From 41ba180fc2dfcdb5516769593fdc06dacfc22e2d Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 20 Jun 2019 19:01:52 -0400 Subject: user/exiv2: [CVE] bump to 0.27.1, add tests --- user/exiv2/0000-pthread-init-fix.patch | 29 --- ...-fix-for-9-to-apply-to-other-Unix-systems.patch | 36 ---- user/exiv2/APKBUILD | 98 +++++++-- user/exiv2/CVE-2018-19535.patch | 239 --------------------- 4 files changed, 76 insertions(+), 326 deletions(-) delete mode 100644 user/exiv2/0000-pthread-init-fix.patch delete mode 100644 user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch delete mode 100644 user/exiv2/CVE-2018-19535.patch (limited to 'user') diff --git a/user/exiv2/0000-pthread-init-fix.patch b/user/exiv2/0000-pthread-init-fix.patch deleted file mode 100644 index ac69b14c1..000000000 --- a/user/exiv2/0000-pthread-init-fix.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 620ef04e96f4c0d0894d976fc361588b6526a116 Mon Sep 17 00:00:00 2001 -From: clanmills -Date: Tue, 20 Jun 2017 20:41:30 +0100 -Subject: [PATCH] https://github.com/Exiv2/exiv2/issues/9 Fix submitted. - ---- - src/actions.cpp | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/actions.cpp b/src/actions.cpp -index 0ebe8505..17444c5b 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -2045,9 +2045,13 @@ namespace { - #else - /* Unix/Linux/Cygwin/MacOSX */ - #include -+ /* This is the critical section object (statically allocated). */ - #if defined(__APPLE__) -- /* This is the critical section object (statically allocated). */ -- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER; -+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER) -+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER; -+ #else -+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER; -+ #endif - #else - static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; - #endif diff --git a/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch b/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch deleted file mode 100644 index 86412532d..000000000 --- a/user/exiv2/0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch +++ /dev/null @@ -1,36 +0,0 @@ -From d775683f579543c35463ab2a8d9425da10d2f016 Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" -Date: Wed, 4 Oct 2017 00:15:30 -0500 -Subject: [PATCH] Amend fix for #9 to apply to other Unix systems - -At least the musl libc on Linux has the same issue as Mac OS X: the -PTHREAD_RECURSIVE_* static initialiser does not exist. This is a -documented and purposeful omission: - -http://www.openwall.com/lists/musl/2017/02/20/3 - -This commit uses similar logic to the Apple test on other Unixes. ---- - src/actions.cpp | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/actions.cpp b/src/actions.cpp -index fe14de4..aa15ec7 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -2051,7 +2051,11 @@ namespace { - static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER; - #endif - #else -- static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; -+ #if defined(PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP) -+ static pthread_mutex_t cs = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; -+ #else -+ static pthread_mutex_t cs = PTHREAD_MUTEX_INITIALIZER; -+ #endif - #endif - #endif - --- -2.10.0 - diff --git a/user/exiv2/APKBUILD b/user/exiv2/APKBUILD index 7cf8693fe..963fe871c 100644 --- a/user/exiv2/APKBUILD +++ b/user/exiv2/APKBUILD @@ -1,47 +1,101 @@ # Maintainer: A. Wilcox pkgname=exiv2 -pkgver=0.26 -pkgrel=2 +pkgver=0.27.1 +pkgrel=0 pkgdesc="Exif, IPTC and XMP metadata library and tools" url="https://www.exiv2.org/" arch="all" -options="!check" # No test suite. license="GPL-2.0+" depends="" depends_dev="expat-dev zlib-dev" -makedepends="$depends_dev bash" +makedepends="$depends_dev bash cmake" +checkdepends="python3 libxml2 cmd:which" subpackages="$pkgname-dev $pkgname-doc" -source="http://www.exiv2.org/builds/exiv2-$pkgver-trunk.tar.gz - 0000-pthread-init-fix.patch - 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch - CVE-2018-19535.patch - " -builddir="$srcdir"/exiv2-trunk +source="http://www.exiv2.org/builds/exiv2-$pkgver-Source.tar.gz" +builddir="$srcdir/$pkgname-$pkgver-Source" # secfixes: # 0.26-r2: # - CVE-2018-19535 +# 0.27.1-r0: +# - CVE-2017-9239 +# - CVE-2017-9953 +# - CVE-2017-11336 +# - CVE-2017-11337 +# - CVE-2017-11338 +# - CVE-2017-11339 +# - CVE-2017-11340 +# - CVE-2017-11553 +# - CVE-2017-11591 +# - CVE-2017-11592 +# - CVE-2017-11683 +# - CVE-2017-12955 +# - CVE-2017-12956 +# - CVE-2017-12957 +# - CVE-2017-14857 +# - CVE-2017-14858 +# - CVE-2017-14859 +# - CVE-2017-14860 +# - CVE-2017-14861 +# - CVE-2017-14862 +# - CVE-2017-14863 +# - CVE-2017-14864 +# - CVE-2017-14865 +# - CVE-2017-14866 +# - CVE-2017-17669 +# - CVE-2017-17722 +# - CVE-2017-17723 +# - CVE-2017-17724 +# - CVE-2017-17725 +# - CVE-2017-18005 +# - CVE-2017-1000126 +# - CVE-2017-1000127 +# - CVE-2017-1000128 +# - CVE-2018-4868 +# - CVE-2018-5772 +# - CVE-2018-8976 +# - CVE-2018-8977 +# - CVE-2018-9145 +# - CVE-2018-10772 +# - CVE-2018-10780 +# - CVE-2018-10958 +# - CVE-2018-10998 +# - CVE-2018-10999 +# - CVE-2018-11037 +# - CVE-2018-11531 +# - CVE-2018-12264 +# - CVE-2018-12265 +# - CVE-2018-14046 +# - CVE-2018-14338 +# - CVE-2018-16336 +# - CVE-2018-17229 +# - CVE-2018-17230 +# - CVE-2018-17282 +# - CVE-2018-17581 +# - CVE-2018-19107 +# - CVE-2018-19108 prepare() { - cd "$builddir" default_prepare - update_config_sub + mkdir build } + build() { - cd "$builddir" - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr + cd "$builddir/build" + cmake -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=/usr/lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo .. make } +check() { + cd "$builddir/build" + make tests +} + package() { - cd "$builddir" + cd "$builddir/build" make DESTDIR="$pkgdir" install } -sha512sums="d1e9cab886e279b045768dd9ec781f07d2d36d573119403d0b76dc571442173aae6972f86ec55c3ea53fb3ee9ca3571eb8fd63a2a6643a970852813e88634a86 exiv2-0.26-trunk.tar.gz -9721d359708c385be7c86a8f8a63de43b05b2578a29b4339861e82873aa81a98a7ee7252847b6c55529341187d40f552c488589b416fd9d1e27418925929c018 0000-pthread-init-fix.patch -485bd340169f69a3ce356e59e9138250cc14592f4477bb73827c799fe465535954469634fc58a1856f690f0e0b4171cba6fdd3391d43c0efc5e89652b93eb3ce 0001-Amend-fix-for-9-to-apply-to-other-Unix-systems.patch -ac145a9b4df21e7f5fdd3099e6ae4c1e12ae2cdccc455d0262c5d38b8e07ce6437036a19264bd04b1cb1fffd01d89672044ca82fddd5e71dcd0d84d48356ab12 CVE-2018-19535.patch" +sha512sums="038b51241f5bfb323eb298695b5397a7d88d5c7d7303828e5e20b3f82c3df2615cee3e7e3426ea17438ca05d5abea10984cfd41f0649ddab72df1d1415bf3529 exiv2-0.27.1-Source.tar.gz" diff --git a/user/exiv2/CVE-2018-19535.patch b/user/exiv2/CVE-2018-19535.patch deleted file mode 100644 index ba9355012..000000000 --- a/user/exiv2/CVE-2018-19535.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 03173751b4d7053d6ddf52a15904e8f751f78f56 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Sun, 2 Sep 2018 14:39:52 +0200 -Subject: [PATCH 2/5] Fix bug in PngChunk::readRawProfile - -- Now it takes into account text.size_ when searching for a newline -char. ---- - src/pngchunk.cpp | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 58281b3ff..755872c94 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -629,11 +629,19 @@ namespace Exiv2 { - - - sp = (char*)text.pData_+1; -+ int pointerPos = 1; - - // Look for newline -- -- while (*sp != '\n') -+ while (*sp != '\n' && pointerPos < (text.size_ - 1)) -+ { - sp++; -+ pointerPos++; -+ } -+ -+ if (pointerPos == (text.size_ - 1)) -+ { -+ return DataBuf(); -+ } - - // Look for length - - -From cf3ba049a2792ec2a4a877e343f5dd9654da53dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Mon, 3 Sep 2018 08:51:08 +0200 -Subject: [PATCH 3/5] Fix more issues in PngChunk::readRawProfile - ---- - src/pngchunk.cpp | 36 +++++++++++++----------- - 1 file changed, 20 insertions(+), 16 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 755872c94..9b3faf1aa 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -606,11 +606,6 @@ namespace Exiv2 { - DataBuf PngChunk::readRawProfile(const DataBuf& text,bool iTXt) - { - DataBuf info; -- register long i; -- register unsigned char *dp; -- const char *sp; -- unsigned int