aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-06-30 21:48:11 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-07-01 11:44:25 +0000
commit4b80232f5a78abca62be25e8a44812437d3f11ef (patch)
treedbc94b1bff980e9aeb7fdde533fc6bd2e9ba53da
parent0e5d936c43417ede204c1d0158ef65b7d833e156 (diff)
downloadaports-4b80232f5a78abca62be25e8a44812437d3f11ef.tar.gz
aports-4b80232f5a78abca62be25e8a44812437d3f11ef.tar.bz2
aports-4b80232f5a78abca62be25e8a44812437d3f11ef.tar.xz
community/exiv2: upgrade to 0.27.3
-rw-r--r--community/exiv2/APKBUILD25
-rw-r--r--community/exiv2/CVE-2019-17402.patch49
-rw-r--r--community/exiv2/CVE-2019-20421.patch117
3 files changed, 16 insertions, 175 deletions
diff --git a/community/exiv2/APKBUILD b/community/exiv2/APKBUILD
index 18f34a6c32..91683bc263 100644
--- a/community/exiv2/APKBUILD
+++ b/community/exiv2/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=exiv2
-pkgver=0.27.2
-pkgrel=6
+pkgver=0.27.3
+pkgrel=0
pkgdesc="Exif and Iptc metadata manipulation library and tools."
url="https://exiv2.org"
arch="all"
@@ -10,12 +10,21 @@ license="GPL-2.0-or-later"
depends_dev="expat-dev zlib-dev"
makedepends="$depends_dev cmake"
subpackages="$pkgname-dev $pkgname-doc"
-source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz
- CVE-2019-17402.patch
- CVE-2019-20421.patch
- "
+source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz"
builddir="$srcdir"/$pkgname-$pkgver-Source
+prepare() {
+ default_prepare
+
+ # -fcf-protection=full is only usable on x86_64 and x86 since those
+ # are the arches where Intel's CET Control-Flow Enforcement Technology
+ # is available
+ case "$CARCH" in
+ x86_64|x86) ;;
+ *) sed -i 's| -fcf-protection||g' cmake/compilerFlags.cmake ;;
+ esac
+}
+
# secfixes:
# 0.27.2-r6:
# - CVE-2019-20421
@@ -47,6 +56,4 @@ package() {
make -C build DESTDIR="$pkgdir" install
}
-sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz
-da58d6cf6409304465c16a6c73af3731a75c59c0f3e16d740edd3f46308d3ba8ed8b5fc0473920b67b2aeb2b4bb66574aee4b0f57585d127f6e6a3f62b5c0766 CVE-2019-17402.patch
-b2b881e47e4cad8b04492f7475400af9f28fa8f9dfb1e96d4d0d8caa6a469e76aafc056023254446e1026be8270f1b094b5195fe44f18c87283f6c6d808c37ee CVE-2019-20421.patch"
+sha512sums="3f5758ee862b811eeb89cc75fc2bbd8bf10329efa2ce1e68555cdc7729faa6cfd1603e0cc859fbdbe6d8fd5e53bd9b9e6d869d8a20ed17497bf87ce78c005de9 exiv2-0.27.3-Source.tar.gz"
diff --git a/community/exiv2/CVE-2019-17402.patch b/community/exiv2/CVE-2019-17402.patch
deleted file mode 100644
index 45451442d5..0000000000
--- a/community/exiv2/CVE-2019-17402.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
-index 29311fd..c0d9553 100644
---- a/src/crwimage_int.cpp
-+++ b/src/crwimage_int.cpp
-@@ -268,6 +268,9 @@ namespace Exiv2 {
- #ifdef EXIV2_DEBUG_MESSAGES
- std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
- #endif
-+ if (this->offset() + this->size() > size)
-+ throw Error(kerOffsetOutOfRange);
-+
- readDirectory(pData + offset(), this->size(), byteOrder);
- #ifdef EXIV2_DEBUG_MESSAGES
- std::cout << "<---- 0x" << std::hex << tag() << "\n";
-diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019
-new file mode 100755
-index 0000000..e69de29
-diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
-new file mode 100644
-index 0000000..c2682f9
---- /dev/null
-+++ b/tests/bugfixes/github/test_issue_1019.py
-@@ -0,0 +1,14 @@
-+from system_tests import CaseMeta, path
-+
-+
-+class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
-+
-+ filename = path("$data_path/POC-file_issue_1019")
-+ commands = ["$exiv2 -pv $filename"]
-+ stdout = [""]
-+ stderr = [
-+ """$exiv2_exception_message $filename:
-+$kerOffsetOutOfRange
-+"""
-+ ]
-+ retval = [1]
-diff --git a/tests/suite.conf b/tests/suite.conf
-index 5b31930..dab7427 100644
---- a/tests/suite.conf
-+++ b/tests/suite.conf
-@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
- easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
-
- [variables]
-+kerOffsetOutOfRange: Offset out of range
- kerFailedToReadImageData: Failed to read image data
- kerCorruptedMetadata: corrupted image metadata
- kerInvalidMalloc: invalid memory allocation request
diff --git a/community/exiv2/CVE-2019-20421.patch b/community/exiv2/CVE-2019-20421.patch
deleted file mode 100644
index 76b88a1a75..0000000000
--- a/community/exiv2/CVE-2019-20421.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001
-From: clanmills <robin@clanmills.com>
-Date: Tue, 1 Oct 2019 17:39:44 +0100
-Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop
-
----
- src/jp2image.cpp | 25 +++++++++++++++----
- tests/bugfixes/github/test_CVE_2017_17725.py | 4 +--
- tests/bugfixes/github/test_issue_1011.py | 13 ++++++++++
- 4 files changed, 35 insertions(+), 7 deletions(-)
- create mode 100755 test/data/Jp2Image_readMetadata_loop.poc
- create mode 100644 tests/bugfixes/github/test_issue_1011.py
-
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index d5cd1340a..0de088d62 100644
---- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -18,10 +18,6 @@
- * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA.
