[gentoo-commits] repo/gentoo:master commit in: media-libs/exiftool/files/, media-libs/exiftool/ - gentoo-commits

From:	"Andreas K. Hüttel" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/exiftool/files/, media-libs/exiftool/
Date:	Sun, 30 May 2021 21:01:20
Message-Id:	`1622408451.5b20f7125508f3a30f11bbb08f89ee86ad68d28e.dilfridge@gentoo`

1

commit:     5b20f7125508f3a30f11bbb08f89ee86ad68d28e

2

Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

3

AuthorDate: Sun May 30 20:34:41 2021 +0000

4

Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

5

CommitDate: Sun May 30 21:00:51 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b20f712

7

8

media-libs/exiftool: Remove old

9

10

Bug: https://bugs.gentoo.org/791397

11

Package-Manager: Portage-3.0.18, Repoman-3.0.2

12

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

13

14

 media-libs/exiftool/Manifest                       |  1 -

15

 media-libs/exiftool/exiftool-12.16-r1.ebuild       | 27 -------------------

16

 .../files/exiftool-12.16-CVE-2021-22204.patch      | 30 ----------------------

17

 3 files changed, 58 deletions(-)

18

19

diff --git a/media-libs/exiftool/Manifest b/media-libs/exiftool/Manifest

20

index c696d302572..c4c4e2179f3 100644

21

--- a/media-libs/exiftool/Manifest

22

+++ b/media-libs/exiftool/Manifest

23

@@ -1,2 +1 @@

24

-DIST Image-ExifTool-12.16.tar.gz 4888506 BLAKE2B d262f087b4334c01ed927945aa0b072c90eaf7322af017030ef193b8b20fc7ce7008b69c483bc83d1dbe0ceab5bcb7e894e5085cae853a1d9d74f72b9c8a360e SHA512 adfd21834ccf06277903712b3c5e328b29c56f3b30ee68f6802dca0820823b627622e55f53238690525d1d19df2a59cb57f9d80a1bb2e99da37fb7d963ee16ee

25

 DIST Image-ExifTool-12.26.tar.gz 4933296 BLAKE2B e45683243b82f8276aee498d52a88d5b34eaf8b28aebdd631f70e30bb91ceb52224dc994ed189b914f024be4eb471b07bf9f1d860d96af2ab211e482b9ea194e SHA512 15bbff738e151d3ed5c77a17c99ded6cc3da2050fe7df94c42aea544aa31d7f539d70d07fd5336ae018af05b7f168712f1367046d8004861fce58442c03f82bd

26

27

diff --git a/media-libs/exiftool/exiftool-12.16-r1.ebuild b/media-libs/exiftool/exiftool-12.16-r1.ebuild

28

deleted file mode 100644

29

index b834f5c9407..00000000000

30

--- a/media-libs/exiftool/exiftool-12.16-r1.ebuild

31

+++ /dev/null

32

@@ -1,27 +0,0 @@

33

-# Copyright 1999-2021 Gentoo Authors

34

-# Distributed under the terms of the GNU General Public License v2

35

-

36

-EAPI=7

37

-

38

-DIST_NAME=Image-ExifTool

39

-inherit perl-module

40

-

41

-DESCRIPTION="Read and write meta information in image, audio and video files"

42

-HOMEPAGE="https://exiftool.org/"

43

-SRC_URI="https://exiftool.org/${DIST_P}.tar.gz"

44

-

45

-SLOT="0"

46

-KEYWORDS="amd64 arm64 ppc ppc64 x86 ~x64-macos"

47

-IUSE="doc"

48

-

49

-PATCHES=( "${FILESDIR}"/exiftool-12.16-CVE-2021-22204.patch )

50

-

51

-SRC_TEST="do"

52

-

53

-src_install() {

54

-	perl-module_src_install

55

-	use doc && dodoc -r html/

56

-

57

-	insinto /usr/share/${PN}

58

-	doins -r fmt_files config_files arg_files

59

-}

60

61

diff --git a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch

62

deleted file mode 100644

63

index 1c9e7921c6b..00000000000

64

--- a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch

65

+++ /dev/null

66

@@ -1,30 +0,0 @@

67

-Description: Fix 'eval injection".

68

- CVE-2021-22204: Improper neutralization of user data in the DjVu file

69

- format in ExifTool versions 7.44 and up allows arbitrary code execution

70

- when parsing the malicious image

71

-Origin: upstream release 12.24

72

-Bug-Debian: https://bugs.debian.org/987505

73

-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1925985

74

-Author: Phil Harvey <philharvey66@×××××.com>

75

-Reviewed-by: gregor herrmann <gregoa@××××××.org>

76

-Last-Update: 2021-04-24

77

-Applied-Upstream: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800

78

-

79

---- a/lib/Image/ExifTool/DjVu.pm

80

-+++ b/lib/Image/ExifTool/DjVu.pm

81

-@@ -227,10 +227,11 @@

82

-                 last unless $tok =~ /(\\+)$/ and length($1) & 0x01;

83

-                 $tok .= '"';    # quote is part of the string

84

-             }

85

--            # must protect unescaped "$" and "@" symbols, and "\" at end of string

86

--            $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge;

87

--            # convert C escape sequences (allowed in quoted text)

88

--            $tok = eval qq{"$tok"};

89

-+            # convert C escape sequences, allowed in quoted text

90

-+            # (note: this only converts a few of them!)

