1 |
commit: e7b9b83f0688f9e5a07d0bd55427c197807beab1 |
2 |
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
3 |
AuthorDate: Thu Apr 26 18:05:50 2018 +0000 |
4 |
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com> |
5 |
CommitDate: Thu Apr 26 18:05:50 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=e7b9b83f |
7 |
|
8 |
media-gfx/exiv2: version bump to 0.27_p20180319 |
9 |
|
10 |
media-gfx/exiv2/Manifest | 1 + |
11 |
media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 2 +- |
12 |
...71104-r1.ebuild => exiv2-0.26_p20180319.ebuild} | 12 +- |
13 |
.../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 +++++++++++++++++++++ |
14 |
.../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 ++ |
15 |
5 files changed, 534 insertions(+), 4 deletions(-) |
16 |
|
17 |
diff --git a/media-gfx/exiv2/Manifest b/media-gfx/exiv2/Manifest |
18 |
index a9b1bd7..ff80754 100644 |
19 |
--- a/media-gfx/exiv2/Manifest |
20 |
+++ b/media-gfx/exiv2/Manifest |
21 |
@@ -1 +1,2 @@ |
22 |
DIST exiv2-0.26_p20171104.tar.gz 28368697 BLAKE2B 50013cf0bf30a2a476b02d5db4027fca268a4b38733762eb4c08e5f3bdfaf737038e9a62f7ef471fecb10250d8ae686ef683f9b0ea4ccc5d109440ba534371e4 SHA512 6f6a884d7978e54dceb9ce45248cd0425ff469887c85ef52b0e38cb755970f69fce96b4b5317c8e8070b833f72ca214696042aac71292a6f9c3440f6a369d474 |
23 |
+DIST exiv2-0.26_p20180319.tar.gz 28383543 BLAKE2B 753a2ebdb2033490c0f66cb1fb2574f02125f17813f6cbaf5eca66e053af9a2cdbc1266f0a033f0706ec22b31acd6e87271e426a335a58ee947757b52d283489 SHA512 852ce2cffcc0a2d902a939933127fdf5fa0b50020e1faf3ab0a375b129b9f61c7b97b76d4f39e376e7288d7cc045867bd1a96ae15dd0b7c0bcd1ba15259628e1 |
24 |
|
25 |
diff --git a/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild b/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild |
26 |
index f8d19fb..996728b 100644 |
27 |
--- a/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild |
28 |
+++ b/media-gfx/exiv2/exiv2-0.26_p20171104.ebuild |
29 |
@@ -11,7 +11,7 @@ if [[ ${PV} = *9999 ]]; then |
30 |
else |
31 |
COMMIT=900d2417dbeb46e14cbf65fc2798ed1d043ab76d |
32 |
SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz" |
33 |
- KEYWORDS="amd64 arm ia64 ~mips ppc ~sh ~sparc x86" |
34 |
+ KEYWORDS="amd64 arm ia64 ~mips ppc ~sh sparc x86" |
35 |
fi |
36 |
inherit cmake-multilib python-any-r1 vcs-snapshot |
37 |
|
38 |
|
39 |
diff --git a/media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild |
40 |
similarity index 90% |
41 |
rename from media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild |
42 |
rename to media-gfx/exiv2/exiv2-0.26_p20180319.ebuild |
43 |
index e24fed4..a188f3a 100644 |
44 |
--- a/media-gfx/exiv2/exiv2-0.26_p20171104-r1.ebuild |
45 |
+++ b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild |
46 |
@@ -9,11 +9,11 @@ if [[ ${PV} = *9999 ]]; then |
47 |
EGIT_BRANCH="0.26" |
48 |
GIT_ECLASS=git-r3 |
49 |
else |
50 |
- COMMIT=900d2417dbeb46e14cbf65fc2798ed1d043ab76d |
51 |
+ COMMIT=876b1314ab892cbfa6672b6b94adbeb90db4211f |
52 |
SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz" |
53 |
KEYWORDS="~amd64 ~arm ~ia64 ~mips ~ppc ~sh ~sparc ~x86" |
54 |
fi |
55 |
