Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Aric Belsito <lluixhi@×××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: media-gfx/exiv2/, media-gfx/exiv2/files/
Date: Thu, 26 Apr 2018 18:06:44
Message-Id: 1524765950.e7b9b83f0688f9e5a07d0bd55427c197807beab1.lluixhi@gentoo
1 commit: e7b9b83f0688f9e5a07d0bd55427c197807beab1
2 Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
3 AuthorDate: Thu Apr 26 18:05:50 2018 +0000
4 Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
5 CommitDate: Thu Apr 26 18:05:50 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=e7b9b83f
7
8 media-gfx/exiv2: version bump to 0.27_p20180319
9
10 media-gfx/exiv2/Manifest | 1 +
11 media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 2 +-
12 ...71104-r1.ebuild => exiv2-0.26_p20180319.ebuild} | 12 +-
13 .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 +++++++++++++++++++++
14 .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 ++
15 5 files changed, 534 insertions(+), 4 deletions(-)
16
17 diff --git a/media-gfx/exiv2/Manifest b/media-gfx/exiv2/Manifest
18 index a9b1bd7..ff80754 100644
19 --- a/media-gfx/exiv2/Manifest
20 +++ b/media-gfx/exiv2/Manifest
21 @@ -1 +1,2 @@
22 DIST exiv2-0.26_p20171104.tar.gz 28368697 BLAKE2B 50013cf0bf30a2a476b02d5db4027fca268a4b38733762eb4c08e5f3bdfaf737038e9a62f7ef471fecb10250d8ae686ef683f9b0ea4ccc5d109440ba534371e4 SHA512 6f6a884d7978e54dceb9ce45248cd0425ff469887c85ef52b0e38cb755970f69fce96b4b5317c8e8070b833f72ca214696042aac71292a6f9c3440f6a369d474
23 +DIST exiv2-0.26_p20180319.tar.gz 28383543 BLAKE2B 753a2ebdb2033490c0f66cb1fb2574f02125f17813f6cbaf5eca66e053af9a2cdbc1266f0a033f0706ec22b31acd6e87271e426a335a58ee947757b52d283489 SHA512 852ce2cffcc0a2d902a939933127fdf5fa0b50020e1faf3ab0a375b129b9f61c7b97b76d4f39e376e7288d7cc045867bd1a96ae15dd0b7c0bcd1ba15259628e1
24
25 diff --git a/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild b/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild
26 index f8d19fb..996728b 100644
27 --- a/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild
28 +++ b/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild
29 @@ -11,7 +11,7 @@ if [[ ${PV} = *9999 ]]; then
30 else
31 COMMIT=900d2417dbeb46e14cbf65fc2798ed1d043ab76d
32 SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz"
33 - KEYWORDS="amd64 arm ia64 ~mips ppc ~sh ~sparc x86"
34 + KEYWORDS="amd64 arm ia64 ~mips ppc ~sh sparc x86"
35 fi
36 inherit cmake-multilib python-any-r1 vcs-snapshot
37
38
39 diff --git a/media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild
40 similarity index 90%
41 rename from media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild
42 rename to media-gfx/exiv2/exiv2-0.26_p20180319.ebuild
43 index e24fed4..a188f3a 100644
44 --- a/media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild
45 +++ b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild
46 @@ -9,11 +9,11 @@ if [[ ${PV} = *9999 ]]; then
47 EGIT_BRANCH="0.26"
48 GIT_ECLASS=git-r3
49 else
50 - COMMIT=900d2417dbeb46e14cbf65fc2798ed1d043ab76d
51 + COMMIT=876b1314ab892cbfa6672b6b94adbeb90db4211f
52 SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz"
53 KEYWORDS="~amd64 ~arm ~ia64 ~mips ~ppc ~sh ~sparc ~x86"
54 fi
55 -inherit cmake-multilib python-any-r1 vcs-snapshot
56 +inherit cmake-multilib python-any-r1
57
