Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/exiv2/, media-gfx/exiv2/files/
Date: Mon, 29 Oct 2018 10:14:51
Message-Id: 1540808064.8c24aae658082194548daf5a845dc996fab7f9f0.asturm@gentoo
1 commit: 8c24aae658082194548daf5a845dc996fab7f9f0
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Mon Oct 29 10:06:45 2018 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 29 10:14:24 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c24aae6
7
8 media-gfx/exiv2: Security cleanup
9
10 Bug: https://bugs.gentoo.org/658236
11 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
12 Package-Manager: Portage-2.3.50, Repoman-2.3.11
13
14 media-gfx/exiv2/Manifest | 1 -
15 media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ------
16 .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 ---------------------
17 .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 --
18 .../files/exiv2-0.26_p20180319-clang-fix.patch | 47 --
19 5 files changed, 707 deletions(-)
20
21 diff --git a/media-gfx/exiv2/Manifest b/media-gfx/exiv2/Manifest
22 index 1cdcc30af60..017a87d6e8b 100644
23 --- a/media-gfx/exiv2/Manifest
24 +++ b/media-gfx/exiv2/Manifest
25 @@ -1,2 +1 @@
26 -DIST exiv2-0.26_p20180319.tar.gz 28383543 BLAKE2B 753a2ebdb2033490c0f66cb1fb2574f02125f17813f6cbaf5eca66e053af9a2cdbc1266f0a033f0706ec22b31acd6e87271e426a335a58ee947757b52d283489 SHA512 852ce2cffcc0a2d902a939933127fdf5fa0b50020e1faf3ab0a375b129b9f61c7b97b76d4f39e376e7288d7cc045867bd1a96ae15dd0b7c0bcd1ba15259628e1
27 DIST exiv2-0.26_p20180811d.tar.xz 1722216 BLAKE2B 9e1c8307eb923c340894c82c37e9f6c31d82ff1b1de3c79d4ec9b0ec9428ad1d05f945e9a4e440028335857e7fc32d50cdc5245842d743e017037bd641b654db SHA512 5453650888440028acb139a02b387eab0232551c97256ce88dd626fa4cc8800ec02ad66e093c314bbfdc60726995b6c8482572d1ffaec73a265209c98c901780
28
29 diff --git a/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild
30 deleted file mode 100644
31 index eb2572dfcf3..00000000000
32 --- a/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild
33 +++ /dev/null
34 @@ -1,136 +0,0 @@
35 -# Copyright 1999-2018 Gentoo Foundation
36 -# Distributed under the terms of the GNU General Public License v2
37 -
38 -EAPI=6
39 -
40 -PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
41 -if [[ ${PV} = *9999 ]]; then
42 - EGIT_REPO_URI="https://github.com/Exiv2/exiv2.git"
43 - EGIT_BRANCH="0.26"
44 - GIT_ECLASS=git-r3
45 -else
46 - COMMIT=876b1314ab892cbfa6672b6b94adbeb90db4211f
47 - SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz"
48 - KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
49 -fi
50 -inherit cmake-multilib python-any-r1
51 -
52 -DESCRIPTION="EXIF, IPTC and XMP metadata C++ library and command line utility"
53 -HOMEPAGE="http://www.exiv2.org/"
54 -
55 -LICENSE="GPL-2"
56 -SLOT="0/26"
57 -IUSE="doc examples nls png webready xmp"
58 -
59 -RDEPEND="
60 - >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}]
61 - nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
62 - png? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
63 - webready? (
64 - net-libs/libssh[${MULTILIB_USEDEP}]
65 - net-misc/curl[${MULTILIB_USEDEP}]
66 - )
67 - xmp? ( >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] )
68 -"
69 -DEPEND="${RDEPEND}
70 - doc? (
71 - ${PYTHON_DEPS}
72 - app-doc/doxygen
73 - dev-libs/libxslt
74 - media-gfx/graphviz
75 - virtual/pkgconfig