-inherit cmake-multilib python-any-r1 vcs-snapshot |
56 |
+inherit cmake-multilib python-any-r1 |
57 |
|
58 |
DESCRIPTION="EXIF, IPTC and XMP metadata C++ library and command line utility" |
59 |
HOMEPAGE="http://www.exiv2.org/" |
60 |
@@ -45,11 +45,15 @@ DEPEND="${RDEPEND} |
61 |
|
62 |
DOCS=( README doc/ChangeLog doc/cmd.txt ) |
63 |
|
64 |
+S="${WORKDIR}/${PN^}-${PN}-${COMMIT:0:7}" |
65 |
+ |
66 |
PATCHES=( |
67 |
+ # master, pending backports for 0.26 |
68 |
+ "${FILESDIR}"/${P}-CVE-2018-4868.patch |
69 |
+ "${FILESDIR}"/${P}-CVE-2017-18005.patch |
70 |
# TODO: Take to upstream |
71 |
"${FILESDIR}"/${PN}-0.26-fix-docs.patch |
72 |
"${FILESDIR}"/${PN}-0.26-tools-optional.patch |
73 |
- "${FILESDIR}"/${PN}-0.26-pentaxnikon-crash.patch |
74 |
"${FILESDIR}"/${PN}-0.26-musl.patch |
75 |
) |
76 |
|
77 |
@@ -88,6 +92,8 @@ src_prepare() { |
78 |
doxygen &>/dev/null -u config/Doxyfile || die |
79 |
fi |
80 |
|
81 |
+ edos2unix samples/exiv2json.cpp # workaround for CVE-2017-18005 patch |
82 |
+ |
83 |
cmake-utils_src_prepare |
84 |
} |
85 |
|
86 |
|
87 |
diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch |
88 |
new file mode 100644 |
89 |
index 0000000..d74ca59 |
90 |
--- /dev/null |
91 |
+++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch |
92 |
@@ -0,0 +1,484 @@ |
93 |
+From 8e31dd8c14fdc83f387f35dda7b1b70fbdbd70db Mon Sep 17 00:00:00 2001 |
94 |
+From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com> |
95 |
+Date: Tue, 19 Dec 2017 19:52:41 +0100 |
96 |
+Subject: [PATCH 3/8] Only print items (Params::prValue) when size > 0 |
97 |
+ |
98 |
+--- |
99 |
+ src/actions.cpp | 5 +++-- |
100 |
+ 1 file changed, 3 insertions(+), 2 deletions(-) |
101 |
+ |
102 |
+diff --git a/src/actions.cpp b/src/actions.cpp |
103 |
+index 9f850097..3963cb67 100644 |
104 |
+--- a/src/actions.cpp |
105 |
++++ b/src/actions.cpp |
106 |
+@@ -713,8 +713,9 @@ namespace Action { |
107 |
+ << std::setfill(' ') << std::right |
108 |
+ << md.size(); |
109 |
+ } |
110 |
+- if (Params::instance().printItems_ & Params::prValue) { |
111 |
+- if (!first) std::cout << " "; |
112 |
++ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { |
113 |
++ if (!first) |
114 |
++ std::cout << " "; |
115 |
+ first = false; |
116 |
+ if ( Params::instance().binary_ |
117 |
+ && ( md.typeId() == Exiv2::undefined |
118 |
+-- |
119 |
+2.17.0 |
120 |
+ |
121 |
+ |
122 |
+From 463485e5c1cc716108880f75b9c573715bf402b1 Mon Sep 17 00:00:00 2001 |
123 |
+From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com> |
124 |
+Date: Tue, 19 Dec 2017 19:54:17 +0100 |
125 |
+Subject: [PATCH 4/8] Move condition in if statement to discard work earlier |
126 |
+ |
127 |
+--- |
128 |
+ src/actions.cpp | 7 +++---- |
129 |
+ 1 file changed, 3 insertions(+), 4 deletions(-) |
130 |
+ |
131 |
+diff --git a/src/actions.cpp b/src/actions.cpp |
132 |
+index 3963cb67..f51cb488 100644 |
133 |
+--- a/src/actions.cpp |
134 |
++++ b/src/actions.cpp |
135 |
+@@ -717,11 +717,10 @@ namespace Action { |
136 |
+ if (!first) |
137 |
+ std::cout << " "; |
138 |
+ first = false; |
139 |
+- if ( Params::instance().binary_ |
140 |
+- && ( md.typeId() == Exiv2::undefined |
