community/exiv2: move from main

author: Leo <thinkabit.ukim@gmail.com> 2020-03-15 14:53:31 -0300
committer: Leo <thinkabit.ukim@gmail.com> 2020-03-15 14:53:31 -0300
commit: 5f508d129e5e87f82b2c8e85793d0c5302c5ef23 (patch)
tree: 885dbb440a8e8d7073e01a3dcd32b9cf70f363ed /main/exiv2
parent: 3e8ab963c14f906a03b0638a994acc710657355b (diff)
download: aports-5f508d129e5e87f82b2c8e85793d0c5302c5ef23.tar.bz2
aports-5f508d129e5e87f82b2c8e85793d0c5302c5ef23.tar.xz
3 files changed, 0 insertions, 218 deletions
diff --git a/main/exiv2/APKBUILD b/main/exiv2/APKBUILD
deleted file mode 100644
index 18f34a6c32..0000000000
--- a/main/exiv2/APKBUILD
+++ /dev/null
@@ -1,52 +0,0 @@
-# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
-pkgname=exiv2
-pkgver=0.27.2
-pkgrel=6
-pkgdesc="Exif and Iptc metadata manipulation library and tools."
-url="https://exiv2.org"
-arch="all"
-options="!check"  # No test suite.
-license="GPL-2.0-or-later"
-depends_dev="expat-dev zlib-dev"
-makedepends="$depends_dev cmake"
-subpackages="$pkgname-dev $pkgname-doc"
-source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz
-	CVE-2019-17402.patch
-	CVE-2019-20421.patch
-	"
-builddir="$srcdir"/$pkgname-$pkgver-Source
-
-# secfixes:
-#   0.27.2-r6:
-#     - CVE-2019-20421
-#   0.27.2-r2:
-#     - CVE-2019-17402
-#   0.27.2-r0:
-#     - CVE-2019-13108
-#     - CVE-2019-13109
-#     - CVE-2019-13110
-#     - CVE-2019-13111
-#     - CVE-2019-13112
-#     - CVE-2019-13113
-#     - CVE-2019-13114
-
-build() {
-	cmake -B build . \
-		-DCMAKE_BUILD_TYPE=None \
-		-DCMAKE_INSTALL_PREFIX=/usr \
-		-DCMAKE_INSTALL_LIBDIR=lib \
-		-DEXIV2_BUILD_SAMPLES=OFF
-	make -C build
-}
-
-check() {
-	make -C build test
-}
-
-package() {
-	make -C build DESTDIR="$pkgdir" install
-}
-
-sha512sums="39eb7d920dce18b275ac66f4766c7c73f7c72ee10e3e1e43d84c611b24f48ce20a70eac6d53948914e93242a25b8b52cc4bc760ee611ddcd77481306c1f9e721  exiv2-0.27.2-Source.tar.gz
-da58d6cf6409304465c16a6c73af3731a75c59c0f3e16d740edd3f46308d3ba8ed8b5fc0473920b67b2aeb2b4bb66574aee4b0f57585d127f6e6a3f62b5c0766  CVE-2019-17402.patch
-b2b881e47e4cad8b04492f7475400af9f28fa8f9dfb1e96d4d0d8caa6a469e76aafc056023254446e1026be8270f1b094b5195fe44f18c87283f6c6d808c37ee  CVE-2019-20421.patch"
diff --git a/main/exiv2/CVE-2019-17402.patch b/main/exiv2/CVE-2019-17402.patch
deleted file mode 100644
index 45451442d5..0000000000
--- a/main/exiv2/CVE-2019-17402.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
-index 29311fd..c0d9553 100644
---- a/src/crwimage_int.cpp
-+++ b/src/crwimage_int.cpp
-@@ -268,6 +268,9 @@ namespace Exiv2 {
- #ifdef EXIV2_DEBUG_MESSAGES
-         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
- #endif
-+        if (this->offset() + this->size() > size)
-+            throw Error(kerOffsetOutOfRange);
-+
-         readDirectory(pData + offset(), this->size(), byteOrder);
- #ifdef EXIV2_DEBUG_MESSAGES
-         std::cout << "<---- 0x" << std::hex << tag() << "\n";
-diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019
-new file mode 100755
-index 0000000..e69de29
-diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
-new file mode 100644
-index 0000000..c2682f9
---- /dev/null
-+++ b/tests/bugfixes/github/test_issue_1019.py
-@@ -0,0 +1,14 @@
-+from system_tests import CaseMeta, path
-+
-+
-+class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
-+
-+    filename = path("$data_path/POC-file_issue_1019")
-+    commands = ["$exiv2 -pv $filename"]
-+    stdout = [""]
-+    stderr = [
-+        """$exiv2_exception_message $filename:
-+$kerOffsetOutOfRange
-+"""
-+    ]
-+    retval = [1]
-diff --git a/tests/suite.conf b/tests/suite.conf
-index 5b31930..dab7427 100644
---- a/tests/suite.conf
-+++ b/tests/suite.conf
-@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
- easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
- 
- [variables]
-+kerOffsetOutOfRange: Offset out of range
- kerFailedToReadImageData: Failed to read image data
- kerCorruptedMetadata: corrupted image metadata
- kerInvalidMalloc: invalid memory allocation request
diff --git a/main/exiv2/CVE-2019-20421.patch b/main/exiv2/CVE-2019-20421.patch
deleted file mode 100644
index 76b88a1a75..0000000000
--- a/main/exiv2/CVE-2019-20421.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 1b917c3f7dd86336a9f6fda4456422c419dfe88c Mon Sep 17 00:00:00 2001
-From: clanmills <robin@clanmills.com>
-Date: Tue, 1 Oct 2019 17:39:44 +0100
-Subject: [PATCH] Fix #1011 fix_1011_jp2_readmetadata_loop
-
----
- src/jp2image.cpp                             |  25 +++++++++++++++----
- tests/bugfixes/github/test_CVE_2017_17725.py |   4 +--
- tests/bugfixes/github/test_issue_1011.py     |  13 ++++++++++
- 4 files changed, 35 insertions(+), 7 deletions(-)
- create mode 100755 test/data/Jp2Image_readMetadata_loop.poc
- create mode 100644 tests/bugfixes/github/test_issue_1011.py
-
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index d5cd1340a..0de088d62 100644
---- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -18,10 +18,6 @@
-  * Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301 USA.