76 - )
77 - nls? ( sys-devel/gettext )
78 -"
79 -
80 -DOCS=( README doc/ChangeLog doc/cmd.txt )
81 -
82 -S="${WORKDIR}/${PN^}-${PN}-${COMMIT:0:7}"
83 -
84 -PATCHES=(
85 - # 0.26 branch
86 - "${FILESDIR}"/${P}-CVE-2018-4868.patch
87 - "${FILESDIR}"/${P}-CVE-2017-18005.patch
88 - "${FILESDIR}"/${P}-clang-fix.patch
89 - # TODO: Take to upstream
90 - "${FILESDIR}"/${PN}-0.26-fix-docs.patch
91 - "${FILESDIR}"/${PN}-0.26-tools-optional.patch
92 -)
93 -
94 -pkg_setup() {
95 - use doc && python-any-r1_pkg_setup
96 -}
97 -
98 -src_prepare() {
99 - if [[ ${PV} != *9999 ]] ; then
100 - if [[ -d po ]] ; then
101 - pushd po > /dev/null || die
102 - local lang
103 - for lang in *.po; do
104 - if [[ -e ${lang} ]] \
105 - && ! has ${lang/.po/} ${LINGUAS-${lang/.po/}} ; then
106 - case ${lang} in
107 - CMakeLists.txt | \
108 - ${PN}.pot) ;;
109 - *) rm -r ${lang} || die ;;
110 - esac
111 - fi
112 - done
113 - popd > /dev/null || die
114 - else
115 - die "Failed to prepare LINGUAS - po directory moved?"
116 - fi
117 - fi
118 -
119 - # FIXME @upstream:
120 - einfo "Converting doc/cmd.txt to UTF-8"
121 - iconv -f LATIN1 -t UTF-8 doc/cmd.txt > doc/cmd.txt.tmp || die
122 - mv -f doc/cmd.txt.tmp doc/cmd.txt || die
123 -
124 - if use doc; then
125 - einfo "Updating doxygen config"
126 - doxygen &>/dev/null -u config/Doxyfile || die
127 - fi
128 -
129 - edos2unix samples/exiv2json.cpp # workaround for CVE-2017-18005 patch
130 -
131 - cmake-utils_src_prepare
132 -}
133 -
134 -multilib_src_configure() {
135 - local mycmakeargs=(
136 - -DEXIV2_ENABLE_BUILD_SAMPLES=NO
137 - -DEXIV2_ENABLE_BUILD_PO=$(usex nls)
138 - -DEXIV2_ENABLE_NLS=$(usex nls)
139 - -DEXIV2_ENABLE_PNG=$(usex png)
140 - -DEXIV2_ENABLE_CURL=$(usex webready)
141 - -DEXIV2_ENABLE_SSH=$(usex webready)
142 - -DEXIV2_ENABLE_WEBREADY=$(usex webready)
143 - -DEXIV2_ENABLE_XMP=$(usex xmp)
144 - -DEXIV2_ENABLE_LIBXMP=NO
145 - $(multilib_is_native_abi || echo -DEXIV2_ENABLE_TOOLS=NO)
146 - )
147 -
148 - cmake-utils_src_configure
149 -}
150 -
151 -multilib_src_compile() {
152 - cmake-utils_src_compile
153 -
154 - if multilib_is_native_abi; then
155 - use doc && emake -j1 doc
156 - fi
157 -}
158 -
159 -multilib_src_install_all() {
160 - use xmp && DOCS+=( doc/{COPYING-XMPSDK,README-XMP,cmdxmp.txt} )
161 - use doc && HTML_DOCS=( "${S}"/doc/html/. )
162 -
163 - einstalldocs
164 - find "${D}" -name '*.la' -delete || die
165 -
166 - if use examples; then
167 - docinto examples
168 - dodoc samples/*.cpp
169 - fi
170 -}
171
172 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch
173 deleted file mode 100644
174 index d74ca59e3c0..00000000000
175 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch
176 +++ /dev/null
177 @@ -1,484 +0,0 @@
178 -From 8e31dd8c14fdc83f387f35dda7b1b70fbdbd70db Mon Sep 17 00:00:00 2001
179 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
180 -Date: Tue, 19 Dec 2017 19:52:41 +0100
181 -Subject: [PATCH 3/8] Only print items (Params::prValue) when size > 0
182 -
183 ----
184 - src/actions.cpp | 5 +++--
185 - 1 file changed, 3 insertions(+), 2 deletions(-)
186 -
187 -diff --git a/src/actions.cpp b/src/actions.cpp
188 -index 9f850097..3963cb67 100644
189 ---- a/src/actions.cpp
190 -+++ b/src/actions.cpp
191 -@@ -713,8 +713,9 @@ namespace Action {
192 - << std::setfill(' ') << std::right
193 - << md.size();
194 - }
195 -- if (Params::instance().printItems_ & Params::prValue) {
