b677dabe6cf8864bfb3c7839ff44d6178f67a6c0 -EBUILD exiftool-12.26.ebuild 548 BLAKE2B 4fe20c6aff48822e2830453d416740ccbd257ef0fb28164793f8cc3ff9e4ccd5448983e2a2008546f9ccd57a8e57685f2e06d01d5d7ab6bd5caae0f0fab79aeb SHA512 8ee2add456ad6eb6ce386075e6498e9cdd250434e0e881a6201febdc8fa9abfa1b7e5041d63bad0907c23df0e8d412476081bc33c1bf17ea6a9f664fcdd0c842 +EBUILD exiftool-12.26.ebuild 543 BLAKE2B 3c64bd7b7a5a26358572ebb599df5c815200cee69bb7121a60d51f94eac2ffec1d6b19027150acf57474e05d8921272c1012dc71d95b1bfcf4abe54d2be44d2d SHA512 d98a45ba549b24053b9fb21a2bf61250fd73f5ca478dd24db1f1925e7d0c6956d183f235b7a4542b96794500284916e10d6c2eef73a82ea94338f74f5c35dfac MISC metadata.xml 10039 BLAKE2B da44aad7d46d49683f89fa75db8c92230b9088cd14a5c8715a9f3a982843d8a348393f1bd10bdcc08d5d6dc4e5f2fbf0fdd517ce88df2180807796fbd5c06b32 SHA512 c4647e7055ffcae7226aa2bdff458576cc0fef14f6d782a16695902f4af96740a96f0388398eafbdca22ee76a0c808c81dafc2ccc583f8218c718f69c8fd0da9 diff --git a/media-libs/exiftool/exiftool-12.16-r1.ebuild b/media-libs/exiftool/exiftool-12.16-r1.ebuild deleted file mode 100644 index b834f5c94078..000000000000 --- a/media-libs/exiftool/exiftool-12.16-r1.ebuild +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DIST_NAME=Image-ExifTool -inherit perl-module - -DESCRIPTION="Read and write meta information in image, audio and video files" -HOMEPAGE="https://exiftool.org/" -SRC_URI="https://exiftool.org/${DIST_P}.tar.gz" - -SLOT="0" -KEYWORDS="amd64 arm64 ppc ppc64 x86 ~x64-macos" -IUSE="doc" - -PATCHES=( "${FILESDIR}"/exiftool-12.16-CVE-2021-22204.patch ) - -SRC_TEST="do" - -src_install() { - perl-module_src_install - use doc && dodoc -r html/ - - insinto /usr/share/${PN} - doins -r fmt_files config_files arg_files -} diff --git a/media-libs/exiftool/exiftool-12.26.ebuild b/media-libs/exiftool/exiftool-12.26.ebuild index 48300e4ce1a6..579e441d9422 100644 --- a/media-libs/exiftool/exiftool-12.26.ebuild +++ b/media-libs/exiftool/exiftool-12.26.ebuild @@ -11,7 +11,7 @@ HOMEPAGE="https://exiftool.org/" SRC_URI="https://exiftool.org/${DIST_P}.tar.gz" SLOT="0" -KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x64-macos" +KEYWORDS="amd64 arm64 ppc ppc64 x86 ~x64-macos" IUSE="doc" SRC_TEST="do" diff --git a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch deleted file mode 100644 index 1c9e7921c6bb..000000000000 --- a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch +++ /dev/null @@ -1,30 +0,0 @@ -Description: Fix 'eval injection". - CVE-2021-22204: Improper neutralization of user data in the DjVu file - format in ExifTool versions 7.44 and up allows arbitrary code execution - when parsing the malicious image -Origin: upstream release 12.24 -Bug-Debian: https://bugs.debian.org/987505 -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1925985 -Author: Phil Harvey -Reviewed-by: gregor herrmann -Last-Update: 2021-04-24 -Applied-Upstream: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 - ---- a/lib/Image/ExifTool/DjVu.pm -+++ b/lib/Image/ExifTool/DjVu.pm -@@ -227,10 +227,11 @@ - last unless $tok =~ /(\\+)$/ and length($1) & 0x01; - $tok .= '"'; # quote is part of the string - } -- # must protect unescaped "$" and "@" symbols, and "\" at end of string -- $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge; -- # convert C escape sequences (allowed in quoted text) -- $tok = eval qq{"$tok"}; -+ # convert C escape sequences, allowed in quoted text -+ # (note: this only converts a few of them!) -+ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n", -+ r => "\r", t => "\t", '"' => '"', '\\' => '\\' ); -+ $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs; - } else { # key name - pos($$dataPt) = pos($$dataPt) - 1; - # allow anything in key but whitespace, braces and double quotes -- cgit v1.2.3