diff --git a/.exiv2.metadata b/.exiv2.metadata new file mode 100644 index 0000000..7a1906f --- /dev/null +++ b/.exiv2.metadata @@ -0,0 +1 @@ +b267149993f8637ab9d0782c9cd73a5c3092427b SOURCES/exiv2-0.26-trunk.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f144f3f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/exiv2-0.26-trunk.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0006-1296-Fix-submitted.patch b/SOURCES/0006-1296-Fix-submitted.patch new file mode 100644 index 0000000..bc3c413 --- /dev/null +++ b/SOURCES/0006-1296-Fix-submitted.patch @@ -0,0 +1,25 @@ +From 2f8681e120d277e418941c4361c83b5028f67fd8 Mon Sep 17 00:00:00 2001 +From: clanmills +Date: Sat, 27 May 2017 10:18:17 +0100 +Subject: [PATCH 6/6] #1296 Fix submitted. + +--- + src/tiffcomposite.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tiffcomposite.cpp b/src/tiffcomposite.cpp +index c6b860d..0c9b9c4 100644 +--- a/src/tiffcomposite.cpp ++++ b/src/tiffcomposite.cpp +@@ -1611,6 +1611,8 @@ namespace Exiv2 { + uint32_t TiffImageEntry::doWriteImage(IoWrapper& ioWrapper, + ByteOrder /*byteOrder*/) const + { ++ if ( !pValue() ) throw Error(21); // #1296 ++ + uint32_t len = pValue()->sizeDataArea(); + if (len > 0) { + #ifdef DEBUG +-- +2.9.4 + diff --git a/SOURCES/exiv2-CVE-2017-17723.patch b/SOURCES/exiv2-CVE-2017-17723.patch new file mode 100644 index 0000000..f20af24 --- /dev/null +++ b/SOURCES/exiv2-CVE-2017-17723.patch @@ -0,0 +1,59 @@ +diff --git a/include/exiv2/value.hpp b/include/exiv2/value.hpp +index 64a8ca7..4e9f285 100644 +--- a/include/exiv2/value.hpp ++++ b/include/exiv2/value.hpp +@@ -1658,11 +1658,13 @@ namespace Exiv2 { + ok_ = true; + return static_cast(value_[n]); + } ++// #55 crash when value_[n].first == LONG_MIN ++#define LARGE_INT 1000000 + // Specialization for rational + template<> + inline long ValueType::toLong(long n) const + { +- ok_ = (value_[n].second != 0); ++ ok_ = (value_[n].second != 0 && -LARGE_INT < value_[n].first && value_[n].first < LARGE_INT); + if (!ok_) return 0; + return value_[n].first / value_[n].second; + } +@@ -1670,7 +1672,7 @@ namespace Exiv2 { + template<> + inline long ValueType::toLong(long n) const + { +- ok_ = (value_[n].second != 0); ++ ok_ = (value_[n].second != 0 && value_[n].first < LARGE_INT); + if (!ok_) return 0; + return value_[n].first / value_[n].second; + } +diff --git a/src/basicio.cpp b/src/basicio.cpp +index 1ede931..eac756f 100644 +--- a/src/basicio.cpp ++++ b/src/basicio.cpp +@@ -990,6 +990,7 @@ namespace Exiv2 { + DataBuf FileIo::read(long rcount) + { + assert(p_->fp_ != 0); ++ if ( (size_t) rcount > size() ) throw Error(57); + DataBuf buf(rcount); + long readCount = read(buf.pData_, buf.size_); + buf.size_ = readCount; +diff --git a/src/image.cpp b/src/image.cpp +index 31b9b81..eeb1f37 100644 +--- a/src/image.cpp ++++ b/src/image.cpp +@@ -399,7 +399,13 @@ namespace Exiv2 { + ; + + // if ( offset > io.size() ) offset = 0; // Denial of service? +- DataBuf buf(size*count + pad+20); // allocate a buffer ++ ++ // #55 memory allocation crash test/data/POC8 ++ long long allocate = (long long) size*count + pad+20; ++ if ( allocate > (long long) io.size() ) { ++ throw Error(57); ++ } ++ DataBuf buf(allocate); // allocate a buffer + std::memcpy(buf.pData_,dir.pData_+8,4); // copy dir[8:11] into buffer (short strings) + if ( count*size > 4 ) { // read into buffer + size_t restore = io.tell(); // save diff --git a/SOURCES/exiv2-CVE-2017-17725.patch