196 -- if (!first) std::cout << " ";
197 -+ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) {
198 -+ if (!first)
199 -+ std::cout << " ";
200 - first = false;
201 - if ( Params::instance().binary_
202 - && ( md.typeId() == Exiv2::undefined
203 ---
204 -2.17.0
205 -
206 -
207 -From 463485e5c1cc716108880f75b9c573715bf402b1 Mon Sep 17 00:00:00 2001
208 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
209 -Date: Tue, 19 Dec 2017 19:54:17 +0100
210 -Subject: [PATCH 4/8] Move condition in if statement to discard work earlier
211 -
212 ----
213 - src/actions.cpp | 7 +++----
214 - 1 file changed, 3 insertions(+), 4 deletions(-)
215 -
216 -diff --git a/src/actions.cpp b/src/actions.cpp
217 -index 3963cb67..f51cb488 100644
218 ---- a/src/actions.cpp
219 -+++ b/src/actions.cpp
220 -@@ -717,11 +717,10 @@ namespace Action {
221 - if (!first)
222 - std::cout << " ";
223 - first = false;
224 -- if ( Params::instance().binary_
225 -- && ( md.typeId() == Exiv2::undefined
226 -+ if (md.size() > 128 && Params::instance().binary_ && (
227 -+ md.typeId() == Exiv2::undefined
228 - || md.typeId() == Exiv2::unsignedByte
229 -- || md.typeId() == Exiv2::signedByte)
230 -- && md.size() > 128) {
231 -+ || md.typeId() == Exiv2::signedByte)) {
232 - std::cout << _("(Binary value suppressed)") << std::endl;
233 - return true;
234 - }
235 ---
236 -2.17.0
237 -
238 -
239 -From 7fe7501c01e5d1eec16a736062dd0c34d6408833 Mon Sep 17 00:00:00 2001
240 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
241 -Date: Tue, 19 Dec 2017 19:55:50 +0100
242 -Subject: [PATCH 5/8] Apply clang-format to Print::printMetadatum
243 -
244 ----
245 - src/actions.cpp | 110 ++++++++++++++++++++++++------------------------
246 - 1 file changed, 55 insertions(+), 55 deletions(-)
247 -
248 -diff --git a/src/actions.cpp b/src/actions.cpp
249 -index f51cb488..b31d6ec6 100644
250 ---- a/src/actions.cpp
251 -+++ b/src/actions.cpp
252 -@@ -636,91 +636,90 @@ namespace Action {
253 -
254 - bool Print::printMetadatum(const Exiv2::Metadatum& md, const Exiv2::Image* pImage)
255 - {
256 -- if (!grepTag(md.key())) return false;
257 -- if (!keyTag (md.key())) return false;
258 -+ if (!grepTag(md.key()))
259 -+ return false;
260 -+ if (!keyTag(md.key()))
261 -+ return false;
262 -
263 -- if ( Params::instance().unknown_
264 -- && md.tagName().substr(0, 2) == "0x") {
265 -+ if (Params::instance().unknown_ && md.tagName().substr(0, 2) == "0x") {
266 - return false;
267 - }
268 -+
269 - bool const manyFiles = Params::instance().files_.size() > 1;
270 - if (manyFiles) {
271 -- std::cout << std::setfill(' ') << std::left << std::setw(20)
272 -- << path_ << " ";
273 -+ std::cout << std::setfill(' ') << std::left << std::setw(20) << path_ << " ";
274 - }
275 -+
276 - bool first = true;
277 - if (Params::instance().printItems_ & Params::prTag) {
278 -- if (!first) std::cout << " ";
279 -+ if (!first)
280 -+ std::cout << " ";
281 - first = false;
282 -- std::cout << "0x" << std::setw(4) << std::setfill('0')
283 -- << std::right << std::hex
284 -- << md.tag();
285 -+ std::cout << "0x" << std::setw(4) << std::setfill('0') << std::right << std::hex << md.tag();
286 - }
287 - if (Params::instance().printItems_ & Params::prSet) {
288 -- if (!first) std::cout << " ";
289 -+ if (!first)
290 -+ std::cout << " ";
291 - first = false;
292 -- std::cout << "set" ;