nibbles; -- long length; - unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -@@ -627,8 +622,7 @@ namespace Exiv2 { - return info; - } - -- -- sp = (char*)text.pData_+1; -+ const char *sp = (char*)text.pData_+1; - int pointerPos = 1; - - // Look for newline -@@ -638,20 +632,30 @@ namespace Exiv2 { - pointerPos++; - } - -+ // Look for length -+ while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1)) -+ { -+ sp++; -+ pointerPos++; -+ } -+ - if (pointerPos == (text.size_ - 1)) - { - return DataBuf(); - } - -- // Look for length -+ long length = (long) atol(sp); - -- while (*sp == '\0' || *sp == ' ' || *sp == '\n') -+ while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1)) -+ { - sp++; -+ pointerPos++; -+ } - -- length = (long) atol(sp); -- -- while (*sp != ' ' && *sp != '\n') -- sp++; -+ if (pointerPos == (text.size_ - 1)) -+ { -+ return DataBuf(); -+ } - - // Allocate space - -@@ -674,10 +678,10 @@ namespace Exiv2 { - - // Copy profile, skipping white space and column 1 "=" signs - -- dp = (unsigned char*)info.pData_; -- nibbles = length * 2; -+ unsigned char *dp = (unsigned char*)info.pData_; -+ unsigned int nibbles = length * 2; - -- for (i = 0; i < (long) nibbles; i++) -+ for (long i = 0; i < (long) nibbles; i++) - { - while (*sp < '0' || (*sp > '9' && *sp < 'a') || *sp > 'f') - { - -From 8b480bc5b2cc2abb8cf6fe4e16c24e58916464d2 Mon Sep 17 00:00:00 2001 -From: Robin Mills -Date: Mon, 10 Sep 2018 20:54:53 +0200 -Subject: [PATCH 4/5] Fixes in PngChunk::readRawProfile - ---- - src/pngchunk.cpp | 55 ++++++++++++++++++++++---------------------- - 1 file changed, 27 insertions(+), 28 deletions(-) - -diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp -index 9b3faf1aa..f81b560aa 100644 ---- a/src/pngchunk.cpp -+++ b/src/pngchunk.cpp -@@ -607,11 +607,11 @@ namespace Exiv2 { - { - DataBuf info; - unsigned char unhex[103]={0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -- 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12, -- 13,14,15}; -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -+ 0,0,0,0,0,0,0,0,0,1, 2,3,4,5,6,7,8,9,0,0, -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, -+ 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,10,11,12, -+ 13,14,15}; - if (text.size_ == 0) { - return DataBuf(); - } -@@ -622,52 +622,51 @@ namespace Exiv2 { - return info; - } - -- const char *sp = (char*)text.pData_+1; -- int pointerPos = 1; -+ const char *sp = (char*) text.pData_+1; // current byte (space pointer) -+ const char *eot = (char*) text.pData_+text.size_; // end of text - - // Look for newline -- while (*sp != '\n' && pointerPos < (text.size_ - 1)) -+ while (*sp != '\n' && sp < eot ) - { - sp++; -- pointerPos++; -+ if ( sp == eot ) -+ { -+ return DataBuf(); -+ } - } -+ sp++ ; // step over '\n' - - // Look for length -- while ((*sp == '\0' || *sp == ' ' || *sp == '\n') && pointerPos < (text.size_ - 1)) -+ while ( (*sp == '\0' || *sp == ' ' || *sp == '\n') && sp < eot ) - { - sp++; -- pointerPos++; -- } -- -- if (pointerPos == (text.size_ - 1)) -- { -- return DataBuf(); -+ if (sp == eot ) -+ { -+ return DataBuf(); -+ } - } - -- long length = (long) atol(sp); -- -- while (*sp != ' ' && *sp != '\n' && pointerPos < (text.size_ - 1)) -+ const char* startOfLength = sp; -+ while ( ('0' <= *sp && *sp <= '9') && sp < eot) - { - sp++; -- pointerPos++; -+ if (sp == eot ) -+ { -+ return DataBuf(); -+ } - } -+ sp++ ; // step over '\n' - -- if (pointerPos == (text.size_ - 1)) -- { -- return DataBuf(); -- } -+ long length = (long) atol(startOfLength); - - // Allocate space -- - if (length == 0) - { - #ifdef DEBUG - std::cerr << "Exiv2::PngChunk::readRawProfile: Unable To Copy Raw Profile: invalid profile length\n"; - #endif - } -- - info.alloc(length); -- - if (info.size_ != length) - { - #ifdef DEBUG -@@ -678,7 +677,7 @@ namespace Exiv2 { - - // Copy profile, skipping white space and column 1 "=" signs - -- unsigned char *dp = (unsigned char*)info.pData_; -+ unsigned char *dp = (unsigned char*)info.pData_; // decode pointer - unsigned int nibbles = length * 2; - - for (long i = 0; i < (long) nibbles; i++) - -- cgit v1.2.3-70-g09d2