b/SOURCES/exiv2-CVE-2017-17725.patch new file mode 100644 index 0000000..f461cb7 --- /dev/null +++ b/SOURCES/exiv2-CVE-2017-17725.patch @@ -0,0 +1,420 @@ +diff --git a/src/actions.cpp b/src/actions.cpp +index 35c7965..cb905f6 100644 +--- a/src/actions.cpp ++++ b/src/actions.cpp +@@ -59,6 +59,7 @@ EXIV2_RCSID("@(#) $Id: actions.cpp 4719 2017-03-08 20:42:28Z robinwmills $") + #include + #include + #include ++#include + #include // for stat() + #include // for stat() + #ifdef EXV_HAVE_UNISTD_H +@@ -236,33 +237,43 @@ namespace Action { + } + + int Print::run(const std::string& path) +- try { +- path_ = path; +- int rc = 0; +- Exiv2::PrintStructureOption option = Exiv2::kpsNone ; +- switch (Params::instance().printMode_) { +- case Params::pmSummary: rc = printSummary(); break; +- case Params::pmList: rc = printList(); break; +- case Params::pmComment: rc = printComment(); break; +- case Params::pmPreview: rc = printPreviewList(); break; +- case Params::pmStructure: rc = printStructure(std::cout,Exiv2::kpsBasic) ; break; +- case Params::pmRecursive: rc = printStructure(std::cout,Exiv2::kpsRecursive) ; break; +- +- case Params::pmXMP: +- option = option == Exiv2::kpsNone ? Exiv2::kpsXMP : option; // drop +- case Params::pmIccProfile:{ +- option = option == Exiv2::kpsNone ? Exiv2::kpsIccProfile : option; +- _setmode(_fileno(stdout),O_BINARY); +- rc = printStructure(std::cout,option); +- } break; ++ { ++ try { ++ path_ = path; ++ int rc = 0; ++ Exiv2::PrintStructureOption option = Exiv2::kpsNone ; ++ switch (Params::instance().printMode_) { ++ case Params::pmSummary: rc = printSummary(); break; ++ case Params::pmList: rc = printList(); break; ++ case Params::pmComment: rc = printComment(); break; ++ case Params::pmPreview: rc = printPreviewList(); break; ++ case Params::pmStructure: rc = printStructure(std::cout,Exiv2::kpsBasic) ; break; ++ case Params::pmRecursive: rc = printStructure(std::cout,Exiv2::kpsRecursive) ; break; ++ ++ case Params::pmXMP: ++ if (option == Exiv2::kpsNone) ++ option = Exiv2::kpsXMP; ++ // drop ++ case Params::pmIccProfile: ++ if (option == Exiv2::kpsNone) ++ option = Exiv2::kpsIccProfile; ++ _setmode(_fileno(stdout),O_BINARY); ++ rc = printStructure(std::cout,option); ++ break; ++ } ++ return rc; ++ } ++ catch(const Exiv2::AnyError& e) { ++ std::cerr << "Exiv2 exception in print action for file " ++ << path << ":\n" << e << "\n"; ++ return 1; ++ } ++ catch(const std::overflow_error& e) { ++ std::cerr << "std::overflow_error exception in print action for file " ++ << path << ":\n" << e.what() << "\n"; ++ return 1; + } +- return rc; + } +- catch(const Exiv2::AnyError& e) { +- std::cerr << "Exiv2 exception in print action for file " +- << path << ":\n" << e << "\n"; +- return 1; +- } // Print::run + + int Print::printStructure(std::ostream& out, Exiv2::PrintStructureOption option) + { +diff --git a/src/jp2image.cpp b/src/jp2image.cpp +index ac31257..4c072d7 100644 +--- a/src/jp2image.cpp ++++ b/src/jp2image.cpp +@@ -41,6 +41,7 @@ EXIV2_RCSID("@(#) $Id: jp2image.cpp 4759 2017-04-23 10:58:54Z robinwmills $") + #include "error.hpp" + #include "futils.hpp" + #include "types.hpp" ++#include "safe_op.hpp" + + // + standard includes + #include +@@ -269,8 +270,9 @@ namespace Exiv2 + std::cout << "Exiv2::Jp2Image::readMetadata: " + << "Color data found" << std::endl; + #endif ++ + long pad = 3 ; // 3 padding bytes 2 0 0 +- DataBuf data(subBox.length+8); ++ DataBuf data(Safe::add(subBox.length, static_cast(8))); + io_->read(data.pData_,data.size_); + long iccLength = getULong(data.pData_+pad, bigEndian); + DataBuf icc(iccLength); +diff --git a/src/safe_op.hpp b/src/safe_op.hpp +new file mode 100644 +index 0000000..014b7f3 +--- /dev/null ++++ b/src/safe_op.hpp +@@ -0,0 +1,310 @@ ++// ********************************************************* -*- C++ -*- ++/* ++ * Copyright (C) 2004-2017 Exiv2 maintainers ++ * ++ * This program is part of the Exiv2 distribution. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA. ++ */ ++/*! ++ @file safe_op.hpp ++ @brief Overflow checks for integers ++ @author Dan Čermák (D4N) ++ dan.cermak@cgc-instruments.com ++ @date 14-Dec-17, D4N: created ++ */ ++ ++#ifndef SAFE_OP_HPP_ ++#define SAFE_OP_HPP_ ++ ++#include ++#include ++ ++#ifdef _MSC_VER ++#include ++#endif ++ ++/*! ++ * @brief Arithmetic operations with overflow checks ++ */ ++namespace Safe ++{ ++ /*! ++ * @brief Helper structs for providing integer overflow checks. ++ * ++ * This namespace contains the internal helper structs fallback_add_overflow ++ * and builtin_add_overflow. Both have a public static member function add ++ * with the following interface: ++ * ++ * bool add(T summand_1, T summand_2, T& result) ++ * ++ * where T is the type over which the struct is templated. ++ * ++ * The function performs a check whether the addition summand_1 + summand_2 ++ * can be performed without an overflow. If the operation would overflow, ++ * true is returned and the addition is not performed if it would result in ++ * undefined behavior. If no overflow occurs, the sum is saved in result and ++ * false is returned. ++ * ++ * fallback_add_overflow implements a portable but slower overflow check. ++ * builtin_add_overflow uses compiler builtins (when available) and should ++ * be considerably faster. As builtins are not available for all types, ++ * builtin_add_overflow falls back to fallback_add_overflow when no builtin ++ * is available. ++ */ ++ namespace Internal ++ { ++ /*! ++ * @brief Helper struct to determine whether a type is signed or unsigned ++ ++ * This struct is a backport of std::is_signed from C++11. It has a public ++ * enum with the property VALUE which is true when the type is signed or ++ * false if it is unsigned. ++ */ ++ template ++ struct is_signed ++ { ++ enum ++ { ++ VALUE = T(-1) < T(0) ++ }; ++ }; ++ ++ /*! ++ * @brief Helper struct for SFINAE, from C++11 ++ ++ * This struct has a public typedef called type typedef'd to T if B is ++ * true. Otherwise there is no typedef. ++ */ ++ template ++ struct enable_if ++ { ++ }; ++ ++ /*! ++ * @brief Specialization of enable_if for the case B == true ++ */ ++ template ++ struct enable_if ++ { ++ typedef T type; ++ }; ++ ++ /*! ++ * @brief Fallback overflow checker, specialized via SFINAE ++ * ++ * This struct implements a 'fallback' addition with an overflow check, ++ * i.e. it does not rely on compiler intrinsics. It is specialized via ++ * SFINAE for signed and unsigned integer types and provides a public ++ * static member function add. ++ */ ++ template ++ struct fallback_add_overflow; ++ ++ /*! ++ * @brief Overload of fallback_add_overflow for signed integers ++ */ ++ template ++ struct fallback_add_overflow::VALUE>::type> ++ { ++ /*! ++ * @brief Adds the two summands only if no overflow occurs ++ * ++ * This function performs a check if summand_1 + summand_2 would ++ * overflow and returns true in that case. If no overflow occurs, ++ * the sum is saved in result and false is returned. ++ * ++ * @return true on overflow, false on no overflow ++ * ++ * The check for an overflow is performed before the addition to ++ * ensure that no undefined behavior occurs. The value in result is ++ * only valid when the function returns false. ++ * ++ * Further information: ++ * https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow ++ */ ++ static bool add(T summand_1, T summand_2, T& result) ++ { ++ if (((summand_2 >= 0) && (summand_1 > std::numeric_limits::max() - summand_2)) || ++ ((summand_2 < 0) && (summand_1 < std::numeric_limits::min() - summand_2))) { ++ return true; ++ } else { ++ result = summand_1 + summand_2; ++ return false; ++ } ++ } ++ }; ++ ++ /*! ++ * @brief Overload of fallback_add_overflow for unsigned integers ++ */ ++ template ++ struct fallback_add_overflow::VALUE>::type> ++ { ++ /*! ++ * @brief Adds the two summands only if no overflow occurs ++ * ++ * This function performs a check if summand_1 + summand_2 would ++ * overflow and returns true in that case. If no overflow occurs, ++ * the sum is saved in result and false is returned. ++ * ++ * @return true on overflow, false on no overflow ++ * ++ * Further information: ++ * https://wiki.sei.cmu.edu/confluence/display/c/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap ++ */ ++ static bool add(T summand_1, T summand_2, T& result) ++ { ++ if (summand_1 > std::numeric_limits::max() - summand_2) { ++ return true; ++ } else { ++ result = summand_1 + summand_2; ++ return false; ++ } ++ } ++ }; ++ ++ /*! ++ * @brief Overflow checker using compiler intrinsics ++ * ++ * This struct provides an add function with the same interface & ++ * behavior as fallback_add_overload::add but it relies on compiler ++ * intrinsics instead. This version should be considerably faster than ++ * the fallback version as it can fully utilize available CPU ++ * instructions & the compiler's diagnostic. ++ * ++ * However, as some compilers don't provide intrinsics for certain ++ * types, the default implementation of add is the version from falback. ++ * ++ * The struct is explicitly specialized for each type via #ifdefs for ++ * each compiler. ++ */ ++ template ++ struct builtin_add_overflow ++ { ++ /*! ++ * @brief Add summand_1 and summand_2 and check for overflows. ++ * ++ * This is the default add() function that uses ++ * fallback_add_overflow::add(). All specializations must have ++ * exactly the same interface and behave the same way. ++ */ ++ static inline bool add(T summand_1, T summand_2, T& result) ++ { ++ return fallback_add_overflow::add(summand_1, summand_2, result); ++ } ++ }; ++ ++#if defined(__GNUC__) || defined(__clang__) ++#if __GNUC__ >= 5 ++ ++/*! ++ * This macro pastes a specialization of builtin_add_overflow using gcc's & ++ * clang's __builtin_(s/u)add(l)(l)_overlow() ++ * ++ * The add function is implemented by forwarding the parameters to the intrinsic ++ * and returning its value. ++ * ++ * The intrinsics are documented here: ++ * https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html#Integer-Overflow-Builtins ++ */ ++#define SPECIALIZE_builtin_add_overflow(type, builtin_name) \ ++ template <> \ ++ struct builtin_add_overflow \ ++ { \ ++ static inline bool add(type summand_1, type summand_2, type& result) \ ++ { \ ++ return builtin_name(summand_1, summand_2, &result); \ ++ } \ ++ } ++ ++ SPECIALIZE_builtin_add_overflow(int, __builtin_sadd_overflow); ++ SPECIALIZE_builtin_add_overflow(long, __builtin_saddl_overflow); ++ SPECIALIZE_builtin_add_overflow(long long, __builtin_saddll_overflow); ++ ++ SPECIALIZE_builtin_add_overflow(unsigned int, __builtin_uadd_overflow); ++ SPECIALIZE_builtin_add_overflow(unsigned long, __builtin_uaddl_overflow); ++ SPECIALIZE_builtin_add_overflow(unsigned long long, __builtin_uaddll_overflow); ++ ++#undef SPECIALIZE_builtin_add_overflow ++#endif ++ ++#elif defined(_MSC_VER) ++ ++/*! ++ * This macro pastes a specialization of builtin_add_overflow using MSVC's ++ * U(Int/Long/LongLong)Add. ++ * ++ * The add function is implemented by forwarding the parameters to the ++ * intrinsic. As MSVC's intrinsics return S_OK on success, this specialization ++ * returns whether the intrinsics return value does not equal S_OK. This ensures ++ * a uniform interface of the add function (false is returned when no overflow ++ * occurs, true on overflow). ++ * ++ * The intrinsics are documented here: ++ * https://msdn.microsoft.com/en-us/library/windows/desktop/ff516460(v=vs.85).aspx ++ */ ++#define SPECIALIZE_builtin_add_overflow_WIN(type, builtin_name) \ ++ template <> \ ++ struct builtin_add_overflow \ ++ { \ ++ static inline bool add(type summand_1, type summand_2, type& result) \ ++ { \ ++ return builtin_name(summand_1, summand_2, &result) != S_OK; \ ++ } \ ++ } ++ ++ SPECIALIZE_builtin_add_overflow_WIN(unsigned int, UIntAdd); ++ SPECIALIZE_builtin_add_overflow_WIN(unsigned long, ULongAdd); ++ SPECIALIZE_builtin_add_overflow_WIN(unsigned long long, ULongLongAdd); ++ ++#undef SPECIALIZE_builtin_add_overflow_WIN ++ ++#endif ++ ++ } // namespace Internal ++ ++ /*! ++ * @brief Safe addition, throws an exception on overflow. ++ * ++ * This function returns the result of summand_1 and summand_2 only when the ++ * operation would not overflow, otherwise an exception of type ++ * std::overflow_error is thrown. ++ * ++ * @param[in] summand_1, summand_2 summands to be summed up ++ * @return the sum of summand_1 and summand_2 ++ * @throws std::overflow_error if the addition would overflow ++ * ++ * This function utilizes compiler builtins when available and should have a ++ * very small performance hit then. When builtins are unavailable, a more ++ * extensive check is required. ++ * ++ * Builtins are available for the following configurations: ++ * - GCC/Clang for signed and unsigned int, long and long long (not char & short) ++ * - MSVC for unsigned int, long and long long ++ */ ++ template ++ T add(T summand_1, T summand_2) ++ { ++ T res = 0; ++ if (Internal::builtin_add_overflow::add(summand_1, summand_2, res)) { ++ throw std::overflow_error("Overflow in addition"); ++ } ++ return res; ++ } ++ ++} // namespace Safe ++ ++#endif // SAFE_OP_HPP_ diff --git a/SOURCES/exiv2-CVE-2017-5772.patch b/SOURCES/exiv2-CVE-2017-5772.patch new file mode 100644 index 0000000..f553d7d --- /dev/null +++ b/SOURCES/exiv2-CVE-2017-5772.patch @@ -0,0 +1,85 @@ +diff --git a/src/cr2image.cpp b/src/cr2image.cpp +index 516e170..8a752b0 100644 +--- a/src/cr2image.cpp ++++ b/src/cr2image.cpp +@@ -107,8 +107,6 @@ namespace Exiv2 { + throw Error(3, "CR2"); + } + clearMetadata(); +- std::ofstream devnull; +- printStructure(devnull, kpsRecursive, 0); + ByteOrder bo = Cr2Parser::decode(exifData_, + iptcData_, + xmpData_, +diff --git a/src/crwimage.cpp b/src/crwimage.cpp +index 232919c..58240fd 100644 +--- a/src/crwimage.cpp ++++ b/src/crwimage.cpp +@@ -131,15 +131,8 @@ namespace Exiv2 { + throw Error(33); + } + clearMetadata(); +- // read all metadata into memory +- // we should put this into clearMetadata(), however it breaks the test suite! +- try { +- std::ofstream devnull; +- printStructure(devnull,kpsRecursive,0); +- } catch (Exiv2::Error& /* e */) { +- DataBuf file(io().size()); +- io_->read(file.pData_,file.size_); +- } ++ DataBuf file( (long) io().size()); ++ io_->read(file.pData_,file.size_); + + CrwParser::decode(this, io_->mmap(), io_->size()); + +diff --git a/src/orfimage.cpp b/src/orfimage.cpp +index 25651bd..9bd7a02 100644 +--- a/src/orfimage.cpp ++++ b/src/orfimage.cpp +@@ -119,8 +119,6 @@ namespace Exiv2 { + throw Error(3, "ORF"); + } + clearMetadata(); +- std::ofstream devnull; +- printStructure(devnull, kpsRecursive, 0); + ByteOrder bo = OrfParser::decode(exifData_, + iptcData_, + xmpData_, +diff --git a/src/rw2image.cpp b/src/rw2image.cpp +index 07de437..5922602 100644 +--- a/src/rw2image.cpp ++++ b/src/rw2image.cpp +@@ -130,8 +130,6 @@ namespace Exiv2 { + throw Error(3, "RW2"); + } + clearMetadata(); +- std::ofstream devnull; +- printStructure(devnull, kpsRecursive, 0); + ByteOrder bo = Rw2Parser::decode(exifData_, + iptcData_, + xmpData_, +diff --git a/src/tiffimage.cpp b/src/tiffimage.cpp +index de66068..98da12b 100644 +--- a/src/tiffimage.cpp ++++ b/src/tiffimage.cpp +@@ -185,10 +185,6 @@ namespace Exiv2 { + } + clearMetadata(); + +- // recursively print the structure to /dev/null to ensure all metadata is in memory +- // must be recursive to handle NEFs which stores the raw image in a subIFDs +- std::ofstream devnull; +- printStructure(devnull,kpsRecursive,0); + ByteOrder bo = TiffParser::decode(exifData_, + iptcData_, + xmpData_, +@@ -200,7 +196,7 @@ namespace Exiv2 { + Exiv2::ExifKey key("Exif.Image.InterColorProfile"); + Exiv2::ExifData::iterator pos = exifData_.findKey(key); + if ( pos != exifData_.end() ) { +- iccProfile_.alloc(pos->count()); ++ iccProfile_.alloc(pos->count()*pos->typeSize()); + pos->copy(iccProfile_.pData_,bo); + } + diff --git a/SOURCES/exiv2-doxygen.patch b/SOURCES/exiv2-doxygen.patch new file mode 100644 index 0000000..9508b97 --- /dev/null +++ b/SOURCES/exiv2-doxygen.patch @@ -0,0 +1,21 @@ +diff -up exiv2-trunk/config/Doxyfile.doxygen exiv2-trunk/config/Doxyfile +--- exiv2-trunk/config/Doxyfile.doxygen 2017-05-02 09:17:33.631909015 -0500 ++++ exiv2-trunk/config/Doxyfile 2017-05-02 09:18:03.019200824 -0500 +@@ -1688,7 +1688,7 @@ HIDE_UNDOC_RELATIONS = YES + # toolkit from AT&T and Lucent Bell Labs. The other options in this section + # have no effect if this option is set to NO (the default) + +-HAVE_DOT = YES ++#HAVE_DOT = YES + + # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is + # allowed to run in parallel. When set to 0 (the default) doxygen will +@@ -1705,7 +1705,7 @@ DOT_NUM_THREADS = 0 + # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the + # directory containing the font. + +-DOT_FONTNAME = Arial ++#DOT_FONTNAME = Arial + + # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. + # The default size is 10pt. diff --git a/SPECS/exiv2.spec b/SPECS/exiv2.spec new file mode 100644 index 0000000..d9ad662 --- /dev/null +++ b/SPECS/exiv2.spec @@ -0,0 +1,293 @@ + +Summary: Exif and Iptc metadata manipulation library +Name: exiv2 +Version: 0.26 +Release: 3%{?dist} + +License: GPLv2+ +URL: http://www.exiv2.org/ +Source0: http://www.exiv2.org/builds/exiv2-%{version}-trunk.tar.gz + +## upstream patches (lookaside cache) +Patch6: 0006-1296-Fix-submitted.patch + +Patch10: exiv2-CVE-2017-17723.patch +Patch11: exiv2-CVE-2017-17725.patch +Patch12: exiv2-CVE-2017-5772.patch + +## upstreamable patches +Patch100: exiv2-doxygen.patch + +BuildRequires: expat-devel +BuildRequires: gettext +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libcurl) +BuildRequires: zlib-devel +# docs +BuildRequires: doxygen graphviz libxslt + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + + +%description +A command line utility to access image metadata, allowing one to: +* print the Exif metadata of Jpeg images as summary info, interpreted values, + or the plain data for each tag +* print the Iptc metadata of Jpeg images +* print the Jpeg comment of Jpeg images +* set, add and delete Exif and Iptc metadata of Jpeg images +* adjust the Exif timestamp (that's how it all started...) +* rename Exif image files according to the Exif timestamp +* extract, insert and delete Exif metadata (including thumbnails), + Iptc metadata and Jpeg comments + +%package devel +Summary: Header files, libraries and development documentation for %{name} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +%description devel +%{summary}. + +%package libs +Summary: Exif and Iptc metadata manipulation library +%description libs +A C++ library to access image metadata, supporting full read and write access +to the Exif and Iptc metadata, Exif MakerNote support, extract and delete +methods for Exif thumbnails, classes to access Ifd and so on. + +%package doc +Summary: Api documentation for %{name} +BuildArch: noarch +%description doc +%{summary}. + + +%prep +%autosetup -n %{name}-trunk -p1 + +%build +# exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage +# https://bugzilla.redhat.com/show_bug.cgi?id=888769 +export CPPFLAGS="-DBanAllEntityUsage=1" + +%configure \ + --disable-rpath \ + --disable-static + +# rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} +make doc -k ||: + +%install +rm -rf %{buildroot} + +make install DESTDIR=%{buildroot} + +%find_lang exiv2 + +## Unpackaged files +rm -fv %{buildroot}%{_libdir}/libexiv2.la + +## fix perms on installed lib +ls -l %{buildroot}%{_libdir}/libexiv2.so.* +chmod 755 %{buildroot}%{_libdir}/libexiv2.so.* + + +%find_lang exiv2 --with-man + +## unpackaged files +rm -fv %{buildroot}%{_libdir}/libexiv2.la + +%check +export PKG_CONFIG_PATH=%{buildroot}%{_libdir}/pkgconfig +test "$(pkg-config --modversion exiv2)" = "%{version}" +test -x %{buildroot}%{_libdir}/libexiv2.so + + +%files -f exiv2.lang +%license COPYING +%doc doc/ChangeLog +# README is mostly installation instructions +#doc README +%{_bindir}/exiv2 +%{_mandir}/man1/exiv2*.1* + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%files libs +%{_libdir}/libexiv2.so.26* + +%files devel +%{_includedir}/exiv2/ +%{_libdir}/libexiv2.so +%{_libdir}/pkgconfig/exiv2.pc + +%files doc +%doc doc/html + +%changelog +* Fri Feb 23 2018 Jan Grulich - 0.26-3 +- Fix uncontrolled recursion in image.cpp:Exiv2::Image::printIFDStructure() which can allow a + remote attacker to cause a denial of service via a crafted tif file + Resolves: bz#1548410 + +* Thu Feb 22 2018 Jan Grulich - 0.26-2 +- Fix heap-based buffer over-read in Exiv2::Image::byteSwap4 in image.cpp + Resolves: bz#1547207 + + Fix heap-based buffer over-read in Exiv2::getULong function in types.cpp + Resolves: bz#1545232 + +* Tue Aug 29 2017 Jan Grulich - 0.26-1 +- Update to 0.26 + Resolves: bz#1420227 + +* Fri Jan 24 2014 Daniel Mach - 0.23-6 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.23-5 +- Mass rebuild 2013-12-27 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.23-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Aug 14 2012 Rex Dieter 0.23-3 +- empty html doc dir (#848025) + +* Thu Jul 19 2012 Fedora Release Engineering - 0.