diff options
Diffstat (limited to 'media-libs/libextractor/files')
3 files changed, 215 insertions, 0 deletions
diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch new file mode 100644 index 000000000000..d0b5968606ba --- /dev/null +++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch @@ -0,0 +1,49 @@ +From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001 +From: Christian Grothoff <christian@grothoff.org> +Date: Thu, 20 Dec 2018 22:47:53 +0100 +Subject: fix #5493 (out of bounds read) + +--- + src/common/convert.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/common/convert.c b/src/common/convert.c +index c0edf21..2be2108 100644 +--- a/src/common/convert.c ++++ b/src/common/convert.c +@@ -36,8 +36,8 @@ + * string is returned. + */ + char * +-EXTRACTOR_common_convert_to_utf8 (const char *input, +- size_t len, ++EXTRACTOR_common_convert_to_utf8 (const char *input, ++ size_t len, + const char *charset) + { + #if HAVE_ICONV +@@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, + i = input; + cd = iconv_open ("UTF-8", charset); + if (cd == (iconv_t) - 1) +- return strdup (i); ++ return strndup (i, len); + if (len > 1024 * 1024) + { + iconv_close (cd); +@@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, + } + itmp = tmp; + finSize = tmpSize; +- if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX) ++ if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1)) + { + iconv_close (cd); + free (tmp); +- return strdup (i); ++ return strndup (i, len); + } + ret = malloc (tmpSize - finSize + 1); + if (ret == NULL) +-- +cgit v1.1 diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch new file mode 100644 index 000000000000..2cd0448ba894 --- /dev/null +++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch @@ -0,0 +1,39 @@ +From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001 +From: Christian Grothoff <christian@grothoff.org> +Date: Thu, 20 Dec 2018 23:02:28 +0100 +Subject: fix #5494 + +--- + ChangeLog | 3 ++- + src/plugins/ole2_extractor.c | 9 +++++++-- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c +index 53fa1b9..a48b726 100644 +--- a/src/plugins/ole2_extractor.c ++++ b/src/plugins/ole2_extractor.c +@@ -173,7 +173,7 @@ struct ProcContext + EXTRACTOR_MetaDataProcessor proc; + + /** +- * Closure for 'proc'. ++ * Closure for @e proc. + */ + void *proc_cls; + +@@ -213,7 +213,12 @@ process_metadata (gpointer key, + + if (G_VALUE_TYPE(gval) == G_TYPE_STRING) + { +- contents = strdup (g_value_get_string (gval)); ++ const char *gvals; ++ ++ gvals = g_value_get_string (gval); ++ if (NULL == gvals) ++ return; ++ contents = strdup (gvals); + } + else + { +-- +cgit v1.1 diff --git a/media-libs/libextractor/files/libextractor-1.8-exiv2-0.27.patch b/media-libs/libextractor/files/libextractor-1.8-exiv2-0.27.patch new file mode 100644 index 000000000000..cfdb6426408d --- /dev/null +++ b/media-libs/libextractor/files/libextractor-1.8-exiv2-0.27.patch @@ -0,0 +1,127 @@ +From bbe21db4bf8face03adf0efd2eb18540582cb5ba Mon Sep 17 00:00:00 2001 +From: Andreas Sturmlechner <andreas.sturmlechner@gmail.com> +Date: Sun, 30 Dec 2018 00:46:57 +0100 +Subject: [PATCH] Fix build with exiv2-0.27 + +--- + src/plugins/exiv2_extractor.cc | 35 +++++++++++++++++++++++++++------- + 1 file changed, 28 insertions(+), 7 deletions(-) + +diff --git a/src/plugins/exiv2_extractor.cc b/src/plugins/exiv2_extractor.cc +index 8741d40..ef402a8 100644 +--- a/src/plugins/exiv2_extractor.cc ++++ b/src/plugins/exiv2_extractor.cc +@@ -27,10 +27,7 @@ + #include <cassert> + #include <cstring> + #include <math.h> +-#include <exiv2/exif.hpp> +-#include <exiv2/error.hpp> +-#include <exiv2/image.hpp> +-#include <exiv2/futils.hpp> ++#include <exiv2/exiv2.hpp> + + /** + * Enable debugging to get error messages. +@@ -180,7 +177,7 @@ public: + * + * @return -1 on error + */ +-#if EXIV2_VERSION >= EXIV2_MAKE_VERSION(0,26,0) ++#if EXIV2_TEST_VERSION(0,26,0) + virtual size_t size (void) const; + #else + virtual long int size (void) const; +@@ -316,7 +313,11 @@ ExtractorIO::getb () + const unsigned char *r; + + if (1 != ec->read (ec->cls, &data, 1)) ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + r = (const unsigned char *) data; + return *r; + } +@@ -371,7 +372,11 @@ ExtractorIO::putb (Exiv2::byte data) + void + ExtractorIO::transfer (Exiv2::BasicIo& src) + { ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + } + + +@@ -416,7 +421,11 @@ ExtractorIO::seek (long offset, + Exiv2::byte * + ExtractorIO::mmap (bool isWritable) + { ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + } + + +@@ -449,7 +458,7 @@ ExtractorIO::tell (void) const + * + * @return -1 on error + */ +-#if EXIV2_VERSION >= EXIV2_MAKE_VERSION(0,26,0) ++#if EXIV2_TEST_VERSION(0,26,0) + size_t + #else + long int +@@ -504,7 +513,11 @@ ExtractorIO::eof () const + std::string + ExtractorIO::path () const + { ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + } + + +@@ -517,7 +530,11 @@ ExtractorIO::path () const + std::wstring + ExtractorIO::wpath () const + { ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + } + #endif + +@@ -531,7 +548,11 @@ Exiv2::BasicIo::AutoPtr + ExtractorIO::temporary () const + { + fprintf (stderr, "throwing temporary error\n"); ++#if EXIV2_TEST_VERSION(0,27,0) ++ throw Exiv2::BasicError<char> (Exiv2::kerDecodeLangAltQualifierFailed); ++#else + throw Exiv2::BasicError<char> (42 /* error code */); ++#endif + } + + +@@ -697,7 +718,7 @@ EXTRACTOR_exiv2_extract_method (struct EXTRACTOR_ExtractContext *ec) + { + try + { +-#if EXIV2_MAKE_VERSION(0,23,0) <= EXIV2_VERSION ++#if !EXIV2_TEST_VERSION(0,24,0) + Exiv2::LogMsg::setLevel (Exiv2::LogMsg::mute); + #endif + std::auto_ptr<Exiv2::BasicIo> eio(new ExtractorIO (ec)); +-- +2.20.1 + |