58 DESCRIPTION="EXIF, IPTC and XMP metadata C++ library and command line utility"
59 HOMEPAGE="http://www.exiv2.org/"
60 @@ -45,11 +45,15 @@ DEPEND="${RDEPEND}
61
62 DOCS=( README doc/ChangeLog doc/cmd.txt )
63
64 +S="${WORKDIR}/${PN^}-${PN}-${COMMIT:0:7}"
65 +
66 PATCHES=(
67 + # master, pending backports for 0.26
68 + "${FILESDIR}"/${P}-CVE-2018-4868.patch
69 + "${FILESDIR}"/${P}-CVE-2017-18005.patch
70 # TODO: Take to upstream
71 "${FILESDIR}"/${PN}-0.26-fix-docs.patch
72 "${FILESDIR}"/${PN}-0.26-tools-optional.patch
73 - "${FILESDIR}"/${PN}-0.26-pentaxnikon-crash.patch
74 "${FILESDIR}"/${PN}-0.26-musl.patch
75 )
76
77 @@ -88,6 +92,8 @@ src_prepare() {
78 doxygen &>/dev/null -u config/Doxyfile || die
79 fi
80
81 + edos2unix samples/exiv2json.cpp # workaround for CVE-2017-18005 patch
82 +
83 cmake-utils_src_prepare
84 }
85
86
87 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch
88 new file mode 100644
89 index 0000000..d74ca59
90 --- /dev/null
91 +++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch
92 @@ -0,0 +1,484 @@
93 +From 8e31dd8c14fdc83f387f35dda7b1b70fbdbd70db Mon Sep 17 00:00:00 2001
94 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
95 +Date: Tue, 19 Dec 2017 19:52:41 +0100
96 +Subject: [PATCH 3/8] Only print items (Params::prValue) when size > 0
97 +
98 +---
99 + src/actions.cpp | 5 +++--
100 + 1 file changed, 3 insertions(+), 2 deletions(-)
101 +
102 +diff --git a/src/actions.cpp b/src/actions.cpp
103 +index 9f850097..3963cb67 100644
104 +--- a/src/actions.cpp
105 ++++ b/src/actions.cpp
106 +@@ -713,8 +713,9 @@ namespace Action {
107 + << std::setfill(' ') << std::right
108 + << md.size();
109 + }
110 +- if (Params::instance().printItems_ & Params::prValue) {
111 +- if (!first) std::cout << " ";
112 ++ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) {
113 ++ if (!first)
114 ++ std::cout << " ";
115 + first = false;
116 + if ( Params::instance().binary_
117 + && ( md.typeId() == Exiv2::undefined
118 +--
119 +2.17.0
120 +
121 +
122 +From 463485e5c1cc716108880f75b9c573715bf402b1 Mon Sep 17 00:00:00 2001
123 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
124 +Date: Tue, 19 Dec 2017 19:54:17 +0100
125 +Subject: [PATCH 4/8] Move condition in if statement to discard work earlier
126 +
127 +---
128 + src/actions.cpp | 7 +++----
129 + 1 file changed, 3 insertions(+), 4 deletions(-)
130 +
131 +diff --git a/src/actions.cpp b/src/actions.cpp
132 +index 3963cb67..f51cb488 100644
133 +--- a/src/actions.cpp
134 ++++ b/src/actions.cpp
135 +@@ -717,11 +717,10 @@ namespace Action {
136 + if (!first)
137 + std::cout << " ";
138 + first = false;
139 +- if ( Params::instance().binary_
140 +- && ( md.typeId() == Exiv2::undefined
141 ++ if (md.size() > 128 && Params::instance().binary_ && (
142 ++ md.typeId() == Exiv2::undefined
143 + || md.typeId() == Exiv2::unsignedByte
144 +- || md.typeId() == Exiv2::signedByte)
145 +- && md.size() > 128) {
146 ++ || md.typeId() == Exiv2::signedByte)) {
147 + std::cout << _("(Binary value suppressed)") << std::endl;
148 + return true;
149 + }
150 +--
151 +2.17.0
152 +
153 +
154 +From 7fe7501c01e5d1eec16a736062dd0c34d6408833 Mon Sep 17 00:00:00 2001
155 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
156 +Date: Tue, 19 Dec 2017 19:55:50 +0100
157 +Subject: [PATCH 5/8] Apply clang-format to Print::printMetadatum