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Apr 24 2012 Rex Dieter 0.23-1 +- exiv2-0.23 +- abi bump + +* Tue Feb 28 2012 Fedora Release Engineering - 0.22-5 +- Rebuilt for c++ ABI breakage + +* Mon Jan 16 2012 Rex Dieter 0.22-4 +- better rpath handling +- revert locale change, move back to -libs + +* Mon Jan 16 2012 Rex Dieter 0.22-3 +- move locale files to main pkg (from -libs) + +* Fri Jan 13 2012 Fedora Release Engineering - 0.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Oct 14 2011 Rex Dieter 0.22-1 +- exiv2-0.22 + +* Tue Sep 27 2011 Rex Dieter 0.21.1-3 +- New Tamron 70-300 mm lens improperly recognized (#708403) + +* Mon Sep 26 2011 Rex Dieter 0.21.1-2 +- gthumb crashes because of bug in exiv2 0.21.1 (#741429) + +* Sat Feb 26 2011 Rex Dieter 0.21.1-1 +- exiv2-0.21.1 + +* Tue Feb 08 2011 Fedora Release Engineering - 0.21-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 26 2011 Rex Dieter 0.21-2 +- Move ldconfig scriptlet calls to -libs (#672361) + +* Wed Dec 01 2010 Rex Dieter - 0.21-1 +- exiv2-0.21 + +* Sun May 30 2010 Rex Dieter - 0.20-1 +- exiv2-0.20 + +* Wed Dec 30 2009 Rex Dieter - 0.19-1 +- exiv2-0.19 (#552275) + +* Sun Dec 13 2009 Rex Dieter - 0.18.2-3 +- -libs unconditional +- tighten deps using %%?_isa + +* Fri Aug 07 2009 Rex Dieter - 0.18.2-2 +- (again) drop -fvisibility-inlines-hidden (#496050) + +* Fri Jul 24 2009 Rex Dieter - 0.18.2-1 +- exiv2-0.18.2 +- drop visibility patch + +* Fri Apr 17 2009 Rex Dieter - 0.18.1-1 +- exiv2-0.18.1 +- drop -fvisibility-inlines-hidden (#496050) + +* Tue Feb 24 2009 Fedora Release Engineering - 0.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Dec 18 2008 Rex Dieter 0.18-1 +- exiv2-0.18 + +* Fri Dec 12 2008 Rex Dieter 0.17.2-2 +- rebuild for pkgconfig deps + +* Mon Jun 23 2008 Rex Dieter 0.17.1-1 +- exiv2-0.17.1 + +* Mon Feb 11 2008 Rex Dieter 0.16-2 +- respin (gcc43) +- gcc43 patch + +* Sun Jan 13 2008 Rex Dieter 0.16-1 +- eviv2-0.16 + +* Mon Dec 17 2007 Rex Dieter 0.16-0.3.pre1 +- CVE-2007-6353 (#425924) + +* Mon Nov 26 2007 Rex Dieter 0.16-0.2.pre1 +- -libs subpkg toggle (f8+) + +* Tue Nov 13 2007 Rex Dieter 0.16-0.1.pre1 +- exiv2-0.16-pre1 + +* Tue Sep 18 2007 Rex Dieter 0.15-4 +- -libs: -Requires: %%name + +* Tue Aug 21 2007 Rex Dieter 0.15-3 +- -libs subpkg to be multilib-friendlier (f8+) + +* Sat Aug 11 2007 Rex Dieter 0.15-2 +- License: GPLv2+ + +* Thu Jul 12 2007 Rex Dieter 0.15-1 +- exiv2-0.15 + +* Mon Apr 02 2007 Rex Dieter 0.14-1 +- exiv2-0.14 + +* Tue Nov 28 2006 Rex Dieter 0.12-1 +- exiv2-0.12 + +* Wed Oct 04 2006 Rex Dieter 0.11-3 +- respin + +* Tue Sep 19 2006 Rex Dieter 0.11-2 +- BR: zlib-devel + +* Tue Sep 19 2006 Rex Dieter 0.11-1 +- exiv2-0.11 + +* Tue Aug 29 2006 Rex Dieter 0.10-2 +- fc6 respin + +* Sat Jun 03 2006 Rex Dieter 0.10-1 +- 0.10 + +* Wed May 17 2006 Rex Dieter 0.9.1-3 +- cleanup %%description +- set eXecute bit on installed lib. +- no_rpath patch +- deps patch (items get (re)compiled on *every* call to 'make') + +* Wed May 17 2006 Rex Dieter 0.9.1-2 +- %%post/%%postun: /sbin/ldconfig + +* Tue May 16 2006 Rex Dieter 0.9.1-1 +- first try