141 |
++ if (md.size() > 128 && Params::instance().binary_ && ( |
142 |
++ md.typeId() == Exiv2::undefined |
143 |
+ || md.typeId() == Exiv2::unsignedByte |
144 |
+- || md.typeId() == Exiv2::signedByte) |
145 |
+- && md.size() > 128) { |
146 |
++ || md.typeId() == Exiv2::signedByte)) { |
147 |
+ std::cout << _("(Binary value suppressed)") << std::endl; |
148 |
+ return true; |
149 |
+ } |
150 |
+-- |
151 |
+2.17.0 |
152 |
+ |
153 |
+ |
154 |
+From 7fe7501c01e5d1eec16a736062dd0c34d6408833 Mon Sep 17 00:00:00 2001 |
155 |
+From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com> |
156 |
+Date: Tue, 19 Dec 2017 19:55:50 +0100 |
157 |
+Subject: [PATCH 5/8] Apply clang-format to Print::printMetadatum |
158 |
+ |
159 |
+--- |
160 |
+ src/actions.cpp | 110 ++++++++++++++++++++++++------------------------ |
161 |
+ 1 file changed, 55 insertions(+), 55 deletions(-) |
162 |
+ |
163 |
+diff --git a/src/actions.cpp b/src/actions.cpp |
164 |
+index f51cb488..b31d6ec6 100644 |
165 |
+--- a/src/actions.cpp |
166 |
++++ b/src/actions.cpp |
167 |
+@@ -636,91 +636,90 @@ namespace Action { |
168 |
+ |
169 |
+ bool Print::printMetadatum(const Exiv2::Metadatum& md, const Exiv2::Image* pImage) |
170 |
+ { |
171 |
+- if (!grepTag(md.key())) return false; |
172 |
+- if (!keyTag (md.key())) return false; |
173 |
++ if (!grepTag(md.key())) |
174 |
++ return false; |
175 |
++ if (!keyTag(md.key())) |
176 |
++ return false; |
177 |
+ |
178 |
+- if ( Params::instance().unknown_ |
179 |
+- && md.tagName().substr(0, 2) == "0x") { |
180 |
++ if (Params::instance().unknown_ && md.tagName().substr(0, 2) == "0x") { |
181 |
+ return false; |
182 |
+ } |
183 |
++ |
184 |
+ bool const manyFiles = Params::instance().files_.size() > 1; |
185 |
+ if (manyFiles) { |
186 |
+- std::cout << std::setfill(' ') << std::left << std::setw(20) |
187 |
+- << path_ << " "; |
188 |
++ std::cout << std::setfill(' ') << std::left << std::setw(20) << path_ << " "; |
189 |
+ } |
190 |
++ |
191 |
+ bool first = true; |
192 |
+ if (Params::instance().printItems_ & Params::prTag) { |
193 |
+- if (!first) std::cout << " "; |
194 |
++ if (!first) |
195 |
++ std::cout << " "; |
196 |
+ first = false; |
197 |
+- std::cout << "0x" << std::setw(4) << std::setfill('0') |
198 |
+- << std::right << std::hex |
199 |
+- << md.tag(); |
200 |
++ std::cout << "0x" << std::setw(4) << std::setfill('0') << std::right << std::hex << md.tag(); |
201 |
+ } |
202 |
+ if (Params::instance().printItems_ & Params::prSet) { |
203 |
+- if (!first) std::cout << " "; |
204 |
++ if (!first) |
205 |
++ std::cout << " "; |
206 |
+ first = false; |
207 |
+- std::cout << "set" ; |
208 |
++ std::cout << "set"; |
209 |
+ } |
210 |
+ if (Params::instance().printItems_ & Params::prGroup) { |
211 |
+- if (!first) std::cout << " "; |
212 |
++ if (!first) |
213 |
++ std::cout << " "; |
214 |
+ first = false; |
215 |
+- std::cout << std::setw(12) << std::setfill(' ') << std::left |
216 |
+- << md.groupName(); |
217 |
++ std::cout << std::setw(12) << std::setfill(' ') << std::left << md.groupName(); |
218 |
+ } |
219 |
+ if (Params::instance().printItems_ & Params::prKey) { |
