From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C8669138334 for ; Mon, 29 Oct 2018 10:14:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8138DE08B1; Mon, 29 Oct 2018 10:14:47 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4015FE08B1 for ; Mon, 29 Oct 2018 10:14:47 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A50DC335C7D for ; Mon, 29 Oct 2018 10:14:44 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 022C144C for ; Mon, 29 Oct 2018 10:14:43 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1540808064.8c24aae658082194548daf5a845dc996fab7f9f0.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/exiv2/, media-gfx/exiv2/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-gfx/exiv2/Manifest media-gfx/exiv2/exiv2-0.26_p20180319.ebuild media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch X-VCS-Directories: media-gfx/exiv2/ media-gfx/exiv2/files/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: 8c24aae658082194548daf5a845dc996fab7f9f0 X-VCS-Branch: master Date: Mon, 29 Oct 2018 10:14:43 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 8b1277df-8ee0-4196-80ac-d3a2cbe111d9 X-Archives-Hash: 60d3c18d2360bf61b122f37f6dc880cc commit: 8c24aae658082194548daf5a845dc996fab7f9f0 Author: Andreas Sturmlechner gentoo org> AuthorDate: Mon Oct 29 10:06:45 2018 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Mon Oct 29 10:14:24 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c24aae6 media-gfx/exiv2: Security cleanup Bug: https://bugs.gentoo.org/658236 Signed-off-by: Andreas Sturmlechner gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ------ .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 --------------------- .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 -- .../files/exiv2-0.26_p20180319-clang-fix.patch | 47 -- 5 files changed, 707 deletions(-) diff --git a/media-gfx/exiv2/Manifest b/media-gfx/exiv2/Manifest index 1cdcc30af60..017a87d6e8b 100644 --- a/media-gfx/exiv2/Manifest +++ b/media-gfx/exiv2/Manifest @@ -1,2 +1 @@ -DIST exiv2-0.26_p20180319.tar.gz 28383543 BLAKE2B 753a2ebdb2033490c0f66cb1fb2574f02125f17813f6cbaf5eca66e053af9a2cdbc1266f0a033f0706ec22b31acd6e87271e426a335a58ee947757b52d283489 SHA512 852ce2cffcc0a2d902a939933127fdf5fa0b50020e1faf3ab0a375b129b9f61c7b97b76d4f39e376e7288d7cc045867bd1a96ae15dd0b7c0bcd1ba15259628e1 DIST exiv2-0.26_p20180811d.tar.xz 1722216 BLAKE2B 9e1c8307eb923c340894c82c37e9f6c31d82ff1b1de3c79d4ec9b0ec9428ad1d05f945e9a4e440028335857e7fc32d50cdc5245842d743e017037bd641b654db SHA512 5453650888440028acb139a02b387eab0232551c97256ce88dd626fa4cc8800ec02ad66e093c314bbfdc60726995b6c8482572d1ffaec73a265209c98c901780 diff --git a/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild b/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild deleted file mode 100644 index eb2572dfcf3..00000000000 --- a/media-gfx/exiv2/exiv2-0.26_p20180319.ebuild +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) -if [[ ${PV} = *9999 ]]; then - EGIT_REPO_URI="https://github.com/Exiv2/exiv2.git" - EGIT_BRANCH="0.26" - GIT_ECLASS=git-r3 -else - COMMIT=876b1314ab892cbfa6672b6b94adbeb90db4211f - SRC_URI="https://github.com/Exiv2/${PN}/tarball/${COMMIT} -> ${P}.tar.gz" - KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris" -fi -inherit cmake-multilib python-any-r1 - -DESCRIPTION="EXIF, IPTC and XMP metadata C++ library and command line utility" -HOMEPAGE="http://www.exiv2.org/" - -LICENSE="GPL-2" -SLOT="0/26" -IUSE="doc examples nls png webready xmp" - -RDEPEND=" - >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}] - nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) - png? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - webready? ( - net-libs/libssh[${MULTILIB_USEDEP}] - net-misc/curl[${MULTILIB_USEDEP}] - ) - xmp? ( >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND} - doc? ( - ${PYTHON_DEPS} - app-doc/doxygen - dev-libs/libxslt - media-gfx/graphviz - virtual/pkgconfig - ) - nls? ( sys-devel/gettext ) -" - -DOCS=( README doc/ChangeLog doc/cmd.txt ) - -S="${WORKDIR}/${PN^}-${PN}-${COMMIT:0:7}" - -PATCHES=( - # 0.26 branch - "${FILESDIR}"/${P}-CVE-2018-4868.patch - "${FILESDIR}"/${P}-CVE-2017-18005.patch - "${FILESDIR}"/${P}-clang-fix.patch - # TODO: Take to upstream - "${FILESDIR}"/${PN}-0.26-fix-docs.patch - "${FILESDIR}"/${PN}-0.26-tools-optional.patch -) - -pkg_setup() { - use doc && python-any-r1_pkg_setup -} - -src_prepare() { - if [[ ${PV} != *9999 ]] ; then - if [[ -d po ]] ; then - pushd po > /dev/null || die - local lang - for lang in *.po; do - if [[ -e ${lang} ]] \ - && ! has ${lang/.po/} ${LINGUAS-${lang/.po/}} ; then - case ${lang} in - CMakeLists.txt | \ - ${PN}.pot) ;; - *) rm -r ${lang} || die ;; - esac - fi - done - popd > /dev/null || die - else - die "Failed to prepare LINGUAS - po directory moved?" - fi - fi - - # FIXME @upstream: - einfo "Converting doc/cmd.txt to UTF-8" - iconv -f LATIN1 -t UTF-8 doc/cmd.txt > doc/cmd.txt.tmp || die - mv -f doc/cmd.txt.tmp doc/cmd.txt || die - - if use doc; then - einfo "Updating doxygen config" - doxygen &>/dev/null -u config/Doxyfile || die - fi - - edos2unix samples/exiv2json.cpp # workaround for CVE-2017-18005 patch - - cmake-utils_src_prepare -} - -multilib_src_configure() { - local mycmakeargs=( - -DEXIV2_ENABLE_BUILD_SAMPLES=NO - -DEXIV2_ENABLE_BUILD_PO=$(usex nls) - -DEXIV2_ENABLE_NLS=$(usex nls) - -DEXIV2_ENABLE_PNG=$(usex png) - -DEXIV2_ENABLE_CURL=$(usex webready) - -DEXIV2_ENABLE_SSH=$(usex webready) - -DEXIV2_ENABLE_WEBREADY=$(usex webready) - -DEXIV2_ENABLE_XMP=$(usex xmp) - -DEXIV2_ENABLE_LIBXMP=NO - $(multilib_is_native_abi || echo -DEXIV2_ENABLE_TOOLS=NO) - ) - - cmake-utils_src_configure -} - -multilib_src_compile() { - cmake-utils_src_compile - - if multilib_is_native_abi; then - use doc && emake -j1 doc - fi -} - -multilib_src_install_all() { - use xmp && DOCS+=( doc/{COPYING-XMPSDK,README-XMP,cmdxmp.txt} ) - use doc && HTML_DOCS=( "${S}"/doc/html/. ) - - einstalldocs - find "${D}" -name '*.la' -delete || die - - if use examples; then - docinto examples - dodoc samples/*.cpp - fi -} diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch deleted file mode 100644 index d74ca59e3c0..00000000000 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2017-18005.patch +++ /dev/null @@ -1,484 +0,0 @@ -From 8e31dd8c14fdc83f387f35dda7b1b70fbdbd70db Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Tue, 19 Dec 2017 19:52:41 +0100 -Subject: [PATCH 3/8] Only print items (Params::prValue) when size > 0 - ---- - src/actions.cpp | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/actions.cpp b/src/actions.cpp -index 9f850097..3963cb67 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -713,8 +713,9 @@ namespace Action { - << std::setfill(' ') << std::right - << md.size(); - } -- if (Params::instance().printItems_ & Params::prValue) { -- if (!first) std::cout << " "; -+ if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { -+ if (!first) -+ std::cout << " "; - first = false; - if ( Params::instance().binary_ - && ( md.typeId() == Exiv2::undefined --- -2.17.0 - - -From 463485e5c1cc716108880f75b9c573715bf402b1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Tue, 19 Dec 2017 19:54:17 +0100 -Subject: [PATCH 4/8] Move condition in if statement to discard work earlier - ---- - src/actions.cpp | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/actions.cpp b/src/actions.cpp -index 3963cb67..f51cb488 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -717,11 +717,10 @@ namespace Action { - if (!first) - std::cout << " "; - first = false; -- if ( Params::instance().binary_ -- && ( md.typeId() == Exiv2::undefined -+ if (md.size() > 128 && Params::instance().binary_ && ( -+ md.typeId() == Exiv2::undefined - || md.typeId() == Exiv2::unsignedByte -- || md.typeId() == Exiv2::signedByte) -- && md.size() > 128) { -+ || md.typeId() == Exiv2::signedByte)) { - std::cout << _("(Binary value suppressed)") << std::endl; - return