CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

exiv2: Upgrade to 0.27.6

Browse Source 
Drop backported patches

Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Khem Raj 2023-01-17 11:27:49 -08:00
parent e4a2dfb8d9
commit 00a7d4b284
10 changed files with 19 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
meta-oe/recipes-support/exiv2/exiv2/0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch
View File

@ -1,40 +0,0 @@
From 04d5f4805a86302a0e135a28d58a6c1ff6a68d52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
Date: Thu, 30 Jul 2020 23:03:51 +0200
Subject: [PATCH] Use compiler -fcf-protection only if compiler/arch supports
it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There have been some PRs they were either rejected or some general suggestion
for more flags suggested. So
Upstream-Status: Pending
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
cmake/compilerFlags.cmake | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/cmake/compilerFlags.cmake b/cmake/compilerFlags.cmake
index 12caf42..455525e 100644
--- a/cmake/compilerFlags.cmake
+++ b/cmake/compilerFlags.cmake
@@ -26,7 +26,12 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
# This fails under Fedora, MinGW GCC 8.3.0 and CYGWIN/MSYS 9.3.0
if (NOT (MINGW OR CMAKE_HOST_SOLARIS OR CYGWIN OR MSYS) )
if (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0)
- add_compile_options(-fstack-clash-protection -fcf-protection)
+ # Gcc does support -fcf-protection on few arches only
+ CHECK_CXX_COMPILER_FLAG(-fcf-protection COMPILER_SUPPORTS_FCF_PROTECTION)
+ if (COMPILER_SUPPORTS_FCF_PROTECTION)
+ add_compile_options(-fcf-protection)
+ endif()
+ add_compile_options(-fstack-clash-protection)
endif()
if( (COMPILER_IS_GCC AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) # Not in GCC 4.8
--
2.21.3

26
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch
View File

@ -1,26 +0,0 @@
From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
From: Pydera <pydera@mailbox.org>
Date: Thu, 8 Apr 2021 17:36:16 +0200
Subject: [PATCH] Fix out of buffer access in #1529
---
src/jp2image.cpp | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 88ab9b2d6..12025f966 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
#endif
box.length = (uint32_t) (io_->size() - io_->tell() + 8);
}
- if (box.length == 1)
+ if (box.length < 8)
{
- // FIXME. Special case. the real box size is given in another place.
+ // box is broken, so there is nothing we can do here
+ throw Error(kerCorruptedMetadata);
}
// Read whole box : Box header + Box data (not fixed size - can be null).

37
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch
View File

@ -1,37 +0,0 @@
From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 9 Apr 2021 13:37:48 +0100
Subject: [PATCH] Fix integer overflow.
---
src/crwimage_int.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index aefaf22..2e3e507 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -559,7 +559,7 @@ namespace Exiv2 {
void CiffComponent::setValue(DataBuf buf)
{
if (isAllocated_) {
- delete pData_;
+ delete[] pData_;
pData_ = 0;
size_ = 0;
}
@@ -1167,7 +1167,11 @@ namespace Exiv2 {
pCrwMapping->crwDir_);
if (edX != edEnd || edY != edEnd || edO != edEnd) {
uint32_t size = 28;
- if (cc && cc->size() > size) size = cc->size();
+ if (cc) {
+ if (cc->size() < size)
+ throw Error(kerCorruptedMetadata);
+ size = cc->size();
+ }
DataBuf buf(size);
std::memset(buf.pData_, 0x0, buf.size_);
if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
--
2.25.1