220 |
+- if (!first) std::cout << " "; |
221 |
++ if (!first) |
222 |
++ std::cout << " "; |
223 |
+ first = false; |
224 |
+- std::cout << std::setfill(' ') << std::left << std::setw(44) |
225 |
+- << md.key(); |
226 |
++ std::cout << std::setfill(' ') << std::left << std::setw(44) << md.key(); |
227 |
+ } |
228 |
+ if (Params::instance().printItems_ & Params::prName) { |
229 |
+- if (!first) std::cout << " "; |
230 |
++ if (!first) |
231 |
++ std::cout << " "; |
232 |
+ first = false; |
233 |
+- std::cout << std::setw(27) << std::setfill(' ') << std::left |
234 |
+- << md.tagName(); |
235 |
++ std::cout << std::setw(27) << std::setfill(' ') << std::left << md.tagName(); |
236 |
+ } |
237 |
+ if (Params::instance().printItems_ & Params::prLabel) { |
238 |
+- if (!first) std::cout << " "; |
239 |
++ if (!first) |
240 |
++ std::cout << " "; |
241 |
+ first = false; |
242 |
+- std::cout << std::setw(30) << std::setfill(' ') << std::left |
243 |
+- << md.tagLabel(); |
244 |
++ std::cout << std::setw(30) << std::setfill(' ') << std::left << md.tagLabel(); |
245 |
+ } |
246 |
+ if (Params::instance().printItems_ & Params::prType) { |
247 |
+- if (!first) std::cout << " "; |
248 |
++ if (!first) |
249 |
++ std::cout << " "; |
250 |
+ first = false; |
251 |
+ std::cout << std::setw(9) << std::setfill(' ') << std::left; |
252 |
+ const char* tn = md.typeName(); |
253 |
+ if (tn) { |
254 |
+ std::cout << tn; |
255 |
+- } |
256 |
+- else { |
257 |
++ } else { |
258 |
+ std::ostringstream os; |
259 |
+ os << "0x" << std::setw(4) << std::setfill('0') << std::hex << md.typeId(); |
260 |
+ std::cout << os.str(); |
261 |
+ } |
262 |
+ } |
263 |
+ if (Params::instance().printItems_ & Params::prCount) { |
264 |
+- if (!first) std::cout << " "; |
265 |
++ if (!first) |
266 |
++ std::cout << " "; |
267 |
+ first = false; |
268 |
+- std::cout << std::dec << std::setw(3) |
269 |
+- << std::setfill(' ') << std::right |
270 |
+- << md.count(); |
271 |
++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.count(); |
272 |
+ } |
273 |
+ if (Params::instance().printItems_ & Params::prSize) { |
274 |
+- if (!first) std::cout << " "; |
275 |
++ if (!first) |
276 |
++ std::cout << " "; |
277 |
+ first = false; |
278 |
+- std::cout << std::dec << std::setw(3) |
279 |
+- << std::setfill(' ') << std::right |
280 |
+- << md.size(); |
281 |
++ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.size(); |
282 |
+ } |
283 |
+ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { |
284 |
+ if (!first) |
285 |
+ std::cout << " "; |
286 |
+ first = false; |
287 |
+- if (md.size() > 128 && Params::instance().binary_ && ( |
288 |
+- md.typeId() == Exiv2::undefined |
289 |
+- || md.typeId() == Exiv2::unsignedByte |
290 |
+- || md.typeId() == Exiv2::signedByte)) { |
291 |
++ if (md.size() > 128 && Params::instance().binary_ && |
292 |
++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || |
293 |
++ md.typeId() == Exiv2::signedByte)) { |
294 |
+ std::cout << _("(Binary value suppressed)") << std::endl; |
295 |
+ return true; |
296 |
+ } |
297 |
+@@ -738,22 +737,22 @@ namespace Action { |
298 |
+ } |
299 |