293 -+ std::cout << "set";
294 - }
295 - if (Params::instance().printItems_ & Params::prGroup) {
296 -- if (!first) std::cout << " ";
297 -+ if (!first)
298 -+ std::cout << " ";
299 - first = false;
300 -- std::cout << std::setw(12) << std::setfill(' ') << std::left
301 -- << md.groupName();
302 -+ std::cout << std::setw(12) << std::setfill(' ') << std::left << md.groupName();
303 - }
304 - if (Params::instance().printItems_ & Params::prKey) {
305 -- if (!first) std::cout << " ";
306 -+ if (!first)
307 -+ std::cout << " ";
308 - first = false;
309 -- std::cout << std::setfill(' ') << std::left << std::setw(44)
310 -- << md.key();
311 -+ std::cout << std::setfill(' ') << std::left << std::setw(44) << md.key();
312 - }
313 - if (Params::instance().printItems_ & Params::prName) {
314 -- if (!first) std::cout << " ";
315 -+ if (!first)
316 -+ std::cout << " ";
317 - first = false;
318 -- std::cout << std::setw(27) << std::setfill(' ') << std::left
319 -- << md.tagName();
320 -+ std::cout << std::setw(27) << std::setfill(' ') << std::left << md.tagName();
321 - }
322 - if (Params::instance().printItems_ & Params::prLabel) {
323 -- if (!first) std::cout << " ";
324 -+ if (!first)
325 -+ std::cout << " ";
326 - first = false;
327 -- std::cout << std::setw(30) << std::setfill(' ') << std::left
328 -- << md.tagLabel();
329 -+ std::cout << std::setw(30) << std::setfill(' ') << std::left << md.tagLabel();
330 - }
331 - if (Params::instance().printItems_ & Params::prType) {
332 -- if (!first) std::cout << " ";
333 -+ if (!first)
334 -+ std::cout << " ";
335 - first = false;
336 - std::cout << std::setw(9) << std::setfill(' ') << std::left;
337 - const char* tn = md.typeName();
338 - if (tn) {
339 - std::cout << tn;
340 -- }
341 -- else {
342 -+ } else {
343 - std::ostringstream os;
344 - os << "0x" << std::setw(4) << std::setfill('0') << std::hex << md.typeId();
345 - std::cout << os.str();
346 - }
347 - }
348 - if (Params::instance().printItems_ & Params::prCount) {
349 -- if (!first) std::cout << " ";
350 -+ if (!first)
351 -+ std::cout << " ";
352 - first = false;
353 -- std::cout << std::dec << std::setw(3)
354 -- << std::setfill(' ') << std::right
355 -- << md.count();
356 -+ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.count();
357 - }
358 - if (Params::instance().printItems_ & Params::prSize) {
359 -- if (!first) std::cout << " ";
360 -+ if (!first)
361 -+ std::cout << " ";
362 - first = false;
363 -- std::cout << std::dec << std::setw(3)
364 -- << std::setfill(' ') << std::right
365 -- << md.size();
366 -+ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.size();
367 - }
368 - if (Params::instance().printItems_ & Params::prValue && md.size() > 0) {
369 - if (!first)
370 - std::cout << " ";
371 - first = false;
372 -- if (md.size() > 128 && Params::instance().binary_ && (
373 -- md.typeId() == Exiv2::undefined
374 -- || md.typeId() == Exiv2::unsignedByte
375 -- || md.typeId() == Exiv2::signedByte)) {
376 -+ if (md.size() > 128 && Params::instance().binary_ &&
377 -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
378 -+ md.typeId() == Exiv2::signedByte)) {
379 - std::cout << _("(Binary value suppressed)") << std::endl;
380 - return true;
381 - }
382 -@@ -738,22 +737,22 @@ namespace Action {
383 - }
384 - if (!done) {
385 - // #1114 - show negative values for SByte
