debian/0000755000000000000000000000000013304032676007172 5ustar debian/rules0000755000000000000000000000045312225317146010253 0ustar #!/usr/bin/make -f %: dh $@ --with autoreconf override_dh_auto_configure: dh_auto_configure -- --disable-unittest override_dh_installdocs: dh_installdocs --all AUTHORS NEWS README TODO override_dh_install: dh_install --list-missing override_dh_strip: dh_strip --dbg-package=libexempi3-dbg debian/libexempi3.install0000644000000000000000000000003212163745061012617 0ustar usr/lib/*/libexempi.so.3* debian/control0000644000000000000000000000516613304032552010576 0ustar Source: exempi Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Michael Biebl Build-Depends: debhelper (>= 9), libexpat1-dev, zlib1g-dev, dh-autoreconf Standards-Version: 3.9.4 Vcs-Git: git://git.debian.org/collab-maint/exempi.git Vcs-Browser: http://git.debian.org/?p=collab-maint/exempi.git;a=summary Homepage: http://libopenraw.freedesktop.org/wiki/Exempi Package: exempi Section: graphics Architecture: any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends} Description: command line tool to manipulate XMP metadata Exempi is a library to parse XMP metadata as defined by the specification. . XMP (Extensible Metadata Platform) facilitates embedding metadata in files using a subset of RDF. Most notably XMP supports embedding metadata in PDF and many image formats, though it is designed to support nearly any file type. . This package provides a command line tool to manipulate XMP metadata. Package: libexempi3 Section: libs Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: library to parse XMP metadata (Library) Exempi is a library to parse XMP metadata as defined by the specification. . XMP (Extensible Metadata Platform) facilitates embedding metadata in files using a subset of RDF. Most notably XMP supports embedding metadata in PDF and many image formats, though it is designed to support nearly any file type. Package: libexempi-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libexempi3 (= ${binary:Version}), ${misc:Depends} Description: library to parse XMP metadata (Development files) Exempi is a library to parse XMP metadata as defined by the specification. . XMP (Extensible Metadata Platform) facilitates embedding metadata in files using a subset of RDF. Most notably XMP supports embedding metadata in PDF and many image formats, though it is designed to support nearly any file type. . This package provides development files for using exempi. Package: libexempi3-dbg Section: debug Architecture: any Multi-Arch: same Priority: extra Depends: libexempi3 (= ${binary:Version}), ${misc:Depends} Description: library to parse XMP metadata (Debug files) Exempi is a library to parse XMP metadata as defined by the specification. . XMP (Extensible Metadata Platform) facilitates embedding metadata in files using a subset of RDF. Most notably XMP supports embedding metadata in PDF and many image formats, though it is designed to support nearly any file type. . This package provides detached debugging symbols. debian/watch0000644000000000000000000000011212163745061010216 0ustar version=3 http://libopenraw.freedesktop.org/download/exempi-(.