158 +
159 +---
160 + src/actions.cpp | 110 ++++++++++++++++++++++++------------------------
161 + 1 file changed, 55 insertions(+), 55 deletions(-)
162 +
163 +diff --git a/src/actions.cpp b/src/actions.cpp
164 +index f51cb488..b31d6ec6 100644
165 +--- a/src/actions.cpp
166 ++++ b/src/actions.cpp
167 +@@ -636,91 +636,90 @@ namespace Action {
168 +
169 + bool Print::printMetadatum(const Exiv2::Metadatum& md, const Exiv2::Image* pImage)
170 + {
171 +- if (!grepTag(md.key())) return false;
172 +- if (!keyTag (md.key())) return false;
173 ++ if (!grepTag(md.key()))
174 ++ return false;
175 ++ if (!keyTag(md.key()))
176 ++ return false;
177 +
178 +- if ( Params::instance().unknown_
179 +- && md.tagName().substr(0, 2) == "0x") {
180 ++ if (Params::instance().unknown_ && md.tagName().substr(0, 2) == "0x") {
181 + return false;
182 + }
183 ++
184 + bool const manyFiles = Params::instance().files_.size() > 1;
185 + if (manyFiles) {
186 +- std::cout << std::setfill(' ') << std::left << std::setw(20)
187 +- << path_ << " ";
188 ++ std::cout << std::setfill(' ') << std::left << std::setw(20) << path_ << " ";
189 + }
190 ++
191 + bool first = true;
192 + if (Params::instance().printItems_ & Params::prTag) {
193 +- if (!first) std::cout << " ";
194 ++ if (!first)
195 ++ std::cout << " ";
196 + first = false;
197 +- std::cout << "0x" << std::setw(4) << std::setfill('0')
198 +- << std::right << std::hex
199 +- << md.tag();
200 ++ std::cout << "0x" << std::setw(4) << std::setfill('0') << std::right << std::hex << md.tag();
201 + }
202 + if (Params::instance().printItems_ & Params::prSet) {
203 +- if (!first) std::cout << " ";
204 ++ if (!first)
205 ++ std::cout << " ";
206 + first = false;
207 +- std::cout << "set" ;
208 ++ std::cout << "set";
209 + }
210 + if (Params::instance().printItems_ & Params::prGroup) {
211 +- if (!first) std::cout << " ";
212 ++ if (!first)
213 ++ std::cout << " ";
214 + first = false;
215 +- std::cout << std::setw(12) << std::setfill(' ') << std::left
216 +- << md.groupName();
217 ++ std::cout << std::setw(12) << std::setfill(' ') << std::left << md.groupName();
218 + }
219 + if (Params::instance().printItems_ & Params::prKey) {
220 +- if (!first) std::cout << " ";
221 ++ if (!first)
222 ++ std::cout << " ";
223 + first = false;
224 +- std::cout << std::setfill(' ') << std::left << std::setw(44)
225 +- << md.key();
226 ++ std::cout << std::setfill(' ') << std::left << std::setw(44) << md.key();
227 + }
228 + if (Params::instance().printItems_ & Params::prName) {
229 +- if (!first) std::cout << " ";
230 ++ if (!first)
231 ++ std::cout << " ";
232 + first = false;
233 +- std::cout << std::setw(27) << std::setfill(' ') << std::left
234 +- << md.tagName();
235 ++ std::cout << std::setw(27) << std::setfill(' ') << std::left << md.tagName();
236 + }
237 + if (Params::instance().printItems_ & Params::prLabel) {
238 +- if (!first) std::cout << " ";
239 ++ if (!first)
240 ++ std::cout << " ";
241 + first = false;
242 +- std::cout << std::setw(30) << std::setfill(' ') << std::left
243 +- << md.tagLabel();
244 ++ std::cout << std::setw(30) << std::setfill(' ') << std::left << md.tagLabel();
245 + }
246 + if (Params::instance().printItems_ & Params::prType) {
247 +- if (!first) std::cout << " ";
248 ++ if (!first)