120
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29463.patch
View File

@ -1,120 +0,0 @@
From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 19 Apr 2021 18:06:00 +0100
Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
---
src/webpimage.cpp | 41 ++++++++++++++++++++++++++++++-----------
1 file changed, 30 insertions(+), 11 deletions(-)
diff --git a/src/webpimage.cpp b/src/webpimage.cpp
index 4ddec544c..fee110bca 100644
--- a/src/webpimage.cpp
+++ b/src/webpimage.cpp
@@ -145,7 +145,7 @@ namespace Exiv2 {
DataBuf chunkId(WEBP_TAG_SIZE+1);
chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
- io_->read(data, WEBP_TAG_SIZE * 3);
+ readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata);
uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
/* Set up header */
@@ -185,13 +185,20 @@ namespace Exiv2 {
case we have any exif or xmp data, also check
for any chunks with alpha frame/layer set */
while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
- io_->read(chunkId.pData_, WEBP_TAG_SIZE);
- io_->read(size_buff, WEBP_TAG_SIZE);
- long size = Exiv2::getULong(size_buff, littleEndian);
+ readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
+ readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
+
+ // Check that `size_u32` is safe to cast to `long`.
+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
+ Exiv2::kerCorruptedMetadata);
+ const long size = static_cast<long>(size_u32);
DataBuf payload(size);
- io_->read(payload.pData_, payload.size_);
- byte c;
- if ( payload.size_ % 2 ) io_->read(&c,1);
+ readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
+ if ( payload.size_ % 2 ) {
+ byte c;
+ readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
+ }
/* Chunk with information about features
used in the file. */
@@ -199,6 +206,7 @@ namespace Exiv2 {
has_vp8x = true;
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[WEBP_TAG_SIZE];
@@ -227,6 +235,7 @@ namespace Exiv2 {
}
#endif
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[2];
@@ -244,11 +253,13 @@ namespace Exiv2 {
/* Chunk with with lossless image data. */
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
has_alpha = true;
}
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf_w[2];
byte size_buf_h[3];
@@ -276,11 +287,13 @@ namespace Exiv2 {
/* Chunk with animation frame. */
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
+ enforce(size >= 6, Exiv2::kerCorruptedMetadata);
if ((payload.pData_[5] & 0x2) == 0x2) {
has_alpha = true;
}
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
+ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[WEBP_TAG_SIZE];
@@ -309,16 +322,22 @@ namespace Exiv2 {
io_->seek(12, BasicIo::beg);
while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
- io_->read(chunkId.pData_, 4);
- io_->read(size_buff, 4);
+ readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
+ readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
+
+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
- long size = Exiv2::getULong(size_buff, littleEndian);
+ // Check that `size_u32` is safe to cast to `long`.
+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
+ Exiv2::kerCorruptedMetadata);
+ const long size = static_cast<long>(size_u32);
DataBuf payload(size);
- io_->read(payload.pData_, size);
+ readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
+ enforce(size >= 1, Exiv2::kerCorruptedMetadata);
if (has_icc){
payload.pData_[0] |= WEBP_VP8X_ICC_BIT;
} else {

72
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29464.patch
View File

@ -1,72 +0,0 @@
From 61734d8842cb9cc59437463e3bac54d6231d9487 Mon Sep 17 00:00:00 2001
From: Wang Mingyu <wangmy@fujitsu.com>
Date: Tue, 18 May 2021 10:52:54 +0900
Subject: [PATCH] modify
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
src/jp2image.cpp | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 52723a4..0ac4f50 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -643,11 +643,11 @@ static void boxes_check(size_t b,size_t m)
void Jp2Image::encodeJp2Header(const DataBuf& boxBuf,DataBuf& outBuf)
{
DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
- int outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
- int inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
+ long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
+ long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
- int32_t length = getLong((byte*)&pBox->length, bigEndian);
- int32_t count = sizeof (Jp2BoxHeader);
+ uint32_t length = getLong((byte*)&pBox->length, bigEndian);
+ uint32_t count = sizeof (Jp2BoxHeader);
char* p = (char*) boxBuf.pData_;
bool bWroteColor = false ;
@@ -664,6 +664,7 @@ static void boxes_check(size_t b,size_t m)
#ifdef EXIV2_DEBUG_MESSAGES
std::cout << "Jp2Image::encodeJp2Header subbox: "<< toAscii(subBox.type) << " length = " << subBox.length << std::endl;
#endif
+ enforce(subBox.length <= length - count, Exiv2::kerCorruptedMetadata);
count += subBox.length;
newBox.type = subBox.type;
} else {
@@ -672,12 +673,13 @@ static void boxes_check(size_t b,size_t m)
count = length;
}
- int32_t newlen = subBox.length;
+ uint32_t newlen = subBox.length;
if ( newBox.type == kJp2BoxTypeColorHeader ) {
bWroteColor = true ;
if ( ! iccProfileDefined() ) {
const char* pad = "\x01\x00\x00\x00\x00\x00\x10\x00\x00\x05\x1cuuid";
uint32_t psize = 15;
+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
ul2Data((byte*)&newBox.length,psize ,bigEndian);
ul2Data((byte*)&newBox.type ,newBox.type,bigEndian);
::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox));
@@ -686,6 +688,7 @@ static void boxes_check(size_t b,size_t m)
} else {
const char* pad = "\0x02\x00\x00";
uint32_t psize = 3;
+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
ul2Data((byte*)&newBox.length,psize+iccProfile_.size_,bigEndian);
ul2Data((byte*)&newBox.type,newBox.type,bigEndian);
::memcpy(output.pData_+outlen ,&newBox ,sizeof(newBox) );
@@ -694,6 +697,7 @@ static void boxes_check(size_t b,size_t m)
newlen = psize + iccProfile_.size_;
}
} else {
+ enforce(newlen <= output.size_ - outlen, Exiv2::kerCorruptedMetadata);
::memcpy(output.pData_+outlen,boxBuf.pData_+inlen,subBox.length);
}
--
2.25.1

