summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-06-20 19:01:52 -0400
committerMax Rees <maxcrees@me.com>2019-06-24 22:09:37 -0400
commit41ba180fc2dfcdb5516769593fdc06dacfc22e2d (patch)
tree42a148e851e4c063afbd645554bc1b180d49bf8f
parente1786dc80374f7ab320c11c3e79edabe034cb794 (diff)
downloadpackages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.gz
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.bz2
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.xz
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.zip
user/exiv2: [CVE] bump to 0.27.1, add tests
-rw-r--r--user/exiv2/0000-pthread-init-fix.patch29
-rw-r--r--user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch36
-rw-r--r--user/exiv2/APKBUILD98
-rw-r--r--user/exiv2/CVE-2018-19535.patch239
4 files changed, 76 insertions, 326 deletions
diff --git a/user/exiv2/0000-pthread-init-fix.patch b/user/exiv2/0000-pthread-init-fix.patch
deleted file mode 100644
index ac69b14c1..000000000
--- a/user/exiv2/0000-pthread-init-fix.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 620ef04e96f4c0d0894d976fc361588b6526a116 Mon Sep 17 00:00:00 2001
-From: clanmills <robin@clanmills.com>
-Date: Tue, 20 Jun 2017 20:41:30 +0100
-Subject: [PATCH] https://github.com/Exiv2/exiv2/issues/9 Fix submitted.
-
----
- src/actions.cpp | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/actions.cpp b/src/actions.cpp
-index 0ebe8505..17444c5b 100644
---- a/src/actions.cpp
-+++ b/src/actions.cpp
-@@ -2045,9 +2045,13 @@ namespace {
- #else
- /* Unix/Linux/Cygwin/MacOSX */
- #include <pthread.h>
-+ /* This is the critical section object (statically allocated). */
- #if defined(__APPLE__)
-- /* This is the critical section object (statically allocated). */
-- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER;
-+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER)
-+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER;
-+ #else
-+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
-+ #endif
- #else
- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
- #endif
diff --git a/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch b/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
deleted file mode 100644
index 86412532d..000000000
--- a/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From d775683f579543c35463ab2a8d9425da10d2f016 Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 4 Oct 2017 00:15:30 -0500
-Subject: [PATCH] Amend fix for #9 to apply to other Unix systems
-
-At least the musl libc on Linux has the same issue as Mac OS X: the
-PTHREAD_RECURSIVE_* static initialiser does not exist. This is a
-documented and purposeful omission:
-
-http://www.openwall.com/lists/musl/2017/02/20/3
-
-This commit uses similar logic to the Apple test on other Unixes.
----
- src/actions.cpp | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/actions.cpp b/src/actions.cpp
-index fe14de4..aa15ec7 100644
---- a/src/actions.cpp
-+++ b/src/actions.cpp
-@@ -2051,7 +2051,11 @@ namespace {
- static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
- #endif
- #else
-- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
-+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP)
-+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
-+ #else
-+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER;
-+ #endif
- #endif
- #endif
-
---
-2.10.0
-
diff --git a/user/exiv2/APKBUILD b/user/exiv2/APKBUILD
index 7cf8693fe..963fe871c 100644
--- a/user/exiv2/APKBUILD
+++ b/user/exiv2/APKBUILD
@@ -1,47 +1,101 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=exiv2
-pkgver=0.26
-pkgrel=2
+pkgver=0.27.1
+pkgrel=0
pkgdesc="Exif, IPTC and XMP metadata library and tools"
url="https://www.exiv2.org/"
arch="all"
-options="!check" # No test suite.