249 ++ std::cout << " ";
250 + first = false;
251 + std::cout << std::setw(9) << std::setfill(' ') << std::left;
252 + const char* tn = md.typeName();
253 + if (tn) {
254 + std::cout << tn;
255 +- }
256 +- else {
257 ++ } else {
258 + std::ostringstream os;
259 + os << "0x" << std::setw(4) << std::setfill('0') << std::hex << md.typeId();
260 + std::cout << os.str();
261 + }
262 + }
263 + if (Params::instance().printItems_ & Params::prCount) {
264 +- if (!first) std::cout << " ";
265 ++ if (!first)
266 ++ std::cout << " ";
267 + first = false;
268 +- std::cout << std::dec << std::setw(3)
269 +- << std::setfill(' ') << std::right
270 +- << md.count();
271 ++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.count();
272 + }
273 + if (Params::instance().printItems_ & Params::prSize) {
274 +- if (!first) std::cout << " ";
275 ++ if (!first)
276 ++ std::cout << " ";
277 + first = false;
278 +- std::cout << std::dec << std::setw(3)
279 +- << std::setfill(' ') << std::right
280 +- << md.size();
281 ++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.size();
282 + }
283 + if (Params::instance().printItems_ & Params::prValue && md.size() > 0) {
284 + if (!first)
285 + std::cout << " ";
286 + first = false;
287 +- if (md.size() > 128 && Params::instance().binary_ && (
288 +- md.typeId() == Exiv2::undefined
289 +- || md.typeId() == Exiv2::unsignedByte
290 +- || md.typeId() == Exiv2::signedByte)) {
291 ++ if (md.size() > 128 && Params::instance().binary_ &&
292 ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
293 ++ md.typeId() == Exiv2::signedByte)) {
294 + std::cout << _("(Binary value suppressed)") << std::endl;
295 + return true;
296 + }
297 +@@ -738,22 +737,22 @@ namespace Action {
298 + }
299 + if (!done) {
300 + // #1114 - show negative values for SByte
301 +- if (md.typeId() != Exiv2::signedByte){
302 ++ if (md.typeId() != Exiv2::signedByte) {
303 + std::cout << std::dec << md.value();
304 + } else {
305 + int value = md.value().toLong();
306 +- std::cout << std::dec << (value<128?value:value-256);
307 ++ std::cout << std::dec << (value < 128 ? value : value - 256);
308 + }
309 + }
310 + }
311 + if (Params::instance().printItems_ & Params::prTrans) {
312 +- if (!first) std::cout << " ";
313 ++ if (!first)
314 ++ std::cout << " ";
315 + first = false;
316 +- if ( Params::instance().binary_
317 +- && ( md.typeId() == Exiv2::undefined
318 +- || md.typeId() == Exiv2::unsignedByte
319 +- || md.typeId() == Exiv2::signedByte)
320 +- && md.size() > 128) {
321 ++ if (Params::instance().binary_ &&
322 ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
323 ++ md.typeId() == Exiv2::signedByte) &&
324 ++ md.size() > 128) {
325 + std::cout << _("(Binary value suppressed)") << std::endl;
326 + return true;
327 + }
328 +@@ -765,16 +764,17 @@ namespace Action {
329 + done = true;
330 + }
331 + }
332 +- if (!done) std::cout << std::dec << md.print(&pImage->exifData());
333 ++ if (!done)
334 ++ std::cout << std::dec << md.print(&pImage->exifData());
335 + }
336 + if (Params::instance().printItems_ & Params::prHex) {
337 +- if (!first) std::cout << std::endl;
338 ++ if (!first)
339 ++ std::cout << std::endl;
340 + first = false;
341 +- if ( Params::instance().binary_
342 +- && ( md.typeId() == Exiv2::undefined
343 +- || md.typeId() == Exiv2::unsignedByte
