diff options
-rw-r--r-- | user/exiv2/APKBUILD | 42 | ||||
-rw-r--r-- | user/exiv2/CVE-2019-17402.patch | 73 | ||||
-rw-r--r-- | user/exiv2/CVE-2019-20421.patch | 116 | ||||
-rw-r--r-- | user/exiv2/disable-icc-test.patch | 76 |
4 files changed, 90 insertions, 217 deletions
diff --git a/user/exiv2/APKBUILD b/user/exiv2/APKBUILD index fb710b602..7692ff535 100644 --- a/user/exiv2/APKBUILD +++ b/user/exiv2/APKBUILD @@ -1,7 +1,8 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=exiv2 -pkgver=0.27.2 -pkgrel=2 +pkgver=0.27.5_git20220205 +pkgrel=0 +_commit=46c329081f147d68ba38e7256481d8e432cac64c pkgdesc="Exif, IPTC and XMP metadata library and tools" url="https://www.exiv2.org/" arch="all" @@ -9,15 +10,14 @@ license="GPL-2.0+" depends="" depends_dev="expat-dev zlib-dev" checkdepends="python3 libxml2 cmd:which" -makedepends="$depends_dev bash cmake" +makedepends="$depends_dev bash cmake gtest gtest-dev" subpackages="$pkgname-dev $pkgname-doc" -source="http://www.exiv2.org/builds/exiv2-$pkgver-Source.tar.gz - https://dev.sick.bike/dist/exiv2-$pkgver-POC-file_issue_1019 - https://dev.sick.bike/dist/exiv2-$pkgver-Jp2Image_readMetadata_loop.poc - CVE-2019-17402.patch - CVE-2019-20421.patch +#source="https://github.com/Exiv2/exiv2/releases/download/v$pkgver/exiv2-$pkgver-Source.tar.gz +source="exiv2-${pkgver}_${_commit}.tar.gz::https://github.com/Exiv2/exiv2/archive/$_commit.tar.gz + disable-icc-test.patch " -builddir="$srcdir/$pkgname-$pkgver-Source" +#builddir="$srcdir/$pkgname-$pkgver-Source" +builddir="$srcdir/$pkgname-$_commit" # secfixes: # 0.26-r2: @@ -92,35 +92,21 @@ builddir="$srcdir/$pkgname-$pkgver-Source" # 0.27.2-r2: # - CVE-2019-20421 -prepare() { - default_prepare - - # Remove #1019 POC after >= 0.27.2 - mv "$srcdir/$pkgname-$pkgver-POC-file_issue_1019" \ - test/data/POC-file_issue_1019 - - # Ditto - mv "$srcdir/$pkgname-$pkgver-Jp2Image_readMetadata_loop.poc" \ - test/data/Jp2Image_readMetadata_loop.poc -} - build() { cmake -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=/usr/lib \ - -DCMAKE_BUILD_TYPE=RelWithDebInfo -Bbuild + -DCMAKE_BUILD_TYPE=RelWithDebInfo -Bbuild \ + -DEXIV2_BUILD_UNIT_TESTS=On make -C build } check() { - make -C build tests + cmake --build build --target test } package() { make DESTDIR="$pkgdir" -C build install } -sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721 exiv2-0.27.2-Source.tar.gz -cfe0b534c29c37e7b6e5a00e8ec320cb57eb17187813fe30677a097e930655f1b097ce77806e0124affbdc423b48d9910560158eed9d2d03418a824244dafba9 exiv2-0.27.2-POC-file_issue_1019 -d2c0f59e9e2daf00066b0ad73253bb7bb09b3319606813f16478ef5717751e4cbb93d12f5c9339dae2965dcf6a63138bdb4205b698aeab57a75f97ddf458d4f7 exiv2-0.27.2-Jp2Image_readMetadata_loop.poc -623232624f5382c7261a8b7e66063954c37555b7812e4f2e9af8433c4d8a1f141feafbfd2c5081395208cf1c65307ce1b39e5e34f689c558dce82f78030b29dd CVE-2019-17402.patch -c819f06a194b8465c66ccd91b8373cb2a359e59bab7583a8abb873c2001efe6188ac8fa4717c6382d2f2396d25e79e7b397c5ebf000d35c4a7dae547db7bc77b CVE-2019-20421.patch" +sha512sums="6674699ba229adb393beb76c1dd42ca2631c62085104fce3ef2d3db0e973837376212f33992774e486f7f0ee7b49cb206bd08092cf93c3e99b9571365bf8bc1f exiv2-0.27.5_git20220205_46c329081f147d68ba38e7256481d8e432cac64c.tar.gz +2fffbcd214db0e917479b970937769b66eb52cd41c34b3c676a17fa7ca7e327b61014c160d56257981459040ce7ab4cf2516db09b4095473e002a75101de6631 disable-icc-test.patch" diff --git a/user/exiv2/CVE-2019-17402.patch b/user/exiv2/CVE-2019-17402.patch deleted file mode 100644 index f54b511b0..000000000 --- a/user/exiv2/CVE-2019-17402.