*)\.tar\.gz debian/gbp.conf0000644000000000000000000000003612163745061010611 0ustar [DEFAULT] pristine-tar = True debian/patches/0000755000000000000000000000000013304032536010614 5ustar debian/patches/series0000644000000000000000000000023413304032536012030 0ustar # quilt patch series for exempi CVE-2017-18233.patch CVE-2017-18234.patch CVE-2017-18236.patch CVE-2017-18238.patch CVE-2018-7728.patch CVE-2018-7730.patch debian/patches/CVE-2018-7730.patch0000644000000000000000000000241213304032536013237 0ustar Backport of: From 6cbd34025e5fd3ba47b29b602096e456507ce83b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= Date: Sun, 25 Feb 2018 13:28:28 -0500 Subject: Bug 105204 - Fix a buffer overflow in PSD parser --- XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp | 6 ++++++ 1 file changed, 6 insertions(+) Index: exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp 2018-05-31 13:40:31.284078842 -0400 +++ exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp 2018-05-31 13:41:28.232093177 -0400 @@ -291,6 +291,12 @@ void PSIR_FileWriter::ParseFileResources ioBuf.ptr += paddedLen; // Move to the data length. XMP_Uns32 dataLen = GetUns32BE(ioBuf.ptr); XMP_Uns32 dataTotal = ((dataLen + 1) & 0xFFFFFFFEUL); // Round up to an even total. + // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105204 + // If dataLen is 0xffffffff, then dataTotal might be 0 + // and therefor make the CheckFileSpace test pass. + if (dataTotal < dataLen) { + break; + } ioBuf.ptr += 4; // Advance to the resource data. XMP_Int64 thisDataPos = ioBuf.filePos + (ioBuf.ptr - ioBuf.data); debian/patches/CVE-2017-18238.patch0000644000000000000000000000224213304032520013315 0ustar Backport of: From 886cd1d2314755adb1f4cdb99c16ff00830f0331 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= Date: Thu, 1 Feb 2018 21:02:45 -0500 Subject: Bug 102483 - Fix an infinite loop in QuickTime parser. --- XMPFiles/source/FormatSupport/QuickTime_Support.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: exempi-2.2.2/source/XMPFiles/FormatSupport/QuickTime_Support.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/QuickTime_Support.cpp 2018-05-31 13:33:34.291922976 -0400 +++ exempi-2.2.2/source/XMPFiles/FormatSupport/QuickTime_Support.cpp 2018-05-31 13:33:34.287922974 -0400 @@ -737,7 +737,8 @@ bool TradQT_Manager::ParseCachedBoxes ( miniLen = 4 + GetUns16BE ( boxPtr ); // ! Include header in local miniLen. macLang = GetUns16BE ( boxPtr+2); - if ( (miniLen <= 4) || (miniLen > (boxEnd - boxPtr)) ) continue; // Ignore bad or empty values. + if ( (miniLen <= 4) || (miniLen > (boxEnd - boxPtr)) ) + break; // Ignore bad or empty values. XMP_StringPtr valuePtr = (char*)(boxPtr+4); size_t valueLen = miniLen - 4; debian/patches/CVE-2018-7728.patch0000644000000000000000000000260013304032526013244 0ustar Backport of: From e163667a06a9b656a047b0ec660b871f29a83c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= Date: Sun, 25 Feb 2018 14:01:52 -0500 Subject: Bug 105205 - fix a buffer overflow in the TIFF parser --- XMPFiles/source/FileHandlers/TIFF_Handler.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Index: exempi-2.2.2/source/XMPFiles/FileHandlers/TIFF_Handler.