-  */
- 
--/*
--  File:      jp2image.cpp
--*/
--
- // *****************************************************************************
- 
- // included header files
-@@ -197,6 +193,16 @@ namespace Exiv2
-         return result;
-     }
- 
-+static void boxes_check(size_t b,size_t m)
-+{
-+    if ( b > m ) {
-+#ifdef EXIV2_DEBUG_MESSAGES
-+        std::cout << "Exiv2::Jp2Image::readMetadata box maximum exceeded" << std::endl;
-+#endif
-+        throw Error(kerCorruptedMetadata);
-+    }
-+}
-+
-     void Jp2Image::readMetadata()
-     {
- #ifdef EXIV2_DEBUG_MESSAGES
-@@ -219,9 +225,12 @@ namespace Exiv2
-         Jp2BoxHeader      subBox    = {0,0};
-         Jp2ImageHeaderBox ihdr      = {0,0,0,0,0,0,0,0};
-         Jp2UuidBox        uuid      = {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+        size_t            boxes     = 0 ;
-+        size_t            boxem     = 1000 ; // boxes max
- 
-         while (io_->read((byte*)&box, sizeof(box)) == sizeof(box))
-         {
-+            boxes_check(boxes++,boxem );
-             position   = io_->tell();
-             box.length = getLong((byte*)&box.length, bigEndian);
-             box.type   = getLong((byte*)&box.type, bigEndian);
-@@ -251,8 +260,12 @@ namespace Exiv2
- 
-                     while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) && subBox.length )
-                     {
-+                        boxes_check(boxes++, boxem) ;
-                         subBox.length = getLong((byte*)&subBox.length, bigEndian);
-                         subBox.type   = getLong((byte*)&subBox.type, bigEndian);
-+                        if (subBox.length > io_->size() ) {
-+                            throw Error(kerCorruptedMetadata);
-+                        }
- #ifdef EXIV2_DEBUG_MESSAGES
-                         std::cout << "Exiv2::Jp2Image::readMetadata: "
-                         << "subBox = " << toAscii(subBox.type) << " length = " << subBox.length << std::endl;
-@@ -308,7 +321,9 @@ namespace Exiv2
-                         }
- 
-                         io_->seek(restore,BasicIo::beg);
--                        io_->seek(subBox.length, Exiv2::BasicIo::cur);
-+                        if ( io_->seek(subBox.length, Exiv2::BasicIo::cur) != 0 ) {
-+                            throw Error(kerCorruptedMetadata);
-+                        }
-                         restore = io_->tell();
-                     }
-                     break;
-
-diff --git a/tests/bugfixes/github/test_CVE_2017_17725.py b/tests/bugfixes/github/test_CVE_2017_17725.py
-index 1127b9806..670a75d8d 100644
---- a/tests/bugfixes/github/test_CVE_2017_17725.py
-+++ b/tests/bugfixes/github/test_CVE_2017_17725.py
-@@ -11,7 +11,7 @@ class TestCvePoC(metaclass=system_tests.CaseMeta):
-     filename = "$data_path/poc_2017-12-12_issue188"
-     commands = ["$exiv2 " + filename]
-     stdout = [""]
--    stderr = ["""$exiv2_overflow_exception_message """ + filename + """:
--$addition_overflow_message
-+    stderr = ["""$exiv2_exception_message """ + filename + """:
-+$kerCorruptedMetadata
- """]
-     retval = [1]
-diff --git a/tests/bugfixes/github/test_issue_1011.py b/tests/bugfixes/github/test_issue_1011.py
-new file mode 100644
-index 000000000..415861188
---- /dev/null
-+++ b/tests/bugfixes/github/test_issue_1011.py
-@@ -0,0 +1,13 @@
-+# -*- coding: utf-8 -*-
-+
-+from system_tests import CaseMeta, path
-+
-+class Test_issue_1011(metaclass=CaseMeta):
-+
-+    filename = path("$data_path/Jp2Image_readMetadata_loop.poc")
-+    commands = ["$exiv2 " + filename]
-+    stdout   = [""]
-+    stderr   = ["""$exiv2_exception_message """ + filename + """:
-+$kerCorruptedMetadata
-+"""]
-+    retval = [1]
-\ No newline at end of file
author	Leo <thinkabit.ukim@gmail.com>	2020-03-15 14:53:31 -0300
committer	Leo <thinkabit.ukim@gmail.com>	2020-03-15 14:53:31 -0300
commit	5f508d129e5e87f82b2c8e85793d0c5302c5ef23 (patch)
tree	885dbb440a8e8d7073e01a3dcd32b9cf70f363ed /main/exiv2
parent	3e8ab963c14f906a03b0638a994acc710657355b (diff)
download	aports-5f508d129e5e87f82b2c8e85793d0c5302c5ef23.tar.bz2 aports-5f508d129e5e87f82b2c8e85793d0c5302c5ef23.tar.xz