summaryrefslogtreecommitdiff
path: root/user/exiv2/CVE-2018-19535.patch
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-06-20 19:01:52 -0400
committerMax Rees <maxcrees@me.com>2019-06-24 22:09:37 -0400
commit41ba180fc2dfcdb5516769593fdc06dacfc22e2d (patch)
tree42a148e851e4c063afbd645554bc1b180d49bf8f /user/exiv2/CVE-2018-19535.patch
parente1786dc80374f7ab320c11c3e79edabe034cb794 (diff)
downloadpackages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.gz
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.bz2
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.tar.xz
packages-41ba180fc2dfcdb5516769593fdc06dacfc22e2d.zip
user/exiv2: [CVE] bump to 0.27.1, add tests
Diffstat (limited to 'user/exiv2/CVE-2018-19535.patch')
-rw-r--r--user/exiv2/CVE-2018-19535.patch239
1 files changed, 0 insertions, 239 deletions
diff --git a/user/exiv2/CVE-2018-19535.patch b/user/exiv2/CVE-2018-19535.patch
deleted file mode 100644
index ba9355012..000000000
--- a/user/exiv2/CVE-2018-19535.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 03173751b4d7053d6ddf52a15904e8f751f78f56 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
-Date: Sun, 2 Sep 2018 14:39:52 +0200
-Subject: [PATCH 2/5] Fix bug in PngChunk::readRawProfile
-
-- Now it takes into account text.size_ when searching for a newline
-char.
----
- src/pngchunk.cpp | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 58281b3ff..755872c94 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -629,11 +629,19 @@ namespace Exiv2 {
-
-
- sp = (char*)text.pData_+1;
-+ int pointerPos = 1;
-
- // Look for newline
--
-- while (*sp != '\n')
-+ while (*sp != '\n' && pointerPos < (text.size_ - 1))
-+ {
- sp++;
-+ pointerPos++;
-+ }
-+
-+ if (pointerPos == (text.size_ - 1))
-+ {
-+ return DataBuf();
-+ }
-
- // Look for length
-
-
-From cf3ba049a2792ec2a4a877e343f5dd9654da53dc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
-Date: Mon, 3 Sep 2018 08:51:08 +0200
-Subject: [PATCH 3/5] Fix more issues in PngChunk::readRawProfile
-
----
- src/pngchunk.cpp | 36 +++++++++++++-----------
- 1 file changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 755872c94..9b3faf1aa 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -606,11 +606,6 @@ namespace Exiv2 {
- DataBuf PngChunk::readRawProfile(const DataBuf& text,bool iTXt)
- {
- DataBuf info;
-- register long i;
-- register unsigned char *dp;
-- const char *sp;
-- unsigned int nibbles;
-- long length;
- unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-@@ -627,8 +622,7 @@ namespace Exiv2 {
- return info;
- }
-
--
-- sp = (char*)text.pData_+1;
-+ const char *sp = (char*)text.pData_+1;
- int pointerPos = 1;
-
- // Look for newline
-@@ -638,20 +632,30 @@ namespace Exiv2 {
- pointerPos++;
- }
-
-+ // Look for length
-+ while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1))
-+ {
-+ sp++;
-+ pointerPos++;
-+ }
-+
- if (pointerPos == (text.size_ - 1))
- {
- return DataBuf();
- }
-
-- // Look for length
-+ long length = (long) atol(sp);
-
-- while (*sp == '\0' || *sp == ' ' || *sp == '\n')
-+ while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1))
-+ {
- sp++;
-+ pointerPos++;
-+ }
-
-- length = (long) atol(sp);
--
-- while (*sp != ' ' && *sp != '\n')
-- sp++;
-+ if (pointerPos == (text.size_ - 1))
-+ {
-+ return DataBuf();
-+ }
-
- // Allocate space
-
-@@ -674,10 +678,10 @@ namespace Exiv2 {
-
- // Copy profile, skipping white space and column 1 "=" signs
-
-- dp = (unsigned char*)info.pData_;
-- nibbles = length * 2;
-+ unsigned char *dp = (unsigned char*)info.pData_;
-+ unsigned int nibbles = length * 2;
-
-- for (i = 0; i < (long) nibbles; i++)
-+ for (long i = 0; i < (long) nibbles; i++)
- {
- while (*sp < '0' || (*sp > '9' && *sp < 'a') || *sp > 'f')
- {
-
-From 8b480bc5b2cc2abb8cf6fe4e16c24e58916464d2 Mon Sep 17 00:00:00 2001
-From: Robin Mills <robin@clanmills.com>
-Date: Mon, 10 Sep 2018 20:54:53 +0200
-Subject: [PATCH 4/5] Fixes in PngChunk::readRawProfile
-
----
- src/pngchunk.cpp | 55 ++++++++++++++++++++++----------------------
- 1 file changed, 27 insertions(+), 28 deletions(-)
-
-diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
-index 9b3faf1aa..f81b560aa 100644
---- a/src/pngchunk.cpp
-+++ b/src/pngchunk.cpp
-@@ -607,11 +607,11 @@ namespace Exiv2 {
- {
- DataBuf info;
- unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12,
-- 13,14,15};
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-+ 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0,
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,
-+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12,
-+ 13,14,15};
- if (text.size_ == 0) {
- return DataBuf();
- }
-@@ -622,52 +622,51 @@ namespace Exiv2 {
- return info;
- }
-
-- const char *sp = (char*)text.pData_+1;
-- int pointerPos = 1;
-+ const char *sp = (char*) text.pData_+1; // current byte (space pointer)
-+ const char *eot = (char*) text.pData_+text.size_; // end of text
-
- // Look for newline
-- while (*sp != '\n' && pointerPos < (text.size_ - 1))
-+ while (*sp != '\n' && sp < eot )
- {
- sp++;
-- pointerPos++;
-+ if ( sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-+ sp++ ; // step over '\n'
-
- // Look for length
-- while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1))
-+ while ( (*sp == '\0' || *sp == ' ' || *sp == '\n') && sp < eot )
- {
- sp++;
-- pointerPos++;
-- }
--
-- if (pointerPos == (text.size_ - 1))
-- {
-- return DataBuf();
-+ if (sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-
-- long length = (long) atol(sp);
--
-- while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1))
-+ const char* startOfLength = sp;
-+ while ( ('0' <= *sp && *sp <= '9') && sp < eot)
- {
- sp++;
-- pointerPos++;
-+ if (sp == eot )
-+ {
-+ return DataBuf();
-+ }
- }
-+ sp++ ; // step over '\n'
-
-- if (pointerPos == (text.size_ - 1))
-- {
-- return DataBuf();
-- }
-+ long length = (long) atol(startOfLength);
-
- // Allocate space
--
- if (length == 0)
- {
- #ifdef DEBUG
- std::cerr << "Exiv2::PngChunk::readRawProfile: Unable To Copy Raw Profile: invalid profile length\n";
- #endif
- }
--
- info.alloc(length);
--
- if (info.size_ != length)
- {
- #ifdef DEBUG
-@@ -678,7 +677,7 @@ namespace Exiv2 {
-
- // Copy profile, skipping white space and column 1 "=" signs
-
-- unsigned char *dp = (unsigned char*)info.pData_;
-+ unsigned char *dp = (unsigned char*)info.pData_; // decode pointer
- unsigned int nibbles = length * 2;
-
- for (long i = 0; i < (long) nibbles; i++)
-