91

-+            my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n",

92

-+                        r => "\r", t => "\t", '"' => '"', '\\' => '\\' );

93

-+            $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs;

94

-         } else {                # key name

95

-             pos($$dataPt) = pos($$dataPt) - 1;

96

-             # allow anything in key but whitespace, braces and double quotes

1	commit: 5b20f7125508f3a30f11bbb08f89ee86ad68d28e
2	Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3	AuthorDate: Sun May 30 20:34:41 2021 +0000
4	Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
5	CommitDate: Sun May 30 21:00:51 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b20f712
7
8	media-libs/exiftool: Remove old
9
10	Bug: https://bugs.gentoo.org/791397
11	Package-Manager: Portage-3.0.18, Repoman-3.0.2
12	Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
13
14	media-libs/exiftool/Manifest \| 1 -
15	media-libs/exiftool/exiftool-12.16-r1.ebuild \| 27 -------------------
16	.../files/exiftool-12.16-CVE-2021-22204.patch \| 30 ----------------------
17	3 files changed, 58 deletions(-)
18
19	diff --git a/media-libs/exiftool/Manifest b/media-libs/exiftool/Manifest
20	index c696d302572..c4c4e2179f3 100644
21	--- a/media-libs/exiftool/Manifest
22	+++ b/media-libs/exiftool/Manifest
23	@@ -1,2 +1 @@
24	-DIST Image-ExifTool-12.16.tar.gz 4888506 BLAKE2B d262f087b4334c01ed927945aa0b072c90eaf7322af017030ef193b8b20fc7ce7008b69c483bc83d1dbe0ceab5bcb7e894e5085cae853a1d9d74f72b9c8a360e SHA512 adfd21834ccf06277903712b3c5e328b29c56f3b30ee68f6802dca0820823b627622e55f53238690525d1d19df2a59cb57f9d80a1bb2e99da37fb7d963ee16ee
25	DIST Image-ExifTool-12.26.tar.gz 4933296 BLAKE2B e45683243b82f8276aee498d52a88d5b34eaf8b28aebdd631f70e30bb91ceb52224dc994ed189b914f024be4eb471b07bf9f1d860d96af2ab211e482b9ea194e SHA512 15bbff738e151d3ed5c77a17c99ded6cc3da2050fe7df94c42aea544aa31d7f539d70d07fd5336ae018af05b7f168712f1367046d8004861fce58442c03f82bd
26
27	diff --git a/media-libs/exiftool/exiftool-12.16-r1.ebuild b/media-libs/exiftool/exiftool-12.16-r1.ebuild
28	deleted file mode 100644
29	index b834f5c9407..00000000000
30	--- a/media-libs/exiftool/exiftool-12.16-r1.ebuild
31	+++ /dev/null
32	@@ -1,27 +0,0 @@
33	-# Copyright 1999-2021 Gentoo Authors
34	-# Distributed under the terms of the GNU General Public License v2
35	-
36	-EAPI=7
37	-
38	-DIST_NAME=Image-ExifTool
39	-inherit perl-module
40	-
41	-DESCRIPTION="Read and write meta information in image, audio and video files"
42	-HOMEPAGE="https://exiftool.org/"
43	-SRC_URI="https://exiftool.org/${DIST_P}.tar.gz"
44	-
45	-SLOT="0"
46	-KEYWORDS="amd64 arm64 ppc ppc64 x86 ~x64-macos"
47	-IUSE="doc"
48	-
49	-PATCHES=( "${FILESDIR}"/exiftool-12.16-CVE-2021-22204.patch )
50	-
51	-SRC_TEST="do"
52	-
53	-src_install() {
54	- perl-module_src_install
55	- use doc && dodoc -r html/
56	-
57	- insinto /usr/share/${PN}
58	- doins -r fmt_files config_files arg_files
59	-}
60
61	diff --git a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch b/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch
62	deleted file mode 100644
63	index 1c9e7921c6b..00000000000
64	--- a/media-libs/exiftool/files/exiftool-12.16-CVE-2021-22204.patch
65	+++ /dev/null
66	@@ -1,30 +0,0 @@
67	-Description: Fix 'eval injection".
68	- CVE-2021-22204: Improper neutralization of user data in the DjVu file
69	- format in ExifTool versions 7.44 and up allows arbitrary code execution
70	- when parsing the malicious image
71	-Origin: upstream release 12.24
72	-Bug-Debian: https://bugs.debian.org/987505
73	-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1925985
74	-Author: Phil Harvey <philharvey66@×××××.com>
75	-Reviewed-by: gregor herrmann <gregoa@××××××.org>
76	-Last-Update: 2021-04-24
77	-Applied-Upstream: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
78	-
79	---- a/lib/Image/ExifTool/DjVu.pm
80	-+++ b/lib/Image/ExifTool/DjVu.pm
81	-@@ -227,10 +227,11 @@
82	- last unless $tok =~ /(\\+)$/ and length($1) & 0x01;
83	- $tok .= '"'; # quote is part of the string
84	- }
85	-- # must protect unescaped "$" and "@" symbols, and "\" at end of string
86	-- $tok =~ s{\\(.)\|([\$\@]\|\\$)}{'\\'.($2 \|\| $1)}sge;
87	-- # convert C escape sequences (allowed in quoted text)
88	-- $tok = eval qq{"$tok"};
89	-+ # convert C escape sequences, allowed in quoted text
90	-+ # (note: this only converts a few of them!)
91	-+ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n",
92	-+ r => "\r", t => "\t", '"' => '"', '\\' => '\\' );
93	-+ $tok =~ s/\\(.)/$esc{$1}\|\|'\\'.$1/egs;
94	- } else { # key name
95	- pos($$dataPt) = pos($$dataPt) - 1;
96	- # allow anything in key but whitespace, braces and double quotes

Gentoo Archives: gentoo-commits