license="GPL-2.0+"
depends=""
depends_dev="expat-dev zlib-dev"
-makedepends="$depends_dev bash"
+makedepends="$depends_dev bash cmake"
+checkdepends="python3 libxml2 cmd:which"
subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.exiv2.org/builds/exiv2-$pkgver-trunk.tar.gz
- 0000-pthread-init-fix.patch
- 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
- CVE-2018-19535.patch
- "
-builddir="$srcdir"/exiv2-trunk
+source="http://www.exiv2.org/builds/exiv2-$pkgver-Source.tar.gz"
+builddir="$srcdir/$pkgname-$pkgver-Source"
# secfixes:
# 0.26-r2:
# - CVE-2018-19535
+# 0.27.1-r0:
+# - CVE-2017-9239
+# - CVE-2017-9953
+# - CVE-2017-11336
+# - CVE-2017-11337
+# - CVE-2017-11338
+# - CVE-2017-11339
+# - CVE-2017-11340
+# - CVE-2017-11553
+# - CVE-2017-11591
+# - CVE-2017-11592
+# - CVE-2017-11683
+# - CVE-2017-12955
+# - CVE-2017-12956
+# - CVE-2017-12957
+# - CVE-2017-14857
+# - CVE-2017-14858
+# - CVE-2017-14859
+# - CVE-2017-14860
+# - CVE-2017-14861
+# - CVE-2017-14862
+# - CVE-2017-14863
+# - CVE-2017-14864
+# - CVE-2017-14865
+# - CVE-2017-14866
+# - CVE-2017-17669
+# - CVE-2017-17722
+# - CVE-2017-17723
+# - CVE-2017-17724
+# - CVE-2017-17725
+# - CVE-2017-18005
+# - CVE-2017-1000126
+# - CVE-2017-1000127
+# - CVE-2017-1000128
+# - CVE-2018-4868
+# - CVE-2018-5772
+# - CVE-2018-8976
+# - CVE-2018-8977
+# - CVE-2018-9145
+# - CVE-2018-10772
+# - CVE-2018-10780
+# - CVE-2018-10958
+# - CVE-2018-10998
+# - CVE-2018-10999
+# - CVE-2018-11037
+# - CVE-2018-11531
+# - CVE-2018-12264
+# - CVE-2018-12265
+# - CVE-2018-14046
+# - CVE-2018-14338
+# - CVE-2018-16336
+# - CVE-2018-17229
+# - CVE-2018-17230
+# - CVE-2018-17282
+# - CVE-2018-17581
+# - CVE-2018-19107
+# - CVE-2018-19108
prepare() {
- cd "$builddir"
default_prepare
- update_config_sub
+ mkdir build
}
+
build() {
- cd "$builddir"
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --prefix=/usr
+ cd "$builddir/build"
+ cmake -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=/usr/lib \
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
make
}
+check() {
+ cd "$builddir/build"
+ make tests
+}
+
package() {
- cd "$builddir"
+ cd "$builddir/build"
make DESTDIR="$pkgdir" install
}
-sha512sums="d1e9cab886e279b045768dd9ec781f07d2d36d573119403d0b76dc571442173aae6972f86ec55c3ea53fb3ee9ca3571eb8fd63a2a6643a970852813e88634a86 exiv2-0.26-trunk.tar.gz
-9721d359708c385be7c86a8f8a63de43b05b2578a29b4339861e82873aa81a98a7ee7252847b6c55529341187d40f552c488589b416fd9d1e27418925929c018 0000-pthread-init-fix.patch
-485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch
-ac145a9b4df21e7f5fdd3099e6ae4c1e12ae2cdccc455d0262c5d38b8e07ce6437036a19264bd04b1cb1fffd01d89672044ca82fddd5e71dcd0d84d48356ab12 CVE-2018-19535.patch"
+sha512sums="038b51241f5bfb323eb298695b5397a7d88d5c7d7303828e5e20b3f82c3df2615cee3e7e3426ea17438ca05d5abea10984cfd41f0649ddab72df1d1415bf3529 exiv2-0.27.1-Source.tar.gz"
diff --git a/user/exiv2/CVE-2018-19535.patch b/user/exiv2/CVE-2018-19535.patch
deleted file mode 100644
index ba9355012..000000000
--- a/user/exiv2/CVE-2018-19535.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 03173751b4d7053d6ddf52a15904e8f751f78f56 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
-Date: Sun, 2 Sep 2018 14:39:52 +0200
-Subject: [PATCH 2/5] Fix bug in PngChunk::readRawProfile
-
-- Now it takes into account text.size_ when searching for a newline
-char.