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 683451567284005cd24e1ccb0a76ca401000968b Mon Sep 17 00:00:00 2001 -From: Jens Georg <mail@jensge.org> -Date: Sun, 6 Oct 2019 15:05:20 +0200 -Subject: [PATCH 1/2] crwimage: Check offset and size against total size - -Corrupted or specially crafted CRW images might exceed the overall -buffersize. - -Fixes #1019 ---- - src/crwimage_int.cpp | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp -index 2474baace..3315b86d7 100644 ---- a/src/crwimage_int.cpp -+++ b/src/crwimage_int.cpp -@@ -270,6 +270,9 @@ namespace Exiv2 { - #ifdef EXIV2_DEBUG_MESSAGES - std::cout << "Reading directory 0x" << std::hex << tag() << "\n"; - #endif -+ if (this->offset() + this->size() > size) -+ throw Error(kerOffsetOutOfRange); -+ - readDirectory(pData + offset(), this->size(), byteOrder); - #ifdef EXIV2_DEBUG_MESSAGES - std::cout << "<---- 0x" << std::hex << tag() << "\n"; - -From 73b874fb14d02578f876aa7dd404cf7c07b6dc4e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com> -Date: Mon, 7 Oct 2019 23:25:00 +0200 -Subject: [PATCH 2/2] [tests] Add regression test for #1019 - ---- - test/data/POC-file_issue_1019 | Bin 0 -> 10078 bytes - tests/bugfixes/github/test_issue_1019.py | 14 ++++++++++++++ - tests/suite.conf | 1 + - 3 files changed, 15 insertions(+) - create mode 100755 test/data/POC-file_issue_1019 - create mode 100644 tests/bugfixes/github/test_issue_1019.py - -diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py -new file mode 100644 -index 000000000..c2682f901 ---- /dev/null -+++ b/tests/bugfixes/github/test_issue_1019.py -@@ -0,0 +1,14 @@ -+from system_tests import CaseMeta, path -+ -+ -+class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta): -+ -+ filename = path("$data_path/POC-file_issue_1019") -+ commands = ["$exiv2 -pv $filename"] -+ stdout = [""] -+ stderr = [ -+ """$exiv2_exception_message $filename: -+$kerOffsetOutOfRange -+""" -+ ] -+ retval = [1] -diff --git a/tests/suite.conf b/tests/suite.conf -index 5b31930c1..dab7427b3 100644 ---- a/tests/suite.conf -+++ b/tests/suite.conf -@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension} - easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension} - - [variables] -+kerOffsetOutOfRange: Offset out of range - kerFailedToReadImageData: Failed to read image data - kerCorruptedMetadata: corrupted image metadata - kerInvalidMalloc: invalid memory allocation request diff --git a/user/exiv2/CVE-2019-20421.patch b/user/exiv2/CVE-2019-20421.patch deleted file mode 100644 index bdc5449f2..000000000 --- a/user/exiv2/CVE-2019-20421.