344 +- || md.typeId() == Exiv2::signedByte)
345 +- && md.size() > 128) {
346 ++ if (Params::instance().binary_ &&
347 ++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte ||
348 ++ md.typeId() == Exiv2::signedByte) &&
349 ++ md.size() > 128) {
350 + std::cout << _("(Binary value suppressed)") << std::endl;
351 + return true;
352 + }
353 +@@ -784,7 +784,7 @@ namespace Action {
354 + }
355 + std::cout << std::endl;
356 + return true;
357 +- } // Print::printMetadatum
358 ++ } // Print::printMetadatum
359 +
360 + int Print::printComment()
361 + {
362 +--
363 +2.17.0
364 +
365 +
366 +From 78ddc7a92afaaf58b78d5c49b5c2ad7b60a4e25f Mon Sep 17 00:00:00 2001
367 +From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com>
368 +Date: Thu, 21 Dec 2017 16:39:43 +0100
369 +Subject: [PATCH 6/8] Do not deference value when it does not exist (Thanks
370 + D4N)
371 +
372 +---
373 + samples/exiv2json.cpp | 7 +++++++
374 + 1 file changed, 7 insertions(+)
375 +
376 +diff --git a/samples/exiv2json.cpp b/samples/exiv2json.cpp
377 +index 505268d9..a81268f0 100644
378 +--- a/samples/exiv2json.cpp
379 ++++ b/samples/exiv2json.cpp
380 +@@ -148,6 +148,11 @@ bool isArray(std::string& value)
381 + template <class T>
382 + void push(Jzon::Node& node,const std::string& key,T i)
383 + {
384 ++#define ABORT_IF_I_EMTPY \
385 ++ if (i->value().size() == 0) { \
386 ++ return; \
387 ++ }
388 ++
389 + std::string value = i->value().toString();
390 +
391 + switch ( i->typeId() ) {
392 +@@ -179,6 +184,7 @@ void push(Jzon::Node& node,const std::string& key,T i)
393 +
394 + case Exiv2::unsignedRational:
395 + case Exiv2::signedRational: {
396 ++ ABORT_IF_I_EMTPY
397 + Jzon::Array arr;
398 + Exiv2::Rational rat = i->value().toRational();
399 + arr.Add(rat.first );
400 +@@ -187,6 +193,7 @@ void push(Jzon::Node& node,const std::string& key,T i)
401 + } break;
402 +
403 + case Exiv2::langAlt: {
404 ++ ABORT_IF_I_EMTPY
405 + Jzon::Object l ;
406 + const Exiv2::LangAltValue& langs = dynamic_cast<const Exiv2::LangAltValue&>(i->value());
407 + for ( Exiv2::LangAltValue::ValueType::const_iterator lang = langs.value_.begin()
408 +--
409 +2.17.0
410 +
411 +
412 +From 871e6e3ced1cdec7e43bf8cb94e269a7f5c09d92 Mon Sep 17 00:00:00 2001
413 +From: Robin Mills <robin@×××××××××.com>
414 +Date: Thu, 15 Mar 2018 10:43:18 +0000
415 +Subject: [PATCH 8/8] Fix for getopt(), #199. Use src/getopt_win32 code instead
416 + of libc/getopt()
417 +
418 +---
419 + config/config.mk.in | 2 +-
420 + src/CMakeLists.txt | 6 ++----
421 + src/Makefile | 13 +++++--------
422 + src/getopt_win32.c | 9 +++++++++
423 + src/getopt_win32.h | 7 +++++++
424 + src/utils.cpp | 9 +++------
425 + 6 files changed, 27 insertions(+), 19 deletions(-)
426 +
427 +diff --git a/config/config.mk.in b/config/config.mk.in
428 +index 8d920647..4754c722 100644
429 +--- a/config/config.mk.in
430 ++++ b/config/config.mk.in
431 +@@ -165,7 +165,7 @@ endif
432 + # **********************************************************************
433 + # Compilation shortcuts
434 + COMPILE.cc = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c
435 +-COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c
436 ++COMPILE.c = $(CC) $(CFLAGS) -c
437 + # LINK.cc does not need $(LIBS), libtool's dark magic takes care of that
438 + # when linking a binary with a libtool library.