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FileHandlers/TIFF_Handler.cpp 2018-05-31 13:34:44.179957176 -0400 +++ exempi-2.2.2/source/XMPFiles/FileHandlers/TIFF_Handler.cpp 2018-05-31 13:35:34.179979257 -0400 @@ -228,7 +228,9 @@ void TIFF_MetaHandler::ProcessXMP() iptcDigestState = PhotoDataUtils::CheckIPTCDigest ( iptcInfo.dataPtr, iptcInfo.dataLen, digestInfo.dataPtr ); - if ( (iptcDigestState == kDigestDiffers) && (kTIFF_TypeSizes[iptcInfo.type] > 1) ) { + // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105205 + // if iptcInfo.dataLen is 0, then there is no digest. + if ( (iptcDigestState == kDigestDiffers) && (kTIFF_TypeSizes[iptcInfo.type] > 1) && iptcInfo.dataLen > 0 ) { XMP_Uns8 * endPtr = (XMP_Uns8*)iptcInfo.dataPtr + iptcInfo.dataLen - 1; XMP_Uns8 * minPtr = endPtr - kTIFF_TypeSizes[iptcInfo.type] + 1; while ( (endPtr >= minPtr) && (*endPtr == 0) ) --endPtr; debian/patches/CVE-2017-18233.patch0000644000000000000000000000200413304032500013302 0ustar Backport of: From 65a8492832b7335ffabd01f5f64d89dec757c260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= Date: Mon, 14 Aug 2017 23:57:51 -0400 Subject: Bug 102151 - RIFF: fix an infinite loop cause by an overflow --- XMPFiles/source/FormatSupport/RIFF.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: exempi-2.2.2/source/XMPFiles/FormatSupport/RIFF.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/RIFF.cpp 2018-05-31 13:23:44.339377251 -0400 +++ exempi-2.2.2/source/XMPFiles/FormatSupport/RIFF.cpp 2018-05-31 13:24:21.375431581 -0400 @@ -155,7 +155,8 @@ Chunk::Chunk( ContainerChunk* parent, RI this->oldPos = LFA_Tell( file ); this->id = LFA_ReadUns32_LE( file ); - this->oldSize = LFA_ReadUns32_LE( file ) + 8; + this->oldSize = LFA_ReadUns32_LE( file ); + this->oldSize += 8; // Make sure the size is within expected bounds. XMP_Int64 chunkEnd = this->oldPos + this->oldSize; debian/patches/CVE-2017-18236.patch0000644000000000000000000000161313304032514013317 0ustar Backport of: From fe59605d3520bf2ca4e0a963d194f10e9fee5806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= Date: Fri, 2 Feb 2018 09:55:53 -0500 Subject: Bug 102484 - Fix an infinite loop in ASF parser. --- XMPFiles/source/FormatSupport/ASF_Support.cpp | 2 ++ 1 file changed, 2 insertions(+) Index: exempi-2.2.2/source/XMPFiles/FormatSupport/ASF_Support.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/ASF_Support.cpp 2018-05-31 13:30:20.323802917 -0400 +++ exempi-2.2.2/source/XMPFiles/FormatSupport/ASF_Support.cpp 2018-05-31 13:30:20.323802917 -0400 @@ -266,6 +266,8 @@ bool ASF_Support::ReadHeaderObject ( LFA this->ReadHeaderExtensionObject ( fileRef, inOutObjectState, pos, objectBase ); + } else if (objectBase.size == 0) { + break; } pos += objectBase.size; debian/patches/CVE-2017-18234.patch0000644000000000000000000002640513304032510013317 0ustar From: Markus Koschany Date: Fri, 16 Mar 2018 16:16:48 +0100 Subject: CVE-2017-18234 Bug-Upstream: https://bugs.freedesktop.org/show_bug.cgi?id=100397 Origin: https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c --- public/include/XMP_Const.h | 24 +++++++++++-- public/include/client-glue/WXMP_Common.hpp | 39 +++++++++++++++++++--- .../XMPFiles/FormatSupport/TIFF_MemoryReader.cpp | 10 ++++-- source/XMPFiles/FormatSupport/TIFF_Support.hpp | 24 ++++++++++++- source/common/XMP_LibUtils.hpp | 24 ++++++------- 5 files changed, 98 insertions(+), 23 deletions(-) Index: exempi-2.2.1/public/include/XMP_Const.h =================================================================== --- exempi-2.2.1.orig/public/include/XMP_Const.h 2018-05-31 13:47:50.072164692 -0400 +++ exempi-2.2.1/public/include/XMP_Const.h 2018-05-31 13:47:50.068164692 -0400 @@ -12,6 +12,8 @@ #include "XMP_Environment.h" #include + #include + #include #if XMP_MacBuild // ! No stdint.h on Windows and some UNIXes. #include @@ -1148,7 +1150,25 @@ public: /// /// @param _errMsg The descriptive