+ if (!done) { |
300 |
+ // #1114 - show negative values for SByte |
301 |
+- if (md.typeId() != Exiv2::signedByte){ |
302 |
++ if (md.typeId() != Exiv2::signedByte) { |
303 |
+ std::cout << std::dec << md.value(); |
304 |
+ } else { |
305 |
+ int value = md.value().toLong(); |
306 |
+- std::cout << std::dec << (value<128?value:value-256); |
307 |
++ std::cout << std::dec << (value < 128 ? value : value - 256); |
308 |
+ } |
309 |
+ } |
310 |
+ } |
311 |
+ if (Params::instance().printItems_ & Params::prTrans) { |
312 |
+- if (!first) std::cout << " "; |
313 |
++ if (!first) |
314 |
++ std::cout << " "; |
315 |
+ first = false; |
316 |
+- if ( Params::instance().binary_ |
317 |
+- && ( md.typeId() == Exiv2::undefined |
318 |
+- || md.typeId() == Exiv2::unsignedByte |
319 |
+- || md.typeId() == Exiv2::signedByte) |
320 |
+- && md.size() > 128) { |
321 |
++ if (Params::instance().binary_ && |
322 |
++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || |
323 |
++ md.typeId() == Exiv2::signedByte) && |
324 |
++ md.size() > 128) { |
325 |
+ std::cout << _("(Binary value suppressed)") << std::endl; |
326 |
+ return true; |
327 |
+ } |
328 |
+@@ -765,16 +764,17 @@ namespace Action { |
329 |
+ done = true; |
330 |
+ } |
331 |
+ } |
332 |
+- if (!done) std::cout << std::dec << md.print(&pImage->exifData()); |
333 |
++ if (!done) |
334 |
++ std::cout << std::dec << md.print(&pImage->exifData()); |
335 |
+ } |
336 |
+ if (Params::instance().printItems_ & Params::prHex) { |
337 |
+- if (!first) std::cout << std::endl; |
338 |
++ if (!first) |
339 |
++ std::cout << std::endl; |
340 |
+ first = false; |
341 |
+- if ( Params::instance().binary_ |
342 |
+- && ( md.typeId() == Exiv2::undefined |
343 |
+- || md.typeId() == Exiv2::unsignedByte |
344 |
+- || md.typeId() == Exiv2::signedByte) |
345 |
+- && md.size() > 128) { |
346 |
++ if (Params::instance().binary_ && |
347 |
++ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || |
348 |
++ md.typeId() == Exiv2::signedByte) && |
349 |
++ md.size() > 128) { |
350 |
+ std::cout << _("(Binary value suppressed)") << std::endl; |
351 |
+ return true; |
352 |
+ } |
353 |
+@@ -784,7 +784,7 @@ namespace Action { |
354 |
+ } |
355 |
+ std::cout << std::endl; |
356 |
+ return true; |
357 |
+- } // Print::printMetadatum |
358 |
++ } // Print::printMetadatum |
359 |
+ |
360 |
+ int Print::printComment() |
361 |
+ { |
362 |
+-- |
363 |
+2.17.0 |
364 |
+ |
365 |
+ |
366 |
+From 78ddc7a92afaaf58b78d5c49b5c2ad7b60a4e25f Mon Sep 17 00:00:00 2001 |
367 |
+From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@×××××.com> |
368 |
+Date: Thu, 21 Dec 2017 16:39:43 +0100 |
369 |
+Subject: [PATCH 6/8] Do not deference value when it does not exist (Thanks |
370 |
+ D4N) |
371 |
+ |
372 |
+--- |
373 |
+ samples/exiv2json.cpp | 7 +++++++ |
374 |
+ 1 file changed, 7 insertions(+) |
375 |
+ |
376 |
+diff --git a/samples/exiv2json.cpp b/samples/exiv2json.cpp |
377 |
+index 505268d9..a81268f0 100644 |
378 |
+--- a/samples/exiv2json.cpp |
379 |
++++ b/samples/exiv2json.cpp |
380 |
+@@ -148,6 +148,11 @@ bool isArray(std::string& value) |
381 |
+ template <class T> |
382 |