386 -- if (md.typeId() != Exiv2::signedByte){
387 -+ if (md.typeId() != Exiv2::signedByte) {
388 - std::cout << std::dec << md.value();
389 - } else {
390 - int value = md.value().toLong();
391 -- std::cout << std::dec << (value<128?value:value-256);
392 -+ std::cout << std::dec << (value < 128 ? value : value - 256);
393 - }
394 - }
395 - }
396 - if (Params::instance().printItems_ & Params::prTrans) {
397 -- if (!first) std::cout << " ";
398 -+ if (!first)
399 -+ std::cout << " ";
400 - first = false;
401 -- if ( Params::instance().binary_
402 -- && ( md.typeId() == Exiv2::undefined
403 -- || md.typeId() == Exiv2::unsignedByte
404 -- || md.typeId() == Exiv2::signedByte)
405 -- && md.size() > 128) {
406 -+ if (Params::instance().binary_ &&
407 -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
408 -+ md.typeId() == Exiv2::signedByte) &&
409 -+ md.size() > 128) {
410 - std::cout << _("(Binary value suppressed)") << std::endl;
411 - return true;
412 - }
413 -@@ -765,16 +764,17 @@ namespace Action {
414 - done = true;
415 - }
416 - }
417 -- if (!done) std::cout << std::dec << md.print(&pImage->exifData());
418 -+ if (!done)
419 -+ std::cout << std::dec << md.print(&pImage->exifData());
420 - }
421 - if (Params::instance().printItems_ & Params::prHex) {
422 -- if (!first) std::cout << std::endl;
423 -+ if (!first)
424 -+ std::cout << std::endl;
425 - first = false;
426 -- if ( Params::instance().binary_
427 -- && ( md.typeId() == Exiv2::undefined
428 -- || md.typeId() == Exiv2::unsignedByte
429 -- || md.typeId() == Exiv2::signedByte)
430 -- && md.size() > 128) {
431 -+ if (Params::instance().binary_ &&
432 -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
433 -+ md.typeId() == Exiv2::signedByte) &&
434 -+ md.size() > 128) {
435 - std::cout << _("(Binary value suppressed)") << std::endl;
436 - return true;
437 - }
438 -@@ -784,7 +784,7 @@ namespace Action {
439 - }
440 - std::cout << std::endl;
441 - return true;
442 -- } // Print::printMetadatum
443 -+ } // Print::printMetadatum
444 -
445 - int Print::printComment()
446 - {
447 ---
448 -2.17.0
449 -
450 -
451 -From 78ddc7a92afaaf58b78d5c49b5c2ad7b60a4e25f Mon Sep 17 00:00:00 2001
452 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
453 -Date: Thu, 21 Dec 2017 16:39:43 +0100
454 -Subject: [PATCH 6/8] Do not deference value when it does not exist (Thanks
455 - D4N)
456 -
457 ----
458 - samples/exiv2json.cpp | 7 +++++++
459 - 1 file changed, 7 insertions(+)
460 -
461 -diff --git a/samples/exiv2json.cpp b/samples/exiv2json.cpp
462 -index 505268d9..a81268f0 100644
463 ---- a/samples/exiv2json.cpp
464 -+++ b/samples/exiv2json.cpp
465 -@@ -148,6 +148,11 @@ bool isArray(std::string& value)
466 - template <class T>
467 - void push(Jzon::Node& node,const std::string& key,T i)
468 - {
469 -+#define ABORT_IF_I_EMTPY \
470 -+ if (i->value().size() == 0) { \
471 -+ return; \
472 -+ }
473 -+
474 - std::string value = i->value().toString();
475 -
476 - switch ( i->typeId() ) {
477 -@@ -179,6 +184,7 @@ void push(Jzon::Node& node,const std::string& key,T i)
478 -
479 - case Exiv2::unsignedRational:
480 - case Exiv2::signedRational: {
481 -+ ABORT_IF_I_EMTPY
482 - Jzon::Array arr;
483 - Exiv2::Rational rat = i->value().toRational();
484 - arr.Add(rat.first );
485 -@@ -187,6 +193,7 @@ void push(Jzon::Node& node,const std::string& key,T i)
486 - } break;
487 -