----
- src/pngchunk.cpp | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 58281b3ff..755872c94 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -629,11 +629,19 @@ namespace Exiv2 {
-
-
- sp = (char*)text.pData_+1;
-+ int pointerPos = 1;
-
- // Look for newline
--
-- while (*sp != '\n')
-+ while (*sp != '\n' && pointerPos < (text.size_ - 1))
-+ {
- sp++;
-+ pointerPos++;
-+ }
-+
-+ if (pointerPos == (text.size_ - 1))
-+ {
-+ return DataBuf();
-+ }
-
- // Look for length
-
-
-From cf3ba049a2792ec2a4a877e343f5dd9654da53dc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
-Date: Mon, 3 Sep 2018 08:51:08 +0200
-Subject: [PATCH 3/5] Fix more issues in PngChunk::readRawProfile
-
----
- src/pngchunk.cpp | 36 +++++++++++++-----------
- 1 file changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 755872c94..9b3faf1aa 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -606,11 +606,6 @@ namespace Exiv2 {
- DataBuf PngChunk::readRawProfile(const DataBuf& text,bool iTXt)
- {
- DataBuf info;
-- register long i;
-- register unsigned char *dp;
-- const char *sp;
-- unsigned int nibbles;
-- long length;
- unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-@@ -627,8 +622,7 @@ namespace Exiv2 {
- return info;
- }
-
--
-- sp = (char*)text.pData_+1;
-+ const char *sp = (char*)text.pData_+1;
- int pointerPos = 1;
-
- // Look for newline
-@@ -638,20 +632,30 @@ namespace Exiv2 {
- pointerPos++;
- }
-
-+ // Look for length
-+ while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1))
-+ {
-+ sp++;
-+ pointerPos++;
-+ }
-+
- if (pointerPos == (text.size_ - 1))
- {
- return DataBuf();
- }
-
-- // Look for length
-+ long length = (long) atol(sp);
-
-- while (*sp == '\0' || *sp == ' ' || *sp == '\n')
-+ while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1))
-+ {
- sp++;
-+ pointerPos++;
-+ }
-
-- length = (long) atol(sp);
--
-- while (*sp != ' ' && *sp != '\n')
-- sp++;
-+ if (pointerPos == (text.size_ - 1))
-+ {
-+ return DataBuf();
-+ }
-
- // Allocate space
-
-@@ -674,10 +678,10 @@ namespace Exiv2 {
-
- // Copy profile, skipping white space and column 1 "=" signs
-
-- dp = (unsigned char*)info.pData_;
-- nibbles = length * 2;
-+ unsigned char *dp = (unsigned char*)info.pData_;
-+ unsigned int nibbles = length * 2;
-
-- for (i = 0; i < (long) nibbles; i++)
-+ for (long i = 0; i < (long) nibbles; i++)
- {
- while (*sp < '0' || (*sp > '9' && *sp < 'a') || *sp > 'f')
- {
-
-From 8b480bc5b2cc2abb8cf6fe4e16c24e58916464d2 Mon Sep 17 00:00:00 2001
-From: Robin Mills <robin@clanmills.com>
-Date: Mon, 10 Sep 2018 20:54:53 +0200
-Subject: [PATCH 4/5] Fixes in PngChunk::readRawProfile
-
----
- src/pngchunk.cpp | 55 ++++++++++++++++++++++----------------------
- 1 file changed, 27 insertions(+), 28 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 9b3faf1aa..f81b560aa 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -607,11 +607,11 @@ namespace Exiv2 {
- {
- DataBuf info;
- unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12,
-- 13,14,15};
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-+ 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12,
-+ 13,14,15};
- if (text.size_ == 0) {
- return DataBuf();
- }
-@@ -622,52 +622,51 @@ namespace Exiv2 {
- return info;
- }
-
-- const char *sp = (char*)text.pData_+1;
-- int pointerPos = 1;
-+ const char *sp = (char*) text.pData_+1; // current byte (space pointer)
-+ const char *eot = (char*) text.pData_+text.size_; // end of text
-
- // Look for newline
-- while (*sp != '\n' && pointerPos < (text.size_ - 1))
-+ while (*sp != '\n' && sp < eot )
- {
- sp++;
-- pointerPos++;
-+ if ( sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-+ sp++ ; // step over '\n'
-
- // Look for length
-- while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1))
-+ while ( (*sp == '\0' || *sp == ' ' || *sp == '\n') && sp < eot )
- {
- sp++;
-- pointerPos++;
-- }
--
-- if (pointerPos == (text.size_ - 1))
-- {
-- return DataBuf();
-+ if (sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-
-- long length = (long) atol(sp);
--
-- while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1))
-+ const char* startOfLength = sp;
-+ while ( ('0' <= *sp && *sp <= '9') && sp < eot)
- {
- sp++;
-- pointerPos++;
-+ if (sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-+ sp++ ; // step over '\n'
-
-- if (pointerPos == (text.size_ - 1))
-- {
-- return DataBuf();
-- }
-+ long length = (long) atol(startOfLength);
-
- // Allocate space
--
- if (length == 0)
- {
- #ifdef DEBUG
- std::cerr << "Exiv2::PngChunk::readRawProfile: Unable To Copy Raw Profile: invalid profile length\n";
- #endif
- }
--
- info.alloc(length);
--
- if (info.size_ != length)
- {
- #ifdef DEBUG
-@@ -678,7 +677,7 @@ namespace Exiv2 {
-
- // Copy profile, skipping white space and column 1 "=" signs
-
-- unsigned char *dp = (unsigned char*)info.pData_;
-+ unsigned char *dp = (unsigned char*)info.pData_; // decode pointer
- unsigned int nibbles = length * 2;
-
- for (long i = 0; i < (long) nibbles; i++)
-