- */
-
--/*
-- File: jp2image.cpp
--*/
--
- // *****************************************************************************
-
- // included header files
-@@ -197,6 +193,16 @@ namespace Exiv2
- return result;
- }
-
-+static void boxes_check(size_t b,size_t m)
-+{
-+ if ( b > m ) {
-+#ifdef EXIV2_DEBUG_MESSAGES
-+ std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl;
-+#endif
-+ throw Error(kerCorruptedMetadata);
-+ }
-+}
-+
- void Jp2Image::readMetadata()
- {
- #ifdef EXIV2_DEBUG_MESSAGES
-@@ -219,9 +225,12 @@ namespace Exiv2
- Jp2BoxHeader subBox = {0,0};
- Jp2ImageHeaderBox ihdr = {0,0,0,0,0,0,0,0};
- Jp2UuidBox uuid = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+ size_t boxes = 0 ;
-+ size_t boxem = 1000 ; // boxes max
-
- while (io_->read((byte*)&box, sizeof(box)) == sizeof(box))
- {
-+ boxes_check(boxes++,boxem );
- position = io_->tell();
- box.length = getLong((byte*)&box.length, bigEndian);
- box.type = getLong((byte*)&box.type, bigEndian);
-@@ -251,8 +260,12 @@ namespace Exiv2
-
- while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) && subBox.length )
- {
-+ boxes_check(boxes++, boxem) ;
- subBox.length = getLong((byte*)&subBox.length, bigEndian);
- subBox.type = getLong((byte*)&subBox.type, bigEndian);
-+ if (subBox.length > io_->size() ) {
-+ throw Error(kerCorruptedMetadata);
-+ }
- #ifdef EXIV2_DEBUG_MESSAGES
- std::cout << "Exiv2::Jp2Image::readMetadata: "
- << "subBox = " << toAscii(subBox.type) << " length = " << subBox.length << std::endl;
-@@ -308,7 +321,9 @@ namespace Exiv2
- }
-
- io_->seek(restore,BasicIo::beg);
-- io_->seek(subBox.length, Exiv2::BasicIo::cur);
-+ if ( io_->seek(subBox.length, Exiv2::BasicIo::cur) != 0 ) {
-+ throw Error(kerCorruptedMetadata);
-+ }
- restore = io_->tell();
- }
- break;
-
-diff --git a/tests/bugfixes/github/test_CVE_2017_17725.py b/tests/bugfixes/github/test_CVE_2017_17725.py
-index 1127b9806..670a75d8d 100644
---- a/tests/bugfixes/github/test_CVE_2017_17725.py
-+++ b/tests/bugfixes/github/test_CVE_2017_17725.py
-@@ -11,7 +11,7 @@ class TestCvePoC(metaclass=system_tests.CaseMeta):
- filename = "$data_path/poc_2017-12-12_issue188"
- commands = ["$exiv2 " + filename]
- stdout = [""]
-- stderr = ["""$exiv2_overflow_exception_message """ + filename + """:
--$addition_overflow_message
-+ stderr = ["""$exiv2_exception_message """ + filename + """:
-+$kerCorruptedMetadata
- """]
- retval = [1]
-diff --git a/tests/bugfixes/github/test_issue_1011.py b/tests/bugfixes/github/test_issue_1011.py
-new file mode 100644
-index 000000000..415861188
---- /dev/null
-+++ b/tests/bugfixes/github/test_issue_1011.py
-@@ -0,0 +1,13 @@
-+# -*- coding: utf-8 -*-
-+
-+from system_tests import CaseMeta, path
-+
-+class Test_issue_1011(metaclass=CaseMeta):
-+
-+ filename = path("$data_path/Jp2Image_readMetadata_loop.poc")
-+ commands = ["$exiv2 " + filename]
-+ stdout = [""]
-+ stderr = ["""$exiv2_exception_message """ + filename + """:
-+$kerCorruptedMetadata
-+"""]
-+ retval = [1]
-\ No newline at end of file