488 - case Exiv2::langAlt: {
489 -+ ABORT_IF_I_EMTPY
490 - Jzon::Object l ;
491 - const Exiv2::LangAltValue& langs = dynamic_cast<const Exiv2::LangAltValue&>(i->value());
492 - for ( Exiv2::LangAltValue::ValueType::const_iterator lang = langs.value_.begin()
493 ---
494 -2.17.0
495 -
496 -
497 -From 871e6e3ced1cdec7e43bf8cb94e269a7f5c09d92 Mon Sep 17 00:00:00 2001
498 -From: Robin Mills <robin@×××××××××.com>
499 -Date: Thu, 15 Mar 2018 10:43:18 +0000
500 -Subject: [PATCH 8/8] Fix for getopt(), #199. Use src/getopt_win32 code instead
501 - of libc/getopt()
502 -
503 ----
504 - config/config.mk.in | 2 +-
505 - src/CMakeLists.txt | 6 ++----
506 - src/Makefile | 13 +++++--------
507 - src/getopt_win32.c | 9 +++++++++
508 - src/getopt_win32.h | 7 +++++++
509 - src/utils.cpp | 9 +++------
510 - 6 files changed, 27 insertions(+), 19 deletions(-)
511 -
512 -diff --git a/config/config.mk.in b/config/config.mk.in
513 -index 8d920647..4754c722 100644
514 ---- a/config/config.mk.in
515 -+++ b/config/config.mk.in
516 -@@ -165,7 +165,7 @@ endif
517 - # **********************************************************************
518 - # Compilation shortcuts
519 - COMPILE.cc = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c
520 --COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c
521 -+COMPILE.c = $(CC) $(CFLAGS) -c
522 - # LINK.cc does not need $(LIBS), libtool's dark magic takes care of that
523 - # when linking a binary with a libtool library.
524 - LINK.cc = $(CXX) $(LDFLAGS)
525 -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
526 -index d4dc6375..dceee236 100644
527 ---- a/src/CMakeLists.txt
528 -+++ b/src/CMakeLists.txt
529 -@@ -218,10 +218,8 @@ IF(NOT HAVE_TIMEGM )
530 - SET( PATHTEST_SRC ${PATHTEST_SRC} localtime.c )
531 - ENDIF( NOT HAVE_TIMEGM )
532 -
533 --IF( MSVC )
534 -- SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c )
535 -- SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c )
536 --ENDIF( MSVC )
537 -+SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c )
538 -+SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c )
539 -
540 - ##
541 - # msvn tuning
542 -diff --git a/src/Makefile b/src/Makefile
543 -index 8a8366fe..d046e331 100644
544 ---- a/src/Makefile
545 -+++ b/src/Makefile
546 -@@ -131,8 +131,7 @@ CCSRC += asfvideo.cpp \
547 - utilsvideo.cpp
548 - endif
549 -
550 --# Add library C source files to this list
551 --EXIVCSRC =
552 -+# C source files
553 - ifndef HAVE_TIMEGM
554 - CSRC = localtime.c
555 - endif
556 -@@ -141,9 +140,7 @@ endif
557 - EXIV2MAIN = exiv2.cpp
558 - EXIV2SRC = actions.cpp \
559 - utils.cpp
560 --
561 --# C source files for the Exiv2 application
562 --EXIVCSRC =
563 -+EXIVCSRC = getopt_win32.c
564 -
565 - # ******************************************************************************
566 - # Library
567 -@@ -176,7 +173,7 @@ OBJ = $(CCOBJ) $(COBJ)
568 - LOBJ = $(CCLOBJ) $(CLOBJ)
569 -
570 - EXIV2OBJ = $(EXIV2MAIN:.cpp=.o) $(EXIV2SRC:.cpp=.o)
571 --EXIV2COBJ = $(EXIVCSRC:.c=.o)
572 -+EXIVCOBJ = $(EXIVCSRC:.c=.o)
573 - EXIV2EXE = $(EXIV2MAIN:.cpp=$(EXEEXT))
574 -
575 - ifdef DEP_TRACKING
576 -@@ -251,9 +248,9 @@ lib: $(OBJ)
577 - $(BINARY): %: %.o lib
578 - @$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir)
579 -
580 --$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIV2COBJ)
581 -+$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIVCOBJ)