string, for debugging use only. It must not be shown to users /// in a final product. It is written for developers, not users, and never localized. - XMP_Error ( XMP_Int32 _id, XMP_StringPtr _errMsg ) : id(_id), errMsg(_errMsg) {}; + XMP_Error ( XMP_Int32 _id, XMP_StringPtr _errMsg ) : id(_id), errMsg(NULL) { + if (_errMsg) { + errMsg = strdup(_errMsg); + } + }; + /// @brief Copy constructor for an XMP_Error. + /// + /// Because we rethrow it. + XMP_Error (const XMP_Error& e) + : id(e.id), errMsg(NULL) { + if (e.errMsg) { + errMsg = strdup(e.errMsg); + } + }; + ~XMP_Error() { + if (errMsg) { + free(errMsg); + } + }; /// Retrieves the numeric code from an XMP_Error. inline XMP_Int32 GetID() const { return id; }; @@ -1161,7 +1181,7 @@ private: XMP_Int32 id; /// Descriptive string, for debugging use only. It must not be shown to users in a final /// product. It is written for developers, not users, and never localized. - XMP_StringPtr errMsg; + char* errMsg; }; /// Exception code constants Index: exempi-2.2.1/public/include/client-glue/WXMP_Common.hpp =================================================================== --- exempi-2.2.1.orig/public/include/client-glue/WXMP_Common.hpp 2018-05-31 13:47:50.072164692 -0400 +++ exempi-2.2.1/public/include/client-glue/WXMP_Common.hpp 2018-05-31 13:47:50.068164692 -0400 @@ -9,6 +9,9 @@ // of the Adobe license agreement accompanying it. // ================================================================================================= +#include +#include + #ifndef XMP_Inline #if TXMP_EXPAND_INLINE #define XMP_Inline inline @@ -23,12 +26,38 @@ typedef void (* SetClientStringProc) ( void * clientPtr, XMP_StringPtr valuePtr, XMP_StringLen valueLen ); struct WXMP_Result { - XMP_StringPtr errMessage; +private: + char* errMessage; +public: void * ptrResult; double floatResult; XMP_Uns64 int64Result; XMP_Uns32 int32Result; - WXMP_Result() : errMessage(0) {}; + WXMP_Result() : errMessage(NULL) {}; + ~WXMP_Result() + { + if (errMessage) { + free(errMessage); + } + } + void SetErrMessage(const char* msg) + { + if (errMessage) { + free(errMessage); + errMessage = NULL; + } + if (msg) { + errMessage = strdup(msg); + } + } + const char* GetErrMessage() const + { + return errMessage; + } +private: + // We should avoid automatic copy. + WXMP_Result(const WXMP_Result&); + WXMP_Result& operator=(const WXMP_Result&); }; #if __cplusplus @@ -36,7 +65,7 @@ extern "C" { #endif #define PropagateException(res) \ - if ( res.errMessage != 0 ) throw XMP_Error ( res.int32Result, res.errMessage ); + if ( res.GetErrMessage() != 0 ) throw XMP_Error ( res.int32Result, res.GetErrMessage() ); #ifndef XMP_TraceClientCalls #define XMP_TraceClientCalls 0 @@ -54,10 +83,10 @@ extern "C" { WXMP_Result wResult; \ fprintf ( xmpClientLog, "WXMP calling: %s\n", #WCallProto ); fflush ( xmpClientLog ); \ WCallProto; \ - if ( wResult.errMessage == 0 ) { \ + if ( wResult.GetErrMessage() == 0 ) { \ fprintf ( xmpClientLog, "WXMP back, no error\n" ); fflush ( xmpClientLog ); \ } else { \ - fprintf ( xmpClientLog, "WXMP back, error: %s\n", wResult.errMessage ); fflush ( xmpClientLog ); \ + fprintf ( xmpClientLog, "WXMP back, error: %s\n", wResult.GetErrMessage() ); fflush ( xmpClientLog ); \ } \ PropagateException ( wResult ) #endif Index: exempi-2.2.1/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp =================================================================== --- exempi-2.2.1.orig/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp 2018-05-31 13:47:50.072164692 -0400 +++ exempi-2.2.1/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp 2018-05-31 13:47:50.072164692 -0400 @@ -65,7 +65,7 @@ void TIFF_MemoryReader::SortIFD ( Tweake } else if ( thisTag == prevTag ) { // Duplicate tag, keep the 2nd copy, move the tail of the array up, prevTag is unchanged. - memcpy ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // AUDIT: Safe, moving tail forward, i >= 1. + memmove ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // may overlap -- Hub --tagCount; --i; // ! Don't move forward in the array, we've moved the unseen part up. @@ -81,7 +81,7 @@ void TIFF_MemoryReader::SortIFD ( Tweake // Out of order duplicate, move it to position j, move the tail of the array up. ifdEntries[j] = ifdEntries[i]; - memcpy ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // AUDIT: Safe, moving tail forward, i >= 1. + memmove ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // may overlap -- Hub --tagCount; --i; // ! Don't move forward in the array, we've moved the unseen part up. @@ -212,7 +212,11 @@ bool TIFF_MemoryReader::GetTag ( XMP_Uns info->dataLen = thisTag->bytes; info->dataPtr = this->GetDataPtr ( thisTag ); - + // Here we know that if it is NULL, it is wrong. -- Hub + // GetDataPtr will return NULL in case of overflow. + if (info->dataPtr == NULL) { + return false; + } } return true; Index: exempi-2.2.1/source/XMPFiles/FormatSupport/TIFF_Support.hpp =================================================================== --- exempi-2.2.1.orig/source/XMPFiles/FormatSupport/TIFF_Support.hpp 2018-05-31 13:47:50.072164692 -0400 +++ exempi-2.2.1/source/XMPFiles/FormatSupport/TIFF_Support.hpp 2018-05-31 13:47:50.072164692 -0400 @@ -20,6 +20,12 @@ #include "XMPFiles_Impl.hpp" #include "EndianUtils.hpp" +#if SUNOS_SPARC || SUNOS || XMP_IOS_ARM + #define DefineAndGetValue(type,addr) type value = 0; memcpy ( &value, addr, sizeof(type) ) +#else + #define DefineAndGetValue(type,addr) type value = *((type*)addr) +#endif + // ================================================================================================= /// \file TIFF_Support.hpp /// \brief XMPFiles support for TIFF streams. @@ -721,9 +727,25 @@ private: XMP_Uns32 ProcessOneIFD ( XMP_Uns32 ifdOffset, XMP_Uns8 ifd ); const TweakedIFDEntry* FindTagInIFD ( XMP_Uns8 ifd, XMP_Uns16 id ) const; + static inline XMP_Uns32 GetUns32AsIs ( const void * addr ) + { + DefineAndGetValue ( XMP_Uns32, addr ); + return value;// Use this to avoid SPARC failure to handle unaligned loads and stores. + }; const inline void* GetDataPtr ( const TweakedIFDEntry* tifdEntry ) const - { if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; else return (this->tiffStream + tifdEntry->dataOrPos); }; + { if ( GetUns32AsIs (&tifdEntry->bytes) <= 4 ) { + return &tifdEntry->dataOrPos; + } else { + XMP_Uns32 pos = GetUns32AsIs(&tifdEntry->dataOrPos); + if (pos + GetUns32AsIs (&tifdEntry->bytes) > this->tiffLength) { + // Invalid file. + // The data is past the length of the TIFF. + return NULL; + } + return (this->tiffStream + pos); + } + } static inline void NotAppropriate() { XMP_Throw ( "Not appropriate for TIFF_Reader", kXMPErr_InternalFailure ); }; Index: exempi-2.2.1/source/common/XMP_LibUtils.hpp =================================================================== --- exempi-2.2.1.orig/source/common/XMP_LibUtils.hpp 