true; - } --- -2.17.0 - - -From 7fe7501c01e5d1eec16a736062dd0c34d6408833 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Tue, 19 Dec 2017 19:55:50 +0100 -Subject: [PATCH 5/8] Apply clang-format to Print::printMetadatum - ---- - src/actions.cpp | 110 ++++++++++++++++++++++++------------------------ - 1 file changed, 55 insertions(+), 55 deletions(-) - -diff --git a/src/actions.cpp b/src/actions.cpp -index f51cb488..b31d6ec6 100644 ---- a/src/actions.cpp -+++ b/src/actions.cpp -@@ -636,91 +636,90 @@ namespace Action { - - bool Print::printMetadatum(const Exiv2::Metadatum& md, const Exiv2::Image* pImage) - { -- if (!grepTag(md.key())) return false; -- if (!keyTag (md.key())) return false; -+ if (!grepTag(md.key())) -+ return false; -+ if (!keyTag(md.key())) -+ return false; - -- if ( Params::instance().unknown_ -- && md.tagName().substr(0, 2) == "0x") { -+ if (Params::instance().unknown_ && md.tagName().substr(0, 2) == "0x") { - return false; - } -+ - bool const manyFiles = Params::instance().files_.size() > 1; - if (manyFiles) { -- std::cout << std::setfill(' ') << std::left << std::setw(20) -- << path_ << " "; -+ std::cout << std::setfill(' ') << std::left << std::setw(20) << path_ << " "; - } -+ - bool first = true; - if (Params::instance().printItems_ & Params::prTag) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << "0x" << std::setw(4) << std::setfill('0') -- << std::right << std::hex -- << md.tag(); -+ std::cout << "0x" << std::setw(4) << std::setfill('0') << std::right << std::hex << md.tag(); - } - if (Params::instance().printItems_ & Params::prSet) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << "set" ; -+ std::cout << "set"; - } - if (Params::instance().printItems_ & Params::prGroup) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::setw(12) << std::setfill(' ') << std::left -- << md.groupName(); -+ std::cout << std::setw(12) << std::setfill(' ') << std::left << md.groupName(); - } - if (Params::instance().printItems_ & Params::prKey) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::setfill(' ') << std::left << std::setw(44) -- << md.key(); -+ std::cout << std::setfill(' ') << std::left << std::setw(44) << md.key(); - } - if (Params::instance().printItems_ & Params::prName) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::setw(27) << std::setfill(' ') << std::left -- << md.tagName(); -+ std::cout << std::setw(27) << std::setfill(' ') << std::left << md.tagName(); - } - if (Params::instance().printItems_ & Params::prLabel) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::setw(30) << std::setfill(' ') << std::left -- << md.tagLabel(); -+ std::cout << std::setw(30) << std::setfill(' ') << std::left << md.tagLabel(); - } - if (Params::instance().printItems_ & Params::prType) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; - std::cout << std::setw(9) << std::setfill(' ') << std::left; - const char* tn = md.typeName(); - if (tn) { - std::cout << tn; -- } -- else { -+ } else { - std::ostringstream os; - os << "0x" << std::setw(4) << std::setfill('0') << std::hex << md.typeId(); - std::cout << os.str(); - } - } - if (Params::instance().printItems_ & Params::prCount) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::dec << std::setw(3) -- << std::setfill(' ') << std::right -- << md.count(); -+ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.count(); - } - if (Params::instance().printItems_ & Params::prSize) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- std::cout << std::dec << std::setw(3) -- << std::setfill(' ') << std::right -- << md.size(); -+ std::cout << std::dec << std::setw(3) << std::setfill(' ') << std::right << md.size(); - } - if (Params::instance().printItems_ & Params::prValue && md.size() > 0) { - if (!first) - std::cout << " "; - first = false; -- if (md.size() > 128 && Params::instance().binary_ && ( -- md.typeId() == Exiv2::undefined -- || md.typeId() == Exiv2::unsignedByte -- || md.typeId() == Exiv2::signedByte)) { -+ if (md.size() > 128 && Params::instance().binary_ && -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || -+ md.typeId() == Exiv2::signedByte)) { - std::cout << _("(Binary value suppressed)") << std::endl; - return true; - } -@@ -738,22 +737,22 @@ namespace Action { - } - if (!done) { - // #1114 - show negative values for SByte -- if (md.typeId() != Exiv2::signedByte){ -+ if (md.typeId() != Exiv2::signedByte) { - std::cout << std::dec << md.value(); - } else { - int value = md.value().toLong(); -- std::cout << std::dec << (value<128?value:value-256); -+ std::cout << std::dec << (value < 128 ? value : value - 256); - } - } - } - if (Params::instance().printItems_ & Params::prTrans) { -- if (!first) std::cout << " "; -+ if (!first) -+ std::cout << " "; - first = false; -- if ( Params::instance().binary_ -- && ( md.typeId() == Exiv2::undefined -- || md.typeId() == Exiv2::unsignedByte -- || md.typeId() == Exiv2::signedByte) -- && md.size() > 128) { -+ if (Params::instance().binary_ && -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || -+ md.typeId() == Exiv2::signedByte) && -+ md.size() > 128) { - std::cout << _("(Binary value suppressed)") << std::endl; - return true; - } -@@ -765,16 +764,17 @@ namespace Action { - done = true; - } - } -- if (!done) std::cout << std::dec << md.print(&pImage->exifData()); -+ if (!done) -+ std::cout << std::dec << md.print(&pImage->exifData()); - } - if (Params::instance().printItems_ & Params::prHex) { -- if (!first) std::cout << std::endl; -+ if (!first) -+ std::cout << std::endl; - first = false; -- if ( Params::instance().binary_ -- && ( md.typeId() == Exiv2::undefined -- || md.typeId() == Exiv2::unsignedByte -- || md.typeId() == Exiv2::signedByte) -- && md.size() > 128) { -+ if (Params::instance().binary_ && -+ (md.typeId() == Exiv2::undefined || md.typeId() == Exiv2::unsignedByte || -+ md.typeId() == Exiv2::signedByte) && -+ md.size() > 128) { - std::cout << _("(Binary value suppressed)") << std::endl; - return true; - } -@@ -784,7 +784,7 @@ namespace Action { - } - std::cout << std::endl; - return true; -- } // Print::printMetadatum -+ } // Print::printMetadatum - - int Print::printComment() - { --- -2.17.0 - - -From 78ddc7a92afaaf58b78d5c49b5c2ad7b60a4e25f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= -Date: Thu, 21 Dec 2017 16:39:43 +0100 -Subject: [PATCH 6/8] Do not deference value when it does not exist (Thanks - D4N) - ---- - samples/exiv2json.cpp | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/samples/exiv2json.cpp b/samples/exiv2json.cpp -index 505268d9..a81268f0 100644 ---- a/samples/exiv2json.cpp -+++ b/samples/exiv2json.cpp -@@ -148,6 +148,11 @@ bool isArray(std::string& value) - template - void push(Jzon::Node& node,const std::string& key,T i) - { -+#define ABORT_IF_I_EMTPY \ -+ if (i->value().size() == 0) { \ -+ return; \ -+ } -+ - std::string value = i->value().toString(); - - switch ( i->typeId() ) { -@@ -179,6 +184,7 @@ void push(Jzon::Node& node,const std::string& key,T i) - - case Exiv2::unsignedRational: - case Exiv2::signedRational: { -+ ABORT_IF_I_EMTPY - Jzon::Array arr; - Exiv2::Rational rat = i->value().toRational(); - arr.Add(rat.first ); -@@ -187,6 +193,7 @@ void push(Jzon::Node& node,const std::string& key,T i) - } break; - - case Exiv2::langAlt: { -+ ABORT_IF_I_EMTPY - Jzon::Object l ; - const Exiv2::LangAltValue& langs = dynamic_cast(i->value()); - for ( Exiv2::LangAltValue::ValueType::const_iterator lang = langs.value_.begin() --- -2.17.0 - - -From 871e6e3ced1cdec7e43bf8cb94e269a7f5c09d92 Mon Sep 17 00:00:00 2001 -From: Robin Mills -Date: Thu, 15 Mar 2018 10:43:18 +0000 -Subject: [PATCH 8/8] Fix for getopt(), #199. Use src/getopt_win32 code instead - of libc/getopt() - ---- - config/config.mk.in | 2 +- - src/CMakeLists.txt | 6 ++---- - src/Makefile | 13 +++++-------- - src/getopt_win32.c | 9 +++++++++ - src/getopt_win32.h | 7 +++++++ - src/utils.cpp | 9 +++------ - 6 files changed, 27 insertions(+), 