582 - mkdir -pv ../bin 2>&1 > /dev/null
583 -- @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir)
584 -+ @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIVCOBJ) -rpath $(libdir)
585 -
586 - install-header:
587 - $(INSTALL_DIRS) $(DESTDIR)$(incdir)
588 -diff --git a/src/getopt_win32.c b/src/getopt_win32.c
589 -index fca29924..18dfcfbf 100644
590 ---- a/src/getopt_win32.c
591 -+++ b/src/getopt_win32.c
592 -@@ -194,6 +194,10 @@ permute_args(panonopt_start, panonopt_end, opt_end, nargv)
593 - }
594 - }
595 -
596 -+#ifdef __GETOPT_DEFINE_ARGV__
597 -+char * const *__argv;
598 -+#endif
599 -+
600 - /*
601 - * getopt_internal --
602 - * Parse argc/argv argument vector. Called by user level routines.
603 -@@ -205,6 +209,11 @@ getopt_internal(nargc, nargv, options)
604 - char * const *nargv;
605 - const char *options;
606 - {
607 -+
608 -+#ifdef __GETOPT_DEFINE_ARGV__
609 -+ __argv=nargv;
610 -+#endif
611 -+
612 - char *oli; /* option letter list index */
613 - int optchar;
614 -
615 -diff --git a/src/getopt_win32.h b/src/getopt_win32.h
616 -index 6b6f643b..cd5760a3 100644
617 ---- a/src/getopt_win32.h
618 -+++ b/src/getopt_win32.h
619 -@@ -38,6 +38,13 @@
620 - extern "C" {
621 - #endif
622 -
623 -+#if !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__MINGW__) && !defined(_MSC_VER)
624 -+// the symbol __argv (and __argc and __progname and __env) are defined in Windows environments
625 -+// for *ix environments, __argv is declared here, defined: getopt_win32.c, init'd: getopt_internal()
626 -+#define __GETOPT_DEFINE_ARGV__
627 -+extern char * const *__argv;
628 -+#endif
629 -+
630 - extern int opterr; /* if error message should be printed */
631 - extern int optind; /* index into parent argv vector */
632 - extern int optopt; /* character checked for validity */
633 -diff --git a/src/utils.cpp b/src/utils.cpp
634 -index a3d36497..2a092330 100644
635 ---- a/src/utils.cpp
636 -+++ b/src/utils.cpp
637 -@@ -32,18 +32,15 @@ EXIV2_RCSID("@(#) $Id$")
638 - #include "config.h"
639 -
640 - #include "utils.hpp"
641 --
642 --// + standard includes
643 --#if defined(_MSC_VER) || defined(__MINGW__)
644 --# include "getopt_win32.h"
645 --#endif
646 -+#include "getopt_win32.h"
647 -
648 - #if defined(_MSC_VER)
649 - # define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
650 - #endif
651 -
652 -+// + standard includes
653 - #ifdef EXV_HAVE_UNISTD_H
654 --# include <unistd.h> // for getopt(), stat()
655 -+# include <unistd.h> // for stat()
656 - #endif
657 -
658 - #include <sys/types.h>
659 ---
660 -2.17.0
661 -
662
663 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch
664 deleted file mode 100644
665 index a594a2bfad1..00000000000
666 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch
667 +++ /dev/null
668 @@ -1,39 +0,0 @@
669 -From ce4f575e106697c0e513091e95a7cd12ed6a488b Mon Sep 17 00:00:00 2001
670 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@×××××××××××××××.com>
671 -Date: Tue, 9 Jan 2018 21:18:36 +0100
672 -Subject: [PATCH 1/8] Add check for DataBuf.size_ in Jp2Image::readMetadata()
673 -
674 -When parsing a subBox that is a ColorHeader, a length is extracted
675 -from the input file and fed directly into DataBuf() (which calls
676 -malloc). A crafted input file can provide arbitrarily (up to
677 -max(uint32_t)-8) large values and result in excessive memory
678 -allocation.