32
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch
View File

@ -1,32 +0,0 @@
From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 21 Apr 2021 12:06:04 +0100
Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header
---
src/jp2image.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index b424225..349a9f0 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
+ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
uint32_t length = getLong((byte*)&pBox->length, bigEndian);
+ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
uint32_t count = sizeof (Jp2BoxHeader);
char* p = (char*) boxBuf.pData_;
bool bWroteColor = false ;
while ( count < length || !bWroteColor ) {
+ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
// copy data. pointer could be into a memory mapped file which we will decode!
--
2.25.1

21
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29473.patch
View File

@ -1,21 +0,0 @@
From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 23 Apr 2021 11:44:44 +0100
Subject: [PATCH] Add bounds check in Jp2Image::doWriteMetadata().
---
src/jp2image.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 1694fed27..ca8c9ddbb 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
case kJp2BoxTypeUuid:
{
+ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
{
#ifdef EXIV2_DEBUG_MESSAGES

54
meta-oe/recipes-support/exiv2/exiv2/CVE-2021-3482.patch
View File

@ -1,54 +0,0 @@
From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
From: Robin Mills <robin@clanmills.com>
Date: Mon, 5 Apr 2021 20:33:25 +0100
Subject: [PATCH] fix_1522_jp2image_exif_asan
---
src/jp2image.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index eb31cea4a..88ab9b2d6 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -28,6 +28,7 @@
#include "image.hpp"
#include "image_int.hpp"
#include "basicio.hpp"
+#include "enforce.hpp"
#include "error.hpp"
#include "futils.hpp"
#include "types.hpp"
@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
if (io_->error()) throw Error(kerFailedToReadImageData);
if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
- if (rawData.size_ > 0)
+ if (rawData.size_ > 8) // "II*\0long"
{
// Find the position of Exif header in bytes array.
long pos = ( (rawData.pData_[0] == rawData.pData_[1])
@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
position = io_->tell();
box.length = getLong((byte*)&box.length, bigEndian);
box.type = getLong((byte*)&box.type, bigEndian);
+ enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
if (bPrint) {
out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)),
@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
throw Error(kerInputDataReadFailed);
if (bPrint) {
- out << Internal::binaryToString(makeSlice(rawData, 0, 40));
+ out << Internal::binaryToString(
+ makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
out.flush();
}
lf(out, bLF);
- if (bIsExif && bRecursive && rawData.size_ > 0) {
+ if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
if ((rawData.pData_[0] == rawData.pData_[1]) &&
(rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));

30
meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
View File

@ -1,30 +0,0 @@
SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
DEPENDS = "zlib expat"
SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
inherit dos2unix
SRC_URI += "file://0001-Use-compiler-fcf-protection-only-if-compiler-arch-su.patch \
file://CVE-2021-29457.patch \
file://CVE-2021-29458.patch \
file://CVE-2021-29463.patch \
file://CVE-2021-29464.patch \
file://CVE-2021-29470.patch \
file://CVE-2021-29473.patch \
file://CVE-2021-3482.patch"
S = "${WORKDIR}/${BPN}-${PV}-Source"
inherit cmake gettext
do_install:append:class-target() {
# reproducibility: remove build host path
sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
-e 's:${STAGING_DIR_HOST}::g'
}

19
meta-oe/recipes-support/exiv2/exiv2_0.27.6.bb Normal file
View File

@ -0,0 +1,19 @@
SUMMARY = "Exif, Iptc and XMP metadata manipulation library and tools"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
DEPENDS = "zlib expat"
SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
SRC_URI[sha256sum] = "4c192483a1125dc59a3d70b30d30d32edace9e14adf52802d2f853abf72db8a6"
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
# inherit dos2unix
S = "${WORKDIR}/${BP}-Source"
inherit cmake gettext
do_install:append:class-target() {
# reproducibility: remove build host path
sed -i ${D}${libdir}/cmake/exiv2/exiv2Config.cmake \
-e 's:${STAGING_DIR_HOST}::g'
}