+ void push(Jzon::Node& node,const std::string& key,T i) |
383 |
+ { |
384 |
++#define ABORT_IF_I_EMTPY \ |
385 |
++ if (i->value().size() == 0) { \ |
386 |
++ return; \ |
387 |
++ } |
388 |
++ |
389 |
+ std::string value = i->value().toString(); |
390 |
+ |
391 |
+ switch ( i->typeId() ) { |
392 |
+@@ -179,6 +184,7 @@ void push(Jzon::Node& node,const std::string& key,T i) |
393 |
+ |
394 |
+ case Exiv2::unsignedRational: |
395 |
+ case Exiv2::signedRational: { |
396 |
++ ABORT_IF_I_EMTPY |
397 |
+ Jzon::Array arr; |
398 |
+ Exiv2::Rational rat = i->value().toRational(); |
399 |
+ arr.Add(rat.first ); |
400 |
+@@ -187,6 +193,7 @@ void push(Jzon::Node& node,const std::string& key,T i) |
401 |
+ } break; |
402 |
+ |
403 |
+ case Exiv2::langAlt: { |
404 |
++ ABORT_IF_I_EMTPY |
405 |
+ Jzon::Object l ; |
406 |
+ const Exiv2::LangAltValue& langs = dynamic_cast<const Exiv2::LangAltValue&>(i->value()); |
407 |
+ for ( Exiv2::LangAltValue::ValueType::const_iterator lang = langs.value_.begin() |
408 |
+-- |
409 |
+2.17.0 |
410 |
+ |
411 |
+ |
412 |
+From 871e6e3ced1cdec7e43bf8cb94e269a7f5c09d92 Mon Sep 17 00:00:00 2001 |
413 |
+From: Robin Mills <robin@×××××××××.com> |
414 |
+Date: Thu, 15 Mar 2018 10:43:18 +0000 |
415 |
+Subject: [PATCH 8/8] Fix for getopt(), #199. Use src/getopt_win32 code instead |
416 |
+ of libc/getopt() |
417 |
+ |
418 |
+--- |
419 |
+ config/config.mk.in | 2 +- |
420 |
+ src/CMakeLists.txt | 6 ++---- |
421 |
+ src/Makefile | 13 +++++-------- |
422 |
+ src/getopt_win32.c | 9 +++++++++ |
423 |
+ src/getopt_win32.h | 7 +++++++ |
424 |
+ src/utils.cpp | 9 +++------ |
425 |
+ 6 files changed, 27 insertions(+), 19 deletions(-) |
426 |
+ |
427 |
+diff --git a/config/config.mk.in b/config/config.mk.in |
428 |
+index 8d920647..4754c722 100644 |
429 |
+--- a/config/config.mk.in |
430 |
++++ b/config/config.mk.in |
431 |
+@@ -165,7 +165,7 @@ endif |
432 |
+ # ********************************************************************** |
433 |
+ # Compilation shortcuts |
434 |
+ COMPILE.cc = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c |
435 |
+-COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c |
436 |
++COMPILE.c = $(CC) $(CFLAGS) -c |
437 |
+ # LINK.cc does not need $(LIBS), libtool's dark magic takes care of that |
438 |
+ # when linking a binary with a libtool library. |
439 |
+ LINK.cc = $(CXX) $(LDFLAGS) |
440 |
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt |
441 |
+index d4dc6375..dceee236 100644 |
442 |
+--- a/src/CMakeLists.txt |
443 |
++++ b/src/CMakeLists.txt |
444 |
+@@ -218,10 +218,8 @@ IF(NOT HAVE_TIMEGM ) |
445 |
+ SET( PATHTEST_SRC ${PATHTEST_SRC} localtime.c ) |
446 |
+ ENDIF( NOT HAVE_TIMEGM ) |
447 |
+ |
448 |
+-IF( MSVC ) |
449 |
+- SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) |
450 |
+- SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) |
451 |
+-ENDIF( MSVC ) |
452 |
++SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) |
453 |
++SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) |
454 |
+ |
455 |
+ ## |
456 |
+ # msvn tuning |
457 |
+diff --git a/src/Makefile b/src/Makefile |
458 |
+index 8a8366fe..d046e331 100644 |