679 -
680 -This commit adds a check for the new size of DataBuf so that it is not
681 -larger than the remaining size of the file.
682 -
683 -This fixes #202 aka CVE-2018-4868
684 ----
685 - src/jp2image.cpp | 7 ++++++-
686 - 1 file changed, 6 insertions(+), 1 deletion(-)
687 -
688 -diff --git a/src/jp2image.cpp b/src/jp2image.cpp
689 -index a308bfd9..3cebc2a8 100644
690 ---- a/src/jp2image.cpp
691 -+++ b/src/jp2image.cpp
692 -@@ -272,7 +272,12 @@ namespace Exiv2
693 - #endif
694 -
695 - const long pad = 3 ; // 3 padding bytes 2 0 0
696 -- DataBuf data(Safe::add(subBox.length, static_cast<uint32_t>(8)));
697 -+ const size_t data_length = Safe::add(subBox.length, static_cast<uint32_t>(8));
698 -+ // data_length makes no sense if it is larger than the rest of the file
699 -+ if (data_length > io_->size() - io_->tell()) {
700 -+ throw Error(58);
701 -+ }
702 -+ DataBuf data(data_length);
703 - io_->read(data.pData_,data.size_);
704 - const long iccLength = getULong(data.pData_+pad, bigEndian);
705 - // subtracting pad from data.size_ is safe:
706 ---
707 -2.17.0
708
709 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch
710 deleted file mode 100644
711 index a80543a5ecd..00000000000
712 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch
713 +++ /dev/null
714 @@ -1,47 +0,0 @@
715 -From 176ba44cc31064183fdfbce55a7dd7e6b5e2a962 Mon Sep 17 00:00:00 2001
716 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@×××××××××××××××.com>
717 -Date: Fri, 8 Jun 2018 23:46:04 +0200
718 -Subject: [PATCH] Fix C & C++ flag adding in CMakeLists.txt
719 -
720 ----
721 - CMakeLists.txt | 22 ++++++++++++----------
722 - 1 file changed, 12 insertions(+), 10 deletions(-)
723 -
724 -diff --git a/CMakeLists.txt b/CMakeLists.txt
725 -index 2e179bf5..98a172ed 100644
726 ---- a/CMakeLists.txt
727 -+++ b/CMakeLists.txt
728 -@@ -74,21 +74,23 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/config/")
729 -
730 - if( MINGW OR UNIX )
731 - if (${CMAKE_CXX_COMPILER_ID} STREQUAL GNU)
732 -- ADD_DEFINITIONS(-Wall
733 -- -Wcast-align
734 -- -Wpointer-arith
735 -- -Wformat-security
736 -- -Wmissing-format-attribute
737 -- -Woverloaded-virtual
738 -- -W
739 -- )
740 -+ string(CONCAT WARNING_FLAGS " -Wall"
741 -+ " -Wcast-align"
742 -+ " -Wpointer-arith"
743 -+ " -Wformat-security"
744 -+ " -Wmissing-format-attribute"
745 -+ " -Woverloaded-virtual"
746 -+ " -W"
747 -+ )
748 -+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${WARNING_FLAGS}")
749 -+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WARNING_FLAGS}")
750 - ENDIF()
751 -
752 - message(STATUS "Compiler info: ${CMAKE_CXX_COMPILER_ID} (${CMAKE_CXX_COMPILER}) ; version: ${CMAKE_CXX_COMPILER_VERSION}")
753 - IF ( CYGWIN OR (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 5.0))
754 -- ADD_DEFINITIONS( -std=gnu++98 ) # to support snprintf
755 -+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=gnu++98" ) # to support snprintf
756 - ELSE()
757 -- ADD_DEFINITIONS( -std=c++98 )
758 -+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++98" )
759 - ENDIF()
760 -
761 - ENDIF( MINGW OR UNIX )
762 \ No newline at end of file
Report Message
Find on MARC Find on Google Groups