439 + LINK.cc = $(CXX) $(LDFLAGS)
440 +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
441 +index d4dc6375..dceee236 100644
442 +--- a/src/CMakeLists.txt
443 ++++ b/src/CMakeLists.txt
444 +@@ -218,10 +218,8 @@ IF(NOT HAVE_TIMEGM )
445 + SET( PATHTEST_SRC ${PATHTEST_SRC} localtime.c )
446 + ENDIF( NOT HAVE_TIMEGM )
447 +
448 +-IF( MSVC )
449 +- SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c )
450 +- SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c )
451 +-ENDIF( MSVC )
452 ++SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c )
453 ++SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c )
454 +
455 + ##
456 + # msvn tuning
457 +diff --git a/src/Makefile b/src/Makefile
458 +index 8a8366fe..d046e331 100644
459 +--- a/src/Makefile
460 ++++ b/src/Makefile
461 +@@ -131,8 +131,7 @@ CCSRC += asfvideo.cpp \
462 + utilsvideo.cpp
463 + endif
464 +
465 +-# Add library C source files to this list
466 +-EXIVCSRC =
467 ++# C source files
468 + ifndef HAVE_TIMEGM
469 + CSRC = localtime.c
470 + endif
471 +@@ -141,9 +140,7 @@ endif
472 + EXIV2MAIN = exiv2.cpp
473 + EXIV2SRC = actions.cpp \
474 + utils.cpp
475 +-
476 +-# C source files for the Exiv2 application
477 +-EXIVCSRC =
478 ++EXIVCSRC = getopt_win32.c
479 +
480 + # ******************************************************************************
481 + # Library
482 +@@ -176,7 +173,7 @@ OBJ = $(CCOBJ) $(COBJ)
483 + LOBJ = $(CCLOBJ) $(CLOBJ)
484 +
485 + EXIV2OBJ = $(EXIV2MAIN:.cpp=.o) $(EXIV2SRC:.cpp=.o)
486 +-EXIV2COBJ = $(EXIVCSRC:.c=.o)
487 ++EXIVCOBJ = $(EXIVCSRC:.c=.o)
488 + EXIV2EXE = $(EXIV2MAIN:.cpp=$(EXEEXT))
489 +
490 + ifdef DEP_TRACKING
491 +@@ -251,9 +248,9 @@ lib: $(OBJ)
492 + $(BINARY): %: %.o lib
493 + @$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir)
494 +
495 +-$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIV2COBJ)
496 ++$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIVCOBJ)
497 + mkdir -pv ../bin 2>&1 > /dev/null
498 +- @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir)
499 ++ @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIVCOBJ) -rpath $(libdir)
500 +
501 + install-header:
502 + $(INSTALL_DIRS) $(DESTDIR)$(incdir)
503 +diff --git a/src/getopt_win32.c b/src/getopt_win32.c
504 +index fca29924..18dfcfbf 100644
505 +--- a/src/getopt_win32.c
506 ++++ b/src/getopt_win32.c
507 +@@ -194,6 +194,10 @@ permute_args(panonopt_start, panonopt_end, opt_end, nargv)
508 + }
509 + }
510 +
511 ++#ifdef __GETOPT_DEFINE_ARGV__
512 ++char * const *__argv;
513 ++#endif
514 ++
515 + /*
516 + * getopt_internal --
517 + * Parse argc/argv argument vector. Called by user level routines.