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001 -From: clanmills <robin@clanmills.com> -Date: Tue, 1 Oct 2019 17:39:44 +0100 -Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop - ---- - src/jp2image.cpp | 25 +++++++++++++++---- - tests/bugfixes/github/test_CVE_2017_17725.py | 4 +-- - tests/bugfixes/github/test_issue_1011.py | 13 ++++++++++ - 4 files changed, 35 insertions(+), 7 deletions(-) - create mode 100755 test/data/Jp2Image_readMetadata_loop.poc - create mode 100644 tests/bugfixes/github/test_issue_1011.py - -diff --git a/src/jp2image.cpp b/src/jp2image.cpp -index d5cd1340a..0de088d62 100644 ---- a/src/jp2image.cpp -+++ b/src/jp2image.cpp -@@ -18,10 +18,6 @@ - * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA. - */ - --/* -- File: jp2image.cpp --*/ -- - // ***************************************************************************** - - // included header files -@@ -197,6 +193,16 @@ namespace Exiv2 - return result; - } - -+static void boxes_check(size_t b,size_t m) -+{ -+ if ( b > m ) { -+#ifdef EXIV2_DEBUG_MESSAGES -+ std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl; -+#endif -+ throw Error(kerCorruptedMetadata); -+ } -+} -+ - void Jp2Image::readMetadata() - { - #ifdef EXIV2_DEBUG_MESSAGES -@@ -219,9 +225,12 @@ namespace Exiv2 - Jp2BoxHeader subBox = {0,0}; - Jp2ImageHeaderBox ihdr = {0,0,0,0,0,0,0,0}; - Jp2UuidBox uuid = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -+ size_t boxes = 0 ; -+ size_t boxem = 1000 ; // boxes max - - while (io_->read((byte*)&box, sizeof(box)) == sizeof(box)) - { -+ boxes_check(boxes++,boxem ); - position = io_->tell(); - box.length = getLong((byte*)&box.length, bigEndian); - box.type = getLong((byte*)&box.type, bigEndian); -@@ -251,8 +260,12 @@ namespace Exiv2 - - while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) && subBox.length ) - { -+ boxes_check(boxes++, boxem) ; - subBox.length = getLong((byte*)&subBox.length, bigEndian); - subBox.type = getLong((byte*)&subBox.type, bigEndian); -+ if (subBox.length > io_->size() ) { -+ throw Error(kerCorruptedMetadata); -+ } - #ifdef EXIV2_DEBUG_MESSAGES - std::cout << "Exiv2::Jp2Image::readMetadata: " - << "subBox = " << toAscii(subBox.type) << " length = " << subBox.length << std::endl; -@@ -308,7 +321,9 @@ namespace Exiv2 - } - - io_->seek(restore,BasicIo::beg); -- io_->seek(subBox.length, Exiv2::BasicIo::cur); -+ if ( io_->seek(subBox.length, Exiv2::BasicIo::cur) != 0 ) { -+ throw Error(kerCorruptedMetadata); -+ } - restore = io_->tell(); - } - break; -diff --git a/tests/bugfixes/github/test_CVE_2017_17725.py b/tests/bugfixes/github/test_CVE_2017_17725.py -index 1127b9806..670a75d8d 100644 ---- a/tests/bugfixes/github/test_CVE_2017_17725.py -+++ b/tests/bugfixes/github/test_CVE_2017_17725.py -@@ -11,7 +11,7 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): - filename = "$data_path/poc_2017-12-12_issue188" - commands = ["$exiv2 " + filename] - stdout = [""] -- stderr = ["""$exiv2_overflow_exception_message """ + filename + """: --$addition_overflow_message -+ stderr = ["""$exiv2_exception_message """ + filename + """: -+$kerCorruptedMetadata - """] - retval = [1] -diff --git a/tests/bugfixes/github/test_issue_1011.py b/tests/bugfixes/github/test_issue_1011.py -new file mode 100644 -index 000000000..415861188 ---- /dev/null -+++ b/tests/bugfixes/github/test_issue_1011.py -@@ -0,0 +1,13 @@ -+# -*- coding: utf-8 -*- -+ -+from system_tests import CaseMeta, path -+ -+class