summary refs log tree commit diff
diff options
context:
space:
mode:
authorNicolas Goaziou <mail@nicolasgoaziou.fr>2021-02-21 10:35:43 +0100
committerNicolas Goaziou <mail@nicolasgoaziou.fr>2021-02-21 10:35:43 +0100
commit0c6f1b1a6d78f1a59c030378a25d0346333bd40b (patch)
tree3fb006ae318b793e63f006d5369cc66a59704fc5
parent5fb1bff1ca49f01245ef977d317f13ca69eb6a4f (diff)
downloadguix-0c6f1b1a6d78f1a59c030378a25d0346333bd40b.tar.gz
gnu: exiv2-0.26: Remove variable.
* gnu/packages/image.scm (exiv2-0.26): Remove variable.
* gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch:
* gnu/packages/patches/exiv2-CVE-2017-14860.patch: Remove files.
* gnu/local.mk (dist_patch_DATA): Apply removal.
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/image.scm28
-rw-r--r--gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch66
-rw-r--r--gnu/packages/patches/exiv2-CVE-2017-14860.patch48
4 files changed, 0 insertions, 144 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 8191c6917a..95d5835fa4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -972,8 +972,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/evolution-data-server-locales.patch	\
   %D%/packages/patches/evolution-data-server-libical-compat.patch	\
   %D%/packages/patches/exercism-disable-self-update.patch	\
-  %D%/packages/patches/exiv2-CVE-2017-14860.patch		\
-  %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch	\
   %D%/packages/patches/extempore-unbundle-external-dependencies.patch	\
   %D%/packages/patches/extundelete-e2fsprogs-1.44.patch		\
   %D%/packages/patches/farstream-make.patch                          \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 68221afff1..2d83313d9e 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1352,34 +1352,6 @@ and XMP metadata of images in various formats.")
     ;;   <https://launchpad.net/ubuntu/precise/+source/exiv2/+copyright>.
     (license license:gpl2+)))
 
-(define-public exiv2-0.26
-  (package
-    (inherit exiv2)
-    (version "0.26")
-    (source (origin
-             (method url-fetch)
-             (uri (list (string-append "https://www.exiv2.org/builds/exiv2-"
-                                       version "-trunk.tar.gz")
-                        (string-append "https://www.exiv2.org/exiv2-"
-                                       version ".tar.gz")
-                        (string-append "https://fossies.org/linux/misc/exiv2-"
-                                       version ".tar.gz")))
-             (patches (search-patches "exiv2-CVE-2017-14860.patch"
-                                      "exiv2-CVE-2017-14859-14862-14864.patch"))
-             (sha256
-              (base32
-               "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7"))))
-    (build-system gnu-build-system)
-    (arguments '(#:tests? #f))                    ; no `check' target
-    (propagated-inputs
-     `(("expat" ,expat)
-       ("zlib" ,zlib)))
-    (native-inputs
-     `(("intltool" ,intltool)))
-
-    ;; People should rely on the newer version, so don't expose it.
-    (properties `((hidden? . #t)))))
-
 (define-public devil
   (package
     (name "devil")
diff --git a/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch b/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch
deleted file mode 100644
index 69e65aeb6b..0000000000
--- a/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Fix CVE-2017-14859, CVE-2017-14862 and CVE-2017-14864.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14859
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14862
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864
-
-Copied from upstream:
-
-https://github.com/Exiv2/exiv2/commit/8a586c74bbe3fbca64e86e42a42282c73f427607
-
-From 8a586c74bbe3fbca64e86e42a42282c73f427607 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
-Date: Sat, 7 Oct 2017 23:08:36 +0200
-Subject: [PATCH] Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859
-
-The invalid memory dereference in
-Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read()
-is caused further up the call-stack, by
-v->read(pData, size, byteOrder) in TiffReader::readTiffEntry()
-passing an invalid pData pointer (pData points outside of the Tiff
-file). pData can be set out of bounds in the (size > 4) branch where
-baseOffset() and offset are added to pData_ without checking whether
-the result is still in the file. As offset comes from an untrusted
-source, an attacker can craft an arbitrarily large offset into the
-file.