459 |
+--- a/src/Makefile |
460 |
++++ b/src/Makefile |
461 |
+@@ -131,8 +131,7 @@ CCSRC += asfvideo.cpp \ |
462 |
+ utilsvideo.cpp |
463 |
+ endif |
464 |
+ |
465 |
+-# Add library C source files to this list |
466 |
+-EXIVCSRC = |
467 |
++# C source files |
468 |
+ ifndef HAVE_TIMEGM |
469 |
+ CSRC = localtime.c |
470 |
+ endif |
471 |
+@@ -141,9 +140,7 @@ endif |
472 |
+ EXIV2MAIN = exiv2.cpp |
473 |
+ EXIV2SRC = actions.cpp \ |
474 |
+ utils.cpp |
475 |
+- |
476 |
+-# C source files for the Exiv2 application |
477 |
+-EXIVCSRC = |
478 |
++EXIVCSRC = getopt_win32.c |
479 |
+ |
480 |
+ # ****************************************************************************** |
481 |
+ # Library |
482 |
+@@ -176,7 +173,7 @@ OBJ = $(CCOBJ) $(COBJ) |
483 |
+ LOBJ = $(CCLOBJ) $(CLOBJ) |
484 |
+ |
485 |
+ EXIV2OBJ = $(EXIV2MAIN:.cpp=.o) $(EXIV2SRC:.cpp=.o) |
486 |
+-EXIV2COBJ = $(EXIVCSRC:.c=.o) |
487 |
++EXIVCOBJ = $(EXIVCSRC:.c=.o) |
488 |
+ EXIV2EXE = $(EXIV2MAIN:.cpp=$(EXEEXT)) |
489 |
+ |
490 |
+ ifdef DEP_TRACKING |
491 |
+@@ -251,9 +248,9 @@ lib: $(OBJ) |
492 |
+ $(BINARY): %: %.o lib |
493 |
+ @$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir) |
494 |
+ |
495 |
+-$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIV2COBJ) |
496 |
++$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIVCOBJ) |
497 |
+ mkdir -pv ../bin 2>&1 > /dev/null |
498 |
+- @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir) |
499 |
++ @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIVCOBJ) -rpath $(libdir) |
500 |
+ |
501 |
+ install-header: |
502 |
+ $(INSTALL_DIRS) $(DESTDIR)$(incdir) |
503 |
+diff --git a/src/getopt_win32.c b/src/getopt_win32.c |
504 |
+index fca29924..18dfcfbf 100644 |
505 |
+--- a/src/getopt_win32.c |
506 |
++++ b/src/getopt_win32.c |
507 |
+@@ -194,6 +194,10 @@ permute_args(panonopt_start, panonopt_end, opt_end, nargv) |
508 |
+ } |
509 |
+ } |
510 |
+ |
511 |
++#ifdef __GETOPT_DEFINE_ARGV__ |
512 |
++char * const *__argv; |
513 |
++#endif |
514 |
++ |
515 |
+ /* |
516 |
+ * getopt_internal -- |
517 |
+ * Parse argc/argv argument vector. Called by user level routines. |
518 |
+@@ -205,6 +209,11 @@ getopt_internal(nargc, nargv, options) |
519 |
+ char * const *nargv; |
520 |
+ const char *options; |
521 |
+ { |
522 |
++ |
523 |
++#ifdef __GETOPT_DEFINE_ARGV__ |
524 |
++ __argv=nargv; |
525 |
++#endif |
526 |
++ |
527 |
+ char *oli; /* option letter list index */ |
528 |
+ int optchar; |
529 |
+ |
530 |
+diff --git a/src/getopt_win32.h b/src/getopt_win32.h |
531 |
+index 6b6f643b..cd5760a3 100644 |
532 |
+--- a/src/getopt_win32.h |
533 |
++++ b/src/getopt_win32.h |
534 |
+@@ -38,6 +38,13 @@ |
535 |
+ extern "C" { |
536 |
+ #endif |
537 |
+ |
538 |
++#if !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__MINGW__) && !defined(_MSC_VER) |
539 |
++// the symbol __argv (and __argc and __progname and __env) are defined in Windows environments |
540 |
++// for *ix environments, __argv is declared here, defined: getopt_win32.c, init'd: getopt_internal() |
541 |
++#define __GETOPT_DEFINE_ARGV__ |
542 |
++extern char * const *__argv; |
543 |
++#endif |
544 |
++ |
545 |