Test_issue_1011(metaclass=CaseMeta): -+ -+ filename = path("$data_path/Jp2Image_readMetadata_loop.poc") -+ commands = ["$exiv2 " + filename] -+ stdout = [""] -+ stderr = ["""$exiv2_exception_message """ + filename + """: -+$kerCorruptedMetadata -+"""] -+ retval = [1] -\ No newline at end of file diff --git a/user/exiv2/disable-icc-test.patch b/user/exiv2/disable-icc-test.patch new file mode 100644 index 000000000..3f2c39fd5 --- /dev/null +++ b/user/exiv2/disable-icc-test.patch @@ -0,0 +1,76 @@ +diff -ur a/tests/bash_tests/testcases.py b/tests/bash_tests/testcases.py +--- a/tests/bash_tests/testcases.py 2022-02-05 18:26:24.330000000 +0000 ++++ b/tests/bash_tests/testcases.py 2022-02-05 18:26:50.260000000 +0000 +@@ -440,72 +440,6 @@ + BT.reportTest('geotag-test', out) + + +- def icc_test(self): +- # Test driver for exiv2.exe ICC support (-pS, -pC, -eC, -iC) +- +- def test1120(img): +- # --comment and -dc clobbered by writing ICC/JPG +- out = BT.Output() +- if img == 'Reagan2.jp2': +- return +- if img == 'exiv2-bug1199.webp': +- out += BT.Executer('exiv2 --comment abcdefg {img}', vars(), assert_returncode=[0, 1]) +- out += BT.Executer('exiv2 -pS {img}', vars()) +- out += '' +- else: +- out += BT.Executer('exiv2 --comment abcdefg {img}', vars()) +- out += BT.Executer('exiv2 -pS {img}', vars()) +- out += BT.Executer('exiv2 -pc {img}', vars()) +- out += BT.Executer('exiv2 -dc {img}', vars()) +- out += BT.Executer('exiv2 -pS {img}', vars()) +- return str(out) or None +- +- # num = 1074 # ICC Profile Support +- out = BT.Output() +- for img in ['Reagan.jpg' +- ,'exiv2-bug1199.webp' +- ,'ReaganLargePng.png' +- ,'ReaganLargeJpg.jpg' +- ,'Reagan2.jp2' # 1272 ReaganLargeTiff.tiff +- ]: +- stub = img.split('.')[0] +- iccname = stub + '.icc' +- +- for i in ['large.icc', 'small.icc', img]: +- BT.copyTestFile(i) +- +- out += BT.Executer('exiv2 -pS {img}', vars()) +- e = BT.Executer('exiv2 -pC {img}', vars(), compatible_output=False, decode_output=False) +- BT.save(e.stdout, stub + '_1.icc') +- out += BT.Executer('exiv2 -eC --force {img}', vars()) +- BT.mv(iccname, stub + '_2.icc') +- out += test1120(img) +- +- BT.copyTestFile('large.icc', iccname) +- out += BT.Executer('exiv2 -iC {img}', vars()) +- e = BT.Executer('exiv2 -pC {img}', vars(), compatible_output=False, decode_output=False) +- BT.save(e.stdout, stub + '_large_1.icc') +- out += BT.Executer('exiv2 -pS {img}', vars()) +- out += BT.Executer('exiv2 -eC --force {img}', vars()) +- BT.mv(iccname, stub + '_large_2.icc') +- out += test1120(img) +- +- BT.copyTestFile('small.icc', iccname) +- out += BT.Executer('exiv2 -iC {img}', vars()) +- e = BT.Executer('exiv2 -pC {img}', vars(), compatible_output=False, decode_output=False) +- BT.save(e.stdout, stub + '_small_1.icc') +- out += BT.Executer('exiv2 -pS {img}', vars()) +- out += BT.Executer('exiv2 -eC --force {img}', vars()) +- BT.mv(iccname, stub + '_small_2.icc') +- out += test1120(img) +- +- for f in [stub, stub + '_small', stub + '_large']: +- for i in [1, 2]: +- out += BT.md5sum('{}_{}.icc'.format(f, i)) +- +- BT.reportTest('icc-test', out) +- +- + def image_test(self): + test_files = ['table.jpg', 'smiley1.jpg', 'smiley2.jpg'] + erase_test_files = [ |