-
-This commit adds a check into the problematic branch, whether the
-result of the addition would be out of bounds of the Tiff
-file. Furthermore the whole operation is checked for possible
-overflows.
----
- src/tiffvisitor.cpp | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/src/tiffvisitor.cpp b/src/tiffvisitor.cpp
-index 4ab733d4..ef13542e 100644
---- a/src/tiffvisitor.cpp
-+++ b/src/tiffvisitor.cpp
-@@ -47,6 +47,7 @@ EXIV2_RCSID("@(#) $Id$")
- #include <iostream>
- #include <iomanip>
- #include <cassert>
-+#include <limits>
- 
- // *****************************************************************************
- namespace {
-@@ -1517,7 +1518,19 @@ namespace Exiv2 {
-                 size = 0;
-         }
-         if (size > 4) {
-+            // setting pData to pData_ + baseOffset() + offset can result in pData pointing to invalid memory,
-+            // as offset can be arbitrarily large
-+            if ((static_cast<uintptr_t>(baseOffset()) > std::numeric_limits<uintptr_t>::max() - static_cast<uintptr_t>(offset))
-+             || (static_cast<uintptr_t>(baseOffset() + offset) > std::numeric_limits<uintptr_t>::max() - reinterpret_cast<uintptr_t>(pData_)))
-+            {
-+                throw Error(59);
-+            }
-+            if (pData_ + static_cast<uintptr_t>(baseOffset()) + static_cast<uintptr_t>(offset) > pLast_) {
-+                throw Error(58);
-+            }
-             pData = const_cast<byte*>(pData_) + baseOffset() + offset;
-+
-+	    // check for size being invalid
-             if (size > static_cast<uint32_t>(pLast_ - pData)) {
- #ifndef SUPPRESS_WARNINGS
-                 EXV_ERROR << "Upper boundary of data for "
diff --git a/gnu/packages/patches/exiv2-CVE-2017-14860.patch b/gnu/packages/patches/exiv2-CVE-2017-14860.patch
deleted file mode 100644
index 43e6076b71..0000000000
--- a/gnu/packages/patches/exiv2-CVE-2017-14860.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Fix CVE-2017-14860.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14860
-https://nvd.nist.gov/vuln/detail/CVE-2017-14860
-
-Copied from upstream:
-
-https://github.com/Exiv2/exiv2/commit/ff18fec24b119579df26fd2ebb8bb012cde102ce
-
-From ff18fec24b119579df26fd2ebb8bb012cde102ce Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
-Date: Fri, 6 Oct 2017 23:09:08 +0200
-Subject: [PATCH] Fix for CVE-2017-14860
-
-A heap buffer overflow could occur in memcpy when icc.size_ is larger
-than data.size_ - pad, as then memcpy would read out of bounds of data.
-
-This commit adds a sanity check to iccLength (= icc.size_): if it is
-larger than data.size_ - pad (i.e. an overflow would be caused) an
-exception is thrown.
-
-This fixes #71.
----
- src/jp2image.cpp | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/jp2image.cpp b/src/jp2image.cpp
-index 747145cf..748d39b5 100644
---- a/src/jp2image.cpp
-+++ b/src/jp2image.cpp
-@@ -269,10 +269,15 @@ namespace Exiv2
-                             std::cout << "Exiv2::Jp2Image::readMetadata: "
-                                      << "Color data found" << std::endl;
- #endif
--                            long pad = 3 ; // 3 padding bytes 2 0 0
-+                            const long pad = 3 ; // 3 padding bytes 2 0 0
-                             DataBuf data(subBox.length+8);
-                             io_->read(data.pData_,data.size_);
--                            long    iccLength = getULong(data.pData_+pad, bigEndian);
-+                            const long    iccLength = getULong(data.pData_+pad, bigEndian);
-+                            // subtracting pad from data.size_ is safe:
-+                            // size_ is at least 8 and pad = 3
-+                            if (iccLength > data.size_ - pad) {
-+                                throw Error(58);
-+			    }
-                             DataBuf icc(iccLength);
-                             ::memcpy(icc.pData_,data.pData_+pad,icc.size_);
- #ifdef DEBUG