518 +@@ -205,6 +209,11 @@ getopt_internal(nargc, nargv, options)
519 + char * const *nargv;
520 + const char *options;
521 + {
522 ++
523 ++#ifdef __GETOPT_DEFINE_ARGV__
524 ++ __argv=nargv;
525 ++#endif
526 ++
527 + char *oli; /* option letter list index */
528 + int optchar;
529 +
530 +diff --git a/src/getopt_win32.h b/src/getopt_win32.h
531 +index 6b6f643b..cd5760a3 100644
532 +--- a/src/getopt_win32.h
533 ++++ b/src/getopt_win32.h
534 +@@ -38,6 +38,13 @@
535 + extern "C" {
536 + #endif
537 +
538 ++#if !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__MINGW__) && !defined(_MSC_VER)
539 ++// the symbol __argv (and __argc and __progname and __env) are defined in Windows environments
540 ++// for *ix environments, __argv is declared here, defined: getopt_win32.c, init'd: getopt_internal()
541 ++#define __GETOPT_DEFINE_ARGV__
542 ++extern char * const *__argv;
543 ++#endif
544 ++
545 + extern int opterr; /* if error message should be printed */
546 + extern int optind; /* index into parent argv vector */
547 + extern int optopt; /* character checked for validity */
548 +diff --git a/src/utils.cpp b/src/utils.cpp
549 +index a3d36497..2a092330 100644
550 +--- a/src/utils.cpp
551 ++++ b/src/utils.cpp
552 +@@ -32,18 +32,15 @@ EXIV2_RCSID("@(#) $Id$")
553 + #include "config.h"
554 +
555 + #include "utils.hpp"
556 +-
557 +-// + standard includes
558 +-#if defined(_MSC_VER) || defined(__MINGW__)
559 +-# include "getopt_win32.h"
560 +-#endif
561 ++#include "getopt_win32.h"
562 +
563 + #if defined(_MSC_VER)
564 + # define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
565 + #endif
566 +
567 ++// + standard includes
568 + #ifdef EXV_HAVE_UNISTD_H
569 +-# include <unistd.h> // for getopt(), stat()
570 ++# include <unistd.h> // for stat()
571 + #endif
572 +
573 + #include <sys/types.h>
574 +--
575 +2.17.0
576 +
577
578 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch
579 new file mode 100644
580 index 0000000..a594a2b
581 --- /dev/null
582 +++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch
583 @@ -0,0 +1,39 @@
584 +From ce4f575e106697c0e513091e95a7cd12ed6a488b Mon Sep 17 00:00:00 2001
585 +From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@×××××××××××××××.com>
586 +Date: Tue, 9 Jan 2018 21:18:36 +0100
587 +Subject: [PATCH 1/8] Add check for DataBuf.size_ in Jp2Image::readMetadata()
588 +
589 +When parsing a subBox that is a ColorHeader, a length is extracted
590 +from the input file and fed directly into DataBuf() (which calls
591 +malloc). A crafted input file can provide arbitrarily (up to
592 +max(uint32_t)-8) large values and result in excessive memory
593 +allocation.
594 +
595 +This commit adds a check for the new size of DataBuf so that it is not
596 +larger than the remaining size of the file.
597 +
598 +This fixes #202 aka CVE-2018-4868
599 +---
600 + src/jp2image.cpp | 7 ++++++-
601 + 1 file changed, 6 insertions(+), 1 deletion(-)
602 +
603 +diff --git a/src/jp2image.cpp b/src/jp2image.cpp
604 +index a308bfd9..3cebc2a8 100644
605 +--- a/src/jp2image.cpp
606 ++++ b/src/jp2image.cpp
607 +@@ -272,7 +272,12 @@ namespace Exiv2
608 + #endif
609 +
610 + const long pad = 3 ; // 3 padding bytes 2 0 0
611 +- DataBuf data(Safe::add(subBox.length, static_cast<uint32_t>(8)));
612 ++ const size_t data_length = Safe::add(subBox.length, static_cast<uint32_t>(8));
613 ++ // data_length makes no sense if it is larger than the rest of the file
614 ++ if (data_length > io_->size() - io_->tell()) {
615 ++ throw Error(58);
616 ++ }
617 ++ DataBuf data(data_length);
618 + io_->read(data.pData_,data.size_);
619 + const long iccLength = getULong(data.pData_+pad, bigEndian);
620 + // subtracting pad from data.size_ is safe:
621 +--
622 +2.17.0
Report Message
Find on MARC Find on Google Groups