2018-05-31 13:47:50.072164692 -0400 +++ exempi-2.2.1/source/common/XMP_LibUtils.hpp 2018-05-31 13:47:50.072164692 -0400 @@ -389,13 +389,13 @@ private: #define XMP_ENTER_NoLock(Proc) \ AnnounceStaticEntry ( Proc ); \ try { \ - wResult->errMessage = 0; + wResult->SetErrMessage(0); #define XMP_ENTER_Static(Proc) \ AnnounceStaticEntry ( Proc ); \ AcquireLibraryLock ( sLibraryLock ); \ try { \ - wResult->errMessage = 0; + wResult->SetErrMessage(0); #define XMP_ENTER_ObjRead(XMPClass,Proc) \ AnnounceObjectEntry ( Proc, "reader" ); \ @@ -403,7 +403,7 @@ private: const XMPClass & thiz = *((XMPClass*)xmpObjRef); \ XMP_AutoLock objLock ( &thiz.lock, kXMP_ReadLock ); \ try { \ - wResult->errMessage = 0; + wResult->SetErrMessage(0); #define XMP_ENTER_ObjWrite(XMPClass,Proc) \ AnnounceObjectEntry ( Proc, "writer" ); \ @@ -411,7 +411,7 @@ private: XMPClass * thiz = (XMPClass*)xmpObjRef; \ XMP_AutoLock objLock ( &thiz->lock, kXMP_WriteLock ); \ try { \ - wResult->errMessage = 0; + wResult->SetErrMessage(0); #define XMP_EXIT \ XMP_CATCH_EXCEPTIONS \ @@ -428,18 +428,18 @@ private: } catch ( XMP_Error & xmpErr ) { \ wResult->int32Result = xmpErr.GetID(); \ wResult->ptrResult = (void*)"XMP"; \ - wResult->errMessage = xmpErr.GetErrMsg(); \ - if ( wResult->errMessage == 0 ) wResult->errMessage = ""; \ - AnnounceCatch ( wResult->errMessage ); \ + wResult->SetErrMessage(xmpErr.GetErrMsg()); \ + if ( wResult->GetErrMessage() == 0 ) wResult->SetErrMessage(""); \ + AnnounceCatch ( wResult->GetErrMessage() ); \ } catch ( std::exception & stdErr ) { \ wResult->int32Result = kXMPErr_StdException; \ - wResult->errMessage = stdErr.what(); \ - if ( wResult->errMessage == 0 ) wResult->errMessage = ""; \ - AnnounceCatch ( wResult->errMessage ); \ + wResult->SetErrMessage(stdErr.what()); \ + if ( wResult->GetErrMessage() == 0 ) wResult->SetErrMessage(""); \ + AnnounceCatch ( wResult->GetErrMessage() ); \ } catch ( ... ) { \ wResult->int32Result = kXMPErr_UnknownException; \ - wResult->errMessage = "Caught unknown exception"; \ - AnnounceCatch ( wResult->errMessage ); \ + wResult->SetErrMessage("Caught unknown exception"); \ + AnnounceCatch ( wResult->GetErrMessage() ); \ } #if XMP_DebugBuild debian/libexempi-dev.install0000644000000000000000000000011512163745061013312 0ustar usr/include usr/lib/*/pkgconfig usr/lib/*/libexempi.a usr/lib/*/libexempi.so debian/exempi.install0000644000000000000000000000003012163745061012043 0ustar usr/bin/ usr/share/man/ debian/compat0000644000000000000000000000000212163745061010371 0ustar 9 debian/copyright0000644000000000000000000000612612163745061011133 0ustar This package was first debianized by Hubert Figuiere on Mon Mar 12 22:22:41 EDT 2007 It was downloaded from http://libopenraw.freedesktop.org/wiki/Exempi. Copyright: Copyright (c) 2007 Hubert Figuiere Copyright (c) 1999 - 2007, Adobe Systems Incorporated Copyright (c) 1991-2, RSA Data Security, Inc. License: Portions created by RSA Data Security, Inc. (namely third-party/MD5/MD5.cpp and third-party/MD5/MD5.h): Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. Portions created by Adobe Systems Incorporated and Hubert Figuiere available under this BSD-like license: Copyright (c) 1999 - 2007, Adobe Systems Incorporated All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Adobe Systems Incorporated, nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/source/0000755000000000000000000000000012163745061010473 