19 deletions(-) - -diff --git a/config/config.mk.in b/config/config.mk.in -index 8d920647..4754c722 100644 ---- a/config/config.mk.in -+++ b/config/config.mk.in -@@ -165,7 +165,7 @@ endif - # ********************************************************************** - # Compilation shortcuts - COMPILE.cc = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c --COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c -+COMPILE.c = $(CC) $(CFLAGS) -c - # LINK.cc does not need $(LIBS), libtool's dark magic takes care of that - # when linking a binary with a libtool library. - LINK.cc = $(CXX) $(LDFLAGS) -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index d4dc6375..dceee236 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -218,10 +218,8 @@ IF(NOT HAVE_TIMEGM ) - SET( PATHTEST_SRC ${PATHTEST_SRC} localtime.c ) - ENDIF( NOT HAVE_TIMEGM ) - --IF( MSVC ) -- SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) -- SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) --ENDIF( MSVC ) -+SET( EXIV2_SRC ${EXIV2_SRC} getopt_win32.c ) -+SET( LIBEXIV2_SRC ${LIBEXIV2_SRC} getopt_win32.c ) - - ## - # msvn tuning -diff --git a/src/Makefile b/src/Makefile -index 8a8366fe..d046e331 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -131,8 +131,7 @@ CCSRC += asfvideo.cpp \ - utilsvideo.cpp - endif - --# Add library C source files to this list --EXIVCSRC = -+# C source files - ifndef HAVE_TIMEGM - CSRC = localtime.c - endif -@@ -141,9 +140,7 @@ endif - EXIV2MAIN = exiv2.cpp - EXIV2SRC = actions.cpp \ - utils.cpp -- --# C source files for the Exiv2 application --EXIVCSRC = -+EXIVCSRC = getopt_win32.c - - # ****************************************************************************** - # Library -@@ -176,7 +173,7 @@ OBJ = $(CCOBJ) $(COBJ) - LOBJ = $(CCLOBJ) $(CLOBJ) - - EXIV2OBJ = $(EXIV2MAIN:.cpp=.o) $(EXIV2SRC:.cpp=.o) --EXIV2COBJ = $(EXIVCSRC:.c=.o) -+EXIVCOBJ = $(EXIVCSRC:.c=.o) - EXIV2EXE = $(EXIV2MAIN:.cpp=$(EXEEXT)) - - ifdef DEP_TRACKING -@@ -251,9 +248,9 @@ lib: $(OBJ) - $(BINARY): %: %.o lib - @$(LIBTOOL) --mode=link $(LINK.cc) -o $@ $(LIBRARY) $@.o -rpath $(libdir) - --$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIV2COBJ) -+$(EXIV2EXE): lib $(EXIV2OBJ) $(EXIVCOBJ) - mkdir -pv ../bin 2>&1 > /dev/null -- @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIV2COBJ) -rpath $(libdir) -+ @$(LIBTOOL) --mode=link $(LINK.cc) -o ../bin/$@ $(LIBRARY) $(EXIV2OBJ) $(EXIVCOBJ) -rpath $(libdir) - - install-header: - $(INSTALL_DIRS) $(DESTDIR)$(incdir) -diff --git a/src/getopt_win32.c b/src/getopt_win32.c -index fca29924..18dfcfbf 100644 ---- a/src/getopt_win32.c -+++ b/src/getopt_win32.c -@@ -194,6 +194,10 @@ permute_args(panonopt_start, panonopt_end, opt_end, nargv) - } - } - -+#ifdef __GETOPT_DEFINE_ARGV__ -+char * const *__argv; -+#endif -+ - /* - * getopt_internal -- - * Parse argc/argv argument vector. Called by user level routines. -@@ -205,6 +209,11 @@ getopt_internal(nargc, nargv, options) - char * const *nargv; - const char *options; - { -+ -+#ifdef __GETOPT_DEFINE_ARGV__ -+ __argv=nargv; -+#endif -+ - char *oli; /* option letter list index */ - int optchar; - -diff --git a/src/getopt_win32.h b/src/getopt_win32.h -index 6b6f643b..cd5760a3 100644 ---- a/src/getopt_win32.h -+++ b/src/getopt_win32.h -@@ -38,6 +38,13 @@ - extern "C" { - #endif - -+#if !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__MINGW__) && !defined(_MSC_VER) -+// the symbol __argv (and __argc and __progname and __env) are defined in Windows environments -+// for *ix environments, __argv is declared here, defined: getopt_win32.c, init'd: getopt_internal() -+#define __GETOPT_DEFINE_ARGV__ -+extern char * const *__argv; -+#endif -+ - extern int opterr; /* if error message should be printed */ - extern int optind; /* index into parent argv vector */ - extern int optopt; /* character checked for validity */ -diff --git a/src/utils.cpp b/src/utils.cpp -index a3d36497..2a092330 100644 ---- a/src/utils.cpp -+++ b/src/utils.cpp -@@ -32,18 +32,15 @@ EXIV2_RCSID("@(#) $Id$") - #include "config.h" - - #include "utils.hpp" -- --// + standard includes --#if defined(_MSC_VER) || defined(__MINGW__) --# include "getopt_win32.h" --#endif -+#include "getopt_win32.h" - - #if defined(_MSC_VER) - # define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) - #endif - -+// + standard includes - #ifdef EXV_HAVE_UNISTD_H --# include // for getopt(), stat() -+# include // for stat() - #endif - - #include --- -2.17.0 - diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch deleted file mode 100644 index a594a2bfad1..00000000000 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-CVE-2018-4868.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ce4f575e106697c0e513091e95a7cd12ed6a488b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Tue, 9 Jan 2018 21:18:36 +0100 -Subject: [PATCH 1/8] Add check for DataBuf.size_ in Jp2Image::readMetadata() - -When parsing a subBox that is a ColorHeader, a length is extracted -from the input file and fed directly into DataBuf() (which calls -malloc). A crafted input file can provide arbitrarily (up to -max(uint32_t)-8) large values and result in excessive memory -allocation. - -This commit adds a check for the new size of DataBuf so that it is not -larger than the remaining size of the file. - -This fixes #202 aka CVE-2018-4868 ---- - src/jp2image.cpp | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/jp2image.cpp b/src/jp2image.cpp -index a308bfd9..3cebc2a8 100644 ---- a/src/jp2image.cpp -+++ b/src/jp2image.cpp -@@ -272,7 +272,12 @@ namespace Exiv2 - #endif - - const long pad = 3 ; // 3 padding bytes 2 0 0 -- DataBuf data(Safe::add(subBox.length, static_cast(8))); -+ const size_t data_length = Safe::add(subBox.length, static_cast(8)); -+ // data_length makes no sense if it is larger than the rest of the file -+ if (data_length > io_->size() - io_->tell()) { -+ throw Error(58); -+ } -+ DataBuf data(data_length); - io_->read(data.pData_,data.size_); - const long iccLength = getULong(data.pData_+pad, bigEndian); - // subtracting pad from data.size_ is safe: --- -2.17.0 diff --git a/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch b/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch deleted file mode 100644 index a80543a5ecd..00000000000 --- a/media-gfx/exiv2/files/exiv2-0.26_p20180319-clang-fix.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 176ba44cc31064183fdfbce55a7dd7e6b5e2a962 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Fri, 8 Jun 2018 23:46:04 +0200 -Subject: [PATCH] Fix C & C++ flag adding in CMakeLists.txt - ---- - CMakeLists.txt | 22 ++++++++++++---------- - 1 file changed, 12 insertions(+), 10 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2e179bf5..98a172ed 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -74,21 +74,23 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/config/") - - if( MINGW OR UNIX ) - if (${CMAKE_CXX_COMPILER_ID} STREQUAL GNU) -- ADD_DEFINITIONS(-Wall -- -Wcast-align -- -Wpointer-arith -- -Wformat-security -- -Wmissing-format-attribute -- -Woverloaded-virtual -- -W -- ) -+ string(CONCAT WARNING_FLAGS " -Wall" -+ " -Wcast-align" -+ " -Wpointer-arith" -+ " -Wformat-security" -+ " -Wmissing-format-attribute" -+ " -Woverloaded-virtual" -+ " -W" -+ ) -+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${WARNING_FLAGS}") -+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WARNING_FLAGS}") - ENDIF() - - message(STATUS "Compiler info: ${CMAKE_CXX_COMPILER_ID} (${CMAKE_CXX_COMPILER}) ; version: ${CMAKE_CXX_COMPILER_VERSION}") - IF ( CYGWIN OR (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 5.0)) -- ADD_DEFINITIONS( -std=gnu++98 ) # to support snprintf -+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=gnu++98" ) # to support snprintf - ELSE() -- ADD_DEFINITIONS( -std=c++98 ) -+ set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++98" ) - ENDIF() - - ENDIF( MINGW OR UNIX ) \ No newline at end of file