+ extern int opterr; /* if error message should be printed */ |
546 |
+ extern int optind; /* index into parent argv vector */ |
547 |
+ extern int optopt; /* character checked for validity */ |
548 |
+diff --git a/src/utils.cpp b/src/utils.cpp |
549 |
+index a3d36497..2a092330 100644 |
550 |
+--- a/src/utils.cpp |
551 |
++++ b/src/utils.cpp |
552 |
+@@ -32,18 +32,15 @@ EXIV2_RCSID("@(#) $Id$") |
553 |
+ #include "config.h" |
554 |
+ |
555 |
+ #include "utils.hpp" |
556 |
+- |
557 |
+-// + standard includes |
558 |
+-#if defined(_MSC_VER) || defined(__MINGW__) |
559 |
+-# include "getopt_win32.h" |
560 |
+-#endif |
561 |
++#include "getopt_win32.h" |
562 |
+ |
563 |
+ #if defined(_MSC_VER) |
564 |
+ # define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) |
565 |
+ #endif |
566 |
+ |
567 |
++// + standard includes |
568 |
+ #ifdef EXV_HAVE_UNISTD_H |
569 |
+-# include <unistd.h> // for getopt(), stat() |
570 |
++# include <unistd.h> // for stat() |
571 |
+ #endif |
572 |
+ |
573 |
+ #include <sys/types.h> |
574 |
+-- |
575 |
+2.17.0 |
576 |
+ |
577 |
|
578 |
diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch |
579 |
new file mode 100644 |
580 |
index 0000000..a594a2b |
581 |
--- /dev/null |
582 |
+++ b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch |
583 |
@@ -0,0 +1,39 @@ |
584 |
+From ce4f575e106697c0e513091e95a7cd12ed6a488b Mon Sep 17 00:00:00 2001 |
585 |
+From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@×××××××××××××××.com> |
586 |
+Date: Tue, 9 Jan 2018 21:18:36 +0100 |
587 |
+Subject: [PATCH 1/8] Add check for DataBuf.size_ in Jp2Image::readMetadata() |
588 |
+ |
589 |
+When parsing a subBox that is a ColorHeader, a length is extracted |
590 |
+from the input file and fed directly into DataBuf() (which calls |
591 |
+malloc). A crafted input file can provide arbitrarily (up to |
592 |
+max(uint32_t)-8) large values and result in excessive memory |
593 |
+allocation. |
594 |
+ |
595 |
+This commit adds a check for the new size of DataBuf so that it is not |
596 |
+larger than the remaining size of the file. |
597 |
+ |
598 |
+This fixes #202 aka CVE-2018-4868 |
599 |
+--- |
600 |
+ src/jp2image.cpp | 7 ++++++- |
601 |
+ 1 file changed, 6 insertions(+), 1 deletion(-) |
602 |
+ |
603 |
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp |
604 |
+index a308bfd9..3cebc2a8 100644 |
605 |
+--- a/src/jp2image.cpp |
606 |
++++ b/src/jp2image.cpp |
607 |
+@@ -272,7 +272,12 @@ namespace Exiv2 |
608 |
+ #endif |
609 |
+ |
610 |
+ const long pad = 3 ; // 3 padding bytes 2 0 0 |
611 |
+- DataBuf data(Safe::add(subBox.length, static_cast<uint32_t>(8))); |
612 |
++ const size_t data_length = Safe::add(subBox.length, static_cast<uint32_t>(8)); |
613 |
++ // data_length makes no sense if it is larger than the rest of the file |
614 |
++ if (data_length > io_->size() - io_->tell()) { |
615 |
++ throw Error(58); |
616 |
++ } |
617 |
++ DataBuf data(data_length); |
618 |
+ io_->read(data.pData_,data.size_); |
619 |
+ const long iccLength = getULong(data.pData_+pad, bigEndian); |
620 |
+ // subtracting pad from data.size_ is safe: |
621 |
+-- |
622 |
+2.17.0 |