5ustar debian/source/format0000644000000000000000000000001412163745061011701 0ustar 3.0 (quilt) debian/libexempi3.shlibs0000644000000000000000000000004212163745061012436 0ustar libexempi 3 libexempi3 (>= 2.2.0) debian/changelog0000644000000000000000000001702013304032542011034 0ustar exempi (2.2.1-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in RIFF.cpp - debian/patches/CVE-2017-18233.patch: fix overflow in source/XMPFiles/FormatSupport/RIFF.cpp. - CVE-2017-18233 * SECURITY UPDATE: DoS via pdf file with JPEG data - debian/patches/CVE-2017-18234.patch: fix error handling and replace memcpy in public/include/XMP_Const.h, public/include/client-glue/WXMP_Common.hpp, source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp, source/XMPFiles/FormatSupport/TIFF_Support.hpp, source/common/XMP_LibUtils.hpp. - Thanks to Debian for the backport! - CVE-2017-18234 * SECURITY UPDATE: infinite loop via a crafted asf file - debian/patches/CVE-2017-18236.patch: check size in source/XMPFiles/FormatSupport/ASF_Support.cpp. - CVE-2017-18236 * SECURITY UPDATE: infinite loop via XMP data in qt file - debian/patches/CVE-2017-18238.patch: exit loop in source/XMPFiles/FormatSupport/QuickTime_Support.cpp. - CVE-2017-18238 * SECURITY UPDATE: heap-based buffer over-read in the MD5Update() - debian/patches/CVE-2018-7728.patch: check dataLen in source/XMPFiles/FileHandlers/TIFF_Handler.cpp. - CVE-2018-7728 * SECURITY UPDATE: buffer over-read in CacheFileData() - debian/patches/CVE-2018-7730.patch: check dataLen in source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp. - CVE-2018-7730 -- Marc Deslauriers Thu, 31 May 2018 13:48:18 -0400 exempi (2.2.1-1ubuntu1) saucy; urgency=low * Build using autoreconf. -- Matthias Klose Wed, 09 Oct 2013 20:20:24 +0200 exempi (2.2.1-1) unstable; urgency=low * Remove Asheesh from Maintainer and move myself from Uploaders to Maintainer. Thanks Asheesh! * New upstream release. * Use --list-missing to show uninstalled files. * Bump Standards-Version to 3.9.4. No further changes. * Add a new binary package exempi, which contains the exempi command line utility. -- Michael Biebl Sun, 30 Jun 2013 08:02:39 +0200 exempi (2.2.0-1) unstable; urgency=low * New upstream release. * Switch to source format 3.0 (quilt) - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk include. - Remove debian/README.source. * Move from cdbs to dh - Drop Build-Depends on cdbs. - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets. - Convert debian/rules to use dh. * Bump Standards-Version to 3.9.2. No further changes. * Don't use brace expansion in .install files. * Bump shlibs due to API additions. * Bump debhelper compatibility level to 9, which enables hardening build flags and multiarch support. * Mark libexempi3, libexempi3-dev and libexempi-dev as Multi-Arch: same. -- Michael Biebl Wed, 22 Feb 2012 14:57:56 +0100 exempi (2.1.1-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.2. No further changes. - Change section of libexempi3-dbg to debug. * debian/rules - Remove DEB_DH_INSTALL_SOURCEDIR, no longer required with debhelper v7 compat mode. * debian/patches/01-gcc_4.4_missing_includes.patch - Removed, merged upstream. -- Michael Biebl Wed, 01 Jul 2009 15:28:19 +0200 exempi (2.1.0-3) unstable; urgency=low * Merge changes from experimental branch. * debian/compat - Bump to debhelper v7 compat mode. * debian/control - Bump Build-Depends on debhelper to (>= 7). -- Michael Biebl Mon, 16 Feb 2009 00:44:01 +0100 exempi (2.1.0-2) experimental; urgency=low * debian/control - Update Vcs-* headers. Package is now managed with Git on git.debian.org. -- Michael Biebl Wed, 28 Jan 2009 21:27:36 +0100 exempi (2.1.0-1) experimental; urgency=low * New upstream release. * debian/control - Add Build-Depends on zlib1g-dev. - Add ${misc:Depends} to all binary packages. * debian/patches/01-gcc_4.4_missing_includes.patch - Refreshed and updated to the latest code changes. * debian/libexempi3.shlibs - Add shlibs file and set it to (>= 2.1.0) due to API additions. -- Michael Biebl Sun, 28 Dec 2008 21:56:13 +0100 exempi (2.0.2-2) unstable; urgency=low * Switch patch management system to quilt. * debian/control - Add Build-Depends on quilt. * debian/rules - Include patchsys-quilt.mk cdbs rules file. * debian/README.source - Document the usage of quilt as patch management system and refer to the quilt documentation for further information. * debian/patches/01-gcc_4.4_missing_includes.patch - Add missing includes to fix FTBFS with GCC 4.4. (Closes: 504944) Thanks to Martin Michlmayr for the patch. -- Michael Biebl Sat, 08 Nov 2008 15:30:52 +0100 exempi (2.0.2-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Michael Biebl Sun, 24 Aug 2008 01:27:18 +0200 exempi (2.0.1-1) unstable; urgency=low * New upstream release. * debian/libexempi-dev.install - No longer install the libtool *.la file. -- Michael Biebl Tue, 29 Apr 2008 03:50:56 +0200 exempi (2.0.0-1) unstable; urgency=low * New upstream release. -- Michael Biebl Wed, 02 Apr 2008 06:21:58 +0200 exempi (1.99.9-1) unstable; urgency=low * New upstream release. * debian/control - Remove leading article from short package description. -- Michael Biebl Sat, 02 Feb 2008 04:54:26 +0100 exempi (1.99.8-1) unstable; urgency=low * New upstream release. * debian/patches/01-configure_unittest.patch - Removed, merged upstream. * debian/patches/02-buffer_overflow_gif_header.patch - Removed, merged upstream. -- Michael Biebl Sat, 26 Jan 2008 21:45:01 +0100 exempi (1.99.7-1) unstable; urgency=medium * New upstream release. - Adds missing #includes which fixes FTBFS with GCC 4.3. (Closes: #456087) * debian/control - Bump Standards-Version to 3.7.3. No further changes required. - Drop Build-Depends on libboost-dev. - Make the -dbg package be Priority: extra. * debian/rules - Disable compilation of the unit tests. * debian/patches/01-configure_unittest.patch - Make compilation of the unit tests (which require boost) optional. Patch is pulled from upstream git. * debian/patches/02-buffer_overflow_gif_header.patch - Fix a buffer overflow in the ReadHeader() function when reading GIF images. This poses a security risk as it allows arbitrary code execution. Upload with urgency medium. (Closes: #454297) Thanks to Sjoerd Simons for the help tracking this bug down. -- Michael Biebl Thu, 24 Jan 2008 01:39:45 +0100 exempi (1.99.5-1) unstable; urgency=low * New upstream release. * debian/control - Use the new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. * SONAME bump as ABI has changed. Rename package libexempi2 to libexempi3. -- Michael Biebl Wed, 07 Nov 2007 15:29:59 +0100 exempi (1.99.4-1) unstable; urgency=low * New upstream release. -- Michael Biebl Sun, 26 Aug 2007 00:18:41 +0200 exempi (1.99.3-1) unstable; urgency=low * Initial release. (Closes: #438166) -- Asheesh Laroia Wed, 15 Aug 2007 05:20:40 +0200